Response to consultation on draft Guidelines on the management of ESG risks

Go back

Question 13: Do you have comments on section 5.4 – consideration of ESG risks in internal culture, capabilities and controls?

Yes. Besides the concerns articulated in the answer to Question 26 regarding the need to account for differing institutional setups, EBCCON expresses the following recommendations in regard to paragraph 53, section 5.4.

“b) The compliance function should ensure adherence to applicable ESG risks rules and regulations and should, in relation to the sustainability commitments made by the institution and the respective policies set, provide advice on the operational - including legal, reputational and conduct risks associated with the implementation or failure to implement such commitments,”

Given that within standard corporate governance the compliance function does not usually bear the ultimate responsibility of the firm’s adherence to laws and regulations, EBCCON suggests aligning the present draft guidelines with paragraph 209 of EBA Guidelines on internal governance (EBA/GL/2021/05), with paragraph 47 of EBA Guidelines on the role of the AML/CFT Compliance Officer (EBA/GL/2022/05) and with Expectation 5.5 of ECB Guide on climate-related and environmental risks (2020) and thereby adopt a formulation similar to the ones mentioned, such as: “the compliance function should advise the management body on measures to be taken to ensure compliance with” applicable rules and regulations. Moreover, given that adherence to regulatory requirements is typically expected of 1st LoD functions, EBCCON suggests elaborating on the envisioned role of the 1st LoD in this context.
EBCCON also seeks to highlight that the compliance function is usually not the sole function responsible for advising on measures to be taken to ensure compliance with the entirety of rules, regulations and regulatory requirements - with prudential regulations in particular typically falling outside of its perimeter.
In relation to providing advice on operational risks ("legal, reputational and conduct risks") associated with sustainability commitments, EBCCON recommends aligning with the EBA Guidelines on internal governance (EBA/GL/2021/05) and allow for all relevant functions to provide advice in their respective field of expertise.
Given the diverse nature of ESG-related goals (e.g., objectives, commitments, targets), EBCCON suggests including a more detailed definition of "sustainability commitments".

“c) The compliance function and the risk management function should be consulted for the approval of new products with ESG features or for significant changes to existing products to embed ESG aspects.”

EBCCON takes note of EBA’s requirement and supports it.

Question 19: Do you have comments on section 6.2 – governance of plans required by the CRD?

“b) the compliance and risk management functions should ensure that the risk limits set in the risk appetite statement as part of the risk management framework are consistent with all aspects of the institution’s plan, including sectoral policies,”

In alignment with paragraphs 179-187 of EBA Guidelines on internal governance (EBA/GL/2021/05), which assign to the risk management function the responsibility of the risk management framework including assessing the consistency of risk appetites and limits with the risk strategy, EBCCON suggests amending the formulation of the present draft guidelines that mention "compliance and risk management functions" on an equal footing and clarifying the contributing role of the compliance function in this regard.

Question 26: Do you have other comments on the draft guidelines?

Yes. EBCCON is generally aligned with the expectations towards the compliance function elaborated in the draft guidelines. However, given that institutions have established governance structures in place for risk management and that the perimeter, responsibilities and risk ownership of different functions in the 2nd LoD (including the compliance function) differ across institutions and given that the present draft guidelines encourage institutions to embed ESG risks in the existing risk management frameworks and governance, EBCCON suggests that the guidelines should recognize differences in institutional setups and allow room for implementation in accordance with existing governance structures, in line with the approach taken by ECB in the Guide on climate-related and environmental risks (Expectation 5.5) and in accordance with existing roles and tasks outlined in EBA Guidelines on internal governance (EBA/GL/2021/05).

*On EBCCON:

The European Banking Chief Compliance Officers Network (EBCCON) is a network of European banks including: Banco Bilbao Vizcaya Argentaria S.A., Banco Santander S.A., Barclays plc, BNP Paribas, Commerzbank AG, Coöperatieve Rabobank U.A., Crédit Agricole Group, Danske Bank A/S, Deutsche Bank AG, Erste Group Bank AG, Groupe BPCE, HSBC Holdings plc, ING Groep N.V., Intesa Sanpaolo S.p.A., Natixis S.A., Nordea Bank Abp, Société Générale S.A., UBS Group AG, UniCredit S.p.A..

Please note that the present response reflects a collective position of the EBCCON community and not necessarily an individual institutional perspective.

Upload files

EBCCON Compliance ESG_Final response to EBA consultation ESG risks_pdf_to upload.pdf (189.68 KB)

Name of the organization

European Banking Chief Compliance Officers Network (EBCCON) *On EBCCON: See response to Question 26

Organisation and governance

Legal and policy framework

Careers

Supervisory convergence

Direct supervision and oversight

Information for consumers

Ad hoc activities

Risk analysis

Reporting frameworks

Data

Publications

Media centre