Legal Update

CRD VI brings ESG risks into the heart of banking supervision

30-06-2026

The implementation act for CRD VI (Directive (EU) 2024/1619) will mostly take effect from 11 July 2026. This act amends the Dutch Financial Supervision Act (Wft), the Bank Act 1998 and the Economic Offences Act. The entry into force must still be formally promulgated in the Dutch Bulletin of Acts and Decrees (Staatsblad) and provided for by royal decree. However, under the applicable timeline, the relevant provisions discussed in this legal update should already have entered into force on 10 January 2026.

One of the most important changes under CRD VI is further embedding of environmental, social and governance (ESG) risks in the prudential framework for banks. ESG risks become part of the core framework for governance, risk management and supervisory review.

Another significant change is that non-EU banks will face tighter conditions when providing core banking activities in the EU. Core banking activities include deposit-taking, lending, and issuing guarantees. This is because non-EU banks will be required to establish a local branch in Europe and obtain the corresponding licence to provide core banking services there. We discuss this topic in more detail in a separate Legal Update, available at the following link.

ESG risks as part of prudential risk management

Under CRD VI, banks must have strategies and procedures in place to ensure that the level, composition and distribution of their internal capital adequately reflect current and future ESG risks. Banks must also identify, monitor and manage those risks on a structural basis, considering the short, medium and long term.

This means that ESG risks are to be treated as financial risks that can affect a bank’s resilience, business model and capital position. This includes, for example, physical risks, such as floods, droughts, heat stress and storms, and transition risks, such as policy changes, technological shifts, litigation exposure, stranded assets and changing consumer preferences. Social and governance risks also fall within scope, including human rights issues in supply chains, labour-related disruption, weak governance at counterparties and misconduct risks.

In practice, banks must move beyond high-level ESG policies. They will need to embed ESG considerations in credit risk, concentration risk, operational risk, governance, stress testing and capital planning. ESG risk management must become part of mainstream prudential management, not a separate sustainability workstream.

The European Central Bank (ECB)

The ECB has already made clear that climate-related and environmental risks should be integrated into banks’ governance and risk frameworks. In 2020, the ECB published its Guide on climate-related and environmental risks, setting out supervisory expectations for how banks should identify, manage and disclose those risks.

That Guide expects banks to integrate climate-related and environmental risks into their business strategy, governance arrangements, risk appetite framework, internal controls, ICAAP, stress testing and disclosure processes. The ECB’s position is that these risks can materially affect traditional prudential risk categories, including credit risk, market risk, operational risk and liquidity risk.

CRD VI effectively elevates that supervisory direction to the level of EU legislation. What was already a strong supervisory expectation is now more firmly embedded in the legal prudential framework. For banks supervised in the euro area, this means that the overall supervisory approach is not new, but the regulatory anchoring is stronger and the expectation of consistent implementation is greater.

The EU Climate Law 

CRD VI’s ESG focus should also be read against the background of broader EU and international climate policy. Banks are expected to assess ESG risks in a forward-looking way. That inevitably requires them to consider the legal and policy trajectory of the real economy.

The EU Climate Law establishes the binding EU objective of achieving climate neutrality by 2050. It also sets an intermediate target of reducing net greenhouse gas emissions by at least 55% by 2030 compared with 1990 levels. For banks, this matters because it gives long-term legal direction to the EU transition pathway. Sectors with carbon-intensive business models will increasingly face regulatory, technological and market pressure. That can affect the creditworthiness of borrowers, the value of collateral and the viability of long-term financing exposures.

If a bank assesses long-term ESG risks, the direction set by the EU Climate Law could be a guideline to define the transition environment in which counterparties and assets will operate.

Role for supervisors

CRD VI also expands the role of supervisors. ESG risks will become an explicit part of the Supervisory Review and Evaluation Process (SREP). This is important because the SREP is the main mechanism through which supervisors assess a bank’s risk profile, governance and capital adequacy.

The European Banking Authority will issue further guidance in this area. That should promote greater supervisory consistency across the EU. It also means that banks should expect increasing scrutiny not just of whether they have ESG policies, but whether those policies are translated into effective governance, risk controls, data, methodologies and capital assessments.

Supervisors will also be better placed to assess whether banks are sufficiently adapting their business models to evolving ESG risks. That point is particularly relevant for institutions with concentrated exposures to vulnerable sectors or geographies.

What banks should be doing now

For banks, the practical implication is that ESG should be built into existing prudential frameworks rather than be treated as a standalone reporting exercise. Banks should consider whether:

  • board and senior management oversight of ESG risks is sufficiently clear;
  • ESG risks are reflected in the risk appetite framework and core risk taxonomy;
  • internal capital processes adequately capture short-, medium- and long-term ESG risk drivers;
  • climate and environmental scenarios are used in a meaningful way in stress testing and strategic planning;
  • sector concentrations and vulnerable counterparties are properly identified; and
  • governance, data and internal reporting are robust enough to withstand supervisory challenge.

For many banks, implementation of CRD VI will therefore not start from zero. But it will require a more disciplined, evidence-based and prudentially integrated approach.

Conclusion

CRD VI confirms a structural shift in EU banking regulation. ESG risks are becoming part of mainstream banking supervision, and banks will be expected to show how those risks are reflected in strategy, governance, internal capital and risk management. The ECB’s existing climate and environmental guidance already pointed in that direction; CRD VI now gives that approach a firmer legal basis. Broader instruments such as the EU Climate Law provide the policy context in which those risks must be assessed.

Contact

Dennis Apperloo

Lawyer | Associate Partner
Banking & Finance
More about Dennis

Matthijs van Achterberg

Lawyer
Banking & Finance
More about Matthijs

Service

Perhaps also interesting for you