Institutions are increasingly addressing C&E risks considerations in the setup of the management structure. In many institutions, the management body approves the environmental strategy and risk management framework and the corresponding policies and implementation. Banks will create dedicated committees consisting of subject matter experts that deliver advice to the management body on environmental matters such as changes to the environmental strategy and policies, net-zero commitments, Risk Appetite Framework (RAF) and the adequacy of the management process. Several institutions were found to have opted for the combination of a top-down and bottom-up approach. In this setup, the bank's decision-making body discusses the strategies related to, for instance, net-zero commitments and related decisions. Representatives of the relevant business lines are included as to contribute to these discussions from the ground up and to gather verification of the integration of the environmental strategy into the daily operations.
To align the incentives of the members of the management body and senior management with the C&E related strategy goals of the bank, the remuneration policy is adjusted accordingly. Parts of the variable remuneration components are based on KPIs that track whether the predefined targets have been reached, such as a reduction in financed emissions, an increase in the sale of green finance products or whether the institution attains a predetermined level of sustainability rating from a rating agency.
On the side of the Risk Appetite Framework (RAF), institutions have started including granular and forward-looking information. These KRIs could represent the alignment of the banks' portfolio with the chosen transition trajectory. Beyond the quantitative KRIs, institutions have established indicators that monitor the roll-out of or the adherence to the climate-related risk management policies, such as credit risk assessment processes. As such, the KRIs do not measure an institution's exposure to risk but rather its level of success in terms of rolling out climate-related risk management policies throughout the organisation. The compliance with the selected KRIs is monitored in the same fashion as other indicators using the red, amber, green approach. For the red and amber levels, the institutions will define roles, responsibilities and deliveries that should be drafted such as a remediation plan.
The KRI shows the distance between the desired portfolio trajectory of a specific sector and the banks’ actual situation. If the portfolio exposure is above the trajectory at a given point in time by a defined percentage, procedures are triggered in line with predefined governance processes.
The KRI shows the financed emissions in the lending and investment portfolio.
Limit on the sectoral level
Institutions might define quantitative limits on the sector level both in absolute and relative terms for those industries with elevated sensitivity to transition and physical risks.
Figure 3 : KRI examples overview
Institutions are creating reporting frameworks for C&E risks including putting in place governance structures to support the related data strategy. The architecture is usually centralised within a steering committee to oversee the project. The committee might be chaired by a member of the management and includes members of several business areas to get a broad coverage of risk functions and local subsidiaries. The exercise starts with a data gap analysis. First, an aggregation is made of all current and oncoming data requirements such as risk management needs, business objectives and commitments related to target setting. Once an exhaustive list of data needs is formulated, the institutions will carry out a data gap analysis which in addition to the aforementioned data collection needs will include an assessment of the requirement IT infrastructure and risk data aggregation capabilities. To enhance the completeness of their C&E risk data, banks will complement internal information with external sources while establishing a hierarchy of data sourcing. In the latter actual client data will hold priority while being supplemented by external data, if both are not available, proxy approaches will be employed. Institutions are increasingly recognising the importance of using dedicated C&E risk questionnaires to collect client or asset level data. These questionnaires are being embedded in the due diligence process and client engagement procedures. On the side of third party data providers, institutions should carry out an assessment of its data providers covering aspects such as completeness and data quality. Furthermore, a set of criteria could be defined that is used to prioritize or facilitate the selection of a third party data provider.
The above outlined framework from the good practices papers provides a solid foundation for financial institutions to start building their internal C&E data architecture. However, it might be challenging for banks to currently create an exhaustive outline of all data requirements. The fast-paced development of the C&E-risk and ESG-practices requires constant monitoring of regulatory and market demands to ensure being up-to-speed with the relevant data needs. The framework will need frequent adjustments to ensure internal and external compliance. Moreover, while sustainability related disclosures are maturing, it is likely that for retail counterparts banks will have to rely on self-disclosure of their counterparties in the form of questionnaires. The ability of the banks to receive accurate data from counterparties on a recurrent basis is pertinent given their needs to monitor the evolution and alignment of counterparties in line with submitted transition plans. Financial institutions should ensure that the reporting process is streamlined and does not put excessive reporting-stress on their client base and provide transparent incentives to release the requested data. Moreover, resources will need to be invested to train counterparties who are not participating in other reporting requirements such as the Global Reporting Initiative (GRI) or the Non-Financial Reporting Directive (NFRD) (the latter will be replaced by the Corporate Sustainability Reporting Directive (CSRD)). While some requested data points, such as for instance water usage, might be easier to report, others require technical knowledge and training such as the calculation of Scope 1, 2 and 3 Greenhouse gas (GHG) emissions. The inability of banks to educate their clients will result in them foregoing reporting or resorting to proxy approaches based on for example sector averages. The latter might result in a diminished ability of the bank to distinguish between counterparties in terms of greenhouse gas intensity, therefore affecting the discriminatory power of the information. Regulatory initiatives centralizing such information in a single data base such as the European Single Access Point (ESAP) will improve data availability to the banking system. Moreover, it will alleviate the regulatory burden on counterparties when interacting with multiple financial institutions as in the future such information will be shared.