Banking on ESG: Data and risk management strategies for the ESG future

Environmental, social and governance (ESG) data has rapidly emerged as one of the most highly sought-after forms of information by investors, regulators and consumers. Banks of all sizes are ramping up their efforts to satisfy this demand, build trust among key stakeholders and unlock value. The work to gather, analyze and leverage ESG data won’t be easy. Nevertheless, embedding ESG considerations into banks’ business strategy is a growth imperative and an opportunity to gain a competitive advantage in the market.

Demands for institutions to behave in ways that align with the values of their stakeholders – including investors, customers, stock analysts and others – are more visible and viral than ever before. The U.S. Securities and Exchange Commission (SEC) is taking bold steps to bring decision-useful ESG information to investors. In addition, banking regulators, including the Federal Deposit Insurance Corporation (FDIC), the Federal Reserve Board (FRB) and the Office of the Comptroller of the Currency (OCC), are working to identify and quantify the risk of climate change for banking institutions. This includes the FRB’s recently announced pilot climate scenario analysis exercise.[4] With these ambitious measures across the nation and industry, the availability and reliability of comprehensive ESG data has never been more important. Regardless of when formalized ESG regulations are enacted, or what level of specificity is required, stakeholders are already examining institutions’ ESG priorities and evaluating how they act on those priorities.

In our interactions with banks of all sizes, we are finding that those developing advanced ESG data gathering capabilities and robust risk management programs have a competitive advantage over their peers. Leaders across the sector are recognizing ESG data as a helpful tool to power decision-making, and they understand that ESG engagement is a means to drive value, mitigate risk and identify opportunities in line with their objectives.

Getting started

A strong foundation begins with actively communicating ESG ambitions, priorities and strategy throughout an institution. After all, every employee has a stake in their bank’s ESG profile.

As with all changes in process and culture, banks will need to invest considerable time and resources in the development of an ESG strategy. This may include investing in sustainability software, hiring ESG consultants and upskilling current employees in ESG subject matter.

Even though ESG efforts are relatively new for banks, similar efforts around social consciousness are not. Consider the steps banks took when regulators demanded anti-money laundering (AML) and Know Your Customer (KYC) requirements. Those two behavior-based rules required similar commitments to invest in new strategies, technologies, processes and controls. Leveraging the lessons learned when AML and KYC programs moved up banks’ agendas will pay dividends as they ready themselves for ESG.

Banking leaders will prioritize enhanced data gathering capabilities

As expectations mount, it is essential that banks evaluate their existing processes and controls for how they identify and respond to ESG risks such as climate change, cyber security, and diversity, equity and inclusion (DEI).[5] Effectively doing so requires a mature process for ESG data collection.

How is emissions data collected?

Today, there is diversity in practice with respect to how banks gather Scope 1 and Scope 2 greenhouse gas (GHG) emissions. Some banks collect this data manually from utility invoices, meter readings, bank-owned vehicles and other raw data sources, while other banks employ a more sophisticated sustainability platform to aggregate and organize emissions data across their institution. As for Scope 3 and financed emissions, over time we expect banks will begin gathering this data as they underwrite or renew certain loans. But right now, when this data is collected, it is often a reasonable estimate, gathered from reputable third parties tracking emissions across industries, regions and other variables.

Who is responsible for emissions data collection and reporting?

There is a finite amount of time, staff and ESG expertise in the market today to capture emissions data accurately and precisely, and the banking industry is no exception. While large banks may have dedicated climate and ESG reporting teams in place, smaller banks with fewer internal resources may bundle ESG under their investor relations, corporate communications or financial controllership functions. Still others are outsourcing large chunks of the process to external consultants or vendors.

Our view is that while engaging climate experts, industry specialists or other vendors to stand up emissions data processes may be a necessary starting point, it will ultimately be important for institutions to build up these capabilities in-house to remain competitive. One best practice we’ve seen is banks establishing a cross-functional team representing the sustainability, finance and technology functions with responsibility for ESG data collection and reporting. In speaking with banks at all stages of the ESG reporting journey, one thing is certain: No one person or function within the institution today has the skill sets needed to tackle ESG alone. 

Getting ahead of the curve on data collection will not only facilitate compliance down the road but also satisfy investor demands and engender trust in the institution. As a starting point, consider:

  • Developing a comprehensive understanding of the accepted standards, metrics and rating frameworks, including those proposed by banking regulators and others.
  • Designing and implementing robust processes and controls for gathering emissions data, including estimates for Scope 3 and financed emissions, if applicable or likely to be required.
  • Dedicating the necessary staff and resources to handle an unprecedented increase in the volume of ESG data.
  • Staying apprised of new developments in data measurement and modeling, leveraging existing technologies where possible and implementing new ones as needed.
  • Engaging a third party to verify and assure ESG data.

Embedding ESG into banks’ risk management programs is critical

As ESG becomes increasingly prioritized, it brings with it a new set of risks for banks to manage – both capital and nonfinancial. These risks arise not only at the institutional or market level but also deep within the portfolio.[6] As institutions accelerate their ESG data collection programs, it will be important to keep a close eye out for risks hidden within the data.

What are banking ESG risks?

At a high level, ESG risks manifest in many of the same ways as traditional banking risks. According to the OCC, they can arise as risks to credit, liquidity, operations, legal/compliance and more.[7] Physical risks should not be discounted either. For example, flooding, wildfires and other extreme weather events may impact a bank’s decision to underwrite mortgages or loans in certain high-risk regions.[8] Additionally, non-climate-related ESG risks, such as cyber security and DEI, are increasingly top of mind for management and boards. All of these risks have the potential to impact banks’ compliance, profitability, liquidity and reputation.

Who is responsible for ESG risk management?

As with data, the banking industry has not yet converged on a uniform approach to ESG risk management. At some institutions, risk management is its own function, while at others it is grouped with compliance and overseen by a management or steering committee. Managing (and mitigating) ESG risk is a critical agenda item among senior management and the board. They are the ones ultimately accountable to investors for ESG action, or inaction. The SEC’s climate proposal drives this point home. If enacted, the proposal would require public companies to disclose governance and oversight of climate-related risks in the Form 10-K, including details about board members, board committees and management positions responsible for overseeing, assessing and managing those risks.[9]

The audit committee plays a critical role within board oversight. It is tasked with probing the appropriate stakeholders to understand the nature of ESG risks at play, the processes and controls in place to mitigate those risks, and the competitive and regulatory context in which those risks are situated.[10]

While the regulatory environment is evolving, banks can lay the foundation for an effective ESG risk management program by:

  • Developing a cross-functional approach to ESG risk management – one that involves stakeholders such as the board, management, finance, operations, internal audit, investor relations and bank employees.
  • Designing a risk management strategy through identification, inventory, monitoring and assessment.
  • Developing a board-level strategy to divide ESG reporting and risk management responsibilities among the relevant committees.
  • Proactively looking for ESG risks within and beyond the walls of the institution, whether in target customers, product offerings, vendors, procurement or the transaction life cycle.
  • Remembering that on the flip side of ESG risk is the opportunity to drive value for stakeholders. Effective ESG risk management is not just a compliance exercise – it is a competitive advantage and a tool for value creation.

Preparing for ESG reporting now is integral to a sound business strategy

Heightened expectations from regulators, analysts, boards, customers and others have elevated ESG from a “nice to have’’ initiative to an essential component of business strategy. And regulation of ESG reporting will be the reality in some form, sooner rather than later. How banks approach ESG measurement and management may be the difference between simply complying with regulation and leading in the sector.

For those early in their ESG journeys, the time to accelerate is now. Conducting a materiality assessment is a great first step to identify the ESG topics most important to the bank and its stakeholders. From there, a gap analysis can help determine the processes, controls and infrastructure the bank will need to execute its strategy. Equally important is developing a strong narrative – one that accurately details progress toward ESG goals and aligns with stakeholders’ expectations.

ESG is, and will continue to be, an important part of satisfying banks’ fiduciary responsibilities. Developing an array of ESG capabilities now is a chance to improve critical processes, engender trust from key stakeholders and ultimately emerge a leader in the space.


[1] KPMG LLP, “KPMG Survey: Banking execs focused on weathering risks to growth while investing in digital future,” June 2022,

[2] KPMG LLP, “Climate risk is financial risk – For banks it’s a board-level issue,” April 2021,

[3] KPMG LLP, “ESG Survey,” March 2022.

[4] KPMG LLP, “Climate Risk: FRB Pilot Scenario Analysis,” October 2022,

[5] KPMG LLP, “Bank Board Agendas 2022,” accessed October 2022,

[6] KPMG International, “ESG Risks in Banks,” May 2021,

[7] Office of the Comptroller of the Currency, Principles for Climate-Related Financial Risk Management for Large Banks, December 2021,

[8] KPMG LLP, “Bank Board Agendas 2022.”

[9] KPMG LLP, “SEC Proposes Climate Reporting and Assurance Rules,” March 2022,

[10] KPMG LLP, “An Audit Committee Lens on ESG Reporting,” 2021,

Additional Resources


Media Contact

Hannah Gould

Hannah Gould

Sr Assoc Corporate Communications, KPMG US








ESG is a business imperative, and the data proves it:

  • Half of 100 senior banking executives surveyed by KPMG said setting achievable ESG goals and reporting compliance are top priorities.[1]
  • In a KPMG review of 25 major banks around the world, 72 percent said climate risk is a financial risk that will impact their business in the longer term.[2]
  • 78 percent of companies recently surveyed by KPMG believe that SEC climate reporting will require more effort than current ESG reporting.[3]



Peter Torrente

Peter Torrente

National Sector Leader, Banking & Capital Markets, KPMG US

+1 212-872-5815
Diana Kunz

Diana Kunz

Partner, Audit, KPMG US

+1 312 665 8437
Christopher Seaman

Christopher Seaman

Partner, Audit , KPMG LLP

+1 205 986 3839
Alysha Horsley

Alysha Horsley

Partner, Audit, KPMG in the U.S.

+1 704 370 4368

Related content