Response to consultation on draft Guidelines on the management of ESG risks

Go back

Question 1: Do you have comments on the EBA’s understanding of the plans required by Article 76(2) of the CRD, including the definition provided in paragraph 17 and the articulation of these plans with other EU requirements in particular under CSRD and the draft CSDDD?

The transition to a sustainable economy triggers different needs for action in credit institutions:

Seize opportunities, e.g. in sales
Fulfilling new legal requirements, e.g. for the design of the supply chain
Managing the risks associated with the transition
Disclosure of certain information

Specific individual needs for action arise from regulations such as the CSRD or the CSDDD. We can therefore understand the EBA's differentiation and demarcation between the CRD (a risk management instrument) and the CSRD (disclosure requirements).

For those institutions that have to apply the aforementioned regulations, harmonizing the content and linking the reporting is of course key to leveraging synergies and minimizing costs. Nevertheless, in our view, a clear separation of the regulatory initiatives is important, as is the fact that one initiative must not have an impact on the content and scope of application of other initiatives. With regard to small not listed institutions, we would therefore like to point out that they are deliberately excluded from the application of the CSRD. Specifically, the CRD must not create an obligation to prepare transition plans solely for the purpose of CSRD disclosure. We ask for clarification.

In very simplified terms, we interpret transition plans in general as an overarching sustainability strategy with regard to transitory risks. As in any strategy, the objectives formulated therein are operationalized through different procedures, processes and structures in the institutions.

CRD transition plans only cover the risk perspective. Other aspects of transition planning, such as the path to achieving specific climate targets (as mentioned in the CSRD), are only to be considered in the CRD plans with regard to their impact on the transition risk. If an institution plans further aspects of the transition or a complete transition plan is prepared by an institution for audit aspects, it must be sufficient for the CRD purposes to refer to the transition plan in this overall view. Otherwise, parallel processes, redundancies and potential sources of error will arise. Institutions therefore need flexibility with regard to the specific structure of their transition planning. We ask for clarification.

We also expect company's transition plans to have different levels of detail. For example, a large institution could list and manage individual KRIs in great detail in its CRD transition plan, whereas this level of detail is not required in other areas. This would also continue in different data fields. Based on the current regulatory framework, we expect the transition plans under CRD to be more detailed than others. CSRD contains explicit exemptions and reliefs for SNCI. There should be different levels of requirements in the risk management guidelines as well.

With regard to the consistency between the individual regulatory initiatives mentioned in the guideline, we request clarification.

From our point of view, the contents of any transition plans available in an institution must be consistent. Consistency therefore exists at a higher level (high-level) and is achieved by the fact that one plan informs the other.
Consistency also exists if plans are based on common assumptions or if one plan builds on the results of the other. If, for example, certain sustainability aspects are identified as material in the context of risk management, it is obvious that these aspects could also be relevant for disclosure.
If certain aspects have already been dealt with appropriately under a regulatory initiative, revising this aspect should be avoided. For example, the CSRD refers to the steps for achieving climate neutrality and thus presents a possible action plan to reduce climate-related risks (transitory/physical). We assume that the transition plan to be disclosed for the CSRD purposes covers this aspect sufficiently and must not be addressed by other legal acts.
In contrast, we are critical of possible reconciliations between individual plans, as this would generate enormous bureaucratic effort without any additional benefit.
New regulatory frameworks gain orientation from existing frameworks (e.g. CSRD or CSDDD) to prevent different approaches for similar processes.

All institutions in Germany are already required to identify, assess and manage short, medium and long-term ESG risks. The identification is based on the impact of ESG risks on the institution's business model and strategy. It is also necessary to analyze how transitory risks, e.g. due to political requirements, affect the institution. The insights gained in this process are incorporated into the strategic and operational management of the institution via the strategy process (underpinned by KPIs and KRIs). The specific structure of the risk management of ESG risks is specified in the risk strategy and, where applicable, other frameworks, including the methods and instruments used by the institution to manage short, medium and long-term ESG risks. In this respect, it seems only legitimate for CRD VI (Art. 76 (2)) to provide leeway for the Member States and to provide for the possibility of a waiver or facilitation for small, non-complex institutions when drawing up transitional plans.

In our view, small, non-complex institutions in particular should not be overburdened again with bureaucratic red tape. In our opinion, the existing regulations in the area of ESG risks and their reporting are sufficient for these institutions. Instead, the comprehensive regulation in the area of ESG that has been introduced to date should be allowed to take effect. The waiver option for SNCIs set out in CRD VI should therefore also be taken into account in the EBA guidelines. Under no circumstances should SNCIs be required to submit and maintain transition plans. This would also require comprehensive data from customers - especially SMEs - and may also overburden them. As already mentioned, the proportionality concept from the CRD VI (waiver option for SNCIs) must also be reflected in the guideline.

The plans, targets and processes to be provided by the institution in future in accordance with Art. 76 (2) CRD VI should also highlight risks arising from adjustment processes and the transition to regulatory targets such as the EU Climate Law. These plans should be consistent with any plans already prepared and disclosed by the institution as part of sustainability reporting (CSRD).

Large institutions within the meaning of the CSRD that qualify as SNCIs are treated as listed SMEs in the CSRD with regard to the scope of reporting and are only subject to the corresponding reporting obligations from the 2026 financial year. Any regulations for SNCIs should therefore not be provided for before this deadline. In addition, the CSRD (level 1) per se does not require the disclosure of transition plans from SNCI, the draft ESRS (level 2) makes disclosure dependent on the existence of transitions plans without the obligation to prepare. This must be taken into account when drafting the EBA guidelines.

Question 2: Do you have comments on the proportionality approach taken by the EBA for these guidelines?

Proportionality is generally very welcome. Only an appropriate proportional design of the requirements can ensure that no regionally-oriented or smaller institutions are disadvantaged. However, the principle of proportionality is not sufficiently taken into account in the guideline and should be applied across the board. In our view, it is not sufficient for general application to mention the topic only under "Background and rationale" (section 3.4). The principle of proportionality is an essential principle in EU legislation. This is also comprehensively reflected in the EBA guidelines on internal governance. We therefore request that a paragraph on the application of the proportionality principle be included in the guidelines themselves (e.g. Chapter 2 "Subject matter, scope and definitions").

As explained in the hearing on February 28, proportionality should not be based solely on the frequency with which requirements are met (since the processes concerned must be installed, a lower frequency is often not an appropriate relief). A proportional design of the requirements therefore requires, for example, fewer methods and the admissibility of qualitative procedures. The decisive factor is always the specific situation of the respective institution, i.e. size, complexity and risk content. Moreover, in the EBA guidelines on internal governance, the size of an institution (on which the definition of SNCI is essentially based) is only one of many criteria for taking proportionality into account. Therefore, we ask for clarification that graduated requirements and simplifications are possible not only for SNCIs, but also in the other LSI sector (smaller to medium-sized institutions with no particular exposure to ESG risks). Large institutions must also be given flexibility in implementation, depending on their individual risk profile. In order not to restrict the institutions in their individual implementation, it should also be made clear that the references to proportionality in the guidelines are only to be understood as examples.

A consistency with CSRD and CSDDD would also mean, that the addresses of this guideline are consistent with those of CSRD, CSDDD (because especially small SNCIs do not have to fulfill the reporting requirements of CSRD for good reasons). Therefore, the guidelines should not address SNCIs in general, but only bigger SNCIs (similar to CSRD). Resulting relaxations for smaller institutions are appropriate in the light of proportionality. We would also like to point out that the EBA Guideline must not implicitly extend the scope of the CSRD. We see this risk if the CRD creates the need for institutions that are not subject to the CSRD to disclose CSRD-relevant content. We ask for corresponding clarification.

Question 3: Do you have comments on the approach taken by the EBA regarding the consideration of, respectively, climate, environmental, and social and governance risks? Based on your experience, do you see a need for further guidance on how to handle interactions between various types of risks (e.g. climate versus biodiversity, or E versus S and/or G) from a risk management perspective? If yes, please elaborate and provide suggestions.

In many cases, the ESG requirements in CRD VI focus indiscriminately on climate/environmental risks, social risks and governance risks. However, climate and environmental risks differ significantly from social and governance risks. On the one hand, this concerns the time period in which risks materialize (climate/environmental risks also have a medium and long-term impact). On the other hand, environmental and climate risks are more systemic risks, while social and governance risks are primarily idiosyncratic. For this reason, the risks should not be equated in implementation, but treated differently.

In addition to these technical differences, the degree of maturity of the methods for identification and assessment in dimensions E, S and G (e.g. data, methodology) also varies greatly. While data is more readily available in dimension E (particularly on climate change) and initial methods already exist, methods for dimensions S and G are often not available. We are therefore in favor of keeping the focus of the guideline on dimension E and in particular on physical and transitory climate risks, as described in section 7 para. 12, and addressing dimensions S and G, if at all, only with suggestions for a general orientation of the institutions. This is also appropriate from a risk perspective, as we believe that climate risks represent by far the greatest risk, as they have the greatest impact e.g. on the probability of borrower default. The other risks, particularly S and G, are less significant, especially in relation to SNCI business activities.

A later revision of the guidelines, possibly combined with an extension to the S and G dimensions, could take place when the appropriate methods are available.

Interactions between E, S and G risks, and in some cases even between climate and other environmental risks, exist and may be relevant in certain cases. It is difficult to provide clear and generally applicable guidance on how to deal with such interactions. This is also true in light of the fact that interdependencies between different risk types are often involved (e.g. E triggers credit risk, S/G triggers reputational risk). Therefore, such interdependencies - where relevant - should be taken into account in the individual risk assessment.

The principle of dual materiality is a recognized and established system for sustainability reporting. However, it cannot be transferred to risk management without further ado, as the focus here is on risk management from the perspective of the institution and not on risks to the environment. We therefore very much welcome the clarification in para. 26 that the inside-out perspective is only applied for the purposes of risk management to the extent that financial risks actually arise from it. This should also be included in the final version of the guideline text, not just in the "Background and rationale" section.

Question 4: Do you have comments on the materiality assessment to be performed by institutions?

Three time periods are proposed for which ESG risks should be analyzed as part of the risk inventory. As described at the beginning, it may make sense to differentiate between time periods for climate and environmental risks. However, this is not the case for social and governance risks. The requirement to also examine the materiality of ESG in the medium and long term should be limited to climate and environmental risks.

We welcome the focus on material activities, services and products in para. 14 (b), which we consider appropriate in terms of the materiality principle. We assume that activities also refer to portfolios/exposures but would ask for clarification.

In general, qualitative assessments and risk management methods should also be permitted for ESG risks, especially if sufficient data and/or reliable quantitative methods are not (yet) available.

In our view, the analysis of individual borrowers ("most critical counterparties") with regard to their deviation from the transition plans of their jurisdictions is too extensive for a bank-wide materiality analysis at portfolio level.

We believe that the requirements regarding the materiality assessment should leave some individual scope for action for the institutions (e.g. openness for transformation activities of borrowers). In the German regulation, the MaRisk give some minimum requirements, where the guidelines can derive their requirements from.

We recommend refraining from defining a specific review frequency (section 4.1, para. 11). The requirement to carry out reviews "regularly" or "on an ad hoc basis", particularly in the event of significant changes, is considered appropriate. Review intervals that are too short result in unnecessary administrative effort without any new insights being gained.

We also believe that there is a better data availability for physical risks. Therefore, the requirements with regard to the materiality assessment for social and governance risks should also be limited (dependent on the data availability).

Particularly over long periods of time, it is not possible to make reliable probability statements, so it is clear that an "expert assessment" must be possible (para. 15).

Question 5: Do you agree with the specification of a minimum set of exposures to be considered as materially exposed to environmental transition risk as per paragraphs 16 and 17, and with the reference to the EU taxonomy as a proxy for supporting justification of non-materiality? Do you think the guidelines should provide similar requirements for the materiality assessment of physical risks, social risks and governance risks? If yes, please elaborate and provide suggestions.

The industries that are heavily exposed to climate risks are now generally known. We are very critical of the requirements in para. 16 to classify certain industries per se as material for environmental risks unless the opposite is proven and documented. This reversal of the burden of proof makes the risk inventory de facto absurd. This is because the relevant NACE codes therefore cover the entire economy, which is currently the focus of the transition. This was already a major point of criticism in the ECB's climate stress test, which claimed that 60% of bank exposures were dependent on fossil fuel industries. Ultimately, it emerged that the majority of exposures are in sectors with comparatively low emission intensities. There is also insufficient differentiation at NACE code level 1. For example, the energy sector would be classified as material without differentiating between fossil or renewable energy sources. There is no doubt that the economy as a whole is facing major transformation tasks. However, we do not believe it makes much sense to classify whole sectors as material across the board.

A sectoral approach is not appropriate. For one thing, sectors are affected very differently. Even within these sub-sectors, the impact of ESG (climate risks) for an individual (corporate) client depends on individual factors (e.g. affectedness, transition path, financial capabilities). Therefore, institutions should be allowed to use more specific approaches if they have such tools.

In addition, a materiality classification can be made e.g. per risk type and only when certain quantitative/qualitative materiality thresholds are reached. Furthermore, the classification of certain sectors as material does not automatically mean that they are material from an institution's perspective. Materiality for institutions depends, among other things, on the business model, risk, concentrations, etc. The same reasoning also applies to social and governance risks.

The reference to the EU taxonomy in para. 17 is also incomprehensible. The taxonomy is not a risk tool - it was never intended to make statements about the risk content of exposures. In particular, the EU taxonomy does not apply to special financing and financing outside Europe, which is why the taxonomy-eligible portion in the banking book is very small. Using this reference as a proxy does not seem appropriate. Benchmarks have shown that this problem exists for many banks.

The EU taxonomy is not a suitable distinguishing feature for this issue, as the transition risk for a bank does not necessarily correspond to the orientation of the EU taxonomy. Example: A company that is "green" according to the taxonomy may have a significant transition risk, e.g. no financing options for necessary further investments. Paragraphs 16 and 17 should therefore be deleted without replacement and the specific procedure for the materiality assessment should be left to the institutions.

Question 6: Do you have comments on the data processes that institutions should have in place with regard to ESG risks?

We welcome the EBA's approach of initially focusing on (publicly) available data and placing the focus on customers subject to reporting requirements. The data requirements should be formulated in such a way that they are consistent with the data to be disclosed under CSRD.

According to the EBA Guidelines on Loan Origination and Monitoring para. 126, institutions can allow portfolio-based assessments for micro/small enterprises instead of borrower-specific assessments. This regulation makes sense, as it relieves the burden on micro and small enterprises and banks can also obtain useful and management-relevant information with industry values. The option of using sector data should be included in para. 24.

Mandatory data collection from SMEs should be dispensed with for reasons of proportionality, as individual SMEs often do not contribute significantly to the risk profile of institutions and small and micro enterprises are disproportionately burdened by additional data requirements.

For the most important large companies, the CSRD will promote the availability of data in a structured form. Banks should be able to use the data already published to avoid having to use an additional individual questionnaire for each customer (para. 22). For companies that do not fall under the scope of the CSRD, EFRAG is currently consulting a voluntary reporting standard (VSME). If SMEs disclose information in accordance with this voluntary standard, the data requirements of the EBA should be fulfilled by using risk-relevant information from it. The restriction to risk-relevant data is necessary against the background of the very extensive VSME. In addition, the use of proxies at both exposure and portfolio level, particularly for small and micro enterprises, must also be permitted despite the use of the VSME.

It must be possible for institutions to efficiently design data processes in which the relevance of business activities in relation to all risk types and the results of the materiality analysis are decisive. We request a corresponding addition in para. 21. In addition, the use of external data providers should be explicitly provided for (not only "public bodies", but also professional data agencies). For the overall data processes, it is important to find a balance between completeness and practicability.

Some sections of the GL give the impression that the use of estimated values and proxies is only conceded to SNCIs, as an inferior method, so to speak. However, proxies can generally represent a good and justifiable measure, particularly in the volume business, and need not be inferior to the quality of raw data. Ultimately, proxies also serve to avoid overburdening small companies and private customers with data requirements and to relieve them of the bureaucratic burden. The use of proxies should therefore generally be made possible for all companies.

The Data collection should reflect that in retail banking, generally less information is available than in corporate banking. Therefore, data collection in retail banking should be limited to energy performance certificates (for real estate financing) and to carbon emission classes (for car financing).

The list in para. 23 can only be a sample list, so the wording "at least" must be deleted. Not all of the data listed is available and usable for all portfolios. The list of data should be developed by the bank for its various portfolios based on the portfolio specifics. In general, the current requirements, e.g. according to paragraph 21, are too detailed, which leads to high complexity and resource commitment. Although there are advantages to collecting certain sustainability information directly from the information disclosed by the counterparty, this does not apply to all data points, so a blanket approach may not be appropriate.

Many of the metrics mentioned in paragraph 23 a) are based on the impact materiality of CSRD, which results in a regulatory focus. For SNCIs in particular, financial materiality alone should be decisive. These are primarily points i. and iv. At the very least, there should be an opening clause that allows LSIs or SNCIs to choose their own metrics and only uses para. 23 a) as an example.

We are critical of the obligation to use data from transition plans to assess large companies, particularly as there is no obligation to prepare such plans under the CSRD.

Question 7: Do you have comments on the measurement and assessment principles?

The measurement and valuation approaches should be tailored to the bank's specific portfolio, particularly with regard to the scope and complexity of the procedures. The requirement to combine three methods (paragraph 27) is disproportionately complex, particularly for small and less complex institutions, in light of the principle of proportionality. In our view, the exposure-based approach is sufficient for these institutions. We request clarification and the addition of proportionality aspects in para. 27.

With regard to para. 26 b, we request that this allocation be restricted to economically material exposures.

Due to jurisdictional relaxations, small companies very often don’t disclose ESG-Data, which would be needed to use quantitative tools. Therefore, institutions should be allowed to put more focus on qualitative tools. Besides, the choice of required tools should also reflect that the data base in retail banking is much more limited than the data base in corporate banking.

ESG risks are assessed on the basis of scenarios, among other factors, which is why it is difficult to estimate the probability of occurrence. As scenarios do not necessarily represent predictions for the future, but merely depict possible future paths, no specific probabilities can be assigned to them, which would be necessary for actual quantification. Nevertheless, it is possible to analyze the impact on established risk indicators using scenarios. We request clarification that the use of qualitative instruments is also permissible (para. 28).

Question 8: Do you have comments on the exposure-based methodology?

A mandatory integration of ESG aspects into PD modeling is often not possible on the basis of the data currently available and does not make technical sense, particularly due to the long-term impact of E-factors. We therefore assume that banks do not necessarily have to integrate ESG risks into their rating models, provided that an existing ESG score covers all E, S and G components and is used as a decision criterion in the lending process. We ask for clarification.

The EBA's data requirements for the analysis of risk factors should be formulated in such a way that they can be fulfilled with data that companies disclose in accordance with other requirements (CSRD or VSME). It would be inconsistent to impose more extensive requirements here.

With regard to para. 31 we have the following comments:

The detailed list of risk factors and the wording ["...at least..."] does not represent best practice (for specific portfolios/exposures), but a minimum requirement - regardless of the portfolio/materiality. The list is not suitable for all exposures. The application of the factors should depend on the specifics of the portfolio and the size of the institution.

In points a and b, we request clarification of what is meant by "degree of vulnerability".

31 a: "Look through" extension from customer to guarantor is not manageable (in any case.) Should be used with a sense of proportionality (size, importance of the guarantee).

We consider the blanket requirement in point. c "the likelihood of critical disruptions to the business model and/or supply chain of the counterparty due to environmental factors such as the impact of biodiversity loss, water stress or pollution" to be too far-reaching, particularly for the aspect of the supply chain. This requirement would quickly overwhelm small institutions in particular. However, we also believe that the requirement should be more proportionate to the size of the customers to be analyzed (e.g. scope, significance).

We welcome the possibility of taking risk mitigation aspects into account (point e). Especially in the case of transitory risks, the willingness and ability of customers to adapt play a major role. The aim must be to involve a broad range of customers in the transformation and to support them with financing. If such aspects were not taken into account, there would be a risk of excluding customers willing to transform from financing.

With regard to para. 32, we also refer to the simplifications for micro and small enterprises in the EBA GL LOaM, on which we have commented in question 6. We request that it be added that portfolio-based valuations are permissible for micro/small companies.

The fact that the medium and long-term horizon should also be relevant for social and governance risk factors in para. 33 contradicts para. 27, where the exposure method is intended for the short-term horizon. We are in favor of consistently limiting the time horizon for S+G risks to the short term. While a long-term view makes sense from a risk perspective for environmental and, in particular, climate risks, we do not see this need for S and G risks.

In addition, it should be clearly formulated in para. 33 that the requirement for due diligence processes with borrowers/exposures only relates to borrowers for whom due diligence processes are appropriate and necessary in the context of the business relationship.

Question 9: Do you have comments on the portfolio alignment methodologies, including the reference to the IEA net zero scenario? Should the guidelines provide further details on the specific scenarios and/or climate portfolio alignment methodologies that institutions should use? If yes, please elaborate and provide suggestions.

Institutions that align their portfolios with the Paris climate goals and have published corresponding commitments and targets use alignment methods such as SBTi or PACTA to track and achieve these goals at a strategic level.

Ultimately, one must always be aware of the limits of alignment. Banks can and want to support their customers in the transformation and not exclude them from financing. Consequently, bank balance sheets are a mirror of the economy and are therefore also dependent on the success and speed of transformation in the economy in terms of target achievement. They provide a good orientation for the strategic perspective. There is only one thing they are not: a good risk indicator. Alignment only means a lower risk if the economy gradually transforms towards CO2 neutrality. If this does not happen and the world remains in a hot house world scenario, sustainable exposures could even be riskier. It remains to be hoped, of course, that the transformation will proceed with the appropriate ambition. Nevertheless, we would like to draw attention to the conceptual weaknesses of an alignment method for risk management. They are valuable for strategic alignment, but are not the subject of this guideline.

We also request the addition of a note regarding the high degree of uncertainty associated with climate risk models.

We have the following comments on paragraph 36:

In general, we consider paragraph 36 to be somewhat too detailed. It should be at the discretion of the institutions which portfolios they include in the alignment from a materiality perspective.

Reference is made to large institutions whose securities are traded on regulated markets. We ask for clarification that this refers to equities and not debt securities.

Instead of referencing the IEA scenarios, we consider the NGFS scenarios to be more suitable due to the parameters and key figures provided by the NGFS, which can be easily included in risk management analyses, and ask for these to be explicitly named as permissible scenarios.

In our view, it is unclear what is meant by "representative samples of exposures". An explanation would be helpful here. For SNCIs to be truly supported, "representative samples of exposures" must be easy to identify in order to keep the effort involved in proving representativeness manageable.

Paragraph 38 should clarify how the large institutions mentioned there are defined - e.g. as in paragraph 36, by the fact that their shares are traded on regulated markets.

We request that the reference to the SDGs in point 38 be deleted:

From a narrow risk perspective, it is unclear why the positive impact with regard to the UN SDGs should be assessed. This does not result in a financial risk.

The SDGs are used by the EU and the member states in the context of legislation when setting political goals and are therefore implicitly covered when carrying out alignment analyses.

In our view, how companies position themselves with regard to the SDGs is adequately covered by the CSRD and is not the subject of risk management.

Question 10: Do you have comments on the ESG risks management principles?

We assume that the specification of a longer-term time horizon, in this case at least 10 years, is not intended to change the observation periods of the ICAAP. As we understand it, institutions would include ESG factors in the normative and economic perspective in the ICAAP with the risk assessment horizons that have applied to date. We ask for clarification.

We consider the requirements in paragraph 42 to be too restrictive. It should be at the discretion of the institutions which measures they take to measure and mitigate risks. In the latter case, "bearing a risk" may also be a possible option that is not even considered by the EBA here. Regionally anchored institutions or institutions with a sector specialization are inherently less diversified but have specialist knowledge.

We believe that data collection requirements are too hard for smaller institutions (as we already observe in the present scoring methodology). Therefore, the proportionality should be more stressed by only addressing bigger SNCIs (consistent with CSRD).

At the moment, institutes can neither empirically detect an impact of ESG issues on the PD nor calculate an ESG-sensitivity of the risk premium (which would at least be necessary for an adjustment of the financial terms).

We also ask for clarification that a limit is not set or derived solely on the basis of ESG aspects. Various risk drivers are responsible for this as part of risk management. This one-sided presentation of the limit (purely on the basis of ESG criteria) would not be consistent and should not be understood as integration into the existing methods and procedures.

With regard to the tools to be considered (para. 42), we request that the wording "at least" be deleted and the measures mentioned be cited as examples.

With regard to point 42 a): Interference in the counterparty's risk management goes too far here and cannot be regarded as part of the institution's risk management. The principles specified here should relate exclusively to the institution's risk management. The term "most critical counterparty" should be defined more precisely. In addition, the requirements defined here are within the counterparty's sphere of influence and leave the banks only a limited scope of insight and influence.

Regarding point 42 c: To avoid misunderstandings, we request the following rewording: “considering ESG for the purpose of setting global, regional and / or sectoral limits, ...”.

In our opinion, the information "by economic sector or geographical area" in section 5.1 para. 42 d is intended merely as an example for illustrative purposes and should not be interpreted as a mandatory criterion. As the institution determines the criteria itself, the example should be deleted accordingly. Diversification must take numerous factors into account. ESG criteria play a subordinate role in this context.

From a proportionality point of view, at least LSIs and SNCIs should be excluded from the analysis of greenwashing risks.

Paragraph 40: Reputational risks should only be considered insofar as they give rise to material financial risks.

Question 11: Do you have comments on section 5.2 – consideration of ESG risks in strategies and business models?

We ask for clarification that the climate or environmental stress tests listed in section 5.2, point 44 c are not those carried out by the ECB for SIs. For SNCIs, a qualitative analysis of strategy and risk appetite as part of the materiality analysis in accordance with para. 11 should be sufficient.

For small and medium-sized institutions in particular, it must be permissible to dispense with the preparation of transition plans, as the analyses and activities carried out there are already part of the strategy process today. The required key figures do not have to be repeated in labor-intensive plans.

Question 12: Do you have comments on section 5.3 – consideration of ESG risks in risk appetite?

It is not clear why ESG should play a separate role as a risk driver when determining risk appetite. Ultimately, it materializes in the known risk types for which risk limits and risk capital are set or allocated. From a proportionality perspective, at least the granularity of the requirements should be adjusted here. Institutions should be given more leeway in defining their ESG risk appetite. This depends, among other things, on the business model, size and portfolio structure. For example, a higher level of granularity than at country level is far too detailed for large institutions with a diversified business model. As in other places in this consultation paper, we request that this be limited to key assets/material products and services.

Question 13: Do you have comments on section 5.4 – consideration of ESG risks in internal culture, capabilities and controls?

The EBA Guidelines on Internal Governance provide a good and sufficient framework for the implementation of an appropriate risk culture and the concept of the three lines of defense. We consider the explanations in section 5.4 to be redundant with the EBA Guidelines. In addition, they place too many restrictions on the organizational freedom of institutions with regard to ESG. We are in favor of deleting section 5.4 This would streamline the already very detailed guidelines somewhat.

Question 14: Do you have comments on section 5.5 – consideration of ESG risks in ICAAP and ILAAP?

As already stated in question 10, we assume that the risk observation horizons in the normative and economic perspective in the ICAAP remains unchanged and that no multi-year risk-bearing capacity calculation is required. The longer-term time horizon of 10 years should serve to inform the normative (3 years) and economic (1 year) perspective with regard to possible ESG risk factors. Albeit, we would take a very critical view of backing medium and long-term risks, which are not reliably quantifiable, with internal capital. This would be neither appropriate nor sensible. We request appropriate clarification.

We request clarification with regard to the reference in paragraph 57 to section 4.2 that the reference is not intended to apply the longer-term alignment method in the ICAAP. The use of qualitative methods must also be permitted, particularly for small institutions.

Question 15: Do you have comments on section 5.6 – consideration of ESG risks in credit risk policies and procedures?

Paragraph 61 calls for quantitative methods. In contrast to other places in the document, it is not stated here that the institutions can initially also use qualitative methods if quantitative methods cannot yet be used sensibly. Such a clarification should be formulated, as the necessary data is not even available to determine the required quantification. At least in certain areas and by certain institutions, the use of qualitative methods must be permanently usable. The credit ratings established today also take qualitative aspects into account in addition to quantitative aspects. This will be no different for ESG risks.

Question 16: Do you have comments on section 5.7 – consideration of ESG risks in policies and procedures for market, liquidity and funding, operational, reputational and concentration risks?

To reduce the reputational risk for banks if they "fail to comply with their sustainability commitments or transition plans" (para. 67), the EBA should clarify that these plans are dependent on the EU's and Member States' commitments to achieve climate neutrality, as set out in the EU Climate Law. In addition, reputational risks have only a very indirect effect on financial materiality and are therefore not material for LSIs in particular. If the EU or member states fail to meet their targets or change their targets, banks should not be held responsible. We also ask for mitigation measures (e.g. insurance) to be added to the operational risks.

In our view, the use of qualitative methods should be permanently permitted, at least for LSIs, for all paragraphs in section 5.7.

With regard to para. 68: The requirements are too detailed. Concentration risk is integrated into the internal risk management of the institutions and the processes are established and operationalized.

Question 17: Do you have comments on section 5.8 – monitoring of ESG risks?

With regard to paragraph 70, we request clarification of the term "most significant portfolio".

With regard to the metrics and indicators mentioned in paragraph 72, we have the following comments:

point a): It is not realistically possible to determine the extent to which historical borrower losses are attributable to ESG reasons. Historical data hardly allows any serious quantification. Useful data is yet to be generated. We therefore believe that the binding nature and methodological requirements of the supervisory authority should not be too strict.

point b): makes no sense at the aggregation level of NACE 1. We are in favor of keeping the provision more general and deleting the reference to Annex I of Regulation (EC) 1893/2006.

point c): It should be clarified that the comparison of portfolios refers to the institution itself and not to portfolios of borrowers with which the institution has an exposure.

point d): The requirement to record Scope 3 emissions cannot be met at the current level of data availability.

point e): Art. 430 CRR point h (ii) provides for the reporting of "... existing and new exposures to the fossil fuel sector entities". In order to avoid redundancies, the monitoring requirements in para. 72 point e) should be consistent with the reporting requirements still to be developed in the area of ESG or be postponed until they have been developed. In addition, we do not believe that it makes sense to specify the percentage of borrowers. The percentage should refer to a suitable volume measure, such as credit exposure.

point f): Reporting institutions are already obliged under Art. 8 of the Taxonomy Regulation to report information on taxonomy capability and compliance. From the perspective of the German banking industry, indicators such as the green asset ratio (GAR), which describes the taxonomy-compliant portion of assets, are unsuitable for reflecting the sustainability profile of institutions. This is due to methodological weaknesses and insufficient coverage of relevant economic sectors. The taxonomy and the GAR have no management implications for institutions, nor do they provide any information on the risk content of the underlying exposures. Therefore, taxonomy-related KPIs should not be the subject of monitoring in accordance with para. 72.

Question 18: Do you have comments on the key principles set by the guidelines for plans in accordance with Article 76(2) of the CRD?

The guideline is too strict in terms of risk mitigation, as a significant level of risk can also be accepted and a transition plan should not be required in all cases. As is common practice today, these accepted risks are managed via the institutions' ICAAP.

Question 19: Do you have comments on section 6.2 – governance of plans required by the CRD?

We believe that the dialog with counterparties about their transition plans and the establishment of consistency with the institution's own transition planning (within the meaning of the CRD) described in para. 86 as a task of the first line of defense is generally too extensive. In particular smaller institutions generally have a large number of smaller customers who do not prepare transition plans. We therefore suggest supplementing this requirement with the restriction "if available".

In our view, the requirements referred to in 86b) should only be linked to the risk management function, as risk management is responsible for setting risk management limits.

Question 20: Do you have comments on the metrics and targets to be used by institutions as part of the plans required by the CRD? Do you have suggestions for other alternative or additional metrics?

In general, institutions should be given more flexibility with regard to the choice of indicators. If specific indicators are mentioned in the guidelines, at least small institutions should be able to fully cover new requirements for a transition plan with these indicators.

The specified target for the technological basis (para. 91) is too detailed and associated with considerable uncertainties regarding data quality and availability. The targets should be adapted to the business model, size and commitment of the institution. In addition, regulatory aspects are involved, which is why we propose deleting para. 91.

With regard to para. 92, we would like to point out that institutions use different definitions of time horizons. Therefore, there should be more flexibility in the time periods for targets and interim targets.

There is considerable room for interpretation with regard to para. 94 a) (GHG emissions). The institutions must have financed emission targets at sectoral level. However, particularly in the case of interim reduction targets, the targets are stated as intensities and not necessarily as financed emissions.

The percentage of borrowers required in para. 94 e) does not make sense. The percentage should refer to a suitable volume measure, such as credit exposure.

Question 21: Do you have comments on the climate and environmental scenarios and pathways that institutions should define and select as part of the plans required by the CRD?

In our view, the scenario requirements described in section 6.4 para. 97 are too detailed and far-reaching, especially with regard to regional institutions and LSIs. We propose the following adjustment to ensure proportionality: Amendment of the sentence

"To this end, the institutions should take all of the following steps" to
"To this end, the institutions should take appropriate steps. For example:".

The exception for SNCI in para. 94 “should consider”, makes sense. A similar addition should be made for para. 96. Alternatively, only 96 a) should be formulated as binding for SNCIs, as the other dimensions are usually not essential for SNCIs. Overall, however, alleviations should not only apply to SNCIs, as already explained in question 2.

Question 22: Do you have comments on section 6.5 – transition planning?

In our view, chapter 6.5 should only apply to GSIBs due to the regulatory dimension. In addition, paragraph 101 should only apply to material products and services.

The very extensive requirements for the analysis of customers' transition plans are not expedient in our view (paragraph 103). In practice, the use and processing of information from borrowers' transition plans is likely to involve a great deal of effort. The use of information from borrowers' transition plans is not absolutely necessary for an institution's transition plan. This requirement should be deleted or at least mentioned as an example of a possible approach, and automated analyses such as ESG scores should also be sufficient for the analysis of customers.

In our view, it is also too far-reaching to expect banks to advise their clients on "adjustments to the product offering, the agreement of an action plan and remediation measures to support an improved transition path for the counterparty" (para. 103). Ultimately, the high level of effort involved creates an incentive for banks to reduce risk.

Question 23: Do you think the guidelines have the right level of granularity for the plans required by the CRD? In particular, do you think the guidelines should provide more detailed requirements?

We believe that these guidelines should only focus on SIs. For LSIs, the (responsible) national competent authorities can implement further requirements (if necessary).

In our view, the guidelines are too detailed. The individuality and the respective framework conditions are not sufficiently taken into account. The level of detail should be reduced accordingly.

In addition, the concept of materiality should also be given greater consideration in relation to transition plans.

Question 24: Do you think the guidelines should provide a common format for the plans required by the CRD? What structure and tool, e.g. template, outline, or other, should be considered for such common format? What key aspects should be considered to ensure interoperability with other (e.g. CSRD) requirements?

We believe that the guidelines should focus on following principles:

Necessary data should be freely accessible via ESAP.
Data, which is not already disclosed due to the sustainability reporting and CSDDD requirements, should not be used to prevent over-regulation (especially for smaller institutes).

In our opinion, standardization should be avoided, as this would not do justice to a proportional structure depending on the risk profile of the bank or the risk content of the transactions carried out.

Question 25: Where applicable and if not covered in your previous answers, please describe the main challenges you identify for the implementation of these guidelines, and what changes or clarifications would help you to implement them.

Instruments should only be mentioned as possible examples so that the selection of the instruments actually used can be individually tailored to the bank. One of the greatest challenges is likely to lie in the management of ESG data, particularly with regard to the availability of such data from counterparties, especially in the SME sector. Against this backdrop, centralized data provision could also be an option. In addition, the implementation of the guideline is very time-consuming, at least for large institutions. It should therefore be made clearer that qualitative methods are initially also permitted and in what way. Data requirements should be designed in such a way that they can be fulfilled with the data to be provided from other reporting/disclosure obligations.

In our view, the creation of transition plans and the combination of risk management methods in particular threaten to overburden small institutions.

Here we formulate the urgent need for a transitional phase in which the scope of requirements of the EBA-GL is linked, for example, to the availability of data and methods for their appropriate implementation. A gradual introduction would be conceivable here, e.g. analogous to the procedure in Annex C of ESRS 1.

Question 26: Do you have other comments on the draft guidelines?

The following explanations match the "Overarching comments" that we stated before the individual questions.

From the perspective of the German banking industry, banks and savings banks play a major role in the transformation of the economy towards carbon neutrality. They are also working intensively on practicable and meaningful methods to appropriately identify, measure and manage climate and environmental risks as well as social and governance risks. Consequently, there are corresponding requirements from the national supervisory authority and the ECB.

As much as banks and savings banks embrace their role in the transformation and translate it into strategies and objectives, it should be clear that in the context of risk management, it is solely about the risk perspective and not about political objectives, which are undoubtedly important but do not have their place in Pillar II banking supervision.

We therefore welcome the fact that this consultation paper is closely aligned with the risk perspective, even if it is not consistently adhered to. We address this in the detailed comments.

ESG risks, in particular the challenges of climate and environmental risks (time horizon, uncertainty, lack of historical data, etc.) are well highlighted by the EBA. We also share the perception in para. 4 (background and rationale section) that institutions are still in the early stages of developing methods that ultimately generate management relevance. Much is still "work in progress".

This makes the level of detail in the guidelines all the more surprising. The specification of uniform indicators is problematic in that these indicators are then used by everyone, which leads to a systemic risk. Namely, banks that manage risks and make decisions in the same way and based in part on the same indicators. We consider the principle of methodological freedom in Pillar II - especially in such a dynamic area as ESG risks - to be a valuable asset. At the same time, we see the corresponding requirements in CRD VI, within the framework of which the EBA must operate. In our view, the EBA should take meticulous care to make use of any leeway in terms of methodological freedom during implementation. In particular, "hard" requirements (i.e. "institutions should...") should be used carefully so as not to set too narrow a framework for the necessary creativity in the development of appropriate procedures. Mandatory requirements should indicate the minimum standard. Impulses that go beyond this can nevertheless be used as recommendations for good practice.

In our view, in some cases it is not clearly differentiated whether it is an expectation or just a recommendation. We request that the guidelines be made more specific in this regard.

Excessively harsh formulations, which then lead to corresponding internal management requirements, such as the limitation of transactions, could also entail the risk of banks withdrawing from sectors particularly affected by climate change, thereby jeopardizing the supply of credit required for the transformation.

ESG risks are not a separate risk type but have an impact on the established risk types. This approach is also pursued by the EBA. At the same time, some requirements suggest that ESG risks are treated as a separate risk type. The risk exposure of an institution is based on various drivers, ESG is one of them. It therefore does not appear to make sense to treat ESG as a risk driver differently from other risk drivers. So far, supervisory stress tests have not been able to prove excessive materiality compared to other risk drivers. This should be taken into account with regard to the scope and level of detail of the regulations.

In addition to these technical differences, the degree of maturity of the methods for identification and assessment in dimensions E, S and G (e.g. data, methodology) also varies greatly. While data is more readily available in dimension E (particularly on climate change) and initial methods already exist, methods for dimensions S and G are often not available. We are therefore in favor of keeping the focus of the guideline on dimension E and in particular on physical and transitory climate risks, as described in section 7 para. 12, and addressing dimensions S and G, if at all, only with suggestions for a general orientation of the institutions. This is also appropriate from a risk perspective, as we believe that climate risks represent by far the greatest risk, as they have the greatest impact on the probability of borrower default. The other risks, particularly S and G, are less significant, especially in relation to SNCI.

A later revision of the guidelines, possibly combined with an extension to the dimensions S and G, could take place when the appropriate methods are available.

In view of the complexity of the topic and its interdisciplinary nature (data, IT, strategy, risk processes), a sufficient additional implementation period of at least 2 years is of crucial importance.

We would also like to point out that it should be made clear which "competent authorities or public bodies" are meant. NGOs should not be defined as public bodies within the meaning of this paragraph (6.4.).

Art. 76 (1) CRD VI: Proportionality principle SNCIs

The option for small, non-complex institutions to carry out the review of risk strategies/policies only every two years, as set out in Art. 76 (1) CRD, should be used, especially as a minimum two-year cycle is also possible for all institutions in accordance with Art. 76 (1) sentence 1 CRD VI.

Upload files

DK Comments EBA Consultation paper – Draft Guidelines on the management of ESG risks.pdf (609.88 KB)

Name of the organization

Die Deutsche Kreditwirtschaft

Organisation and governance

Legal and policy framework

Careers

Supervisory convergence

Direct supervision and oversight

Information for consumers

Ad hoc activities

Risk analysis

Reporting frameworks

Data

Publications

Media centre