Insight

OCC principles for large bank climate risk management

Large banks on notice for maturation of climate risk management programs

Amy S. Matsuo

Amy S. Matsuo

Regulatory and ESG Insights Leader, KPMG US

+1 919-664-7100

The OCC request for comment puts large banks on notice for the maturation of their risk management program and processes related to climate risks. The OCC principles for climate-related financial risk management align with TCFD and are in keeping with OCC’s safety and soundness authority. This principle-based request comes shortly after the issuance of the OCC’s issuance to boards on climate risk (see KPMG Regulatory Alert, here), and shortly before the SEC is expected to issue its proposal on climate-related disclosure. It is likely that the primary financial services regulators will utilize principle-based and existing rules for their inquiry, supervision, and enforcement of climate-related risk.


The OCC released draft principles for large banks (i.e., total consolidated assets > $100 billion) to identify and manage climate-related financial risks. The announcement highlights six general principles and six risk areas outlined below.

General principles are intended to provide a high-level framework for the safe and sound management of climate-related financial risk (hereinafter, climate risk) exposures, consistent with existing risk management frameworks.

  • Governance. To ensure effective risk governance frameworks:
    • Demonstrate sufficient acumen to assess the potential impacts of climate risks and address and oversee these risks within the bank’s strategy and risk appetite, including the potential ways these risks could evolve over various time horizons and scenarios
    • Assign and define climate risk roles, responsibilities, and interactions throughout the organization, integrating responsibility and accountability throughout these climate risk management structures
    • Allocate appropriate resources
    • Clearly communicate to staff regarding climate-related impacts to the bank’s risk profile
    • Regularly report to the board on the level and nature of climate risks to the bank
  • Policies, procedures, and limits. Incorporate climate risks into policies, procedures, and limits to provide detailed guidance on the bank’s approach to these risks and should modify them when necessary to reflect changing risk characteristics or bank activities.
  • Strategic planning. Consider material climate risk exposures when setting the bank’s business strategy; risk appetite; and financial, capital, and operational plans. The potential impact of these risk exposures should factor in geographic locations; stakeholder expectations; reputation risk; and LMI and other vulnerable communities, including physical harm and access to financial services. Public statements about the bank’s climate-related strategies and commitments should be consistent with their internal strategies and risk appetite statements.
  • Risk management. Management should oversee the development and implementation of processes to identify, measure, monitor, and control climate risk exposures within existing risk management framework. To achieve this:
    • Employ a comprehensive process for identifying emerging and material climate risks
      • Across a range of scenarios and various time horizons
      • Considering input from stakeholders across the organization
    • Develop processes to measure and monitor material climate risks and inform the board and management about the materiality of those risks. This includes:
      • Defining material climate risk exposures, both physical and transition
      • Developing tools and approaches, such as exposure analysis, heat maps, climate risk dashboards, and scenario analysis, among others
      • Aligning with the bank’s risk appetite
      • Supporting appropriate metrics (e.g., risk limits and key risk indicators) and escalation processes
    • Incorporate climate risks into their internal control frameworks, including internal audits
  • Data, risk measurement, and reporting. To facilitate the availability of relevant, accurate, and timely data for swift and sound decision-making across the bank:
    • Incorporate climate risk information into the bank’s internal reporting, monitoring, and escalation processes
    • Ensure effective risk data aggregation and reporting capabilities
    • Monitor developments in data, risk measurement, modeling methodologies, and reporting, and incorporate them into their climate risk management as appropriate
  • Scenario analysis. Climate scenario analysis is emerging as an important approach to identifying, measuring, and managing climate risks. An effective climate scenario analysis framework should provide a comprehensive and forward-looking perspective to apply alongside existing risk management practices when evaluating the resiliency of strategies and risk management to the structural changes arising from climate risks. To establish an effective framework:
    • Develop and implement climate scenario analysis processes in a manner appropriate for the bank’s size, complexity, business activity, and risk profile
    • Develop oversight, validation, and quality control standards for climate scenario analyses, commensurate to their risk
    • Clearly define the objectives of the analysis framework, reflecting the overall climate risk management strategies

Management of risk areas

  • Credit risk. Effective credit risk management practices should include monitoring climate-related credit risks across market sectors, geographies, and concentrations (including concentrations stemming from physical and transition risks and potential changes in correlations across exposures or asset classes).
  • Liquidity risk. Incorporate climate risks into liquidity risk management and liquidity buffers.
  • Other financial risk. Monitor interest rate risk and other model inputs for greater volatility or less predictability due to climate risks.
  • Operational risk. Consider how climate risk exposures may adversely impact operations, control environments, and operational resilience. Effective operational risk management practices would include conducting an assessment across all business lines and operations, as well as consideration of third-parties, business continuity, and evolving legal and regulatory landscapes.
  • Legal/Compliance risk. Consider how climate risks and risk mitigation measures affect the legal and regulatory landscape in which the bank operates.
  • Other nonfinancial risk. Monitor the execution of strategic decisions and how the operating environment affects financial condition and operational resilience. Consideration should be given to:
    • The extent to which the bank’s activities may increase the risk of negative financial impact from reputational damage, liability, and litigation
    • Adequate measures to implement to mitigate these material risks

The OCC is seeking public comments on these draft principles and risk areas, while specific questions are directed to current practices; data, disclosure, and reporting issues; and scenario analysis. Feedback will be incorporated into subsequent guidance related to climate risk management. Comments are due on February 14, 2022.

See below for more information:

  • OCC Bulletin 2021-62 – Risk Management: Principles for Climate-related Financial Risk Management for Large Banks; Request for Feedback
  • KPMG Regulatory Alert | Climate-related metrics, targets, and transition plans, available here
  • KPMG Regulatory Alert | BCBS consultation: Principles to manage climate-related financial risks, available here
  • KPMG Regulatory Alert | Board action: Climate risk questions for management, available here

Get the latest thinking from KPMG