PRA consults on enhancing banks and insurers’ approaches to managing climate-related risks

On 30 April 2025, the Prudential Regulation Authority (“PRA”) published a consultation on ‘Enhancing banks’ and insurers’ approaches to managing climate-related risks’ (“CP10/25”). The consultation includes a draft Supervisory Statement (“SS”), which would build on and replace the PRA’s previous statement on managing climate-related risks from 2019 (“SS3/19”), clarifying regulatory expectations for the management of climate-related risks. The proposals, once adopted, will apply to all UK banks and insurers[1].

The PRA recognises that significant progress has been made by firms, but that progress “is uneven and more needs to be done”. The proposals aim to achieve better integration and understanding of climate-related risks in relation to firms’ business models, and physical risks from climate change. 

The PRA builds on existing expectations 

The proposals consist of a series of supervisory expectations for effective risk management practices, rather than rules for banks and insurers to follow and, consistent with the ‘PRA’s Supervisory Approach to Banking and Insurance’, the PRA’s new framework will be proportionate and risk-based.

In practice, many of the proposals apply existing regulatory approaches to risk management, with a specific focus on climate-related risks. Institutions with a well-developed risk management and internal controls programme will already have a good basis from which to implement changes to meet the new expectations, and efforts to prepare for the latest proposals will in many cases benefit from an early gap analysis to identify how existing controls fulfil the objectives of this latest statement. 

Where SS3/19 focused on four areas (governance, risk management, scenario analysis and disclosure) the new draft SS covers seven (governance, risk management, climate scenario analysis, data, disclosures, banking-specific issues, and insurance-specific issues). In the round, this expanded set of focus areas could provide firms with more clarity on how to meet the PRA’s newly articulated expectations. 

Timing and next steps

Once the proposed SS is finalised, it will replace SS3/19 in its entirety and take effect immediately. However, the PRA has said that firms will have 6 months before supervisors ask them to evidence their internal assessments, gap analyses, action plans or other steps taken to meet the PRA’s updated expectations. 

The PRA has requested responses to the consultation by Wednesday 30 July 2025.

The PRA’s proposals in more detail

Set out below are some of the highlights from the seven focus areas in the new draft SS.

Chapter 1: Governance

1. The board should ensure there is a periodic review of the firm’s risk appetite, climate-related risk management practices and strategy. The timing of these reviews should be determined by the firm.
    
2. Firms should be able to demonstrate how they have integrated their plan to meet climate goals into their business strategy, with the board agreeing climate-specific risk appetite statements for material climate-related risks.
    
3. Management responsibilities for identifying and managing climate-related risks should be set at an appropriate level of seniority within the organisation. Related rewards and individual accountability should be more clearly linked to the successful delivery of a firm’s objectives in respect of climate-related risks. 
    
4. Management bodies responsible for setting the strategy within the firm should provide their board with the relevant information on climate-related risks and an analysis of the performance of the firm’s business strategy under a range of climate scenarios. Firms should provide the board with relevant training.
    
5. Climate-related risks should be incorporated into third party outsourcing and internal control frameworks.

Chapter 2: Risk Management

1. Firms should periodically carry out structured risk identification and assessment to identify the material climate-related risks they face and appropriately classify them in the firm risk register. Additionally, firms should undertake a client, counterparty, investee and policyholder risk identification and risk assessment.
    
2. Firms should develop their own quantitative risk appetite metrics and limits for each material climate-related risk they face. 
    
3. Firms would also be expected to develop and employ an appropriate internal risk reporting infrastructure to allow for regular as well as ad-hoc reporting of climate-related risks to the board and its relevant sub-committees.
    
4. Firms should assess the impact of climate-related risk drivers from the perspective of both their general operations and their ability to continue providing critical operations. Firms should assess the extent to which their operational resilience may be negatively impacted by changes in physical climate-related risk. 

Chapter 3: Climate Scenario Analysis (“CSA”)

1. Firms should seek to ensure that their CSA captures all material climate-related risks, considering multiple and diverse climate scenarios across time horizons. 
    
2. Firms would be expected to explore a range of plausible future outcomes covering both physical and transition risks, including adjusting the intensity of scenarios for the assessment of climate risks. Firms would also be expected to include relevant jurisdictional climate targets.
    
3. CSA should be used in a proportionate manner, and firms should include CSA as part of their Internal Capital Adequacy Assessment Process (“ICAAP”) or own risk and solvency assessment (“ORSA”).

Chapter 4: Data

1. Firms should have systems in place to collect and aggregate accurate and reliable climate-related risk data as part of their overall data governance and IT infrastructure.=
    
2. Firms should explain how they identify and assess any data gaps – which in general remain a significant challenge - and quantify the resulting uncertainty. The Climate Financial Risk Forum’s Climate Disclosures Dashboard 2.0 provides useful guidance. 
    
3. Where data gaps have been identified and can be remedied by further investment in tools, frameworks and capabilities, firms should have strategic plans in place to manage and close those gaps. 
    
4. Where firms rely on external data providers, they should have an effective system of governance to oversee and integrate the data provided. In addition, firms should plan their strategic development of in-house capabilities.

Chapter 5: Disclosures

1. The PRA intends to replace a reference to Task Force on Climate-related Financial Disclosures (“TCFD”) recommendations with reference to UK Sustainability Reporting Standards (“UK SRS”) (subject to the completion of the UK endorsement process). This is to bring the disclosure standards into line with current practice. Other than the change of reference from TCFD to UK SRS, the PRA is not proposing any other changes to disclosure expectations in CP10/25.

Chapter 6: Banking-specific issues

1. The proposals provide clarity on how to apply existing PRA policies and expectations related to: financial reporting, ICAAP, Internal Liquidity Adequacy Assessment Process (“ILAAP”), and credit risk, market risk and reputational risk for climate-related risks.
    
2. The PRA proposes that, amongst other things, banks should have appropriate data-driven processes in place to ensure timely capture of climate-related risks for financial reporting purposes, subject to effective governance.
    
3. Banks should provide information about how they have determined the materiality of climate-related risks in their ICAAPs, as well as methodologies, assumptions, judgements, proxies and subsequent uncertainties used in assessing climate-related risk for the purposes of ICAAPs. 
    
4. Banks should continue to use the ILAAP as the key framework within which to consider the liquidity risks from climate change, and have clear processes and policies to identify, measure, monitor and mitigate climate-related credit risks.
    
5. Firms should understand how climate-related risks translate into market risks, and understand the impact of climate-related risk drivers that may increase strategic, reputational and regulatory compliance risk.

Chapter 7: Insurance-specific issues

1. The PRA has made proposals to address its observations that insurers’:
   
   
   1. efforts to embed climate-related risk within their risk appetite statements, including both qualitative and quantitative measures, are still ongoing;
       
   2. ORSAs do not always assess the potential impact of climate change with sufficient depth or granularity;
       
   3. Solvency Capital Requirements do not consistently reflect the impact of climate-related risk in all relevant risk categories; and
       
   4. valuations of assets and liabilities are not always consistent regarding the inclusion of climate-related risk. 

[1] Specifically, (i) all UK insurance and reinsurance firms and groups, ie Solvency II and non-Solvency II firms, including the Society of Lloyd’s and managing agents (collectively, ‘insurers’), and (ii) banks, building societies, and PRA-designated investment firms (collectively, ‘banks’).