Banking Climate Risk: The model only matters if it lands in credit, capital, and pricing workflows

Written By Bo Y

After living in the weeds of climate risk modelling, one point has become very clear: climate data, on its own, has limited value. It becomes valuable only when it translates into the metrics banks actually run on every day: cash flows, probability of default (PD), loss given default (LGD), exposure at default (EAD), provisions under International Financial Reporting Standard 9 (IFRS 9) expected credit loss (ECL), risk‑weighted assets (RWA), capital buffers, pricing, and expected returns.

The real question is no longer “does physical climate risk matter?” The hard part is operational: mapping hazard into financial consequences with the same discipline, evidence standards, and governance that already shape credit decisions and capital planning. For several years, supervisors and standard setters have pushed in the same direction: climate risk should be treated as a driver of “traditional” risk types (credit, market, operational, liquidity), not as a separate silo.

If you want a refreshingly concrete benchmark for what “integration” looks like in banking life, the Dutch central bank De Nederlandsche Bank (DNB) remains one of the best references because it describes what banks actually implemented: board‑level accountability, risk appetite metrics, portfolio heat maps, climate ratings in due diligence, and climate stress tests embedded in the Internal Capital Adequacy Assessment Process (ICAAP). Similar “good practice” thinking is now well documented beyond the Netherlands by the European Central Bank (ECB), France’s ACPR, Canada’s OSFI, and the Basel Committee, which has now explicitly woven climate into its core principles.

What follows is a banking‑focused reflection on how that translation works in practice, where it breaks, and what “good” looks like in 2026, recognising that a small vanguard is far ahead of the median bank.

 

1. The problem to solve in banking

Banks do not manage “hazard” in the abstract. They manage:

  • Borrower repayment capacity and default risk (PD): likelihood a borrower defaults over a horizon.

  • Severity of loss when default happens (LGD): loss severity if default, driven by collateral value, liquidity, and recovery dynamics.

  • Exposure at the moment of default (EAD): the amount outstanding at default, shaped by utilisation and drawdowns.

  • Expected credit loss (ECL) under IFRS 9: a core accounting output combining PD, LGD, EAD and discounting.

  • Risk‑weighted assets (RWA): the denominator that drives capital ratios, influenced by credit risk parameters and approaches.

  • Internal Capital Adequacy Assessment Process (ICAAP): the internal process that links risk measurement to capital planning and stress testing.

  • Internal Liquidity Adequacy Assessment Process (ILAAP): where funding resilience and liquidity under stress are tested.

  • Pricing, covenants, tenor, and deal structure: the terms that embed risk appetite into individual transactions.

So the modelling problem is a translation layer that converts hazard into changes in those variables in a way that is explainable, auditable, and robust enough to survive model risk governance and credit committee scrutiny. In 2026, only a minority of banks have this translation truly embedded into models, a larger group is working with overlays and qualitative judgement, many are still at the “visibility and narrative” stage.

 

2. The translation chain banks actually need

In practice, the chain that works is the one that mirrors how banks already think and document decisions:

Hazard → Exposure → Vulnerability and damage → Cash flow and collateral impact → PD, LGD, EAD → ECL, RWA, pricing, limits, capital plan

More concretely:

  • Hazard: flood depth and frequency, heat‑stress days, wildfire probability, water stress, storm surge, chronic sea‑level rise.

  • Exposure mapping: geolocation of collateral and key operating sites, critical supply‑chain nodes, insurance coverage and exclusions.

  • Vulnerability and damage: construction type, elevation, resilience measures, sector‑specific sensitivity, damage and downtime functions.

  • Operational disruption: lost revenues, higher operating costs, forced capex, working‑capital strain, insurance friction and disputes.

  • Financial statements and cash flows: EBITDA, capex, free cash flow, interest coverage, covenant headroom, dividend capacity.

  • Credit model inputs: rating migration, PD shift, LGD shift via collateral and recovery, EAD shift via drawdowns or covenant breaches.

  • Bank outputs that drive decisions: IFRS 9 ECL, pricing spreads, limits, RWA, ICAAP and ILAAP buffers, sector and geography appetite.

A particularly useful pattern is to split this into two channels that credit people immediately recognise:

  • Borrower capacity channel (PD): physical shocks disrupt revenues, costs, operations, and sometimes insurance availability, which then hits debt‑service capacity over time.

  • Collateral and recovery channel (LGD): physical risk affects collateral value, market liquidity of the asset, time‑to‑recover, and haircut assumptions, especially in mortgages, commercial real estate, and asset‑backed lending.

In fact, supervisory “good practice” examples explicitly frame physical risk translation through hazard mapping, vulnerability functions, damage ratios and expected damages, and then into collateral valuation, recovery rates and, to a more limited extent so far, PD adjustments. Research on flood risk and mortgage portfolios has already shown that, in many scenarios, capital depletion is driven more by LGD changes via collateral than by immediate increases in PD.

An important operational reminder follows from this: climate risk is not a new “risk type.” It is a driver of conventional risks, but with distinctive features: deep uncertainty, non‑linearity, long horizons, and material correlation across portfolios and geographies.

 

3. What banks are actually doing in 2026

As of early 2026, practice is uneven. A small vanguard of banks has moved beyond pilots into real integration, a larger group is building overlays and qualitative frameworks; a sizeable tail is still in early, compliance‑driven stages. The institutions that are genuinely progressing tend to avoid rebuilding their credit models from scratch. Instead they focus on three pragmatic moves.

1) Making climate “visible” at the point of decision

This sounds basic, but it is where most programmes either become real or stall. Here are some examples that typically works:

  • A climate risk field or flag in the credit file that is automatically populated where possible (e.g. geocoded collateral for mortgages, CRE, project finance) and forces a short, deal‑specific narrative: What is the exposure? What could happen? What changes in the structure, pricing or limits?

  • A first‑line assessment plus second‑line challenge, aligned to the three‑lines‑of‑defence model supervisors emphasise, so that higher‑risk cases get a structured second‑line review using consistent criteria.

  • A transition or physical risk scorecard that actually triggers actions: enhanced due diligence, mitigation requirements, shorter tenor, additional collateral, pricing add‑ons, or escalation to a credit committee.

Where most banks may still fall short:

  • Scorecards get built as “nice overlays” that rarely change pricing, structure, or appetite and remain decoupled from formal credit policies.

  • Relationship teams treat climate language as compliance text rather than a risk driver, so narratives stay generic and copy‑pasted across clients and sectors.

  • Data granularity is patchy: asset‑level geocoding is still the exception, not the rule, and many portfolios are still assessed at postcode or even regional level.

To know where you are landing, here is a simple reality check: if the climate section in the credit memo can be reused across borrowers with minimal edits, climate risk has likely not yet been fully embedded into credit judgement. 

2) Translating physical risk into credit parameters using “good enough” mechanics

You do not need perfect physics to improve financial risk calibration, but you do need defensible mechanics and conservative governance, and you need to acknowledge where the models are not yet “decision‑grade.” There are two field‑tested patterns:

  • Flood‑focused LGD adjustments: hazard maps and depth‑damage functions are used to estimate plausible damage ratios and recovery delays for mortgaged properties or CRE, translating into LGD add‑ons or more conservative collateral haircuts.

  • Hazard + vulnerability functions for collateral: expected damages are estimated at asset or postcode level and translated into valuation assumptions (haircuts, time‑to‑sell, and expected recovery shortfalls).

Here are some systematic weaknesses that I often see:

  • False precision: hazard scores are treated as if they were precise predictors of portfolio loss, rather than uncertain inputs in a wider chain with many assumptions.

  • Static vulnerability: models assume today’s vulnerability and insurance landscape remain fixed, ignoring adaptation measures, changing building codes, evolving insurance coverage, and policy responses.

  • Weak feedback loops: climate‑enhanced models and overlays are not systematically back‑tested against realised losses, valuations, arrears, and recoveries, so parameter updates lag reality.

A practical best practice is to label climate‑enhanced outputs as “decision‑grade” only when three tests are met: (1) the methodology is traceable and explainable to non‑specialists, (2) sensitivity analysis has been performed and documented, (3) there is clear governance on overrides and permitted uses. For many banks, current climate inputs are still in a “supplementary insight” or “pilot” category rather than fully decision‑grade.

A further complication is model risk governance. Internal‑ratings‑based (IRB) models and IFRS 9 models were built for stationary risk drivers with back‑testable relationships to historical losses. Climate risks are forward‑looking and non‑stationary by definition. That tension explains why, as of late 2025, only a minority of banks report having climate factors directly embedded in IRB or IFRS 9 models, while many rely on qualitative factors, overrides, or scenario overlays instead.

3) Moving from dashboards to steering (risk appetite, capital, and liquidity)

The visible shift from “we can map it” to “we manage it” shows up in risk appetite, portfolio steering, and capital and liquidity planning.

Supervisors have made it clear that they expect this progression, from qualitative narratives to quantified steering tools, and from standalone climate reports to integration into mainstream risk processes. At the same time, there is explicit recognition that many banks will still be closing gaps through 2027–2028 rather than having full integration in place by mid‑2026.

Below are some common good practices among the more advanced institutions:

  • Risk appetite frameworks that include climate‑related key risk indicators (KRIs) with thresholds, and in more mature cases, explicit concentration limits for sectors or geographies with higher transition or physical vulnerability.

  • Heat maps and concentration monitoring that are tied to portfolio actions: sector or geography limits, targeted repricing campaigns, tighter collateral policies, or revised distribution strategies.

  • Integration into ICAAP and ILAAP, where correlated losses under climate scenarios are examined alongside capital and liquidity resilience, and where management actions under adverse scenarios are discussed and documented.

 

4. The regulatory reality in January 2026, and why it matters operationally

Two things are true at once.

  • First, in Europe and the UK, the direction of travel is toward deeper integration of climate and broader ESG risks into governance, risk management, scenario analysis, data, and disclosures. The EBA’s final Guidelines on the management of ESG risks apply from 11 January 2026 for larger institutions and from 11 January 2027 for small and non‑complex institutions. In the UK, the PRA’s PS25/25 and the updated supervisory statement SS5/25 took effect on 3 December 2025, replacing earlier guidance and setting more detailed expectations on governance, data, scenario analysis and integration into ICAAP, ILAAP, IFRS 9 and valuations.

  • Second, in the United States, the interagency Principles for Climate‑Related Financial Risk Management for large financial institutions were rescinded in October 2025, following earlier withdrawal of participation by one of the key agencies. That does not remove existing safety‑and‑soundness expectations, but it does reduce the clarity and momentum of climate‑specific supervisory guidance.

Operationally, this divergence creates an additional challenge for global banks: uneven implementation. Some entities operate under explicit, time‑bound expectations with binding decisions and the prospect of penalties, others now see climate risk framed more implicitly within general risk management. The right response is not to wait for perfect global alignment, but to treat climate as a material risk driver wherever it is material, building a consistent internal translation layer that boards, risk committees and product governance forums recognise. The Basel Committee’s principles remain a sensible global baseline for that mindset.

 

5. Realistic best practices that actually work

Best practice 1: Start from the decision, not from the dataset

For each portfolio, begin by specifying which decision will change when climate risk is assessed as higher. This can really help you moving from building a reporting artefact, to a risk management capability. :

  • price add‑on or discount;

  • maximum tenor;

  • collateral haircut or eligibility;

  • covenant package;

  • sector or geographical concentration limit;

  • enhanced monitoring cadence;

  • capital buffer discussion.

Best practice 2: Build “minimum viable integration” in 90 days

A pragmatic sprint for a priority portfolio could include:

  • Geocode exposures where it matters most (mortgages, CRE, project finance, selected corporate portfolios).

  • Add a climate risk field to credit systems and templates that is mandatory for new approvals and renewals.

  • Define escalation triggers (simple thresholds or flags) with a real governance path and clear second‑line challenge.

  • Train the first line on the two‑channel narrative: the PD channel (capacity) and the LGD channel (collateral and recovery).

  • Put override governance and audit trail in place, so that when decisions deviate from climate indicators, the rationale is recorded.

This “embed into governance and risk management first, then deepen the tools and scenarios” approach is consistent with supervisory good‑practice expectations and recognises that data and models will mature over several years.

Best practice 3: Treat scenario analysis as a management tool, not a one‑off exercise

Scenario analysis becomes genuinely useful when it is explicitly linked to:

  • portfolio concentrations and correlated loss behaviour under different transition and physical pathways;

  • capital planning, including internal capital buffers under stressed scenarios;

  • liquidity resilience, including impacts on collateral values and secured funding;

  • specific management actions under each scenario, with triggers and responsibilities.

That is also where supervisors want it to land: within ICAAP, ILAAP, strategic planning, and risk appetite, not as a separate climate chapter at the back of the annual report.

Best practice 4: Be explicit about data gaps and manage them like any other model limitation

No bank has perfect data, instead of waiting for it, a more realistic approach is to:

  • Define data quality tiers (for example: Tier 1 asset‑level; Tier 2 postcode; Tier 3 regional; Tier 4 proxy or sectoral average).

  • Apply conservative haircuts and wider ranges where granularity is low or uncertainty is high.

  • Make uncertainty explicit in reporting and decision rules, including “guardrail” logic that prevents over‑reliance on low‑quality indicators.

Supervisory bodies have been consistent in stating that data and disclosure work are foundational, but that lack of perfect data is not a valid reason to ignore a material risk.

Best practice 5: Build a reusable playbook for other “hard‑to‑model” risks

Once you can translate complex, uncertain external drivers into disciplined internal metrics and decision rules, you have created a reusable internal capability. Climate is forcing banks to take long horizons, deep uncertainty and correlation seriously. The governance, data, and modelling muscles built now will be transferable to other emerging risks, from nature loss to geopolitical fragmentation.

 

6. What’s next?

For banks, climate risk is not a separate “ESG topic.” It has become a credit, capital, liquidity and operational resilience topic. The institutions making real progress in 2026 are not those with the most sophisticated hazard maps. They are those that have built a translation layer that credit committees trust, that model risk governance can defend, that relationship teams can apply, and that capital and liquidity planning can absorb.

Put bluntly: the model only matters if it lands inside the workflow.

 

Bo Y
Next

CS3D 2026: A Practical Supply Chain Due Diligence Guide for Fast, Defensible Compliance and Bid Readiness