EBA’s Consultation Paper on the Management of ESG Risks – Our Learnings


In EBA’s Consultation paper on Draft Guidelines on the management of ESG risks[1] published on the 18th of January 2024, EBA continues to clarify requirements on management of ESG risks. The guidelines outlay requirements and minimum standards for the ESG risk management that financial institutions should have in place for short- (less than 3 years), medium- (3-5 years), and long-term (including at least 10 years) horizons and is planned to be finalized by end of 2024. A central point is that identification and management of ESG risks should be embedded in the regular risk management framework of an institution. At the same time the guideline specifies a range of metrics that serve as a minimum standard to be included in the management of ESG risks. For example, the ESG risks that needs to be included in banks´ ICAAP (Internal Capital Adequacy Assessment Process) and ILAAP (Internal Liquidity Adequacy Assessment Process), should impact pricing and processes to collect as well as create insights of respective ESG data. A financial institution is expected to have the relevant competence to evaluate ESG risks efficiently and to collect and draw insights for relevant data. This can imply a cumbersome and costly challenge for financial institutions in general and especially for SNCIs – but also an opportunity.  

In the following, the main requirements banks must comply with will be presented and how an institution that has not been able to properly prioritize ESG risk management could approach this. 

What do the new draft guidelines mean for financial institutions with regards to assessment and management of ESG risks? 

Since the new guidelines include a relatively high level of detail and granularity on ESG data and monitoring, the focus in this section will be on these two topics. Proportionality and materiality will also be summarized below. Other areas such as ESG risk management principles, ICAAP and ILAAP, strategies and business models, Internal culture and control etc. will be covered more briefly.  

ESG Data and monitoring 

Institutions should collect and analyze necessary data and information as well as seek to improve ESG data quality over time. The collection of data should include data points that are current as well as forward looking. The data should be collected on client level by, for example, designing questionnaires that are filled out at time of credit origination and at recurring review of credits, publicly disclosed data on client level, and on asset-level if relevant.  

For large corporate counterparties there are nine specific types of data for environmental risks such as current and forecasted greenhouse gas emissions, energy and water consumption etc. that should be taken into account as a minimum. For social and governance risks, five types of data are specified, including negative impact on local communities and governance practices. 

ESG risks should be monitored continuously – on portfolio but also on counterparty and single exposure level. Considerations on ESG risks should be incorporated in regular credit reviews for medium-sized and larger counterparties and/or by increasing the frequency and granularity of these reviews from an ESG risk perspective. 

Institutions should implement early warning indicators, set limits and/or thresholds and have plans in place for taking mitigating actions in case limits are exceeded.  

The requirements are relatively extensive, institutions should use at least the following indicators to monitor ESG risks (SNIs need to consider using these): 

  • Historical losses and forward-looking estimate(s) of potential financial losses related to ESG risks. 
  • Amount and share of income stemming from business relationships with counterparties operating in sectors that highly contribute to climate change. 
  • A measure of the potential gaps between existing portfolios and benchmark portfolios consistent with the climate target applicable to the respective portfolios based on relevant legal and regulatory objectives. 
  • Greenhouse gas financed emissions, at least for sectors towards which the institution has material exposures.  
  • The percentage of counterparties with whom the institution has engaged on ESG risks matter, for example in relation to their transition plans, at least for sectors and business lines that present material exposures to ESG risks. 
  • Ratios as, for example, the share of environmentally sustainable financing activities that contribute or enable the environmental objective of climate change mitigation as proportion of an institution’s total exposure, and the share of carbon-intense activities. Also, large institutions should complement this with, for example, breaking down real estate portfolios according to the level of energy efficiency of the respective collateral. 
  • A measure of concentration risk related to physical risk drivers, such as collaterals in high flood risks or wildfire risks areas. 
  • Any ESG-related litigation claims in which the institution has been in or is in or may become involved in based on available information. 
  • Progress of an institution’s targets made by the institution in relation to ESG risks.

Proportionality and materiality assessment 

The general principle of proportionality is applicable to the internal governance and risk management of ESG risks. All institutions should implement ESG risk management approaches that reflect the materiality of ESG risk associated with their business model. Small and non-complex institutions (SNCI) may implement less sophisticated risk arrangements such as using less granular methodologies and rely to a larger degree on qualitative considerations or estimates and proxies, if it does not impact their ability to manage ESG risks in a safe and prudent manner in line with their materiality assessment. 

Materiality of ESG risks across short-, medium- and long-term time horizons should be assessed at least once per year (or every 2 years for SNCIs). The assessment should include:  

  •  Consideration and use of qualitative and quantitative elements and data.
  •  Assessment of the impact of ESG risk on the most significant activities, services and products. 
  •  Assessment should include both transitional and physical risk drivers with regards to environmental risks.

As part of their ICAAP, institutions should document their ESG risk materiality assessments, including applied methodologies, limits/thresholds, main results and conclusions/actions drawn. 

A selection of other areas covered in the new guidelines 

The new guidelines cover ESG risk management principles, Strategies and business models, Internal culture and capabilities, ICAAP and ILAAP, Credit risk policies & procedures and Risk appetite. A very high-level summary of what the guidelines mean for these areas is that ESG risks should be seamlessly embedded in all these areas. ESG risks should for example be included in ICAAP and ILAAP and in pricing of credit products and services and ESG risks must not be overlooked in an institution´s statement of risk appetite or the monitoring of it. ESG risks should be included in the short-, medium- and long-term; institutions are expected to have a continuous improvement process in place for their management of ESG risks. 

Concluding thoughts 

Effective and prudent management of ESG risks is important for a sustainable world and might also unlock possibilities to new sources of funding. The paper is a clear sign that the topic has become a top priority for EBA and European Financial Supervisory Authorities, which with these guidelines continue to provide details on requirements. If an institution for some reason has applied a more laid-back approach to the “ESG risk management race”, it is now high time to increase efforts.  

Our experience is that it can be difficult to know where to start when one is expected to collect data as soon as possible, for which in-depth “know how” is needed on ESG risks and what data to collect. An action plan could look like this: 

  1. Start and attract employees with relevant ESG risk knowledge.
  2. To speed things up, get help from consultants with experience of best practices in the area.
  3. Focus on an initial assessment of proportionality and materiality of ESG risks. 
  4. Ensure what compliance with regulations means for your specific institution.
  5. Let that be the starting point and guide the rest of the work
  6. Start to ensure basic compliance, knowledge and data, to be able to choose a more long-term goal that might be on a more ambitious level than basic compliance.

This is also in line with the fact that ESG risk management is not just a one-time project but continuous work that should be integrated with existing risk management frameworks and practices and improved over time. 

For more information, please contact:

Rickard Blomberg


[1]  https://www.eba.europa.eu/sites/default/files/2024-01/c94fd865-6990-4ba8-b74e-6d8ef73d8ea5/Consultation%20papaer%20on%20draft%20Guidelines%20on%20ESG%20risks%20management.pdf  

Contact one of our ESG experts


Let's connect

EBA’s Consultation Paper on the Management of ESG Risks – Our Learnings EBA’s Consultation Paper on the Management of ESG Risks – Our Learnings
I want an Advisense expert to contact me about:
EBA’s Consultation Paper on the Management of ESG Risks – Our Learnings

By submitting, you consent to our privacy policy

Thank you for connecting with us

An error occurred, please try again later