ESG risk management

EBA proposes requirements for financial institutions 

On 18 January 2024, EBA initiated the consultation process on “Draft Guidelines on the management of ESG risks”, ended on 18 April 2024.[1] The proposed ESG risk guidelines set out requirements for the identification, measurement, management, and monitoring of ESG risks, also through prudential transition plans aiming to address the risks arising from the transition toward an EU climate-neutral economy.

The proposed guidelines set requirements for the internal processes and ESG risks management arrangements that institutions should have in place, providing further details on key ESG provisions of the forthcoming CRD6/CRR3. Inter alia, the draft guidelines specify the following aspects:

a) The minimum standards and reference methodologies for the identification, measurement, management, and monitoring of ESG risks.

b) The contents of the required prudential transition plans (e.g., specific timelines, intermediate quantifiable targets and milestones) in order to monitor and address the financial risks stemming from ESG factors.

The guidelines will apply to all institutions within scope of CRR, including those currently in scope of the ECB’s existing supervisory guide on climate and environmental (C&E) risks, while they are consistent with and include cross-references to other EBA Guidelines or Standards referring to ESG risks. [2][3][4] The EBA plans to finalize the draft guidelines by end-2024 and expects them to apply from the CRD6 application date, anticipated at the end of 2025.

While monitoring and compliance with ESG risk requirements remains a challenging task for financial institutions, the proposed guidelines are described by the EBA as the new, principal reference addressed to institutions on ESG risk management, and - in our view - will have a far-reaching impact for financial institutions.

Below we briefly present the key points of the guidelines and their main implications for the Greek financial institutions. 

Identification & measurement of ESG risks

Institutions’ internal procedures should include tools, methodologies, and capabilities to identify ESG risk drivers and their transmission channels to financial risks, map exposures and their concentration according to ESG risk drivers, and measure and manage material ESG risks, including from a forward-looking perspective.

The ESG Risk Materiality Assessment (ESG RIMA) is considered the starting point in ESG risk management. The ESG RIMA should be performed annually across short-term (i.e., less than 3 years), medium-term (3 to 5 years), and long-term time (at least 10 years) time horizons as part of institution’s internal procedures. It should be consistent with and integrated into other materiality assessments conducted by institutions, such as those made for the purposes of the Internal Capital Adequacy Assessment Process (ICAAP).

Inputs and factors considered in ESG RIMA should include (at least) the consideration and use of both qualitative and quantitative elements and data, the assessment of the impact of ESG risks on the most significant activities, services and products, and the assessment of both transition and physical risk drivers, e.g., counterparty’s sector of activity and geographical location of collateral respectively. For sectors that are considered to be materially exposed to transition risk (e.g., oil, gas, mining, and transportation), institutions will be required to set out plans for managing short, medium, and long-term risks for the vast majority of their exposures.

As part of minimum standards to identify and measure ESG risks to which institutions are exposed, institutions should include in their internal procedures the identification and the analysis of necessary data and information.[5] In cases where data is not available or has shortcomings, institutions should assess these gaps and their potential impact, and take remediating actions.

For identification and measurement, a three-layered approach is proposed by EBA,

a) the “exposure-based” approach, focusing on counterparty level, in line with EBA guidelines on loan origination and monitoring;

b) the “portfolio-based” approach, focusing on portfolio alignment i.e., measurement of the gap between existing portfolios’ emission pathway with the required emission pathway to meet climate targets. Noteworthy, EBA puts portfolio alignment as a minimum requirement for the first time, meaning that all institutions will be expected to use at least one portfolio alignment methodology in their risk management going forward;

c) the “scenario-based” approach, which is a stress testing approach that will be covered in more detail in forthcoming guidelines.

To evaluate environmental risks at the exposure-base level, institutions should have internal procedures that incorporate a range of risk factors and criteria. These should encompass, at a minimum, both physical and transition risk drivers, as well as critical disruptions to business, the maturity of the exposure/asset and possible mitigation opportunities (Figure 1).

Management & monitoring of ESG risks

Institutions should develop a robust and sound approach to manage and mitigate ESG risks over the short, medium, and long-term, through a number of risk management and mitigation tools, such as engagement with counterparties that aim to improve their ESG profile, adjusting their financial terms, tenor and/or pricing based on ESG considerations, portfolio diversification based on ESG-relevant criteria, etc.

Institutions should account for ESG risks in their overall business and risk strategies and have a comprehensive understanding of their business model, strategic objectives, and risk strategy from an ESG perspective to ensure that their governance and risk management frameworks, including risk appetite, are adequate to implement them.

Risk strategies should formulate and monitor ESG risk-related objectives, Key Performance Indicators (KPIs) and metrics. Furthermore, risk strategies should consider how ESG, and especially C&E factors can:

  • Affect the business environment and lead to structural changes in
    the economy, financial system, and competition.
  • Have an adverse impact on the viability of their business model and sustainability of their business strategy, including profitability and revenue sources.
  • Affect their ability to achieve their strategic objectives and remain within their risk appetite.

Institutions should monitor ESG risks through effective internal reporting frameworks that convey appropriate information and aggregated data to senior management and the management body (e.g., integrating ESG risks into the regular risk reports, dashboards with ESG metrics, etc.).

Institutions should implement granular and frequent monitoring of counterparties, exposures, and portfolios that are assessed as materially exposed to ESG risks. Furthermore, institutions should set early warning indicators and thresholds, monitor a range of backward and forward-looking ESG risks metrics, and have strategies and plans in place to take mitigation actions in case limits are exceeded. 

The forthcoming CRD6 will require institutions to draft specific prudential (transition) plans in which they will articulate their strategic actions and risk management tools used to ensure their resilience to ESG risks across different time horizons. Inter alia, prudential plans aim to:

  • Ensure that institutions comprehensively assess (identify,
    measure, manage and monitor) ESG risks, in particular C&E risks and
    embed forward-looking risk considerations in their strategies, policies, and risk management processes under a long-term perspective, setting targets and milestones at regular time intervals.
  • Stimulate institutions to proactively reflect on changes (e.g., technological, business, consumer behavior, etc.) driven by the green transition, identify risks and opportunities and adapt accordingly through structured transition planning.

Prudential plans will be reviewed by management, documented, and integrated into business strategies and aligned with a bank’s funding strategy, risk appetite, ICAAP, overall risk management framework and public communication. As such, supervisors will also be able to assess those plans and require from institutions to adjust their exposures to ESG risks according to their changes in business strategies, governance, and risk management (e.g., reinforce targets, measures and actions included in their plan).


[1] The draft Guidelines can be found here: Draft Guidelines on the management of ESG risks
[2] EBA Guidelines on loan origination and monitoring (EBA/GL/2020/06)
[3] EBA Guidelines on internal governance under Directive 2013/36/EU (EBA/GL/2021/05)
[4] EBA ITS on Pillar 3 disclosures on ESG risks (EBA/ITS/2022/01)
[5] For large corporate counterparties, the data for the assessment of environmental risks should include at least the following: geographical location of assets, greenhouse gas (GHG) scope 1, 2 and 3 emissions, material impacts on the environment, dependency on fossil fuels, energy, and water demand and/or consumption, energy performance certificates, adherence to climate and environmental reporting, litigation risk and forward-looking adaptive capacity.

  • Regulatory health check

Our health check assists you in scanning your high-level readiness and compliance against new and incoming regulations, giving you a high-level gap analysis and action plan for remediation.

  • End-to-end solutions

Our C&E Credit Analytics team provides a wide range of end-to-end bespoke solutions for banks, from identification of ESG risks to measurement, managing and monitoring. Our solutions include, inter alia, implementation of ESG RIMA, formation of risk management plans and development of measurement methodologies to comprehensively assess ESG risks across various time horizons.

  • Bespoke training and seminars

Deloitte specialists provide training, including Board and executive training, as well as differentiated learning modules for staff at all levels.

Did you find this useful?