New rules for how UK financial institutions manage climate-related risks came into force on 3 June. These requirements – set out by the UK’s Prudential Regulation Authority (PRA) – mean companies must ‘truly embed climate-related risk into broader governance’ rather than viewing it in isolation, says Samantha Brady, Head of Environment and Climate Change at Slaughter and May in London.

The new rules reflect new international standards on climate risk, making it a board-level responsibility. Companies are also now required to evidence their climate risk management and decision-making processes.

Brady says that the rules focus on action and ‘raise expectations in terms of how companies implement their findings on climate risk.’ For her, the need for businesses to have an action plan in place as well as the requirement for increased board oversight are also very noteworthy aspects.

The regulator wants companies to integrate climate risk into governance frameworks. It’s also looking for organisations to clearly state their climate risk appetite so that it’s well understood throughout the business. Ultimately, the new rules – set out in an updated supervisory statement in December – aim to ensure that companies ‘build the capabilities and resilience needed to effectively manage these risks,’ says the PRA.

Will Reddie, Chair of the IBA Insurance Committee’s Regulation Subcommittee, says the updates have put ‘more concrete parameters’ in place, making the PRA’s expectations clearer. In particular, the expectation of oversight will make boards take ownership of climate risk and avoid such matters being siloed in a sustainability department, he says.

Brady says directors need to develop new skills to understand the material climate risks their company is exposed to. Having this understanding will enable them to interrogate the organisation’s risk management approach and ensure it remains fit for purpose.

Ravi Nayer, a partner at Bryan Cave Leighton Paisner in London, says the updated statement increases enforcement risk, particularly in relation to assessing which risks are material. He believes that companies will now be more reliant on lawyers to help them make this assessment. The statement’s ‘requirement that boards of institutions have a much closer engagement with [climate] risk’ will probably be referenced in future litigation, adds Nayer.

Nayer identifies ‘the greater accountability at board level, the gap analysis that has to be done and the attendant supervisory challenge, as well as the granularity of the evidence that must be kept’ as the most significant changes introduced by the update.

He adds that, alongside gap analysis, the biggest step companies need to take to comply is embedding climate considerations across all risk types – credit, market and operational. They’ll also need to integrate climate risk into capital and liquidity processes. Further, companies will need to maintain a formal risk register, he says.

By now, organisations should have sourced the necessary evidence, for example by carrying out internal reviews. This process can’t be a one-off, says Brady, as the PRA emphasises frequent regulatory reviews and updating internal risk assessments because some climate risks will become more material over time. Brady says there should be working groups across a company regularly doing this work.

Reddie, who’s also a partner at Holman Fenwick Willan in London, expects that the PRA’s response now that the enforceability deadline has passed will be market-wide rather than targeting individual companies. He says the regulator might carry out a survey of how companies have responded and then highlight, on an anonymised basis, best practice and areas where organisations need to improve. Brady says the legal community will be particularly interested in any commentary on what constitutes a credible action plan to manage climate-related risk.

For Nayer, the updates are an appropriate progression from the previous, more permissive approach because ‘we have to acknowledge that climate-related risks and the means of their transmission are ever-more significant in terms of the impact they may have on the economic system.’ Reddie believes the PRA has taken a positive step, which is ‘another endorsement for the UK regulatory system.’

In the EU, the European Central Bank’s (ECB) banking supervision department is also updating its compendium of good practices for climate and nature risk management and stress testing, which aims to help the bloc’s financial institutions comply with relevant regulation. These updates are in response to requests from European banks for more clarity on best practice. The updates will help them close gaps in their risk management frameworks and address where they’re vulnerable to the effects of the climate crisis.

The ECB also plans to support smaller or less exposed banks in taking a proportionate approach by highlighting less sophisticated practices or existing publicly available tools in its updated compendium.

The supervision department aims to emphasise areas that banks usually struggle with, such as quantifying physical climate risk. Its guidance also covers nature-related risks. These can’t be disregarded, says Brady, since nature loss and climate change are linked. In contrast, the PRA expectations predominately focus on climate-related links.

Header image: Garun Studios/Adobe Stock