Operationalizing FINMA’s nature risk requirements

A five pillar playbook for Swiss banks and insurers to operationalize the FINMA Circular 2026/1 on nature-related financial risks.

In brief

• Under FINMA Circular 2026/1, banks and insurers must move beyond climate disclosure to embed climate and broader nature-related risks into governance, materiality assessment, risk appetite, taxonomies and steering.
• This article offers a practical 5-pillar playbook, tailored to Swiss supervisory expectations and aligned with international frameworks to help banks and insurers deliver on the 2026-2028 milestones.

Converging with international regulatory guidance, FINMA Circular 2026/1 makes the management of climate- and other nature-related financial risks a supervisory expectation for banks and insurers, with a staggered entry into force: climate risk by 2026 (for supervision categories 1-2) and 2027 (for categories 3-5); full nature scope across all categories by 2028. At European level, the EBA Guidelines on the management of ESG risks also articulate supervisory expectations for integrating climate‑ and nature‑related risks into governance, materiality assessment, risk appetite and risk management frameworks. The approach set out below is consistent with this broader supervisory direction while reflecting the specific requirements of FINMA Circular 2026/1.

The Circular sets principle-based, proportionate requirements across governance, risk identification and assessment, risk management, and sector-specific provisions for banks and insurers. Below, EY offers a 5-pillar playbook to help banks and insurers respond to the regulatory requirements.

1. Build internal expertise and clarify roles

A structured approach to governance and capability building is a prerequisite for embedding climate‑ and nature‑related financial risks into existing risk management frameworks and decision‑making processes.

Enhance governance and accountability for nature-related financial risks

• Establish clear board‑ and executive‑level accountability: Banks and insurers should assign explicit ownership for climate‑ and nature‑related financial risk drivers at senior management level, ensuring that these risks are reflected in governance structures and oversight responsibilities.
  
  
• Define roles across the three lines of defence: Responsibilities for risk identification, assessment, monitoring and reporting should be clearly allocated across the three lines of defence, avoiding gaps or overlaps in coverage.
  
  
• Embed risks into governance, policies and processes: Climate‑ and nature‑related financial risks should be integrated into existing policies, risk frameworks and governance processes, including escalation mechanisms and relevant committee structures.
  
  
• Ensure auditability and transparency: Governance arrangements should be supported by documentation and decision‑making processes that provide a clear and traceable line of sight to supervisory expectations under FINMA Circular 2026/1.

Build capabilities and close identified skills gaps

• Develop a structured capability‑building approach: Banks and insurers should define targeted capability‑building measures across relevant functions and governance bodies, covering areas such as risk driver identification, transmission to traditional risk types, scenario design, materiality assessment and ERM integration.
  
  
• Assess skills and capability gaps: A systematic assessment of existing skills across key functions (e.g. risk management, front office, underwriting, investment, sustainability) helps identify areas requiring further development.
  
  
• Address gaps through targeted measures: Identified gaps can be addressed through a combination of training programmes, dedicated hiring and, where appropriate, the use of external expertise to support implementation.
  
  
• Ensure ongoing knowledge development: Given the evolving nature of methodologies and supervisory expectations, banks and insurers should maintain continuous development of relevant expertise, including familiarity with frameworks such as TCFD, TNFD and NGFS.

3. Define risk tolerance and KRIs

From narrative appetite to hard limits

The risk appetite statement should highlight key sustainability commitments as well as the metrics used to represent risk appetite and transition planning, with quantified limits for any high materiality exposures.

• Risk appetite statement: Explicitly reference nature-related risk drivers (e.g., pollution liability, extreme events, water scarcity) and their translation into traditional risk types – consistent with FINMA’s framing that nature is a risk driver across categories.
  
  
• KRI set (illustrative)
  * % of credit EAD/AuM in sectors with high ecosystem service dependency;
  * % of EAD/AuM tied to climate-sensitive locations and activities;
  * Collateral at risk under disorderly transition scenario;
  * Litigation exposure: insured/financed clients with active nature-related litigation or regulatory enforcement;
  * Due diligence flags: share of new exposures with Nature Enhanced Due Diligence applied.

• Limits & thresholds: Set portfolio caps for high-risk sectors/locations and escalation triggers to the risk committee.

4. Integrate material nature risks into the risk & control taxonomy

Extend risk management policy, capital adequacy / solvency assessment and risk taxonomy to reflect climate- and nature-related risks as drivers of traditional risk types.

Pragmatic taxonomy changes

• Risk driver tags: Add “Nature-related – Physical” and “Nature-related – Transition” risk driver tags under existing risk types (credit, market, liquidity, operational, insurance), mirroring FINMA’s approach.
  
  
• Control library updates (illustrative):
  *Credit/Underwriting: sector/location screens, counterparty scorecards, covenants/clauses in line with sustainability strategy (e.g., no deforestation, water stewardship), collateral revaluation triggers;
  *Market: valuation overlays for natural capital-intensive assets;
  *Liquidity: contingency funding for nature shock scenarios (supply chain, commodity volatility);
  *Operational: environmental liability tracking, third-party and legal risk controls reflecting emerging nature litigation trends.

5. Establish steering, escalation, monitoring and reporting

From dashboards to decisions

• Steering cadence: Regular sustainability risk committee reviewing KRI breaches, sector/location limits and scenario insights; regular refresh of materiality and risk appetite. This aligns with FINMA’s emphasis on ongoing risk management and international regulatory guidance.
  
  
• Internal / external reporting: Build an executive dashboard (e.g., three key risks with defined KRIs and two scenarios) and embed it in regular CRO reporting.

Example KRI set and steering triggers

What “good” will look like by 2028

• A documented, auditable line of sight from nature risk drivers to KRIs/limits to day-to-day decisions in origination, underwriting and investment;
• Integrated qualitative/quantitative scenario analysis and stress testing feeding strategy and capital adequacy/solvency;
• Consistent internal/external reporting interoperable with international standards (e.g., ISSB, CSRD) where applicable;
• A proportionate approach that is heavier where exposures are material, lighter where they are not.

Final thought

Nature risk is not a new risk type, but a driver that amplifies the risks banks and insurers already manage. Banks and insurers that make it part of their core risk vocabulary will gain a first-mover advantage in managing this cross-cutting and raising risk and ensure resilience.