On 24 October 2022, the European Banking Authority ("EBA") published a report (the "Report") on how to incorporate Environmental, Social, and Governance ("ESG") risks in the supervision of investment firms. The Report was produced under the EBA’s mandate provided by Article 35(d) of the Directive 2019/2034 (the "Investment Firms Directive"). This report complements the report of the EBA from June 2021 (The "Earlier Report") on the management and supervision of ESG risks for credit institutions and investment firms (in accordance with Article 98(8) Capital Requirement Directive (CRD)) and Article 35 of the Investment Firms Directive). The Earlier Report provides common definitions of ESG risks and elaborates on the arrangements, processes, mechanisms, and strategies to be implemented by credit institutions and investment firms to identify, assess, and manage ESG risks. The earlier report also provides recommendations as to how ESG risk considerations should be included in the supervisory review and evaluation of institutions performed by competent authorities. The Report further sets out the foundation for integration of the ESG considerations in the process of supervisory review and evaluation of investment firms in a proportionate matter.
In order to ensure the integration of ESG considerations in supervision, the EBA considers it necessary to integrate ESG factors and risks into the scope of the Supervisory Review and Evaluation Process ("SREP") and in particular on the business model analysis, assessment of internal governance and risk management and on assessment of risks.
The business model analysis
In order to reflect ESG factors and risks in the supervisory evaluation, the EBA considered it is necessary to incorporate these factors into business model analysis:
- consideration by the competent authorities of ESG factors and risks in their assessment of the investment firm’s main activities, geographic presence and market.
- a quantitative analysis, to understand investment firm’s financial performance, and a qualitative analysis, to understand the success drivers and key dependencies of its business. In addition, the strategy and financial plans of Investment Firms including the assessment of short-term viability and medium-term sustainability of the business model must be taken into account.
Assessment of internal governance and risk management
The report sets out criteria that the competent authorities should use when assessing internal governance and investment firm-wide controls. Where relevant it is important that competent authorities consider how ESG factors and ESG risk management have been integrated into the overall internal governance framework, more specifically regarding:
- suitable and transparent organisation and operational structure with clearly defined and allocated responsibilities regarding ESG factors and risks monitoring, including those of the management body and its committees;
- sound internal governance framework including an internal control framework that considers ESG factors and risks, including by the compliance function and, where appropriate and proportionate, an internal risk management and internal audit function;
- effective provision of services in the field of ESG investment, with sufficient human and technical resources;
- consideration of ESG factors and risks in the investment firms’ business and risk strategy and risk appetite; and effective policies and processes to identify, assess, manage and mitigate ESG factors and risks, appropriately reflecting specificities of ESG risk drivers and their impact.
Furthermore, the report states that the management body (sufficient skills, expertise and knowledge related to the management of ESG risks), the risk culture, the remuneration policies and practices, risk management and information systems and internal controls must also be taken into account from the point of view of ESG considerations.
Assessment of risks
ESG risks can materialise in the form of existing risks to capital or liquidity risk. The SREP guidelines set out the criteria for competent authorities when assessing risks to capital and risks to liquidity, into which competent authorities may decide to incorporate ESG considerations, where such risks are material. As a matter of example one may consider risks:
- Relating to the client
Competent authorities should assess risk-to-client arising from investment firms’ assets under management, client money held, assets safeguarded and administered.
- Relating to the firm
Competent authorities should assess risk-to-firm arising from different risk factors such as exposure to the default of trading counterparties, operational risk from daily trading flow, and concentration risk due to large exposures, the book value of assets, the failure of counterparties, the positions in financial instruments and commodities.
- Relating to the market
The Report states that competent authorities should assess risk-to-market arising from exposures on the trading book of an investment firm dealing on own account. In addition, competent authorities could also consider ESG factors in their assessment of the investment firm’s liquidity risk. The Report includes the conduct risk, the regulatory, legal and fiscal risks and the reputational risk.