Climate change is a reality, and one of the most important challenges of this generation. Financial institutions are exposed through both physical and transition risks, and have an important role to play in mobilizing resources for investments in climate mitigation. In most financial institutions, Senior Management, Risk functions and some business areas are already very active in climate related efforts. However, thus far, we have seen Compliance only working at the fringes of climate related initiatives and often in a tactical manner.
While Compliance usually jumps into the action once laws, rules and regulations are finalized which is not yet the case on climate, it is time for Compliance to get off the sidelines and into climate efforts. The stakes are simply too high to wait; missteps today and tomorrow will most certainly lead to regulatory, reputational and litigation costs in the future. In addition, Compliance already has many tools in its arsenal to help financial institutions achieve their climate objectives but needs to deploy them in a strategic way.
The purpose of this paper is to provide a framework for how Compliance functions can support their institutions to meet their climate objectives and minimize reputational and regulatory issues going forward.
Below is an excerpt from the report, for the full PDF version of Climate and Compliance, please click here.
Incorporating climate into the compliance framework
We see that Chief Compliance Officers (CCO) are increasingly realizing that climate is an important area for Compliance to weigh in on, but there is a lack of clarity on what the engagement model should be as the regulatory environment continues to evolve. While the roles of other executives are becoming clear, the role of the CCO is still quite undefined as it relates to climate.
Due to the importance of the issue and the lack of clarity of the CCO role, we believe that Compliance ought to develop a top-down strategy for climate, rather than waiting for it to materialize in a bottom’s up manner. This strategy should be coordinated with the CRO’s so as to establish clear roles and responsibilities across the 2nd line of defense and appropriate coordination to optimize the control environment of the firm and avoid duplication. The Compliance effort should be guided by the principles of being pragmatic and specific, (i.e. not highly conceptual), avoiding duplication with other areas (e.g., Risk, Legal) and dynamic as this area is subject to quite a lot of fast paced change so, in other words, the perfect will likely be the enemy of the good in the case of climate.
The remainder of this paper will focus on the “First Wave” of actions that Compliance functions should prioritize as they seek to engage in and support their bank’s climate strategy and risk management efforts. In the figure below, we have outlined the OW Compliance/AFC risk management framework and highlighted these First Wave focus areas.
Risk assessment and annual plan
Climate issues may bubble up in the normal Compliance risk assessment and annual planning process in distinct areas like product misrepresentation or misleading marketing materials, but this bottoms up approach will likely only lead to a tactical and incremental response. To address the importance of the issue and the amount of emerging regulatory activity, this area may require a bolt-on strategy on top of the normal risk assessment process. The strategy should consider current regulations and regulatory initiatives, and the firm’s climate strategy, products and public commitments. These considerations should be evaluated in connection with the bank’s existing Compliance/AFC framework to develop a dedicated First Wave action plan that can be incorporated into the overall Compliance plan. We have found that a workshop approach with the Compliance leadership team, executives leading different aspects of the firm’s strategy (central and business aligned) and Risk stakeholders can be a very effective way to jump start the program. The exam questions for these sessions are what can Compliance do now and in the forseeable future to help limit regulatory and reputational risk relating to climate and what is the near term role of Compliance taking into account the roles of other stakeholders in the 1st and 2nd line.
Governance and people
The maintenance of a Compliance climate program is dependent on staying plugged into what is going on at the firm as it relates to climate. The CCO or a senior deputy (i.e., MD level) will need to be directly connected to the firm’s climate steerco or the equivalent body and have a seat at the table with the firm’s leadership on this topic. This is appropriate since climate is already, and will undoubtedly continue to be, one of the most significant regulatory challenges facing banks. It will enable Compliance to provide appropriate challenge to the firm’s strategy and public commitments. For example, Compliance could challenge whether there is sufficient granularity around the plan to support the financial institutions’ “net zero” pledge and whether there is enough progress being made against that plan.
We also believe that a small group should be built to support the Compliance accountable executive to assist in the maintenance of the program (i.e. Climate Centre of Excellence). This group would be responsible for coordinating the Compliance response to climate, including the following activities:
- Collecting climate related regulatory horizon scanning information to provide a clear view on potential changes and the implications of future regulation.
- Keeping a heat map of all the climate related activities occurring in the bank which will enable Compliance to be engaged in the appropriate places where activity is occurring.
- Educating the rest of the Compliance function on climate related matters and driving the incorporation of climate into their activities/functions.
- Serving as the advisory/coverage team for the Firm climate accountable executive and the team supporting that individual(s), and the primary interface with the accountable executives in Risk and other functions (e.g., Legal).
- Keeping risk related metrics, lessons learned from issues and other trend data on the outputs of the Compliance processes to enable a better understanding of the potential regulatory risk the financial institution is running with respect to climate.
Policy standards, advice and challenge
To date, most Compliance functions provide targeted piecemeal advisory support to the various business units developing climate related products, especially in asset management and wealth businesses. Compliance should work with the business to help drive a more codified and consistent approach to product name designations and related disclosures so there is clear guidance that can be monitored against and consistency across the businesses. Compliance should consider whether it is necessary to amend policies or standards to cover these issues.
It is clear that there will continue to be a bevy of new and enhanced products for all types of clients that incorporate climate related aspects. We are in the early days of the development of new and innovative products in this area. Accordingly, Compliance will need to continue to be very active in all aspects of the new business process to provide challenge and help ensure the policy standards are upheld. Compliance will need to be at the table early on as products are being developed, as well as, when they make it to the formal new business process. As the financial institution climate frameworks evolve, it will be essential to have an engaged and informed set of Compliance busines coverage teams to avoid regulatory and reputational pitfalls. As referenced above, the climate COE can help educate business coverage Compliance teams and monitor climate product developments at the firm-wide level.
As is normally the case, Compliance should not only drive policy standards and provide advice and challenge but should also use its substantial control toolset for climate.
Compliance control processes
Compliance already has quite a few existing tools that can be deployed to mitigate risk in the climate space. The climate COE will need to help define which tools/processes should be used and help upskill the employees in these groups so that they are able to meaningfully engage on this topic. It is essential that Compliance consider the full set of control processes in its arsenal to obtain the optimal level of risk management as the climate challenge develops.
Probably the most impacted area is the marketing material review function in Compliance. This area will see the marketing materials related to climate and can help ensure that they meet the policy standard referenced above and are fair and balanced. Another area that will be highly impacted is the group in Compliance that does electronic communications surveillance. The lexicons and review logic will need to be upgraded in order to capture potential misstatements or exaggerated claims regarding climate. The COE can provide assistance in developing an appropriate lexicon/tagging logic.
There may be other control processes in Compliance that should be deployed. For example, in some institutions Compliance is responsible for guideline monitoring in asset management businesses. This will be very important to ensure that climate related guidelines are honored by portfolio managers. Similarly, there may be trade surveillance for institutional businesses and “best interest” related surveillance for wealth management businesses that can be upgraded to cover climate related risks. Compliance leadership should also consider how the substantial monitoring and testing program can be utilized to support the institution’s climate strategy.
There may also be other processes that can be enhanced to help in the broader climate effort. For example, the KYC process can be utilized to obtain a better understanding of the underlying business of potential customers (e.g., subsidiaries that have a high carbon footprint). Also, watch and restricted lists could be leveraged to help the firm limit business relationships with climate unfriendly customers.
As referenced above, the COE ought to gather data on the outputs of the processes established for the “First Wave” risk management activities and support the CCOs effort to escalate emerging risks, as well as, iterate the future waves of the program as Compliance learns as it goes, and regulations change.