The New York State Department of Financial Services (NYDFS) has issued guidance on managing the financial and operational risks associated with climate change. The guidance applies to New York regulated banks, mortgage bankers, and mortgage servicers, as well as branches and agencies of foreign banks licensed in New York.
It specifically suggests that regulated financial firms establish a process for identifying, measuring, and controlling financial risks associated with climate change. These strategies should be reflected in the organization’s policies, procedures, and controls for the intention of providing boards and management with an understanding of how exactly to assess climate-related financial risks and their effects on their organizations. It also provides additional guidance on developing strategies for the effective management of climate-related risks and calls for the implementation of an internal control and risk management framework on climate change.
The new guidance is designed to support the efforts by New York financial firms to better manage their climate-related financial and operational risks, says the NYDFS. “To protect New Yorkers from financial harm, regulated institutions must anticipate and respond to new and emerging risks,” NYDFS Superintendent Adrienne Harris said in a NYDFS press release. “Today’s guidance provides these institutions with a balanced, data-driven approach to preserve safety and soundness and operational resiliency by addressing the risks posed by climate change.”
This newly adopted regulation addresses climate change components of risk management by banks—including corporate governance, internal control frameworks, risk management processes, and data collection and analysis—so that institutions will incorporate assessment of these risks into their existing risk frameworks.
“Regulated organizations should take a strategic approach to managing material climate- related financial and operational risks, considering both current and forward-looking risks and identifying actions required to manage those risks,” the guidance instructs. “Regulated organizations should consider questions such as: which business areas are or may in the future be exposed to these risks, what is the resiliency of the organization’s business models, what is the current or potential future materiality of the risks, and whether climate-related financial and operational risks require consideration across all business areas and processes, or only those areas or processes that are or may be particularly exposed.”
Climate-Related Internal Control Framework
The guidance also calls for the implementation of an internal control framework in order to “ensure sound, comprehensive, and effective identification, measurement, monitoring, and control of material climate-related financial risks.” The newly enacted regulation sets out “three lines of defense” in order to do so. The first line of defense advises that an organization consider climate-related financial risks when taking on new clients or reviewing a credit application. Such considerations include how climate-change risks may impacts its clients and their overall business environment. The second line of defense consists of a compliance system where an organization undertakes an assessment of climate-related financial risks. In this step, an organization should assess whether it is adhering to relevant climate-related rules and regulations. The third and final line of defense recommends that an organization conduct regular independent reviews and internal audits of its overall climate-related internal control framework.
The guidance also sets out a risk management framework that its regulated organizations are advised to implement. It recommends that this framework be designed for the purpose of identifying, measuring, and controlling climate-related financial risks. This includes the need to identify emerging and significant risks and how these risks may impact specific asset classes, sectors, and geographical locations as well as the need to establish, implement, and regularly review plans to mitigate exposure to climate-related financial risks.
Data Collection and Scenario Planning
The NYDFS guidance additionally suggests that its regulated organizations implement data aggregation processes that provide the ability to monitor significant climate-related financial risks. These processes should be designed for the purpose of producing information to the board in a timely manner in order for senior management to make well-informed and suitable decisions.
It also suggests that its organizations implement a “climate scenario analysis” into is internal risk assessment. By using a range of climate scenarios, organizations will be able to test the strength of their business models and strategies against climate-related financial risks. As a result of doing so, organizations will be better able to identify, anticipate, manage and measure such risks and adjust their strategies accordingly. Also, with such a tool, organizations will be able to identify and measure vulnerability to relevant climate-related financial risk factors, to estimate exposures and potential impacts, and to determine the overall significance of climate-related financial risks. 
Jacob Horowitz is a contributing editor at Compliance Chief 360°