Climate Risk Management at Financial Firms: A Good Start, But More Work to Do
Results from a Global Survey
Potential financial risks arising from climate change are an increasing area of focus, particularly for investors and regulators. To provide a benchmark for how mature firms are in their approach to climate risk management, in the first quarter of 2019, we undertook a global, cross-sectoral survey.
Our sample covered 20 banks and seven other financial institutions (comprising asset managers, insurers and financial market infrastructure companies) from across the globe. These firms have a global footprint, cutting across all regions. They collectively have about $20 trillion (USD) of assets on their balance sheets, manage assets of $12 trillion, annually process more than $1,500 trillion of securities and account for more than $1,300 billion in market capitalization.
The survey was structured around the main themes for climate risk reporting that have been developed through the Financial Stability Board’s Taskforce on Climate-related Financial Disclosures. The topics covered included the governance and strategy to deal with actual and potential climate-related risks; the approach to risk management of these risks; metrics, targets and limits used to assess and manage climate-related risks and opportunities; the use of scenario analysis to understand the risks; and disclosures of climate-related risks.
Climate risk will affect different types of firms in different ways, reflecting the diverse nature of the firms’ business models. The range of practices reported cover the spectrum from firms that are at the forefront of climate risk assessment to those that are just starting on the journey. We developed a maturity model for climate risk management that shows this range at an individual firm level.
Board-level governance is practiced at the majority of firms. Most firms (roughly 80%) have board oversight of climate-related risks and opportunities. Two-thirds of board members have seen papers on climate risk, which was introduced as a topic more than five years ago at roughly half of the firms. Senior managers (including C-suite level executives) are typically responsible for managing climate risk.
Though climate risk management is still in its infancy, firms are mostly taking a comprehensive approach. A majority of firms (55%) said they are taking a strategic (comprehensive) approach to climate risk – complete with board oversight and a long-term view of financial risks. Moreover, 95% of firms aim to have a strategic approach in the future. Only a few firms view climate change as a financial risk through a short-term lens, while just a handful describe their climate-risk approach as being driven mainly by reputational risk/ corporate social responsibility (CSR).
Self-assessment is inconsistent. There is a disconnect between how firms perceive their climate risk management approach and what they actually do. Half of the firms with little or no governance describe themselves as taking a strategic approach to climate risk, while a few of the firms with strong governance describe their approaches as either CSR or financial risk driven.
Current business strategies are not resilient enough to protect against future change, but climate risk does present opportunities. Only a handful of firms (15%) believe their current strategy is resilient to further climate change. However, 80% of firms have identified climate-related risks and opportunities. Moreover, 60% have introduced new products in response to climate-related risks and 40% have changed existing products.
Scenario analysis is the least developed aspect of climate risk management. Whereas around two-thirds of firms use metrics and targets, only 50% of firms currently use scenario analysis for climate risk management. Moreover, it is used mainly on an ad hoc basis (rather than for regular risk assessment), and only a few firms that regularly use scenario analysis actually leverage it to take actions.
Participants were asked about the governance of climate-related risk within their organizations. How many firms have board oversight of climate-related risk (with board members who have seen papers on this topic), and is senior management responsible for climate-related risks?
Board oversight of climate-related risk exists at most of the firms in our survey, and the majority of boards have indeed seen papers on climate risk. Moreover, most firms have more than one member of senior management responsible for climate risk, often at the C-suite level. However, a few firms said that while their board has oversight of climate-related risks and opportunities, they have not seen papers about it or discussed it.
Figure 1: Board Involvement
To understand how long climate-related risk has been managed, we also asked respondents when this risk was introduced at their firms. Around half of the firms reported that this was more than five years ago.
Figure 2: Time Period for Introduction of Climate Risk
Participants were asked how their organization’s strategy had been impacted by climate-related risk. We wanted to understand how many had the practice of identifying climate-related risks and opportunities. Using terminology borrowed from the Bank of England, we asked firms to specify whether their approach to climate risk management was responsible, responsive or strategic.
Just over half of respondents described their approach to climate-related risks as strategic, while more than 95% of the firms aim to have a strategic approach in the future.
Figure 3: Current and Aspirational Approach to Climate Risk Management
On the surface, this is positive, as it indicated that firms are aspiring to improve their approach to climate risk management. However, when analyzed a little more deeply, there is an interesting disconnect between firms’ self-assessment and what they actually do. Half of the firms in the bottom quartile (those with little or no governance, strategy, disclosure, metrics, targets, limits or scenario analysis) described their approach as strategic. On the other hand, a few of the firms with the most developed approach to climate-related risk management described themselves as responsible or responsive.
One possible explanation for this disconnect is that the firms that have not yet done much tangible risk management of climate risks “don’t know what they don’t know.” As firms undertake more work, their knowledge base will increase, they will become more aware of what they don’t know and become more modest and realistic in how they describe their capabilities.
Firms certainly see climate-related risks and opportunities, as Figure 4 illustrates. These are more heavily concentrated in the next five years, although many are over longer time horizons as well. But only a few firms (15%) felt that their strategy was resilient to further climate change.
Figure 4: Strategic Opportunities and Resilience
In response to climate risk, nearly two-thirds of firms have created new products – most commonly green bonds and other products positioned to facilitate the transition to a low-carbon economy. Less than half of firms have also altered some of their existing products, with many adding restrictions on lending-to-coal projects and other projects with larger climate impacts.
Figure 5: Products or Services Changed Due to Climate-Related Risks
To gauge the extent of firms’ current climate risk management capabilities, respondents were asked about the levels and nature of staff involved in climate risk management. Also, the survey explored the nature of any regulatory oversight of climate risk.
A minority of firms have a dedicated climate-related risk management function, and these tend to be an environmental risk or corporate social responsibility team. Less than half of the firms have embedded the risk into their credit risk (or other day-to-day risk functions), while just a few firms have cross-discipline teams working on climate-related risks.
Figure 6: Extent of Dedicated Climate Risk Functions
It is hard to judge the amount of resource that is being allocated to climate risk. About half of the responding firms have zero or one person working full-time on climate risk, but the firms that have embedded climate risk into their day-to-day functions noted that more people are working on climate risk than the number of people reported. Most of the staff working on climate-related risks are located in the head office.
Only a quarter of respondents have explicit regulatory oversight of climate-related risks. But many that are not currently subject to regulatory oversight are expecting to be in the future.
Participants were asked about the use of metrics, targets and limits within their climate-related risk management processes. For the survey, these terms were defined as follows:
Setting metrics, targets and limits for climate-related risks enables firms to understand these risks and incorporate them into their risk appetite statements. We wanted to understand how many firms are exercising these practices.
Figure 7: Use of Metrics, Targets and Limits Across Firms
Around two-thirds of firms in our sample use metrics and targets, but under half use limits (see Figure 7). But these are used for different purposes. As Figure 8 shows, limits are more commonly used for managing assets and liability risks, whereas metrics and targets are more commonly used for managing the firms’ own operations (e.g., measuring carbon emissions).
Figure 8: Use of Climate-Related Metrics
In the cases where firms are using metrics and limits for managing asset and liability risks, these are generally part of the firm’s risk management framework and are aligned with the firm’s strategy. Targets are less likely to be part of the risk management framework, perhaps not surprisingly as they are more concerned with firms’ own operations.
As Figure 9 shows, targets are most commonly monitored at an annual frequency, whereas monitoring for limits is fairly evenly spread between daily and annually frequency.
Figure 9: Frequency of Monitoring Targets and Limits
Digging into limit setting a little further, Figure 10 shows that respondents sets limits more often to manage assets than liabilities, with limits being set most commonly at the sectoral/industry level.
Figure 10: Levels for Setting Limits
Given the range and timing of possible climate-related impacts, scenario analysis is an important and valuable tool firms may utilize in developing strategies that are prepared for climate changes.
Participants were asked about their current use of scenario analysis for assessing climate-related risk and the actions taken as a result of these analyses. As Figure 11 shows, only about half of the firms stated that they use scenario analysis. At these firms, it tended to be used more on an ad hoc basis than as a regular part of risk assessment, and under half of those performing climate scenario analysis used their main stress testing infrastructure. Figure 11 also confirms that few firms have taken any action as a consequence; the few firms that did, mainly tried to improve disclosures, with just a couple changing their lending practices.
Figure 11: Use of Scenario Analysis
Of those firms that do use scenario analysis, the most common timeframes are 1 to 5 years and 10 to 30 years (see Figure 12).
Figure 12: Time Horizon for Scenarios Used
Participants were asked about their disclosures concerning governance (board oversight, senior management involvement); strategy (how long the firm has been assessing climate risk, the time horizons over which risks and opportunities have been identified, the aspects of the business that were affected, and whether the strategy is resilient to further climate change); and risk management (the process for identifying, assessing and managing climate-related risks).
We wanted to understand how many firms had the practice of disclosing this information, and the progress they are making to meet the TCFD recommendations. Figure 13 shows that not all firms disclose all the information that the survey asked about. Two-thirds (18 respondents) disclosed the governance-related questions, although only half of these regarded the disclosures as compliant with the TCFD standards. Fewer firms disclosed information on strategy and risk management. Across all categories, many firms are working to meet the TCFD standards in the future.
Figure 13: External Disclosures and TCFD Requirements
By aggregating the scores that participating firms received on each of the topics, we developed a maturity model for climate risk management. A maturity model is a useful measure of progress in building a set of capabilities, and accordingly helps firms prioritize future improvement areas. In this case, the maturity model shows a wide distribution of progress in climate risk management, with some firms already having strong capabilities, and others having not begun.
Figure 14 shows the scoring out of 100 for each of the survey categories. Firm 1, for example, scores very well on governance and disclosure, a little less well on strategy and metrics, and less well again on targets, limits and scenario analysis. Firm 27, in contrast, scores nothing.
Figure 14: A Maturity Model of Climate Risk Management
As Figure 14 shows, more than half of the respondents score well on governance, having established board-level oversight for climate risk. Most firms have considered their strategy in light of climate change and are disclosing climate risk information. Most firms have metrics (although there aren’t targets and limits corresponding to the metrics), and just over half of the firms use scenario analysis to understand the effect of climate risk on their business. Those firms that don’t have board/senior management responsibility for climate risk also are less advanced with their strategy, disclosure, metrics, targets, limits and scenario analysis.
Figure 15 shows the same information, but the scores are simply added together to give a better sense of the gap between the best in class (Firm 1, which scores just over 500 out of a theoretical maximum of 700), and the weakest in class (Firm 27, which is yet to do anything to manage its exposure to climate risk). At least a fifth of the respondents have either incorporated it in a very limited way or not at all.
Figure 15: Range of Practices Across Firms
Overall, the survey confirms that climate risk management is generally in its infancy. Firms are at different stages of maturity in their approach to climate risk management, and their self-assessments of their current maturity levels are inconsistent. Perhaps those firms that have not really started undertaking this in earnest are not yet aware of what they need to do.
Most firms have established board-level governance, and many firms have incorporated climate-related risks into their strategy. While most firms have climate risk metrics for both operations and asset/liability management, they don’t yet have targets for the greenhouse gas emissions of their counterparties, clients or assets under management. Scenario analysis, moreover, is still in an early stage. Indeed, even for those firms that have been using it, scenario analysis hasn’t typically led to risk management actions. Disclosures are still a work in progress.
Our companion paper, Climate Risk Management at Financial Firms: Challenges and Opportunities, provides an introductory guide to managing the financial risks arising from climate change. Given mounting regulatory scrutiny and the increased focus on disclosures, it is likely that firms will need to start paying greater attention to this area.
About the Authors
Jo Paisley, President, GARP Risk Institute, served as the Global Head of Stress Testing at HSBC from 2015-17, and as a stress testing advisor at two other UK banks. As the Director of the Supervisory Risk Specialists Division at the Prudential Regulation Authority, she was also intimately involved in the design and execution of the UK’s first concurrent stress test in 2014.
Maxine Nelson, Senior Vice President, GARP Risk Institute, is a leader in risk, capital and regulation. In her career, she has held several senior roles where she was responsible for global capital planning and risk modelling at banks. She also previously worked at a UK regulator, where she was responsible for counterparty credit risk during the last financial crisis.