A large share of the market still treats sustainability-related work as a mixture of reporting, data collection and ESG scoring. The EBA framework points somewhere else. It places environmental, social and governance risks within prudential risk management. In other words, this is not primarily about publishing better sustainability information. It is about identifying risks that can affect the safety, soundness and resilience of the institution.

That has immediate consequences for how banks should organise their response.

First, sustainability risk integration is not just a sustainability function issue. It is a cross-functional banking issue involving risk, credit, methodology, data, compliance, model governance and senior management. A bank cannot solve it by asking an ESG team to add another reporting layer to existing processes.

Second, the EBA is not asking institutions to consider only the climate. The framing is sustainability risk, not climate risk alone. That matters because many institutions have built early programmes around transition risk, physical risk and financed emissions, but have not developed equivalent thinking around labour-related risks, governance failures, environmental liabilities, supply-chain abuses or other non-climate sustainability risks that can also affect borrower resilience and portfolio outcomes.

Third, the requirement is not limited to high-level policy statements. A bank needs a functioning analytical structure. It must be able to identify which sustainability risks matter, where they matter, how they transmit into financial risk and how that affects risk management and credit judgement.

This is where many institutions underestimate the challenge. Prudential integration requires a different standard of precision than disclosure. A disclosure regime can tolerate broad categories, qualitative descriptions and partial metrics. Credit risk management cannot. A bank ultimately needs to decide whether a sustainability-related issue is materially relevant for a debtor, how that affects current or future risk, and what should be done with that conclusion.

That demands methodology.

The EBA requirement should therefore be read as a call for disciplined sustainability risk architecture. A bank must establish a risk materiality framework. It must identify transmission channels into traditional risk categories. It must define which information is needed to support the assessment. And it must ensure that the approach is consistent enough to operate across a large number of debtors without collapsing into case-by-case subjectivity.

This is also why many popular market shortcuts fail.

Simple ESG scorings do not solve the problem. They are not built for prudential credit use. Generic questionnaires do not solve the problem. Without a materiality framework, they generate data without decision value. Climate-only models do not solve the problem. They capture only part of the sustainability risk spectrum.

The practical implication for banks is clear. Sustainability risk integration should be treated as a core risk-methodology build, not a side initiative. It belongs closer to credit architecture than to corporate communications.

Institutions that recognise that early will move faster and more effectively. Those that continue to treat the issue as an ESG reporting extension are likely to find themselves busy, but not ready.

Other articles in the series: