• The PRA has finalized updated climate risk management expectations for banks and insurers
• The new framework replaces the regulator's 2019 guidance and took effect on 3 December 2025
• Firms are expected to strengthen governance, risk management, data practices, and climate scenario analysis
• Institutions may use existing governance and risk management frameworks rather than creating new structures
• Climate litigation risk may be treated as a separate transmission channel where appropriate
• Firms have six months to review their current capabilities and develop plans to address identified gaps

The Prudential Regulation Authority (PRA) has finalized a major update to its supervisory expectations on climate-related risk management, setting out a new framework designed to strengthen how banks and insurers identify, assess, and manage climate-related financial risks.

The updated guidance, contained in Supervisory Statement 5/25, replaces the regulator’s earlier 2019 expectations and follows an industry consultation that attracted 59 responses.

According to the PRA, the revised framework reflects significant developments in the understanding of climate-related risks and responds directly to requests from firms for greater clarity and practical guidance.

The regulator said the new policy is intended to help firms build resilience against both physical and transition risks associated with climate change while supporting informed strategic decision-making.

The PRA stressed that the approach is designed to be proportionate, recognizing that climate risk exposure is influenced not only by firm size but also by factors such as business model and geographic concentration.

The updated expectations place renewed emphasis on governance, requiring boards and senior management to remain actively engaged in overseeing climate-related risks.

However, in response to consultation feedback, the PRA confirmed that firms may incorporate climate responsibilities into existing governance structures rather than creating entirely new frameworks.

It also clarified that there is no requirement to establish a dedicated Senior Management Function for climate risk oversight.

A key feature of the new regime is a stronger focus on integrating climate-related risks into broader risk management processes.

Firms are expected to identify and assess material climate-related risks and ensure they are appropriately reflected within risk registers and risk appetite frameworks.

The PRA emphasized that institutions can continue to use existing risk management structures, provided they can demonstrate that climate risks are being effectively captured and monitored.

The regulator has also refined its expectations around climate scenario analysis. While maintaining that scenario analysis remains a critical tool for understanding resilience under different climate pathways, the PRA acknowledged concerns about excessive complexity and cost.

Firms will now have greater flexibility to determine the number and type of scenarios they use, with approaches expected to be proportionate to their level of climate risk exposure. Longer-term assessments may rely more heavily on narrative scenarios rather than detailed quantitative modelling.

Another notable change concerns climate-related litigation risk. Recognizing the growing complexity of climate litigation globally, the PRA has clarified that firms may choose to treat litigation risk either as part of physical and transition risks or as a distinct transmission channel where appropriate to their business model and risk profile.

The regulator also addressed concerns regarding data quality and availability. Rather than requiring firms to quantify data uncertainty, the final policy requires firms to understand the limitations and uncertainties inherent in climate-related data and modelling.

Institutions may continue to rely on third-party data providers but are expected to understand the assumptions and weaknesses associated with those sources.

Implementation will begin immediately. The policy took effect on 3 December 2025, replacing the previous supervisory statement in its entirety.

Firms have six months to conduct an internal review of their current capabilities, identify any gaps, and develop action plans.

The PRA clarified that institutions are not expected to complete all remediation work within that period, only to assess their readiness and establish credible plans for improvement.

While respondents broadly supported the updated expectations, many sought greater clarity on proportionality, implementation timelines, and practical application.

The PRA said it would continue working with industry bodies, including the Climate Financial Risk Forum, to develop guidance, tools, and case studies to support firms as climate risk management practices continue to evolve.