Management of ESG Risks in Banks – Recent Learnings

In the last couple of months, we have been asked by many of our clients what we would advise them to do in ESG Risk space, from a perspective of regulatory compliance, but also from a long-term strategic view. We would like to share our observations and recommendations, with a focus on banks in Germany, the Netherlands and Sweden.

Generally, while some players have started already years ago to include ESG into their core business and back-office processes. Others stayed in a wait and see mode with the plan to identify, what requirements would finally emerge as industry standards and then amend. While industry standards still further evolve, it has become clear in recent months, what EBA and ECB would expect from European banks. The ECB SSM (The Single Supervisory Mechanism) made ESG one of three priorities of their onsite supervisory review:

Accelerate the effective remediation of shortcoming in governance and the management of climate-related and environmental risks[1].

In January 2024, EBA published their Draft Guidelines on the management of ESG risks[2] with a focus on concrete steps banks should focus on:

  1. Collect ESG risks-related data on client / exposure level
  2. Estimate probability of materialisation on short-, medium- and long-term time horizon
  3. Understand vulnerability to transition risks and mitigation opportunities
  4. Include ESG as a potential driver in all risk types
  5. Consider ESG for pricing and structuring decisions
  6. Consider backward- and forward-looking metrics
  7. Run portfolio-based approaches (i.e. limits)

(See our publication: EBA’s Consultation Paper on the Management of ESG Risks – Our Learnings).

When comparing what EBA (and ECB) expect banks to do with what banks actually have done so far, are currently working on or planning to do, we have seen gaps, but also a number of best practices, as described in the following.

With reference to a study from openESG from November 2023, German banks consider ESG criteria already for 87% of all listed companies, and still 60% of SMEs. About a quarter of lending decisions is affected by ESG consideration, but rather 90% to be expected in the near future. Biggest challenge for banks is availability and quality of client-specific data, but many have started to collect data for future integration into their IRB approaches already. 

More specifically, a large German wholesale bank assesses environmental and social risks into its credit rating / loan application process and may adjust credit ratings based on materiality. The bank sets ESG standards for valuing loan collateral based on regulatory requirements, ensuring proper monitoring throughout the lifetime of a loan. Borrowers must have insurance on their real estate collateral, often protecting against natural disasters, with potential government support in certain regions.

But also smaller and more specialized banks have started early (2012-15) to include ESG Risk into their overall risk management framework. They have gathered experience to measure and steer material ESG risk in their lending portfolios and integrated them into quantitative scenario analysis and stress testing. For high ESG risk industry sectors (e.g. Agriculture, Energy, Aviation, Real Estate etc.), specific policies are implemented to actively manage the risk on portfolio but also single-name level. Further, more and more banks include Green and Social Bonds into their refinancing strategies. Most banks have also adapted their internal governance and created specific ESG (Risk) functions, as part of the CEO office or the Risk function.

Not all banks in Germany have enough data available to develop an IRB model let alone ESG-specific add-ons. However, specific service providers exist that pool banking data, develop and maintain compliant IRB models for their respective member institutions, such as RSU  or CredaRate. The later has developed an ESG Scoring solution in 2022, which they offer their members, but also other market participants.

Moving on to the Netherlands, which by their geographical situation historically do focus on environmental physical risks. This is also reflected in the approaches many Dutch banks have implemented. More specifically, the bigger institutions have already integrated climate transition risk considerations into the credit decision and capital allocation process. They have set themselves transition plans to achieve net-zero by latest 2050 with clear milestones for 2030. In order to achieve that, Dutch banks go even further than their German rivals and have set explicit measurable carbon reduction targets for specific high-risk sectors.

Banks can fulfill these targets when their clients transition towards lower carbon emissions. Many banks actively support their clients with specific banking products to achieve that. Where either the clients’ plans or their execution are not sufficient, banks actively reduce their overall exposure towards the specific sector. Other common practices include the integration of transition risks into the credit assessment and decision process, the assessment of physical risk for their residential mortgage portfolios and last not least the active management of the banks’ own Scope 1, 2 and 3 emissions.

When looking into the activities of Swedish banks, we have seen that some have started to set up specific ESG / Sustainability functions and respective governance. For many banks, compliance with ESG-related reporting standards is at the center of interest. Some banks have included the collection of client-specific data into their KYC processes, while other works with specialized vendors or a combination of the two. Most banks have started projects to measure ESG Risk on portfolio level. Some of them have also built ad-on scorecards as part of the loan origination process. These are also getting considered to be integrated into IRB models, which affects downstream processes such as IFRS9 and ICLAAP. Compliance and implementation of PCAF[3] standards seem to have become common practice in Sweden. 

In summary, we found eight common topics all banks we spoke with do prioritize:

Coming back to the initial question: What would recommend our clients as next steps? 

In our view, you should focus on the following:

  1. Review your lending strategy, to ensure an adequate and future-proof ESG representation.
  2. ESG is not a single-function responsibilityAdapt your governance structure towards a more cross-functional handling of Front Office, Operations, Product development, Marketing, Risk and Finance. However, ESG needs to be on the agenda of the Executive Board, which should be reflected in the overall governance. 
  3. Engage into an active review of your loan book.
    Create transition plans for sectors.
    Ensure that transition plans for your major client exist and are reflected in your client-development strategies.
    Prepare and execute portfolio measures and potential exits.
    – Ensure that the review becomes a recurring action point.
  4. Adapt risk evaluation methods (IRB, VaR, Operational Risk, Liquidity Risk).
    Start with a gap analysis and implementation plan.
    Develop adapted methodologiesTest, implement and repeat.
    – Important: Don’t do all at once, rather include this into the annual review process.
  5. Top priority: Communicate with all stakeholders:
    – Colleagues, clients, investors, regulators, competitors, society.

Focus on the positive and inclusive elements. It is not about compliance with another regulation. Rather, active management of ESG Risks will strengthen the strategic position of the bank, its employees and clients, while it helps to create a positive impact on society.

Sebastian Fritz-Morgenthal

Managing Director

Theo van Drunen


[1] EBA/CP/2024/02




Let's connect

Management of ESG Risks in Banks – Recent Learnings Management of ESG Risks in Banks – Recent Learnings
I want an Advisense expert to contact me about:
Management of ESG Risks in Banks – Recent Learnings

By submitting, you consent to our privacy policy

Thank you for connecting with us

An error occurred, please try again later