ESG integration into risk frameworks in Financial Services has become a critical priority due to increasingly stringent global regulation and the need to comprehend the impact of ESG risks on Financial Institutions’ operating model. The first signs of global regulatory change began with the EU Sustainable Finance Disclosure Regulation (SFDR) in 2021 and government authorities’ inquiries into greenwashing, spanning from Australia to the UK. Subsequently, we witnessed numerous fines imposed by the US Securities Exchange Commission (SEC) in 2022 and 2023 in the US and the banning of a major bank’s climate-related advertisement in the UK - highlighting the expanding reach and impact of ESG regulation. The swiftly evolving regulatory landscape across various jurisdictions adds complexity to the process of navigating and ensuring compliance for global banks. However, the central challenge of ESG integration lies in its distinctive nature, which falls beyond the boundaries of traditional risk frameworks.
In today’s dynamic landscape, the integration of ESG factors into operational risk management (ORM) and non-financial risk (NFR) framework is imperative. ESG considerations introduce a distinctive set of challenges that diverge significantly from traditional risk assessment methods:
ESG as a Primary Risk Driver: ESG is not a mere risk stripe, but a potent driver that can impact various facets of an organization’s risk profile concurrently.
Unpredictable Nature: ESG risks are unpredictable, making forecasting and risk management challenging. Unforeseeable ESG risks and regulation surrounding it, will demand adaptability in its integration into risk frameworks.
Integrating ESG into ORM and NFR frameworks is not a mere compliance checkbox, but a strategic imperative. The unique nature of ESG risks and their unpredictability demand proactive incorporation into risk management strategies. Organizations can fortify their resilience and position themselves for long-term sustainability and overreaching success in doing so.
Market Reponses and Strategies
Financial institutions are beginning to adopt strategies to integrate ESG risks into their risk management frameworks, including non-financial risks. Current strategies address training and awareness, operational and governance model, ESG horizon scanning, control assessment and RCSA. As conversations with industry leaders reveal, organizations are grappling with the need to educate employees about ESG, tailor risk management models to their existing frameworks, proactively monitor ESG regulatory changes and develop robust control assessments to be integrated within the RCSA process, first line of defence as well as longstanding programs such as SOX.
Although most financial institutions have started defining a strategy for articulating the financial risks posed by ESG, there is no consistent approach for adopting ESG into the risk management framework.
Baringa’s Approach to ESG Integration - 5 core principles to get right
Baringa proposes a multifaceted approach to ESG integration that combines compliance with adaptability, helping tackle the two core issues ESG risk presents – its unprecedented nature and its unique position as a risk driver. This strategically includes ESG risks into wider integrated risk and control frameworks and is based on five core principles:
Third-Party Due Diligence: Financial Institutions must emphasize due diligence in their third-party relationships, aligning processes and standards with regulatory principles. This includes onboarding and pre-contractual disclosures, ongoing due diligence, as well as ad hoc due diligence.
Reporting and Disclosures: Effective strategy involves building the ability and knowledge to meet ongoing reporting requirements, ensuring accurate and real-time data retrieval. Additionally, organizations should build assurances over data disclosures and establish non-compliance escalation processes as well as remedial actions to prevent customer harm stemming from non-compliance.
Policy Uplift: Organizations should undertake comprehensive assessment of the obligations outlined in the relevant regulations to then include into policies systematically. Some examples include prescribing approvals at appropriate authority levels, identifying potential consumer harm, acknowledging ESG labelling and integrating regulation-specific training for staff.
Integrating ESG risks into RCSA: The Risks and Control Self-Assessment (RCSA) process is a cornerstone of effective risk management. Organizations should develop a deep understanding of end-to-end processes and ownership of controls, incorporating ESG-related controls into the RCSA. Additionally, organizations should ensure that greenwashing is included in existing taxonomies and procedures.
Data Management: Reliable, timely and well-structured data is critical in maintaining the system’s effectiveness. Organizations should consider facilitating access to key data fields (relied upon by due diligence and other controls) in real-time to support the monitoring and assessment of “green” products.
This approach is built on the foundations of regulatory alignment, data-driven insights, and a firm commitment to transparency. It not only ensures effective ESG risk management and compliance, but also the ability to harness the opportunities presented by sustainable finance.
“Flag and Tag” approach for ESG risks integration control framework
One of Baringa’s critical accelerators for effective ESG integration is the “flag and tag” framework. The system serves as a dynamic bridge between existing risk controls and the emerging landscape of quickly evolving ESG concerns, addressing the two main challenges of ESG integration. It anchors into five key stages:
Compilation of ESG-related non-financial risk drivers: A comprehensive list of ESG-related non-financial risk drivers is compiled, serving as the foundation for further evaluation.
Review and Identification of Existing Controls: The organization conducts a review of its current risk and control library to identify existing controls relevant to ESG .
Applicability Assessment (“Tagging”): Identified controls are evaluated for their applicability to ESG concerns, ensuring recognition and avoidance of duplication.
Addressing ESG-Related Risk Gaps: Through flagged and tagged controls, existing ESG-related risk gaps are addressed by leveraging existing controls or designing new ones.
Remediation and Continuous Monitoring: New ESG-specific controls are established, with continuous monitoring and reporting mechanisms.
The “Flag and Tag” system allows organizations to minimize duplicative efforts whilst building on the strength of their current risk management frameworks, fostering agility for quick responses to unpredictable ESG risks and surrounding regulation.
The shifting regulatory landscape and recent enforcement actions indicate that managing ESG is no longer a distant concern or a tick-box exercise. Companies must adapt their risk management systems to confront the evolving ESG landscape. The recent SEC fines against major financial institutions and various global regulators underscore this message. As businesses navigate this complex terrain, comprehensive frameworks and strategic approaches will be instrumental in ensuring compliance, mitigating risks, and capitalizing on the opportunities presented by ESG considerations.
Four steps to building a firmer risk framework
What steps does an organisation need to take to evolve its risk framework? We share four key areas to focus on to build a firmer risk management framework.Read more
The critical role of frameworks in unlocking transition finance without unleashing greenwashing
Financial institutions need to focus on enablers, developing their own transition finance frameworks. How can they do this as effectively to mobilise capital to the transition whilst avoiding greenwashing?Read more
Navigating payments innovation
While new products, technologies and partnerships are being introduced at a pace never seen before, the financial services industry isn’t yet aligned on which payments innovations to invest in.Read more
The case for investing in energy efficiency for real estate
The drive for greater energy efficiency in real estate is rapidly gathering momentum. It is a pivotal moment for financial institutions to profit from the energy transition while building a stronger society and economy.Read more
Related Case Studies
Supporting reluctant customers to become a digital-first insurer
How did a leading healthcare cover provider overcome initial resistance from customers to encourage them to embrace new digital channels?Read more
Leading the operational transformation that made a £4 billion insurance deal possible
How did an insurer cut through the complications of one of the biggest carve-outs in recent history to emerge stronger and better equipped for the future?Read more
Building world-leading climate risk modelling software
How do you help the world’s biggest companies to understand their climate risks?Read more
Delivering regulatory change for UK building society
How can a UK building society deliver regulatory change while ensuring a great customer experience?Read more