Banks' Management of ESG-Related Credit Risks Requires Attention, Knowledge, and Systematic Approach

Banks' Management of ESG-Related Credit Risks Report June 2026

Banks' Management of ESG-Related Credit Risks 2 Banks' Management of ESG-Related Credit Risks The Danish Financial Supervisory Authority's inspections in 2025 showed that the largest Danish banks needed to strengthen the identification, analysis, and management of credit risks related to environmental, climate, social, and governance (ESG) factors in accordance with, among other things, the Management Decree1. This report summarizes the most significant cross-cutting observations and points where the inspections showed that the institutions had a need for improvement. The observations from the individual institutions, and the supervisory reactions they have led to, are set out in the published inspection reports2. The observations from the inspections may, however, be relevant for all institutions with credit risks related to ESG, and this report is therefore intended as a help to the institutions' work in this area by summarizing the observations and the Danish Financial Supervisory Authority's practice in the area. The points supplement the information that the Danish Financial Supervisory Authority has previously published on the same topic3. 1 Decree on the management and control of banks, etc. No. 1103 of 30 June 2022 with subsequent amendments 2 Report on the inspection of Danske Bank A/S' management of ESG-related credit risks for corporate customers, report on the inspection of Jyske Bank A/S' management of ESG-related credit risks for corporate customers, and report on the inspection of Nykredit Bank A/S' management of ESG-related credit risks for corporate customers 3 Notes on good practice for credit institutions' handling of ESG factors in the credit area and IRB area, good practice for the management of ESG-related risks in credit institutions, smaller banks should continuously develop methods to handle ESG-related credit risks, and requirements for credit institutions' ESG risk management as of 1 January 2026

Banks' Management of ESG-Related Credit Risks 3 Summary of requirements from the Management Decree and the Danish Financial Supervisory Authority's practice in the areas where the inspections showed a need for improvement:

1. Identification of material credit risks related to ESG must include both physical risks (e.g., extreme weather) and transition risks (e.g., changed legislation), adapted to the customer's industry and creditworthiness. Customers for whom ESG factors may have a significant impact on credit risk must be analyzed in more detail. For the many customers where it is clear that ESG factors do not have a significant impact on credit risk, analyses of the significance of ESG factors are, however, not relevant.
2. Portfolio analyses must include impact assessments of scenarios that are not mild, and the choice of scenarios must be anchored in management.
3. Credit risks related to ESG must be integrated into credit policy and business processes. This entails requirements for analyses and collection of relevant ESG data. In practice, there is good alignment between reporting in accordance with the voluntary standard for sustainability reporting, VSME, and the identification of credit risks related to ESG.
4. In the credit assessment of individual customers, credit risks related to ESG must be distinguished from broader sustainability elements, and the focus must be on the factors that have an impact on credit risk. The institution must analyze the customer relationships where significant credit risks related to ESG have been identified. It is, however, not relevant to use effort on ESG factors that do not have an impact on the customer's creditworthiness and thus the institution's loss risk.
5. Identified material credit risks related to ESG must be discussed with the relevant customers to create a common understanding and basis for credit decisions.
6. Relevant employees must be able to identify, analyze, and communicate credit risks related to ESG. This can be strengthened by targeted internal training.
7. The institutions must have effective controls in the first and second lines of defense that ensure quality and operational implementation of ESG risk assessments. The rules on the handling of ESG-related credit risks are set out in Section 72 of the Financial Business Act and Section 4 and Annex 1, Nos. 1, 2, and 16-19 of the Management Decree. In addition, there are the guidelines on the management of environmental, social, and governance risks (ESG risks) from the European Banking Authority (EBA)4. Each institution must adapt the handling of credit risks related to ESG to its size, business model, and risk profile. Smaller institutions may have less extensive internal requirements, but all must identify and relate to material risks in credit policy and business processes. The scope tightens as the institution's exposure to customers with significant credit risks related to ESG increases, and all institutions must therefore, in accordance with the Management Decree, identify these risks and relate concretely to them in credit policy and business processes. According to the guidelines on the management of environmental, social, and governance risks (ESG risks), the institution should conduct a materiality assessment of ESG risks at least once a year, but small and non-complex institutions at least every other year5. 4 EBA/GL/2025/01 - Guidelines on the management of environmental, social, and governance risks (ESG risks) 5 Subsection 4.1, paragraph 11 of the Guidelines on the management of environmental, social, and governance risks (ESG risks)

Banks' Management of ESG-Related Credit Risks 4

1. Identification of material credit risks related to ESG It is a requirement in the Management Decree that each institution identifies the credit risks related to ESG that may be material to its business model, risk profile, and other credit risks. The inspections showed that this requires, at a minimum, an assessment of whether physical factors, such as drought in agriculture, or transition factors, such as phase-out and increased costs of fossil vehicles in the transport sector, can lead to significant credit risks related to ESG. Examples of the different factors are described in more detail in Table 1. To what extent they are relevant for the individual institution depends on the customers' industry composition and creditworthiness. All institutions will thus generally have a large share of customers for whom it is clear that ESG factors do not have a significant impact on credit risk, and where analyses of the significance of ESG factors are therefore not relevant. The table contains a division into physical factors and transition factors at the industry level. Physical factors are the direct consequences of climate and environmental changes, such as extreme weather, while transition factors include, among other things, political decisions, technological changes, and changed consumer behavior. Table 1: Examples of ESG factors Industry Physical Factors Transition Factors Agriculture More extreme weather in the form of increased drought and increased heavy rain Rise in groundwater levels Changes in biodiversity Increased scope of animal diseases Implementation of the Green Tripartite New environmental legislation, e.g., recent ban on the use of pesticides with PFAS active substances Legislation and consumer preferences regarding animal welfare Fishery Changes in marine environment and biodiversity Phase-out or increased costs related to bottom trawling, overfishing, and emissions from fishing vessels Costs for documentation of catch methods and Marine Stewardship Council certification (MSC certification) and reputation risk due to lack of documentation

Banks' Management of ESG-Related Credit Risks 5 Industry Physical Factors Transition Factors Transport Phase-out, increased costs, and loss of value related to fossil motor vehicles, including road and emission taxes, environmental zones, and access restrictions in cities Loss of market position due to lack of fleet transition Fines, increased requirements, and customer withdrawal due to working conditions and employee safety Real Estate Sea and groundwater level rise, heavy rain, and erosion Implementation of the Building Directive Increased requirements for energy efficiency Reduced possibility of insurance coverage for natural disasters Trade Risks mentioned under real estate for the business's producers abroad, if the business has high dependence on the producer Phase-out, increased costs, or restrictions related to the use of fossil energy, raw materials, raw materials, wood, chemicals, and water, which affect the price of the traded products Risks mentioned under transport, which increase the transport costs of trading businesses Fines, increased requirements, and falling demand related to conditions in the business's value chain abroad (child labor,

Banks' Management of ESG-Related Credit Risks 6 Industry Physical Factors Transition Factors corruption, unhealthy and dangerous work, destruction of natural areas, violation of indigenous peoples, and negative impact on local communities) Parts of the industrial sector Risks mentioned under real estate for the business's real estate or production sites abroad Phase-out, increased costs, or restrictions related to the use of fossil energy, raw materials, raw materials, wood, chemicals, and water Fines, increased requirements, and falling demand related to conditions in the business's value chain abroad (risks mentioned under trade) Utilities Risks mentioned under real estate for the business's real estate and facilities Phase-out, increased costs, or restrictions related to the use of fossil fuels The inspections clarified that the largest credit risks related to ESG are associated with possible future developments with limited probability but significant impact if the development occurs. It is therefore important to be able to comply with the Management Decree to include them in the institution's portfolio analyses of the most significant credit risks related to ESG. 2. Portfolio Analyses There is considerable uncertainty about how and when ESG factors will materialize in the future. To avoid underestimating credit risk, there is a need for knowledge of the consequences of scenarios that are not mild and that can occur in the short, medium, and long term. This follows from Section 72 of the Financial Business Act. If the institution assesses that milder scenarios are the most realistic, it can also be beneficial to calculate the consequences related to these, so they can be included in credit management. The institution must relate to relevant scenarios based on the latest scientific knowledge and on scenarios and resources made available by generally recognized international or regional organizations.

Banks' Management of ESG-Related Credit Risks 7 The inspections showed that for the assets they have financed, institutions can have impact calculations of a number of recognized scenarios delivered from data providers. For transition risks in Table 1, the inspections showed that the consequence of an occurrence, which takes into account the uncertainty of basing on non-mild scenarios, is best calculated by including adopted legislation, possible future legislation, and any changes in consumer preferences. If the legislation is not yet fully implemented, such as the Green Tripartite and the new Building Directive, the institution, like with other elements in credit management, must make prudent assumptions. It will, for example, not be prudent to assume that new technology neutralizes the risk, that increased sales prices for the customer's products in all cases or for all producers can cover costs, or that changes in consumer preferences are offset by other consumer trends, so that the customer's sales are not affected. The choice of scenarios must, in accordance with the Management Decree, be anchored in management. The inspections showed that knowledge of and choice of scenarios were often reserved for a few employees in the institution, although their use has decisive importance for the institution's calculations of credit risks related to ESG. The inspections thus clarified the need for the institution to decide on the choice of scenarios for use in credit management in accordance with the principles of its usual management and control. 3. Integration into Credit Policy and Business Processes When the institution has calculated the possible consequences of physical factors and transition factors, it has a basis for deciding its risk appetite and concretizing this in credit policy and business processes in accordance with the Management Decree. This may be, for example, that the institution does not wish to provide certain types of financing due to credit risks related to ESG. It can also be stated in a business process which specific credit risks related to ESG the institution must analyze in credit applications, and how the analysis must be prepared concretely and quantitatively. An example of a quantitative analysis is that the institution has a template for transport customers with diesel vehicles, from which it appears how employees must concretely calculate diesel taxes, road taxes, the consequence of environmental zones, and costs related to replacement with electric or biogas trucks. In the example, it will also appear from the institution's business process how quickly the customer's earnings must cover these costs. The institution only needs internal analysis requirements in business processes for material credit risks related to ESG if the institution's portfolio analyses show that it has these risks. The institution will, with such quantitative analyses, also obtain the relevant ESG data on the customers. The inspections showed that the institutions' most important work regarding ESG data for use in credit management is to identify the relevant ESG data points that they must use to analyze the customers' credit risk. For use in credit management, institutions often only need a few, but well-considered, ESG data points.

Banks' Management of ESG-Related Credit Risks 8 In practice, there is good alignment between reporting in accordance with the voluntary standard for sustainability reporting, VSME6, and the identification of credit risks related to ESG. VSME can thus function as a structured data basis that, supplemented by the institution's own quantitative analyses and materiality assessments, supports the selection of a few, but credit-relevant, ESG data points. However, it appears from VSME that lenders or investors may request small and medium-sized enterprises to provide other types of sustainability information than those covered by the VSME standard, and that the voluntary standard for sustainability reporting does not affect the enterprises' reporting obligations that follow from other EU legislation. 4. Credit Processing of Individual Customers To comply with the requirements in the Management Decree, institutions must distinguish between credit risks related to ESG and broader sustainability elements and ensure focus on the factors that have an impact on credit risk. Broader sustainability elements include positive societal contributions, such as customers' installation of solar cells on the roof or sponsorship of the local football club. This normally does not constitute an economic loss risk for the institution if the customer has not made such measures. Credit risks related to ESG, on the other hand, relate to factors that can negatively affect the customer's business model, profitability, and repayment capacity. These are, for example, factors mentioned in the overview in Table 1. The credit applications thus lack an analysis of the customers' credit risks related to ESG if they primarily describe the customers' broader sustainability elements. To strengthen the institutions' risk management in accordance with the Management Decree, they must therefore more clearly clarify and distinguish credit risks related to ESG from broader sustainability elements. The institution can focus its resources on the customer relationships where significant credit risks related to ESG have been identified. It is, however, not relevant to use effort on ESG factors that do not have an impact on the customer's creditworthiness and thus the institution's loss risk. Even if a customer relationship is associated with significant credit risks related to ESG, approval can still take place, as long as these risks are identified, analyzed, and handled. The crucial point is that the institution has a sufficient basis for understanding and relating to the risks, that they can be accommodated in the institution's risk appetite, and that the institution has taken appropriate measures to mitigate or monitor them. Approval can thus be prudent if the risks are known, documented, and incorporated into the decision basis. This can, for example, be done through the institution's assessment of the customer's transition plan and follow-up on it. A transition plan contains one or more goals and a description of the customer's plan for realizing the goals. The more detailed requirements for a customer's transition plan are established as part of the institution's risk appetite in the area. 6 https://eur-lex.europa.eu/legal-content/DA/TXT/HTML/?uri=OJ%3AL_202501710 - Commission Recommendation (EU) 2025/1710 (a voluntary standard for sustainability reporting for small and medium-sized enterprises). See also Voluntary reporting on sustainability according to the VSME standard | Danish Financial Supervisory Authority

Banks' Management of ESG-Related Credit Risks 9 5. Dialogue with Customers When the institution has identified credit risks related to ESG that are material and potentially have an impact on the customer's business model and debt servicing capacity, the institution must discuss them with the customer. This creates a common understanding between the institution and the customer about which credit risks related to ESG can affect the customer, which investments may be necessary to mitigate these risks, whether the operations can accommodate the investments, whether the customer is aware of the risks, and how the customer plans to counter them. This gives the institution a better basis for assessing the customer's creditworthiness and for making informed decisions about credit granting, follow-up, and possible requirements for security or other risk-mitigating measures. At the same time, it supports a continuous dialogue about the customer's ability and willingness to handle credit risks related to ESG, which is central for prudent credit granting and risk management in accordance with the Management Decree. The institutions have stated that customers generally view a dialogue on ESG factors positively. 6. Internal Training Relevant employees must be able to identify, analyze, and communicate credit risks related to ESG in accordance with the Management Decree. This can be strengthened by targeted internal training. The institutions have initiated relevant internal training that contributes to strengthening the handling of credit risks related to ESG. The training includes, among other things, targeted teaching of the credit organization and customer managers in: • the difference between credit risks related to ESG and broader sustainability elements, including exercises in distinguishing between what the customer does to be sustainable and which credit risks related to ESG the customer is exposed to • concrete customer cases with significant credit risks related to ESG, possibly with visits and presentations from selected customers • how credit risks related to ESG are uncovered in customer dialogue • the written presentation of the risk element in the credit assessment and decision basis. 7. Controls The institutions must have effective controls in the first and second lines of defense that ensure quality and operational implementation of ESG risk assessments in accordance with the Management Decree. The inspections showed that the institutions are in the process of establishing controls of credit risks related to ESG in the first and second lines of defense, while the third line of defense is often further ahead in the development of auditing in this area. There is generally a need for the first and second lines of defense to ensure the quality of the analyses of these risks in the credit applications, establish control of the institution's calculation of material credit risks related to ESG, and control whether credit policy and business processes are concrete and operational.