The federal banking agencies recently issued final interagency guidance concerning how large banks may control for climate-related financial risks ("climate risks"). The guidance is largely consistent with the proposal and continues the agencies' push to shore up banks' risk management to improve safety and soundness generally following the 2023 spring bank failures.

The guidance coincides with the release of a 1,500-page interagency final rule to change the implementation of the Community Reinvestment Act, and comes on the heels of final interagency guidance on third-party risk management, as well as proposed capital, long-term debt/bail-in, and resolution planning rules—all substantial undertakings.

The guidance directly applies to banks, thrifts, their holding companies, and the U.S. operations and individual branches/agencies of foreign banks that have $100 billion in total assets (which we refer to generally as "banks"). It continues the anti-tailoring trend whereby heightened expectations are directed toward large banks and banking organizations and may also inform how smaller banks approach these risks, either voluntarily or through the supervisory process.

Key Takeaways

  • No legal requirements, but still The guidance is not law/regulation and does not (purport to) create specific requirements. The guidance represents the agencies' views and will likely inform their supervision, particularly concerning risk management. Although the guidance is not prescriptive, banks will need to invest in new or evolving systems and processes to meet the agencies' risk management expectations.
  • More The agencies look to timely, accurate, consistent, complete, and relevant data to support sound climate risk management efforts. This will require new and ongoing techniques and learning, as well as reporting to boards. Banks will likely need to continue to learn from other industries (e.g., energy) and approaches of other jurisdictions with more developed frameworks (e.g., the European Union).
  • Climate stress tests. The agencies identify climate-related scenario analysis as an important, emerging approach to identify, measure, and manage climate Under the guidance, scenario analysis entails exercises used to conduct a forward-looking assessment of the potential impact on a bank of changes in the economy, changes in the financial system, or the distribution of physical hazards resulting from climate risks. Scenarios analysis (concerning potentially longer horizons and more permanent changes) is distinct from traditional stress testing, which typically assesses the potential impacts of transitory shocks to near-term economic and financial conditions.
  • Governance. The guidance is more in line with traditional language and expectations used for boards of directors versus management. For instance, boards are expected to "oversee" and hold management accountable, rather than "ensure" various processes, which may conflate roles. Whether the FDIC's separateand more general proposed guidance on governance and risk management will conform to these interagency principles remains to be seen. Outside of the governance principle, the guidance looks to management for a majority of the expectations.
  • No disclosures, no net zero The guidance does not require or expect any specific public disclosures, unlike other regulatory approaches. It also does not seek to transition to a lower carbon economy or target net zero greenhouse gas emissions by 2050.
  • No express compensation Although the draft guidance indicated that boards should consider whether compensation policies should change due to climate risks, the final guidance does not specifically reference compensation policies.

Six Principles

The agencies have previously indicated that all banking organizations, regardless of size, should consider climate

risk and control for material climate risk in their risk management frameworks.

The guidance seeks to clarify the agencies' expectations through six specific principles. Each principle's climate risk expectations are explored below, with specific roles for boards and management distinguished. We have omitted general corporate governance expectations.

1. Governance

  • Board
    • Direct management to provide timely, accurate, and well-organized information so the board can oversee the measurement and management of climate risks to the bank
    • Acquire sufficient information to understand the implications of climate risks across various scenarios and planning (e.g., possibly longer) horizons
    • Challenge management's assessments/recommendations when needed (e.g., weaknesses/gaps identified, incomplete information provided)
    • Assign accountability for climate risks through existing or new structures
  • Management
    • Assure sufficient expertise to execute the strategic plan and manage all risks effectively, including climate risks
    • Report regularly to the board on the level/nature of material climate risks with sufficient information so the board can understand the impacts on risk profile and make sound, well-informed decisions
    • Clearly define units' responsibilities and interaction with governance structures

2. Policies, Procedures, and Limits

  • Management
    • Incorporate material climate risks into policies, procedures, and limits to provide detailed guidance in line with the strategy and risk appetite set by the board
    • Modify policies, procedures, and limits to reflect climate risks (e.g., potentially longer time horizon and changes to the bank's operating environment or activities)

3. Strategic Planning

  • Board
    • Consider material climate risk exposures when setting and monitoring the bank's overall business strategy and risk appetite, and when overseeing management's implementation of capital plans
    • Consider and encourage management to address the potential impact of material climate-related financial risk exposures on the financial institution's financial condition, operations (including geographic locations), and business objectives over various time horizons
    • Encourage management to consider climate risk impact on operational and legal risks
  • Management
    • Address the potential impact of material climate risk exposures on the bank's financial condition, operations (including geographic locations), and business objectives over various time horizons
    • Consider climate risk impacts on the bank's other operational and legal risks
    • Consider the impact of climate-risk mitigation strategies on LMI and other underserved communities and their access to financial products/services
  • General
    • Climate-related strategies and commitments should align with and support the bank's broader strategy, risk appetite, and risk management framework
    • Public statements about climate-related strategies/commitments should be consistent with internal strategies, risk appetite statements, and risk management frameworks

4. Risk Management

  • Management
    • Develop/implement processes to identify, measure, monitor, and control exposures to climate risks within the bank's existing risk management framework
      • Risk identification should include input from stakeholders (e.g., business units, independent risk management, internal audit, legal) and assessment of climate risks across a range of plausible scenarios, under various time horizons
      • Develop processes to measure and monitor material climate risks and to communicate and report the materiality of those risks to internal stakeholders
      • Material climate risk exposures should be clearly defined, aligned with the bank's risk appetite, and supported by appropriate metrics (e.g., risk limits and key risk indicators) and escalation processes
    • Incorporate material climate risks into the bank's risk management system, including internal controls and internal audit
    • Outputs should inform the risk identification process and the short- and long-term financial risks to a bank's business model from climate change

5. Data, Risk Measurement, and Reporting

  • Management
    • Incorporate climate risk information into the bank's internal reporting, monitoring, and escalation processes to facilitate timely and sound decision making
    • Effective risk data aggregation and reporting capabilities allow management to capture and report climate risk exposures, segmented or stratified by physical and transition risks, based upon the complexity and types of exposures
    • Monitor developments in new data, risk measurement tools, modeling methodologies, and reporting practices and incorporate them into climate risk management

6. Scenario Analysis

Climate-related scenario analysis frameworks should be comprehensive and forward-looking; they should be applied by banks alongside existing risk management practices to evaluate the resiliency of banks' strategy and risk management to structural changes arising from climate risks.

These frameworks should include:

  • Clearly defined objectives that reflect the bank's overall climate risk management strategies
  • Exploring the impacts of climate risks on the bank's strategy and business model
  • Identifying and measuring vulnerability to relevant climate risk factors, including physical and transition risks
  • Estimating climate-related exposures and potential losses across a range of scenarios, including extreme but plausible scenarios

As for roles:

  • Board (as well as other responsible individuals within the organization)
    • Receive regular climate-related scenario analysis results, including appropriately detailed information to effectively convey the assumptions, limitations, and uncertainty of results
  • Management
    • Management should develop, implement, and oversee climate-related scenario analysis frameworks, including validation, and quality control standards, in a manner commensurate with the bank's size, complexity, business activity, and risk profile
    • Using the scenario analysis framework, identify data and methodological limitations and uncertainty in climate risk management and inform management's assessment of the adequacy of the bank's climate risk management framework

Management of Risk Areas

Consistent with other agency rules and guidance, risk assessment is a key part of a sound risk management framework, allowing management to identify emerging risks and to develop and implement strategies to mitigate material risks. The agencies identified the following key risks:

1. Credit Risk

  • Consider climate risks in underwriting/ongoing monitoring of portfolios
  • Assess potential changes in correlations across exposures or asset classes and monitor climate-related credit risks through sectoral, geographic, and single-name concentration analyses, including credit risk concentrations stemming from physical and transition risks
  • Determine credit risk tolerances and lending limits consistent with the bank's risk appetite statement

2. Liquidity Risk

  • Assess whether climate risks could affect the liquidity position and, if so, incorporate those risks into the bank's liquidity risk management practices and liquidity buffers

3. Other Financial Risk

  • Monitor interest rate risk and other model inputs for greater volatility or less predictability due to climate risks and, where appropriate, account for this uncertainty in risk measurements and controls
  • Monitor how climate risks affect the bank's exposure to risk related to changing prices, using developing, reasonably available methodologies, refined over time

4. Operational Risk

  • Consider how climate risk exposures may adversely impact a bank's operations, control environment, and operational resilience
  • Assess across all business lines and operations, including operations performed by third parties, and considering climate-related impacts on business continuity and the evolving legal and regulatory landscape

5. Legal and Compliance Risk

  • Consider how climate risks and risk mitigation measures affect the legal and regulatory landscape in which the bank operates, for instance:
    • Taking into account possible changes to legal requirements for, or underwriting considerations related to, flood or disaster-related insurance
    • Ensuring that fair lending monitoring programs review whether and how the bank's risk mitigation measures potentially discriminate against consumers on a prohibited basis, such as race, color, or national origin

6. Other Nonfinancial Risk

  • Board
    • Monitor how the execution of strategic decisions and the operating environment affect the bank's financial condition and operational resilience
  • Management
    • Monitor how the execution of strategic decisions and the operating environment affect the bank's financial condition and operational resilience
    • Consider the extent to which the bank's activities may increase the risk of negative financial impact and implement adequate measures to account for these risks where material

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.