Notice No. 6/GBM/2025, of 21 October — Climate Risk Management Guidelines

Proof Tuesday, 21 October 2025 I SERIES — Number 201 SUMMARY NOTICE The matter to be published in the «Republic Bulletin» must be sent as a duly authenticated copy, one for each subject, containing, in addition to the necessary indications for this purpose, the following endorsement, signed and authenticated: For publication in the «Republic Bulletin». IMPRENSA NACIONAL DE MOÇAMBIQUE, E. P. Bank of Mozambique: Notice No. 5/GBM/2025: Establishes the terms for submitting to the Bank of Mozambique information necessary for compiling statistics on issuances, transactions and positions in securities, distribution of the credit institution and financial company agency network, system interest rates, credits and deposits, external sector and National Payments System, and revokes Notice No. 4/GBM/2020, of 23 April. Notice No. 6/GBM/2025: Approves the Climate Risk Management Guidelines. Notice No. 7/GBM/2025: Establishes guiding guidelines on the policy for equitable access and use of financial products and services. BANK OF MOZAMBIQUE Notice No. 5/GBM/2025 of 21 October Showing it necessary to expand the statistical information base, with a view to monitoring the various forms of fund transmission between economic agents, residents and non-residents, as well as volumes, values, instruments and payment obligations, and the evolution of the national financial system, the Bank of Mozambique, under Article 16(2) of Law No. 1/92, of 3 January (Organic Law of the Bank of Mozambique) and Article 7(d) of Law No. 2/2008, of 27 February (National Payments System Law), determines:

ARTICLE 1 Object This Notice establishes the terms for submitting to the Bank of Mozambique information necessary for compiling statistics on issuances, transactions and positions in securities, distribution of the credit institution and financial company agency network, system interest rates, credits and deposits, external sector and National Payments System.

ARTICLE 2 Scope of Application

1. This Notice applies to: a) Credit institutions and financial companies; b) Participants in the National Payments System.
2. This Notice also applies to public or private legal entities subject to foreign exchange legislation.

ARTICLE 3 Submission of Information to the Bank of Mozambique

1. Institutions covered by this Notice must submit to the Bank of Mozambique, as applicable, information regarding: a) Issuances, transactions and positions in securities, notably from their own portfolios and client portfolios held or managed by them; b) List of authorized, active and closed agencies, segregated by province and respective district; c) List of active banking agents; d) Number of ATMs (Automated Teller Machines), value and volume of transactions conducted via ATM; e) Number of POS (Point of Sale) terminals and transactions conducted via POS; f) List of agencies, non-banking agents and geospatial location details; g) Number of clients and bank accounts; h) Number of clients and basic or simplified bank accounts; i) Number of clients and bank cards; j) Number of subscribed clients and transactions conducted via mobile banking; k) Number of subscribed clients and operations conducted via internet banking; l) Number of accounts and active and inactive subscribed clients of Electronic Money Institutions; m) Number of agents, subscribed clients and electronic money transactions; n) Intra-bank transactions; o) SWIFT message flow and remittances; p) Total downtime by service type; q) Number of transaction failures by service type; r) Number of frauds in payment and electronic clearing instruments; s) Volume of rejected transactions by service type;

t) Distribution of the credit institution and financial company agency network, system interest rates, credits and deposits, external sector and National Payments System.

ARTICLE 11 Clarification of Doubts Doubts regarding the interpretation and application of this Notice must be submitted to the Statistics and Reporting Department of the Bank of Mozambique.

ARTICLE 12 Entry into Force This Notice enters into force ninety days after the date of its publication. Governor, Rogério Lucas Zandamela.

Notice No. 6/GBM/2025 of 21 October Given the need to establish guidelines for incorporating mechanisms to manage and mitigate the impact of climate risks on the risk management of financial institutions, the Bank of Mozambique, exercising the powers conferred by Article 90(2) of Law No. 20/2020, of 31 December (Law on Credit Institutions and Financial Companies), determines the following:

1. The Climate Risk Management Guidelines, attached to this Notice and forming an integral part thereof, are approved.
2. Breach of the provisions of this Notice constitutes a regulatory offence punishable under Law No. 20/2020, of 31 December (Law on Credit Institutions and Financial Companies).
3. This Notice enters into force 180 days after the date of its publication. Doubts regarding the interpretation and application of this Notice must be submitted to the Macroprudential Analysis Department of the Bank of Mozambique. Governor, Rogério Lucas Zandamela.

CHAPTER I General Provisions ARTICLE 1 Object This Notice establishes guidelines to mitigate the impact of climate risks on financial and non-financial risk categories.

ARTICLE 2 Scope of Application This Notice applies to credit institutions, financial companies and other institutions supervised by the Bank of Mozambique, hereinafter referred to as “institutions”.

CHAPTER II Climate Risk Management with Impact on Financial and Non-Financial Risks ARTICLE 3 Climate Risk Management

1. Institutions must identify, measure, control and monitor physical and transition risks with impact on financial and non-financial risks that affect results, capital positions and liquidity.
2. Institutions must adopt a strategic approach to climate risk management, consistent with their risk appetite and in compliance with risk policies, procedures and controls, as set out in the Risk Management Programme established by Notice No. 4/GBM/2013, of 18 September.
3. Without prejudice to the preceding paragraph, institutions must include a climate risk management framework in their Risk Management Programme.

ARTICLE 4 Risk Identification In the risk identification process, institutions must: a) Consider climate risks in primary or secondary risk categories, according to their relevance and impact; b) Assess how climate-related events and trends affect financial and operational performance; c) Evaluate the transmission process of climate risks to financial activity risks, as described in the Risk Management Guidelines; d) Formulate plans for information collection, including microdata, while maintaining an updated inventory of climate risk events; e) Incorporate into their reports the results of stress tests that include the impact of climate risks on financial and non-financial risks; f) Consider the impact of climate risks on financial and non-financial risks in their internal capital adequacy self-assessment processes; and g) Identify economic activity sectors with higher exposure to climate risks and consider mitigation measures when contracting with entities in those sectors.

ARTICLE 5 Climate Risk Measurement and Monitoring

1. Institutions must implement a governance structure to measure and monitor the impact of climate risks on financial and non-financial risks.
2. For the purposes of the preceding paragraph, institutions must, at minimum: a) Include risk indicators covering economic sectors and geographical location; b) Have an adequate climate risk monitoring process that includes the use of qualitative and quantitative tools and metrics; c) Ensure that the risk appetite framework incorporates exposure limits; d) Include measures to incentivize counterparties to provide relevant information, including disclosures on financial and non-financial climate-related risks; e) Consider processes and procedures to improve risk information aggregation and reporting, including investment in existing data infrastructure and systems, to ensure that data are reliable, accurate and comparable; f) Incorporate into their analytical frameworks scenario and sensitivity analyses, stress tests and other techniques to strengthen the assessment of climate risk impact on financial and non-financial risks; and g) Consider the use of proxies and reasonable assumptions as alternatives in internal reports as an intermediate step, where reliable or comparable climate risk data are lacking.
3. Institutions must establish and adopt relevant indicators and metrics to evaluate and monitor the impact of climate risks on financial and non-financial risks.
4. Without prejudice to the preceding paragraph, the Bank of Mozambique may determine the inclusion of additional indicators and metrics where justified.

ARTICLE 6 Risk Mitigation Institutions must establish and update annually a climate risk mitigation plan, detailing the actions to be taken to mitigate these risks and describing the method used to establish the hierarchy of climate-related risks that may affect their activities.

ARTICLE 7 Risk Assessment

1. Institutions must evaluate and consider the impact of climate risks on financial and non-financial risks in their risk management profiles and systems, as provided for in the Risk Management Guidelines, considering the following approaches: a) Credit risk, through: i. Assessment of the approval and implementation by governing bodies of credit policies and procedures related to climate; ii. Analysis of geographical, sectoral and counterparty concentration risk, as well as their correlation; iii. Segregation of the credit portfolio by class and type of collateral related to climate risks; and iv. Assessment of climate risks at all relevant stages of the credit granting and processing cycle. b) Liquidity risk, resulting from the assessment of impact on liquid asset-related risks through stress tests, simulations or other methodologies; c) Interest rate risk, resulting from the assessment of interest rate volatility impact on institutional portfolios through stress tests, simulations, estimates or other techniques; d) Exchange rate risk, through assessment of exchange rate volatility impact on institutional balance sheets; e) Commodity risk, through assessment of commodity price impact on institutional portfolios; f) Operational risk, through assessment of potential losses resulting from inadequate or deficient internal processes, human and system failures arising from the materialization of physical and transition risks, impacting business continuity; g) Strategic risk, through assessment of the likelihood of negative impacts on results or capital due to inadequate strategic decisions or poor implementation thereof; h) Reputational risk, through assessment of the likelihood of negative impacts on results and/or capital due to climate shocks leading to a negative perception of the institution’s image; i) Compliance risk, through assessment of the likelihood of negative impacts on results and/or capital due to climate shocks arising from violations or non-compliance with laws, regulations, contracts, codes of conduct, established practices or ethical principles, as well as their incorrect interpretation; and j) Technological risk, through assessment of the likelihood of materialization of physical and transition risks on existing technological infrastructure and systems.
2. Internal audit must assess the effectiveness of climate risk identification, assessment and mitigation processes in the institution, ensuring that risk management policies and practices align with regulatory requirements.
3. Without prejudice to the preceding paragraph, internal audit must verify whether climate risk impacts are adequately incorporated into risk analyses and reports, and whether the institution has adequate response mechanisms for adverse climate events.

ARTICLE 8 Stress Tests

1. In managing climate risks on financial and non-financial risks, institutions must conduct stress tests encompassing sensitivity and scenario analyses, as per Circular No. 5/SCO/2013, of 31 December on Stress Tests.
2. For the purposes of the preceding paragraph, institutions must identify key risk factors and potential impacts to be considered in each sector, so as to create physical and transition risk scenarios that, at minimum, allow estimation of the extent of damage caused by climate events.
3. Stress tests must follow the periodicity defined in Circular No. 5/SCO/2013, of 31 December.
4. When conducting sensitivity and scenario analyses, institutions must, at minimum: a) Consider a series of results related to different climate risk transmission channels; b) Cover short, medium and long-term time horizons related to climate change; c) Consider forward-looking information, in addition to historical data; and d) Assess the impact of scenarios on their revenues, assets, counterparties, liquidity and capital positions.

CHAPTER III Governance Structure ARTICLE 9 Governance

1. Institutions must establish governance mechanisms capable of identifying, measuring, managing, monitoring, reporting and responding effectively and promptly to the effects of climate risks on financial and non-financial risks, taking into account their scale and complexity.
2. The climate risk management function on financial and non-financial risks must ensure: a) Identification of present and future risks; b) Development of effective methodologies, processes and tools for risk measurement and assessment; c) Establishment of policies, procedures, practices and other mechanisms for risk management; d) Setting of risk tolerance limits for approval by the governing body; e) Monitoring of taken positions, based on approved tolerance limits; and f) Reporting of risk monitoring results to the governing body and top management.
3. In assessing financial and non-financial climate-related risks, institutions must observe, among others, the following aspects: a) Integration of climate risks into risk management frameworks and strategic plans; b) Exposure, sensitivity and risk appetite analysis; c) Climate stress tests based on relevant climate scenarios; d) Information disclosure; and e) Impact assessment on business models.
4. For the purposes of the preceding paragraph, institutions must also consider: a) Incorporation of climate-related financial risks into existing governance and risk management frameworks; b) Conducting an exposure assessment to physical and transition risks by evaluating the sensitivity of their assets and operations to climate change impacts, incorporating exposure limits into their risk appetite frameworks; c) Evaluating resilience against extreme climate events and structural economic changes, by developing climate stress scenarios in risk analyses, considering different climate pathways and their potential impacts on financial markets and the economy in general; d) Adopting transparent information disclosure practices related to climate risks, including communication to investors, the Bank of Mozambique and other stakeholders regarding the financial institution’s exposure to climate risks, mitigation strategies and measures taken to enhance resilience, as well as the effects of risks on balance sheets and opportunities related to cash flow sustainability, access to financing and cost of capital in the short, medium and long term; and e) Assessing climate risk impact and adjusting business strategies to address challenges and opportunities arising from climate change, including financing costs.

ARTICLE 10 Responsibilities of the Governing Body

1. Within climate-related risk management, it is the responsibility of institutional governing bodies to: a) Approve strategies and policies regarding climate risk on financial and non-financial risks; b) Establish tolerance levels for climate risk; c) Ensure that significant climate risk exposure is maintained at prudent levels consistent with available capital and liquidity; d) Ensure that top management and climate risk managers possess reasonable knowledge and proficiency to fulfill their duties; e) Ensure implementation of fundamental principles facilitating identification, measurement, monitoring and control of climate risk; f) Ensure implementation of approved policies and procedures; g) Define the content and frequency of reports to be submitted to the governing body on climate risk management; h) Ensure communication of climate risk strategies and policies; i) Define business strategy, including segregation of functions and ensuring financial soundness, key personnel decisions, internal organization, structure and governance practices regarding climate risk management and compliance obligations; j) Ensure incorporation of climate risks into the global risk appetite framework; k) Guarantee effective management of climate risks and adequate, timely production of respective periodic reports; l) Ensure the conduct of independent, objective and comprehensive assessments, supported by periodic reports contributing to resilience against climate risk impacts; and m) Make climate risk management decisions and conduct respective oversight.
2. For the purposes of paragraph (a), strategies and policies related to climate risks must be consistent with the overall business strategy, and must be reviewed at least once a year.

ARTICLE 11 Responsibilities of Senior Management Within climate risk management with impact on financial and non-financial indicators, it is the responsibility of senior managers responsible for institutional risk management to: a) Develop climate risk management policies and procedures for approval by the governing body, as part of the overall risk management framework; b) Implement climate risk management policies approved by the governing body; c) Ensure preparation and implementation of an adequate reporting system regarding content, format and frequency of information on portfolios exposed to climate risks; d) Establish internal controls, including institutionalization of clear lines of responsibility and authority, to ensure an effective climate risk management process; e) Ensure timely disclosure of policies, procedures and other climate risk management information; f) Provide the governing body with climate-related information including: i. Changes in business, climate risk and risk appetite strategies; ii. Institutional performance and financial situation; iii. Breaches of risk limits or compliance rules; iv. Internal control failures. g) Allocate necessary financial or non-financial resources for climate strategy implementation.

CHAPTER IV Internal Control Framework ARTICLE 12 Internal Control

1. Institutions must implement an adequate and appropriate internal control framework, based on three lines of defence, to ensure identification, measurement, monitoring, mitigation, sound transparent management, and comprehensive and effective oversight of climate-related portfolios.
2. In accordance with the preceding paragraph, institutions must define and communicate the functions and responsibilities of business lines, as well as the three lines of defence.

ARTICLE 13 Policies and Procedures

1. Institutions must have written policies and procedures to identify, measure and control climate risks that are consistent with the institution’s strategies, financial conditions and risk tolerance levels.
2. For the purposes of the preceding paragraph, policies and procedures must: a) Define management lines of responsibility for risks; b) Identify bodies responsible for developing climate risk management strategies; c) Identify different types of permitted financial and non-financial instruments and hedging strategies; d) Describe strategies for controlling aggregate exposure to climate risks; and e) Establish the content and frequency of reports on financial and non-financial climate risk management.
3. At a minimum annual periodicity, institutions must define and quantify business tolerance regarding financial and non-financial climate risks and ensure consistency with organizational strategy and risk appetite.
4. Institutions must establish metrics to collect information enabling the preparation of reports, both...