Demandez une démo

How to Meet EBA Guidelines for Managing Third-Party ESG Risks

The new EBA Guidelines require financial institutions to assess, monitor, and manage ESG risks in their third-party ecosystems. Learn best practices for simplifying this process.
Par :
Scott Lang
,
VP, Marketing produit
January 22, 2025
Partager :
Blog EBA Guidelines for ESG Risks

The European Banking Authority (EBA) has issued its final Guidelines on the Management of Environmental, Social, and Governance (ESG) Risks, detailing how EU-regulated financial institutions should identify, measure, manage, and monitor these risks to ensure short-, medium-, and long-term resilience goals. The Guidelines establish a comprehensive framework for managing ESG-related risks and will go into effect on January 11, 2026, for large institutions and on January 11, 2027, for small and non-complex institutions.

This post explores key aspects of the Guidelines, third-party considerations, and best practices for meeting third-party ESG reporting requirements.

Key Aspects of the EBA Guidelines on Managing ESG Risks

The EBA Guidelines on Managing ESG Risks aim to ensure that financial institutions embed ESG considerations throughout their operations, enhancing resilience to risks posed by environmental, social, and governance factors. These guidelines emphasize assessing risks from external relationships to promote a sustainable and robust financial sector.

Objective and Scope

The objective of the EBA guidelines is to enhance European financial institutions' ability to identify, measure, manage, and monitor ESG risks, ensuring long-term resilience and alignment with sustainability goals. The Guidelines apply to European credit institutions and investment firms, with proportionality considerations for smaller and non-complex entities.

Governance and Strategy

The Guidelines require that institutions incorporate ESG considerations into their business strategies, governance structures, and internal policies. Boards ultimately oversee ESG risk management under the Guidelines, ensuring alignment with the institution's overall strategy.

Cadre de gestion des risques

Financial institutions are required to evaluate how ESG risks may affect their operations and financial position, with ESG-related stress testing and scenario analysis mandatory to understand potential impacts. Institutions must also assess ESG risks from clients, suppliers, and other external counterparties, incorporating findings into their overall risk management processes.

Disclosures and Transparency

The Guidelines say financial institutions should collect and disclose relevant ESG data to improve transparency and enable stakeholders to assess their ESG risk management practices. Disclosures must align with existing regulatory frameworks, such as the EU taxonomy for sustainable activities.

Supervisors will assess institutions' compliance with ESG risk management standards, considering their integration into governance, strategy, and risk frameworks.

Third-Party and Supply Chain Considerations in the EBA Guidelines on Managing ESG Risks

While the Guidelines primarily focus on institutions' internal processes, they also emphasize the importance of considering ESG risks associated with third-party entities, such as clients, suppliers, counterparties, and other business partners.

Financial institutions are expected to evaluate the ESG profiles of these third parties and incorporate findings into their risk assessments and decision-making processes. This approach enables institutions to account for potential ESG risks arising from their external relationships, promoting a comprehensive risk management strategy.

Identify and Assess ESG Risks from Third Parties

Institutions must determine ESG risks associated with their clients, suppliers, and other external parties. Assessing how these entities' ESG practices may impact the institution's risk profile is crucial.

Integrate Third-Party ESG Risks into Risk Management Frameworks

Third-party ESG risks should be integrated into the institution's overall risk management processes to ensure effective monitoring and mitigation of potential risks.

Develop Contingency Plans

Institutions are expected to prepare plans to address financial risks stemming from ESG factors, including those arising from third-party relationships. These plans should outline strategies for maintaining resilience in the face of ESG-related disruptions.

Quelle est la place de l'ESG dans votre programme de TPRM ?

Notre guide de 14 pages présente un cadre de bonnes pratiques pour intégrer l'ESG dans votre programme de gestion des risques des tiers.

Lire la suite
Ressource en vedette Naviguer dans l'ESG TPRM

How to Meet EBA Requirements for Managing ESG Risks

To address the third-party considerations noted in the Guideline, organizations should:

Centralize Data to Assess Third Parties

Gather relevant ESG data from third parties to effectively assess potential risks. This involves understanding the ESG profiles of clients and suppliers to identify any associated financial risks and requires building a comprehensive supplier profile that compares and monitors:

  • ESG scores.
  • Sustainability ratings.
  • Firmographic data.
  • Recent business and reputational insights.
  • Financial performance.

Conduct Due Diligence

The Guidelines recommend integrating ESG considerations into third-party due diligence procedures, enabling organizations to proactively identify and mitigate risks arising from their business relationships.

To address this requirement, leverage a dedicated ESG risk assessment that examines risks from the 10 most common ESG domains, including Community, CSR strategy, Emissions, Human rights, Innovation, Management, Product responsibility, Resource use, Shareholders, and Workforce.

Then, map due diligence assessment results and risks to common ESG frameworks such as the EU Corporate Sustainability Reporting Directive (CSRD), the German Corporate Supply Chain Due Diligence Act (LkSG), the Global Reporting Initiative (GRI), ISO 26000, the Sustainability Accounting Standards Board (SASB), the Task Force on Climate-Related Financial Disclosure (TCFD), or the United Nations Global Compact (UNGC). Doing so will reveal gaps in best practices and enable teams to focus on the riskiest areas.

Continually Monitor Third Parties

Continuously monitor third-party ESG practices. Institutions should establish mechanisms to track and address any changes in their partners' ESG risk profiles.

For example, monitor scope 1, 2, and 3 data for each supplier's direct and indirect emissions, carbon EVIC (equivalent value in cash) intensity, bribery and corruption, labor, and modern slavery concerns.

These measures can enhance your financial institution's overall resilience by ensuring that ESG risks are comprehensively managed across all operations, including interactions with third-party entities.

How Mitratech Can Help Manage Third-Party ESG Risks

The EBA's Guidelines mandate that institutions proactively manage ESG risks, including those linked to third parties, by embedding ESG considerations throughout their operations and external engagements. Mitratech can help by:

  • Providing one-stop access to a repository of thousands of global, standardized company ESG scores, intelligence, and controversies fully aligned with other enterprise risks.
  • Incorporating a comprehensive ESG questionnaire in our third-party risk management solution.
  • Mapping assessment findings to ESG compliance regulations and frameworks for simplified reporting.
  • Reducing the risk of false positives and false negatives with analyst-validated ESG reporting.

For more on how Mitratech can help simplify ESG reporting to meet EBA requirements, download our ESG compliance guide or request a demonstration today.

Tags :
Partager :
Leadership scott lang
Scott Lang
VP, Marketing produit

Scott Lang a 25 ans d'expérience dans le domaine de la sécurité. Il dirige actuellement la stratégie de marketing des produits pour les solutions de gestion des risques des tiers de Prevalent, où il est responsable du contenu des produits, des lancements, des messages et de la mise en œuvre. Avant de rejoindre Prevalent, Scott était directeur principal du marketing produit chez BeyondTrust, leader de la gestion des accès privilégiés, et avant cela, directeur du marketing des solutions de sécurité chez Dell, anciennement Quest Software.

Postes connexes
  • Prêt pour une démonstration ?
  • Planifiez une démonstration gratuite et personnalisée de la solution pour voir si Prevalent est fait pour vous.
  • Demander une démo