Task Force on Climate-related Financial Disclosures - Guidance on Risk Management Integration and Disclosure
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Task Force on
Climate-related
Financial Disclosures
Guidance on Risk Management
Integration and Disclosure
October 2020
Contents A. Background and Purpose 1 B. Scope and Approach 2 1. Companies in Scope 2 2. Focus on Climate-Related Risks 2 3. Common Risk Management Language 3 C. Unique Characteristics of Climate-Related Risks 4 D. Integration in Practice: Key Principles and Initial Steps 6 1. Key Principles to Guide Integration of Climate-Related Risks 7 2. Initial Steps for Integrating Climate-Related Risks into Risk Management 8 3. Key Takeaways 18 E. Disclosure of Risk Management Processes 19 1. Features of Decision-Useful Risk Management Disclosures 19 2. Examples of Risk Management Disclosures 21 Appendix 1: Climate-Related Risks and Potential Financial Impacts 35 Appendix 2: International Risk Management Frameworks 38 Appendix 3: Additional Information on Integration 39 Appendix 4: Glossary 46 Appendix 5: References 47 The Task Force gratefully acknowledges the work of Swiss Re’s Martin Weymann (Task Force Member), Nicholas Kitching, and Martin Strassner; the World Business Council for Sustainable Development’s Lois Guthrie and Luke Blower; and the TCFD Secretariat’s Stacy Coleman, Silvia Iancu, and Julia Berthel in the development of this guidance.
The Task Force on Climate-related Financial Disclosures
A. Background and Purpose
Since the Task Force on Climate-related Financial may face in implementing the Risk Management
Disclosures (Task Force or TCFD) issued its recommendation.4 In particular, this guidance
final recommendations in June 2017, it has is aimed at companies that are interested in
monitored climate-related financial disclosure integrating climate-related risks into their existing
practices and sought to identify and, when risk management processes and disclosing
possible, address challenges in implementing information on their risk management processes
the TCFD recommendations.1 As part of those in alignment with the TCFD recommendations.
efforts, the Task Force identified specific issues Companies with established risk management
related to implementing its Risk Management processes for climate-related risks — regardless
recommendation (see Figure A1), including of whether those processes are integrated
the following: into broader or overall risk management
processes — may find Section E. Disclosure
• 75% of companies surveyed by the of Risk Management Processes useful for
TCFD indicated the Risk Management disclosing information in alignment with the Risk
recommendation is somewhat or very Management recommendation.
difficult to implement and
The remainder of this guidance is organized as
• several of these companies indicated they do follows:
not have processes for identifying, assessing,
or managing climate-related risks.2
Section B. Scope and Approach. Describes the
scope of this guidance to cover financial and
non-financial companies with a focus on climate-
Figure A1 related risks and the Task Force’s use of defined
Table of Contents Risk Management Recommendation risk management concepts and terms to ensure
consistency of the terminology used.
Disclose how the company identifies, assesses,
A. and manages climate-related risks.
Section C. Unique Characteristics of
Background and Purpose
Climate-Related Risks. Describes the unique
a) Describe processes for identifying and characteristics of climate-related risks that are
assessing climate-related risks. important to consider when integrating such
B.
Scope and Approach risks into existing processes.
b) D
escribe processes for managing
climate-related risks. Section D. Integration in Practice: Key Principles
C. and Initial Steps. Explores the practicalities of
Unique Characteristics c) D
escribe how processes for identifying, integrating climate-related risks into existing risk
of Climate-Related Risks assessing, and managing climate-related risks management processes.
are integrated into overall risk management.
Section E. Disclosure of Risk Management
D.
Processes. Describes features of decision-useful
Integration in Practice:
Key Principles and risk management disclosures as well as examples
Initial Steps In addition, the Task Force’s latest status of companies’ disclosures.
report shows companies’ disclosure of their
Appendices. Provide further information
risk management processes is lower than
E. on topics covered in the guidance, including
their disclosure of most other recommended
Disclosure of Risk transition and physical risk definitions, additional
disclosures.3 Given this and the issues noted
Management Processes information to support integration, and
above, the Task Force developed this guidance
references.
to help address some of the issues companies
Appendices
1
TCFD, Final Report: Recommendations of the Task Force on Climate-related Financial Disclosures, June 29, 2017.
2
s part of its 2019 status report, the Task Force conducted a survey to better understand companies’ efforts to implement the TCFD
A
recommendations and associated challenges. See the Task Force’s 2019 status report, pp. 56–57.
3
See the Task Force’s 2020 status report.
4
In this document, the Task Force uses the term “companies” to refer to entities with public debt or equity and other organizations implementing
the TCFD recommendations.
1
The Task Force on Climate-related Financial Disclosures
B. Scope and Approach
The Task Force recognizes companies
implementing its recommendations come
2. FOCUS ON CLIMATE-RELATED RISKS
from various industries and use a wide range In its 2017 report, the Task Force made four
of practices and techniques to manage their recommendations on climate-related financial
risks. Some may use fully integrated, enterprise- disclosures, described in Figure B1. Notably,
wide risk management processes while others the Task Force’s recommendations related to
may use risk management processes that are governance, strategy, and metrics and targets
more focused on individual hazards. In this ask companies to disclose specific information
guidance, the Task Force does not prescribe on their climate-related risks and climate-related
specific risk management frameworks or opportunities, while the recommendation on risk
approaches as individual companies are management focuses on climate-related risks.
best positioned to determine this given their Since the primary purpose of this guidance is
circumstances. Instead, this guidance focuses to help companies with implementing the Risk
on integrating climate-related risks into existing Management recommendation, its primary
risk management processes and disclosing focus is on climate-related risks. Nevertheless,
information on those processes. the Task Force believes consideration of climate-
related opportunities is equally as important and
recognizes the execution of risk management
“Incorporating climate change risks into processes may facilitate the identification of
the existing risk management framework
is likely to be the best way to ensure that
Table of Contents
the impact of climate change is properly Figure B1
TCFD Recommendations
considered in decision making.” 5
The Task Force’s recommendations on
A.
climate-related financial disclosures, listed
Background and Purpose
below, are structured around four thematic
areas that represent core elements of how
B. companies operate: governance, strategy,
1. COMPANIES IN SCOPE
Scope and Approach risk management, and metrics and targets.
In developing this guidance, the Task Force
Governance
C. considered the types of companies that might
Unique Characteristics benefit most from it. Based on the results of the Disclose the company’s governance around
of Climate-Related Risks Task Force’s survey for its 2019 status report, climate-related risks and opportunities.
companies that found the Risk Management
recommendation difficult to implement and
D. Strategy
indicated they do not have processes for
Integration in Practice: identifying, assessing, or managing climate- Disclose the actual and potential impacts of
Key Principles and related risks were nearly evenly split between climate-related risks and opportunities on the
Initial Steps
financial and non-financial companies. As a company’s businesses, strategy, and financial
result, this guidance is intended to cover a planning where such information is material.
E. wide range of companies — from banks and
Disclosure of Risk insurance companies to various types of non- Risk Management
Management Processes financial companies, including energy; building
and materials; and agriculture, food, and forest Disclose how the company identifies, assesses,
products companies. In addition, as with its and manages climate-related risks.
Appendices
recommendations in general, the Task Force
expects this guidance to be useful to companies Metrics and Targets
of all sizes and located in various countries
Disclose the metrics and targets used to
around the world.
assess and manage relevant climate-related
risks and opportunities where such information
is material.
5
Parker Fitzgerald, Climate Change Risk Management in Financial Services, November 2019, p. 2.
2
The Task Force on Climate-related Financial Disclosures
opportunities. Climate-related opportunities may management topics in this guidance. COSO’s
arise as part of the development of responses ERM framework provides a possible approach
to specific climate-related risks — for example for boards and management to use to identify
operational and restructuring efficiencies and risks, manage such risks within a defined
development of new products, services, and risk appetite, and support the achievement
markets. In terms of defining climate-related of objectives. The framework describes
risks, this guidance uses the definitions included considerations around linking risk with strategy
in the Task Force’s 2017 report, as described in setting and day-to-day activities and embedding
Appendix 1: Climate-Related Risks and Potential risk throughout a company’s culture and
Financial Impacts. In its 2017 report, the Task performance management practices. The
Force divided climate-related risks into two major framework is built around five components,
categories — (1) risks related to the transition to as described in Figure B2; and while all five
a lower-carbon economy and (2) risks related to components are relevant to managing risk,
the physical impacts of climate change. this guidance focuses on the “Performance”
component, which aligns with the Task Force’s
Risk Management recommendation.
3. COMMON RISK MANAGEMENT Importantly, while this guidance uses concepts
LANGUAGE from COSO’s ERM framework, it is intended for
use with other risk management frameworks as
Since the guidance is intended for companies well, such as ISO 31000 or company-specific risk
of all sizes, from a wide range of industries, and management frameworks and processes.
located in various countries around the world, In addition, the Task Force recognizes companies
the Task Force sought to frame the discussion of implementing its recommendations may be
risk management processes using concepts from subject to specific laws and regulations that
a well-recognized, international risk management affect how they operate — including how they
framework. As described in Appendix 2: manage risk — and what information they
Table of Contents International Risk Management Frameworks, disclose. This guidance should not be seen as
the Task Force uses the Committee of Sponsoring superseding laws and regulations to which a
A. Organizations of the Treadway Commission’s company is subject.
Background and Purpose (COSO’s) enterprise risk management (ERM)
framework as the foundation for discussing risk
B.
Scope and Approach
Figure B2
C.
Unique Characteristics COSO’s Risk Management Components
of Climate-Related Risks
Figure B2
D.
Integration in Practice:
Key Principles and
Initial Steps
E.
Disclosure of Risk
Management Processes INFORMATION,
STRATEGY &
GOVERNANCE & CULTURE
OBJECTIVE-SETTING
PERFORMANCE REVIEW & REVISION COMMUNICATION
& REPORTING
Governance sets the tone, ERM, strategy, and Risks that may impact the By reviewing performance, a Enterprise risk management
Appendices reinforcing the importance of objective-setting work achievement of strategy company can consider how requires a continual process
and establishing oversight together in the strategic- and business objectives well the enterprise risk of obtaining and sharing
responsibilities for enterprise planning process. A risk management components necessary information, from
need to be identified and
risk management. Culture appetite is established and are functioning over time and both internal and external
pertains to ethical values, aligned with strategy;
assessed. Risks are in light of substantial sources, which flows up,
desired behaviors, and business objectives put prioritized by severity in changes, and what revisions down, and across the
understanding of risk in the strategy into practice while the context of risk are needed. company.
company. serving as a basis for appetite. The company
identifying, assessing, and then selects risk responses.
responding to risk.
Executive Summary: Enterprise Risk Management — Integrating with Strategy and Performance, © 2017, Committee of Sponsoring
Organizations of the Treadway Commission (COSO). All rights reserved. Used with permission.
Note: Emphasis added to Performance component.
3
Executive Summary: Enterprise Risk Management—Integrating with Strategy and Performance, © 2017, Committee of Sponsoring
The Task Force on Climate-related Financial Disclosures
C. Unique Characteristics
of Climate-Related Risks
In integrating climate-related risks into their on the impacts of global warming of 1.5°C, the
existing processes, companies should consider Intergovernmental Panel on Climate Change
the unique characteristics of these risks as they (IPCC) warned limiting the global average
may affect how integration is accomplished. temperature to a maximum of 1.5°C requires
In this section, the Task Force provides a brief “rapid and far-reaching transitions in land,
description of the wide-ranging implications of energy, industry, buildings, transport, and
climate change and then highlights the unique cities.” 7 Some of the possible implications
characteristics of climate-related risks. associated with different levels of warming
are shown in Figure C1.8
In terms of the range of implications of climate
change, it is widely recognized that continued These implications include potential impacts on
emission of greenhouse gases will cause further human health, infrastructure, transportation
warming of the Earth and that warming above systems, energy, food, and water supplies.
2° Celsius (2°C), relative to the preindustrial For companies, this means climate change can
period, could lead to catastrophic economic affect their facilities and operations, supply and
and social consequences.6 In its special report distribution chains, employees, and customers.
Figure C1
Table of Contents
Possible Implications of Different Temperature Increases
A.
Background and Purpose Warming by 2100
The Task Force on Climate-related Financial Disclosures
Based on economic models that have been Given the wide-ranging implications of climate
adapted to take a broader view of climate-related change in the short term and over the longer
risk — such as allowing for damage from tipping term, assessing the associated risks involves
points, extreme events, and socio-political dealing with a set of complex variables and
consequences of food crises, migration, and connections, many of which operate at different
conflict — global GDP (gross domestic product) temporal and spatial scales. A critical aspect of
could be significantly lower by 2100, especially integrating climate-related risks into existing
at higher levels of warming.9 In addition to processes involves taking into account the
climate-related physical risks, companies also unique characteristics of these risks — described
need to consider risks associated with society’s in Table C1 — that might not be fully considered
responses to climate change and the transition in the existing processes. This is the case
to a lower-carbon economy (climate-related whether climate-related risks are viewed as
transition risks), which include policy changes, stand-alone risks or drivers of existing risks.
reputational impacts, and shifts in market
preferences and technology. For example, the Recognizing these unique characteristics is
development and use of emerging technologies important for understanding how climate-
such as renewable energy and battery storage related risks may affect a company; and
will affect the competitiveness of certain integrating climate-related risks into existing risk
companies, their production and distribution management processes often requires adjusting
costs, and ultimately the demand for their existing processes to ensure these unique
products and services from end users. characteristics are reflected.
Table C1
Characteristics of Climate-Related Risks
Table of Contents
A. Different effects The effects of climate change and climate-related risks occur on local, regional,
Background and Purpose based on geography and global scales with different implications for different businesses, products
and activities and services, markets, operations, and value chains, among others.
B. Longer time Some climate-related risks exist and play out over time horizons that stretch beyond
Scope and Approach horizons and traditional business planning and investment cycles. These risks and related impacts
long-lived effects may occur as a result of decades-long changes in driving forces (e.g., greenhouse gas
concentrations in the atmosphere) leading to climate-related physical or transition risk
C. changes over the short, medium, and long term.
Unique Characteristics
of Climate-Related Risks Novel and Many of the effects of climate change have no precedent, limiting the ability to apply
uncertain nature statistical and trend analysis based on historical data. Climate change is a dynamic
D. and uncertain phenomenon and possible mitigation responses are also complex,
Integration in Practice: with many unknowns such as the development and deployment of critical technologies
Key Principles and and adaptation strategies as well as changing market and consumer behaviors.
Initial Steps
Changing magnitude Climate-related risks may manifest at different scales over time, with increasing
and nonlinear severity and scope of impacts. Climate systems may exhibit thresholds and tipping
E. dynamics points that result in large, long-term, abrupt, and possibly irreversible changes.10
Disclosure of Risk Understanding the sensitivities of tipping points in the physical climate system, as well
Management Processes as in ecosystems and society, is essential for understanding climate-related risks.
Complex Risks associated with climate change are interconnected across socioeconomic
Appendices relationships and and financial systems. Such interconnected risks are often characterized by knock-on
systemic effects effects and systemic effects, requiring a multidimensional perspective to assess the
short-, medium-, and long-term implications for a company.
9
ccording to the CRO Forum’s report (p. 14), “global GDP could be 25-40% lower by 2100 in a >3°C scenario versus baseline.” These estimates
A
are more severe than many other studies; however, the Network for Greening the Financial System (NGFS) — a group of 72 central banks and
supervisors — has indicated existing studies likely underestimate the risks associated with increased warming levels. In Climate Scenarios for Central
Banks and Supervisors, the NGFS describes damage estimates associated with 3°C of warming from several studies, which range from a loss of 2%
of global GDP to a loss of 25%. The NGFS indicates estimates vary for many reasons, such as the modeling approach used and whether impacts
are considered to directly affect growth rate. It also highlights few studies fully capture the potential risks of tipping points and most assume
socioeconomic factors such as population, migration, and conflict remain constant even at high levels of warming.
10
Lenton, T. M., et.al., “Climate Tipping Points–Too Risky to Bet Against,” Nature, Vol. 575, 2019.
5
The Task Force on Climate-related Financial Disclosures
D. Integration in Practice:
Key Principles and Initial Steps
This section describes principles the Task Force ways companies manage their risks in terms of
believes should underpin the integration of organizational structure, roles and responsibility,
climate-related risks into a company’s existing and the specific approaches and tools used,
risk management processes and outlines initial there is a general set of overarching activities or
steps that may help a company begin such an processes and associated key elements that are
integration. As mentioned previously, the Task common to risk management in most companies
Force recognizes companies implementing its (even if referred to differently). Given this
recommendations come from various industries general consistency in overarching or common
and use a wide range of practices and techniques risk management processes and key elements
to manage their risks. Some may use fully (see Figure D1), we refer to these throughout
integrated, enterprise-wide risk management the guidance when discussing the integration
processes while others may use risk of climate-related risks into risk management
management processes that are more focused processes.11
on individual hazards. While there are various
Figure D1 Figure D1
Common Risk Management Processes and Key Elements
Table of Contents
GOVERNANCE AND STRATEGY SETTING ELEMENTS
A. Board Oversight Risk Appetite Operating Structures Roles and Responsibilities
Background and Purpose
RISK MANAGEMENT PROCESS
B. IDENTIFY new, emerging, and ASSESS risks to understand the
Scope and Approach changing risks that may affect a severity of effects on business
company’s business objectives. objectives.
Identify Assess and
C. Risk Prioritize
Risk
Unique Characteristics IMPLEMENT RISK RESPONSE, PRIORITIZE risks to inform
of Climate-Related Risks which involves accepting, avoiding, decision-making on risk
pursuing, reducing, or sharing risk Implement Risk responses.
Response
based on results of the risk
D. (Manage Risk)
prioritization.
Integration in Practice:
Key Principles and
Initial Steps Risk Taxonomy Risk Approaches* Risk Criteria Risk Tools
ELEMENTS SUPPORTING RISK MANAGEMENT PROCESS
E.
Disclosure of Risk * Risk approaches include approaches used for identifying and assessing risks.
Management Processes
Appendices
11
igure D1 is based on concepts included in COSO and WBCSD’s Enterprise Risk Management–Applying Enterprise Risk Management to
F
Environmental, Social and Governance-Related Risks, October 2018.
6
The Task Force on Climate-related Financial Disclosures
A general understanding of risk management
processes and how they relate to strategy is
1. K EY PRINCIPLES TO
also important context for this guidance. In this GUIDE INTEGRATION OF
regard, the Task Force highlights a concept from CLIMATE-RELATED RISKS
COSO’s ERM framework, as described below.
The Task Force identified specific, key principles
— shown in Table D1 — to help companies
achieve effective integration of climate-related
Every organization — whether for-profit risks into existing risk management processes.
The Task Force further believes these key
or not — exists to create and preserve
principles are also useful for the ongoing
value for its stakeholders; and value management of climate-related risks, which
is created, preserved, or eroded through is beyond the scope of this guidance.13
management’s decisions across all The key principles are woven into the discussion
activities, from setting strategy and in this section on integrating climate-related
risks into existing risk management processes.
executing on business objectives The principles support climate change
to operating the organization on a considerations being included in the elements
day-to-day basis.12 of risk management processes consistently and
proportionately, taking into account other risks
to which the risk management process applies.
Interconnections between climate-related risks
The overarching purpose of risk management —
and other risks should be considered as part of
in whatever form it takes — is to support
the integration process and where the existing
a company in achieving its strategy and
elements are applied to a limited business or
business objectives to create value for its
strategic planning horizon, integration should
stakeholders. The primary purpose of
Table of Contents take account of the longer time horizons over
disclosing risk management processes is to
which climate-related risks might materialize.
provide context for how the company thinks
A. about and addresses the most significant risks
Background and Purpose to successfully executing its business objectives
and accomplishing its strategy.
B.
Scope and Approach
Table D1
C.
Unique Characteristics
Key Principles for Integration
of Climate-Related Risks
Interconnections. Integrating climate-related risks into existing risk management
D. requires analysis and collaboration across the company. The principle of interconnections
Integration in Practice: means all relevant functions, departments, and experts are involved in the integration
Key Principles and of climate-related risks into the company’s risk management processes and in the ongoing
Initial Steps management of climate-related risks.
E. Temporal Orientation. Climate-related physical and transition risks should be analyzed
Disclosure of Risk across short-, medium-, and long-term time frames for operational and strategic planning,
Management Processes which may require extending beyond traditional planning horizons.
Proportionality. The integration of climate-related risks into existing risk management
Appendices
processes should be proportionate in the context of the company’s other risks, the materiality
of its exposure to climate-related risks, and the implications for the company’s strategy.
Consistency. The methodology used to integrate climate-related risks should be used
consistently within a company’s risk management processes to support clarity on analysis
of developments and drivers of change over time.
12
COSO, Applying COSO’s Enterprise Risk Management — Integrated Framework, September 2004.
13
he key principles for integration complement and should be read in conjunction with the TCFD’s “Fundamental Principles for
T
Effective Disclosure.”
7The Task Force on Climate-related Financial Disclosures
in the company. This includes mapping climate-
2. I NITIAL STEPS FOR INTEGRATING related risks to existing risk categories and types.
CLIMATE-RELATED RISKS INTO
RISK MANAGEMENT Step 4 – Adapt existing risk management
processes and key elements based on
The Task Force’s guidance on integrating information gained in the previous steps and
climate-related risks into existing processes is the characteristics of climate-related risk as
organized as a set of high-level, initial steps and described in Section C. Unique Characteristics
is intended to support companies in identifying of Climate-Related Risks.
important considerations for integration.14 In
addition, the Task Force views these initial steps These steps draw on guidance developed by
— summarized below — as iterative rather than COSO and the World Business Council for
strictly sequential. Sustainable Development (WBCSD) on integrating
environmental, social, and governance-related
Step 1 – Ensure there is a general understanding risks into risk management processes
across the company of climate change concepts (COSO-WBCSD guidance) as well as other COSO
and its potential impacts. documents and are meant to provide a starting
point for companies in thinking through the
Step 2 – Identify the specific risk management
integration of climate-related risks into existing
processes and elements that may need to be
risk management processes.15 There are multiple
adjusted for the integration of climate-related
considerations related to integration a company
risk as well as the functions and departments
may need to explore; and some of these are
responsible for those processes and elements.
depicted in Figure D2. Those reflected in bold,
Step 3 – Incorporate climate-related risks into the blue text are described in this sub-section.
existing risk taxonomy and risk inventory used
Table of Contents
Figure D2
A.
Background and Purpose
Figure D2Examples of Considerations Related to Integration
B. Governance and Culture Tools and Reporting
Scope and Approach
Board and management support (pre Step 1) Adequacy of tools (Step 4)
Training (Step 1) Inclusion in internal risk reporting
C.
Unique Characteristics Responsibilities for risk management (Step 2) Adequacy of data and metrics
of Climate-Related Risks Climate change-related incentives Managing limitations of data and tools
Subcommittee accountability Climate-related risk disclosures
D.
Integration in Practice:
Key Principles and
FPO
Initial Steps Risk Identification and Assessment Strategy and Risk Appetite
Climate-related risks in risk inventory (Step 3) Incorporation into risk appetite (Step 4)
E. Approaches updated for climate issues (Step 4) Use of scenario analysis
Disclosure of Risk
Management Processes Prioritization criteria reviewed (Step 4) Integration into strategic decisions
Materiality assessment of climate drivers Implementation of risk tolerances
Appendices Integration into policies and procedures Management of breaches
Text in bold, blue font represents considerations described in this guidance, while text in regular font represents examples of other
considerations a company may need to explore as part of integration. These examples are not exhaustive.
14
OSO’s Creating and Protecting Value: Understanding and Implementing Enterprise Risk Management (thought paper) provides an
C
approach and steps for implementing enterprise risk management that could be adapted for integrating climate-related risks into
existing risk management processes. The approach and steps “are based on successful practices that companies have used to take
an incremental, step-by-step approach to implementing enterprise risk management.” The thought paper provides initial steps a
company could take, including forming a management working group to oversee integration and inventorying the company’s existing
risk management practices.
15
OSO and WBCSD, Enterprise Risk Management–Applying Enterprise Risk Management to Environmental, Social and Governance-Related Risks,
C
October 2018.
8The Task Force on Climate-related Financial Disclosures
Importantly, before undertaking an effort as culture of the company. Support from the board
significant as integrating climate-related risks and senior management is probably the single
into existing risk management processes, most important success factor for an effort such
it is important to have board and senior as this.16 Without this support, it may be difficult
management support. The board and senior to engage the people across the company as well
management not only set the strategy of the as other resources needed to work through the
company, they also set the “tone at the top” and issues associated with integration.
1. UNDERSTAND CLIMATE CHANGE CONCEPTS Foundational
For companies where climate-related risks have not traditionally been discussed or explicitly
addressed as part of existing risk management processes, it is important to ensure there is a basic
level of understanding across the company of climate change concepts and its potential impacts.
For example, it may helpful to define key terms and outline some of the significant climate change
hazards and general impacts to allow management and others involved in managing risk to connect
the general effects of climate change to more specific implications for the company. Figure D3
provides a sample of climate change hazards, key vulnerabilities, and key risks based upon the
IPCC’s Fifth Assessment Report.17
Figure D3
Table of Contents Sample of Climate Change Hazards
A. Sea level rise, coastal flooding Extreme heat Drought
Background and Purpose
Key Vulnerabilities: High Key Vulnerabilities: Increasing Key Vulnerabilities: Existing
exposure of people, economic urban populations of the elderly, water shortages and constraints
B. activity, and infrastructure in low- very young, and people with on increasing supply
Scope and Approach lying coastal zones chronic health problems subject
Key Risks: Insufficient water
to higher temperatures
Key Risks: Death, injury, and supply, yielding severe harm and
C. disruption to livelihoods, food Key Risks: Increased mortality economic impacts
Unique Characteristics supplies, and water and morbidity during periods of
of Climate-Related Risks extreme heat
D.
Integration in Practice:
Key Principles and
Initial Steps
E.
Disclosure of Risk
Management Processes
Appendices
16
COSO, Creating and Protecting Value: Understanding and Implementing Enterprise Risk Management, January 2020.
17
IPCC, Emergent Risks and Key Vulnerabilities, 2014.
9The Task Force on Climate-related Financial Disclosures
2. IDENTIFY PROCESSES AND FUNCTIONS Key Principle
An important aspect of integrating climate-related risks into existing processes is to understand
how risk management and strategic planning tie together and who the key stakeholders are. In this
regard, it may be helpful to review key governance, strategy setting, and risk management elements
(Figure D1, p. 6) and then identify the various functions involved in risk management activities that
support strategic planning (Figure D4).18
Figure D4
Figure D4
Illustrative Strategic Planning Cycle
Year
Function Activities Key Elements
Board / Sets strategy and defines Risk appetite
Management short-, medium-, and long-
term goals and plans Risk inventory
Finance / Risk Creates financial and Risk metrics and data
Management capital allocation plans
Risk management tools
Operations / Creates operational plans Risk assessments
Business to support strategies
Table of Contents Areas within financial constraints Risk responses
Implements risk Risk reporting
A. management plans
Background and Purpose
Ongoing identification, assessment, and management of risks
B.
Scope and Approach
C. This type of information may help a company in identifying key risk management elements and
Unique Characteristics the functions and departments responsible for various aspects of the company’s risk management
of Climate-Related Risks process. Such information is useful for determining the key stakeholders needed for risk
identification, assessment, and management processes.
D.
Integration in Practice:
Key Principles and
Initial Steps 3. UPDATE RISK TAXONOMY Key Principle
E. Using a common risk taxonomy — a set of consistently defined risk categories and sub-categories —
Disclosure of Risk helps companies identify, assess, and manage their risks.19 Part of integrating climate-related risks
Management Processes into existing processes involves determining whether such risks will be treated as stand-alone risks,
cross-cutting drivers of existing risks, or a combination of both and then appropriately incorporating
Appendices
the risks into the company’s risk taxonomy. The way in which climate-related risks are integrated into
existing risk management processes may depend in part on the risk categories or sub-categories
that have already been defined. Commonly used risk categories include financial, operational, and
strategic; however, most companies have additional risk categories as well.
18
F igure D4 is adapted from the COSO-WBCSD guidance (see p. 19).
19
risk taxonomy refers to how a company organizes risks consistently across the company and establishes “parent-child” relationships
A
between broad risk categories and specific sub-categories.
10The Task Force on Climate-related Financial Disclosures
The Task Force believes, in most situations, climate-related risks are drivers of existing risks
(i.e., risk factors) and focuses on such treatment in this guidance. To start, companies may benefit
from mapping climate-related risks to their existing risk categories. For example, events associated
with climate change may increase the cost of raw materials, which is an existing risk for many
companies (see Figure D5).
Figure D5
Sample of Risk Categories, Risk Types,
and Climate-Related Risks
Category Type (Sub-Category) Climate-Related Risks
Financial • Credit Risk • Creditworthiness is eroded and interest rates rise
• Liquidity Risk as lenders consider escalating business risks related
to climate change
• Tax Strategy
• Costs increase from taxes or fees on carbon
emissions
Operational • Supply Chain • Supply chain disruptions occur because of droughts
• Raw Material Availability or extreme weather impacts in supplier regions
• Business Continuity • Costs increase on raw materials due to sustainable
forestry practice requirements
Table of Contents • Changing weather patterns and increased natural
disasters disrupt operations
A. Strategic • Competition • Shift in customer preferences toward products that
Background and Purpose are produced with lower emissions or that produce
• Changing Customer Preferences
lower emissions
B.
Scope and Approach
Once a company has determined how climate-related risks fit into the existing risk taxonomy and
C. risk categories, it should consider updating its risk inventory, which lists the risks the company faces
Unique Characteristics and generally includes the major risk categories along with standard definitions of the risks.20 A risk
of Climate-Related Risks inventory may also include a description of the impact of each risk, possible risk responses, and a risk
owner. As a company works through integration and staff become more familiar with climate-related
D. risks, updating the risk inventory may occur more frequently than usual in the beginning stages.
Integration in Practice:
Key Principles and
Initial Steps
4. ADJUST RISK MANAGEMENT ELEMENTS Key Principle
E.
Disclosure of Risk
Management Processes
The fourth step is to adapt existing risk management processes and associated elements based on
knowledge gained through the previous steps and on the unique characteristics of climate-related
risks. To provide a general idea of how a company might begin the process of adjusting its risk
Appendices management processes and associated elements, the Task Force outlines considerations related to
risk appetite, risk identification and assessment, and risk management tools.
Risk Appetite
Risk appetite refers to the types and amount of risk, on a broad level, a company is willing to accept
in pursuit of value. Risk tolerance is defined as the boundaries of acceptable variation in performance
related to achieving business objectives. Once set, risk appetite and risk tolerance become the
20
OSO and WBCSD, Enterprise Risk Management–Applying Enterprise Risk Management to Environmental, Social and Governance-Related Risks,
C
October 2018.
11The Task Force on Climate-related Financial Disclosures
boundaries for acceptable decision-making.
Boards and management typically set the Figure D6
risk appetite for a company when considering Considerations for Adjusting Risk Appetite
strategy and business plans, as the two are often
intertwined.21 Figure D6 outlines important Approach to Setting Risk Appetite
aspects of a company’s risk appetite that should Risk appetite is defined at a high level (top down),
be considered when integrating climate-related based on a company’s core values and strategic
risks.22 For example, consideration of climate- ambition, and rooted in the business context.
related risks and opportunities may affect a
company’s strategic plans in terms of the types Risk appetite considers the types of risks (e.g.,
and amounts of risks it is willing to accept as well strategic, operational, financial) the company needs to
as new products and services it plans to develop. take or avoid in order to achieve its strategic ambition.
Adjusting a company’s risk appetite may be an
A company is typically willing to take on a net total
iterative process as the board and management
amount of risk, which can be allocated to each
become more familiar with climate-related risks category of risk to align with the company’s core
and opportunities and how those issues factor values and strategy.
into their strategic thinking.
Risk capacity is the maximum amount of risk that
a company can absorb in the pursuit of strategy and
Risk Identification and Assessment:
business objectives. It considers liquidity, stakeholder
Time Horizons relationships, capabilities, and other factors.
A key consideration in integrating climate-related
Risk capacity provides a set of boundaries for
risks into existing risk management processes defining meaningful risk appetite and tolerance.
relates to the time horizon over which risks are
identified and assessed and whether that time
horizon is sufficiently long-term to take account
Table of Contents of the range of climate-related risks. Under its Strategy recommendation, the Task Force
asks companies to describe the climate-related risks and opportunities they have identified over
the short, medium, and long term. As a result, a company’s risk management process should support
A.
the identification of risks that may arise in the long term as well as the short and medium term.
Background and Purpose
However, based on a 2017 WBCSD study, the time horizon for many companies’ risk identification
and assessment processes is typically two to five years, with some companies using a longer time
B. horizon of five to ten years given their longer investment time frames.23
Scope and Approach
Recognizing some climate-related risks may have implications for a company beyond five or ten years,
the Task Force encourages companies to consider the appropriate time frames when identifying
C. and assessing climate-related risks as well as potential approaches to support the identification and
Unique Characteristics assessment of longer-term climate-related risks (as described in Table D2, p. 13, and Table D3, p. 14).
of Climate-Related Risks
Risk Identification and Assessment: Approaches
D.
Integration in Practice: A company’s existing approaches to identifying and assessing risks may warrant adjustment to
Key Principles and ensure those approaches sufficiently address the unique characteristics of climate-related risks.
Initial Steps For example, in companies where risk identification is performed separately by individual business
and operations areas, such an approach may miss certain climate-related risks, especially ones that
are interconnected across socioeconomic and financial systems. To surface these types of risks, a
E.
company may want to consider bringing together multidisciplinary teams to work together.
Disclosure of Risk
Management Processes
To help companies think about possible adjustments to their identification and assessment
approaches, the Task Force outlines some of the unique characteristics of climate-related transition
Appendices (Table D2, p. 13) and physical risks (Table D3, p. 14), respectively, as defined in its 2017 report and
describes possible approaches and metrics companies may want to consider when incorporating
climate-related risks into their existing processes.24 Many of the characteristics included in the tables
below tie back to those described in Table C1 (p. 5).
21
OSO and WBCSD, Enterprise Risk Management–Applying Enterprise Risk Management to Environmental, Social and Governance-Related Risks,
C
October 2018.
22
Adapted from the COSO-WBCSD guidance (see p. 34).
23
orld Business Council for Sustainable Development, Sustainability and Enterprise Risk Management: The First Step Towards Integration,
W
January 18, 2017.
24
See Table A1-1 (p. 36) for the Task Force’s definitions of climate-related transition and physical risks.
12The Task Force on Climate-related Financial Disclosures
Table D2
Transition Risks and Identification
and Assessment Approaches
Type Characteristics Approaches Possible Metrics
• Differences in local, regional, • Tracking of regulatory • Financial impact of carbon pricing
and global requirements and developments and emission trading
incentives • Assessment of impact of • Asset write-off, asset impairment,
• Novel and uncertain effects regulation, including implications and retirement cost
Policy and Legal
of policy and legal actions across across operations, supply chains, • Number of nodes of influence
jurisdictions and jurisdictions connecting key policy
• Complex relationships • Cross-functional, developments
connecting different regulatory multidisciplinary collaboration to • Number of relevant policy
developments across different identify risks and implications measures and development
actors and departments • Scenario analysis focused on timelines
policy environment, sequence, • Number of lawsuits brought
timing, and relationships forward
• Uncertain role of different • Technology assessment and • Cost of supply, rate of return,
solutions and technologies over forecasting return on investment, and
time, for different uses, and in • Maturity and readiness of payback periods for different
different contexts technology technologies
Table of Contents • Novel technologies, capabilities, • Product development
• Cost-benefit analysis associated
and applications with key technologies effectiveness and cost
Technology
A. • Complex relationships among • Analysis of organizational skills, • Time to market and research and
Background and Purpose market conditions, economics, knowledge, and capabilities development success rate
and policy environment associated with key technologies • Capabilities across peers
B. • Mapping of dependencies and • Number of and effectiveness
enabling conditions of collaborative research
Scope and Approach
(e.g., investment, policy) relationships
• Scenario analysis focused on • Number of patents
C. technological development, use,
Unique Characteristics deployment, and impact
of Climate-Related Risks
• Novel dynamics and signals from • Analysis of trends in supply and • Market size
supply-demand relationships demand for products • Growth potential
D. affecting raw materials, products, and services
Integration in Practice: and services • Commodity, product, and service
• Comparison of company’s pricing
Key Principles and
Market
• Nonlinear relationships affecting position and strategy to
Initial Steps demand and costs competition • Market coverage and share index
• Complex relationships among • Engagement with customers • Opportunity and threat index
E. policy, consumers, and societal and suppliers • Product portfolio index
Disclosure of Risk context • Identification of merger and • Revenue mix and sources
Management Processes acquisition targets
• Magnitude of severity and scope • Use of social media, customer • Share price change
Appendices
of impact can rapidly change, feedback, and market research • Competitors’ market positions
often enabled by the internet and to track customer sentiment and
social media changing preferences • Employee satisfaction level
Reputation
• Novel nature of responses and • Evaluation of employee • Customer loyalty and retention
reactions as societal awareness engagement and satisfaction level (e.g., net promoter score)
and understanding shifts • Identification of relationships • Changes in customer satisfaction
• Interconnected issues driving between events and news and • Media and social media sentiment
impacts and actions business and financial impacts
• Number of new customers
• Independent rankings and ratings
13The Task Force on Climate-related Financial Disclosures
Table D3
Physical Risks and Identification
and Assessment Approaches
Type Characteristics Approaches Possible Metrics
• Uncertain timing, scope, and • Use of expert input • Number of locations, facilities,
severity of impacts of extreme from meteorologists, business lines, etc. exposed
weather events oceanographers, and climate or affected
and atmospheric scientists
• Different effects based • Duration of event
on events (e.g., cyclones, • Stress testing to assess
• Projected or identified loss
hurricanes, floods, drought) sensitivity and resilience of key
or damage to business facility,
and geography business units and activities
supply chain, etc.
Acute
• Changing magnitude and • Forecasting using historical
• Projected or identified cost
nonlinear impacts associated data and lookback studies
of business interruption,
with events
• Scenario analysis focused on repairs, etc.
• Complex relationships and frequency, intensity,
• Projected or identified impact
interconnections between and location of extreme
on sales and consumer
factors and variables that weather events
behavior
influence weather events
• Hazard mapping and
• Insurance costs
catastrophe modeling
Table of Contents
• Longer time horizons • Use of expert input • Projected or identified impact
A. associated with certain climate from meteorologists, on revenues and expenditures
Background and Purpose changes (e.g., sea level rise) oceanographers, and climate
• Changes in operating and
and atmospheric scientists
• Changing magnitude and capital costs
Chronic
nonlinear impacts associated • Scenario analysis focused
B. • Changes in market behavior
with tipping points and on potential impacts and
Scope and Approach • Projected or identified impact
thresholds implications of chronic physical
climate change on sales and consumer
• Different effects based on
C. behavior
events and geography • Hazard mapping and
Unique Characteristics catastrophe modeling • Insurance costs
of Climate-Related Risks
D.
Integration in Practice:
Key Principles and As noted in the tables above, scenario analysis is a useful tool for risk identification and assessment
Initial Steps of climate-related risks, especially for those risks where the timing is uncertain and difficult to assess.
In its 2017 report, the Task Force emphasized the importance of using scenario analysis to assess
E. potential business, strategic, and financial implications of climate-related risks.25 The Task Force also
Disclosure of Risk issued The Use of Scenario Analysis in Disclosure of Climate-Related Risks and Opportunities (technical
Management Processes supplement) in 2017 to provide additional guidance to companies on using climate-related scenario
analysis. In 2020, the Task Force issued guidance on scenario analysis to provide practical, process-
oriented ways companies may use climate-related scenario analysis — to extend and deepen the
Appendices guidance in its technical supplement.26 Also see Section 3. Scenario Analysis in Appendix 3: Additional
Information on Integration for more information.
25
See Section D. Scenario Analysis and Climate-Related Issues in the Task Force’s 2017 report.
26
TCFD, Guidance on Scenario Analysis for Non-Financial Companies, October 29, 2020.
14The Task Force on Climate-related Financial Disclosures
Risk Identification and Assessment: Prioritization Criteria
A company’s assessment of its risks is fundamental to its prioritization of those risks and management
of (response to) the most significant ones. Many companies use a traditional “likelihood and impact”
approach to gauge the severity or materiality of their risks. To prioritize their risks, companies may use
the severity of the risks as determined by the intersection of their likelihoods and impacts
and then evaluate the severity of the risks relative to risk appetite.
Given some of the unique characteristics of climate-related risks, companies may want to consider
expanding their prioritization criteria to include “vulnerability” and “speed of onset.” These
prioritization criteria are defined as follows:27
• Vulnerability refers to the susceptibility of a company to a risk event in terms of the company’s
preparedness, agility, and adaptability. Vulnerability is related to impact and likelihood — the more
vulnerable the company is to the risk, the higher the impact is if the event occurs. If risk controls are
not in place and operating as designed, then the likelihood of an event increases.
• Speed of onset refers to the time that elapses between the occurrence of an event and the point
at which the company first feels its effects. Knowing the speed of onset is often useful when
developing risk response plans.
Using “vulnerability” as part of the prioritization criteria is relevant for climate-related risks because
such risks are often unpredictable; however, a company can build in adaptability mechanisms to
respond to or absorb risk. For example, in the 1980s, a large oil company (Shell) diversified its portfolio
and used scenario planning to prepare and adapt to potential oil price fluctuations that were generally
considered unforeseeable.28 “Speed of onset” is also relevant for climate-related risks. As an example,
consider the time frame in which a company’s operations could be affected by severe flooding —
immediately or within a matter of hours. For risks such as this, it may be important to recognize the
Table of Contents
speed of onset so that actions can be taken to mitigate the impact of these risks if they do occur.
A.
Background and Purpose
B.
Scope and Approach
C.
Unique Characteristics
of Climate-Related Risks
D.
Integration in Practice:
Key Principles and
Initial Steps
E.
Disclosure of Risk
Management Processes
Appendices
27
hese definitions are based on COSO’s Risk Assessment in Practice, pp. 6–7. In the COSO guidance, vulnerability and speed of onset are
T
described as assessment criteria, whereas similar criteria are described in the COSO-WBCSD guidance as prioritization criteria.
28
See the COSO-WBCSD guidance, p. 51.
15The Task Force on Climate-related Financial Disclosures
Figure D7 shows an illustrative example of how a company might apply the vulnerability and speed
of onset criteria, along with likelihood and impact criteria, to its risks in order to prioritize them. As
shown in the figure, a company’s risks are plotted based on likelihood (y-axis) and impact (x-axis), with
the most likely and largest impact risks occupying the upper right quadrant. Based on the likelihood
and impact scores alone, risk number 3 is the top risk facing the company — closely followed by risk
number 4. However, when one considers the scores for vulnerability and speed of onset, risk number 1
becomes the top risk given the company’s high vulnerability to the risk and its rapid speed of onset.
Figure D7
Illustrative Heat Map Based on Prioritization Criteria
t Map Based on Prioritization Criteria
5
3 # Risk I L V S
10 7 4 1 Supply chain disruption 4.8 3.7 3.8 4
n 11 6 2 Customer preference shift 4.1 3.3 3.5 2
4 9 3 Copper price rise >10% 4.3 4.7 2.3 4
1
5 4 Work stoppage > 1 week 4.4 4.5 4.1 3
8
!"#$%&'*- n 5 Economic downturn 4.0 3.7 3.5 2
LIKELIHOOD
2
6 Supplier consolidation 3.8 4.2 3.2 1
3
n 7 Local competitors enter 3.9 4.5 3.6 1
20
8 New substitutes available 4.5 3.6 4.2 1
9 Cost of capital rise >5% 2.9 4.0 2.9 3
Table of Contents
n n 10 Tighter emission standards 3.4 4.6 2.9 1
2
11 Exchange rate fluctuations 2.7 4.1 2.7 4
A. n n
n ... ... ... ... ...
Background and Purpose n
20 Impairment of assets 1.6 2.7 1.6 1
1 2 3 4 5
B. IMPACT I = Impact L = Likelihood V = Vulnerability S = Speed of Onset
Scope and Approach
LEGEND ILLUSTRATIVE RATING SCALES FOR CRITERIA
C. Dots represent risk #1 - #n Rating Impact Likelihood Vulnerability Speed of Onset
Dots represent risk #1 - #n
Unique Characteristics Dot size reflects speed of onset: 5 Extreme Frequent Very High Immediate
Dot size and color reflect speed of onset:
4 Major Likely High Rapid
of Climate-Related Risks
Very Low Low Medium High Very High 3 Moderate Possible Medium Medium
2 Minor Unlikely Low Slow
D. 1 Incidental Rare Very Low Very Slow
Integration in Practice:
Key Principles and Adapted from COSO’s Risk Assessment in Practice, October 2012, pp. 4–7 and 16
Initial Steps
m COSO’s Risk Assessment in Practice, October 2012, p 16.
E.
Disclosure of Risk
Management Processes
Appendices
16You can also read
