There is increasing pressure on banking institutions to implement policies, procedures and controls around managing the risks associated with the transition to Net Zero.
Mike Jennings, Sustainable Finance Director, collated this guide to help banks to better understand the approaches of different regulatory regimes and to highlight where regulators are taking similar approaches.
The analysis includes regulations (whether draft or final) issued by the following regulatory bodies as these cover three major markets (UK, EU, and USA):
- European Central Bank (ECB) in the EU
- European Banking Authority (EBA) in the EU
- Prudential Regulation Authority (PRA) in the UK
- Basle Committee on Banking Supervision (BCBS)
- Office of the Comptroller of the Currency (OCC) in the USA
- Federal Deposit Insurance Corporation (FDIC) in the USA
This guide does not compare and contract stress testing scenarios and stress testing guidance for stress tests globally.

Where Do Regulators Focus?
Overall, there is a lot of similarity between regulators in terms of where they see that banking institutions should focus when implementing risk management policies and procedures for climate and environmental risks. There is a level of consistency across regulators as to which areas are important in managing these risks. These risk areas include:
Strategy and Strategic Planning
Institutions are expected to integrate climate-related and environmental risks that affect their business environment in the short, medium or long term into their business strategy. Regulators expect that institutions will have sound practices for identifying material impacts on their business (and in the EU on the environment) and strategy, financial, operating and capital plans. Appropriate guidance can be found in the ECB, BCBS and OCC/FDIC regulations.
Governance
Regulators expect that institutions will assign responsibilities for climate-related and environmental risks to appropriate individuals at the Board level and management level or through committee, and to assess how these risks can affect various stakeholders of the institution. Once again, good examples of regulations can be found in the ECB, BCBS, PRA and OCC/FDIC regulations.
Policies and Procedures
One of the crucial areas that is addressed by many regulators relates to incorporating such risks in the risk appetite and internal control framework. The OCC/FDIC provide guidance that climate-related and environmental risks should be incorporated into risk policies and procedures, and in limit setting in line with the risk appetite statement. The ECB and BCBS outline the requirement for institutions to implement risk management for climate-related and environmental risks across the three lines of defence.

Reporting
It is expected that there will be sufficient and appropriate internal reporting of climate-related and environmental risk exposures within the institution at various levels. Institutions should ensure that internal reporting is organised to provide timely and relevant information for decision-making across all material risks. Key guidance can be found in the ECB and BCBS regulations.
The PRA and ECB also have requirements around external reporting and disclosure of information relating to climate-related and environmental risks in terms of the need to publish meaningful information and key metrics. The ECB outlines that reporting needs to be done in agreement with the European Commission’s requirements for non-financial reporting. The PRA outlines that disclosures are constantly evolving, and it is likely that at some point will become mandatory, and institutions should start to prepare.
Risk Management
There is specific guidance from the OCC/FDIC: “Management should oversee the development and implementation of processes to identify, measure, monitor, and control climate-related financial risk exposures within the bank’s existing risk management framework. Risk identification includes assessment of climate-related financial risks across a range of plausible scenarios and under various time horizons. Tools and approaches for measuring and monitoring exposure to climate-related risks include, among others, exposure analysis, heat maps, climate risk dashboards, and scenario analysis.” The BCBS also includes these assessments in the Internal Capital Adequacy Assessment Process (ICAAP) and Internal Liquidity Adequacy Assessment Process (ILAAP). The ECB and PRA also provide guidance in this area and includes requirements around ensuring capital adequacy.
Credit Risk
In their credit risk management, institutions are expected to consider climate-related and environmental risks at all relevant stages of the credit-granting process and to monitor the risks in their portfolios. Systems and processes should be updated to ensure that these risks are included in credit underwriting and monitoring processes. ECB, BCBS and OCC/FDIC all deal with credit risk. EBA has issued specific guidance on loan origination and monitoring of processes and controls.
Operational Risk
Institutions should understand the impact of climate-related and environmental risks on their operational risks, control environment and regulatory compliance. Risks can also have an impact on operational resilience and business continuity. Both the ECB and OCC/FDIC also draw attention to the need to ensure that institutions manage risks around reputation risk and legal liabilities.
Market Risk
Institutions should understand the impact of climate-related and environmental risks on their market positions and on their market risk policies, processes and systems.
Liquidity Risk
Banks should understand the impact of climate-related risk drivers on their liquidity risk profiles and ensure that liquidity risk management systems and processes consider material climate-related financial risks, including possible impacts on liquidity buffers and net cash positions. The OCC/FDIC, ECB and BCBS all agree in this area.
Scenario Analysis
Where appropriate, institutions should be assessed through the lens of scenario analysis, looking at the resilience of current strategies and business models overall short-, medium- and long-term horizons. The OCC/FDIC sets out that: “For the purposes of this guidance, climate-related scenario analysis refers to exercises used to conduct a forward-looking assessment of the potential impact on a bank of changes in the economy, financial system, or the distribution of physical hazards resulting from climate-related risks.” Such scenario testing should be subject to governance, oversight, quality control and testing by independent parties such as an internal audit. Scenario testing is a key part of risk management for all regulators.
There are several additional areas that the OCC/FDIC in the US include within their guidance:
- Appropriate management of interest rate risk and the risk of changes in pricing due to climatic events; and
- Legal and regulatory risk and the risk of increased liability from activities that may be detrimental to ESG objectives, such as social diversity or ethnicity regulations.
The ECB also outlines an important additional area around reporting and stress tests; “Institutions are expected to monitor, on an ongoing basis, the effect of climate-related and environmental factors on their current market risk positions and future investments, and to develop stress tests that incorporate climate-related and environmental risks.” Regarding stress tests, the ECB has supplied guidance on how they expect stress tests to be performed and the policies, processes, and controls that they expect to see in place when institutions are performing stress tests. This is a comprehensive framework for helping to implement stress tests and includes the need for proper consideration of risk and stress results in terms of governance, business strategy, data requirements, risk appetite, ICAAP implementations, the involvement of internal audit and how to perform stress tests in international groups.
The EBA Loan Origination and Monitoring regulation is a good basis for considering how to incorporate climate-related and environmental risks into both credit underwriting and monitoring, covering internal governance around credit origination and monitoring including policies, procedures, and risk limits, for example, origination process implications, collateral considerations and how to best monitor these risks within the credit portfolio.
Where To Start?
For smaller institutions looking to get a head-start on future regulation or those wanting to better manage climate-related and environmental risks, an initial assessment to see what you already have in place is key, and then develop a joint roadmap of key capabilities to build. Many regulators have set out a risk management regulation that applies to all risks that a financial institution may face; it could be argued that climate risk is one of those risks that should already be managed.
Others start with loan origination and monitoring, as that is the backbone of where the risks sit within the business and then grow capabilities out from them. There are many ways to start. It is just important to start.
How We Can Help
A solid understanding of the fundamentals of managing climate-related and environmental risks can help financial institutions to minimise risks and maximise opportunities from the transition to Net Zero, either for their own journey or for the journeys of their customers. At Anthesis we have a dedicated team to help our clients manage such risks and we work with a wide variety of positions:
- Chief Risk Officers – Implementing climate-related and environmental risks into their origination and monitoring processes, and assisting with governance, process and control changes needed across the risk function, including implementing ESG scoring tools for un-rated companies.
- Chief Information Technology Officers – Collating data required for climate-related and environmental risks reporting, both internal and external, and on data management for stress tests and scenario planning.
- Internal Audit – Designing audit plans and providing expert opinion on specific risk management issues and topics during the audit process, and on providing advice and training to audit committees on their responsibilities with regard to these risks.
- Chief Financial Officer and their team – Collating the data needed for external ESG reporting, whether voluntary or mandatory, and how to best present risk management topics within those reports. Many regulations have been built on the framework used by the Taskforce for Climate-Related Financial Disclosures (TCFD) which many companies are familiar with and which we have implemented at clients numerous times.
- Heads of Corporate and SME Banking – Supporting organisations to understand the risk agenda and how to incorporate risk considerations into the sales model for relationship managers.
If you want to know more about how you can implement climate-related and environmental risk management into your institution or team, or if you are looking for assistance with greenhouse gas emission reduction or setting a strategy and targets, get in touch. Anthesis is one of the largest pure-play consultancies on sustainability and ESG globally.