The Prudential Regulation Authority (PRA) expected banks and insurers, by end 2021, to embed as far as possible their climate-related financial risk management implementation plans into their overall risk management frameworks. Since the start of 2022, the PRA’s expectations have formed part of its core supervisory process and it is actively supervising firms to ensure they meet those expectations.
The regulator provided, in October 2022, further guidance on its expectations and feedback on firms’ implementation progress seen through its supervisory engagement. Overall, the PRA indicates that firms have taken ‘concrete and positive’ implementation steps but need to continue their work ‘to understand and address climate risks’. Of particular note is the regulator’s hardening stance in relation to data deficiencies. It acknowledges the challenges firms continue to face in sourcing information from their counterparties. However, it still expects firms, among other aspects, to identify and develop a strategic approach to closing data gaps and to put in place a counterparty engagement strategy.
This tougher stance means that firms remain under pressure to achieve compliance with the PRA’s expectations and demonstrate effective climate-related risk management despite ongoing data challenges. This is made no less easy by the regulator’s indication that where firms’ progress is insufficient it will: (i) require firms to produce a ‘roadmap’ as to how they intend to address this; (ii) determine what additional steps are required; and (iii) may exercise its ‘wider supervisory toolkit’ if necessary.
Specific points made by the regulator include:
Governance: firms have made ‘significant progress’ in embedding the PRA’s governance expectations with key personnel appropriately trained to understand and manage climate risk and some firms now generating management information to allow boards and executives to lead and challenge effectively. The PRA makes clear that it expects firms to implement a coherent approach across strategy, planning, governance and risk management, with boards and executives able to demonstrate an understanding of how climate considerations are integrated into these four areas, and that the most effective firms have achieved this;
Risk management: generally, firms have made progress on risk management but the level of progress varies significantly. Further work is required by all firms on embedding climate risk considerations within their risk management frameworks, risk appetite statements, committee structures and three lines of defence, appropriately factoring those risks into their quantitative modelling analysis and, particularly important in relation to data capture, putting in place a counterparty engagement strategy;
Capital: while the PRA does not expressly provide feedback on this aspect, it indicates that firms should be able to explain ‘how they got comfortable’ that any material risks are appropriately capitalised; their internal capital adequacy assessment processes should sufficiently clearly set out their analysis of climate risks and capital; and their stress testing calculations and methodologies should be sufficiently detailed to allow an assessment of whether the firm’s assumptions and judgements are appropriate;
Scenario analysis: firms’ scenario capabilities are not sufficiently well-developed as yet to support effective decision-making, largely due to data-related constraints. Some firms are developing climate risk models but all are having to use proxies, manual adjustments and simplifying assumptions with limited information on how those data gaps and methodology challenges will be addressed. Firms have some way to go, therefore, to achieve the PRA’s expectations that such analysis is embedded into their risk management and business planning processes, and that they are able to demonstrate how the results are being used in practice and how their capabilities will develop over time;
Disclosure: most firms have developed a climate risk disclosure approach but its progress has been dependent on progress across governance, risk management and scenario analysis. Firms demonstrating the most effective practice have adopted a consistent and integrated approach across all annual reporting, including financial reports, standalone climate reports and Pillar 3 disclosures. Interestingly, the PRA observes that most firms are not using Pillar 3 as their primary disclosure channel, instead using their annual reports or standalone climate reports; and
Data: all firms need more robust standardised data with broader coverage as mentioned above, and states that firms now need to be able to identify and address data gaps and should put in place ‘conservative’ assumptions, judgements and proxies where necessary.
The regulator highlights that firms demonstrating effective practice have identified their significant data gaps and developed a strategic approach to close them; have put in place an effective system of governance to oversee and integrate third party data; and use appropriately conservative assumptions and proxies, which are disclosed internally and form part of firms’ external disclosures.
The PRA has made clear that compliance with its expectations will be assessed on an ongoing basis and firms should continue to demonstrate effective climate risk management through its regular supervisory engagement. The regulator has stressed that it is particularly important that boards and senior management, including the Senior Management Function directly responsible for firms’ climate risk management, demonstrate appropriate oversight and control of the firm’s climate agenda across its business.
The regulator is very likely to provide further feedback on firms’ implementation progress during the course of 2023 and its risk management expectations may well change and develop, both in light of the Bank of England’s stress test results and as a result of the regulator’s work with the Bank (and the Bank’s work as part of the Basel Committee on Banking Supervision) on how the UK’s banking regulatory capital regimes potentially interact with climate change and climate risk management, on which they are due to report by end 2022.
Given these developments, aside from implementation, firms will need to demonstrate good understanding, management and oversight of climate-related financial risks on an ongoing basis, keep their risk management frameworks under review and adapt them to reflect changing risks to their businesses. They will also need to monitor the regulator’s developing expectations and reflect these in both their risk management frameworks and broader governance structures.