Overview

In April, the PRA published consultation paper CP10/25 on climate-related financial risks, proposing updates to its supervisory expectations on climate-related financial risks (CRFR). This marks a step-change from SS3/19, enhancing requirements in areas such as governance, risk management, scenario analysis, data, and disclosure.

For small and medium-sized UK banks, these proposals are not only about compliance, but also a chance to embed climate resilience in business strategy, protect value, and build long-term competitive strength.

The consultation closed on 30 July 2025, with a final Policy Statement expected later this year.

Area	High-level SS3/19 Summary	High-level CP10/25 Summary (Chapter 2 of CP)	Key Changes
Governance and Board engagement	Boards to understand risks, set appetite, and oversee integration into strategy (3.2–3.4)	Boards must review strategy/appetite, challenge management using clear MI, and periodically reassess strategy; coherence with climate targets required where adopted (2.3–2.15)	More specific board role; stronger MI and challenge expectations
Risk appetite and cascading	General expectation on risk appetite, linked to metrics and strategy (3.3, 3.9)	Explicit requirement for climate-specific risk appetite at enterprise and business-line levels, informed by scenario analysis (2.16–2.17)	Clarifications to expectations, and more formal expectations on cascade of risk appetite
SMF accountability	SMF(s) to have responsibility for climate risk oversight (3.4)	SMF responsibilities must be clearly defined and linked to reporting lines, strategy delivery and performance management (2.19–2.22)	Expanded and more detailed accountability framework linked to performance
Risk identification	Firms to identify physical/transition risk using judgement and expert input (3.5, 3.12)	Structured, periodic identification and assessment expected, with classification in the central risk register and justification of materiality assessments (2.24–2.26, 2.28)	More rigour, clarity on document updates, and periodicity in risk identification
Risk measurement and metrics	Use mix of qualitative/quantitative tools and scenario results (3.3, 3.8–3.9)	Risk appetite metrics and limits required for material risks; regularly reviewed to reflect evolving risk and capability (2.30–2.31)	Codifies metrics/limits and links them to governance and risk monitoring. The PRA stopped short of specifying mandatory metrics.
Internal risk reporting	Boards to receive MI and scenario outputs for decision-making (3.13)	Structured internal risk reporting infrastructure required; frequency aligned to materiality and includes specific scenario/strategy information (2.32–2.34)	Clearer standards and expectations for MI content and cadence - alignment with BCBS principles
Scenario use and role	Scenario analysis encouraged for strategy, risk and capital planning; no fixed structure. Proportional approach expected, recognising limitations of early tools (3.6, 3.14–3.17).	Scenario analysis is central: required for strategy, risk appetite, ICAAP (reverse stress testing included); use cases must be tailored and scenarios justified (2.37–2.50). Firms must understand and challenge model assumptions; assess severity, tailor calibration, and update over time (2.51–2.57). Fallback requires clear justification if scenario analysis is not applied.	Clear shift towards greater emphasis of climate scenario analysis. Enhanced expectations on methodological rigour and ongoing reviews. Fallback approach would require robust justification.
Data adequacy and governance	Recognise data gaps and seek improvement; engage with clients and external sources (3.12)	Must define data strategies, identify gaps, plan enhancements; introduce governance for internal and third-party data and interim proxies (2.58–2.66)	Full data strategy and governance framework now expected
ICAAP and ILAAP integration	Include climate in ICAAP and justify assessments (3.7, 3.17)	Must assess and explain materiality in ICAAP and ILAAP; liquidity calibration must reflect climate risks if material (2.83–2.88)	More detailed guidance and broader scope across both capital and liquidity planning
Specific risk types	No explicit reference to credit-specific policies; general expectation to embed climate risk in overall risk frameworks (3.5)	Firms must define processes and controls to assess and mitigate climate credit risk; include concentrations and full credit lifecycle (2.90–2.92). Explicit proposals on managing market risk (e.g. volatility, correlation breakdown) and reputational/strategic risk (2.93–2.96)	Expanded expectations on credit frameworks and risk-specific mitigation
Disclosures	Firms encouraged to disclose climate risks voluntarily, aligned with TCFD, and in addition to any existing mandatory requirements under Pillar 3, Companies Act, etc. (3.18–3.22)	No material new requirements; TCFD replaced with UK Sustainability Reporting Standards (SRS) - based on ISSB publications - reflecting wider industry developments (2.67–2.72)	Alignment with evolving external frameworks; otherwise, core expectations remain unchanged. Acknowledgement of excessive disclosure requirements on banks.
Financial reporting	Not explicitly addressed	New: accounting processes must integrate climate risk into valuations, ECL, and financial disclosures, supported by controls and governance and reflecting accounting standards (2.75–2.82)	Extends expectations to financial reporting processes, eliminating a potential gap in SS3/19

The Road to CP 10/25

SS3/19, introduced in 2019, set the UK’s first supervisory expectations on climate-related risks. Progress since has been uneven – the PRA’s 2020 Dear CEO letter and thematic reviews highlighted some key gaps and implementation challenges.

CP10/25 responds with more detailed, actionable guidance while retaining flexibility through the application of proportionality.

Key Proposals

Governance

Boards should own the climate risk appetite and review it periodically.
There should be a clear link between the firm’s strategy and its climate goals (if set by the bank).
Management information (MI) provided to the Board must be relevant, scenario-informed, and support decision-making processes.
Firms must cascade their climate risk appetite and associated metrics and limits across the organisation, including as appropriate to business lines.

Risk Management

Firms must undertake structured, periodic climate risk identification processes to ensure all material risks are captured and understood.
Material risks must be substantiated (i.e., the rationale for the assessment of materiality) and recorded in the central risk register with mapping to transmission channels and existing risk categories: these will require re-assessment over time.
Risk metrics and limits are to be established, reviewed and evolved.
Climate-related operational risks should be reflected in the firm’s operational resilience planning.

Climate Scenario Analysis

Firms must explore a range of scenarios considering factors such as time-horizon and reflecting physical and transition risks; they should be tailored for the specific purpose (e.g., strategic planning, stress testing, etc.)
Scenario analysis should support decisions on strategy, risk appetite, capital, and liquidity. It should form part of the ICAAP and be incorporated within reverse stress testing processes.
Boards must understand the limitations linked to climate stress testing – which are likely to change over time – and ensure that sufficient resources are in place.
Scenarios and models upon which analyses are based should be regularly reviewed and updated in line with scientific and other developments.
Fallback arrangement where a bank has “an alternative approach to understand future risks in the absence of this framework.”

Data

Data gaps are widely recognised but should not stop banks from developing their approach to climate risks; accordingly, banks should look to develop structured plans to manage and close these gaps including through further investment.
Prudent assumptions or proxies can offer a temporary tactical workaround as appropriate.
Where reliance is placed on data from external providers, it must be subject to governance by the firm.
Banks’ internal systems should support climate risk data aggregation and reporting.

Disclosures

Owing to the disbandment of the TCFD, and the establishing of the ISSB – focus as to the benchmark for disclosures is replaced with UK Sustainability Reporting Standards (UK SRS), which are based upon the ISSB’s publications.
The PRA recognised that overlapping disclosure requirements may create strains and reduce clarity; thus, additional specific expectations were not further proposed.

Other Banking-specific Issues

Integrate climate risk into financial reporting, including ECL, closing a gap from SS3/19.
Further clarification on the need to integrate climate risk into the ILAAP and funding and liquidity frameworks.
Credit risk management must span the full lifecycle, with clear assessment of any concentrations.
Market risk frameworks must consider climate-driven volatility and structural changes in markets.
Banks must understand reputational, legal, and compliance risks from climate exposures.

Conclusion

CP10/25 marks the latest evolution in the PRA’s supervisory approach to climate-related financial risks. While the proposals build on the foundations of SS3/19, they reflect the regulator’s intention to provide some further clarity in order to move banks towards further action.

For small and medium-sized UK banks, it’s a timely opportunity to clarify how climate risks affect the business model, inform better decision-making, and align internal capabilities with growing stakeholder expectations.

As with all consultations, the PRA’s proposals may yet change in light of industry feedback. However, the direction of travel is that firms will be expected to demonstrate a credible, structured approach to identifying, assessing, and managing climate-related risks as a core part of broader prudential risk management activities.

Once finalised, to allow banks time to manage the changes and newer expectations moving from SS3/19, the PRA has proposed that firms are granted a period of 6-months following the implementation of the updated SS.

How We Can Help

At Katalysys, we support firms in embedding climate-related financial risks into core risk management practices, helping translate regulatory guidance into practical, scalable solutions.

Our team works closely with small and medium-sized banks to:

Integrate climate risks into the Risk Management Framework including linkage to existing risk categories and risk registers.
Develop climate-related risk appetite and risk dashboards, designing actionable qualitative and quantitative metrics, thresholds, and escalation triggers that support strong understanding, governance and oversight.
Design and deliver climate scenario analysis supporting capital assessments, strategy, and risk appetite decisions.
Enhance risk coverage in the ICAAP and ILAAP by identifying climate exposures relevant to internal assessments and reflecting these risks proportionately and credibly.
Support Boards and senior management through targeted workshops and briefings that build understanding and enable effective challenge and strategic input.

Whether you're refining an existing established framework or developing climate-related risk management capabilities from scratch, we can offer hands-on, proportionate support to help you respond with clarity and confidence.

For further information please contact:

CP10/25: Evolving Climate Risk Expectations for UK Banks