ESG reporting and risk

New considerations for financial sector CROs

Steven Arnold

Steven Arnold

Financial Services Advisory Leader, KPMG US

+1 213-430-2110

Amy S. Matsuo

Amy S. Matsuo

Regulatory and ESG Insights Leader, KPMG US

+1 919-664-7100

The Chief Risk Officer (CRO) is about to be front and center in the effort to prepare U.S. financial institutions to meet rising standards for environmental, social and corporate governance (ESG) reporting.

To date, ESG reporting has leaned more heavily on non-financial data, as well as data from non-traditional sources. However, new regulations already enacted in EMEA and indicated in the United States will require financial services firms to disclose both the impact their activities have on ESG metrics, and how they are prepared to mitigate physical and transition risks related to climate change.

Given the rigor associated with such regulatory action, ownership of ESG disclosures will likely shift from corporate relations to the traditional bastions of regulatory affairs: risk and finance. This will create myriad challenges for CROs as they integrate these new risks into an ERM framework designed without ESG in mind, and with first line business units who are both unfamiliar with ESG objectives and inconsistent in their approach to ESG concepts.

Many of these issues will take significant time to overcome due to lack of data or mature measurement approaches. Some of the key challenges that a CRO will need to consider include:

  1. Which reporting frameworks to follow, what information to report, the frequency of that reporting, and the quality of the data being reported;
  2. ESG literacy and communication, given that misinterpretation of ESG disclosures can damage an institution’s reputation or cause peer comparison distortions; and
  3. Unintended or unknown biases within artificial intelligence (AI) and broader modeling and forecasting measurement techniques.
Each of these challenges vary in terms of impact, potential path to solution, and unique skillsets required. Also, knowing the organization’s limitations in each area is key to determining which disclosures to make, and when. Below we discuss the issues in greater detail.
Reporting frameworks

It is possible that the early guidance issued by U.S. regulators will be relatively nebulous, leaving the CRO to develop the scope, the materiality requirement, and the framework for disclosures. There are several reporting and disclosure frameworks from various organizations[1], and some of the recommended disclosures within these frameworks are currently being reported by financial institutions through either corporate social responsibility (CSR) reporting or an existing “ESG-like” report.

However, new ESG disclosures and metrics will require new data to be captured and curated. Given the expected evolution of these disclosures from infrequent and informal to something that looks more like Comprehensive Capital Analysis and Review (CCAR), there is a similar expectation for more stringent controls to be put in place around the underlying data, the data extraction techniques, the sources of the data, any assumptions used to impute data gaps, and data aggregation and presentation.

With the volume of risk-related metrics (i.e. credit, market, operational) to measure impact on the “E,” environment, we expect the CRO to have a key vote at the table, along with the chief financial officer (CFO) and chief sustainability officer (CSO).

ESG literacy and communication

A key success factor for a CRO will be anticipating the ESG information that stakeholders seek, and then ensuring that the information provided is fully understood, both internally and externally.

One prudent step that all financial institutions can take is developing a training and communication program specific to ESG. This program can inform stakeholders—from directors and executive management to activist investors and regulators—about the meaning and limitations of ESG disclosures, as well as engage participants to share the information they find most useful and material to them. An example would be communicating committed credit exposure to energy and power utilities clients.

Initial focus on the board is key. Familiarity with ESG, particularly in financial services, will vary widely among directors and potentially impact both how and what the CRO reports to the board. Regular communication, training and education workshops, and coordination with the broader executive leadership team can help manage expectations and ultimately narrow and eliminate any gaps in understanding.

Unintended or unknown biases

Given that computer-driven models generally look to past relationships to project the future, unintended biases that crept into prior decisions and associated financial performance can influence future forecasts and decision making. This has historically impacted protected categories or groups, and a large part of the “S” agenda in the financial sector is to eradicate these social biases.

It is not hard to imagine the creation of metrics related to the increased number of machine learning/AI models driving credit decisioning. Understanding whether this risk exists in the organization, and acting if it does, is on the CRO agenda currently and will only increase in significance going forward.

Many organizations are considering increasing machine learning and AI modeling techniques in their ESG quantification framework and elsewhere within the risk organization. CROs will need to develop AI governance that includes monitoring techniques and potential reporting under the “G” and “S” to help safeguard against bias within models.

As the last point notes, coordination between the CRO and other key offices to aggregate and analyze ESG-related data for reporting will drive success. In our next article, we will address the unique ESG reporting challenges and considerations of the CFO.


  1. Clean Data Policy (CDP), Global Reporting Initiative (GRI), Sustainability Accounting Standards Board (SASB), and Task Force on Climate-related Financial Disclosures (TCFD), among others.