New York State Department of Financial Services Proposes Guidance for Managing Material Risks from Climate ChangeDecember 27, 2022
On December 21st, the New York State Department of Financial Services (“DFS”) issued proposed guidance (“Proposed Guidance”) for New York State-regulated banking and mortgage institutions (“Regulated Organizations”) with the intended purpose of helping such institutions manage safety and soundness risks related to climate change.
The Proposed Guidance categorizes climate change into two channels – physical risks and transition risks. Physical risks arise from the increasing frequency, severity, and volatility of acute events, such as hurricanes, floods, and wildfires. Transition risks arise from economic and behavioral shifts driven by policy and regulations, adoption of new technologies, consumer and investor preferences, and changing liability risks. Pursuant to the Proposed Guidance, Regulated Organizations should be prepared to properly mitigate and manage both risks.
The Proposed Guidance focuses on the following components of risk management by Regulated Organizations: corporate governance; internal control framework; risk management process; data aggregation and reporting; and scenario analysis. It also discusses how Regulated Organizations are expected to minimize and affirmatively mitigate adverse impacts on low- and moderate-income communities while managing climate-related financial risks.
There is no exemption in the Proposed Guidance for organizations under a certain size. DFS has noted that “[s]maller organizations are not necessarily less exposed to climate-related financial risk, because they may have concentrated business lines or geographies that are highly exposed to climate-related financial risks without the risk-mitigating benefit of diversification available to larger organizations.”
I. Supervisory Guidance
Regulated Organizations’ governance framework should ensure that there is a process in place for identifying, measuring, monitoring, and controlling financial risks associated with climate change.
Business Environment and Strategy
Regulated Organizations should develop procedures for assessing the potential impact of climate-related financial risks on businesses and on the organization’s business units and product lines. Additionally, any strategies for climate-related financial risk should align with and support the Regulated Organization’s broader strategy, risk appetite, and risk management framework.
Board and Management Oversight
A Regulated Organization’s board and management should have adequate understanding and knowledge to assess climate-related financial risks and their impact on the overall risk appetite of the organization. This includes designating board members or committees to be responsible for oversight, allocating appropriate resources to address climate-related risks, and integrating responsibility and accountability into the existing organizational structures.
The Proposed Guidance encourages Regulated Organizations to take a dynamic approach to developing their risk management framework, tailored to their business models, specific activities, and specific business decisions. Regulated Organizations should also consider the expected longevity of customer relationships.
Additionally, senior management should be responsible for executing the organization’s overall strategic plan, managing material climate-related financial risks, and reporting to the board regularly on the level and nature of such risks.
Policies, Procedures, and Limits
Regulated Organizations should incorporate management of material financial risks from climate change in their policies and procedures.
Internal Control Framework
A Regulated Organization's organizational structure should establish clear lines of authority and responsibility for monitoring adherence to policies and procedures, including the following:
- First line of defense—or the risk-taking function—should assess climate related financial risks during client onboarding, credit application, and credit review processes.
- The second line of defense—or the risk management function—should undertake independent climate-related financial risk assessment and monitoring.
- The third line of defense—or the internal audit function—should, consistent with audit’s role in an organization’s risk-management framework generally, conduct regular independent reviews of an organization’s climate-related internal control framework and systems.
Risk Management Process
Regulated Organizations should identify, measure, monitor, and control climate-related financial risks in the following ways:
- Identify Risk. Regulated Organizations should consider how physical and transition risks may impact specific asset classes, sectors, counterparties, or geographical locations.
- Measure Risk. Regulated Organizations should develop appropriate key risk measurement tools or indicators for effective management of material climate-related financial risks.
- Monitor Risk. Regulated Organizations should regularly monitor risk positions and exceptions to operating within established policies, limits, and risk appetite related to material climate-related financial risks. They should also monitor the impacts from such risks on outsourcing arrangements, service providers, supply chains, and business continuity planning.
- Control Risk. The board and management should establish and implement plans to mitigate and manage the organization’s exposures to material climate-related financial risks and should review and assess the effectiveness of mitigation plans regularly.
- Manage Existing Risk. Regulated Organizations should assess the impact of physical and transition risks as drivers of their existing risk categories. The Proposed Guidance provides additional information on how climate-related risk drivers may impact credit, market, operational, liquidity, legal/compliance, and strategic risk.
Data Aggregation and Reporting
Regulated Organizations should develop risk data aggregation capabilities and risk reporting practices that are capable of monitoring material climate-related financial risks and producing timely information to facilitate board and senior management decision-making. Regulated Organizations should also consider enhancing existing systems, where appropriate, to make it possible to identify, collect, and centralize the data necessary to assess such risks.
The Proposed Guidance states that climate scenario analysis can be a useful tool in identifying, anticipating, managing and measuring climate-related financial risks. Regulated Organizations should consider using a range of climate scenarios based on assumptions regarding the impact of climate-related financial risks over different time horizons to assess the resiliency of their business models and strategies, identify and measure vulnerability to relevant climate-related risk factors, including physical and transition risks, estimate exposures and potential impacts, and determine the materiality of climate-related financial risks.
Impact on Fair Lending
The Proposed Guidance reminds Regulated Organizations that their actions to address climate-related financial risks could have an unintended but disproportionate impact on financially vulnerable communities. DFS expects Regulated Organizations to minimize and affirmatively mitigate adverse impacts on these communities while managing climate-related financial risks to address safety and soundness concerns.
II. Federal Guidance on Climate-Related Financial Risk Management
Apart from the new DFS Proposed Guidance for New York Regulated Organizations, the Office of the Comptroller of the Currency (“OCC”), the Board of Governors of the Federal Reserve System (“Federal Reserve”), and the Federal Deposit Insurance Corporation (“FDIC”) have also released guidance for banks regulated by those agencies.
In December 2021, the OCC published Draft Principles for Climate-Related Financial Risk Management for Large Banks (“Draft Principles”). The Draft Principles provide a high-level framework for the safe and sound management of exposures to climate-related financial risks, consistent with the existing risk management framework described in existing OCC rules and guidance.
With substantially similar language as the Draft Principles published by the OCC, the FDIC and the Federal Reserve released guidance earlier in 2022. In April, the FDIC published Statement of Principles for Climate-Related Financial Risk Management for Large Financial Institutions. Similarly, in December, the Federal Reserve published proposed Principles for Climate-Related Financial Risk Management for Large Financial Institutions. All three federal guidance materials urge large financial institutions to consider how best to identify, measure, monitor, and control the various risks associated with climate change over a variety of time horizons.
The Federal Reserve stated that its staff developed the guidance in consultation with the staff of the OCC and the FDIC, and “intends to work with those agencies to promote consistency in the supervision of large banks through final interagency guidance.” Although all three guidance materials share many similarities, there are some differences.
The DFS Proposed Guidance encourages Regulated Organizations to take a proportionate approach to the management of the climate-related financial risks they face, appropriate to each organization’s exposure to climate-related financial risks. Furthermore, it sets out DFS’s expectations that all Regulated Organizations start integrating the consideration of the financial risks from climate change into their governance frameworks, business strategies, risk management processes and scenario analysis, and developing their approach to climate-related financial disclosure.
Please note that the Proposed Guidance does not contain a proposed timeline for implementing any final guidance, nor does it contain any provision addressing requirements for entities to disclose material climate-related financial risks.
Interested parties are encouraged to provide feedback on the Proposed Guidance by March 21, 2023. The Proposed Guidance and instructions for providing feedback can be found on the Public Feedback section of the Climate Change page on DFS’s website. In addition, DFS will be hosting a webinar to provide an overview of the Proposed Guidance on January 11, 2023 at 10:30 am, and interested parties may register for the webinar here.
This advisory is a general overview of the Proposed Guidance and is not intended as legal advice. The Proposed Guidance is very detailed and must be reviewed in its totality.
If you have any questions about the Proposed Guidance, please feel free to contact Joseph D. Simon at (516) 357-3710 or via email at email@example.com, Kevin Patterson at (516) 296-9196 or via email at firstname.lastname@example.org, Elizabeth A. Murphy at (516) 296-9154, or via email at email@example.com, or Gabriela Morales at (516) 357-3850 or via email at firstname.lastname@example.org.
 Regulated Institutions are New York State-regulated banking organizations, New York State-licensed branches and agencies of foreign banking organizations, and New York State-regulated mortgage bankers and mortgage servicers.