Climate Risk Identification: It's Not a Standalone Category

The Register That Existed in Parallel

At a European G-SIB where I built the risk identification process, we ran our first Delphi panel in 2016. Among the emerging risks the panel flagged — independently, anonymously, without groupthink — were physical risk to real estate collateral from changing flood patterns, transition risk from carbon policy shifts hitting the energy lending book, and stranded asset risk from accelerating renewable adoption. These were identified years before any European regulator mandated climate risk assessment.[1]

By the time the ECB published its Guide on Climate-Related and Environmental Risks in November 2020, many banks had responded to the regulatory signal by creating something I'd seen before: a separate climate risk register. A standalone document, maintained by a sustainability team, disconnected from the main risk inventory, unlinked to ICAAP stress scenarios, invisible to the quarterly re-identification cycle.[2]

The intention was good. The execution was structurally flawed. And the flaw is the same one that has tripped up risk identification for decades: if you treat a risk driver as a standalone category instead of mapping how it transmits through existing risk types, you create a silo that looks like coverage but delivers gaps.

The Problem: Silos Disguised as Coverage

The instinct to create a standalone climate risk category is understandable. Regulators are asking about it. Board members want to see it. The TCFD framework has its own disclosure template. It feels like it deserves its own box on the taxonomy.

But climate risk does not behave like credit risk or market risk. It doesn't generate its own loss events. It generates loss events through credit risk, market risk, operational risk, liquidity risk, and reputational risk. A severe flood doesn't appear in your loss database as "climate risk." It appears as impaired collateral on a commercial real estate loan (credit risk), as a business interruption claim from a corporate borrower (credit risk again), as a supply chain disruption affecting a manufacturing client (operational risk for them, credit risk for you), and as investor criticism of your coastal lending concentration (reputational risk).

When you treat climate as standalone, three things go wrong. First, double-counting: the same flood-driven credit impairment gets recorded in both the climate register and the credit risk register, making aggregate exposure figures unreliable. Second, gaps: the climate register captures what the sustainability team knows about, but misses climate transmission channels that only credit analysts or market risk specialists would recognise. Third, integration failure: the standalone register doesn't connect to the ICAAP, doesn't feed stress scenarios, and doesn't appear in Board risk reporting — because it sits outside the architecture that links the main risk inventory to capital planning.[3]

The result is compliance theatre. The bank can tell the regulator it has a climate risk register. It cannot demonstrate that climate risks are systematically identified, assessed, and integrated into capital planning through the same rigorous process applied to every other material risk.

What the Regulators Actually Want

The Transmission Channel Consensus

Read the regulatory guidance carefully and a consistent message emerges. The ECB, EBA, PRA, BCBS, and the NGFS all point in the same direction: climate risk should be mapped through transmission channels into existing risk categories, not treated as a parallel taxonomy.

The ECB Guide on Climate-Related and Environmental Risks (2020) expects banks to assess how climate drivers — both physical and transition — transmit into their existing risk categories. The EBA's Report on Management and Supervision of ESG Risks (2021) reinforces this with specific guidance on mapping ESG factors through credit, market, operational, and reputational risk.[4] The BCBS Principles for the Effective Management and Supervision of Climate-Related Financial Risks (2022) are explicit: climate risk should be incorporated into existing risk management frameworks, not bolted on as an afterthought.[5]

The NGFS (Network for Greening the Financial System) has developed the most detailed transmission channel framework, mapping exactly how physical risk (acute and chronic) and transition risk (policy, technology, market, reputation) flow through to financial risk categories. This is not abstract theory. It is the analytical backbone that regulators expect to see in your risk identification methodology.

Even the Fed's 2023 Climate Scenario Analysis pilot integrated climate into existing risk categories rather than creating a new one. Climate was the driver. Credit risk, market risk, and operational risk were the manifestations. The scenario analysis asked: how do these climate pathways affect exposures we already know how to measure?

The Taxonomy Paradox

This creates a genuine design challenge for risk taxonomy. On one hand, if climate doesn't appear as a named category in the taxonomy, the institution is structurally incapable of identifying it. The taxonomy defines the universe of what can be found — and what isn't in the taxonomy can't be systematically assessed. On the other hand, if climate appears as a standalone category parallel to credit and market risk, it creates the silo problems described above.

The resolution is to include climate as a named category in the taxonomy for the purpose of ensuring completeness — to satisfy the MECE (Mutually Exclusive, Collectively Exhaustive) requirement — while conducting the actual identification and assessment work through the transmission channels that map climate drivers to existing risk types.[6] The category exists to ensure nothing falls through the cracks. The identification work happens where the risk actually manifests: in credit, market, operational, and liquidity.

This is not a semantic distinction. It determines where the identification expertise sits (in business-line risk teams, not only in sustainability), how the risk flows to capital planning (through existing ICAAP pathways, not a parallel reporting line), and how the Board receives the information (integrated into the main risk inventory, not in a separate sustainability report they may or may not read).

A Pattern We've Seen Before

Climate risk is not the first risk type to go through this evolution. Conduct risk followed exactly the same path. Before the PPI scandal cost the UK banking industry over GBP 50 billion, conduct risk didn't exist as a taxonomy category in most banks. It manifested through product risk, legal risk, and reputational risk — but because no one named it, no one systematically identified it.[7]

Cyber risk followed the same trajectory. It was buried inside "IT risk" or "operational risk — systems" until a series of high-profile breaches and regulatory interventions forced it into the taxonomy as a named category. The institutions that had already been mapping cyber transmission channels through their operational risk framework were years ahead of those that scrambled to build a standalone cyber risk register from scratch.

In each case, the risk existed long before the taxonomy recognised it. And in each case, the institutions that added the category early — because their horizon scanning or Delphi processes identified the emerging threat — were better positioned than those that waited for regulatory mandate or industry loss events.

What Good Looks Like: The Transmission Channel Map

The methodology for getting climate risk identification right has six components, and none of them require you to build a standalone climate risk function.

First, define the six transmission channels. Physical risk splits into acute (discrete events like floods, storms, wildfires) and chronic (long-term shifts like sea-level rise, water stress, temperature change). Transition risk splits into policy (carbon pricing, emissions regulations), technology (disruption of carbon-intensive business models), market (shifting investor and consumer preferences), and reputation (perceived inaction on climate commitments). Each channel maps to specific L1 risk categories in your existing taxonomy.

Second, use the interaction matrix. Climate is a classic propagation node — its crystallisation cascades across multiple risk types simultaneously. Physical risk (acute) triggers operational risk through property damage and business disruption. Physical risk (chronic) amplifies credit risk through gradual collateral value decline. Transition risk (policy) triggers market risk through stranded asset repricing. The interaction matrix makes these chains visible and auditable — turning practitioner intuition into documented methodology that a regulator can examine.[8]

Third, embed climate prompts in your existing identification tools. SWIFT workshops should include guide words like: "What has changed in climate regulation since last quarter that could affect our lending book?" and "What are we assuming about the long-term value of our commercial real estate collateral that might not be true under a 2-degree warming scenario?" The Delphi panel should explicitly canvass climate-related emerging risks. The quarterly PESTLE refresh should include environmental events as a standing assessment dimension.

Fourth, extend the time horizon. Climate risks must be assessed across three horizons: short-term (1–3 years), medium-term (3–10 years), and long-term (10–30 years). The long-term horizon exceeds normal business planning cycles but matters today, because a bank with significant coastal real estate exposure faces minimal short-term physical risk but material long-term risk — and that long-term risk affects the credit quality of the portfolio now, because it affects the residual value of the collateral over the life of the loan.

Fifth, use concentration analysis to surface hidden climate exposure. A portfolio that appears diversified across geographies and sectors may have hidden climate concentration if many of those exposures share a common climate vulnerability — coastal property across multiple countries, or multiple sectors dependent on carbon-intensive supply chains. The most dangerous concentrations are those disguised by apparent diversification.[9]

Sixth, ensure integration. Climate risks identified through the transmission channel framework must appear in the central risk inventory, feed through to risk appetite statements, link to ICAAP/CCAR stress scenarios, and reach the Board through the same reporting architecture as every other material risk. At one institution I worked with, the risk inventory contained thirty-seven material risks while the ICAAP addressed twelve. The gap was structural, not deliberate. Climate risk widens that gap unless you build the integration from the start.

What To Do Monday Morning

Audit your current climate risk taxonomy placement. Open your risk taxonomy and check: is climate risk a standalone L1 category with its own separate register, or does it map through transmission channels into your existing risk types? If it's standalone with no transmission mapping, you have a silo. If it's nowhere in the taxonomy at all, you have a gap. Either way, fix it.
Build a transmission channel map. Create a simple matrix: six climate transmission channels (rows) against your existing L1 risk categories (columns). For each cell, document whether a transmission pathway exists for your institution's specific business model and geographic footprint. This exercise takes half a day and immediately reveals where climate risk is entering your portfolio.
Add climate prompts to your next SWIFT workshop. Don't run a separate "climate risk workshop." Instead, add two climate-specific guide words to your next regular risk identification session: "What climate-related regulatory changes could affect this business line in the next 12 months?" and "What physical climate events could impair our collateral or disrupt our clients' operations?" This integrates climate into the existing process rather than creating a parallel one.
Check the integration pipeline. Trace any climate risks currently identified in your institution and ask: do they appear in the central risk inventory? Are they linked to ICAAP/ILAAP scenarios? Do they reach the Board through standard risk reporting? If the answer to any of these is no, the identification exists but the integration doesn't — which means, for capital planning purposes, the identification might as well not exist.[10]
Include climate in your quarterly re-identification cycle. The quarterly PESTLE refresh should explicitly include environmental and climate developments. New carbon pricing announcements, extreme weather events affecting portfolio geographies, peer institution climate-related losses — all of these are event-driven triggers that should prompt re-identification, not just re-assessment of risks you already know about.

Sources & References

The Delphi Method's role in identifying emerging risks before regulatory mandates is documented in the EON methodology. ISO 31010:2019, Risk Assessment Techniques, Annex B.4 describes the Delphi technique for structured expert elicitation.
European Central Bank, Guide on Climate-Related and Environmental Risks: Supervisory Expectations Relating to Risk Management and Disclosure, November 2020. Sets expectations for how banks should integrate climate risk into existing risk management frameworks.
Prudential Regulation Authority, Supervisory Statement SS31/15, The Internal Capital Adequacy Assessment Process (ICAAP) and the Supervisory Review and Evaluation Process (SREP), updated December 2020. Climate risks identified must flow through to ICAAP stress scenarios via the same capital planning pathways as all other material risks.
European Banking Authority, Report on Management and Supervision of ESG Risks for Credit Institutions and Investment Firms, EBA/REP/2021/18, 23 June 2021. Provides specific guidance on mapping ESG risk factors through existing prudential risk categories.
Basel Committee on Banking Supervision, Principles for the Effective Management and Supervision of Climate-Related Financial Risks, June 2022. Principle 4 requires banks to incorporate climate-related financial risks into their existing risk management frameworks.
The MECE (Mutually Exclusive, Collectively Exhaustive) principle for risk taxonomy design is a foundational requirement in ISO 31000:2018 and COSO ERM (2017). A taxonomy gap means the institution is structurally incapable of identifying the missing risk type.
The PPI scandal cost the UK banking industry over GBP 50 billion in redress, with Lloyds Banking Group alone paying GBP 22 billion. Conduct risk was largely invisible in bank taxonomies before these losses materialised. See FCA, Payment Protection Insurance Complaints, aggregate data 2011–2019.
The risk interaction matrix methodology maps directional trigger, amplification, and correlation relationships between all material risks. See BCBS, Corporate Governance Principles for Banks (BCBS 328), July 2015, Principle 7, which requires firm-wide risk identification including interaction effects.
BCBS, Principles for Effective Risk Data Aggregation and Risk Reporting (BCBS 239), January 2013. Requires banks to aggregate risk data across the enterprise, making hidden concentrations visible — including concentrations that emerge only when climate is used as the analytical lens.
Board of Governors of the Federal Reserve System, SR 15-18 / CA 15-14, Federal Reserve Supervisory Assessment of Capital Planning and Positions for LISCC Firms and Large and Complex Firms, 18 December 2015. The Material Risk Inventory must be comprehensive and updated quarterly, with direct linkage to stress scenario design and capital estimation.