ESG integration into risk frameworks in Financial Services has become a critical priority due to increasingly stringent global regulation and the need to comprehend the impact of ESG risks on Financial Institutions’ operating model. The first signs of global regulatory change began with the EU Sustainable Finance Disclosure Regulation (SFDR) in 2021 and government authorities’ inquiries into greenwashing, spanning from Australia to the UK.  Subsequently, we witnessed numerous fines imposed by the US Securities Exchange Commission (SEC) in 2022 and 2023 in the US and the banning of a major bank’s climate-related advertisement in the UK - highlighting the expanding reach and impact of ESG regulation. The swiftly evolving regulatory landscape across various jurisdictions adds complexity to the process of navigating and ensuring compliance for global banks. However, the central challenge of ESG integration lies in its distinctive nature, which falls beyond the boundaries of traditional risk frameworks.  

In today’s dynamic landscape, the integration of ESG factors into operational risk management (ORM) and non-financial risk (NFR) framework is imperative. ESG considerations introduce a distinctive set of challenges that diverge significantly from traditional risk assessment methods:  

  1. ESG as a Primary Risk Driver: ESG is not a mere risk stripe, but a potent driver that can impact various facets of an organization’s risk profile concurrently. 

  1. Unpredictable Nature: ESG risks are unpredictable, making forecasting and risk management challengingUnforeseeable ESG risks and regulation surrounding it, will demand adaptability in its integration into risk frameworks 

Integrating ESG into ORM and NFR frameworks is not a mere compliance checkbox, but a strategic imperative. The unique nature of ESG risks and their unpredictability demand proactive incorporation into risk management strategies. Organizations can fortify their resilience and position themselves for long-term sustainability and overreaching success in doing so.  

Market Reponses and Strategies 

Financial institutions are beginning to adopt strategies to integrate ESG risks into their risk management frameworks, including non-financial risks. Current strategies address training and awareness, operational and governance model, ESG horizon scanningcontrol assessment and RCSA. As conversations with industry leaders reveal, organizations are grappling with the need to educate employees about ESG, tailor risk management models to their existing frameworks, proactively monitor ESG regulatory changes and develop robust control assessments to be integrated within the RCSA process, first line of defence as well as longstanding programs such as SOX.  

Although most financial institutions have started defining a strategy for articulating the financial risks posed by ESG, there is no consistent approach for adopting ESG into the risk management framework.  

Baringa’s Approach to ESG Integration - 5 core principles to get right  

Baringa proposes a multifaceted approach to ESG integration that combines compliance with adaptability, helping tackle the two core issues ESG risk presents – its unprecedented nature and its unique position as a risk driver. This strategically includes ESG risks into wider integrated risk and control frameworks and is based on five core principles:  

  1. Third-Party Due Diligence: Financial Institutions must emphasize due diligence in their third-party relationships, aligning processes and standards with regulatory principles. This includes onboarding and pre-contractual disclosures, ongoing due diligence, as well as ad hoc due diligence.  

  1. Reporting and Disclosures: Effective strategy involves building the ability and knowledge to meet ongoing reporting requirements, ensuring accurate and real-time data retrieval. Additionally, organizations should build assurances over data disclosures and establish non-compliance escalation processes as well as remedial actions to prevent customer harm stemming from non-compliance.  

  1. Policy Uplift: Organizations should undertake comprehensive assessment of the obligations outlined in the relevant regulations to then include into policies systematically. Some examples include prescribing approvals at appropriate authority levels, identifying potential consumer harm, acknowledging ESG labelling and integrating regulation-specific training for staff.  

  1. Integrating ESG risks into RCSA: The Risks and Control Self-Assessment (RCSA) process is a cornerstone of effective risk management. Organizations should develop a deep understanding of end-to-end processes and ownership of controls, incorporating ESG-related controls into the RCSA. Additionally, organizations should ensure that greenwashing is included in existing taxonomies and procedures. 

  1. Data Management: Reliable, timely and well-structured data is critical in maintaining the system’s effectiveness. Organizations should consider facilitating access to key data fields (relied upon by due diligence and other controls) in real-time to support the monitoring and assessment of “green” products.  

This approach is built on the foundations of regulatory alignment, data-driven insights, and a firm commitment to transparency. It not only ensures effective ESG risk management and compliance, but also the ability to harness the opportunities presented by sustainable finance.  

“Flag and Tag” approach for ESG risks integration control framework 

One of Baringa’s critical accelerators for effective ESG integration is the “flag and tag” framework. The system serves as a dynamic bridge between existing risk controls and the emerging landscape of quickly evolving ESG concerns, addressing the two main challenges of ESG integration. It anchors into five key stages:  

Flag and tag system infographic 

  1. Compilation of ESG-related non-financial risk drivers: A comprehensive list of ESG-related non-financial risk drivers is compiled, serving as the foundation for further evaluation.   

  1. Review and Identification of Existing Controls: The organization conducts a review of its current risk and control library to identify existing controls relevant to ESG . 

  1. Applicability Assessment (“Tagging”): Identified controls are evaluated for their applicability to ESG concerns, ensuring recognition and avoidance of duplication.   

  1. Addressing ESG-Related Risk Gaps: Through flagged and tagged controls, existing ESG-related risk gaps are addressed by leveraging existing controls or designing new ones.   

  1. Remediation and Continuous Monitoring: New ESG-specific controls are established, with continuous monitoring and reporting mechanisms  

The “Flag and Tag” system allows organizations to minimize duplicative efforts whilst building on the strength of their current risk management frameworks, fostering agility for quick responses to unpredictable ESG risks and surrounding regulation.  

The shifting regulatory landscape and recent enforcement actions indicate that managing ESG is no longer a distant concern or a tick-box exercise. Companies must adapt their risk management systems to confront the evolving ESG landscape. The recent SEC fines against major financial institutions and various global regulators underscore this message. As businesses navigate this complex terrain, comprehensive frameworks and strategic approaches will be instrumental in ensuring compliance, mitigating risks, and capitalizing on the opportunities presented by ESG considerations.  

If you are interested in learning more about ESG risk integration, please contact a member of our team 

Related Insights

Related Case Studies

Subscribe to our Financial Services Newsletter

Get industry news and trending topics direct to your inbox each month

Subscribe now

Contact us

Find out what we can do for you...

Get in touch

Does kindness in business pay?

Find out in our Economics of Kindness series