EBA issues final guidelines on managing ESG risks

When the EBA's Capital Requirements Directive VI (CRD VI) came into force last summer, it introduced formal expectations for identifying and mitigating ESG risks. The EBA has subsequently issued final guidelines to help EU credit institutions comply, and to standardise their approach to ESG risk management.

The EBA’s guidelines on ESG build on pre-existing best practice. There are no real surprises here – some key expectations are outlined below.

Identifying and measuring ESG risks 

Firms need effective tools to identify, measure and track ESG risks across short-, medium- and long-term horizons, with a focus on establishing the materiality of each risk. The EBA recognises that the methodologies and approach may vary across each time horizon, depending on the data available. These will naturally be more granular for the short- and medium- term, with more qualitative assessments for the long-term.

Where to start?

Taking a closer look at the three strands within ESG, the EBA has set expectations to align with the relative maturity of each. It’s also important to note potential connections and interdependencies between them.

Environmental factors

Under the environmental banner, firms should be able to quantify climate-related risk while striving to understand the financial impact of other areas, such as biodiversity loss or nature degradation. A lot of work has already gone into this space, so the EBA expects to see key risk indicators for the short- and medium- term with appropriate exposures and portfolios in line with a materiality assessment.

Social and governance factors

As less developed areas, firms should start by looking at qualitative data, moving to more quantitative measures as new data and methodologies emerge.

Good use of data

The EBA expects firms to have systems in place to "identify, collect, structure and analyse" the necessary data to manage ESG risks. This is an ongoing challenge for firms and needs to include both internal and external data, with a focus on forward-looking risks.

More data will become available over time, and firms may initially use estimates or proxies, adopting new data sources as they become available. This may include information from third-parties, or via existing or potential relationships with counterparties or clients.

Recognising that all data sources aren’t made equal, firms need to understand the sources and methodologies that underpin relevant data and understand its limitations.

Risk assessment methodologies

The EBA has outlined a range of ESG risk management methodologies, which firms can combine for comprehensive coverage across all time horizons.

Exposure-based methodologies

Supporting short-term horizons, exposure-based methodologies will look at counterparty exposures and default risk, with appropriate materiality assessments. As needed, firms may include these in their internal credit scoring, ratings models or risk indicator models. These exposures will most likely cover environmental climate factors, and firms need to think about physical and transition risk with an eye on location, technology, regulation and supply chains, and more.

Sector-based, portfolio-based and portfolio alignment methodologies

Primarily for medium-term horizons, these approaches will help firms map their portfolios against current and emerging ESG risks, noting potential risk concentrations.

For climate risk, institutions should have at least one portfolio alignment methodology to assess a sector’s alignment to climate risk pathways or scenarios.

For non-climate related factors, larger firms should be able to identify sectors that depend on, or affect, ecosystem services; and measure the financial impact of both nature degradation and the steps taken to reduce it.

Scenario-based methodologies

Long-term outlooks will largely rely on scenario-based methodologies, starting with climate risk. As ever, scenarios should be science-based, up to date and come from an appropriate source. The EBA guidelines are deliberately light in this area, to accommodate the concurrent consultation paper on ESG scenario analysis. This consultation covers a lot of ground, including guidance for feeding ESG risks into credit risk internal stress tests; use cases for scenario analysis; guidance for setting scenarios; and use of scenarios to test the wider business model.

Managing and monitoring ESG risks

It’s important to note that ESG risks are drivers of all traditional risk categories, with key considerations outlined below.

Credit risk

Credit sectoral policies should include ESG risks and be factored into credit origination criteria with appropriate training for business-line staff and credit decision-makers. Credit risk monitoring frameworks should include ESG risks.

Market risk

Firms need to consider how ESG risks can affect the value of their financial instruments and portfolio. To mitigate these risks, firms should review their trading book risk appetite and consider limits for positions or exposures.

Liquidity and funding risk

As a minimum, it’s important to consider the impact of ESG on net cash flows and on assets that make up liquidity buffers. There could also be an impact on the availability or cost of market funding.

Operational and reputational risk

Firms need to embed ESG risks into their operational risk frameworks and recognise the potential reputational damage from outages, investment in controversial businesses, or lack of commitment to ESG goals. It’s also important to acknowledge the risk of future litigation for greenwashing or any type of misleading claims in relation to ESG.

Concentration risk

ESG risks may affect some sectors or locations more than others, leading to a concentration of one or more types of ESG risk. Firms should consider how their exposures are affected and any potential impact on Tier 1 capital.

Mitigating the risks

Firms need to embed ESG risks into their existing risk management systems, using a range of approaches including (but not limited to):

• engaging with counterparties to better understand the exposures and risk drivers
• adjusting financial terms
• considering ESG risks when setting policies, risk or exposure limits or deleveraging strategies (taking into account the varying risk profiles in terms of geography or sector)
• diversifying lending and investment portfolios.

Strategy, reporting and governance

As with any risk management processes, these elements must be factored into the institution’s strategy and business model. This should take into account the wider business, financial and economic context in which they operate, paying particular note to any transition or physical risks which may render some or all of the business unviable.

Following a materiality assessment, firms should include relevant ESG risks in their risk appetite with key risk indicators in place. Ongoing monitoring approaches should include early warning indicators, clear escalation procedures and a combination of backward- and forward-looking metrics.

UK takes next steps on ISSB standards

Read this article

Next steps

These guidelines come into effect from 11 January 2026, but small and non-complex firms have a later date of 11 January 2027. While these rules do not directly apply to UK credit institutions, those with EU operations will need to take note and ensure that any global policies and procedures are compliant.

Contact Irina Velkova for more information on managing ESG risks.

FCA publishes final anti-greenwashing guidance, SDR-extension proposals

Read this article