Effectively managing climate-related risks: What banks and insurers need to do under PRA’s updated supervisory statement (SS5/25)

After being in place for over 6 years, SS3/19 has been superseded by SS5/25, meaning UK banks and insurers now have a new set of supervisory expectations on managing climate-related risks. This marks a significant step in the evolution of the regulatory landscape.

Through this update, the PRA has brought the regulatory expectations upon UK firms into closer alignment with other jurisdictions and the BCBS , through both explicit features (e.g. the use of a materiality assessment) as well as a clear signal that disciplined supervision will follow, where firms may be challenged to demonstrate an appropriate response to SS5/25.

What changes followed the consultation?

The consultation period in advance of SS5/25 (CP10/25) gave firms visibility of the proposed supervisory statement and an opportunity   to respond. Amongst the notable changes to the supervisory statement following the consultation are:

• Greater detail has been provided regarding the proportionate application of expectations. The consultation stated that the expectations should be considered in the context of the PRA’s Approach to Banking and Insurance however the final draft builds upon this by explicitly stating that robust assessment and monitoring of climate-related risks should be proportional to the size of the firm, not just the materiality of the climate risk itself.
• Proportionality expectations are elaborated upon for Climate Scenario Analysis (CSA) expectations, where firms should be aware of the limitations of the CSA tools used and the number of CSAs conducted should be commensurate with the firm’s size and level of climate-related risk exposure.
• Further clarification that existing or novel risk registers (a nod to the BSA CP10/25 feedback ) may be used to capture material climate-related risks and that firms may use judgement in whether the risk register be at the level of the individual climate-related risk transmission channel, across multiple climate-related risks, or in combination with non-climate-related risks.
• The requirements for data proxies have been softened, with firms now required to use appropriate proxies where reliable or comparable climate-related data is not available, instead of appropriately conservative assumptions and proxies.
• A stronger hint has been made to evolving best practice (including tools and data) whilst also acknowledging that non-climate-related tools and risk management techniques commonly used will still provide value. The final draft of SS5/25 explicitly acknowledges the contribution of the Climate Financial Risk Forum (CFRF) in providing practical tools and guidance.
• Explicit expectation for board appetite and tolerance levels for outsourcing and third-party arrangements that may be exposed to climate-related risks.

What does the year ahead look like?

Firms now have 6 months to conduct their internal reviews of their status against SS5/25. This will principally comprise gap assessment and remediation plans and the PRA will allow a further 6 months before potentially seeking evidence of this. Where evidence is sought, firms should be able to demonstrate that their timetable to address any gaps is both credible and ambitious – a clear indication from the PRA that SS5/25 is expected to drive tangible improvements in climate risk management  .

When considering the varying levels of climate-related risk management maturity observed in the market and the enhanced expectations against the previous supervisory statement, there are a number of thematic areas where 4most expect activity to be concentrated.

Two-step process of risk identification and management

The clear requirement for firms to identify and internally agree which climate-related risks are material (materiality assessment) will not be surprising to firms with connections to European banking, however, will require a more formalised (board approval) and exhaustive process than many firms potentially have already.

Therefore, to demonstrate an effective internal review, firms may use this time to develop a framework identifying roles and responsibilities for the materiality assessment in addition to understanding the data gaps (both quantitative and qualitative) to fulfil this.

Risk register, risk appetite, and business strategy

In following SS5/25’s advocated approach for risk identification and management, firms’ risk registers will contain material climate-related risks and risk appetites will be formed against this inventory. CSA may be then applied to understand the impact on business strategy and inform an appropriate response.

Firms with a more mature governance framework may find themselves focussing on expanding the breadth of material risks formally controlled via risk appetite to include registered risks and enhancing the quality of risk appetite metrics by using losses associated with a range of climate stress scenarios to inform limits.

Where governance frameworks are less mature, firms may first focus attention on establishing risk appetites for the most material climate-related risks. Review of business strategy against climate-related risks may initially be limited to more ‘central’ scenarios whilst a wider range are in development.

The paper also steers firms to adopting an ACCEPT/MANAGE/AVOID approach to Risk Appetite which suggests while firms maybe incorporating these risks they are not effectively defining how they should be managed on the portfolio.

Scenarios and CSA

To support CSA, scenarios are needed and there are ample examples where a requirement for multiple scenarios has been made in SS5/25. The supervisory statement makes clear that CSA should be used as a tool across all steps of climate-related risk management. Therefore, where firms do have capability, framework or data gaps in conducting CSA, the internal reviews of SS5/25 should reveal these.

For more advanced firms looking to take greater ownership of scenario development, this may mean plans for frameworks, data requirements and technical expertise to achieve this. For CSA, it is likely that the gaps will be around its application across a broader range of use cases beyond ICAAP and for catering for all identified climate-related risks. Firms most advanced in climate-related risk management will be considering how IFRS9 calculations may adopt CSA.

Smaller firms and those less exposed to climate risk may choose to exchange to flexibility and customisation of in-house scenario development with plans to procure and onboard those developed by third parties.  For CSA itself, it is expected that gaps and related remediation plans will first focus on formalising the frameworks and governance for CSA, which until this point may have operated on a less formal basis.

Data

An ongoing theme within the climate risk management discipline is the demand for quality data and the systems to support this. SS5/25 aligns with this and the suggestion that firms engage counterparties may result in new data streams becoming available, particularly for more advanced firms investing in systems to harvest and store data from counterparties’ public disclosures.

There is internal synergy within SS5/25 where the materiality assessment may create a demand for new data sources and firms will be required to capture data gaps because appropriate and reliable data and disclosures for climate-related risk management are not yet available.

How 4most can help

SS5/25 is a clear call to action for firms and the countdown to supervisory enforcement has begun. 4most are uniquely placed to support your firm with the integration of the supervisory statement. Having supported firms understand and embed climate regulation, including data and modelling, across the UK, Europe, UAE, and Australasia, we know what good, and ineffective, looks like, and can bring that experience and insight to your organisation.

Get in touch to learn more about how we can help – info@4-most.co.uk.