// . //  Insights //  Compliance Playbook To Accelerate Bank ESG Risk Management

In recent years, banks and the financial sector in general have experienced a notable increase in the focus on environmental, social, and governance (ESG) risks and their potential to significantly affect the financial and non-financial performance of financial institutions. The trend has been further amplified by enactment of the European Union’s Corporate Sustainability Reporting Directive (CSRD). This new set of regulations compels companies in all industries, including across the financial sector, to quantify and disclose their greenhouse gas emissions as well as plans to reduce them. The mandates are phased in, with the first reporting for the largest companies beginning in 2025 based on data from fiscal year 2024.

As a result, banks need to incorporate ESG into their compliance and control frameworks. And for the first time, they must integrate climate-related and environmental risks into the strategy, governance and oversight, and risk management, with non-compliance posing significant financial and reputational risks.

In our recent study involving 24 leading European and international banks, we observed a dual focus emerging within their compliance departments:

  • Pushing toward sustainability. Compliance needs to develop an ownership mindset for the bank’s path to sustainability and become a thought leader on the subject.
  • Safeguarding against greenwashing. Banks must navigate a complex landscape having given environmental commitments while regulations are still being developed or rolled out. Greenwashing involves companies making unsubstantiated claims about their products or services to convince consumers that they are environmentally friendly, as serious risk for banks and its customers.

The purpose of our paper, “Compliance Playbook To Accelerate Bank ESG Risk Management”, is to provide a playbook for compliance departments to mitigate greenwashing risk and elevate their strategic role on ESG risk management.

The current state of ESG in European banks

Despite the growing significance of ESG in the corporate world, organizational governance surrounding this topic remains ambiguous across European and international banks. According to our recent survey of European banks, ESG and sustainability priorities do not have a clearly defined place within the operations of the so-called “three lines of defense” model. The three lines of defense focus on management, risk management and compliance, and internal audit. More than 60% of banks indicated that there is uncertainty around which of these lines of defense is responsible for enforcing ESG and sustainability considerations, leaving open the possibility for items to get overlooked.

The European Central Bank (ECB) has established requirements for banks to incorporate climate-related and environmental risks and is actively monitoring industry performance. Its third assessment revealed that the quality of implementation remains inadequate. Banks have until the end of 2024 to comply with all the ECB requirements, and failure to do so for selected areas by the end of the first quarter of 2024 could result in severe penalties, including daily sanctions that could amount to 5% of the daily net turnover, or approximately €500,000 per day for an average bank. This presents a significant compliance risk for banks that should be actively managed through established compliance frameworks.

While over the last years Compliance in Europe have taken a more reactive approach toward ESG, the recent increase in regulatory focus on ESG will force them to switch to a more proactive role in assessing climate-related and sustainability risks. This would include:

  • Providing compliance advice
  • Executing independent oversight
  • Facilitating compliance with relevant rules and regulations, including those related to climate and the environment

Key focus areas for compliance departments today

Recent ESG regulation, primarily enactment of the CSRD, is triggering banks to start updating and upgrading the compliance department’s remit and procedures related to ESG. While our recent study showed that participating banks have taken some initial steps across the compliance operating model, particularly in the review of policies and procedures and risk assessment, only half have addressed overhauls of training and a minority have taken on reporting functions.

Percentage of banks indicating revisions in respective parts of the compliance program to help manage ESG risks.

Looking at the focus areas of the compliance function, greenwashing has become a major concern, with 75% of banks identifying its mitigation as a top priority.

Exhibit 1: Compliance program uplifts

Navigating greenwashing risks for sustainable banking

Greenwashing is a situation in which corporate customers mislead consumers by making unsubstantiated or false claims about products or services being environmentally friendly or sustainable. If banks believe these claims, they too may end up being guilty of greenwashing or at least misrepresenting their sustainability progress in disclosures. In recent years, we have seen ample instances of bank compliance failures stemming from corporate greenwashing.

Exhibit 2: The areas of focus for compliance in the context of ESG risk management

This is more likely to happen to banks that lack sophisticated tools for assessing corporate claims or with poorly defined sustainability targets or inefficient data collection. These can lead banks to make poor assessments of their clients’ progress on sustainability or misleading claims or overstatements on their own sustainability accomplishments.

It is evident that banks are navigating a complex landscape when it comes to greenwashing risks, and with the incoming regulations goalposts continue to move. They need to adopt an agile and flexible approach to adjust their organizational structure and control framework effectively. By doing so, banks can proactively manage and mitigate these risks, ensure transparency and accountability, and build sustainable practices.

Six actions for banks to mitigate greenwashing 

  1. Assess potential greenwashing risks and support the establishment of preventative controls and measures.
  2. Create monitoring and notification controls for greenwashing. For example, compliance should start collecting data and perform analysis on the way relevant teams are assessing the clients’ environmental impact.
  3. Establish comprehensive training and awareness programs for all employees to enhance their knowledge of greenwashing. For example, the communications team should be specifically trained on greenwashing risks and taught how to identify product or service misrepresentations.
  4. Enhance current policies and procedures to include robust due diligence of environmental claims made by clients. This should include verifying the accuracy of their sustainability reports.
  5. Get involved in product creation: establish clear upfront criteria and standards, assess environmental risks as part of the bank’s new product approval process, including marketing materials, and perform periodic due diligence on products and services to ensure products are abiding by the policy requirements.
  6. Engage with regulators and standard setters on a regular basis to ensure that compliance functions are in sync with the latest guidelines and are equipped to effectively identify and address greenwashing.

Regulatory focus and challenges in mitigating greenwashing

For banks, the focus is also on regulatory requirements and customer due diligence. Surprisingly, less than half of the banks consider reporting requirements and ensuring taxonomy compliance as primary areas of focus.

This is concerning, particularly in light of the recent introduction of the Corporate Sustainability Due Diligence Directive. This expands the scope of due diligence beyond the corporate customer to the customer’s supply chain.

The supply chain is often complex and opaque, making it difficult to collect information and assess the risks for both the corporate customer and bank. These challenges and the inherent connection between compliance taxonomy and greenwashing mitigation are shaping the focus areas for the compliance function.

How compliance can lead the way

As compliance departments shift their focus to address the growing demands of ESG, they are presented with a transformative opportunity. Compliance functions have the potential to actively shape the ESG agenda and move beyond acting as a mere guardian of regulatory adherence to become a champion of sustainable banking. This role not only aligns the bank with global sustainability goals, but it also positions the compliance function as a more forward-thinking, strategic function.

Moreover, by championing ESG, compliance functions can attract purpose-driven professionals and top talent who are passionate about making a tangible difference. The modern workforce, particularly the younger generation, is increasingly seeking roles that provide purpose and meaning. By embracing this role, compliance functions can not only ensure regulatory adherence but also help steer the bank’s strategic vision, positioning themselves as an essential asset in the bank’s pursuit of sustainable growth.

Almost the half of the survey participants have already established a dedicated centralized team for ESG within the compliance function. For the near future participating banks are planning a moderate increase in full-time staff. This is a good start, but given the regulatory framework and complexity of implementation, it can only be seen as a beginning.

Exhibit 3: ESG risks and consequently plan for growth
Note: There is a dedicated ESG team within the Compliance function, but other teams also take on ESG responsibilities as per their domain. 2. ESG risk management is integrated in multiple Compliance teams, with each team taking on relevant ESG responsibilities.

Compliance functions need to scale up and take a more prominent role in ESG governance to ensure the organization will be able to fulfill regulatory expectations and institutional ambitions.

Key steps to scale compliance for effective ESG governance

  1. Embed ESG risks in oversight and monitoring. Ensure that identified ESG risks are included in oversight and monitoring frameworks. Capitalize on compliance’s oversight of execution of ESG controls through challenging ongoing activities, conducting deep dives and advising on improvements.
  2. Elevate ESG risks in reporting. Ensure that any non-compliance or significant climate-related and environmental risks or breaches are reported and incorporated into the compliance risk reports shared with the chief compliance officer (CCO) and/or the board of directors.
  3. Enhance ESG data. Champion and deliver the data collection processes to gather accurate and reliable data, implement systems to track and report on ESG performance regularly, and consider using technology solutions to streamline data collection, analysis, and reporting.
  4. Drive selected ESG initiatives. Beyond proactive ESG committee participation, drive specific ESG risk initiatives, for example, shaping the future of ESG data architecture, or taking the topical lead for social and governance topics.

Compliance is crucial for bank ESG strategy 

As the regulatory landscape on ESG becomes clearer, expectations from internal and external stakeholders will increase. Banks face a significant challenge in meeting these expectations and requirements while setting ambitious sustainability targets and disclosing their commitments. Greenwashing is heavily scrutinized and subject to material fines. Compliance functions need to get off the sidelines to mitigate risks and drive the bank’s overall ESG strategy. Banks need to begin acting on their commitments and managing their own risks — whether more guidance is provided or not.

The industry finds itself in a dilemma where it needs to do more to support the transition to a sustainable future, but at the same time, it is hesitant to take bold actions. This is where an effective and efficient compliance function should play a crucial role. The compliance function can act as powerful nucleus and facilitator for the bank’s ESG strategy leveraging established policy and control frameworks and processes. It is important to recognize that simply having controls in place is not enough. The key lies in ensuring that these controls are effective, tailored, standardized, and agile.

Banks need to adopt a comprehensive and all-inclusive approach in compliance to develop the necessary capabilities. The benefits from compliance moving from guardian to champion of sustainable banking are twofold: Banks will be able to take a leading role in strategic responses to regulations, while simultaneously demonstrating superior ESG risk management capabilities to their clients.