Insights

On 9 January 2025, the European Banking Authority (the “EBA”) published its final report setting out the Guidelines on the management of Environmental, Social and Governance (ESG) risks (the “Guidelines”)^[1].

The Guidelines outline how credit institutions should identify, measure, manage, and monitor ESG risks as part of their broader risk management framework. These Guidelines link to the obligation contained in Article 74 of CRD^[2] as amended by CRDVI^[3] requiring processes to identify, manage, monitor and report the risks that credit institutions are or might be exposed to, including ESG risks. This obligation is expanded upon in the new Article 87a introduced by CRDVI which obliges institutions to establish strategies, policies, processes and systems for the identification, measurement, management and monitoring of ESG risks. These strategies, policies, processes and systems are to consider the short and medium term, and a long-term time horizon of at least 10 years.

Against this background, the Guidelines prescribe, amongst others:

• The minimum standards and reference methodologies for the identification, measurement, management, and monitoring of ESG risks. The Guidelines delve into the detail of the standards and methodologies addressing, amongst others, the expectation that institutions perform institution-specific materiality assessments of ESG risks regularly as well as whenever there are material changes to the business environment. It is pertinent to note that the scope of the materiality assessment should reflect the nature, complexity and size of the institutions’ activities, portfolio services and products, and the impact of ESG risks should be considered on all traditional financial risk categories to which they are exposed;
• Qualitative and quantitative criteria for the assessment of the impact of ESG risks on the risk profile and solvency of institutions in the short, medium, and long term;
• The content of plans to be prepared by the Board of Directors in accordance with Article 76(2) as amended by CRDVI. Plans are to include specific timelines and intermediate quantifiable targets to monitor and address the financial risks stemming from ESG factors, including those arising from the process of adjustment and transition trends towards the relevant Member States and EU regulatory objectives in relation to ESG factors. Notable amongst these objectives, achieving climate neutrality by 2050. The documented plans need to specify the scope of risks captured by each part of the plan (for instance, whether the plan applies to environmental, social or governance risks) and should ensure that all aspects of the plan address at least environmental risks.

The Guidelines also complement and further specify other guidelines, such as for instance in relation to the EBA Guidelines on Internal Governance^[4].  The latter are now deemed to include an obligation of clear communication on the part of the Board (‘tone from the top’) and appropriate measures to promote both knowledge of ESG factors and ESG risks across the institution, as well as awareness of the institution’s ESG strategic objectives and commitments. The internal control framework as prescribed by the EBA Guidelines of Internal Governance is to be redefined to incorporate ESG risks, including by a clear definition and assignment of ESG risk responsibilities and reporting lines as well as incorporation in ICAAP and ILAAP. The role of each line of defence in the area of ESG risks is further illustrated in the Guidelines.

The Guidelines will apply from 11 January 2026 except for small and non-complex institutions for which the Guidelines will apply at the latest from 11 January 2027.

____________

[1] EBA/GL/2025/01

[2] Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC

[3] Directive 2024/1619 of the European Parliament and of the Council of 31 May 2024 amending Directive 2013/36/EU as regards supervisory powers, sanctions, third-country branches, and environmental, social and governance risks

[4] EBA/GL/2021/05