Skip to main content

Prudential plans, portfolio alignment and plenty of work to do: the EBA sets out its stall on ESG risk management

Relevant to: Executives (CROs, CSOs, CCOs, COOs), Sustainability teams, Risk teams, Strategy and Compliance; Legal Counsel and Board Members within banks and investment firms in scope of CRD/CRR.

At a glance:


  • The EBA is consulting on guidelines on management of ESG risks, providing detail on key provisions of the forthcoming Capital Requirements Directive (CRD6).
  • The draft guidelines include provisions on ESG risk management, and some detail on what the EBA terms ‘prudential transition plans’. Social and governance risks are in scope, as per previous EBA publications on ESG (but in contrast to the ECB’s focus to date on Climate and Environmental risks).
  • Conducting robust materiality assessments remains a central pillar to the ESG risk management approach. Under the new guidelines, certain sectors will be assumed to be materially exposed unless proved otherwise.
  • All in-scope institutions will be expected to use at least one portfolio alignment methodology in their risk management, which measures the gap between existing portfolios and benchmark scenarios.
  • The EBA plans to finalise the guidelines by end-2024 and expects the guidelines to apply from the CRD6 application date, which we anticipate being Q4 2025.
  • While the EBA’s decision not to set out overly prescriptive rules on prudential transition plans may provide welcome flexibility, we see a need for further clarity in certain areas – in particular, how the plans should sit alongside CSRD transition plans, and how supervisors will assess them.

On 18 January 2024, the EBA consulted on guidelines on the management of ESG risks. The EBA held a public hearing on the consultation earlier this month, which provided additional clarity on aspects of the consultation.

The draft guidelines provide further detail on key provisions on ESG in the forthcoming CRD6. The guidelines cover the following:

  1. Minimum standards and reference methodologies for the identification, measurement, management, and monitoring of ESG risks.
  2. Qualitative and quantitative criteria for the assessment of the impact of ESG risks on the risk profile and solvency of institutions in the short, medium, and long term.
  3. The content of prudential transition plans.

The guidelines will apply to all institutions within scope of CRR (henceforth referred to as ‘institutions’) – i.e. credit institutions and class 1 and 1 ‘minus’ investment firms, at all levels of consolidation. The scope of the guidelines will include banks currently in scope of the ECB’s existing supervisory guide on climate and environmental risks. Requirements for investment firms outside the scope of CRR (i.e. IFR and IFD firms) are being developed separately by the EBA.

The EBA describes the guidelines as the new, principal reference addressed to institutions on ESG risk management. Yet the guidelines sit within a broader workstream at the EBA on ESG – which includes existing guidelines on loan origination and monitoring, guidelines on governance and remuneration policies, and forthcoming updates to guidelines on stress testing and the SREP. The new guidelines are intended to draw from and complement those publications. As a result of this approach, further detail on some important elements of the ESG risk management framework - such as stress testing and supervision - will not become clearer until a later point when the accompanying guidelines are updated (expected to be towards the end of 2024).

In this blog, we discuss our view of the key points of interest for institutions contained within the draft guidelines.

1. Prudential transition plans


Transition plans, but with a prudential twist

The forthcoming CRD6 will require institutions to set out ‘prudential plans’ to manage ESG risks over the short, medium and long term, and, importantly, give supervisors powers to assess those plans. The EBA refers to prudential plans in a variety of ways throughout the guidelines, including ‘prudential transition plans’ and ‘CRD-based plans’. Where necessary, supervisors will be able to require institutions to reduce their exposure to short-, medium- and long-term ESG risks through changes to business strategies, governance and risk management. This could include asking institutions to reinforce the targets, measures and actions included in their prudential plan.

In short, the EBA describes these plans as an articulation of the strategic actions and risk management tools that banks are using to ensure that they are resilient to ESG risks across different time horizons – with a long-term planning horizon of at least 10 years, and an intermediate milestone of 2030. This includes setting targets for risk management and strategic steering purposes – which could be based, for example, on metrics such as financed emissions, portfolio alignment, income-based measures or energy efficiency of collateral.

The prudential plans would then need to be reviewed by management, documented and integrated into business strategies and aligned with a bank’s funding strategy, risk appetite, ICAAP, overall risk management framework and public communication.

The principle behind the plans is relatively straightforward – that institutions should be able to articulate how they are managing material ESG risks over longer time horizons. Indeed, SSM banks which are already working towards an end-2024 deadline for full alignment with the ECB’s supervisory expectations may find that, by the time the guidelines apply, they can produce their prudential plan largely by consolidating existing practices into a single document. Listed institutions that are in scope of the EBA’s Pillar 3 requirements for ESG risk are also already required to disclose how they are integrating ESG risks into their business strategy, risk management and governance – although the ECB’s latest report on the quality of banks’ disclosures concluded that they remain ‘patchy’ and incomplete.

Some areas of uncertainty remain

There are still some areas of uncertainty about prudential plans that the EBA may need to clarify at a later stage – in particular, how it expects the plans to sit alongside publicly disclosed transition plans under CSRD (which have a different purpose and scope to prudential plans), and expectations around the format and content of the plans. The EBA said in the public hearing that it did not want to be too prescriptive in its guidelines. While flexibility is generally welcome, it introduces a degree of uncertainty and will make individual banks’ plans less comparable. Banks may need to wait for forthcoming guidelines on the SREP to understand the criteria that their plans will be assessed against and, ultimately, what ‘good’ looks like.

All that said, given their inclusion in the soon-to-be-finalised CRD6, it is safe to assume that prudential plans are here to stay, and banks should allocate responsibilities for development, implementation and monitoring of the plans. Given the need for the plans to be consistent with banks’ broader transition plans, business strategies, risk appetite, ICAAP and overall risk management framework, it will be vital for banks to ensure that prudential plans are not prepared in isolation from these other initiatives.

2. General provisions on ESG risk management


Materiality assessments are the starting point

Supervisors, particularly in the EU, have been clear for a number of years that they consider robust materiality assessments to be the crucial starting point for ESG risk management. This remains the case in the EBA draft guidelines – including for prudential plans. The materiality assessment would identify the sectors or exposures for which banks need to set out a plan for mitigating short-, medium- and long-term ESG-related risks.

Materiality assessments are resource intensive, and many banks - at least, those supervised by the ECB - will need to up their game at conducting the assessments. Banks supervised by the ECB had an interim deadline of March 2023 to perform a robust materiality assessment in line with the ECB’s climate and environmental risk guidelines. Yet, according to the ECB, multiple banks missed that deadline – evidencing just how difficult it is to do a materiality assessment, let alone do one well.

The EBA’s clarification of expectations will be useful for institutions, particularly those outside the scope of the ECB’s supervision, which may not have conducted a materiality assessment yet or had detailed feedback on how to do one in line with supervisors’ expectations.

Certain sectors should be deemed materially exposed unless proved otherwise

The EBA has specified that institutions’ exposures to certain sectors (including oil, gas, mining, and transportation) should be presumed to be materially exposed to environmental transition risk unless proved otherwise – with taxonomy alignment given as an example of criteria for proving otherwise. This means that institutions will be required to set out plans for managing short-, medium- and long-term risks for the vast majority of their exposures to those sectors.

Portfolio alignment at the forefront

The draft guidelines set out the methodologies that the EBA expects institutions to use to identify, measure, manage and mitigate ESG risks. For identification and measurement, the EBA proposes a three-layered approach – ‘exposure-based’ (i.e. counterparty level) analysis in line with EBA guidelines on loan origination and monitoring, ‘portfolio-based’ analysis (i.e. use of portfolio alignment methodologies), and ‘scenario-based’ analysis (i.e. scenario analysis and stress testing). Stress testing will be covered in more detail in forthcoming guidelines.

All three layers will be familiar concepts for banks in scope of the ECB’s existing climate and environmental risk management expectations. Of the three, use of portfolio-based analysis, and in particular portfolio alignment methodologies, are likely to be the most different to current practices for less advanced institutions.

Portfolio alignment seeks to measure the gap between existing portfolios and benchmark scenarios (such as the EU’s 2030 or 2050 emission reduction targets) – creating a forward looking metric benchmarking the portfolio’s current emissions pathway against required emissions pathways to meet climate targets. It is already a part of the EU disclosure framework – in-scope institutions should be working towards an end-2024 deadline to disclose the Paris-alignment of their portfolios in their Pillar 3 disclosures. But the EBA’s consultation proposes turning it into a minimum risk management requirement for the first time. Under the draft guidelines, all institutions will be expected to use at least one portfolio alignment methodology in their risk management.

For the largest, listed institutions, measurement of portfolio alignment will be mandatory for, at a minimum: power; fossil fuel combustion; automotive; aviation; maritime transport; cement, clinker and lime production; iron and steel, coke, and metal ore production and chemicals. Institutions will need to assess the alignment of those portfolios with the International Energy Agency (IEA) net zero emissions by 2050 scenario.

Other institutions (outside the scope of the EBA’s Pillar 3 requirements, but not meeting the definition of a Small and Non-Complex Institution) will be required to assess portfolio alignments for their materially exposed portfolios. Small and Non-Complex Institutions are not off the hook either but can measure portfolio alignment based on a representative sample of exposures in their portfolios.

Robust portfolio-level analysis will inevitably rely on regular collection of granular current and forward-looking emissions data from counterparties, and engagement and review of disclosures to understand their transition plans and assess their credibility. A recent publication by the ECB, conducting an ‘alignment assessment’ of institutions’ portfolios (comparing projected production volumes in key economic sectors with the required rate of change to meet climate objectives) provided a timely demonstration of the art of the possible. Indeed, the ECB has suggested that institutions use its methodology to meet the Pillar 3 disclosure requirement.

Supervisors clearly see portfolio alignment metrics as a useful tool, and will likely use them to benchmark institutions against each other and against their climate goals. Given the ECB’s findings on the extent of misalignment of banks’ credit portfolios with the EU climate transition pathway, and the heightened transition and litigation risk that misalignment implies, it would be sensible for institutions to start actively managing their portfolios against portfolio alignment metrics soon.

Social and governance risks in scope

The focus to date from the EBA and ECB has been on climate and environmental risks. Nevertheless, the EBA’s draft guidelines apply to ESG risks – and institutions will eventually be scrutinised on their ability to measure, monitor, manage and mitigate those risks by supervisors. This is important as the “S” risks are likely to increase over time as companies make the changes required to transition e.g., changes that affect staff and supply chains. For now, at least, other EU transition plan requirements (in CSRD for example) do not require in-scope companies to take S and G risks into account in their transition planning (albeit there are broader disclosure obligations related to those risks).

Portfolio-level assessments, as described above, will also be required for broader ESG risks. Institutions are expected to use additional portfolio level methodologies (such as heatmaps or scoring systems) to assess portfolio level broader ESG risks. Large, listed institutions will also be required to develop methods to identify portfolio-level natural capital dependencies and measure the impact of their portfolios on (and financial risks arising from) achievement of the UN’s Sustainable Development Goals.



The guidelines cover a lot of ground, but we see the key areas that institutions will need to consider carefully as being transition planning, materiality assessments, and portfolio alignment.

SSM banks should not assume that the familiarity of many of these expectations means that they are readily achievable. Experience to date suggests otherwise. Furthermore, the guidelines include important new obligations and institutions will need to invest time and resources to get them right.

Consistency across prudential plans, broader transition plans, business strategies, risk appetite, ICAAP and the overall risk management framework will be vital. Institutions will also need to ensure that they focus on obtaining forward-looking data from counterparties – through dialogue and engagement and through extracting data from sources such as counterparties’ transition plans.

While the exact timing of implementation for the guidelines is uncertain (as it depends on adoption of CRD6/CRR3), we anticipate that they are likely to apply in Q4 2025 (based on an 18-month transposition period for Member States). Institutions, in particular those outside the scope of ECB supervision, need to lay the groundwork now.

Meet the authors

Alex Spooner


Alex is a Manager in Deloitte's EMEA Centre for Regulatory Strategy, specialising in bank prudential regulation, and policy related to the financial risk associated with climate change.

Rosalind Fergusson

Senior Manager

Rosalind is a Senior Manager in Deloitte’s EMEA Centre for Regulatory Strategy, specialising in sustainable finance regulation. Before joining Deloitte in January 2012, she worked in financial services policy at HM Treasury and as an Associate Portfolio Manager at an asset manager.