Response to consultation on draft Guidelines on the management of ESG risks
Question 1: Do you have comments on the EBA’s understanding of the plans required by Article 76(2) of the CRD, including the definition provided in paragraph 17 and the articulation of these plans with other EU requirements in particular under CSRD and the draft CSDDD?
We would appreciate further clarity regarding the CRD plans and its relation to CSRD/ESRS reporting requirements(which also cover disclosure on risk management) and strategic transition plans (that will be disclosed under the CSRD).
The link and the alignment between the CSRD transition plans and CRD plans should therefore be further clarified. We would need further clarification on how the CRD based transition plans are supposed to be implemented and managed in relation to the overall strategy of the institution and in particular in relation to the (climate CSRD) transition plan of the institution, including the commitments and targets that institutions have set (in many cases). It would be also useful if EBA clearly explains which elements need to be worked on by banks in the prudential plan in addition to the CSRD transition plan with clear articulation and justification of why this is important from prudential (risk) perspective and where the EBA sees a gap with the CSRD.
Question 2: Do you have comments on the proportionality approach taken by the EBA for these guidelines?
The Guidelines only refer to proportionality in the context of the size and complexity of the institution, with references to the SNCI classification in CRR II. However, the EBA Guidelines on internal governance take a broader approach to proportionality. Article 16 of the Guidelines refers to internal governance arrangement being ‘consistent with the individual risk profile and business model of the institution’. Similarly, CRD Article 74 refers to governance arrangements being ‘proportionate to the nature, scale, and complexity of the risks inherent in the business model and the institution’s activities.
For certain business models or portfolios, the materiality of ESG risks may be more limited, requiring a proportionate approach, particularly the context of 'identification and measurement of ESG risks' and 'monitoring', where many of the data and metrics prescribed may not be relevant or even they are often inaccessible to the smallest customers. Section 3.4 on Proportionality should make more explicit that if materiality assessments of ESG risks do not identify material ESG risks transmission channels from counterparties, identification data, engagement with counterparties, and internal reporting metrics should be considered in a proportionate manner, regardless of the size of the institution.
The proportionality and gradual approach and simplifications should therefore be possible not only for SNCIs, but also for the rest of the LSI sector and also large institutions, depending on their business model and individual risk profile.
Question 3: Do you have comments on the approach taken by the EBA regarding the consideration of, respectively, climate, environmental, and social and governance risks? Based on your experience, do you see a need for further guidance on how to handle interactions between various types of risks (e.g. climate versus biodiversity, or E versus S and/or G) from a risk management perspective? If yes, please elaborate and provide suggestions.
Banks should be granted sufficient time to cover other topics than climate. A gradual implementation should be provided. Currently, there is a gap in knowledge between climate and environmental risks and a gap between the management of social and governance risks. Most banks will need more time to improve the social, governance or even biodiversity and nature-related risks, including the improvement of the granularity of information for these types of risk factors. Due to this gap, more detailed guidance is needed, providing examples dedicated to specific customer segments or industries as to how banks should approach this topic.
Question 4: Do you have comments on the materiality assessment to be performed by institutions?
The materiality assessment process for ESG risk should be consistent with the objective of integrating ESG risks into existing processes and remain internally consistent. A separate ESG materiality assessment will lead to increased operational complexity. Therefore, we believe that EBA should emphasize the integration of ESG risks in existing risk identification and measurement processes. Especially, they should be consistent with the ESRS (under CSRD) and EFRAG's double materiality guidelines.
It could also be clarified that long-term horizon is not expected in relation to every risk management tool as this would be too excessive and demanding. An approach including several assessments for every risk event depending on the time horizon will also not be efficient nor include all relevant information. We support an approach including features which enable to qualify the probability and the time horizon of each risk event, notably those that are favoured, triggered, or worsened by ESG risk drivers.
The proposed in point 13. time horizons differ from those defined in the ESRS. According to point 6.4. ESRS 1:
- the short-term time horizon: the period adopted by the undertaking as the reporting period in its financial statements;
- the medium-term time horizon: from the end of the short-term reporting period defined in (a) up to 5 years; and
- the long-term time horizon: more than 5 years.
To ensure consistency of credit institution's approach to managing ESG risks in accordance with these guidelines and with ESRS, there should be proposed by EBA, one consistent with ESRS approach to defining time horizons.
Finally, when it comes to the consistency with the ESRS we would like to understand if the “severity" used in point 15 is understood by EBA in the same way as it is in ESRS.
Question 5: Do you agree with the specification of a minimum set of exposures to be considered as materially exposed to environmental transition risk as per paragraphs 16 and 17, and with the reference to the EU taxonomy as a proxy for supporting justification of non-materiality? Do you think the guidelines should provide similar requirements for the materiality assessment of physical risks, social risks and governance risks? If yes, please elaborate and provide suggestions.
A sufficient degree of flexibility should be given to individual institutions to assess the materiality of ESG risks in their specific portfolios using various dimensions, including industry sectors. The exposures towards certain sectors should not be automatically treated materially exposed to environmental transition risk. Several other factors should be taken into account such as maturity of the loans, the willingness/possibility of debtor to shift its business model, whether the sector itself has the possibility to decarbonise.
We support a risk-based approach for the prudential treatment of ESG risk. The EU Taxonomy is not risk-based. Making sole reference to the EU Taxonomy as a proxy for non-materially would pose significant extraterritorial effects for banks with presence in third countries.
To answer the question whether the guidelines should provide similar requirements for the materiality assessment of physical risks, social risks and governance risks we would like to mention that in the materiality assessment of banking book, banks use the same approach for transition and physical risks, but not for social risks given the state of maturity compared to climate or environmental risks. We are convinced that similar requirements should not be provided to assess the materiality of social and governance risks. Trying to build a risk-assessment system or metrics for governance or social risks would be extremely burdensome. The requirement to analyse ESG materiality over the medium and long term should be limited to climate and environmental risks. The materiality assessment for social, governance, biodiversity risks should be done on a best effort basis.
Question 6: Do you have comments on the data processes that institutions should have in place with regard to ESG risks?
For the most significant large companies, the CSRD will promote the availability of data in a structured form. We therefore support the approach of initially relying on publicly available data and focusing on clients’ reporting. Data requirements in the Guidelines should therefore be formulated in a way that is consistent with data disclosed under the CSRD, including the timing. Banks should use the published data and should not be obliged to provide additional information that is not included in the CSRD (provided that the companies are subject to the CSRD/ESRS reporting). For other corporates this information should be provided on a best effort basis.
How would those two sources (point 19. and 22.) of data correspond? Is the intention to relay on independent ESG database (i.e. ESAP), supplement gaps with specific questioner (but still quite general as this has to be fixed set of questions) asked at credit origination and monitored (questioner designed case by case) in defined frequency?
It is difficult to support the necessity to provide all the metrics and units specified by EBA in paragraph 23. The list of data to be collected from counterparties listed in this paragraph should be primarily focused on data being published under CSRD and concentrated on data on climate related factors (such as greenhouse gas emissions).
In the point 23 there is reference to the information already disclosed due to NFRD. Bearing in mind that those guidelines are in review process, when should financial institutions lower the bar and gather information from smaller companies (CSRD).
Banks should be allowed to choose the most relevant metrics. Data should be collected by the bank for their different portfolio based on the portfolio specifics (e.g. materiality of ESG risks, type of clients / collateral) and banks should have the possibility to choose the relevant metrics.
Many of large corporates have disperse assets which may not be possible to assess through single analysis. This may be sector specific i.e. retail and wholesale, HORECA, transport companies. Will those guidelines be supplemented with information on how to overcome this gap?
Banks are already gathering information about greenhouse gas (GHG) scope 1, 2 and 3 emissions either vie dedicated questioners, calculators or based on annual reporting of those corporates. At the moment there is no (or is very limited and unreliable) information on forecasted GHG emission, as well as lack of reliable decarbonisation scenarios for business activity. Will those guidelines be supplemented with information on how to overcome this gap?
We also would like to underline that different corporates can base on the sectoral threats/influences/risks on different assumptions/approach, which may lead to diverse results. Will those guidelines be supplemented with information on how to overcome this gap?
Taking into account the point 23 we would like point out the issue of requirement limitation only to non-financial corporates' transformation plans. In the case of credit institutions that may have large exposures to financial entities, their transformation plans should also be taken into account. Shouldn't the institution also take into account public policies on transformation?
When it comes to the social and governance risks we would like to ask is there a need to refer to further due diligence standards if already ESRS or EU taxonomy refer to UN Guiding Principles on Business and Human Rights and the OECD Guidelines for Multinational Enterprises. EU regulations should be consistent in this regard. OECD and UN guidelines sufficiently describe how the due diligence should process be conducted.
If negative impact is mentioned, does that mean that in addition to the materiality of risk analysis, institutions should also do a materiality of impact analysis based on these guidelines? It would be worthwhile to clarify the guidance in this regard and indicate to what extent this process should be consistent with the materiality analysis performed in accordance with the ESRS. Why is impact analysis limited to social issues?
According to the EBA Guidelines on Loan Origination and Monitoring, institutions can consider analysing ESG factors at portfolio level instead of at the level of the individual borrower. This regulation makes sense, as it relieves the burden on micro and small enterprises and banks can also obtain good and management-relevant information with sector data.
We appreciate the flexibility given in para 25 for those instances where data from counterparties and public sources is not available by using estimates/proxies.
However , there are concerns as to how supervisors will consider and challenge the quality of the data, and its consequences. Availability of public databases a regarding emissions, asset localization and insurance coverage would be helpful in this regard. Banks cannot be solely made responsible for accessing, collecting, and treating this kind of information via questionnaires or any other source of engagement with counterparties. It can be very burdensome for counterparties, even for large corporates, left alone SMEs.
Question 7: Do you have comments on the measurement and assessment principles?
While the mapping of ESG risk concentration seems to be relevant in the development of ESG risks management framework, it should be highlighted that this risk has not been yet defined in the regulation and implies first identification and evaluation of ESG risks. Hence, we call for gradual approach in putting in place such a framework.
It could be clarified which particular methodology responds to which particular risk management need, including how the three methodologies complement each other. It should be also clarified that institution can use different methodologies for different portfolios.
Question 8: Do you have comments on the exposure-based methodology?
We are not convinced that ESG factors should be taken into account in the overall assessment of default risk of a borrower even in case the risks are not material.
The detailed list of risk factors and the wording "at least" is not a best practice (for certain portfolios/exposures), as it does not consider the exposure characteristics and materiality. The list is not suitable for all exposures. The application of the factors should depend on the portfolio specifics.
Furthermore, with regard to forecasted emission, it should be highlighted that CSRD does not require undertakings to publish their forecasted emissions but only their target of emission reduction (subject to the materiality principle). We suggest replacing the forecasted emission by the targets.
We are concerned with potential wide-reaching impact of the supply chain requirements and would appreciate clarification as regards to EBA expectations about supply chain information.
It is positive that risk mitigation aspects can be taken into account (point 31(e)), as for physical risks for instance, it is important that banks who are not in the first line, could deduct the insured portion of their loans and only keep the residual one when assessing their materiality. The willingness and ability of customers to adapt play a major role, particularly in the case of transition risks. The aim must be to involve a broad range of customers in the transformation and support them with financing. If such aspects were not taken into account, there would be a risk of excluding customers willing to transform from financing.
Concerning SMEs, we believe additional reflections concerning SME should be included in paragraph 32. It cannot be expected that banks will be engaging with millions of existing clients bilaterally. While it is realistic to expect information gathering during the onboarding process, institutions will to a certain extent need to rely on external data sources or use of proxies on a portfolio level. In this context, we refer to the simplifications for micro and small enterprises.
Data requirements especially for social and governance aspects need more central boundaries and should be aligned across jurisdictions. It is not reasonable to expect banks reaching out to their clients (esp. for those who are also acting globally) and demand numerous data subsets. Even in cases these have been initially agreed and are collected (which will deviate across firms) it would be burdensome later on to change the processes when regulation is becoming more concrete and regulators are following “best practice “. This is not an issue of internal governance alone as it needs the client interaction.
An essential point where the regulation is falling short is the tendency to categorize businesses via a data driven static approach into “good” and “bad” sectors in risk management space instead of focusing on the transformation needs and progress. This will effectively have as a result that sectors being deemed greener already will have easier/better access to financing than sectors with e.g. more pollution while esp. those would need funding to allow for transformation. That may discourage some industries in transforming at all and potentially penalize financing such activities. Hence this might widen the spread between industries and lead to a misallocation of funding.
Question 9: Do you have comments on the portfolio alignment methodologies, including the reference to the IEA net zero scenario? Should the guidelines provide further details on the specific scenarios and/or climate portfolio alignment methodologies that institutions should use? If yes, please elaborate and provide suggestions.
The guidelines should take a different approach and not define the sectors to which these methodologies apply, nor the scope within each sector. This should depend on the entity risk assessment. The guidelines provide an exhaustive sector list that is not always comparable.
It is unclear what is meant by "representative samples of exposures". An explanation would be helpful here. For SNCIs to be truly supported, "representative samples of exposures" must be easy to identify in order to keep the effort involved in proving representativeness manageable.
It should be left to the institutions to decide which portfolios they include in the alignment assessment from a materiality perspective. There should be also greater flexibility on the scenario choices. The reference scenarios should be selected by the institution, considering its specificities regarding existing climate targets, geography, and business model, rather than being pre-determined in the guidelines. Flexibility in approach is necessary so that financial institutions can support their clients, especially those who have the greatest needs for financing decarbonization.
Question 10: Do you have comments on the ESG risks management principles?
The 10-year time horizon implies enormous challenges given the lack of available data, as well as the uncertainties inherent to the transition. Entities should be granted enough flexibility to set up plans and procedures able to be adjusted to the specific circumstances that will progressively arise.
In any case, the (financial) materiality assessment should be the cornerstone to identify the scope of the counterparts to consider. That is the prerequisite to ensure efficient allocation of resources and considering that the lever with the counterparts highly depends on the type of services banks provide and the depth of their customer relationship.
It should be clarified that banks cannot be made responsible for the assessment of the credibility of clients’ transition plans. Even with a limit to large counterparties, assessing the credibility of transition plans could in practice be a huge challenge for banks, especially without clear benchmarks and further guidance as to the depth of the assessments and a clear link to materiality of risks. In any case such requirement would go beyond what should be the responsibilities of banks.
The expectations should therefore be clarified, including on the role of auditors in the assessment of clients’ transition plans. While banks should be in the position to understand client’s plans, they should be able to rely on the auditors’ assessment of the robustness, soundness and credibility of these plans.
Question 11: Do you have comments on section 5.2 – consideration of ESG risks in strategies and business models?
As already mentioned, the guidelines should consistently recognize that ESG risks are not an independent risk type, but drivers of existing traditional risk types.
Institutions should be given more leeway in defining their ESG risk appetite. This depends, among other things, on the business model, size, and portfolio structure. Banks should be given some flexibility to run their business model and strategy as long as they can demonstrate they have put in place a governance and a sound risk management framework.
We would also suggest clarifying the scope and feasibility of the required stress test from the EBA, and whether some proportionality principles are required.
Question 12: Do you have comments on section 5.3 – consideration of ESG risks in risk appetite?
As already noted in other parts of the consultation, we think that it is of utmost importance to develop a gradual approach into ESG-related risks, starting with environmental risks and following (without rush) social and governance. We must always bear in mind the lack of data that still exists in relation to ESG-related risks.
It is not clear why ESG should play a separate role as a risk driver when determining risk appetite compared to traditional risks. Ultimately, it materializes in the known risk types for which risk limits and risk capital are set or allocated.
It is stated that institutions should use backward-looking and forward-looking indicators tailored to their business model and complexity. Considering current challenges on data availability, institutions do not possess backward-looking indicators or information to conduct this requirement currently. Backward looking should be softened and be required when available and useful.
Question 13: Do you have comments on section 5.4 – consideration of ESG risks in internal culture, capabilities and controls?
Banks’ internal governance and control guidelines already include specific instructions that affect the whole entity and should be sufficient. Separate policies and governance for ESG purposes should not be required. Banks should be granted the flexibility choosing the way they organize suiting their own circumstances and preferences, taking into consideration ESG factors when appropriate and integrate ESG into their existing processes. Standalone processes and controls to manage ESG risk factors should not be required.
While we agree with the proposed guidelines on the importance of the need to train the Management on ESG factors and risks, given the novelty of these risks, it should not be a determinant factor in considering a member of the Management bodies as unsuitable.
Paragraph 52 places the approval process of new products within the first line of defence, which is in contradiction with the traditional role and responsibilities of the 2nd line compliance function
Question 14: Do you have comments on section 5.5 – consideration of ESG risks in ICAAP and ILAAP?
The ICAAP is a global process that goes hand in hand with other internal processes. while we agree relevant ESG risk drivers should be incorporated into the process, but these risk drivers should be indistinguishable from the rest of the risks, meaning that the ICAAP should take into account all relevant risk drivers in the same manner.
We would also like to stress that a complete integration of ESG risk drivers into the ICAAP will be very difficult, given that the time horizons analyzed within this process are shorter than the expected materialization of ESG risks (physical and/or transition risks).
The longer-term time horizon of 10 years would serve to inform the normative (1-3 years) and economic perspective in relation to possible ESG risk factors. We would however take a critical view of backing medium and long-term risks with internal capital. This would be neither appropriate nor sensible. We request appropriate clarification.
Question 15: Do you have comments on section 5.6 – consideration of ESG risks in credit risk policies and procedures?
We do not have any comments.
Question 16: Do you have comments on section 5.7 – consideration of ESG risks in policies and procedures for market, liquidity and funding, operational, reputational and concentration risks?
Regarding concentration risks, there are several ways for institutions to assess concentration risk internally. Concentration risk is integrated into the institutions' internal risk management and the processes are established and operationalised so the approach to concentration risk should remain flexible to allow banks to use their own methodologies.
It is extremely difficult to define concentration risk in relation to ESG factors. Using some of the proposed metrics (GHG emission, sectoral vulnerabilities) would produce an incomplete and wrong picture, as banks will still have to finance the transition of carbon-intensive firms. The concentration risk could have some adverse impacts on the financing of the transition as it would not take into account the transition strategies and pathways of counterparts. Some concentration risk elements are already included in the models such as sectors and geography are already addressed in the Pillar 2.
Furthermore, it should not be considered for disclosure, or capital treatment nor Systemic Risk Buffer purposes. Adding ESG in the Systemic risk buffer will have negative impact on financing the transition and the economy.
Beyond specific products and services, banks need to be able to develop business strategies while communicating on their sustainability commitments and developments.
In relation to market risk, in general it is difficult to identify ex ante which part is due to ESG as it is already embedded in the price of the products.
Paragraph 66 would benefit from further guidance on how to identify and label operational losses related to environmental risks given the indirect nature of ESG-risks.
In addition, we would like to point out that in paragraphs 53 and 63 reputational risk seems to be included within operational risk which is not consistent with the CRR3 definition of operational risk (which excludes reputational risk).
Question 17: Do you have comments on section 5.8 – monitoring of ESG risks?
ESG factors are already incorporated in other existing and publicly available reports, so there should not be any additional requirement to produce a standalone report, in particular considering that the ESG elements do not constitute a new risk category but are a driver of traditional risks. As a general comment, we suggest limiting the monitoring of metrics at the group level, not at individual entities.
Question 18: Do you have comments on the key principles set by the guidelines for plans in accordance with Article 76(2) of the CRD?
We do not have any comments.
Question 19: Do you have comments on section 6.2 – governance of plans required by the CRD?
We are highly concerned about the requirements included in paragraph 86 regarding the first Line of Defence (business) responsibility for concluding whether counterparties´ transition plans (responding to the CSRD requirements) are credible and sound.
Question 20: Do you have comments on the metrics and targets to be used by institutions as part of the plans required by the CRD? Do you have suggestions for other alternative or additional metrics?
Concerning the proposed approach on metrics and targets in the guidelines it should be stressed that strategic targets should not be used as a risk management tool.
The metrics listed in paragraph 94 (section 6.3) should be viewed as suggestions rather than a list of minimum mandatory metrics. In particular, the guidelines should not require institutions to set targets for metrics that are based on specific scenarios.
Question 21: Do you have comments on the climate and environmental scenarios and pathways that institutions should define and select as part of the plans required by the CRD?
We do not have any comments.
Question 22: Do you have comments on section 6.5 – transition planning?
We do not have any comments.
Question 23: Do you think the guidelines have the right level of granularity for the plans required by the CRD? In particular, do you think the guidelines should provide more detailed requirements?
The Guidelines should allow for more flexibility for banks to arrange their own decarbonization strategies. Banks are responsible of their own risks and are able to set their own metrics and targets based on their own trajectories and strategies. Please refer to previous answers where we have underlined to necessity to leave flexibility to banks to set their own metrics.
Question 24: Do you think the guidelines should provide a common format for the plans required by the CRD? What structure and tool, e.g. template, outline, or other, should be considered for such common format? What key aspects should be considered to ensure interoperability with other (e.g. CSRD) requirements?
We do not have any comments.
Question 25: Where applicable and if not covered in your previous answers, please describe the main challenges you identify for the implementation of these guidelines, and what changes or clarifications would help you to implement them.
We do not have any comments.
Question 26: Do you have other comments on the draft guidelines?
We do not have any comments.