The PRA Raises the Bar on Climate Risk: What Banks Need to Do Now

The PRA’s newly published consultation paper (CP10/25) marks a decisive shift in how UK banks are expected to manage climate related risks. Building on SS3/19, it moves beyond setting foundations and focuses on implementation, accountability, and integration across risk frameworks. This article will outline the key takeaways of the paper and some hard examples of what the PRA will expect to see from banks in the next year.

1. Governance and Accountability

One of the strongest messages in CP10/25 is that climate risk needs to be embedded into the core of how firms are governed and managed.

Boards are expected to set clear climate related risk appetites and ensure that climate risk considerations are properly integrated into decision making at all levels. This includes regular reporting to the Board, documented reviews, and senior manager accountability.

What this means for banks: Firms need governance processes that do more than tick boxes. They need Board-level discussions informed by climate risk analysis and a clear link between stated climate goals and the way the business is run.

2. Risk Management

The PRA wants firms to treat climate risk like any other core financial risk meaning it needs to be present in risk registers, appetite frameworks, limits, and MI.

The expectations are clearer now: quantitative metrics where appropriate, scenario-informed limits, and risk identification that drills down to sector, geography, and counterparty level.

What to do now: Start with a thorough review of how climate risk is being identified and monitored. Are credit limits informed by climate exposures? Is there a consistent view of climate risk across business lines? Can your risk appetite metrics stand up to scrutiny?

3. Climate Scenario Analysis (CSA):

CSA is a central pillar of the new framework and an area where the PRA has been blunt: firms aren’t doing enough.

The PRA wants to see scenario analysis that’s tailored, objective-driven, and used meaningfully. That includes using scenarios to test strategic plans and capital resilience and reverse stress testing.

Where to focus: Build CSA processes that are credible, challengeable, and well-documented. Off-the-shelf tools may help, but the PRA expects firms to understand their limitations and assumptions. Outputs need to link back to business planning, ICAAP, and risk limits.

4. Data: Gaps Are Not an Excuse

The PRA acknowledges the industry’s data challenges, however, also makes it clear that data gaps don’t justify inaction. If perfect data isn’t available, firms should be using proxies or conservative assumptions, with proper documentation and governance.

Banks should also be able to show how external data is validated and how limitations are factored into model use.

Immediate priority: Review your climate risk data strategy. Are controls in place for data lineage and quality? Are climate assumptions in models transparent and challengeable? How do you plan to close the gaps?

5. ICAAP and ILAAP: Integration Is No Longer Optional

Climate risk now needs to be factored explicitly into both ICAAP and ILAAP. For capital, that means demonstrating how scenario outcomes affect loss projections, capital buffers, and business model viability. For liquidity, the PRA wants banks to assess how climate-related risks could impact funding outflows, asset liquidity, and the value of liquid buffers.

Next step: If climate isn’t already embedded in your capital and liquidity stress testing, now is the time to build that capability with governance oversight and Board sign-off.

6. Proportionality: Based on Exposure, Not Size

The updated guidance states proportionality is not about how big you are, but how exposed you are.

All firms need to carry out a materiality assessment that will determine the depth and sophistication of the tools you’re expected to use but it doesn’t exempt anyone from doing the work.

What this means: Even smaller firms should have a clear view of their exposure to climate risk, supported by scenario analysis (even if simpler) and formal Board-level review.

7. Disclosures and Reporting: The Next Wave Is Coming

Although CP10/25 doesn’t introduce new disclosure rules, it signals a shift toward alignment with the UK Sustainability Reporting Standards (UK SRS), which will eventually replace TCFD (Task Force on Climate-related Financial Disclosures).

Disclosures will need to reflect how climate risk is integrated into strategy, governance, and risk frameworks not just standalone climate reports.

Looking ahead: Use this window to get your house in order. Map out where climate risk sits in your reporting suite, and identify opportunities to improve clarity, consistency, and credibility.

8. What Banks Should Be Planning now:

The PRA has outlined expectations. But what does this mean in practical terms? Firms need to move quickly from theory to action. Below are examples that banks should be considering today:

Credit Risk and Lending: Embedding Climate into Decisions

• Buy-to-let portfolios: Assess EPC ratings across the mortgage book. Properties rated D or below may face transition risk through future regulation or reduced tenant demand.

• Underwriting policies: Incorporate climate risk indicators (e.g. flood zone, wildfire exposure) into affordability models and approval criteria.

• Portfolio monitoring: Track exposures to high emitting sectors or geographies vulnerable to physical risks. Use this to update appetite statements and trigger early warning indicators.

Physical Risk Mapping

Use geospatial data and postcode level overlays to identify loans secured against properties exposed to:

• Flood risk (via EA flood zone mapping)

• Wildfire and heatwave risk, especially for international property portfolios (e.g. Southern Europe, US West Coast)

• Coastal erosion or sea-level rise for mortgages in low-lying areas

Business and Transactional Risk

• For corporate lending, integrate transition risk assessments into credit approval: e.g. borrower’s decarbonisation strategy, sector climate exposure, reliance on fossil-linked revenues.

• Include climate red flags in due diligence: Are suppliers/clients in flood prone areas? Is the borrower over-concentrated in a declining carbon intensive market?

• Align risk appetite by setting exposure caps on vulnerable industries or locations.

Management Information (MI) and Internal Reporting

• Develop dashboards showing:

• Climate-adjusted loan performance by region/sector

• EPC distribution of property portfolios

• Trends in exposure to climate-stressed industries

• Scenario analysis outputs mapped to strategic plans and limits

Capital Planning

• Model downside climate scenarios across:

• Residential and commercial real estate portfolios

• High LTV loans in flood-prone areas

• SME lending to sectors with no viable transition path (e.g. coal and peat extraction)

• Adjust capital buffers or provisioning strategies to reflect findings.

In Summary: This Is the Start of a New Phase

CP10/25 sets a higher bar. The PRA is no longer asking firms whether they’re thinking about climate risk, it’s asking how they’re managing it, how it affects their business, and how their decisions reflect that understanding. With final rules expected by the end of 2025 and increased supervisory scrutiny anticipated in 2026, firms should take this opportunity to strengthen their frameworks. Those that act early will be better positioned to meet expectations and to demonstrate leadership in a rapidly evolving regulatory environment.