Navigating the future: how new EBA Guidelines propel banks toward a robust ESG risk management

In the crisp air of January, a season of reflections and resolutions, the European Banking Authority (EBA) unveiled its key regulations on ESG risks, which are aimed at addressing among others the challenges laid bare by the past year’s climate catastrophes. As the world witnessed Spain and Los Angeles grappling with unprecedented natural disasters and Central Europe reeling from the devastating impacts of severe storm Boris and fatal floods, the urgency of the situation is quite evident. These events not only caused lasting harm on the landscapes and communities affected, but also rattled the financial underpinnings of major institutions about climate-related and other environmental risks. This underlines a dire need for strategic adjustments in the management of environmental, social, and governance (ESG) risks. Looking ahead, the EBA's new guidelines, set to be implemented by most banks by January 2026, sets forth robust standards and methodologies for the identification, measurement, management, and monitoring of ESG risks. They consolidate supervisory experiences gained in recent year as well as emerging industry practices.

The journey in integrating ESG considerations is not new for banks; it is an evolving path marked by a deepening understanding that ESG risks - spanning environmental transitions and physical threats - challenge the stability and integrity of financial institutions and can surface in every risk category, from credit and market risks to operational and reputational concerns. Supervisors like ECB and DNB have been quite vocal and set their expectations in 2020. The new EBA Guidelines provide minimal requirements and benchmarking techniques for identifying, quantifying, managing, and tracking ESG risks. And thereby go beyond the relatively high-over 2020 expectations.

Regulators now require banks to conduct regular assessments of ESG risk materiality - at least annually (every two years for smaller, less complex banks) or more often if significant shifts in their business environment occur because of ESG factors. These evaluations must cover short-, medium-, and long-term horizons, using both qualitative and quantitative insights to capture a comprehensive view of all potential risks. To meet these requirements, banks must develop robust systems to collect and aggregate the ESG risk data, since reliable information is key to sound decision-making. They also need to factor in the ESG profiles of their counterparties, ensuring these metrics keep pace with evolving regulatory and market standards. The new requirements underscore a bold learning process as banks must anticipate on how ESG risks could affect their financial performance in a range of future scenarios. EBA explicitly requires banks to continue a steep learning curve and thereby propel banks to continue to improve their maturity level. As such, although the guidelines do set clearer and more rule-based requirements, various principle-based requirements still remain to acknowledge ESG risk management is a very dynamic discipline and flexibility in regulations is needed to allow innovation.

While the Guidelines apply to all financial institutions, they come with proportionality considerations for small and non-complex institutions (SNCIs). For instance, the implementation timeline follows a phased approach with an effective date to comply from 11 January, 2026 for most banks and a date one year later for SNCIs. While this approach may facilitate compliance for SNCIs, it may offer limited relief to larger banks better equipped to meet regulatory requirements. Furthermore proportionality applies in the range and complexity of scenarios to be used by banks in assessing ESG risks. The guidelines highlight the importance of continual adaptation to evolving practices in ESG risk management, ensuring that all institutions can effectively navigate the changing landscape.

Central to the EBA Guidelines is the development of prudential transition plans, designed for institutions in the banking sector. The aim of a prudential transition plan is to enhance a bank’s robustness towards ESG risk and be better prepared for the transition towards a low carbon economy. It is primary for internal use and will also be assessed by supervisors through the Supervisory Review and Evaluation Process (SREP).

Key components of a prudential transition plan include a ESG risk materiality assessment, a strategic ambition, targets/limits, an implementation plan, and a client engagement strategy. These plans need to be periodically reviewed and execution requires monitoring capabilities. As such, banks need to ensure they have an appropriate (transition) planning process in place.

Despite guidance on transition plans has increasingly become available over recent years - there are more than 35 documented standards and frameworks - the EBA Guidelines offer a focused framework that addresses the distinctive risks and challenges tailored to the banking sector. By aligning with the EBA guidelines, banks can ensure that their transition plans are robust, compliant, and tailored to meet the evolving regulatory landscape. EBA encourages banks to develop a comprehensive transition planning that also addresses transition plan requirements from regulatory standards such as the CSRD. The CSRD sets disclosure requirements to transition plans. Although the prudential transition plan is an internal plan, the content should be consistent with the transition plan disclosures under CSRD.

We see three key actions for banks:

• Commit to enhanced ESG integration: Banks are urged to commit to enhancing their integration of ESG factors into their operations now, not just as a regulatory requirement, but as a fundamental shift in strategy and risk management. This strategic integration goes beyond compliance, positioning banks to align with evolving standards and prepare for future regulatory updates. By proactively embracing ESG integration as a core aspect of their strategy and risk management, banks can future-proof their operations and enhance their competitiveness. This requires that a bank makes it clear early on how it is going apply the principle-based requirements to suit bank-specific aspects.
• Proactively refine transition plans: Banks must proactively develop and continually refine their transition planning. It is essential to look ahead, anticipate changes, and be prepared to adjust strategies to navigate emerging technologies, market shifts, and regulatory updates effectively. A single plan should suit multiple purposes and stakeholders to benefit from the alignment with CSRD. Such alignment enhances the transition plan's utility and ensures that it meets broader regulatory standards while adapting to evolving market conditions to remain robust and relevant.
• Leverage and conform to evolving standards: It is imperative for banks to continuously monitor and adjust their strategies to align with evolving regulatory frameworks and market conditions. By actively engaging with the creation and refinement of standards, banks can ensure compliance and be on par with or lead industry practices.

The EBA guidelines are a balancing act between prescriptiveness and flexibility, standardizing essential aspects while allowing room for financial institutions to ascend the steep learning curve of ESG risk management. As we move forward in 2025, the narrative is not just about compliance - it is about readiness, resilience, and a proactive stance towards sustainability that banks across Europe need to have to ensure the resilience of the business model and risk profile of institutions and be timely compliant.

Jeroen Heijneman
Senior manager, Financial Risk Management
KPMG in the Netherlands

Yessica Gallegos Carballo
Senior Consultant, Financial Risk Management
KPMG in the Netherlands

Lieke Boogaard
Consultant, Financial Risk Management
KPMG in the Netherlands

Dave Broekman
Consultant, Financial Risk Management
KPMG in the Netherlands