ESG Data, Governance and Transition Plans: Insights from Expert Discussions convened by the BCC Sustainability Group on ESG risk management for Banks (CRD VI)
Disclaimer: The BCC Sustainability Group provided a forum for dialogue and the exchange of professional perspectives on ESG risk management for banks under CRD VI. This publication reflects the authors’ independent synthesis of insights gathered through preliminary exchanges and a roundtable discussion convened by the BCC Sustainability Group with market participants and subject-matter experts.
The views presented are intended solely to contribute to the ongoing professional dialogue on ESG risk management and the implementation of CRD VI. They do not represent the official views of any participating institution, collective position of participating institutions, the British Chamber of Commerce for Luxembourg, or any supervisory or regulatory authority.
The observations presented in this publication reflect the perspectives shared during these discussions and are intended to inform debate. They should not be interpreted as constituting legal, regulatory or supervisory guidance.
As the implementation of CRD VI accelerates the integration of ESG risks into banks’ prudential frameworks, institutions are facing growing expectations around data, governance, and transition planning. Against this backdrop, the BCC Sustainability Group convened a series of exchanges with senior practitioners and subject-matter experts as well as a dedicated roundtable to explore the practical implications of these evolving requirements.
This article synthesises the key perspectives that emerged from these discussions. It reflects the insights shared by participants on the challenges, good practices, and priorities shaping ESG risk management in the banking sector. While viewpoints naturally varied across experts and areas of expertise, a consistent message emerged: meaningful progress is being made, but some challenges remain as banks continue to operationalise the CRD VI framework and meet evolving supervisory expectations.
1. ESG Data: From Quantity to Quality and Meaningful Use
One of the defining trends of recent years has been the continued strengthening of supervisory expectations regarding the identification and management of ESG risks—particularly climate and environmental risks. Several experts noted that meeting these expectations requires reliable, decision‑useful ESG data, which remains challenging to obtain, especially in the post‑Omnibus context, where the scope of mandatory non‑financial disclosures for companies has been reduced. In that context, data integrity has become one of the central challenges in ESG risk management. Evolving supervisory expectations were said to increasingly require banks to demonstrate data integrity, model integrity and the ability to back‑test ESG‑related data and methodologies. It was also pointed out that supervisory reviews increasingly focus on how ESG data is populated, processed and validated, not only at the final outputs.
a. Practical approaches that can help bridge data gaps in the post-Omnibus context exist
A number of practical solutions were mentioned, along with their limitations:
• Data providers: Several experts emphasised that purchasing datasets from external ESG data providers can support banks’ risk assessments but is generally not sufficient on its own. Banks’ regulatory data needs increasingly extend beyond the coverage, granularity and methodological consistency that external providers can offer. It was also highlighted that datasets from different providers may differ significantly, making them difficult to compare or integrate into coherent risk models. In addition, reliance on a single provider can create a structural dependency, limiting banks’ ability to diversify sources or validate data through alternative channels. As a result, subject-matter experts generally considered that external datasets are most effective when used as one component of a broader data strategy incorporating robust internal governance, transparent methodologies and multi‑source validation.
• Technology as a catalyst: Generative AI, AI agents and emerging data‑processing tools were viewed by some participants as significantly enhancing data accessibility and processing, although technology cannot compensate for weak methodologies.
• Publicly sourced data: Several experts noted that publicly available ESG data can complement banks’ internal and external datasets, but it was not considered to be a straightforward solution. Open‑source information often suffers from inconsistent formats, variable quality and limited comparability, making it difficult to integrate into risk models or supervisory reporting.
• Importance of trainings: Some participants highlighted that relationship managers can lack the ESG knowledge needed to explain data requirements to clients, making additional training essential.
• The specific case of SME data: In the post-Omnibus context, small and medium-sized enterprises fall outside the scope of the CSRD. It was generally considered that this makes it more difficult for banks to obtain reliable information. It was reported that many institutions collect data through questionnaires sent to SME clients to help bridge this gap, including sector-specific questionnaires, but the quality and consistency of responses tend to vary significantly. A few experts pointed out that VSME tools are being developed but also suggested that uptake may remain limited unless SMEs see clear incentives or benefits for providing data. While relationship managers can help collecting the required data, SMEs themselves face structural constraints, as they don’t always have the capacity, expertise and resources to collect and produce ESG data. Some participants also highlighted that banks’ green offerings may play a role in incentivizing SMEs to improve their sustainability performance, for example through financing for e-mobility, building renovations, circularity initiatives and CO2 emissions reduction. Based on these different views, the question arises of who is actually responsible for collecting SME data, and whether banks can realistically expect to meet supervisory expectations with respect to SMEs. Several experts considered that switching to publicly sourced data or proxies is not a satisfactory solution. Open‑source data remains difficult to compare and validate, and the use of proxies is a highly complex exercise that can undermine methodological integrity. Emerging initiatives (ISO, SBTi, PCAF) encouraging greater transparency on SME data quality were also mentioned but remain at an early stage.
b. However, banks continue to face structural challenges and limitations within the current legal framework
One key observation emerged from the discussions: banks face structural limitations in the absence of a legal obligation for companies outside the scope of the CSRD to provide banks with ESG data. In a post-Omnibus context, some experts observed that passing legislation requiring companies to report a limited set of ESG data could represent a balanced approach allowing banks to meet supervisory requirements while limiting the reporting burden for companies. However, they also noted that the adoption of such legislation is not currently on the agenda.
In the absence of a legal obligation for companies outside the scope of the CSRD to provide ESG data, banks can rely on their existing client relationships and request ESG information within the contractual framework already in place. This approach was reported to work reasonably well for loan clients, where banks can engage directly with counterparties and verify certain data points through ongoing interactions. However, a few participants also highlighted clear structural limits: in some cases, they pointed out that banks simply cannot obtain the necessary ESG information, particularly when they hold bonds as collateral. When a bank receives a bond as collateral, it has no contractual relationship with the issuer, and therefore no ability to request ESG data or validate disclosures. They explained it creates a blind spot that cannot be resolved through relationship‑based data collection, which illustrates the broader constraints of relying solely on voluntary data provision in a post‑Omnibus environment.
Some experts reported that, ultimately, they often saw data collection being treated as an IT project. From a legal perspective, it was suggested by a few experts that banks remain responsible for the quality and reliability of the data they use, as well as for ensuring that it meets supervisory expectations. In particular, banks may face significant liability if they fail to maintain adequate systems and processes to ensure that the data used for business decision-making and to meet supervisory expectations is accurate, reliable and properly interpreted. As a result, one of the main challenges is to ensure that the systems used to collect, store, read and process ESG data are robust, well‑governed and transparent and that institutions understand how data is populated, how it flows through systems, and how it is interpreted. In some practical cases, it was mentioned that obtaining additional or corrected data could take several weeks, underscoring the importance of strong data governance and clear internal accountability, rather than reliance on IT solutions alone.
c. ESG data is not just about quantity — it’s about meaning
In some instances, the challenge is not the lack of data, but rather an overload of information that is fragmented, inconsistent and difficult to reconcile. Several experts noted that data collected from different sources can be incomparable, misaligned with supervisory expectations, or irrelevant for risk‑based decision‑making, which can undermine the reliability of ESG assessments. Beyond filling data gaps, a few participants expressed the view that banks also need to focus on making sense of the data they already have. This requires developing methodologies capable of filtering, interpreting and transforming raw ESG information into meaningful insights, and ultimately into financial risk metrics. The core difficulty lies in building frameworks that can translate heterogeneous ESG indicators into coherent, forward‑looking assessments of credit, market and operational risks.
Overall, the situation seems to be improving but it was noted that reconciling supervisory expectations and operational feasibility can still be challenging as well as determining what constitutes meaningful ESG information and how it should be used.
2. Embedding ESG into Governance and Risk Management Frameworks: Meeting Expectations while Considering Business Realities
Several experts noted a key evolution: banks are increasingly expected to embed ESG considerations directly into banks’ governance structures, rather than to treat it as a standalone or peripheral topic. In addition, CRD VI, together with the EBA Guidelines on ESG Risk Management, requires banks to develop prudential transition plans using a holistic approach to ESG that integrates strategy, risk management, business activities and forward‑looking planning.
Key observations included:
• Board-level scrutiny is intensifying: Several experts reported that supervisors may ask to review board training records, board minutes, investment decisions and resource allocation processes to assess whether ESG considerations are genuinely embedded into governance and decision‑making.
• First line of defence ownership is critical: Beyond board-level ESG awareness and the work of compliance and risk teams, it was noted by several participants that banks’ transition efforts depend on strong engagement from the first line of defence. In particular, they considered that heads of business lines need appropriate ESG training and must be able to integrate ESG considerations directly into commercial decisions, ensuring that transition objectives are reflected in day‑to‑day business practices.
• ESG integration can be a challenge for business lines: It was reported that it can be difficult for business lines to identify a tangible financial impact from integrating ESG considerations into business decisions. In such cases, front‑office teams are likely to see ESG integration more as a compliance‑driven requirement rather than as a value‑creating activity. Some participants highlighted that the broader economic context marked by uncertainty can make it hard for business lines to fully appreciate the strategic value of ESG integration beyond compliance considerations. Identifying and quantifying ESG-related risks and opportunities can also be challenging in the absence of robust historical data.
• Remuneration and organisational culture as potential catalysts for change: Several experts emphasised that including ESG-related objectives or incentives into remuneration frameworks can help managers at all levels to prioritise ESG in their day‑to‑day roles. At the same time, organisational culture was said to play a decisive role: institutions with a stronger orientation toward change and innovation tend to advance ESG integration more quickly, as employees are more receptive to adjusting behaviours and decision‑making practices. The importance of tone from the top and the board’s ambition in driving the transition were also mentioned.
• Coordination across functions and departments: Several participants noted that, although sustainability teams often lead the drafting of transition plans, effective transition planning requires close coordination across risk, compliance, credit and other first‑line and second‑line functions. It was suggested banks might wish to adopt a holistic, institution‑wide approach to transition planning and ensure consistency of methodologies, assumptions and processes so that ESG considerations are embedded across business activities and implemented in a coherent and reliable manner.
• Data-access challenges for custodians and depositaries: Institutions without loan books were reported to face distinct ESG risk‑management constraints, particularly custodians and
depositaries. Several participants mentioned that one key challenge for custodians and depositaries is to have access to ESG data on the underlying assets for which they provide custody or depositary services. The challenge is most acute for fund‑of‑funds structures, where underlying asset‑level ESG data is often unavailable, incomplete or inaccessible, making it difficult to perform meaningful ESG risk assessments.
Overall, it emerged from the discussions that the overarching challenge is to meet ESG expectations while considering business realities, and to ensure that governance structures enable strategic decision‑making rather than constrain it. To achieve this balance, it was suggested that clarity on priorities, proportionality in implementation, and governance arrangements that support practical, commercially grounded choices can help.
3. Prudential Transition Plans: A Strategic Tool in Its First Iteration
Several experts highlighted that Prudential Transition Plans (PTPs) are rapidly becoming a cornerstone of supervisory expectations. During the discussions, key insights arising from the preparation of its first iteration emerged.
• Transition planning is an ongoing process: Several subject-matter experts suggested that banks may wish to consider drafting a first iteration of the prudential transition plan that is light, realistic and actionable, with the clear understanding that it will evolve over time as methodologies, data availability and internal capabilities mature.
• Transition plans must be living documents: Some subject-matter experts considered that PTPs should not be static reporting artefacts or lengthy documents that sit unread, but a mechanism and a system of procedures, supported by dashboards and monitoring tools that track implementation over time. Readability and usability improve when transition plans are visual, meaningful and easy to navigate across teams, reflecting their transversal nature and the need for institution‑wide engagement.
• Possible deviation from group‑level PTP: A few participants highlighted the difficulty for Luxembourg‑based subsidiaries in determining how far their local Prudential Transition Plan may diverge from the group‑level plan. This uncertainty reflects the challenge of balancing group‑wide consistency with local regulatory expectations, data availability and the specific risk profile and business activities of the subsidiary.
• Setting targets within the PTP comes with challenges: Some subject-matter experts advised against focusing solely on portfolio‑level targets, emphasising instead the importance of linking targets to business activities and adopting a pragmatic, operationally grounded approach. A number of experts highlighted the challenges arising from committing to targets, particularly given macroeconomic uncertainties and the limited control banks have over the pace of transition across different economic sectors.
• Building linkages across documents and indicators helps strengthen the PTP: It was reported that aligning sustainability reports, KPIs, risk assessments and strategic plans into a coherent narrative can sometimes be a challenge. Several participants highlighted that establishing clear linkages between these documents and indicators can help create a consistent, traceable and institution‑wide storyline, strengthening the robustness and reliability of the transition plan.
• Lessons from ICAAP: Just as ICAAP evolved from a challenging compliance exercise into a strategic, forward‑looking tool, some of the experts expressed their view that PTPs could mature progressively through iterative development. Over time, transition plans are likely to become more structured, data‑driven and embedded into core decision‑making processes, mirroring the trajectory of ICAAP’s evolution.
• Engagement by all teams is essential: Several participants took the view that transition planning works well when all departments — from risk and compliance to finance, operations and business lines — are actively involved and clearly understand their role. It was suggested that effective plans require institution‑wide ownership, with each function contributing its expertise so that ESG considerations are embedded consistently into processes, decisions and day‑to‑day activities.
Conclusion: The different views shared made clear that while progress is underway, banks face certain data, governance and operational challenges. In a nutshell, it emerged from the discussions that strengthening cross‑functional engagement, improving data integrity and developing pragmatic, credible transition plans will be essential for supporting a resilient, forward‑looking ESG risk management framework.