Whilst institutions are, and should remain, responsible for setting their strategies, the impacts of ESG risks should be appropriately taken into account in order to ensure the resilience of business models over the short-, medium- and long-term time horizons.
Report on management and supervision of ESG risks for credit institutions and investment firms
Regulatory Extracts from this
This Report on ESG risks management and supervision provides a comprehensive proposal on how ESG factors and ESG risks should be included in the regulatory and supervisory framework for credit institutions and investment firms. It provides institutions with common definitions of ESG risks and their transmission channels and identifies evaluation methods that are needed for effective risk management.
Also at the European level, a main legal reference for framing ESG factors is the ‘Regulation on sustainability‐related disclosures in the financial services sector’ (SFDR) (2019/2088). The SDFR aims at enhancing transparency and informing investors about sustainability related aspects, particularly the ‘principal adverse impacts’ that investment decisions have on sustainability factors and the sustainability characteristics or objectives of financial products. The SDFR defines sustainability factors as ‘environmental, social and employee matters, respect for human rights, anti‐corruption and anti‐bribery matters’. The EBA, EIOPA and ESMA (collectively, the ‘ESAs’) have developed, through their Joint Committee, draft regulatory technical standards to further specify the content, methodologies and presentation of disclosures related to these sustainability factors
As set out in the EBA Guidelines on internal governance, with regard to internal governance and risk management arrangements, institutions should consider a principle of proportionality that is based on, inter alia, their size, nature and complexity. This general principle of proportionality applies with regard to the ESG risk management framework. At the same time, the application of the principle of proportionality in the context of ESG risks also means that any specificities of ESG risk should be duly taken into account, with a view to ensuring that risk management arrangements are proportionate to institutions’ risk profiles. In particular, it should be noted that smaller institutions are not immune to ESG risks and could in some cases be even more exposed to them. Institutions should not prematurely consider thatESG risks are immaterial owing to their longer-term nature but should consider their implications over the short, medium and longer-term time horizons.
Whilst the EBA gives particular prominence to climate and environmental risks in the development of the ESG riskrelated banking regulatory framework, it is nonetheless essential that institutions also take measures to advance their identification and management processes for social and governance risks, in light of their potential significant impact (see Chapter 2). These measures should aim at ensuring a robust and forward-looking management of social and governance risks, building where appropriate on existing arrangements already implemented by institutions e.g. through the integration of governance factors of counterparties in credit risk and operational risk assessments or the integration of social factors in client-related processes.
Institutions are, and should remain, responsible for designing their business strategies, including their approach to supporting sustainability policy objectives. However, the extent to which an institution’s overall exposures diverge from those objectives could serve as an indicator of the scale of its transition risk. On the other hand, by steering business in a direction that is consistent with the expected environmental and social transformation, institutions are more likely to avoid the negative financial impacts from ESG risks.
This implies developing an understanding of and monitoring how ESG factors can affect macroeconomic conditions, as well as relevant sectoral business environments, for instance through decreases in output, changes in customer preferences or shifts in technology, and how this could in turn have negative financial implications for the institutions.
Taking into account that the outcome of such an analysis depends greatly on the chosen scenario, the underlying assumptions and models used, institutions are advised to apply a range of different plausible scenarios for informing their business strategies. By way of example, institutions could base themselves on the three representative scenarios developed by the Network for Greening the Financial System (NGFS) which are the ‘orderly’, ‘disorderly’ and ‘hot house world’ scenarios, but would necessarilyhave to break them down from the global and macroeconomic to the microeconomic level. In the EU context, institutions could consider a scenario representative of EU environmental objectives and assess the implications for their business strategies of the actions planned under the European Green Deal and of the realisation of CO2 emissions reductions targets set for 2030 and 2050. Institutions could draw strategic conclusions from the outcome of such analyses depending on the estimated impacts and the likelihood they associate with each scenario. However, from a prudential perspective, institutions should also prepare for less likely, adverse scenarios.
When applying scenario analysis, the specific characteristics and risks of the institution’s business model need to be taken into account. Different risks may arise depending, among others, on the geographical location, counterparties’ strategies and the economic sectors of the exposures.
From a strategic point of view, institutions with a substantial proportion of their business in non-sustainable activities may face, in addition to potential financial impacts from exposures to sectors under pressure from stricter environmental or social regulation, reputational issues that affect their customers or investor base. The same could apply for institutions that lack commitment to sustainability objectives.
Institutions would benefit from implementing at least a minimum set of longer-term key performance indicators (KPIs) that would allow them to monitor the development of their portfolios, with a view to evaluating and ensuring their longterm resilience as well as supporting the setting of strategic objectives. these longer-term KPIs on the basis of their internal ESG risk assessment methodologies, e.g. considering insights gathered from portfolio alignment or risk framework methods. In addition, they should duly consider the developing regulatory framework for ESG disclosures. This includes the EBA’s proposal for obliged institutions to disclose their GAR as part of disclosure requirements under the Taxonomy Regulation and as part of their Pillar 3 disclosures 155, other indicators proposed by the EBA for Pillar 3 disclosures such as the carbon footprint and scope 3 emissions of institutions’ portfolios (e.g. corporate loan portfolios)
Institutions should take into account the role of the Taxonomy as a cornerstone of EU initiatives on sustainable finance and reflect on how to develop their approach considering their strategic objectives and regulatory (disclosure) requirements. Institutions in the scope of the NFRD should take into account the fact that they will have to disclose how and to what extent their activities are aligned with the taxonomy, which will inform stakeholders about their positioning and strategies
The implementation of the business strategy and related strategic objective and/or limit can be accompanied by a number of actions, including adjustments in the remuneration policy – this would ensure that ESG risk-related objectives and limits receive proper management attention and the development of adequate internal resources and expertise related to identifying, assessing and managing ESG risks
The engagement policy should consider at least two perspectives that complement each other: first, the internal perspective, i.e. the capacities and expertise an institution needs to build up in order to understand the business models of its counterparties and the impact of ESG factors on these. Second, the external perspective, i.e. how an institution can interact with borrowers, investee companies and possibly other stakeholders (e.g. academia) to mitigate ESG risks for the institution that originate from these stakeholders. With regard to the internal perspective, institutions should make efforts that are proportionate to the size, nature and complexity of their activities.
Another tool used by institutions to offer products and services that meet customers’ expectations, on one side, and to adapt their portfolio in a timely manner to reduce ESG risks, on the other, is the strategic assessment of whether to develop sustainable productsthat are considered to be more resilient to ESGrisks. These include products typically marked as ‘green’ or ‘social’. Institutions can use such products as a tool to implement their ESG risk-related objectives and adjust their business models and portfolio composition.
The EBA sees the need to enhance the incorporation of ESG risks into institutions’ business strategies and processes. Whilst institutions are, and should remain, responsible for setting their strategies, the impacts of ESG risks should be appropriately taken into account in order to ensure the resilience of their business models over the short-, mediumand long-term time horizons. To achieve this, the EBArecommends that institutions carry out the actions described
The role of the management body applies also in the context of ESG considerations, where the management body plays a key role in addressing existing gapsin the institutions’ business, e.g. profile and strategy. Gaps can also arise from the uncertainties surrounding the impact of ESG risks on the institutions’ business activities and the implications of the transition to a more sustainable economy. the management body in its management function is responsible for ensuring that there is an appropriate monitoring of such risks and developments that currently affect, or that may in the future affect, the institutions and the achievement of their objectives in this context
The management body’s involvement in setting and overseeing the progress against the institution’s ESG risk-related objectives and/or limits , coupled with an understanding of the distinct elements of ESG risks and a sufficiently long-term view of the financial risks that can arise beyond standard business planning horizons, is necessary for the integration of these risks into the institutions’ business models and strategies. The management body needs to understand the potential impact of ESG factor. the management body should set and oversee the implementation of near- and long-term goals and strategies
The management body should ensure that responsibilities with regard to ESG risks are clearly integratedinto the organisational structure, both in business lines and internal control functions.
To this end, the integration of ESG factors and ESG risks in the induction and training policies and programmes of institutions can help ensure that adequate expertise is being built up, including – but not limited to – at the level of the management body. In general, it would also be beneficial for the institution’s approach to managing ESG risks that all members of the management body, on an individual basis, possess a minimum level of knowledge and understanding of ESG factors and risks.
By the same token, a clear allocation and distribution of duties and tasks related to ESG risks between specialised committees of the management body in its supervisory function, where applicable, is also key. Existing or newly established committees should facilitate the development and implementation of a sound internal governance framework with regard to ESG risks and assist the management body in its supervisory function with regard to the extent to which institutions’ activities are exposed to ESG risks. Specialised committees, where established, should have members who have sufficient knowledge and experience with regard to ESG risks.
Management bodies should ensure that the organisational structure of institutions considersthe potential interaction between ESG risks and financialrisks, and that the former can drive the latter, including in the long run. In general, neither ESG risks nor existing financial risks should be managed or monitored on an isolated basis, but jointly
Management bodies should also ensure that a sound and consistent risk culture accounting for ESG risks is implemented within the institution. This includes clear communication from the management body (‘tone from the top’), appropriate measures to promote ESG-risk awareness, including knowledge of institutions’ ESG strategic objectives and corporate values, and a proper accountability framework. Given the relative novelty of ESG risks, institutions should ensure, as part of their training policy, that staff are adequately trained to improve the understanding and practical handling of these risks
The management body is responsible for the implementation of an adequate internal control framework and the approval of internal control policies, mechanisms and procedures. It is crucial that organisational structures, implemented by institutions e.g. based on the ‘three lines of defence’ model, support and promote effective and prudent decision-making. The business lines and units taking on risk have the primary responsibility for managing the risk generated by their activities throughout the lifetime of that activity. This general principle is equally applicable for the integration of ESG risks in the risk management and control framework.
Institutions set and operate risk management functionst hat are responsible for ensuring the proper risk controls. The incorporation of ESG risks and in particular the specifics of ESG transmission channels (as described in Chapter 2) into financial risk categories, in these functions that are independent from the business lines and units, would ensure that the longterm impact of ESG risks is accounted for in the decision-making process and, overall, minimise the institutions’ exposure to ESG risks. The compliance function 183 also complements the risk management framework and monitors the alignment of institutions’ activities with applicable laws, rules, regulations and standards, including ESG regulatory aspects.
The independent internal audit function, among other tasks, reviews the internal governance arrangements, processes and mechanisms to ascertain that they are sound and effective, that they are implemented and that they are being consistently applied throughout the organisation. Assuming that all relevant aspects of ESG factors and ESG risks are incorporated into the institution’s governance and organisational arrangements, the internal audit function would capture these under the existing processes, including by effectively communicating with all parties involved in the integration of ESG risks into its activities
ESG risks are understood to be drivers of traditional financial risks and institutions should be able to capture the risks associated with ESG factors when they account for them in their risk appetite and apply their risk management frameworks with appropriate and accurate risk metrics and limits. Depending on the overall strategy and approach to transition risk, the relevant limits might need to be reviewed or extended to include new types of limits that are relevant from the ESG perspective (e.g. sectors excluded from eligibility based on the institution’s business strategy).
Risk appetite statements incorporating ESG risks would then cascade down to group entities, business lines and units, in close interaction with the implementation of the business strategy.
Moreover, the institution could enter into a constructive dialogue with counterparties that are highly exposed to ESG risk to eliminate or at least reduce the source of ESG risks deriving from the counterparty to a level below the maximum limit set in the risk appetite framework. Further examples could consist of setting up an ESG scoring system (see description of the exposure method in the previous chapter) and modifying credit conditions for borrowers included in an exclusion list, on the basis of their ESG score
For physical risks and transition risk, a high degree of granularity appears to be warranted, as it allows the differences in vulnerability within countries or sectorsto be taken into account. Institutions should try, for instance, to identify the share of their counterparties’ assets located in geographical areas that are more vulnerable to acute or chronic physical risks and any measures taken by them to mitigate the vulnerability of those specific assets.
Institutions should also include in their ICAAP and ILAAPframeworks a description of the risk appetite/tolerance levels, thresholds and limits set for the identified material risks, as well as the time horizons, and the process applied to keeping such thresholds and limits up to date. This would align institutions’ practices with supervisory expectations as this information is indicated in the EBA Guidelines on ICAAP and ILAAP. The forward-looking approach of those frameworks should take into account the materialisation horizon of ESG risks, for the short,medium and long term. Similarly, institutions should take into account the relevance of ESGrelated impacts on business lines when designing scenarios for recovery planning processes, asthese can be especially prone to climate change and environmental degradation.
Nevertheless, it is important that institutions proactively build up their data infrastructure and increasingly collect the information necessary to conduct such assessments. Institutions may also consider the use of proxies and estimates as first intermediate steps.
Loan origination is a crucial phase for collecting the necessary ESG-related information and data associated with the different elements of the transaction, e.g. the product itself, collateral or counterparty. The information and data collected at the initial evaluation phase would directly feed into the monitoring process. In addition, as part of loan origination, institutions evaluate the repayment capacity and creditworthiness of the borrowers, typically based on the financial and non-financial analysis of a corporate or retail counterparty. In these evaluations, institutionstypically apply a frequently used approach by assigning a certain rating or score to the potential borrower to indicate the level of risk. In some cases, although ESG factors and associated risks are relevant and present, these rating or scoring systems have not yet reflected ESG factors as relevant parameters. As part of loan origination or ongoing engagement with customers, institutions should gradually incorporate the evaluation of ESG factors into their processes, as set down in the Guidelines on loan origination and monitoring. Including ESG considerations at a very early stage of a business relationship with clients and counterparties should help institutions in their approach to gathering data and assessing ESG risks.
In methodology building, it is essential to evaluate which of the existing methods can sufficiently incorporate the ESG factors and transmitted ESG risks into financial risk categories, and what additional methods or approaches need to be incorporated to capture exposurebased and portfolio-based risk measurement and monitoring.The assessment of ESG risks in the initial methodology building should consider the role of additional and complementary metrics in order to take into account the realisation timeframe of ESG risk, whether in the short, medium or long term, in a forward-looking manner. As the evaluation of ESG risk involves a much longer time horizon than that used in the existing risk management tools, forward-looking tools such as scenario analysis and stress testing are being explored by institutions. It is essential for institutions to evaluate which methods and metrics are the most suitable for them, considering their strategy and overall approach to ESG risks
Quantitative indicators can take the form of key performance indicators (KPIs), which capture both risk and opportunities, and allow for a comparison between portfolios. Nevertheless, beyond a static monitoring of their exposures, institutions should also focus on evaluating potential current and future impacts of ESG risks through scenario analysis. It might be less straightforward to translate social and governance risks into commonly agreed quantitative indicators and a more qualitative approach for these risks may be implemented in the first place.
With regard to credit and counterparty risk, ESG risks may challenge institutions in all stages of the process, from granting to monitoring. Specifically, ESG risks can impact the main credit parameters
ESG risks can drive market risks. For example, higher downside risks can be associated with financial instruments issued by companies that are environmentally unsustainable or socially irresponsible. Understanding and establishing a direct relationship between how ESG risks impact issuers and how the value of the related financial instruments changes is challenging, but it is important to assess and evaluate both the risk of losses and of increased volatility
ESG risks can drive operational risk, e.g. legal risk, and reputational risk that can arise as a result of the institution’s activities. For instance, an institutionthat hasfinancing activities that are publicly controversial (e.g. hydraulic fracturing or fossil fuel financing) might see their reputation impacted or might be subject to legal claims. As mentioned earlier in this report, institutions may also be directly subject to the physical risks stemming from climate-related and environmental factors. Institutions should accordingly ensure that their operational risk management adequately considers physical risk impacts, with a view to ensuring their business continuity and ability to recover from disasters, taking into account their geographical location, physical assets and outsourcing arrangements
As evidenced in the EBA’s survey on sustainable finance market practices201, there is a growing consensus in the industry to consider ESG risks as drivers of existing prudential risks, with the exception of liquidity risk. However, it is deemed important not to overlook liquidity and funding risk. Indeed, ESG factors could also result in funding issues for an institution or make some assets less liquid.
Institutions should take into account that ESG risks can affect, through micro-prudential and macro-prudential factors, both their profit and loss account and their balance sheet. ESG factors, both independently and through the aforementioned profit and loss account, can affect an institution’s capital and liquidity adequacy, the risk weight of its assets, and its access to capital and liquidity
Additional and complementary measures that institutions may take to mitigate ESG risks depend on the source of the ESG risks. For instance, if ESG factors impact credit risk, institutions can consider credit risk mitigation tools (e.g. guarantees and collateral). If operational risk is impacted, institutions can consider taking corrective measures (e.g. insurance policies). Market risk mitigation could entail the diversification of portfolios, thereby reducing concentration risks, amongst others.
In line with their business strategy and risk appetite institutions may incentivise their counterparties to mitigate ESG risks and transition towards more sustainable business models. This could, for instance, entail setting the interest rate of an environmentally sustainable loan at a level consistent with higher resilience to such risks and the associated improved creditworthiness under otherwise unchanged conditions. For credit institutions originating sustainable lending, the interest rate adjustment process could be linked to the achievement of sustainability targets by the client over a predefined period of time, in which climate-related and environmental risks are reduced. Similarly, the increase of ESG issuances with attractive funding costs and linked to a strict use of proceeds would provide a basis for pricing differentiation.
The identification of exposures affected by climate-related risks is the basis of a climate risk stress test. Up until now, only limited empirical and sufficiently granular data exist to measure actual climate risk exposures. Moreover, classifying green versus non-green exposures in a consistent manneris currently one of the major challenges. In addition, translating borrower level criteria into supervisory data requirements at exposure class level also appears to be fraught with operational issues as more granular information would be needed at activity level to identify those borrowers that are particularly exposed to climate risk. Moreover, integrating input data with a broader set of climate risk indicators, such as those defined by external data providers, or with public information on the borrower, could pose significant comparability and data quality issues.
Transition risks vary across sectors depending on the pace of adaptation and can change in the future: early adaptation (electric cars) vs. late adaptation (coal power station). In light of this, historical information would not help the modelling of these risks especially in the long run. Therefore, to make an accurate assessment, banks require a methodology which also embeds these forward-looking features and allows major differences in risks to be capture across various sectors or companies.
The EBA also sees a need to gradually develop methodologies and approaches to test the resilience of institutions to the long-term negative impacts of environmental, social and governance factors. The initial objective of this testing should be to assess the long-term resilience of institutions’ business models and support the setting of ESG-risk-related strategic objectives and/or limits. When these methodologies and approaches are sufficiently tested, it will provide institutions with additional input into the assessment of their ICAAP and ILAAP. This gradual approach also implies the prioritisation of testing resilience to the environmental factors, for which more data and methodologies are available, followed by social factors.
Due to the less advanced approach for social and governance risks, developing their understanding, policies and practices related to social and governance risks and, based on data availability and considering the use of proxies, calculate indicators. Institutions could, for instance, try and identify outstanding assets of counterparties that are particularly exposed to social and governance issues, for instance by replicating the indicators contained in Annex 1 of this report or in Annex 1 of the delegated regulation supplementing the SFDR, as regards principle adverse impacts, and tailor them to their own business model and types of exposures.
In order to build ESG-related testing capabilities, the EBA sees the need for institutions to build their related data infrastructures, proportionate to their size, complexity, risk and business profile, allowing for testing to be performed that covers all material risk factors.
In order to reflect the ESG risks in the supervisory evaluation, the EBA sees the need to proportionately incorporate ESG factors and considerations into business model analysis, in particular with regard to the analysis of the business environment, the current business model, strategy, and the assessment of the viability and sustainability of the business model. Key aspects to be considered in this regard include (sub-)sectoral and geographic concentrations, the institution’s (potential lack of) reflection on the impact of a changing business environment, internal capacity building, relationships with stakeholders and projected profitability and losses under an ESG risk perspective.
Climate sensitivity analysis
An exercise without scenarios, assessing changes in portfolios’ risk attributes by changing some of the inputs in financial models based on shading and classification of exposures into ‘green’ versus ‘non-green’ (which determines an exposure’s vulnerability to climate-related events and policies).
Climate stress test
Assessment featuring fully fledged scenarios that map out possible future development paths of transition variables (e.g. carbon prices), physical variables (e.g. temperature increases) and the related changes in macro variables (e.g. output in different sectors, GDP, unemployment) and financial variables (e.g. interest rates). These scenarios are then translated into changes in portfolio (risk) attributes
Climate-related risks are the financial risks posed by the exposure of institutions to counterparties that may potentially contribute to or be affected by climate change.
Environmental matters that may have a positive or negative impact on the financial performance or solvency of an entity, sovereign or individual.
The risks of any negative financial impact on the institution stemming from the current or prospective impacts of environmental factors on its counterparties or invested assets.
Environmental, social or governance matters that may have a positive or negative impact on the financial performance or solvency of an entity, sovereign or individual.
ESG risk-related strategic objectives and/or limits
Determinations which aim at managing an institution’s exposure to ESG risks, over the short-, medium- and long-term time horizons.
ESG risks are the risks of any negative financial impact on the institution stemming from the current or prospective impacts of ESG factors on its counterparties or invested assets.
ESG-related investment benchmarks
Benchmarks which incorporate specific sustainability-related objectives and help to assess and compare the performance of sustainable investments over time.
Methodological approach for the assessment of ESG risk which focuses on how individual exposures and counterparties perform on ESG factors.
Governance matters that may have a positive or negative impact on the financial performance or solvency of an entity, sovereign or individual.
The risks of any negative financial impact on the institution stemming from the current or prospective impacts of governance factors on its counterparties or invested assets.
The risks of any negative financial impact on the institution stemming from the current or prospective impacts of the physical effects of environmental factors on its counterparties or invested assets.
Portfolio alignment method
Methodological approach for the assessment of ESG risk which focuses on how aligned an institution’s portfolio is with global sustainability targets.
Avenues through which ESG factors can lead to negative financial impacts
Risk framework method
Methodological approach for the assessment of ESG risk which focuses on how sustainability-related issues affect the risk profile of a bank’s portfolio and its standard risk indicators.
Social matters that may have a positive or negative impact on the financial performance or solvency of an entity, sovereign or individual.
The risks of any negative financial impact on the institution stemming from the current or prospective impacts of social factors on its counterparties or invested assets.
Frameworks which classify different elements within a given set (e.g. economic activities, social practices or conventions) by defining them and linking them to different categories based on certain criteria.
The risks of any negative financial impact on the institution stemming from the current or prospective impacts of the transition to an environmentally sustainable economy on its counterparties or invested assets.
The causal chains that explain how these risk drivers impact institutions through their counterparties and invested assets.