Compliance subcommittee ESG due diligence interviews: Itaú Unibanco

Sunday 17 August 2025

Juliana Maia Daniel 
Berardo Lilla, Sao Paulo
Juliana@berardo.adv.br

Technical interview questions on ESG due diligence

The following questions were prepared for a written interview with senior executives in charge of the ESG practices of their companies. The aim is to explore the integration of ESG (environmental, social and governance) factors into corporate due diligence practices, with a focus on compliance, risk management and regulatory preparedness. In this interview, representatives from Itaú Unibanco – a leading Brazilian bank with operations in 18 countries – give their thoughts on the banks’ commitment to the ESG agenda and how they assess and evaluate risk.  

1. How has the current global landscape for ESG due diligence impacted your business? Have recent developments (such as shifts in US policy priorities regarding ESG disclosures or enforcement) impacted your organisation’s approach or expectations in this area?

Itaú Unibanco's response: Despite recent developments in global ESG dynamics – including shifts in US policy priorities regarding ESG disclosures or enforcement – Itaú Unibanco remains firmly committed to the ESG agenda as a matter of strategic conviction. Our approach is not reactive to external pressures, but rather grounded in a long-term vision that integrates sustainability into our core business model and ESG strategy.

For us, the urgency of ESG issues is nothing new, as it has long underpinned our commitment to corporate social responsibility and our focus on the sustainable development of Brazil. This pursuit puts us in continuous dialogue with various economic sectors and representatives of society. We are aware that we do not have all the answers to global challenges, but we believe that cooperation can lead to the best solutions for the most complex problems.

Our ESG Strategy establishes three main pillars of action – sustainable finance, climate transition and diversity and development – all of which are supported by a cross-cutting pillar of governance and conduct. Our ESG strategy continues to align with globally recognised standards and frameworks, ensuring that we remain proactive and consistent in our ESG due diligence practices. For further information, please consider our ESG Report 2024 available here.

2. What specific ESG criteria and indicators are systematically assessed during your organisation’s due diligence processes, and how are they weighted in relation to financial or operational risks?

Itaú Unibanco's response: The human rights due diligence (HRDD) process includes, in its methodology, a risk matrix that assesses risks identified across our operations and business activities. Each of these risks is evaluated from the perspective of its potential impact on rights holders. Additionally, we conduct a complementary analysis to determine whether the identified risk may also pose a risk to Itaú itself – be it reputational, financial or operational.

Complementing the HRDD, the management of social, environmental and climate risks follows the principles of relevance and proportionality. This process is continuous and spans from the identification of risks in products, services and processes to the assessment of their financial and reputational impacts. Environmental, social and climate risks are classified and monitored through internal process mapping, regulatory monitoring and incident logging. The resulting analyses generate risk tolerance reports that are submitted to governance committees and senior leadership, with decisions made collectively when necessary. Lastly, in addition to meeting regulatory requirements, the bank discloses relevant information about its environmental, social and climate risk management practices and commitments to stakeholders.

In addition, our audit process also focuses on verifying compliance with the commitments and obligations undertaken by our suppliers, aiming to promote responsible management and align with our strategic ESG goals for the supply chain. In 2024, we began planning our biennial supply chain audit, selecting and prioritising the most sensitive partners based on social, environmental, climate and governance risks.

3. How do you structure ESG due diligence protocols to address jurisdiction-specific legal requirements, voluntary standards (eg, OECD Guidelines, UNGPs) and industry-specific benchmarks?

Itaú Unibanco's response: In Itaú's Commitment to Human Rights, we outline the principles and guidelines that shape our approach to the topic. Among them are the UN Guiding Principles on Business and Human Rights and our association with the UN Global Compact in Brazil, in addition to other institutions. You can access the document here.

Additionally, the management of SAC (social, environmental and climate) risks in credit risk management is based on methodologies and tools aligned with both international and national best practices. These are applied in the identification, measurement, assessment, monitoring and disclosure of such risks. The methodologies comply with the main regulations and market best practices related to corporate governance and SAC risk management, including: the Banking Self-Regulation System of the Brazilian Federation of Banks Directives No 14/2014 and 26/2023 by the Brazilian Federation of Banks; the Equator Principles for project finance; the Performance Standards of the International Finance Corporation (IFC), the private sector arm of the World Bank; the Task Force on Climate-Related Financial Disclosures; the IFC’s Practical Guide on Corporate Governance; and the World Bank Group's Environmental, Health, and Safety Guidelines.

4. In cases of high-risk findings (such as links to illegal deforestation, forced labour or governance failures) what remediation pathways are triggered within your organisation?

Itaú Unibanco's response: The human rights risks identified through the HRDD process are prioritised, and action plans are proposed to mitigate or remediate potential harm. These action plans are monitored and, once implementation is complete, they are disclosed in the ESG Report.

Complementarily, in the context of SAC risk management, as a result of the processes of identification, analysis, mitigation and monitoring, if any SAC-related risk or disqualifying factor is identified, the risk and its context are reported to governance committees and senior leadership. Depending on the risk level, the issue may be evaluated collectively by the forums responsible for the SAC agenda. In some cases, the decision may affect the risk rating and, when applicable, result in a pre-contractual opinion.

5. How is ESG due diligence documented and audited internally, particularly in anticipation of evolving regulatory frameworks such as the EU CSDDD or national human rights due diligence laws?

Itaú Unibanco's response: The HRDD reviews are carried out on a periodic basis, and assist with prioritising the risks of human rights violations, as well as identifying the areas involved, the existence of prevention and remediation actions, and the need to develop action and monitoring plans. The resulting risk matrix and corresponding action plans are reviewed and validated by the teams responsible for the process.

In addition, we have an Internal Audit department that acts independently, carrying out periodic assessments of risk management, controls and governance. Periodically, this team conducts ESG audits focused on projects, processes and procedures that are considered most critical to the bank’s ESG strategy and overall business. These audits serve as a key internal control mechanism, identifying areas that require attention and improvement. The findings are formally reported through our governance structure, ensuring that ESG risks and opportunities are addressed proactively and in alignment with the bank’s strategic priorities.

6. From a compliance and governance perspective, what are the key challenges in operationalising ESG due diligence across business units and how do you foster cross-functional ownership and accountability?

Itaú Unibanco's response: As a universal bank with a presence in 18 countries and over 100 years of history, we faced challenges related to translating institutional ESG commitments into consistent and coherent practices across our operational approach and core business. This requires integrating ESG criteria into decision-making processes, continuously training our employees and building governance structures that foster shared responsibility.

We have an integrated governance structure that connects responsibilities and risks across all aspects of our business, based on Itaú’s Social, Environmental and Climate Responsibility Policy (PRSAC). This structure is responsible for managing and overseeing social, environmental, climate and governance issues, for continuously monitoring our corporate sustainability policies, and for periodic reporting to the Executive Committee and the Board of Directors.

At Itaú, we closely monitor market and regulatory developments related to new international guidelines and standards. We are constantly working to improve our processes, internal controls and reporting practices related to our ESG agenda, taking into account the complexity of our operations and the local context in which we operate.

International Bar Association 2025 © Privacy policy Terms & conditions Cookie Settings Harassment policy

International Bar Association is incorporated as a Not-for-Profit Corporation under the laws of the State of New York in the United States of America and is registered with the Department of State of the State of New York with registration number 071114000655 - and the liability of its members is limited. Its registered address in New York is c/o Capitol Services Inc, 1218 Central Avenue, Suite 100, Albany, New York 12205.

The London office of International Bar Association is registered in England and Wales as a branch with registration number FC028342.