The Morningstar Sustainalytics ESG Risk Ratings are built on a single, ruthless central idea: measuring exactly how much material ESG risk a company has stubbornly refused to manage.
This lesson dismantles the Sustainalytics architecture, introducing the three massive building blocks that determine how a client's enterprise value is threatened.
The Concept of "Unmanaged Risk"
Sustainalytics does not care if a company is "good" or "bad." It solely calculates the magnitude of a company's unmanaged ESG risk.
Unmanaged risk is precisely defined as the portion of material ESG risk that is not yet managed by the company. For every single material issue, Sustainalytics calculates how exposed the company is, and subtracts whatever management armor the company has deployed. The bloody remainder, the risk that successfully breaches the armor, is the unmanaged risk.
The Zero-Sum Game: Unmanaged risk is not total risk. Two massive oil companies possess identical, catastrophic exposure to carbon regulations. Oil Company A has a brilliant management strategy; Oil Company B does nothing. Company B will receive a terrifyingly high unmanaged risk score, while Company A will survive with a lower score. You are solely graded on what you fail to manage.
These individual unmanaged risk scores are tallied to produce a single quantitative number. The scale starts at zero (perfect management). Higher scores indicate imminent financial danger.
Companies are violently sorted into five absolute risk categories based on this number: Negligible, Low, Medium, High, and Severe.
Because this rating is absolute, it acts as a universal currency for risk. A hedge fund can look at a "Severe" risk bank and a "Severe" risk mining conglomerate and mathematically conclude they are equally toxic to the portfolio.
Think of unmanaged risk like a sinking ship taking on water. The "exposure" is the size of the hole in the hull. The "management" is how fast the crew is operating the water pumps. The "unmanaged risk" is the actual water level rising in the ship. Investors do not care how big the hole is or how hard the crew is pumping; they only care if the ship is actually sinking.
The Three Massive Building Blocks
The Sustainalytics model evaluates a company by forcing it through three distinct analytical blocks:
- Material ESG Issues (MEIs): The operational hazards dictated by the industry.
- Corporate & Stakeholder Governance: The universal baseline required to run a competent company.
- Systemic & Idiosyncratic Issues: The unpredictable chaos metrics.
Building Block 1: Material ESG Issues (MEIs)
MEIs form the absolute core of the rating. There are 22 total MEIs (e.g., Human Capital, Data Privacy, Carbon Emissions).
Crucially, MEIs are locked onto a company based entirely on its Subindustry. Sustainalytics calculates that specific subindustries have highly predictable risk trajectories. Air freight logistics will automatically trigger Carbon MEIs; massive consumer apps will automatically trigger Data Privacy MEIs.
If an MEI is triggered by the subindustry calculation, the company is forcefully evaluated against it. However, if a company has a bizarre business model that makes a subindustry MEI totally irrelevant, a consultant can fight to have it manually removed from the rating.
| 22 Material ESG Issues (MEIs) | |
|---|---|
| Corporate Governance | Stakeholder Governance |
| Access to Basic Services | Business Ethics |
| Community Relations | Data Privacy and Cybersecurity |
| Emissions, Effluents and Waste | Carbon: Own Operations |
| Carbon: Products and Services | ESG Impact of Products and Services |
| Human Rights | Human Rights: Supply Chain |
| Human Capital | Land Use and Biodiversity |
| Land Use and Biodiversity: Supply Chain | Occupational Health and Safety |
| ESG Integration: Financials | Product Governance |
| Resilience | Raw Material Use |
| Water Use: Own Operations | Water Use: Supply Chain |
Building Block 2: The Two Baseline Governance Issues
While the other 20 MEIs are applied selectively based on subindustry, Corporate Governance and Stakeholder Governance are treated as universal baselines.
Sustainalytics views poor governance as an absolute, non-negotiable threat to enterprise value.
- Corporate Governance: Analyzes whether the board and executives are actually aligning with investors or actively destroying shareholder value.
- Stakeholder Governance: Analyzes whether the company is actively infuriating its employees, local communities, and regulators to the point of imminent financial retaliation.
The Public vs. Private Rule: These two governance baseline MEIs apply to every single company on earth. They cannot be disabled. Furthermore, publicly traded companies are automatically assigned a massively higher governance exposure score than private companies precisely because they are legally subjected to brutal regulatory scrutiny.
Building Block 3: The Chaos Multipliers
The final building block handles scenarios that completely break standard industry modeling. It is divided into two forces:
- Systemic ESG Issues: Massive, unpredictable global shocks that destroy entire sectors simultaneously (e.g., a global pandemic, the sudden outbreak of a major international war). These are out of the company's control, but the company’s resilience to them is heavily graded.
- Idiosyncratic Issues: Bizarre, self-inflicted disasters that normally would never happen in that industry. For example, a software company is not normally rated on human rights abuses. However, if that software company is suddenly caught using forced labor to mine conflict minerals for servers, an Idiosyncratic Issue is instantly triggered, violently punishing the company for a risk that its peers do not face.
When a company triggers a massive Idiosyncratic Issue (a category 4 or 5 controversy), Sustainalytics drops a mathematical bomb on the rating. The company's raw exposure score is instantly increased by 6 or 8 points. This artificially spikes the "incoming bullets," making it nearly impossible for normal management practices to defend the final score.
Key Takeaways
- 1Sustainalytics measures unmanaged ESG risk - the portion of material risk a company has failed to manage - not whether a company is 'good' or 'bad'
- 2The model uses three building blocks: Material ESG Issues (22 MEIs based on subindustry), Corporate and Stakeholder Governance (universal baselines), and Systemic/Idiosyncratic Issues (chaos metrics)
- 3Because scores are absolute, a 'Severe' risk bank and a 'Severe' risk miner carry mathematically identical portfolio toxicity - enabling true cross-industry comparison
- 4Corporate and Stakeholder Governance are universal and cannot be disabled; public companies receive higher governance exposure than private ones
- 5Idiosyncratic Issues (self-inflicted disasters outside normal industry risk) trigger massive exposure spikes of 6-8 points, making standard management defenses nearly useless