ESG integration into risk frameworks in Financial Services has become a critical priority due to increasingly stringent global regulation and the need to comprehend the impact of ESG risks on Financial Institutions’ operating model. The first signs of global regulatory change began with the EU Sustainable Finance Disclosure Regulation (SFDR) in 2021 and government authorities’ inquiries into greenwashing, spanning from Australia to the UK. Subsequently, we witnessed numerous fines imposed by the US Securities Exchange Commission (SEC) in 2022 and 2023 in the US and the banning of a major bank’s climate-related advertisement in the UK - highlighting the expanding reach and impact of ESG regulation. The swiftly evolving regulatory landscape across various jurisdictions adds complexity to the process of navigating and ensuring compliance for global banks. However, the central challenge of ESG integration lies in its distinctive nature, which falls beyond the boundaries of traditional risk frameworks.
In today’s dynamic landscape, the integration of ESG factors into operational risk management (ORM) and non-financial risk (NFR) framework is imperative. ESG considerations introduce a distinctive set of challenges that diverge significantly from traditional risk assessment methods:
-
ESG as a Primary Risk Driver: ESG is not a mere risk stripe, but a potent driver that can impact various facets of an organization’s risk profile concurrently.
-
Unpredictable Nature: ESG risks are unpredictable, making forecasting and risk management challenging. Unforeseeable ESG risks and regulation surrounding it, will demand adaptability in its integration into risk frameworks.
Integrating ESG into ORM and NFR frameworks is not a mere compliance checkbox, but a strategic imperative. The unique nature of ESG risks and their unpredictability demand proactive incorporation into risk management strategies. Organizations can fortify their resilience and position themselves for long-term sustainability and overreaching success in doing so.
Market Reponses and Strategies
Financial institutions are beginning to adopt strategies to integrate ESG risks into their risk management frameworks, including non-financial risks. Current strategies address training and awareness, operational and governance model, ESG horizon scanning, control assessment and RCSA. As conversations with industry leaders reveal, organizations are grappling with the need to educate employees about ESG, tailor risk management models to their existing frameworks, proactively monitor ESG regulatory changes and develop robust control assessments to be integrated within the RCSA process, first line of defence as well as longstanding programs such as SOX.
Although most financial institutions have started defining a strategy for articulating the financial risks posed by ESG, there is no consistent approach for adopting ESG into the risk management framework.
Baringa’s Approach to ESG Integration - 5 core principles to get right
Baringa proposes a multifaceted approach to ESG integration that combines compliance with adaptability, helping tackle the two core issues ESG risk presents – its unprecedented nature and its unique position as a risk driver. This strategically includes ESG risks into wider integrated risk and control frameworks and is based on five core principles:
-
Third-Party Due Diligence: Financial Institutions must emphasize due diligence in their third-party relationships, aligning processes and standards with regulatory principles. This includes onboarding and pre-contractual disclosures, ongoing due diligence, as well as ad hoc due diligence.
-
Reporting and Disclosures: Effective strategy involves building the ability and knowledge to meet ongoing reporting requirements, ensuring accurate and real-time data retrieval. Additionally, organizations should build assurances over data disclosures and establish non-compliance escalation processes as well as remedial actions to prevent customer harm stemming from non-compliance.
-
Policy Uplift: Organizations should undertake comprehensive assessment of the obligations outlined in the relevant regulations to then include into policies systematically. Some examples include prescribing approvals at appropriate authority levels, identifying potential consumer harm, acknowledging ESG labelling and integrating regulation-specific training for staff.
-
Integrating ESG risks into RCSA: The Risks and Control Self-Assessment (RCSA) process is a cornerstone of effective risk management. Organizations should develop a deep understanding of end-to-end processes and ownership of controls, incorporating ESG-related controls into the RCSA. Additionally, organizations should ensure that greenwashing is included in existing taxonomies and procedures.
-
Data Management: Reliable, timely and well-structured data is critical in maintaining the system’s effectiveness. Organizations should consider facilitating access to key data fields (relied upon by due diligence and other controls) in real-time to support the monitoring and assessment of “green” products.
This approach is built on the foundations of regulatory alignment, data-driven insights, and a firm commitment to transparency. It not only ensures effective ESG risk management and compliance, but also the ability to harness the opportunities presented by sustainable finance.
“Flag and Tag” approach for ESG risks integration control framework
One of Baringa’s critical accelerators for effective ESG integration is the “flag and tag” framework. The system serves as a dynamic bridge between existing risk controls and the emerging landscape of quickly evolving ESG concerns, addressing the two main challenges of ESG integration. It anchors into five key stages:
-
Compilation of ESG-related non-financial risk drivers: A comprehensive list of ESG-related non-financial risk drivers is compiled, serving as the foundation for further evaluation.
-
Review and Identification of Existing Controls: The organization conducts a review of its current risk and control library to identify existing controls relevant to ESG .
-
Applicability Assessment (“Tagging”): Identified controls are evaluated for their applicability to ESG concerns, ensuring recognition and avoidance of duplication.
-
Addressing ESG-Related Risk Gaps: Through flagged and tagged controls, existing ESG-related risk gaps are addressed by leveraging existing controls or designing new ones.
-
Remediation and Continuous Monitoring: New ESG-specific controls are established, with continuous monitoring and reporting mechanisms.
The “Flag and Tag” system allows organizations to minimize duplicative efforts whilst building on the strength of their current risk management frameworks, fostering agility for quick responses to unpredictable ESG risks and surrounding regulation.
The shifting regulatory landscape and recent enforcement actions indicate that managing ESG is no longer a distant concern or a tick-box exercise. Companies must adapt their risk management systems to confront the evolving ESG landscape. The recent SEC fines against major financial institutions and various global regulators underscore this message. As businesses navigate this complex terrain, comprehensive frameworks and strategic approaches will be instrumental in ensuring compliance, mitigating risks, and capitalizing on the opportunities presented by ESG considerations.
If you are interested in learning more about ESG risk integration, please contact a member of our team.
Related Insights
Key takeaways from NYC Climate Week
Four key themes emerged from NYC Climate Week, underscoring the role of financial institutions and corporates in driving global decarbonization and more sustainable economic growth.
Read moreFuture Blue Economies: activating sustainable growth
Find out how solving unique challenges in the multi-trillion-dollar blue economy can drive growth and sustainability.
Read moreYour roadmap for DORA day one compliance
With less than six months to go, the race to DORA compliance is on. Our day one roadmap identifies and prioritises critical actions you need to take within four of DORA's main pillars.
Read moreRelated Client Stories
Streamlining home insurance enables reducing operating costs
How do you deliver digital transformation with more certainty, fewer delays and minimal disruption - at a pace that defies conventional expectations?
Read moreFuture proofing ESG materiality assessments for a global insurer
How do you prepare now, to stay ahead of changing disclosure requirements?
Read moreSupporting reluctant customers to become a digital-first insurer
How did a leading healthcare cover provider overcome initial resistance from customers to encourage them to embrace new digital channels?
Read moreLeading the operational transformation that made a £4 billion insurance deal possible
How did an insurer cut through the complications of one of the biggest carve-outs in recent history to emerge stronger and better equipped for the future?
Read more