The PRA’s recent Consultation Paper (CP10/25) on enhancing banks’ and insurers approaches to managing climate-related risks provides clearer guidance on the PRA’s expectations with regards to governance in this evolving area (with potential read-across for other types of risks and for a range of different firms). Set out below is a checklist of ten potential governance considerations for firms and their boards based on our takeaways from the PRA’s observations and proposals in relation to managing climate-related risks:

  1. Board ownership of risk appetite: The PRA expects the board to set and own the overall business risk appetite for climate which should be based on analysis provided by risk and cascaded across the business. The PRA proposes that the board should agree climate-specific risk appetite statements for material climate related risks identified in the firm’s risk register. Risk appetite and supporting metrics should be defined at both firm and business line level, informed by scenario analysis including reverse stress tests. Risk appetite statements can be categorised in different ways but the output should be structured and give a clear statement of how the firm intends to approach these risks.
  1. Management information and analysis: The PRA has observed that climate-related risk analysis provided to boards is often unclear and insufficiently specific or targeted and that impact analysis with regards to strategy is limited.  The PRA proposes that management bodies should provide their board with the relevant information and analysis on climate related risks to help the board understand the potential impacts in different scenarios using the outputs from the risk identification process. The board should be provided with performance analysis under a range of climate scenarios and management should demonstrate to the board the resilience of the firm’s existing strategy. 
  1. Training: The PRA proposes that firms should provide boards with appropriate training on climate-related risks including current methods and tools used by the firm to manage risks. 
  1. Challenge: The PRA expects that the board will use this training and information to provide effective challenge with regards to climate-related risks.  
  1. Periodic review: The PRA proposes that the board should ensure there is a periodic review of the firm’s risk appetite, climate-related risk management practices and strategy. The board should look to the management body and particularly the relevant SMF to implement the review and to demonstrate to the board that the risk appetite and strategy are appropriate to any developments.
  1. Record-keeping: Evidencing the board’s ownership, consideration and challenge relies on effective record-keeping such as appropriate minutes of discussion and follow up. Minute-takers need to be trained and provided with guidance on how best to meet the PRA’s expectations in this area. 
  1. Aligning goals with actions: The PRA proposes that a firm should be able to demonstrate how it has integrated its plan to meet any climate goals that it has voluntarily adopted or is required to meet in its jurisdictions and how any associated risks have been reflected in risk management frameworks. The aim is to ensure that any goals are underpinned by coherent actions including identifying and managing any risks.
  1. Governance structures and responsibility: Management responsibilities for identifying and managing climate-related risks, including providing appropriate information to the board, should be assigned at an appropriate level of responsibility such as SMF or board member with clear reporting lines. Climate-related risk should be incorporated into internal control frameworks across the three lines of defence. 
  1. Accountability: The responsible individual should be held appropriately to account (for example through the firm’s appraisal and reward system) and so this will need to be built into the performance review process with appropriate criteria and consequences. 
  1. Outsourcing and third parties: When calibrating the firm’s approach to climate-related risks, boards should ensure they cover risk appetite and tolerance levels for outsourced and third-party arrangements that may be exposed to or may introduce climate-related risks. 

The consultation also covers other aspects of managing climate-related risks which need to be integrated within the overall governance framework, such as risk management and scenario analysis.  It closes on 30 July 2025. 

There is a range of support we can offer to clients in effectively building ESG considerations into their governance arrangements. For further information on this, as well as insights in this area, please see our ESG hub or contact the authors directly.