Article

ESG risk management: building effective frameworks

Paul Young Paul Young

Environmental, social and governance (ESG) risks are on everyone's agenda, but many firms are still unsure of what it means for them. Irina Velkova explains how to define ESG risks.  

This summer, the European Banking Authority (EBA) will publish a report covering ESG risks and expectations for competent authorities. To gather feedback for the report, the EBA published a discussion paper: ‘On management and supervision of ESG risks for credit institutions and investment firms’, outlining the EBA’s understanding of ESG and its impact on prudential risk.

The paper also highlights key considerations that firms need to be aware of when building ESG frameworks.

An ESG risk assessment that defines the most relevant factors for a specific firm to be aware of is an important part of ESG risk management. The current work to standardise ESG terminology should make this task easier for everyone. 

Standardising ESG terminology

ESG is not a new concept, but a current wave of industry publications are working to standardise what these terms mean and how firms measure and disclose them. The EBA broadly defines ESG risk factors as environmental, social and governance characteristics that could negatively impact the financial performance or solvency of an entity, sovereign or individual. 

It can be difficult to identify risks as 'environmental,' 'social,' or 'governance' and the potential impact of specific risks can be hard to quantify, but awareness of standardised terminology can prepare firms for potential problems. 

Environmental risks

Environmental risks may take the form of physical risks, transition risks or liability risks. Physical risk includes both acute (short term) and chronic (long term) impacts of climate change. Transition risk refers to the uncertainty caused by legislation, policy and societal changes to reduce the impact of climate change. Meanwhile, liability risk is the potential for losses due to litigation against firms because of negative environmental impact. 

Social risks

COVID-19 has brought social risks into sharp focus. These risk factors include employee voice and wellbeing, diversity and inclusion, health and safety, human rights and labour law policies and indigenous communities. Social factors are difficult to quantify, but their significance will intensify in years to come, so it is imperative to plan for them. 

Governance risks

Disclosure requirements increasingly include governance policies and procedures, including governance of ESG factors. Poor codes of conduct, lack of anti-money laundering procedures, or deficient ethical standards will increase firms' governance risks. Like social risks, governance is difficult to quantify, but the reputational impact can be significant. 

Managing ESG risk factors

There's a lot you can do to manage ESG risks. Naturally, a starting point for firms should be defining what ESG means for them and what specific ESG risks they may be exposed to based on their activities, business models and strategies. 

Categorising ESG risks may be done by asset class, counterparties, sectors, products or by territory, among others. Drawing on readily available tools will evaluate ESG exposures without reinventing the wheel, allowing firms to embed ESG into their risk frameworks, reporting and disclosure practices. 

The EBA highlights the role of strategy to recognise and incorporate ESG factors as key drivers of prudential risk. Integrating ESG risks into the business strategy is the first port of call, which can, in turn, be factored into the operating model from the top down. It’s important to consider how to translate these high-level business decisions into governance practices and internal controls across the firm.  

In practical terms, the use of ESG scenarios will be a vital tool to inform long term strategic planning and drive ESG risk management forward. The EBA also expects organisations to align their strategies to widely recognised ESG objectives and measures through reference points. These include the Sustainable Development Goals, the Paris Agreement Capital Transition Assessment toolkit, the Partnership for Carbon Accounting Financials, and either the UN Principles for Responsible Banking or the UN Principles for Responsible Investing.

Similarly, aligning products and services to standards such as the EU taxonomy, the future Green Taxonomy in the UK or the EU Green Bond standard will support a sustainable future and improve accountability.  

The role of the board  

A firm's Board plays a crucial role in defining how its governance framework incorporates ESG risks. While approaches differ, based on the business profile of the firm and its complexity, many have established dedicated ESG risks committees, sustainable finance committees or working groups.

These measures typically feed into the formal governance framework or already form part of it, and while these can be beneficial, it’s important to make sure these groups do not exist in a silo. Co-ordinating them with existing governance forums is essential for effective oversight and decision-making authority.  

As ESG becomes an integral part of the governance framework, it should be included in key decision-making processes as essential drivers in assessing prudential risk. Similarly, they should be embedded into firms’ values and purpose statements because they are effective tools to drive behaviours that are aligned to these values. 

The board is responsible for encouraging and incentivising positive ESG behaviours, but it’s important to manage conflicts of interest to prevent greenwashing or mis-selling. Remuneration policies are an effective tool in control frameworks to ensure employees’ objectives and goals are aligned to the firm’s strategy and business objectives.  

Delegating ESG risk management 

In addition to dedicated governance forums, many firms are appointing a Chief Sustainability Officer, Chief Impact Officer, Head of ESG or similar to hold accountability for ESG. Regardless of their main role in the firm, these individuals would ideally be on the Board or have appropriate seniority to fulfil the ESG agenda. They must be supported by the risk management function, who will be involved in defining, assessing and managing ESG risks, in addition to setting risk appetite and key risk indicators.  

Similarly, risk management and internal audit functions may need greater training and resourcing to allow for appropriate oversight and assurance. While additional training is a must for these functions, it should ideally cover all three lines of defence to ensure effective ESG risk management at every stage.

As the importance and urgency of ESG is only set to increase, effective risk management is vital to avoid unnecessary problems and potential reputational damage. In this context, defining the most relevant ESG risk factors for you and incorporating them into your existing governance frameworks should be a priority for all firms. 

For more guidance on ESG risk management and defining ESG risk factors, get in touch with Paul Young.

Article
ESG: a defining factor in investor confidence Why are the social factors of ESG so important to investors?
Article Sustainable finance: a guide to the EU taxonomy How can the EU Taxonomy regulation stop greenwashing?
Article Climate risk disclosures by premium listed issuers What can listed users expect in the new rules?