This part continues our blog on how the ‘ECB turns up the heat on banks to tackle climate risks (Part 1)’. It assesses the results of the ECB’s 2022 Thematic Review and what the ECB considers a ‘good practice’ as well as current legislative initiatives to establish these practices in statutory law.
Results of the 2022 Thematic Review and sharing of good practices
The 2022 Thematic Review was carried out with the help of 21 national competent authorities and covered a sample of 186 banks. It focused on the ECB’s expectations for the assessment of materiality, business strategy governance and risk appetite, and risk management. Together with its report of 2 November 2022, the ECB published a set of good practices for C&E risk management – along with good practices for stress testing – on 19 December 2022 to ‘respond to the wish from the industry for insights on good practices.’ The ECB noted that these practices may not be replicable or ensure alignment with supervisory expectations, and called for institution-specific implementation efforts.
The ECB’s finding of the 2022 Thematic Review can be summarised as follows:
Materiality Assessment
The fact that C&E risks can be material is hardly questioned any more, with 80 per cent of banks reporting exposure to climate risks, an increase from 50 per cent in 2021. And the thematic review showed that not one of the 21 institutions, that did not report that they were materially exposed to climate risks, had comprehensively covered its main risk types and main portfolios. However, institutions continue to significantly underestimate the breadth and magnitude of C&E risks. Blind spots in the identification of C&E risks in key sectors, geographies and risk drivers were identified in 96 per cent of institutions and, of these, 60 per cent were considered to be major gaps.
Some banks have developed processes to identify risk drivers, using both internal knowledge and external sources as compiled by the Intergovernmental Panel on Climate Change and the Network for Greening the Financial System. To determine material impact, some of them use heatmapping and similar methods. In order to identify their concrete exposures, advanced institutions do not only use qualitative approaches supplemented by proxy-based data but scenario analyses to integrate C&E risks into their Probability of Default (eg through changes in client revenues/costs) or Loss-Given D assessments (eg through changes in the value of collateral). To form a final judgement on materiality, some institutions set a threshold for the assessment outcomes.
Strategy
Many banks have begun to understand the impact of climate risks on their business models, but strategies have yet to comprehensively address all risks. In nine out of ten cases, the ECB found that institutions’ strategies do not respond to all the material risks to which the banks are exposed or likely to be exposed. Some institutions have developed a strategic approach to managing climate risks through transition planning, target setting and products and services that support clients in the transition to a low-carbon economy. Some have also identified strategic steering tools such as client engagement and transition plans. While most institutions focus on transition risks, they are expected to also consider physical risk drivers in integrating climate-related risks into their business strategy.
Governance
Banks have generally improved their organisational structures but are still in the early stages of addressing climate risks in a comprehensive and granular manner. 55 per cent of the institutions developed practices at the policy and procedural level, but failed to implement them effectively. Adequately incorporating C&E-related risk management strategies and processes within their organisational structure requires:
(1) Assigning roles and responsibilities, as well as suitability of the management body for C&E risks through committees and discussions involving relevant functions eg by setting up committees or top-down and bottom-up discussions involving all relevant functions),
(2) Incorporating C&E risks into risk appetite frameworks and remuneration policies (eg with forward-looking climate-related KRIs in their risk appetite framework),
(3) Assigning responsibility for managing C&E risks within the organisational structure, including compliance checks (eg by integrating greenwashing risk considerations into the governance framework for its products and services within the second line) and
(4) Reporting aggregated risk data to aid decision-making.
These efforts typically involve a data gap analysis, a data collection strategy using internal and external sources (an institution might, for instance, use open-source tools to collect C&E risk information, including for small businesses, for example, as part of the calculation of PACTA portfolio alignment), and a data management and reporting framework.
Risk Management
Almost all institutions use at least basic quantification methods to measure climate-related risks, employing proxies and assumptions when data availability is limited. Advanced methods include client due diligence, risk classification using scorecards and questionnaires as well as forward-looking scenario analysis to quantify weather hazards and incorporating C&E risks in collateral valuations and pricing. However, most institutions have yet to develop the granular and forward-looking quantification methods required to fully grasp the magnitude of their C&E-risks. Those who do use scenario-based approaches for credit, market and operational risks ultimately allocated additional economic capital allocation specifically for C&E risks.
Environmental Risks in the Broader Sense
The relevance of environmental risks in a broader sense, especially biodiversity loss, has been highlighted for some time now. The impact of the Covid-19 pandemic has made it evident that environmental risk (eg the financial consequences of a zoonotic pandemic) is not a theoretical concern but can materialise into severe and unexpected financial losses. However, only half of the institutions have started qualitative identification of environmental risk drivers other than climate-related risks, more than one-third of the institutions have still not considered them in their materiality assessments at all.
While quantifying these risks remains a challenge, it is becoming apparent that institutions are following a similar path for the management of non-climate-related environmental risks. To mitigate such risks, some institutions have implemented risk management practices specifically addressing other environmental risk drivers such as biodiversity loss, water stress and pollution and integrated these measures into their credit policy and loan origination framework. One institution has identified biodiversity as one of the three pillars of its sustainability policy, which is based on globally recognised conventions and treaties such as the Convention on Biological Diversity and the United Nations Sustainable Development Goals. It adopted a low-risk appetite for environmental risks that may cause financial or reputational damage. Additionally, it has set a strategic target to have a net positive impact on biodiversity through its financing and investment activities in the medium term.
Legislative action lacking behind
The EU's legislative general response to Environmental, Social and Governance (ESG) risks and their management is still largely outstanding – and compared to the already ongoing enforcement of supervisory expectations especially in the area of C&E risk management – lacking behind.
The European Commission’s proposal for the CRR3/CRD6 package of October 2021 sets out specific requirements for the identification, measurement, management and monitoring of ESG risks and the power of supervisors to assess these risks as part of their regular supervisory reviews, including through climate stress tests carried out by themselves and by banks. They make it explicitly clear that C&E risks are not just to be considered in transparency requirements, but also in the second and potentially the first pillar of EU prudential regulation. The future CRD6 requirements will be accompanied and further specified by new guidelines of the European Banking Authority (EBA) on the management of ESG risks and revised guidelines on SREP.
As set out in EBA’s Roadmap on Sustainable Finance which was published on 13 December 2022, the future ESG risk management guidelines will build on the EBA report on the management and supervision of ESG risks of June 2021 as well as relevant international standards and principles, including the Basel Committee on Banking Supervision BCBS principles for effective management and supervision of climate-related risks of June 2022.
Final agreement on the CRR3/CRD6 package, which has entered trialogue negotiations, is not to be expected before end of 2023. Considering the 18 months period for transposing the CRD6 into national laws, the new requirements on ESG risk management will presumably not apply until mid- or late-2025; the EBA is mandated to publish relevant guidelines within 12 months from the entry into force of CRD6, which means that these will likely be in place at the same time.
Until then, European banks have to meet supervisory expectations, whether those of the ECB or those of competent national supervisory authorities, such as the German Federal Financial Supervisory Authority (BaFin).