The German Federal Financial Supervisory Authority (BaFin) published1 on October 16, 2019, its Consultation 16/2019: Guidance Notice on Dealing with Sustainability Risks (the Draft Guidance Notice). The objective of this Draft Guidance Notice is to provide entities supervised by the BaFin with guidance on dealing with the increasingly important issue of sustainability risks. The Draft Guidance Notice represents an addition to the BaFin's expectations set out in its minimum requirements for risk management (Mindestanforderungen an das Risikomanagement - MaRisk) that already provide guidance for risk management by credit institutions2, insurance undertakings3 and asset management companies4.

This Client Alert looks at the Draft Guidance Notice and analyzes the strategies for responsible governance and business organization that the notice proposes in light of the central issue of risk management. The BaFin's actions in this area are likely to be of interest not only for entities supervised by the BaFin, but also for non-German entities, since the principles of the Draft Guidance Notice may begin to serve as inspiration for similar action at the EU level or by other national regulators. Although the Draft Guidance Notice is likely to be amended following the consultation, affected firms may already want to begin to forward plan how to implement these BaFin expectations.

The Draft Guidance Notice was published for public consultation, and interested stakeholders had the opportunity to comment on the BaFin's expectations and recommendations. The consultation period ended on November 3, 2019.

Overview of the Draft Guidance Notice

In terms of structure, the Draft Guidance Notice is split into 10 sections, with the first two set as an introduction. There the BaFin is keen to highlight the fact that the Draft Guidance Notice does not change the already existing legal requirements contained in the BaFin Circulars MaRisk, MaGo and KAMaRisk and that the relevant risks should continue to be adequately considered and documented appropriately by concerned entities. The Draft Guidance Notice also does not purport to reduce or extend any legal or supervisory requirements already in force as regards sustainability risks.

Sustainability risks are defined as environmental, social and governance (ESG) events or conditions that may potentially have negative impacts on the asset, financial and earnings situation or reputation of an entity. BaFin regards sustainability risks not as a separate category of risks but rather as a component of risk types that have already been dealt with in the existing guidance on risk management. Such risk types include credit risk/counterparty default risk, market risk, liquidity risk, operational risk, insurance risk, strategic risk and reputational risk.

Strategies of supervised entities and responsible governance

BaFin encourages supervised entities to develop standalone strategies or supplement their already existing ones with appropriate measures to handle sustainability risks. This includes reviewing their business strategy for sustainability risks and asking appropriate questions to determine whether a particular type of risk is material and whether adjustments to the business model are necessary to take account of physical or transition risks amongst others. Supervised entities should review their risk strategy again via asking questions in order to determine how risks can be better measured, managed and excluded. For example, banks should consider to what extent they provide real estate financing in areas at risk of flooding or finance companies with business models based primarily on fossil fuels . The strategy for handling sustainability risks should then be clearly communicated to the entity's managers, employees, clients and investors.

Business organization

BaFin recommends that a comprehensive review should be carried out to integrate sustainability risks into the existing organizational guidelines and systems maintained by firms. The supervised entities are free to determine the level of detail, while sufficient resources are required to handle sustainability risks in the respective risk management system(s) of a firm. A review should be carried out to determine if and how sustainability risks are integrated into existing processes for credit business/underwriting/investment decisions, risk management and risk control. If separate processes are being set up, the seamless integration of these separate processes must be ensured.

BaFin also requires supervised entities to dedicate sufficient resources to handle sustainability risks. This may include setting up a separate "sustainability unit".

Methodology for assessing sustainability risks

Supervised entities should review the methods and procedures for identifying, evaluating, managing and monitoring sustainability risks at regular intervals. BaFin also encourages the defining of methods for managing and limiting sustainability risks consistent with the business and risk strategy. Among the methods mentioned by BaFin are:

  1. exclusion criteria and limits (e.g. defining companies, sectors and regions that are excluded as investments or subject to investment limits);
  2. positive lists (e.g. defining companies, sectors or regions that are preferred for investment);
  3. "best-in-class approach" (identifying companies that outperform their peer group for the sustainability criteria chosen); and
  4. engagement (i.e. engaging in dialogue with companies to encourage them to adopt a more sustainable approach).

The aforementioned methods should not only be applied to investment decisions but also to credit decisions.

Banks and investment firms should also comply with additional principles based on MaRisk. Namely this includes:

  1. in the context of regular risk inventory, institutions shall also examine which sustainability risks may materially impair their financial position, financial performance or liquidity position;
  2. based on their overall risk profile, institutions shall also ensure that risks identified as material are constantly covered by adequate capital;
  3. the processes for credit business shall also include sustainability risks; and
  4. factors affecting the value of collateral should also include (future) sustainability risks.

Stress testing and scenario analyses

BaFin requires supervised entities to conduct stress tests in which they take into account adverse events caused by sustainability risks, including transition scenarios.

Use of ratings

Traditional credit ratings in line with the EU Credit Rating Regulation5 only take account of the factors required to assess the creditworthiness of an entity or the credit risk of a financial instrument and may or may not include ESG factors. The BaFin therefore also encourages the use of ESG ratings to assess the sustainability of investments. However, users of ESG ratings should carry out appropriate plausibility checks and distinguish between sustainability aspects and creditworthiness or credit risk aspects, if these are not connected.


In a statement dated November 1, 2019, the German Banking Industry Committee (Deutsche Kreditwirtschaft) criticized the Draft Guidance Notice. In particular, the German Banking Industry Committee argues that the Draft Guidance Notice is too detailed and prescriptive and leaves too little discretion to supervised entities. Other concerns include the perception that sustainability risks in existing risk management procedures will be difficult to implement because the time horizon of such risks is much longer than the time horizon of other factors. In addition, quantifying sustainability risks for an individual supervised entity is often much more difficult than quantifying other risk factors.

The German Banking Industry Committee has also said that it prefers to wait until further rules and guidance at the European Union level are available. These include, for example, the sustainability taxonomy and the guidance that the European Banking Authority (EBA) is scheduled to provide under the CRR II and CRD IV with respect to the incorporation of sustainability risks into risk management and on the prudential treatment of assets from a sustainability perspective.

Following the BaFin's review of comments in the consultation, it is likely that the BaFin will promptly move to publish a revised version. Given the far reaching scope of these new requirements, supervised entities should examine their risk management system with a view to assessing the implementation of sustainability factors.


1 Available here.

2 Minimum Requirements for Risk Management (Mindestanforderungen an das Risikomanagement – MaRisk).

3 Minimum requirements on the system of governance of insurance undertakings (Mindestanforderungen an die Geschäftsorganisation von Versicherungsunternehmen – MaGo).

4 Minimum requirements for the risk management of asset management companies (Mindestanforderungen an das Risikomanagement von Kapitalverwaltungsgesellschaften – KAMaRisk).

5 Regulation (EU) No 462/2013, available here.

Dentons is the world's first polycentric global law firm. A top 20 firm on the Acritas 2015 Global Elite Brand Index, the Firm is committed to challenging the status quo in delivering consistent and uncompromising quality and value in new and inventive ways. Driven to provide clients a competitive edge, and connected to the communities where its clients want to do business, Dentons knows that understanding local cultures is crucial to successfully completing a deal, resolving a dispute or solving a business challenge. Now the world's largest law firm, Dentons' global team builds agile, tailored solutions to meet the local, national and global needs of private and public clients of any size in more than 125 locations serving 50-plus countries.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.