Environmental, social and governance (ESG) issues and the risks and opportunities they create are becoming increasingly relevant for financial institutions. But this is a new and growing area in which risks are complex, interlinked and still emerging – with data sets and modelling around them in their infancy too.
Managing the risks that ESG issues create is therefore a challenging proposition. But doing nothing and waiting is not an option. Significant momentum is building once again around climate change and climate risk, while COVID-19 has put issues of sustainability and social responsibility firmly in the spotlight.
Increasing awareness of issues such as climate change, social inequality and corporate misconduct is changing the market environment rapidly. Investors across the globe are showing a greatly increased demand for sustainable financial products. Sustainability and corporate conduct are influencing the reputation and business success of financial institutions. Thus, the trend towards sustainability has the potential to drastically transform the global financial sector.
ESG is significantly rising up the regulatory agenda, too. This is true both at a macro level – international climate change targets through the Paris Climate Protection Agreement, for example, and the United Nation’s Sustainable Development Goals (SDGs) – as well as at a more specifically financial services level. The EU’s Sustainable Finance Action Plan – to name the currently most important publication – aims for the realignment of capital flows towards sustainable investments, the inclusion of sustainability in risk management as well as the promotion of transparency and longevity. Meanwhile, ground-breaking regulations in the context of sustainability - like the EBA Action Plan on Sustainable Finance – are expected to come into force during the next two years.
The temperature – perhaps literally – is rising. Banks, insurers, asset managers need to respond to this and ensure that they are managing ESG opportunities and risks across the enterprise. This is likely to include:
Part of the complexity of managing ESG is that it is not a standalone risk type. Rather, it exerts influence on most financial and non-financial risks present in a financial institution to varying degrees. Moreover, ESG issues themselves impact on each other in complex ways – they are transverse risks that bleed into other risk functions. As a high-level example, consider the Keystone Pipeline in the US (and Canada) which President Biden has cancelled as part of the drive to move away from fossil fuels towards more sustainable energy. This strongly ticks the ‘E’ box. But there is opposition to this in some quarters as once completed the pipeline would have sustained jobs and businesses in some of the most economically challenged parts of the US. So removing it may NOT tick the ‘S’ box. Some have badged this the notion of ‘climate justice’. Difficult balances and inter-relationships are at play.
For financial institutions, this means taking careful stock of all ESG issues and dimensions in a holistic fashion when embedding them into risk management frameworks. All risk management methods and processes must be amended, considering the complex cause-effect relationships across risk types. This involves risk measurement/assessment techniques in run-the-bank and in change-the-bank processes as well as in stress testing applications.
Climate risks are undoubtedly the dominant area of focus for financial institutions currently. These risks divide into physical risks – if economic activities or their value are threatened by climate change, either affecting the institution itself or its customers’ activities and businesses – and transitional risks – if the business model which economic activities are based on is permanently endangered by systemic changes.
In addition, there are two further dimensions – financial and non-financial:
Financial institutions are responding to the challenge. The Chief Risk Officer (CRO) is naturally the initial owner of ESG risk who sets the framework, but some organizations have set up distinct Climate Risk functions led by a Climate Risk Officer (as at Bank of America, for example).
Whatever the structure, risk management of ESG must run right across the business. Whether it is in relation to credit and lending decisions, the underwriting of insurance cover, or the investment strategy across an asset portfolio, client relationship owners must be factoring ESG in and actively discussing it with their clients. They have a role to play not only in following the ESG approach of the institution itself, but in helping clients consider and build up ESG strategies of their own.
This holistic approach starts with sound risk governance and a sensible risk strategy before being implemented into the risk management cycle. While the establishment of a central coordination unit for ESG risks can be beneficial, enhancing the roles and responsibilities of existing units across the three lines of defence – in business units themselves, in risk and compliance functions, and in internal audit - is key.
The risk strategy on ESG risks must align closely with the business strategy and constantly updated. This is likely to involve a process of identifying potential risks and quantifying their impacts, scenario building and mapping across different ESG risk types, sensitivity analysis, integration into the risk appetite statement, expansion of the risk inventory, aggregation of the combined outputs, and the forming of a coherent narrative around it – which will then inform the internal and external reporting. Globally, movement appears to be coalescing around the WEF (ESG) and TCFD (climate) disclosure frameworks for external reporting – these look most likely to become the standard of the future.
KPMG has been actively developing a number of approaches and tools that can assist with the measurement of potential impacts. For example, we have developed a tool which helps quantify the transitional risk effects of carbon taxes, which could have impacts on a financial institution’s impairments of its loan portfolio and those affecting P&L and its capital ratio.
In a recent member firm client engagement with a major European bank, the KPMG climate risk stress testing tool yielded transparent results for stressed PDs and evolution of expected credit loss at transaction and aggregated level. The results were used to discuss and evaluate the climate risk sensitivity of key portfolios and industries with senior risk managers within the organization, while making impact and limitations of simplifying assumptions transparent. The discussion of results led to a clear roadmap for the client on how to improve and further develop the climate risk stress testing program as part of the overall risk management framework.
Through all of this, accurately measuring the likely impacts of ESG risks and changes is of key importance. But there is no universal method for assessing them. For some risk types such as credit risk, adjusting the parameters of existing risk models might be the solution. Quantitative scenario-based models estimating how ESG factors could affect the underlying financial performance of loans may need to be developed, and more urgent is the identification and procurement of the underlying data. For other risk types (especially in the non-financial risk domain), more qualitative scenario or what-if analysis will likely be the preferred method.
Financial institutions are operating in highly challenging and unpredictable times. They are still managing and responding to the far-reaching impacts of the COVID-19 pandemic. They have proven their resilience and adaptability through this time – and need do so again, over a longer time frame, with ESG risks. Indeed, the COVID crisis can help in this respect: if institutions use the crisis to investigate the direct and indirect effects of external triggers, they can plan for similar transmission channels for future ESG risks.
Organizations’ ability to cope with COVID-19 as well as with ESG risks also largely depends on their level of maturity in terms of operational resilience. Frameworks for operational resilience are designed not only to preserve business continuity, but also to enable organizations to permanently adjust to changing conditions. Investing in those frameworks can pay off in multiple ways.