Response to consultation on revised Guidelines on internal governance under CRD
Question 1: Are subject matter, scope of application, definitions and date of application appropriate and sufficiently clear?
No comment
Question 2: Are the changes made in Titles I (proportionality) and II (role of the manamgnet body and committees) appropriate and sufficiently clear?
WeeFin agrees with the changes made in Title I and II.
First, WeeFin supports the incorporation of the use of third-party providers (communication, IT, etc.) in the characteristics to consider for applying the proportionality principle of the guidelines. ESG data providers are part of third-party providers used by financial institutions and should be taken into account as determinants of the proportionality principle of the guidelines. The size of financial institutions determines largely their capability to diversify their data sources, challenge the data they use and create efficient and resilient data management systems. Larger financial institutions tend to exhibit an increased reliance on data and external providers. Consequently, it becomes imperative for these institutions to integrate robust monitoring of such providers into their governance framework, thereby enabling them to scrutinize and maintain control over their ESG data.
Second, WeeFin finds the inclusion of management body responsibilities regarding ESG risk management within internal governance, control framework, remuneration policies and risk committee responsibilities to be a significant improvement. Similarly, WeeFin agrees with the implementation of dedicated ESG risk monitoring plans, since this disposition reflects the urgency of managing such risks like other drivers of financial risks.
These changes reflect the ambition of EBA Guidelines on management of ESG risks and contribute to the harmonisation of the EU sustainable finance framework.
Question 3: Are the changes made in Title III (governance framework) section 6 appropriate and sufficiently clear?
The mapping of duties and individual statements of roles and duties introduced in the Guidelines are essential as they allow clearer identification and delimitation of roles and responsibilities within institutions. This disposition is important to ensure that roles and responsibilities for ESG risk management are clearly assigned and formalised within banks.
This is particularly necessary to determine who identifies, manages, monitors and reports the ESG risks to which the bank is exposed over the short, medium and long term. WeeFin also supports the multiscale approach of the mapping of duties introduced by point 68a.b. It makes the mapping aligned with the proportionality principle while facilitating supervisor’s understanding of complex institutions.
The mapping of duties makes ESG risk management more effective and enables financial institutions to have more control over their business relationships with third party providers, including ESG ratings providers.
Question 4: Are the changes made in Title III section 7 (third-country branches) appropriate and sufficiently clear?
No comment
Question 5: Are the changes made in Title IV (risk culture) appropriate and sufficiently clear?
WeeFin is aligned with changes introduced in the Title IV on risk culture. More specifically, WeeFin finds the replacement of "in particular" by "including" in the wording to be a relevant change, since it pushes for the integration of ESG risks as part of the overall risk management framework.
Question 6: Are the changes made in Title V (internal control framework) appropriate and sufficiently clear?
WeeFin supports the incorporation of ESG risk factors in alignment with EBA Guidelines on the management of ESG risks for two reasons:
(i) It improves consistency between regulations; and
(ii) It sheds appropriate light on the urgency of managing ESG risks like other drivers of financial risks, as emphasised in the conclusion of the EBA’s risk assessment report of July 2025.
More specifically, WeeFin believes that ESG-related financial risks must be measured over several horizons and according to different timelines and different scenarios. Initially, we believe it is necessary to measure climate physical and transition risks. It will then be important to also incorporate nature risks. Finally, like all risks that financial companies must identify and mitigate, ESG risks must be addressed by the second line of defense and then reported to top management.
Question 7: Are the changes made in Title VI (business continuity managment) appropriate and sufficiently clear?
No comment