Climate risk: PRA publish ‘Dear CEO’ letter on SS3/19

Rashim Arora
insight featured image
The PRA has published a ‘Dear CEO’ letter assessing the current state of climate-related financial risk management and compliance with SS3/19. Rashim Arora looks at the key messages for firms and what to do next.

In 2019, the UK PRA released SS3/19, outlining its expectations for managing climate-related financial risks for banks, building societies, and insurers. Firms had until the end of 2021 to fully embed their regulatory approach and meet supervisory expectations. The recent ‘Dear CEO’ draws on thematic feedback from the PRA’s supervision and the Bank of England’s Climate Biennial Exploratory Scenario exercise, and examines firms’ progress to date.

How are firms doing?

Overall, a good deal of work has gone into improving the governance of climate-related financial risk since SS3/19. But the degree to which firms have embedded it into their risk management framework; risk appetite, scenario analysis, modelling approaches, and their counterparty transition plans vary considerably, and all firms need to do more to meet regulatory expectations.

At this stage, the PRA expects all firms to demonstrate:

  • how they are meeting supervisory expectations in line with SS3/19
  • actions underway to address any barriers to progress
  • how they'll improve as industry practice evolves, and new data and tools become available

Firms that haven't made sufficient progress in embedding the PRA’s expectations should explain why and provide a roadmap to overcome gaps.


The PRA expects appropriate board oversight for climate risk, and by now executives should have a good understanding of climate risk management and how it integrates into their firm's strategy, planning, and governance arrangements. Climate risk management must be a key priority, ahead of business strategy, and be supported by adequate metrics, scenario analysis, and risk-appetite statements. Most firms have now appointed a senior manager with ultimate responsibility for climate risk management across the firm, as required under SS3/19. 

Firms have generally made good progress toward meeting governance criteria under SS3/19, and key stakeholders have a good understanding of the risks. As good practice, some boards are factoring climate risk and scenario planning into the wider business strategy, and remuneration targets. These kinds of decisions must be backed by regular climate risk management information, and many firms were doing well in this space. Over time, the frequency, scope, and quality of data should improve, allowing for greater oversight and governance.  

wind turbine
How to manage financial risks due to climate change
Read this article


Risk management 

While firms have made good progress around SS3/19 climate risk management requirements, there’s still a long way to go. Processes vary significantly in terms of maturity, including the extent to which climate risk is embedded into the wider risk management framework, risk appetite statements, inclusion in relevant committee meetings, and review at all three lines of defence.

Firms that demonstrated good practice had a defined climate risk management framework, which was backed by risk appetite statements. In turn, those risk-appetite statements were based on quantitative metrics, tailored to reflect the wider business model, strategy, and balance sheet. Unfortunately, many firms aren’t achieving this, often due to a lack of quantitative data, limiting the extent to which the Board can include climate risk in wider strategic planning. The lack of quantitative data also presented a barrier to effective modelling and while the PRA saw the use of proxies and assumptions, more work is needed to address the data gaps and reach SS3/19 compliance.

Many firms also fell short of expectations around the understanding of counterparty exposures. Firms often struggled to gain information from their counterparties on their transition plans, with efforts underway to develop counterparty engagement processes to collect data and incorporate it into risk management processes.

Under SS3/19, firms should consider the financial impact of climate risk in their Internal Capital Adequacy Assessment Process (ICAAP) or Own Risk and Solvency Assessment (ORSA), including details on methodologies, proxies, assumptions for scenario analysis and assessing material exposures. While methodologies are maturing, most firms didn’t provide enough context or information to review the underlying analysis. As such, few firms tended to give little reasoning for their decisions not to hold, or hold, extra capital against climate risk. 

Scenario analysis

Three and a half years on from SS3/19, the regulator expects climate-related scenario analysis to be embedded into firms’ risk management processes, with a clear indication of how that influences strategy and business decisions. The scenarios must be directly relevant to the firm and assess specific vulnerabilities, for both probabilistic and tail events. The regulator acknowledges that this is an emerging area and expects firms to demonstrate how their capabilities will develop over time.

Climate-related scenario analysis is a key area for improvement to meet SS3/19 requirements. Using a mix of old, new and third-party solutions the climate risk models are too simplistic in their approach and need further detail. Again, data is a key issue, and firms relied on proxy data, with simplified assumptions and manual adjustments, resulting in models that are unable to support business decisions. Many firms didn't have a plan for how to achieve better climate risk data or to develop clearer methodologies over time.  

Firms also need to offer more context around their climate risk models, specifically what the scenario was designed to assess, what it is currently used for, and how it's being re-calibrated to fit the new purpose. Consistency is an issue for many firms, including a lack of clarity over how climate-related scenario analysis outputs are used, for example for integration in the ORSA or ICAAP or for calibrating risk appetite metrics. Good practice showed firms considering the uncertain quality of their climate-related scenario analysis when using the results.

Scenario design is also problematic. It wasn’t always clear if firms were consistently applying the right underlying climate data and assumptions, with the scenario under review. More work in this space should include physical risks, which is particularly tricky due to the lack of data, the range of impact channels and the immaturity of modelling practices.


Most firms chose to make their main climate risk disclosures in their annual accounts, using Pillar 3 and Solvency and Financial Condition Report (SFCR) disclosures for more high-level summaries. Effective practice was in line with Task Force on Climate-Related Financial Disclosures (TCFD) recommendations, including a consistent approach across annual reporting processes and mainstream filings. Effective practice took a consistent approach across independent climate disclosures, financial reports, and SFCR or Pillar 3 disclosures. Firms with less effective practices released limited disclosures with little or no context on their climate risks.

Meeting the PRA's expectations on climate risk
Meeting the PRA's expectations on climate risk
Read this article

Climate data

Lack of data is a recurring theme for climate risk and is affecting all areas of SS3/19 compliance. The PRA expects firms to have a plan to address these gaps, and to identify how new data and tools will inform their future approach. Good practice includes identifying where those gaps are, considering the use of third-party data (and its governance) and the need to balance it with in-house data over time. Firms that were actively addressing climate-risk data challenges used conservative assumptions and proxies, which were well documented and used to inform disclosures or other reports.

Climate accounting

Firms are at an early stage when it comes to climate risk and accounting practices, and it will take time to make sure climate risk is appropriately reflected in balance sheet valuations. But making sure climate risk is accurately reflected in accounting valuations is essential for a safe and sound financial system, enabling effective supervision by the PRA. Looking ahead, the PRA expects firm's financial reporting priorities to include:

  • improving data and modelling capabilities to quantify the impact of climate risk
  • building effective governance and controls for better climate data for financial reporting
  • disclosures to help the market understand the link between climate disclosures, financial statements and Pillar 3 and SFCR reporting

This will depend on a shift from qualitative assessments to quantitative data, as it becomes available, which must be subject to robust governance and controls processes. The PRA will draw on feedback from external auditors to assess progress, including the recent thematic feedback addressing accounting for climate risks.

Next steps

Firms need to do more to meet the regulatory expectations of SS3/19. Where firms do not meet supervisory expectations, they must deliver a roadmap to outline how they plan to overcome gaps, as they could potentially face regulatory action via the wider supervisory toolkit.

Creating a roadmap to achieve effective practices in relation to SS3/19 compliance requires a structured plan as follows:

1 Reviewing your current approach to climate-related financial risk management and conducting a gap analysis against the PRA’s recent recommendations

2 Identifying the priority areas for improvement

3 Developing a short-, medium- and long-term plan to address gaps (including the use of data and technology)

4 Providing necessary resources and budget to enhance processes and remediate data gaps

5 Gaining third-party reviews and assurance

6 Providing regular updates to your senior management, board and the regulator

Contact us for more information on meeting PRA expectations and improving your climate-related financial risk management framework.

For more insight and guidance, get in touch with Rashim Arora.

Get the latest insights, events and guidance for financial services professionals, straight to your inbox.