The ECB supervisory priorities for 2023-2025 stress the need for further increasing the efforts to combat climate change and urge institutions to focus on incorporating climate-related risks into their governance and risk management framework (financial and non-financial risks) before the end of 2024. The ECB Climate Stress Test (CST), published on 8 July 2022, provided important insights into the extent to which banks are prepared to integrate climate risks into their risk management processes. The results underline the challenges banks faced during the 2022 CST and in integrating ESG into the internal capital adequacy assessment process (ICAAP) in terms of determining risk appetite, the overall integration into risk management, and overall risk strategy integration. In this paper we focus on the integration of ESG into the non-financial risk framework.
The regulatory requirements to integrate ESG risks into the existing non-financial-risk (NFR) framework pose several challenges for financial institutions. Firstly, banks must identify, define and integrate ESG scenarios into their risk management. Simultaneously, banks are required to establish appropriate governance structures, aligned with their risk management and governance framework, including the integration across the three lines of defence (LoD). The required implementations and adjustments to existing processes are costly and time-consuming and put further pressure on firms already straining to fully integrate climate and environmental risks into the NFR strategy, risk management and governance by the end of 2024.
Below, we examine the supervisory expectations for ESG risks and resulting challenges for banks to align their internal governance processes, risk appetite and risk evaluation with the regulatory demands.
The ECB expects the full integration of climate and environmental risks into the following three pillars: (1) governance, (2) strategy and (3) risk evaluation by the end of 2024. Therefore, banks need to adopt a robust governance framework enabling them to effectively identify, manage, monitor, and report climate and environmental risks.
Management plays a special role in developing the overall business and risk strategy under ESG and takes over the responsibility to set clear objectives, approve and monitor the implementation of climate and environmental risks into the overall business and risk strategy. Beyond that, the three LoD need to re-structure the monitoring processes (e.g. EBA GLOM). Thereby, it is particularly important that roles and responsibilities for managing climate-related and environmental risks are clearly defined and aligned with the respective ESG ambition level.
There are two options to combine ESG risks and the existing NFR framework: (1) supplement ESG risks to the non-financial risk taxonomy as a separate risk category or (2) integrate ESG risks into one of the existing risk types. The responsibility to monitor ESG risks may either be settled in the Operational Risk Management, the Compliance department or as a separate ESG risk management function. The responsibility to assess the risks lays with the first line of defence. It is crucial that responsibilities are clearly defined as part of the internal framework.
The ECB states that climate-related financial risks shall be clearly defined and addressed in the bank´s risk appetite framework in consistency with its strategy. In the ECB´s 2022 CST, almost half of the participating banks received the lowest score for the integration of climate stress testing into their governance and risk appetite frameworks, underlining the importance for action.
The resulting challenge for banks in implementing the ECB guidelines is to combine their ESG strategy with the risk appetite, requiring banks to expand their planning horizon and consider actual and potential risks within the next decades. The requirement to include climate and environmental risks in the risk appetite framework asks institutions to develop, implement, monitor and validate long-term and forward-looking key risk Indicators, their limitations and weightings as well as setting up an escalation process to report and mitigate breaches when pre-defined limits are reached.
The ESG strategy can either be identified as distinct risk strategy or anchored in an already existing framework, such as operational risk. Equally the risk appetite for ESG can either be defined separately or within the known NFR categories. In any case, banks need to evaluate the impact of ESG on existing NFR risk strategies.
Based on the ESG risk strategy and appetite, the supervisors expect that the risk evaluation process needs to integrate climate and environmental risks into the existing well-known risk categories (credit, market, liquidity, operational risk). Consequently, those risks need to be quantified as part of the process to identify adequate capital requirements (e.g. ICAAP) over a sufficiently long timeframe.
As a result, banks are required to broaden existing scenarios, time frames and measures to quantify risks linked to climate change. Therefore, ESG should be included in the existing individual NFR risk analyses. This means that ESG relevance must be examined for each material NFR, and, if required, the assessment methodology needs to be adjusted, existing ESG aspects identified, or additional scenarios for ESG included in the assessment.
Additionally, the right data framework is key to covering these challenges as the ESG risk management asks for a high level of transparency of the reports, focusing on identifying relevant risks and implementing measures to monitor and manage those. To approach this challenge, the ECB suggests banks use available data and focus on integrating climate stress tests.
We conclude that integrating climate risks into the non-financial risk management framework requires banks to add climate and environmental risks to their existing NFR framework and to align their governance structures, risk appetite and risk evaluation accordingly. Consistency between the elements is key to ensuring effective integration of ESG risks into the NFR framework.
How fast and how long this transformation process will take depends on several factors such as the short- and long-term ESG strategy of the financial institution, the willingness of banks to adjust their planning horizon to evaluate ESG risks, and their ability to set up a well-defined governance structure in terms of objectives, monitoring and responsibilities.
Capco has a strong and varied track record of supporting clients with their change processes, spanning a wide range of business and regulatory requirements, processes and data and IT implementations. We have developed an approach for integrating climate and environmental risks into the non-financial risk management processes and creating a robust data and IT framework. Contact us to learn more about how we can help your institution on its journey to change and give you an edge over your competition.