Executive Summary
Since the European Central Bank formalised its supervisory expectations for climate and environmental risks in its November 2020 Guide, the materiality assessment has served as a foundational requirement for integrating climate and nature (C&N) risks into enterprise-wide management frameworks.
The assessment is a building block in how an institution identifies which risks matter most and helps determine what could affect the business and where to focus attention. The early regulatory push made climate risk methodologies familiar and widely embedded across institutions.
The publication of the European Banking Authority (EBA) Guidelines on the management of ESG risks in January 2025 marks the next stage. Credit institutions must now broaden their lens beyond C&N to encompass social and governance risks.
The practical question this raises is whether existing C&N risk materiality assessments can be extended to capture social risks, or whether a more tailored approach is needed.
Sign up for expert insights, industry trends, and key updates—delivered straight to you.
What the EBA requires
Under the EBA Guidelines, institutions must carry out regular ESG materiality assessments: annually for most institutions and every two years for smaller, non-complex institutions (SNCI). This reinforces the need to assess ESG risks holistically, not just C&N drivers. Institutions must reconsider whether a more traditional C&N materiality assessment can adequately capture these risks, or whether more structured adaptations are needed.
For most institutions, governance risks tend to be well structured, audited and embedded across compliance, internal audit, business activities and risk functions.
Social risks are a different matter. Considerations such as customer vulnerability and fair treatment are often distributed across human resources, conduct, product oversight and corporate responsibility functions, without a single overarching framework to connect them.
Why social risk needs its own methodology
Social risks are shaped by distinct drivers. Understanding them relies on broader, more diverse data sources and a wider range of stakeholders. They also unfold over different time horizons and through more complex impact pathways. Simply extending a C&N risk materiality framework to social risk will not produce a reliable assessment. It also risks losing critical insight.
The structure may look familiar, but the inputs, stakeholders and transmission mechanisms are different enough to require deliberate adaptation.
That means assessing how factors such as customer vulnerability, financial inclusion, conduct, employee well-being and societal expectations affect operational resilience, reputation, strategic outcomes and long-term sustainability. A structured assessment that combines regulatory insight , business context, and internal validation supports clearer identification of social risks and stronger integration into existing risk management structures.
That means assessing how factors such as customer vulnerability, financial inclusion, conduct, employee well-being and societal expectations affect operational resilience, reputation, strategic outcomes and long-term sustainability. A structured assessment that combines regulatory insight , business context, and internal validation supports clearer identification of social risks and stronger integration into existing risk management structures.
Top-down analysis
Long list creation
Bottom up validation
Risk register and engagement
Risk scoring, prioritisation and integration
Looking ahead
Social risk has always been inherent to financial institutions and the communities they serve. What is changing is the expectation that institutions can demonstrate they understand it, measure it and manage it systematically.
That expectation will only grow as regulatory standards and global trends evolve. A clear, documented and repeatable methodology is essential to understand today’s exposures and anticipate how these risks may shift.
A structured approach enables institutions to respond consistently and strengthen the resilience and accountability of their risk management frameworks as social risks continue to evolve.
