Research Report: A Practical Guide to ESG

For years, investors and activists have worked to compel large, public companies to report their stance on environmental, social and governance issues — better known as ESG. And recently, additional pressure has come from bank regulators on one specific ESG risk: climate. Smaller banks, meanwhile, see the writing on the wall and are taking steps to beef up their ESG programs.

As regulated entities, banks are no strangers to many elements of ESG, which Bank Director explores in the newly launched research report Choose Your Path: A Practical Guide to ESG, which is sponsored by Crowe LLP. Board structure and composition, cybersecurity and data privacy, risk management and regulatory compliance are all areas that fall under the governance umbrella. Social elements, which include financial access, diversity and community involvement, also incorporate into day-to-day operations as financial institutions comply with fair lending rules and other regulations. But it’s the ‘E’ for environmental — specifically, measuring greenhouse gas emissions — that frustrates some bankers who would rather focus on serving their communities than spending time and resources on that complex assessment.

In this report, Bank Director provides intelligence for bank boards and leadership teams seeking to better understand the current regulatory and investor landscape, and uncover what’s relevant for their own organizations. Inside, you’ll find:

  • A quick overview of how ESG has become a language of sorts to describe a company’s activities to investors and other stakeholders
  • Where Washington stands on ESG
  • How investors have focused their attention
  • How banks leverage ESG to uncover new opportunities, including how three community banks have identified core areas that are relevant to their own operations
  • Key material matters for banks to prioritize
  • What role boards could play in ESG oversight, and questions directors might ask

“[A]s disclosures grow, [investors] have more information to make comparable decisions, and that will just continue to grow because of the regulatory environment,’’ says Chris McClure, a partner at Crowe who leads the firm’s ESG team.

On Dec. 2, 2022, the Federal Reserve issued a request for comment on proposed principles for institutions over $100 billion in assets. These principles focus on climate-related financial risks: everything from ​​governance and policies and procedures to strategic planning and risk management. It’s in line with similar guidance issued by the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corp.

At least one Fed Governor doesn’t believe the guidance is necessary: “Climate change is real, but I disagree with the premise that it poses a serious risk to the safety and soundness of large banks and the financial stability of the United States,” stated Christopher Waller. “The Federal Reserve conducts regular stress tests on large banks that impose extremely severe macroeconomic shocks and they show that the banks are resilient.”

In 2023, the Securities and Exchange Commission is expected to finalize its rule around climate disclosure, adding another element of compliance for all publicly traded companies — not just the biggest banks. While some exemptions are anticipated for smaller companies, the rule would expect companies to share how climate-related risks are managed and governed, along with the material impacts of these risks on operations and strategy. Companies could be required to measure greenhouse gas emissions — including emissions by vendors and clients — and share their goals for transitioning to a greener economy.

At the same time, governments in conservative states are working to oppose these rules, going after banks and asset managers that they believe discriminate against the oil and gas or gun sectors. It’s a tricky environment to navigate. Increasingly, some disclosure will be mandated, at least for publicly traded institutions. But bank leaders will still determine their own strategies for the road ahead — and banks that are successful will find the path that’s right for their organization.

To access the report, click here.

If you have feedback on the contents of this report, please contact Bank Director’s vice president of research, Emily McCormick, at [email protected].

Fighting Disaster Through Business Continuity Planning

As Hurricane Ian began to coalesce in the Caribbean in late September, all of Florida hunkered down. This included Climate First Bancorp, the holding company for $250 million Climate First Bank, which serves primarily commercial organizations. The storm was initially expected to make landfall in the U.S. by hitting St. Petersburg, Florida, Climate First’s headquarters. The bank’s leaders knew that they had to begin preparations, so they turned to their business continuity plan. 

The two-year-old bank is also in the middle of shifting its data storage to a third-party, so servers aren’t hosted at individual branches. As the storm rolled forward, though, the bank had to undergo a temporary shift of the data and operations from the St. Pete location to one in Winter Park, near Orlando. This gave the organization protection in case St. Petersburg saw significant damage. 

It served them well. As the state suffered flooding and destruction that reports have estimated between $50 billion and $65 billion, St. Petersburg and Orlando avoided the worst of the storm. Still, customers saw little disruption and the experience further prepared Climate First Bank for another hurricane that would hit weeks later. “We’re a climate focused bank, and this is supposed to be more than a 100-year flood,” says Lex Ford, president at Climate First Bank. “How many years in a row have we had a 100-year flood?”

Business continuity planning isn’t just a nice-to-have, but a requirement by regulators. How robust the continuity plan is, however, will determine how ready the organization can react when unexpected disturbances or upheavals in the normal course of business occurs. With the rate of natural disasters rising, so does the possibility that banks will have to lean on continuity preparation. Boards have a responsibility to ensure that such plans have robust strategies in place, but many organizations lack certain coverage.

Business continuity planning within institutions shifted in response to Covid-19. With more than 80% of executives and directors reporting that their organizations have remote workers, 44% saw a gap in their bank’s business continuity plan with regards to remote work procedures and policies, according to Bank Director’s 2022 Risk Survey, conducted in January 2022. That rate is down from 77% admitting such a gap in 2021. 

Meanwhile, despite the increase in intensity of hurricanes and other tropical storms since 1995, according to the Environmental Protection Agency, only 16% of respondents said their board has discussed the impact of climate change on the organization at least annually, according to the 2022 Risk Survey. Six out of 10 respondents said their board and senior leadership team understood the physical risks the bank faced due to climate change.

But when it comes to continuity preparations, “you’re not just planning for things that are obvious,” says Julie Stackhouse, a director at $27 billion Simmons First National Corp., headquartered in Pine Bluff, Arkansas. Stackhouse also served at the Federal Reserve Bank of Minneapolis in 2001, and was at a meeting in the New York Federal Reserve during 9/11. She witnessed first-hand the response of financial institutions. This experience of seeing banks react to the sudden attack crystalized the importance of continuity planning for Stackhouse.

When a disaster hits, “human beings have an emotional response,” says Stackhouse. Employees will worry about family and friends, not just the bank. During these moments, “you need to think about the practicality of personality,” Stackhouse adds.

How will employees respond under the pressure of an attack or a storm that destroys nearby homes, or a ransomware that could threaten their jobs? Considering those emotions during moments of clarity — and planning for an expectation that some employees won’t be available — is vital to the success of any continuity plan. For boards, ensure that management has considered the employees’ emotional response to such situations, or else the best plan may prove worthless when pressure rises. 

Climate First’s plan deals with the human side by spreading employees across the state. Even with two branches, the majority of its employees work from home. This served them well during Ian. But the bank took its experience with Ian and began to expand the states that it would hire from to ensure an interruption in Florida wouldn’t impact every employee of the bank. Some employees work permanently outside the state, and others occasionally do. “Many [new hires] live three, four, five states away,” Ford says. 

It’s one strategy the bank has used to counter the threat of any one incident shutting the organization down. But it’s a solution unique to the institution itself. For directors, it’s vital to review the continuity plan, seeking insight into key issues for the individual bank. 

“The first question” for boards, says Stackhouse, “is have you seen the business continuity plan? Do you know how often it’s updated? Do you know if the key expectations are laid out in the plan?” 

Stackhouse says that it’s surprising how many directors have failed to even inquire about the plan on this basic level. Once you have looked at the plan, though, you need to go further, asking about how communication will occur if a disturbance to the organization’s infrastructure takes place, Stackhouse says. How will leaders communicate with employees and each other? Banks should have tactics in place for such communication and expect different layers of disruption. You may not know what unexpected disaster could eventually impact the organization, but you can lean on other scenarios — in the news or experienced directly by the bank — to prepare in case communication is disrupted in an unexpected way.

Another key question: Does the bank have business continuity staff? As a director, know what their roles are, what they do and how they handle key issues within the continuity strategy. Having ownership over the continuity plan will prevent it from becoming a secondary concern. “It is never a good answer if it’s everybody’s responsibility,” adds Stackhouse. 

One of the best ways to pressure test your institution’s continuity plan is to have practice runs with scenarios that could prevent the bank from operating. Discussing these scenarios will allow the organization to see what works, what doesn’t and what should be tweaked. Directors should take part in many of those tests, since they will likely be a key resource if a large enough event takes place. Not to mention, in such scenarios, management may lean on boards of directors for guidance.

For community banks, where resources may be more limited, focus on events that are more likely to occur. This will depend on the organization but could be a hurricane or extended power outage or cyberattack. Having run-throughs while leaning on the continuity plan will test what the C-suite has put together. Did communication hold? What additional resources do employees need to do their job? How did they react? Seeing this under a guided test-run will ease nerves if the real event occurs. 

Larger banks may have a team that can run specialized tests to simulate very specific scenarios, like, say, a war or unexpected attack on the nation. While you may not know what scenario will occur, having these test-runs will allow the bank to have case studies on hand, in the event a similar disruption happens.

For Climate First, the plan they put in place served them through the hurricane season this year. They will incorporate their experience into continuity planning for the future. The goal? To ensure customers never realize a disruption occurred. 

With the most distant client living in Hawaii, that person “probably didn’t even know we were going through a storm,” says Ford. 

“And I hope they couldn’t tell.” 

* * *  

For more information about other aspects of business continuity planning, consider reading “Getting Proactive About Third-Party Cyber Risk,” or  “The Topic That’s Missing From Strategic Discussions.” 

Bank Director’s 2022 Risk Survey, sponsored by Moss Adams LLP, surveyed 222 independent directors, CEOs, chief risk officers and other senior executives of U.S. banks below $100 billion in assets to gauge their concerns and explore several key risk areas. The survey was conducted in January 2022.

Community Banks Fuel the Future of Renewable Energy

The transformational Inflation Reduction Act (IRA) contains a number of provisions designed to entice a large numbers of community and regional banks to deploy capital into renewable energy projects across the US.

Large U.S. banks and corporations have made significant renewable energy tax credit investments for over a decade. Through the IRA, there is greater opportunity for community and regional banks to participate.

The act extends solar tax credits, or more broadly renewable energy investment tax credits, (REITCs) for at least 10 more years, until greenhouse gas emissions are reduced by 70%. It also retroactively increases the investment tax credit (ITC) rate from 26% to 30%, effective Jan. 1, 2022. This extension and expansion of ITCs, along with other meaningful incentives included in the act, should result in a significant increase in renewable energy projects that are developed and constructed over the next decade.

Community banks are a logical source of project loans and renewable energy tax credit investments, such as solar tax equity, in response to this expected flood of mid-size renewable projects. REITCs have a better return profile than other types of tax credit investments commonly made by banks. REITCs and the accelerated depreciation associated with a solar power project are fully recognized after it is built and begins producing power. This is notably different from other tax credit investments, such as new markets tax credits, low-income housing tax credits and historic rehabilitation tax credits, where credits are recognized over the holding period of the investment and can take 5, 7, 10 or 15 years.

Like other tax equity investments, renewable energy tax equity investments require complex deal structures, specialized project diligence and underwriting and active ongoing monitoring. Specialty investment management firms can provide support to community banks seeking to make renewable energy or solar tax credit investments by syndicating the investments across small groups of community banks. Without support, community banks may struggle to consistently identify suitable solar project investment opportunities built by qualified solar development partners.

Not all solar projects are created equally; and it is critical for a community bank to properly evaluate all aspects of a solar tax equity investment. Investment in particular types of solar projects, including utility, commercial and industrial, municipal and community solar projects, can provide stable and predictable returns. However, a community bank investor should perform considerable due diligence or partner with a firm to assist with the diligence. There are typically three stages of diligence:

  1. The bank should review the return profile and GAAP financial statement impact with their tax and audit firm to validate the benefits demonstrated by the solar developer and the anticipated impact of the investment on the bank’s earnings profile and capital.
  2. The bank should work with counsel to identify the path to approval for the investment. Solar tax equity investments are permissible for national banks under a 2021 OCC Rule (12 CFR 7.1025), and banks have been making solar tax equity investments based on OCC-published guidance for over a decade. In 2021, the new rule codified that guidance, providing a straightforward roadmap and encouraging community banks to consider solar tax equity investments. Alternatively, under Section 4(c)(6) of the Bank Holding Company Act, holding companies under $10 billion in assets may also invest in a properly structured solar tax equity fund managed by a professional asset manager.
  3. The bank must underwrite the solar developer and each individual solar project. Community banks should consider partnering with a firm that has experience evaluating and underwriting solar projects, and the bank’s due diligence should ensure that there are structural mitigants in place to fully address the unique risks associated with solar tax equity financings.

Solar tax credit investments can also be a key component to a bank’s broader environmental, social and governance, or ESG, strategy. The bank can monitor and report the amount of renewable energy generation produced by projects it has financed and include this information in an annual renewable energy finance impact report or a broader annual sustainability report.

The benefits of REITCs are hard to ignore. Achieving energy independence and reducing carbon emissions are critical goals in and of themselves. And tax credit investors that are funding renewable energy projects can significantly offset their federal tax liability and recognize a meaningful annual earnings benefit.

ESG Disclosure on the Horizon for Financial Institutions

Over the last several years, investors, regulators and other stakeholders have sought an increase of environmental, social and governance (ESG) disclosures by public companies.

The U.S. Securities and Exchange Commission (SEC) has taken a cautious approach to developing uniform ESG disclosure requirements, but made a series of public statements and took preliminary steps this year indicating that it may soon enhance its climate-related disclosure requirements for all public companies, including financial institutions. To that end, the SEC’s spring 2021 agenda included four ESG-related rulemakings in the proposed rule stage, noting October 2021 for a climate-related disclosure proposed rule. The SEC is also sifting through an array of comments on its March 15 solicitation of input on how the Commission should fashion new climate disclosure requirements.

Recent speeches by Chair Gary Gensler and Commissioners Allison Herren Lee and Elad Roisman highlight some of the key elements of disclosure likely under consideration by the staff, as well as their personal priorities in this area. Commissioner Lee has asserted that the SEC has full rulemaking authority to require any disclosures in the public interest and for the protection of investors. She noted that an issue also having a social or political concern or component does not foreclose its materiality. Commissioner Lee has also commented on the disclosure of gender and diversity data and on boards’ roles in considering ESG matters.

Commissioner Roisman has noted that standardized ESG disclosures are very difficult to craft and that some ESG data is inherently imprecise, relies on continually evolving assumptions and can be calculated in multiple different ways. Commissioner Roisman has advocated for the SEC to tailor disclosure requirements, and phase in and extend the implementation period for ESG disclosures. Meanwhile, Chair Gensler has also asked the SEC staff to look at potential requirements for registrants that have made forward-looking climate commitments, the factors that should underlie the claims of funds marketing themselves as “sustainable, green, or ‘ESG’” and fund-naming conventions, and enhancements to transparency to improve diversity and inclusion practices within the asset management industry.

Significance for Financial Institutions
In the financial services industry, the risks associated with climate change encompass more than merely operational risk. They can include physical risk, transition risk, enterprise risk, regulatory risk, internal control risk and valuation risk. Financial institutions will need to consider how their climate risk disclosures harmonize with their enterprise risk management, internal controls and valuation methodologies. Further, they will need to have internal controls around the gathering of such valuation inputs, data and assumptions. Financial institutions therefore should consider how changes to the ESG disclosure requirements affect, and are consistent with, other aspects of their overall corporate governance.

Likewise, financial institutions should also consider how human capital disclosures align with enterprise risk management. Registrants will not only need to ensure that the collection of quantitative diversity data results in accurate disclosure, but also how diversity disclosures might affect reputational risk and whether any corporate governance changes may be needed to mitigate those concerns.

We recommend that financial institutions consider the following:

  • Expect to include a risk factor addressing climate change risks, and for the robustness and scope of that risk factor to increase.
  • Consider disclosing how to achieve goals set by public pledges, as well as whether the mechanisms to measure progress against such goals are in place.
  • Expect ESG disclosure requirements to become more prescriptive and for quantitative ESG disclosures to become more sophisticated. Prepare to identify the appropriate sources of information in a manner subject to customary internal controls.
  • Establish a strong corporate governance framework to evaluate ESG risks throughout your organization, including how your board will engage with such risks.
  • Incorporate ESG disclosures into disclosure controls and procedures.
  • Consider whether and how to align executive compensation with relevant ESG metrics and other strategic goals.