Understanding Circular 26/905: What ESG risk integration means to credit institutions

What does the circular require? 

Circular 26/905 introduces requirements regarding: 

• ESG risk identification processes Methodologies to measure and monitor ESG risks, including physical and transition risks 
• Internal governance arrangements that embed ESG considerations into strategy, risk appetite, and internal controls 
• Prudential Transition Plans to address risks associated with the shift toward an EU climate‑neutral economy

Overview of Circular’s requirements

Identification and measurement of ESG risks

Circular 26/905 draws sets out a structured and standardized methodology that institutions must use to identify, assess, and measure ESG risks in a consistent and forward‑looking way. This methodology covers the materiality assessment, general principles, data processes and main features of the reference methodology (such as which essential transition and physical risk drivers, data points to collect  and which combination of exposure-based methods, sector-based, portfolio-based and portfolio alignment methods or scenario-based methods to develop ).

Minimum standards and reference methodology for the management and monitoring of ESG risks

Circular 26/905 sets out the minimum supervisory standards institutions must meet to ensure ESG risks are effectively managed, mitigated, and monitored throughout their risk management framework. It covers the ESG risk management principles, the strategies and business models, risk appetite, internal culture, capabilities and controls, internal capital adequacy assessment process and internal liquidity adequacy assessment process (ICAAP/ILAAP), policies and procedures for financial risk categories (including credit risk, market risk, liquidity and funding risk, operational and reputational risks, concentration risk), and monitoring.

Transition plans

Circular 26/905 requires institutions to develop prudential transition plans that address the financial risks caused by ESG factors, particularly those linked to the transition toward an EU climate‑neutral economy. These plans are forward‑looking, multi‑year strategies designed to ensure that institutions remain resilient as regulatory, market, and environmental conditions evolve. In this context, the Circular provide rules addressing the overarching principles, governance (e.g., roles and responsibilities, internal processes and capacity, data management), transition planning (scenarios and pathways, time horizons and milestones, materiality assessment basis, metrics), key contents of the plans, monitoring, review and update of the plans.

Proportionality principles 

Circular 26/905 explicitly allows SNCIs and other nonlarge institutions to apply proportionate measures, meaning they may adopt simpler processes or less complex modelling approaches where appropriate. This ensures compliance without imposing undue burdens on smaller institutions

What are the practical implications for in-scope entities? 

Financial institutions will need to make target enhancements across their governance, risk, and data frameworks in order to comply with Circular 26/905. However, they should anticipate several practical hurdles, including limited availability of high‑quality ESG data, the complexity of modelling transition pathways, the need for alignment across multiple governance and business functions, and the requirement to strengthen internal controls to monitor ESG risks effectively. 

Beyond meeting regulatory expectations, Circular 26/905 offers meaningful strategic advantages, such as: 

• A stronger ESG‑risk framework can enhance long‑term institutional resilience, making the organization better prepared for evolving market, regulatory, and climate‑related shocks. 
• Improved responsiveness to investors’, clients’, and stakeholders’ demands, especially as sustainability‑related expectations continue to rise.
• A competitive edge for early adopters, with institutions that achieve mature, data‑driven ESG capabilities better positioned in lending, capital markets, and reputation.

Circular 26/905 sets out how Luxembourg institutions are expected to govern and manage ESG risks. Early movers will reduce compliance pressure and strengthen their long‑term resilience and market positioning. Institutions, in particular Less Significant Institutions, which must comply with the rules from April 2026 onwards, should begin implementation without delay to meet supervisory expectations and make full use of the strategic opportunities linked to developing a mature ESG risk management framework.

How EY can help 

• Diagnostic & Maturity Assessment: impact assessment of the adopted CSSF Circular on ESG risks, market practices and trainings session to specify the requirements and supervisory expectations 
• Governance and ESG risk integration: support in ESG risks identification and quantification, materiality assessment, integration in ERM framework, definition of governance, internal processes, policies and controls, setting up of the monitoring framework
• Prudential transition plan development: definition of short-, mid-, long-term goals, climate modelling and scenario analysis, client engagement approaches, alignment with other regulatory requirements 
• Reporting & Disclosure: integration in ICAAP/ILAAP and Pillar III reports, preparation of disclosures, documentation of methodologies and assumptions