In the seventh amendment of its Minimum Requirements for Risk Management (MaRisk, a draft of which was published by BaFin in September 2022), the subject of sustainability has been added to the components of risk management that are to be considered at financial institutions. In this article, we take a closer look at the demands and implications this entails for firms in this sector.
The fact that Germany's financial oversight authorities have taken this step comes as little surprise following their publication of a corresponding guidance notice back in 2020. The recommendations it contains on dealing with sustainability-related risks as part of risk management have now become requirements that are subject to auditing. In addition to the BaFin regulations, the European Banking Authority (EBA) guidelines on granting and monitoring loans contain explicit requirements on dealing with environmental, social, and governance (ESG) factors in the lending process. The actions that affected financial institutes need to take as a result of these requirements can be significant, especially with regard to data and processes.
The latest updates at a glance
This overview offers a summary of the key changes that have recently been made. The ESG requirements for risk management affect the following areas of the existing guideline:
Source: Germany's Federal Financial Supervisory Authority (BaFin)
Data quality requirements
The changes described above relate in particular to stricter requirements on the quality of ESG data. Data collection and analysis must be designed to facilitate the quantitative assessment of ESG risks. Up to this point, the effects of ESG risks have primarily been evaluated from a qualitative point of view. For many institutions, the situation is also exacerbated by the need to assess risk over a sufficiently long historical period. At the same time, risk assessments must cover an economically realistic period that includes both stable and unfavorable market phases. Since the consideration of ESG risks has only begun to gain importance in recent years, many institutions’ historical data does not extend far enough into the past. In the short term, the only option for many of them will be to obtain corresponding data from external sources. In order to assess their business activities as accurately as possible, these organizations will need to focus in the medium and long term on implementing their own structures for collecting data.
Synergies and necessary developments
From a process perspective, however, these demands also present potential synergies with certain disclosure requirements, such as those related to the EU taxonomy. This is another area where institutions will need to collect a great deal of additional information in the realm of ESG. It therefore makes sense for them to closely coordinate their internal efforts to gather the information required for managing risk and meeting their disclosure obligations. In this way, organizations can avoid collecting the same data twice, which in turn will improve their data management and quality.
In addition, subsequent processes in risk management and reporting will then take place on a uniform basis of data, which will safeguard the verifiability of this information to a significant extent. That said, the fact that ESG factors are not viewed as a separate risk category and are to be assessed in terms of their impact on existing categories means that evaluation processes will need to be extended in the area of risk management.
To enable financial institutions to collect the necessary data themselves whenever possible, central processes (in loan application, for example) will also require further development. While ensuring the completeness of data requires constant attention during collection, the same can be said of the focus on the customer. Over the course of the loan life cycle, the ability to map changing ESG benchmarks within the evaluation process will be crucial. It may become necessary, for example, to collect additional current information from borrowers in order to conduct assessments as required.
Summary
It is clear that financial institutions are currently contending with the need to invest considerable effort in meeting extensive ESG-related requirements in their internal reporting and risk management processes. In many cases, these two areas present similar challenges of their own. We therefore recommend addressing both aspects in a coordinated sustainability strategy and implementing it adequately on the technical side. This is the only way to take advantage of available synergies, get the most out of the potential at hand, and meet the relevant requirements in every area in an efficient manner.
The process experts in our Financial Services business unit will be happy to provide you with detailed guidance on how your institution can fulfill its obligations. Contact us today for a consultation without obligation!
