Home Insights Managing climate change financial risks: APRA’s new guidance for superannuation trustees, banks and insurers

Managing climate change financial risks: APRA’s new guidance for superannuation trustees, banks and insurers

On 26 November 2021, and on the tailwinds of the COP26 UN Climate Change Conference, APRA released its final prudential guidance designed to assist APRA-regulated banks, insurers and superannuation trustees to manage the financial risks of climate change (CPG 229). Here we set out the background and recommended practices arising out of CPG 229.

With a number of major financial institutions pushing for a lower carbon emission economy, and the Government firming up its commitment to reach ‘net zero’ by 2050, it is no surprise that prudentially regulated entities in the financial services sector are focussing on the challenges that come with navigating climate risks, particularly as they relate to compliance with existing duties.

In light of this, APRA has released new prudential guidance (CPG 229) to provide clarity on its expectations of APRA-regulated institutions around the management of climate change financial risks in their risk management and corporate governance practices.  This development comes off the back of ASIC’s new and evolving position on climate change risks and disclosures in corporate governance, and the increasing climate change-related discussions led by the RBA.

CPG 229 is intended to assist entities in complying with APRA’s existing risk management (CPS 220 Risk Management and SPS 220 Risk Management) and governance (CPS 510 Governance and SPS 510 Governance) prudential standards, by outlining APRA’s views about prudent practices in relation to APRA-regulated entities’ governance, risk management, scenario analysis, and disclosure of climate-related financial risks.

CPG 229 is not prescriptive in nature, as it does not impose new regulatory requirements or obligations. It is instead intended to be flexible, adaptable, and applicable to a wide range of institutions. APRA states that allowing for this flexibility is in recognition that companies should be in charge of making their own investments, lending and underwriting decisions. 

CPG 229 aims to primarily assist these entities in making well-informed decisions, ideally decisions that do not undermine the interests of bank depositors, insurance policyholders or superannuation members.

Despite the push by some stakeholders during the consultation period for a greater degree of prescription on how to manage the financial risks of climate change, APRA has resisted this. Instead, APRA has maintained a principles-based approach to allow for flexibility given the evolving external market and the guidance provided in other prudential standards around risk management and governance.

Identifying climate change financial risks

APRA states that it is uncertain how and when specific climate risks will materialise, however, what is certain is that some financial risks will materialise as a result of climate change. As a result, CPG 229 recommends that all APRA-regulated entities adequately consider and tailor their risk management systems to meet the unique financial risks of climate change. For example, the unique nature of climate change risks means that these risks:

  • may not be easily mitigated or reversed in circumstances where climate change climate is irreversible;

  • have global impact, across all business types, geographical locations and economic sectors (as we have seen with COVID-19); and

  • pose uncertainty in planning for the future across business planning cycles due to the uncertain timeframes in which climate risks may materialise, and due to the unprecedented nature of climate change.

The financial risks of climate change may result in increased credit, market, operational, insurance, and liquidity risks for APRA-regulated entities. Reputational risk may also arise for those financial institutions which are seen to contribute to climate change, or do not take appropriate action in respect to climate change.

APRA expects that a prudent board would include the following factors in its criteria for identifying climate risks:

  • vulnerability to extreme weather events, and climate-related disruption of business activities, supply chain changes or disruption generally;

  • greenhouse gas emission levels;

  • potential exposure to evolving climate-related policies or technologies; and/or

  • linkages to unsustainable practices.

APRA states that an institution can mitigate the magnitude of the impacts of these financial risks through governance, risk management, scenario analysis and disclosure.


APRA-regulated institutions are required to adhere to the minimum governance standards set out in prudential standards CPS 510 and SPS 510. The board is responsible for ensuring its compliance with these standards, although it may delegate its compliance to another entity (with supervision). 

The same applies for managing climate risks. Climate risks can and should be managed within an institution’s overall business strategy and risk appetite. However, APRA has noted that it expects the board to be able to evidence its ongoing oversight of climate change financial risks.

In line with prudential standards CPS 510 and SPS 510, which set out the minimum governance standards, APRA expects that a prudent board will have oversight so as to ensure that climate risks:

  • are discussed and understood at the board and sub-committee levels;

  • assessed on a periodic basis, noting the short-term and long-term impacts of climate change on the business;

  • (where material) are factored into the entity’s risk appetite framework, to determine whether the financial risk is a risk the entity is willing to bear; and

  • are adequately assessed within clearly defined senior management roles. The roles of senior management, as they relate to climate change financial risks, should typically include:

    • applying the institution’s risk management framework to assess risk exposures, including developing and implementing policies;

    • regularly reviewing the effectiveness of the entity’s risk systems;

    • providing board recommendations as to material climate risks; and

    • ensuring the adequacy of resources (e.g. human, technological and financial).

These are important signs from APRA that a board and its directors need to take the management of climate change financial risks seriously.  The challenge for boards will be how they demonstrate compliance with these expectations in practice.   

The challenge is also indicative of a broader tension between principles-based regulatory guidance and the lived experience of regulated entities trying to give meaning and effect to the guidance, especially where such guidance lacks a degree of prescription about what the regulator requires in practice.  In other words, APRA’s reluctance to be overly prescriptive in CPG 229 is likely to exacerbate this tension for regulated entities.

Risk management

APRA-regulated institutions are required to identify categories of risks in their risk management framework, as set out in prudential standards CPS 220 and SPS 220. In line with these standards, the board bears the ultimate responsibility for ensuring the appropriateness of the entity’s risk management framework to the entity or group’s size, business mix, and complexity.

To this end, APRA has noted that it expects an entity will establish procedures to routinely provide material climate risk exposure information (including monitoring and mitigation actions) to its board and senior management. 

To ensure the board and senior management are well-informed, an entity should to be able to:

  • evidence its ongoing management of climate change financial risks within its written risk management policies, management information, and board risk reports;

  • ensure that climate risk approaches are integrated across different business lines (e.g. underwriting, investment, product development and lending functions);

  • demonstrate how it determines the materiality of climate risk within each of the risk categories in prudential standards CPS 220 and SPS 220;
  • ensure that material climate risks that impact capital adequacy are considered and recorded – APRA recommends using the Internal Capital Adequacy Assessment Process (ICAAP) as an option, however industry feedback suggests that compliance with the ICAAP may not align with current industry capabilities;

  • establish, implement, and regularly review plans to mitigate climate risks and manage its exposures;

  • measure, monitor and regularly update climate risks using both publicly available and proprietary sources, and qualitative and quantitative metrics (e.g. to measure direct and indirect emissions, the experience of customers and counterparties (particularly higher risk individuals and entities), and the impacts of climate change on returns, supply chains, outsourcing arrangements, and business continuity planning, among other measurable risks); and

  • set climate-related targets for its activities. 

APRA notably states that it envisages entities working with higher climate risk customers, counterparties, and organisations to improve the risk profile of these parties. An entity may provide financial assistance to these parties, however if that is not enough to mitigate their climate risk, then APRA suggests that an entity consider ‘standard risk mitigation options’ such as:

  • reflecting the cost of the additional risk through risk-based pricing measures;

  • limiting its exposure to the entity or sector; or

  • considering the entity’s ability to continue the relationship, in circumstances where other measures cannot satisfactorily address the risks.

Scenario analysis

To manage risks, and fulfil their obligations under CPS 220, APRA states that it would be prudent for entities to ‘develop capabilities in climate risk scenario analysis and stress testing, or to have access to external scenario analysis and stress testing capabilities’. APRA also notes that because this is a developing area, it expects an entity’s approach to develop over time. However, APRA does warn entities that just because future improvements are expected, this does not justify any delays in an entity using scenario analysis to manage and mitigate risks.

In this area, it won’t be surprising if regulated entities seek to enlist the support of specialist third parties to help them meet this regulatory expectation to model and stress test different scenarios.  To some extent, the global COVID pandemic has forced many organisations to quickly recalibrate their systems and attempt to forecast new ways of working during and post the pandemic – an experience that may prove valuable in terms of the scenario analysis expected by APRA under CPG 229.


APRA warns that entities should not rely on the uncertainty in relation to climate risks’ future impacts as a reason to avoid disclosure of its exposure to these risks. It instead states that climate risk disclosures should be produced in line with the framework established by the Recommendations of the Task Force on Climate-related Financial Disclosures: Final Report (June 2017) which covers disclosures relating to governance, strategy, risk management and metrics and targets.

In relation to scenario analysis, APRA notes that if entities voluntarily disclose the outputs of their scenario analysis, they should also disclose the key design features influencing the results.

APRA’s response to draft CPS 229 industry feedback

APRA released its draft CPS 229 in April 2021 and received 49 submissions in response. Given APRA’s principles-based approach to CPG 229, APRA, in its Response Paper: Prudential Practice Guide CPG 229 Climate Change Financial Risks, states that:

  • it would not prescribe a timeframe for requiring compliance;

  • it would not make any social commentary on climate change;

  • foreign entities may align their frameworks with comparable frameworks in their home jurisdiction;

  • it is up to each entity to determine whether the board’s remuneration can or should be tied to performance objectives related to mitigating climate change financial risks;

  • its view on not prescribing materiality thresholds for climate risks were to give entities the flexibility to adopt an approach suitable to their own businesses – i.e. entities themselves can set their own targets for climate-related metrics;

  • in relation to superannuation trustees, APRA:

    • has not updated CPG 229 to cover concepts related to asset allocation and investment strategy;

    • expects that superannuation trustees take into account material climate risks (particularly for long term investments) when complying with both the best financial interests duty and the sole purpose test; and

    • expects that superannuation trustees consider the investment performance delivered by their approach to managing climate change financial risk in the context of the new Your Future Your Super performance test benchmarks.

A positive step for the responsible investment industry?

Many banks, insurers and superannuation trustees in Australia consider themselves to be an important part of the responsible investment industry and will welcome APRA’s finalisation of CPG 229.  Growing evidence from industry reports and commentary suggests that this more purposeful investing is what many individual investors want from those managing their investments.

Regulatory guidance such as CPG 229 is symptomatic of a surge in interest in responsible investing, investing for sustainability impact, and environmental, social and governance (ESG) principles across the global investment community.  

These developments serve as an important foundation for a new way of thinking about how the prudential sector serves its customers and shareholders beyond financial returns – to flip the debate from the effect of real world outcomes on investments, to investments’ effect on real world outcomes.

The guidance provided by APRA will serve as a useful benchmark for the superannuation sector in Australia.  However, it remains to be seen whether the guidance will sit comfortably with other recent reforms in the superannuation sector such as:

  • the Your Future, Your Super annual performance test which is based on benchmarking that is backward-looking and historical performance data.  It is commonly understood that effective management of climate change risks requires investment in new and emerging technologies coupled with a focus on long-term investments. There is a real risk that the benchmarking for the annual performance test will encourage short-termism in investment in lieu of long-term sustainability outcomes which are more effective in tackling climate change risks.

  • one of the key duties for superannuation trustees has changed from acting in the ‘best interests of beneficiaries’ to acting in the ‘best financial interests of beneficiaries’. This new duty can be – but is certainly not always – inconsistent with acting in the best social or environmental manner, or promoting responsible investment activity.  It is arguable that until such time as the law-makers prescribe positive obligations linked directly to responsible investment activity, regulated entities will be forced to focus on and prioritise the ‘financial’ interests of beneficiaries. Where responsible investing can be pursued in parallel with these financial goals, the task for a superannuation trustee might be easier – unfortunately, in practice this seems to be the exception rather than the rule. 

What happens next?

APRA encourages the adoption CPG 229 in a manner that reflects each entity’s size, business mix, and complexity, with each entity still encouraged to adopt their own implementation approach and timeframes. 

Importantly, CPG 229 is not designed to create new requirements regarding the management of climate change risks – the focus of the regulatory guidance is to shed light on APRA’s views on good practice in the key areas of governance, risk management, scenario analysis and disclosure.

Next year will see APRA:

  • undertaking a survey to help gauge the alignment between institutions’ management of climate change financial risks, the guidance set out in CPG 229, and the recommendations of the Taskforce for Climate-related Financial Disclosures; and

  • continuing to advance its climate-related program of activities, including the ‘climate vulnerability assessment’ that is underway with Australia’s five largest banks.

It is a constantly evolving space, and one that institutions will need to monitor closely moving forward. 



Banking and Financial Services Superannuation Environment and Planning Responsible Business and ESG

This publication is introductory in nature. Its content is current at the date of publication. It does not constitute legal advice and should not be relied upon as such. You should always obtain legal advice based on your specific circumstances before taking any action relating to matters covered by this publication. Some information may have been obtained from external sources, and we cannot guarantee the accuracy or currency of any such information.