New challenges for banks’ ESG strategy and risk management

Over the past decade, regulatory expectations on European banks’ ESG frameworks have evolved from voluntary disclosure initiatives to detailed operational requirements. While certain regulations such as CSRD and CSDDD have been watered down as part of the Omnibus Directive, EUs climate goals and Climate Law remain intact. The EBA Guidelines on the management of ESG risks will come into force in January 2026, mandating all but the smallest banks to submit annual plans demonstrating how they will reduce their portfolio emissions in time to meet internal and external targets.

Ironically, amidst a slower-than-expected decarbonization in society in general, and with several American and international banks retreating from their climate commitments (and the ensuing collapse of the Net Zero Banking Alliance), it is European banks that are exposed to the largest compliance and reputational risks.

In our experience, many banks may have underestimated the far-reaching impact of the new Guidelines. Unlike previous regulatory guidance, including ECBs Guide on climate-related and environmental risks, what is now required is the complete integration of ESG risks and targets into banks’ ways of working: risk management, client engagement, operations, pricing, and business strategy.

Below we outline the four areas we think will prove the most challenging for banks to implement.

Key challenges

1. Data availability and processes

Banks are required to have in place a structured data environment to enable assessment of ESG risks, with the explicitly stated aim that most of the data should be sourced at the client- and asset level. The Guidelines list a number of metrics that large institutions must define and monitor, including:

• Financed emissions (Scope 1-3)
• Portfolio metrics of clients that are, or are projected to be, misaligned with emission targets
• A breakdown of portfolios secured by real estate according to the level of energy efficiency
• Metrics related to dependencies and impacts on ecosystem services, in particular water
• Metrics related to ESG-related reputational and legal risks (via the banks’ exposures)

Some of these data are already collected and reported by banks, such as financed emissions. But even those metrics rely largely on proxies and assumptions. Even among PCAF member banks the variation in reported emission intensities is significant - and in many cases inexplicable. For many other metrics the data to construct them is either missing or has not even been defined.

Banks need to accelerate their ESG data strategy and decide, for the short- and medium, which data to collect directly from clients andwhich to source from external providers, and the data gaps for which there are no viable alternatives but to use proxies. In turn, for each of these categories there will be many choices to make with implications for quality, timeliness, and costs. In parallel, but informed by the data strategy, the bank needs to decide on – and invest in - their future data infrastructure, which may take years to realize. One obvious case is the need to connect real estate characteristics, such as LTV, flood exposure, energy rating, and insurance coverage with clients’ financial data as well as outputs from climate scenario models.

2. Models and Methods

The Guidelines require banks to map ESG risk drivers to traditional risk categories and – if they are material - embed the risks in several processes: collateral valuation, ICAAP, stress testing, underwriting, and pricing.

The first step in this exercise is to determine which risk drivers are material, and for which risk types. In the end, for most banks, physical and transition risks stemming from climate change will likely prove the most material for credit risk, but ECBs expectations as to the rigor of the materiality assessment - to substantiate such a conclusion - are increasing. For example, banks need to have methodologies in place to assess how and whether social and governance failures in client firms may result in both financial as well as reputational and legal risks.

Even for key risk drivers such as flood risk, banks face a significant challenge in quantifying how and with which probability this will translate into credit risk. It necessitates a number of assumptions such as the response in real estate prices and insurance costs/availability, as well as government policy and disaster funds, flood protection work, and much more. Limited or absent historical data together with the changing nature of risks related to climate change make this kind of model development very different from traditional risk modeling in banks (such as IRB model) and necessitates new expertise.

And while there are several useful publicly available models, in particular by the Net Greening of the Financial System, there is still a lot of work to be done to adapt those scenarios to individual banks’ portfolios and business models.

3. Client engagement and risk assessment

EBA expects climate and environmental risks to be factored into client selection, due diligence, covenants and pricing based, for a start, on an evaluation of counterparties’ transition readiness and resilience to physical risks. Even for large clients that are reporting under CSRD, a lot of the data required to perform these assessments will have to be collected directly as part of the onboarding process.

Although many banks have separate ESG advisory units that support client executives, these are often there to identify opportunities for sustainable products and loans and are not trained to assess and quantify clients’ risks. In the end, it is client executives and credit committees that must stand over the ESG risk assessment and its impact on credit scores, pricing and loan conditions. To save costs and time for client-facing staff, they should be equipped with practical and user-friendly tools and systems that support them in collecting and organizing relevant ESG data.

Worse, for most SME and retail customers there is no dedicated account manager, the on-boarding and credit process is largely automated. Banks should develop a risk-based sourcing strategy that, at least initially, uses sector-level proxies for the majority of firms while collecting individual data from those that have been designated as high-risk clients. Again, a number of choices have to be made when developing such a framework to ensure it is purposeful.

4. Governance and steering

What we deem most pressing  for banks is to decide on their governance to triage and drive progress on the vast array of requirements. It will require strong leadership and a project committee with sufficient seniority to make crucial, and potentially costly decisions. Elaborate RACIs will be of little use if those assigned ownership are found too low in the bank’s hierarchy.

While the exact division of responsibilities will depend on each bank’s structure and governance model, it is clear that the actual transition plan(s) should be owned by the first line (and subsequently validated by second line), and tie into existing business planning and strategic process.  At the same time, the transition plan will be part of the annual ICAAP submission, which is a second-line responsibility, and the bank’s ESG strategy should be reflected in the business resilience test . Hence, these first- and second-line processes must be aligned.

The Board and CEO should set the bank’s ESG strategy and ensure that these expectations are actionable. Little progress is to be expected if C-suite members do not have clear KPIs and KRIs tied to the delivery of the bank’s transition plan. Quantitative targets may be based on, in addition to financed emissions, the energy efficiency profile of the mortgage book, sustainability-linked bond issuance, and the funding of low-carbon power production. Such targets may necessitate difficult trade-offs, including tighter origination criteria, off-boarding of high-risk clients, and larger discounts for green loans.

Purposeful implementation strategy

To succeed in this potentially daunting endeavour banks should adopt a pragmatic implementation approach, balancing costs against compliance risks. The ECB and local supervisors are fully aware that banks need considerable time to get all prerequisites in place, and the scope and detail of transition plans must be allowed to evolve over years.

However, while early transition plans cannot be expected to present the ultimate answers to either data, methodological or governance challenges, , banks should be able to demonstrate their capacity to achieve essential climate and environmental objectives. Quantitative targets, in particular regarding a bank’s financed emissions, must be achievable.

Finally, underscored by recent legal cases, any claims related to the bank’s “green” credentials must be based on evidence. The heightened compliance and legal risks mean that it is timely to review the bank’s public as well as non-public ESG commitments, benchmark them against peers, and make an honest assessment of the costs and resources necessary to fulfil them.

Want to find out more about how Zanders can assist your bank in developing your ESG strategy and meet regulatory expectations?

Reach out to our Partner Lars Frisell, our ESG and risk management expert, for tailored guidance.