Response to consultation on draft Guidelines on the management of ESG risks
Question 1: Do you have comments on the EBA’s understanding of the plans required by Article 76(2) of the CRD, including the definition provided in paragraph 17 and the articulation of these plans with other EU requirements in particular under CSRD and the draft CSDDD?
As the Association of Foreign Banks in Germany (VAB), we welcome the EBA's generic understanding of CRD-based (transitions) plans and the clarification that these plans are to be embedded in the institution's strategy and risk management. The VAB represents the interests of more than 180 financial institutions in Germany, which differ considerably not only in their business models but also in their organizational set-up. For this reason, a generally valid definition is to be recommended and simplifies implementation.
With regard to the interaction of the CRD-based (transition) plans with the plans under the CSRD and/or the CSDDD, however, we see the risk that this could lead to an unnecessary duplication or multiplication of the requirements for strategy setting and reporting requirements, which would be associated with considerable costs and unreasonable effort for the institutions to be implemented. For this reason, we consider it appropriate to bundle the requirements for institutions so that ultimately only the requirement to prepare one plan or report remains. This would also have the advantage that there would be no ambiguity regarding the ranking of the different regulations and plan requirements.
Question 2: Do you have comments on the proportionality approach taken by the EBA for these guidelines?
We fully agree with the proportionality approach taken by the EBA. We welcome that the Guidelines take into account the needs of smaller and non-complex institutions and that they have to implement less complex or sophisticated arrangements.
Question 3: Do you have comments on the approach taken by the EBA regarding the consideration of, respectively, climate, environmental, and social and governance risks? Based on your experience, do you see a need for further guidance on how to handle interactions between various types of risks (e.g. climate versus biodiversity, or E versus S and/or G) from a risk management perspective? If yes, please elaborate and provide suggestions.
We agree with the EBA´s understanding that institutions can be impacted by environmental and social risks. Our understanding is that CRD clearly states that institutions should manage their own risk induced by ESG risk factors (financial materiality, see. Art. 76 (2) CRD 6). However, banks could and should not be forced to adopt a role as a “transition agent” of the financial system to achieve political outcomes. The transition is a challenge for society as a whole, which also involves other stakeholders such as governments, legislators and companies in the real economy.
Nevertheless, we understand that institutions may decide to adopt business strategies and their “brand” on the basis of ESG strategies governing their business activities. A number of our members have already chosen this path and we encourage them to do so.
As a consequence, we have to disagree with a regulatory/supervisory approach to govern the impacts on environmental and social risks by institutions through their core business activities and, therefore, with the introduction of a so-called ‘environmental and social materiality’ as a supervisory dimension of the institutions’ risk management. Institutions can – if they wish to do so – monitor the environmental and social risks through their core business activities, but they are not forced to do so by CRD 6. Moreover, such an approach that is not geared to financial risk puts the financial system itself at risk by potentially encouraging risky exposures because of “bonus environmental and social ESG factors”.
That being said, while the Guidelines appear to cover the individual aspects of climate, environmental, social, and governance risks, however, there may be situations where these risks interact or overlap. For example, the relationship between climate change and biodiversity loss or the intersection of social and governance issues. Providing specific guidance on how to identify, assess, and manage these interrelated risks would enhance the effectiveness of risk management frameworks. In the meantime, we would prefer clarification that institutions should have methodological flexibility.
In addition, further guidance may be needed on data requirements and disclosure standards related to ESG risks. Financial institutions require clarity on the types of ESG data they should collect, how to verify its accuracy and reliability, and how to disclose relevant information to stakeholders effectively.
From our point of view, all these aspects have an integral impact on the handling of ESG risks. In this respect, more clarity and guidance are needed to fully understand the approach taken by the EBA regarding the consideration of, respectively, climate, environmental, and social and governance risks.
Question 4: Do you have comments on the materiality assessment to be performed by institutions?
Our understanding, as also outlined by EBA in paragraph 12 to Section 4.1, is that ESG risks are not to be considered as an individual risk type, but that they are to be included in the risk assessment as risk drivers of the existing risk types. Existing risk types are counterparty default risk, market price risk, liquidity risk, operational risk and other risks. With reference to the ICAAP guidelines issued by BaFin and the Bundesbank on 24 May 2018 (“Aufsichtliche Beurteilung bankinterner Risikotragfähigkeitskonzepte und deren prozessualer Einbindung in die Gesamtbanksteuerung („ICAAP“) – Neuausrichtung“, available under the following link: https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.bafin.de/SharedDocs/Downloads/DE/Anlage/dl_180524_rtf-leitfaden_veroeffentlichung.pdf%253F__blob%253DpublicationFile%2526v%253D1&ved=2ahUKEwjtpv-n-6qFAxWB0wIHHTcxDbkQFnoECBsQAQ&usg=AOvVaw3qMs46kJr1JEK93fWaYB6g) point 5.3.2 para. 50 requires the risk-bearing capacity to be analysed from an economic perspective (ICAAP) over a uniformly long future period of one year.
However, paragraph 13 to Section 4.1 states that institutions’ internal procedures should provide for assessing the materiality of ESG risks across short (i.e. less than 3 years), medium (3 to 5 years) and long-term time horizons, including a time horizon of at least 10 years.
If a quantitative risk assessment of ESG risks is not to be carried out as an individual risk type, but rather among the existing risk types, we believe that the risk assessment period should be standardised. A division into different observation periods, as proposed in paragraph 13, would in any case contradict the current understanding of the risk-bearing capacity assessment.
We propose the following options to resolve this contradiction:
Option 1: ESG risks are considered as a single risk type. Risk can be quantified over the three proposed time intervals.
Option 2: The risk observation period for ESG risks is based on the risk types for which ESG risks are to be categorised as risk drivers.
Question 5: Do you agree with the specification of a minimum set of exposures to be considered as materially exposed to environmental transition risk as per paragraphs 16 and 17, and with the reference to the EU taxonomy as a proxy for supporting justification of non-materiality? Do you think the guidelines should provide similar requirements for the materiality assessment of physical risks, social risks and governance risks? If yes, please elaborate and provide suggestions.
We understand EBA`s approach that institutions should at least consider their exposures towards sectors that highly contribute to climate change. However, as the economy is currently undergoing a process of transformation, the list of sectors presented in Sections A to H and Section L of Annex I to Regulation (EC) No 1893/20061 must be regarded as very comprehensive and almost all-encompassing, with the result that a materiality assessment would cover virtually all economic sectors.
We therefore welcome the restriction of this requirement contained in paragraph 17 and the possibility of excluding some of the sectoral exposures.
Question 6: Do you have comments on the data processes that institutions should have in place with regard to ESG risks?
In order to fulfil the requirements of the Guidelines, i.e. to carry out an ESG risk assessment properly, high quality data is required in terms of quantity and quality. In our view, the Guidelines should therefore set clear standards for the quality and integrity of the ESG data collected. Finally, financial institutions need to ensure that the data is reliable, consistent, comparable and transparent. This may require validation and verification procedures as well as mechanisms to ensure data integrity.
In addition, there should be guidance on the external sources from which financial institutions can obtain ESG data and how to facilitate access to this data. This may include data providers, research reports, public reports, corporate communications, government sources, NGOs and other relevant sources. Simply referring to the published information under the CSRD (as recommended in paragraph 22 of Section 4.2.1) is not sufficient at this stage, as the implementation of the CSRD is staggered over several years and a comprehensive data pool will probably not be available until the end of this decade. In addition, the Guidelines should ensure that the data is accessible to all financial institutions, especially smaller institutions that may not have the same resources as larger institutions.
Finally, as regards the wording, EBA should consider the following aspects regarding Section 4.2.1:
Paragraph 20 of this Section correctly refers precisely to “ESG risk-related data”. However, the following paragraphs mistakenly and vaguely refer to “ESG data” (paragraphs 21 and 25 (a)), “ESG profile” (paragraph 22, it should read “ESG risk profile”). This should be corrected in order to avoid misunderstandings.
In paragraph 23 (a) item “(iii) material impacts on the environment, including climate change and biodiversity, and related mitigation or adaptation policies” should be deleted. Institutions and supervisory authorities are in no position to judge or disincentivize environmental impact, as long as such impact is legitimate by law and does not constitute financial risk (e.g. GHG certificate prices) relevant for default risk.
In paragraph 23 (a) item “(v) energy and water demand and/or consumption, either in terms of economic factor inputs or revenue base” should be deleted. The mere fact of resource consumption, as long as legitimate under the law, does not constitute a financial ESG risk factor from any institution’s point of view.
In paragraph 23 (b) item “(iii) adherence to voluntary or mandatory social and governance reporting” should be amended by removing the reference to voluntary social and governance reporting, because institutions and their supervisory authorities do not have a mandate to sanction or disincentivize lawful behaviour. If legislators regard standards as voluntary, they have to be treated as such. The only exemption would be if the adherence to voluntary reporting can be demonstrated to decrease financial ESG risk factors using an institution’s data on probability of default.
- In paragraph 23 (b) item “(iv) negative impact on local communities, including due diligence policies to prevent that” should be deleted. Local communities are governed by the local authorities. Institutions and their supervisors are in no position to override local decision-making. Moreover, such attempt would certainly result in massive reputational risk for the institutions. ESG risk factors are only to be taken into account in exceptional cases where local circumstances are such that lawsuits against institutions or their clients are evidently imminent and could put the creditworthiness of borrowers at risk. But this is so rare that the wording of item (iv) seems much too vague to capture it. Moreover, it is already covered by item (v).
Question 7: Do you have comments on the measurement and assessment principles?
The measurement and assessment principles are not very granular and unclear in some aspects, e.g. what is meant by the terms “combination of methodologies” or “establishing of Key Risks Indicators (KRIs)” (as described in paragraphs 26 and 28 of Section 4.2.2). From our point of view, further guidance and clarification would be helpful to enable institutions to take these principles into account appropriately. In the meantime, it should be clarified that institutions have to develop own methodologies which are appropriate for the size and type of their operations and the types and amount of risk they are facing.
Question 8: Do you have comments on the exposure-based methodology?
We fully agree with the exposure-based methodology as described in Section 4.2.3 (a).
We would only recommend minor changes to this Section.
Paragraph 31 (b) should be amended as to clarify that GHG emissions as such are not a risk driver, as long as they are legitimate under the law, and as long as GHG certificate prices do not contribute to the underlying businesses risk of default.
In our opinion, the explanations in paragraphs 30 to 33 should clarify that institutions have discretion as to design appropriate methodologies. We advocate such a principle-based approach. However, if a prescriptive approach was intended, then the requirements are not detailed enough. For example, it would be very helpful for institutions if EBA could provide guidance on sector-specific characteristics in relation to paragraph 32. Furthermore, the requirement in paragraph 33 to assess potential future social and governance risks over short-, medium- and long-term time horizons is too imprecise. This also raises the question of which criteria should be used for such an assessment so that a consistent and standardized analysis can be carried out. Summarizing, we would very much appreciate an explanation of the various requirements with more examples.
Question 9: Do you have comments on the portfolio alignment methodologies, including the reference to the IEA net zero scenario? Should the guidelines provide further details on the specific scenarios and/or climate portfolio alignment methodologies that institutions should use? If yes, please elaborate and provide suggestions.
The portfolio alignment methodologies described in Section 4.2.3 (b) should be deleted in total. This Section could be perceived as an attempt on the part of the EBA to replace legislation that is deemed as inadequate with the EBA’s own political objectives.
Question 10: Do you have comments on the ESG risks management principles?
We very much appreciate EBA`s approach that institutions should determine independently which risk management and mitigation tool(s) would best contribute in relation to fulfil the requirements laid down in paragraph 42. Therefore, we have only one comment:
In paragraph 42 (d) the term “ESG-relevant criteria” is not precise enough. It should be replaced by the term “ESG risk-relevant criteria”.
Question 11: Do you have comments on section 5.2 – consideration of ESG risks in strategies and business models?
In paragraph 43 (a), the term “ESG factors” is unclear and should be replaced by the term “ESG risk factors” in order to avoid misunderstandings. For the reasons described in our answer to Question 9, we propose to delete paragraph 44 (a).
In paragraph 45, the term “ESG perspective” should be clarified by replacing it with “ESG risk perspective”.
Question 12: Do you have comments on section 5.3 – consideration of ESG risks in risk appetite?
We refer to our answer to question 7 and suggest that further guidance should be provided with regard to the term "ESG-related key risk indicators", i.e. in particular with regard to the catalogue of criteria, the framework and scope of this requirement.
In paragraph 47, the term “ESG considerations” gives rise to misunderstandings and should be replaced by “ESG risk considerations”.
Question 13: Do you have comments on section 5.4 – consideration of ESG risks in internal culture, capabilities and controls?
In paragraphs 49 and 50, the term „ESG factors and risks” is highly misunderstandable. It should be replaced by “ESG risk factors”. In paragraph 53 (d), the terms “ESG features” and “ESG aspects” should be replaced by “ESG risk features” and “ESG risk aspects”, respectively, for clarity reasons. It should not be a goal to impose bank supervisors’ ESG policies and societal norms when it comes to the availability and pricing of financial services for individuals or corporates.
The suitability assessments for managers and key function holders should not be used as a tool to choose decision-makers in institutions according to their overall ESG political preferences.
Question 14: Do you have comments on section 5.5 – consideration of ESG risks in ICAAP and ILAAP?
We have no comments.
Question 15: Do you have comments on section 5.6 – consideration of ESG risks in credit risk policies and procedures?
Generally, it should be clarified that institutions have methodological discretion as to how to consider ESG risk in credit risk policies and procedures. Regarding the credit risk policies and procedures, we would suggest that further guidance should be provided with regard to the requirement to develop and implement quantitative credit risk metrics regarding paragraph 61. In this respect, it should be considered if a catalogue of criteria as well as a description of the framework and scope of this requirement was feasible.
Question 16: Do you have comments on section 5.7 – consideration of ESG risks in policies and procedures for market, liquidity and funding, operational, reputational and concentration risks?
ESG factors can indeed trigger reputational risk. But this risk can run in both ways.
This is evident should credit be refused to a corporate who is a significant employer, on the basis of ESG considerations. The refusal of services to certain consumers could also have detrimental reputational effects.
Therefore, paragraph 67 should be amended as to consider situations where reputational risk can also arise through NOT lending to or NOT investing in businesses, because ESG-related controversies can and will go both ways, as experience shows.
Paragraph 68 is not clear enough and should be amended. Concentration risks are clearly defined as the sum of risks that can be attributed to closely connected exposures. It should not be subject to generalized assumptions. So supervisors should not demand attributing concentration risk where a sector “may” or “might” be prone to ESG risk factors. This is too subjective and could be influenced by political opinion, thereby masking the real risk drivers that would require the institution’s attention. Therefore, we suggest to amend sentence 2 of this paragraph by replacing the words “may be” by the words “are demonstrably” (data-driven approach). Sentence 3 should be deleted, because it is not helpful for describing the process of how existing concentration risk (as opposed to assumedly problematic sectors) can be determined.
Question 17: Do you have comments on section 5.8 – monitoring of ESG risks?
For the reasons stated in our answer to Questions 3 and 7, paragraph 72 (b), (c) and (f) should be deleted.
We would like to add that compliance with this Section would be disproportionate for small and very burdensome for medium-sized institutions.
Question 18: Do you have comments on the key principles set by the guidelines for plans in accordance with Article 76(2) of the CRD?
The wording of this Section on Key Principles should be carefully reviewed in the light of our comments on the other questions.
Question 19: Do you have comments on section 6.2 – governance of plans required by the CRD?
Compliance with this Section would be disproportionate for small and very burdensome for medium-sized institutions.
Question 20: Do you have comments on the metrics and targets to be used by institutions as part of the plans required by the CRD? Do you have suggestions for other alternative or additional metrics?
Compliance with this Section would be disproportionate for small and very burdensome for medium-sized institutions.
Question 21: Do you have comments on the climate and environmental scenarios and pathways that institutions should define and select as part of the plans required by the CRD?
We have no further comments.
Question 22: Do you have comments on section 6.5 – transition planning?
Compliance with this Section would be disproportionate for small and very burdensome for medium-sized institutions.
Moreover, we understand that EBA wants to make it clear that institutions play a key role in the transition process. Insofar as this implies an active role in promoting client compliance with specific political goals that go beyond existing laws, we do not agree (see our answer to Question 3). In addition, section 6.5 seems to suggest that the task of transition is exclusively reserved for banks. In our opinion, however, this falls short of the mark. The transition is a challenge for society as a whole, which also involves other stakeholders such as governments and companies in the real economy.
Question 23: Do you think the guidelines have the right level of granularity for the plans required by the CRD? In particular, do you think the guidelines should provide more detailed requirements?
We would like to emphasize that compliance with these Guidelines will be disproportionate for small and/or medium-sized institutions.
Question 24: Do you think the guidelines should provide a common format for the plans required by the CRD? What structure and tool, e.g. template, outline, or other, should be considered for such common format? What key aspects should be considered to ensure interoperability with other (e.g. CSRD) requirements?
Considerable parts of the Guidelines already include provisions that are disproportionate for small and/or medium-sized institutions. From the current state of play, we think that the development of templates is premature.
That being said, we think that the Guidelines could provide a common format for the plans required by the CRD, but these should be introduced at a later stage, e.g. in the form of a review after 3-5 years of application and taking into account respective practical experiences. We would not suggest specific structures and tools; these can be different as long as the key factors are specified in a uniform and equal way.
Question 25: Where applicable and if not covered in your previous answers, please describe the main challenges you identify for the implementation of these guidelines, and what changes or clarifications would help you to implement them.
As an association, we are aware of the major challenges that our members may face when implementing regulatory requirements. These are significant in the ESG area and can be traced back to the following issues in particular:
Data procurement and quality: Quantitatively comprehensive and high-quality data is crucial for managing ESG risk. After all, data enables investors, companies and governments to make informed decisions, minimize risks and identify opportunities. However, in order to achieve this goal, we currently see shortcomings in terms of uniform standards; for example, there are still no uniform definitions or standards for ESG metrics. Furthermore, the quality and availability of ESG risk data (proprietary and/or from third parties) in particular vary greatly. There are gaps or ambiguities in the available data. It should also be noted that the availability of data is sometimes very limited or that data is only available in individual areas. This makes it difficult to assess risks and integrate ESG risk aspects into investment or organizational decisions (e.g. as part of strategy setting).
Process establishment: The integration of ESG aspects into the internal and business-relevant decision-making levels of an institution is crucial for the continued management of the risks stemming from transformation. As such integration can be ensured primarily through new processes or process developments, for which the institutions should be free to develop their own methodologies in accordance with the type and scale of their activities.
Consistency: We currently see various ESG-related regulations at European and national level, some of which have developed separately or at least do not build on each other. We recommend a more consistent, coordinated or at least consecutive regulatory framework that uses the same terms and definitions and sets standards that build on each other.
- Proportionality: As an association, we represent the interests of a heterogeneous membership structure that includes both very large and very small institutions. Therefore, our focus is on a proportional and balanced catalog of requirements. We therefore recommend that the proportionality factor be given greater consideration in the Guidelines and that the list of requirements be adapted more closely to the size of the institutions.
Question 26: Do you have other comments on the draft guidelines?
Please see our answer to Question 25.