On January 9, 2025, the European Banking Authority (EBA) published its final report outlining its Guidelines for the Management of Environmental, Social, and Governance Risks (“Guidelines”).
The Guidelines detail how credit institutions should identify, measure, manage, and monitor ESG risks within the context of their overall risk management framework. They align with the obligation set out in Article 74 of the CRD, as amended by CRD VI, requiring institutions to establish processes for managing ESG risks. This obligation is extended through the introduction of a new Article 87a in CRD VI, which mandates strategies, policies, and systems to identify and manage ESG risks over short, medium, and long-term time horizons (with a minimum of 10 years).
The Guidelines include:
Minimum Standards and Reference Methodologies.
The Guidelines provide clear definitions of the minimum standards for identifying, measuring, managing, and monitoring ESG risks. Credit institutions are expected to regularly assess the significance of these risks, taking into account changes in the business environment. These assessments should reflect the size, complexity, and nature of the activities of the institutions involved. The impact of ESG risks should be assessed alongside all traditional categories of financial risks.
Criteria for assessing the impact of ESG risks. Credit institutions need to assess how ESG risks impact their risk profile and solvency in the short, medium and long term. Assessments can be both qualitative and quantitative.
Management plans. The board of directors should establish ESG risk management plans that include specific timelines and measurable objectives to monitor and address financial risks arising from ESG factors. This includes transition trends towards EU targets, such as climate neutrality by 2050. The plans should define the scope of risks and ensure that all aspects cover at least environmental risks.
Internal governance and accountability. The guidance emphasises the need for clear communication from the Board on ESG risks. This includes assigning responsibilities for ESG risks and establishing lines of accountability. The internal control framework should be updated to cover ESG risks and include responsibilities for all lines of defence.
Integration in Governance. ESG risks should be integrated into the ICAAP (Internal Capital Adequacy Assessment Process) and ILAAP (Internal Liquidity Adequacy Assessment Process). This requires revising internal risk management policies to ensure they are clearly defined and effectively managed across all parts of the institution.
The regulation will come into effect on January 11, 2026, for all institutions, with the exception of small and non-complex institutions, for which the deadline is January 11, 2027.