It stress’s the expectation that banks manage these risks effectively by the end of 2024. What can be garnered from the report is that the industry is talking about these risks, however with only two years to be compliant the time for talking is now over.
When the results of this year’s review are compared with those of last year, it is evident that Significant Institutions (SI’s) all have now at least taken the first step in managing these risks. With regard to less significant institutions (LSI’s) the ECB acknowledge that there may be resource constraints but in their view this should not necessarily impede progress due to the wide dispersion of efforts these institutions were displaying in the review. The next two years will require more than just steps to managing these risks, it requires the journey to be completed. With this in mind, what are some of the areas that the review revealed in need of most attention?
Data
It is not surprising that data remains a key challenge considering the demands for increasing amounts and quality of data in banks, especially over the last 10-15 years. The ECB has found the majority are not actively collecting granular data at counterparty, facility or asset level. The need for this level of detail arises as potential losses in the area of CR&E are most often location and/or activity specific.
The first step if not already taken should be to engage in an exploratory exercise to understand what data an institution already possesses, that can either be leveraged or effectively measured in order to address these needs. It is only by looking to what is there already can gaps be identified as to what is missing. To avoid a constant repeat of this exercise, a well-designed gap analysis will not only address what is required now but also what may be required in the longer term. These gaps will typically be identified in both the back book and the new book. To address the issues on the back book external data vendors can be engaged to assist in addressing these. When approaching new business, designing your data requirements effectively and with a forward-looking theme in mind can mean significant progress is made.
While the Board and key decision makers are aware of these risks, accurate data is essential for them to effectively set out risk appetites and tolerances.
Risk Appetite
CR&E data will feed into an institutions Risk Appetite and it has been found that generally institutions have included climate related Key Risk Indicators (KRI’s). However, these often lack concrete detail and the consequences of breaches. Indeed, it has been found that no bank has taken a bank wide approach to setting KRI’s as they are failing to trickle down to specific business lines and portfolios.
Setting effective KRI’s is not only imperative for measuring where an institution is in comparison to its appetite for risk but also for measuring success. Clearly defined metrics, with remedial plans of action will allow an institution to act efficiently and effectively should one be breached. In addition, it is now the time to assign key roles and responsibilities with regard to CR&E Risks so as to aid in avoiding events and breaches. Should an event or breach occur it should be clear who needs to act and what needs to be done. Engaging business units at an early stage of developing these will avoid a disconnect between the business units and the Board.
Credit risk management
While there has been an improvement in the area of Credit Risk management, the ECB observes that only 25% of banks have implemented at least basic climate-related practices to the credit risk management lifecycle. Due diligence and lending policies have seen the most improvement while collateral valuation and pricing are lagging behind significantly.
Climate related risk metrics can be incorporated into collateral valuations using both qualitative and quantitative techniques in the forms of risk scores and haircuts. Prudent practices also include turning to forward looking information to model the potential decrease in value of energy-inefficient properties.
Returning to an earlier point of the importance of quality data when considering CR&E risks, it has been noted the use of proxies are increasing when identifying how climate-related risks drive credit risk. While there is a place for proxies it is observed the majority of banks are not using sufficiently granular data. This will limit the ability develop robust classification and monitoring procedures and effect how effectively credit risk can be mitigated.
A well-established credit risk management framework will include climate risk ratings for large corporate portfolios as well as smaller retail clients. As it is often easier to rate these larger portfolios the challenge still remains for addressing smaller retail clients. Nonetheless, efforts must be made. Similarly, both physical and transition risk must be assessed as there is an expectation for institutions to address all material portfolios and risk drivers in their credit risk management actions. The collection of energy efficiency certificates to assess possible transition risks and mapping the location of exposures will allow for physical risk to be measured.
Conclusion
The road to being compliant by the end of 2024 is certain to be filled with challenges, more so for those that are starting 2023 with less of the groundwork completed. It can be seen from the above that updating data management frameworks can go a significant way to providing solid foundations to incorporating CR&E risks and meeting the ECB expectations by the deadline. To progress this further, a collective approach must be taken from the top down so that all aspects of the business are considering these risks and are well integrated into frameworks and policies. Clearly defined roles and responsibilities will allow for swift action should risk limits be approached or even breached. As the title of the ECB report suggests, the next two years really are time for institutions to put their planning into real action.