Methodologies for ESG Risk Management established by the EBA

On January 18^th, the EBA (European Banking Authority) published a consultation on the draft Guidelines on the management of ESG risks (EBA/CP/2024/02), which establishes a methodology for the identification, measurement, management, monitoring and integration of environmental, social and governance (ESG) risks by European institutions.

These guidelines address the mandate specified in Article 87(a)5 of the Capital Requirements Directive (CRD). The consultation period runs until April 18^th, and the guidelines are expected to be finalized by the end of 2024.

To ensure the resilience of the business model and risk profile, the entities should incorporate into the risk management model, periodic and exhaustive assessments of the materiality of ESG risks, based on solid data and a combination of methodologies such as exposure, portfolio and scenarios.

The Guidelines take into account the proportionality criteria according to the scale, nature and complexity of the ESG risks of the business model and the scope of the entity's activities for ESG risk management assessments.

Among the main aspects that the Guides describe are the following:

1. Identification and measurement of ESG risks

Institutions should include in their internal procedures the identification, collection and analysis of data and information necessary to assess the ESG risks to which they are exposed.

Robust systems should be implemented to collect and aggregate data related to ESG risks, using sustainability information disclosed by counterparties and establishing methods to improve data quality. Internal procedures should involve clients and counterparties to capture relevant information on ESG risks, considering the size, complexity and ESG profile of the counterparties.

In the absence of data, institutions must identify and remedy gaps, using estimates or proxies and considering the use of services from external providers that have an adequate understanding of sources and methodologies.

2. Integration of ESG risks

Institutions should integrate ESG risks into their regular risk management framework, taking a robust approach to managing and mitigating ESG risks over the short, medium and long term (3, 5 and 10 years, respectively), incorporating these risks throughout along the three lines of defence in its processes (risk appetite, internal controls, ICAAP, ILAAP). In addition, institutions should monitor them through an effective internal reporting framework and indicators (KPIs, KRIs).

Institutions must test the resilience to different scenarios. The Guides establish criteria to set the scenarios, including the parameters and hypotheses to be used in each of them, specific risks and time horizons. Among others, institutions should evaluate the potential implications of the EU, at least in its material sectors, considering the best available information, as well as public scenarios (among others, IEA's World Energy Outlook and Net Zero Emission scenario).

3. Transition plans

Institutions should develop prudential (transition) plans based on the CRD (art. 76(2)) to address risks arising in the transition and the process towards meeting the EU regulatory objectives related to the factors ESG of the jurisdictions in which they operate, in particular the goal of achieving climate neutrality by 2050, as set out in Regulation (EU) 2021/1119.

These plans will contain specific deadlines and quantifiable intermediate objectives and milestones, in order to monitor them.

Developing these plans under CRD can help institutions address other requirements, such as CSDDD (Corporate Sustainability Due Diligence Directive) and CSRD (Corporate Sustainability Reporting Directive) disclosures on Transition strategies and plans.