Climate change remains high on political and social agendas, and the financial sector is assessing the implications on stability and resilience. Sonia Shah and Cindy Niffikeer look at climate risk and the Prudential Regulation Authorities’ (PRA) recent Dear CEO letter.
Climate risk is an emerging field, with industry-wide working groups and guidelines gradually moving towards regulation.
Last year, the PRA released Supervisory Statement 3/19 (SS3/19), which introduced new requirements for governance, risk management, scenario analysis and disclosure. Further, the PRA recently issued a Dear CEO letter, announcing the end of 2021 as the deadline to embed an approach to managing climate related financial risks.
This is the first regulation on climate risk, but as the sector matures more regulators and central banks will follow suit.
An important distinction
Environmental, social and corporate governance is fairly well established and appropriate risk management frameworks are widespread.
The regulators are looking at the same problem from a different angle, namely the systemic financial risks due to climate change. This is a key distinction and risk identification and management processes are still developing.
Financial risks due to climate change may stem from two root causes:
1 Physical changes
Where the physical impact of climate change can have a financial effect. For example, a flood or other extreme weather event may reduce the value of a property or other asset.
2 Transitional changes
Where the steps take to slow climate change have a financial impact. For example, cars with higher carbon emissions will lose value as new initiatives are introduced to limit their use.
What are the PRA's expectations?
The PRA emphasises the need for a strategic approach to managing climate risk, and sets out its expectations across four areas, as outlined below. In addition, we've added notes from the PRA's recent Dear CEO letter, giving feedback on firms’ implementation plans and serves as a temperature gauge for where firms are in their compliance journey.
Climate risk management should be a board-level concern, with clear roles and responsibilities for the board and its sub-committees.
Board members must have a good working knowledge of climate risk, and it should feed into the firm’s overall strategy and risk appetite. Under the Senior Managers and Certification Regime (SM&CR), a Senior Manager must also be responsible for managing climate risk across the firm.
The financial risks around climate change should be included in the firm’s risk appetite statement. This should cover risk exposure limits and thresholds, and the sensitivity of the balance sheet to climate-related drivers.
It should also include details of the impact of climate change on the firm, feedback from scenario testing, and timescales. The PRA expect appropriate evidence to support how these risks are monitored and mitigated in line with the risk-appetite statements.
Dear CEO feedback:
Strategic responses to climate risk are still developing and firms need a clearer plan of action, backed by consistent management information (MI) to inform and promote board-level discussion.
Firms’ plan are not yet demonstrating the scale of climate risk, including the impact of physical and transition risks, and their causal effect on financial risk.
Effective risk management relies on having the right data at the right time, supporting four key processes:
1 Risk identification and measurement
Firms should have a good understanding of the long- and short-term financial risks in relation to climate change. This should be strengthened through the use of scenario testing and forward-looking catastrophe modelling.
2 Risk monitoring
Firms must have appropriate tools and metrics to monitor climate risk. The PRA acknowledges that these will evolve over time and should be updated as necessary. An effective risk-monitoring programme would include potential events that would prompt a strategy update on climate risk.
3 Risk management and mitigation
For material financial risks due to climate change, firms must maintain evidence of risk mitigation and have a credible plan in place to manage the identified exposures.
4 Risk reporting and management information
Boards should have access to relevant MI in order to make informed decisions relating to the business.
Dear CEO feedback:
Quantifying the risk is a key area for firms to focus on. Where the data or tools are unavailable, the PRA expects firms to provide reasonable assumptions or proxies. Firms are generally at early stages in developing their risk management processes.
Scenario testing is key to assessing resilience in relation to climate risk, using the Internal Capital Adequacy Assessment Process (ICAAP) and Own Risk and Solvency Assessment (ORSA) to assess their materiality and sensitivities. The PRA expects firms to test their resilience, against:
short-term scenarios focusing on transition risks based on the firm’s current business model
long-term scenarios looking at the impact of climate change itself, of varying degrees of severity, with orderly and disorderly approaches to managing that transition
Different climate scenarios will have a range of impacts on a firm’s risk profile, solvency and liquidity, and the outcomes can support strategic decision-making processes.
Dear CEO feedback:
Firms are not far enough in their implementation to test different climate risk scenarios. As firms continue to build their risk management plans and tools, this will develop over time, but there is a lot to do before the new 2021 deadline.
The PRA endorses the use of Task Force on Climate-related Financial Disclosures (TCFD) guidelines for disclosure and encourages firms to engage with wider initiatives, but they are not yet mandatory.
There are two scenarios where firms should disclose the financial risks and give information on mitigating controls:
Material risks must be disclosed under Pillar III as a requirement of Capital Requirement Regulation (CRR) and Solvency II
Additional disclosures may improve transparency and support the associated governance arrangements, as well as offering assurance to all stakeholders
Dear CEO feedback:
Some firms have not yet made any disclosures, partly due to limited implementation of SS3/19 and incomplete risk management processes.
What to do now?
The new implementation date of the end of 2021 has upped the pressure on firms, and there is a lot of work to do to reach that deadline.
To get started, firms should focus on training key personnel and the board for a better understanding of climate risk and to set the strategic direction and risk appetite. The relevant Senior Manager should work with individuals across all three lines of defence to establish an appropriate risk management framework. Identifying the right tools and reporting mechanisms is also vital to begin to monitor the climate risk and implement effective controls.