Internal control framework
Principle 4: Banks should incorporate climate-related financial risks into their internal control frameworks across the three lines of defence to ensure sound, comprehensive and effective identification, measurement and mitigation of material climate-related financial risks. [Reference principles: BCP 26, SRP 20, SRP 30, Corporate governance principles for banks]
19. The internal control framework should include a clear definition and assignment of climate-related responsibilities and reporting lines across the three lines of defence. .
20. In the first line of defence, climate-related risk assessments may be undertaken during the client onboarding, credit application and credit review processes, and in ongoing monitoring and engagement with clients as well as in new product or business approval processes. Staff in the first line of defence should have adequate awareness and understanding to identify potential climate-related financial risks.
21. The second line of defence, the risk function, should be responsible for undertaking climate-related risk assessment and monitoring independently from the first line of defence. This includes challenging the initial assessment conducted by the first line of defence, while the compliance function should ensure adherence to applicable rules and regulations.