EBA guideline on ESG risk management - impulses for implementation for banks and savings banks

Sustainability pressures - whether they are caused by climate change (e.g. floods, forest fires, etc.) or social developments (e.g. shortage of skilled workers) - are gradually increasing for banks in Germany and around the world. The European Banking Authority (EBA) is living up to its responsibility and published its guideline on dealing with ESG risks on January 8, 2025 (EBA/GL/2025/01). According to the guideline itself, it must be implemented by institutions other than small and non-complex institutions by January 2026, although BaFin recently clarified this. This is accompanied by the likewise newly published draft EBA guideline on ESG scenario analyses (EBA/GL/2025/02).

BaFin recently clarified that it does not intend to apply the new EBA guidelines on ESG risk management for less significant institutions¹ . At the same time, it emphasizes that the general requirements formulated in the guidelines have already been largely anticipated on a principles-based basis. However, BaFin believes that reports from smaller banks would be of little use in the fight against climate change. Nevertheless, it still sees significant potential for optimization - particularly in the integration of physical climate risks into risk management, in relation to proportionality and in terms of disclosure. Banks and savings banks are therefore still under pressure to react pragmatically and proportionally. The new guidelines can provide important impetus in this regard.

Material analysis (A)

The starting point is the materiality analysis. This involves assessing the potential effects of ESG risks on all traditional financial risk categories (e.g. credit, market price and liquidity risk) and on portfolios. The respective assessment of whether an ESG risk is material - i.e. significant - for an existing risk type is carried out with regard to the probability and severity of the ESG impact. This involves considering not only the impact on the existing risk categories, but also the risk positions, income and profits associated with the risks. Banks are therefore also required to use qualitative and quantitative data in the assessment. Both the short and medium-term as well as the long-term perspective of at least 10 years must be taken into account.

Above all, the quantitative assessment and complete identification of all (material) ESG risks should therefore represent a major challenge due to the still inaccurate or missing ESG data in regional and national banks and savings banks. At the same time, many institutions are required to adopt a consistent approach to CSRD materiality analysis, but to clearly separate this from the EBA materiality analysis. This creates a need for coordination.

Identification and measurement (B)

A structured approach to the collection and processing of ESG data (including missing data) is therefore a basic requirement. The new guideline specifies various so-called reference methods for identifying and measuring ESG risks:

• Risk position-related methods (e.g. use of ESG scoring at customer level in the credit process),
• Portfolio and sector-related methods (e.g. evaluation of the loan portfolio with regard to concentrations of sectors that contribute significantly to climate change)
• Portfolio reconciliation (e.g. initial comparison and subsequent tracking with a portfolio with a net zero target) and
• Scenario-based methods (measurement of resilience to ESG risks in different scenarios).

As mentioned, the precise regulatory requirements for ESG scenarios are currently only available in draft form. However, a far-reaching expansion of the existing set of ESG scenarios is also foreseeable with the climate resilience analysis.

Principles, strategy/business model and risk appetite (C to E)

Banks and savings banks are required to embed ESG risks into their regular risk management systems and processes using a fully integrated approach. Depending on the institution, setting up a dedicated ESG risk governance committee may also be appropriate. Additionally, ESG risks must be considered in the business strategy by incorporating an understanding of their impact on the business model. To better monitor potential material ESG risks, strategic objectives and corresponding performance indicators should be defined.

Institutions are also expected to reflect their risk appetite by using appropriate ESG key risk indicators within both their risk strategy and risk appetite framework. This results in the integration of ESG risk management into overall bank governance.

Capital and liquidity resources as well as risk policies and procedures (F and G)

All material effects of ESG risks must be included in the assessment of the institutions' solvency (ICAAP) and liquidity (ILAAP). The inclusion of a forward-looking consideration of adequate capital resources, particularly in the ICAAP with both a base scenario and an adverse scenario, is of great importance here. If, for example, the potential occurrence of acute physical risks such as floods or storms leads to extensive damage to a bank's financed properties, the bank must take these risks into account both as potential effects on loan defaults and as a negative impact on the collateral deposited (i.e. a decline in the value of properties due to the damage caused).

Clear procedures for identifying, measuring, managing, mitigating and monitoring material ESG risks must now be ensured as part of the risk policy and procedures. The new guidelines focus on credit risk. However, they also require a good understanding of the impact of ESG risks on the assessment of market, liquidity, operational, reputational and concentration risks. In each case, an assessment must also be made with regard to the financial instruments concerned.

Monitoring (H)

The new guidelines call for the introduction of granular and continuous monitoring of material ESG risks for counterparties (clients/issuers) and portfolios. Quarterly risk reporting or specific heat maps for those responsible are suitable for this purpose. In addition, early warning indicators (such as CO2 prices for managing transitory risks) and threshold values must be installed. Banks and savings banks must have concrete strategies and plans in place for how they will react if such thresholds are exceeded.

Transition plan (I)

The highly complex transition plans serve to adequately address the financial risks arising from the transition to a climate-neutral economy in the EU by 2050 (keyword: decarbonization). They include strategies and measures with which institutions adapt their business models and risk management to the requirements of a sustainable economy. They define short, medium and long-term targets for reducing ESG risks as well as the implementation of processes for monitoring and reporting on the progress of these targets. The transition plans must then be incorporated as an integral part of the business strategy and regularly reviewed and updated. Finally, clear responsibilities are defined within the institution to ensure that sufficient resources are made available for implementation.

The following figure shows an initial heat map of selected requirements:

Conclusion: Pragmatic and precise implementation required!

All of this requires a continuous expansion of methods, processes and capabilities for identifying, assessing, mitigating and monitoring ESG risks. At the same time, appropriate consideration must be ensured in the institutions' written regulations and training formats. In order to respond quickly and pragmatically to the supervisory authority's requirements, banks and savings banks should first review their existing procedures and tools for dealing with ESG risks and evaluate which of these already meet the new requirements and which are completely new. In many cases, banks' and savings banks' network partners have already provided individual support services. This can significantly reduce the effort required to set up new ESG instruments and procedures. If the centrally provided instruments do not fit or are not sufficient, the banks must develop their own.

The existing and potential new instruments (e.g. analyses, scenarios, key indicators, etc.) should then be transferred to an ESG risk management cycle. Attention must be paid to a stringently consistent procedural model in order to meet the requirement of a fully integrated model. In simplified terms, this control cycle is as follows:

• Risk identification and assessment (materiality analysis)
• Risk measurement (reference methods and scenarios)
• Risk management (via key indicators, etc.)
• Risk monitoring (via internal reporting, heat maps, etc.)

The transition plan mentioned above should therefore be seen as an add-on to the ESG risk management circle.