From ESG to prudential risk: key takeaways from the EBA guidelines for 2026

The EBA’s Guidelines on the management of ESG risks, published 8 January 2025, are one of the clearest signals yet that this shift is structural rather than cyclical. ESG risk is moving from being a sustainability topic into the prudential core of banking itself, and the application timeline is already live: large institutions came into scope in January 2026, with small and non-complex institutions following in 2027.
Position Green recently hosted a webinar on the guidelines with Maria Bolvig Stensland, International Advisory Team Lead at Position Green, and Tony Christensen, Chief Sustainability Officer at Norion Bank. What follows are the key takeaways, aimed as much at the businesses being financed as the banks doing the financing.
The guidelines don’t invent a new ESG universe, they end the separate one
It’s tempting to read a new set of guidelines as a new set of obligations layered on top of existing ones. That isn’t quite what’s happening here. Most banks already have sustainability strategies, climate programs, disclosures, and sector policies in place. The change the EBA is pushing for isn’t that ESG suddenly matters. It’s that ESG risk needs to be managed with the same discipline as any other material financial risk, rather than living in a separate track alongside ordinary credit, market, and operational risk processes.

“Supervisors are now expecting banks to demonstrate exactly how ESG risks are identified, assessed, managed, and monitored as part of ordinary risk management. It’s really becoming integrated into how you do everyday banking.”
— Maria Bolvig Stensland, International Advisory Team Lead, Position Green
Concretely, that means ESG factors need to be assessed as drivers of traditional financial risk categories, reflected in governance, risk appetite, lending decisions, strategic planning, and, where material, the Internal Capital Adequacy Assessment Process (ICAAP). The guidelines are asking institutions to stop running ESG as a parallel workstream and start running it as a lens on the risk processes that already exist.
Supervisors have moved from asking if to asking how
The regulatory build-up here has been unusually long and consistent for a topic that only recently became mainstream. The ECB’s Guide on Climate and Environmental Risks arrived in 2020, followed by the ECB’s climate stress test and thematic review in 2022, the Basel Committee’s climate risk principles in 2023, and the EBA guidelines themselves in 2025.
Local supervisors have moved in step or ahead of the European timeline. A Danish FSA report on ESG-related credit risk at major Danish banks, published the day before this webinar, found exactly the same pattern the EBA guidelines are pushing toward: banks don’t need more sustainability reporting, they need to identify, analyze, document, and integrate ESG-related risk into credit risk management specifically, distinguishing between broad sustainability topics and the ESG factors that actually affect creditworthiness and repayment capacity.
Sweden and Norway are pushing the same expectations even though neither sits inside ECB-supervised Europe, and the Netherlands and Austria are already extending the ESG risk agenda toward pricing nature-related risk. The direction is consistent across jurisdictions: supervisors have moved from expecting institutions to understand ESG issues toward expecting them to evidence exactly how those issues are identified, assessed, managed, and monitored as part of ordinary risk management.
ESG information and risk insight are not the same thing
This is arguably the core operational challenge the guidelines surface, and it explains why implementation is proving harder than the underlying concept suggests. Most institutions are not short on ESG information. They have emissions data, sustainability disclosures, climate programs, and ESG scores. What they generally lack is the translation layer that turns that information into something usable in credit, portfolio, or capital planning decisions.
A company reporting high emissions doesn’t tell a credit officer what happens to its future cash flows or financing costs. A facility’s flood exposure doesn’t by itself say anything about business continuity, insurance costs, or collateral value. A published transition plan doesn’t establish whether it’s credible, adequately financed, or likely to be delivered on schedule. These are the actual questions prudential risk management needs answered, and they require asking what the financial impact is, over what time horizon, whether the available data can actually support a decision, and what changes as a result, rather than simply confirming that ESG information exists and has been collected.

Traditional sustainability reporting can describe ESG performance. It generally cannot, on its own, explain financial risk exposure.
Green sector status is not a proxy for low ESG risk
One of the more counterintuitive points raised in the session deserves its own mention because it cuts against a common assumption: operating in a green or transition-aligned sector does not automatically mean lower ESG-related financial risk, and can sometimes mean the opposite.

“Just because you’re considered to be a green company, or operating within so-called green sectors like renewable energy or batteries, it doesn’t mean you have the green stamp and that equals low ESG-related risk. These days we’re actually seeing quite the opposite, to some extent.”
Tony Christensen, Chief Sustainability Officer, Norion Bank
A solar energy company sourcing panels heavily from a single geography, for instance, may look strong on a carbon accounting basis: its product actively displaces high-carbon alternatives. But the EU’s forced labor regulation, due to take effect next year, will treat solar panel supply chains as high risk.
A company unable to demonstrate that its sourcing is free of forced labor risks having imports blocked outright, or being forced into last-minute procurement of significantly more expensive, verified low-risk supply. The emissions profile that looks favorable in a sustainability report says nothing about that exposure. The risk sits in the supply chain and sourcing strategy, not in the carbon number, which is exactly the kind of gap the EBA guidelines are designed to close.
The practical challenges cluster around four areas
Across both the regulatory text and what institutions are experiencing in practice, implementation difficulty tends to concentrate in four places.

Materiality and prioritization
Institutions need to identify which ESG risks actually matter for their specific sectors, portfolios, and counterparties, rather than attempting uniform coverage across every ESG theme. Commercial real estate exposure to energy efficiency and flooding looks nothing like transportation’s exposure to transition cost and regulation, which in turn looks nothing like food production’s exposure to water stress. Materiality here is not static either. A risk that looks immaterial today because only one or two counterparties in the portfolio carry it can become material as concentration builds, which is why ongoing portfolio-level monitoring, not a one-time assessment, ultimately defines materiality.
Transition readiness and client data
A published emissions target means little without understanding the capex behind it, the availability of the technology it depends on, and whether management is accountable for delivery. Institutions are increasingly finding that a client’s answer to these questions is itself diagnostic. A well-reasoned answer tends to indicate a business that genuinely understands its own risk and is in control of it. A generic sustainability answer tends to indicate the opposite, and rarely gives the institution what it needs to assess cash flow impact.
Credit and portfolio integration
Institutions need to decide whether and how ESG risk should influence ratings, covenants, monitoring frequency, and portfolio concentration limits, for example whether borrowers with high energy costs and no credible transition plan warrant closer monitoring than the rest of the book.
Capital planning and ICAAP
Concentrated exposure to carbon-intensive sectors, vulnerable real estate, or climate-exposed regions needs to be tested against resilience under stress scenarios and reflected in capital planning where the exposure is material.
A consistent thread across all four is capacity building: ensuring credit officers and relationship managers, not just specialist ESG teams, can apply ESG risk assessment consistently across the portfolio.
The most common pitfall isn’t a missing framework, it’s a framework with no decision impact
Institutions that have built ESG policies and risk frameworks can still fall short of what supervisors expect, and the ways they fall short are fairly consistent. A framework can exist on paper without ever changing a credit view, monitoring frequency, risk appetite, or capital plan. Materiality scope can be defined so broadly that nothing gets meaningfully prioritized. Data collection can expand without a clear use case attached, when what’s actually needed is better borrower-specific data rather than more of it. Specialist ESG teams can understand the topic thoroughly while credit and relationship teams apply it unevenly across the portfolio. And perhaps most consequentially, institutions can be unable to produce a clear evidence trail showing what was assessed, who challenged it, what changed, and how the decision was documented, which is precisely what supervisors are now asking to see.
None of this is a documentation exercise for its own sake. It is what turns a policy sitting in a drawer into a risk management process that can actually be evidenced.
Businesses are on the other end of this, whether or not they’ve noticed yet
The guidelines apply to banks, but the practical reach extends well past the banking sector. As institutions become more systematic in assessing ESG risk, the businesses they finance will increasingly be asked to demonstrate resilience, governance, transition readiness, and data quality, not simply sustainability performance.
Supervisors ask banks to show material ESG risks are reflected in governance, risk management, and capital adequacy. Banks, in turn, are asking businesses about transition plans, physical risk exposure, governance, and financial resilience. What businesses are able to provide back, reliable data, forward-looking metrics, evidence of progress, and decision-useful information rather than a static disclosure statement, increasingly shapes credit approval, pricing, covenants, and portfolio management on the other side of the table.
Put simply: ESG maturity is becoming part of what it means to be bankable. The businesses that can answer these questions with company-specific, forward-looking data will generally find financing easier to access and easier to price. The businesses that respond with a generic sustainability statement will generally find themselves fielding more questions, not fewer.
Ready to close the translation gap
Whether you’re a bank preparing to evidence ESG risk management to supervisors, or a business preparing to answer the questions your bank is about to start asking, the underlying need is the same. What matters now is ESG data that is specific, forward-looking, and decision-useful, not simply reported.
Position Green helps financial institutions and the businesses they finance turn ESG information into the kind of risk insight the EBA guidelines are asking for, from materiality assessment and portfolio-level monitoring on the institution side, to the client-level data readiness that makes financing conversations faster and more transparent on the other.
If you’re unsure where your organization stands against the guidelines, or what your bank will start asking for next, that’s exactly the kind of conversation worth having early rather than at the next supervisory review.
Chat with us
Maria Bolvig Stensland
International Advisory Team Lead
Position Green