This review1 followed the initial publication of expectations on C&E risks in their November 2020 Guide on C&E risks (the Guide)2 and the self-assessment performed by European banks in 2021 on the ECB’s request. The scope of the thematic review included 186 banks with a total balance sheet size of EUR 25 trillion: 107 significant institutions (SIs) supervised by the ECB and 79 less significant institutions (LSIs) supervised by national competent authorities.
In this article, we provide an overview of the main conclusions of the thematic review and of the main focus areas related to the management of C&E risk for banks that we expect for 2023.
Main results
The thematic review shows that European banks have progressed with the integration of C&E risks into their business strategy, governance, and risk management frameworks. This matters, because the review shows that C&E risks are real. Depending on the time horizon, 70% to 80% of all banks consider C&E risks to be material for their portfolios. About 75% of all banks expect material impacts on their credit risk. To a lesser extent, material impacts are expected on strategic and reputational risks (about 50%), and on market and liquidity risks (about 25%). In the short term, banks are most concerned with transition risks, while the relevance of physical risks is clearly increasing with the time horizon.
The ECB concludes, however, that the management of C&E risks still is on a relatively basic and general level. For example, banks have updated their governance, assigning responsibility for the management of C&E risks to the Management Board. Many have also set up dedicated committees for these risk types and/or assigned responsibility within the organisation in other ways. Further, over 90% of all banks have at least performed a basic risk identification and materiality assessment to understand how their portfolios are exposed to C&E risks. In many cases, this has led to the introduction of Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs), and the (often qualitative) integration of C&E risks into their business strategy and Internal Capital Adequacy Assessment Process (ICAAP).
According to the ECB, the work performed so far is not sufficient though. The ECB observes gaps in the risk identification and materiality assessment at almost all banks. In 60% of the cases, these are deemed major. Of all banks, 10% is yet to start with this process. Improvements are also required with respect to data collection. Only a small selection of banks (about 15%) is systematically collecting data that is sufficiently granular and forward-looking to support processes like risk identification, stress testing and reporting. In most cases, banks rely to a large extent on the use of proxies.
Even if banks have progressed well with the identification of C&E risks, the ECB concludes that this awareness has not been translated effectively into policies and targets by more than half of the banks. The high-level KPIs and KRIs for example, are not cascaded down to business lines or individual portfolios, non-restrictive targets are set, or relevant counterparties are excluded from a policy’s scope. Furthermore, the ECB finds that banks are significantly underestimating the level of skilled resources required for a proper management of C&E risks.
The ECB has set deadlines tailored to each bank that they supervise. As part of the publication of the results of the thematic review, however, they shared the minimum milestones European banks need to adhere to:
- By the end of March 2023, banks need to have a sound and comprehensive materiality assessment in place, including a robust scanning of the business environment.
- By the end of 2023, banks need to manage C&E risks with an institution-wide approach covering business strategy, governance and risk appetite, as well as risk management, including credit, operational, market and liquidity risk management.
- By the end of 2024, banks need to be fully aligned with all supervisory expectations, including having in place a sound integration of C&E risks in their stress testing framework and ICAAP.
Focus areas 2023
Based on the results of the ECB’s thematic review and our conversations with clients, we see five focus areas related to the management of C&E risks for banks in 2023.
- Comprehensive risk identification and materiality assessment: The ECB is clear about its expectations that banks should complete their risk identification and materiality assessment in the first quarter of 2023. More importantly, they expect this process to be comprehensive. For a start, a bank should assess all its material business lines (or portfolios) and cover all relevant regions and geographies the bank is active in. A step-wise approach can be used, as long as the full scope is covered in the end. Further, the analysis should cover a wide range of physical and transition risks. It is not sufficient to investigate the impact of a limited set of risk factors. Finally, the analysis needs to be performed for different time horizons: the short, medium, and long term.
- Strong data governance framework: To take the next step in the management of C&E risks, a robust and structured process to collect data is required. For the analyses performed by banks so far, it may have sufficed to extensively use proxies. More is needed, however, to fully meet the expectations described in the ECB’s Guide. Data needs to be collected on a granular level: to be able to properly measure and report on C&E risks, banks need to understand the risks on counterparty, facility, and/or asset level. A first step would be to compile a complete overview of the bank’s data requirements. A bank would need to synthesize all data requirements stemming from processes like risk identification, credit granting, risk modelling, and disclosure to ensure a sufficiently granular (and future-proof) data collection process is designed. Such a process will have to source data from internal systems, but also from a bank’s counterparties and most likely external data vendors. A structured approach exploits potential overlapping data requirements and prevents inconsistencies in definitions.
- Scenario analysis and quantification: With improved data comes the possibility to perform more sophisticated scenario analysis and to quantify C&E risks. About a quarter of all banks are already employing advanced and/or forward-looking quantification methods; for example to inform the ICAAP, to perform scenario analysis, or to reflect C&E risks into internal ratings-based (PD and LGD) models. Most banks expect that it will take one to three years to truly advance in this area. In 2023, however, banks should already focus on improving their scenario analysis (and stress testing) capabilities, and take the first steps towards integrating C&E risks into their credit risk modelling.
- Embedding results into policies and risk management frameworks: In 2023, banks will need to “walk the talk”, to paraphrase the ECB. The improved understanding of how physical and transitions risks may impact the risk profile of the bank needs to be translated into actionable policies and become part of the risk management framework. Overall targets need to align with scientific pathways, high-level Risk Appetite Statements on C&E risks need to be cascaded down to the lower business line levels, controls need to be implemented accordingly, product offerings need to be reviewed, and a dialogue with clients needs to be initiated – including clear steps if and how a bank will continue the relationship if the client’s transition is not meeting expectations.
- Scope extension to other environmental risks: Attention from banks and supervisors alike has mostly focussed on climate risks so far. Other environmental risks, like loss of biodiversity, pollution and water scarcity have received less attention. Now that some progress has been achieved in the area of climate risk, banks should increase efforts for these other risk types. Initiatives like the Partnership for Biodiversity Accounting Financials (PBAF, a sister-initiative of PCAF, which is focussed on financed emissions) and the Taskforce on Nature-related Financial Disclosures (TNFD) can be useful to progress with this.
Since the management of C&E risks is a new field of expertise, many banks are (re)inventing the wheel. Much can be learned from other banks though. To facilitate this, the ECB published, together with the results of the thematic review, an overview of good practices they observed among SIs3. This document can be a useful source of inspiration for banks. De Nederlandsche Bank (DNB, the Dutch central bank) published a similar document, based on their observations among Dutch LSIs4.
Conclusion
Banks have worked hard in 2022 to advance their management of C&E risks. Much work remains, however. With the clear milestones communicated by the ECB, banks have their work cut out for them. And this is not a voluntary effort, as the 30 institutions where the ECB imposed binding qualitative requirements as part of the Supervisory Review and Evaluation Process (SREP) know. For some, supervisory exercises were even reflected in SREP scores, impacting their Pillar 2 capital requirements.
To achieve sufficient progress, we believe that banks should focus on the five areas described in the previous section: risk identification, data collection, scenario analysis and quantification, integration of C&E risks into policies and risk frameworks, and a scope extension to broader environmental risks. By combining our extensive experience with the ‘classical’ risk types with our track record on C&E risks, Zanders is well-positioned to support your organization.
References
1) ECB – Walking the talk – Banks gearing up to manage risks from climate change and environmental degradation – link
2) ECB – Guide on climate-related and environmental risks – Supervisory expectations relating to risk management and disclosure – link
3) ECB – Good practices for climate-related and environmental risk management – Observations from the 2022 thematic review – link
4) DNB – Guide to managing climate and environmental risks – link