The Prudential Regulation Authority (PRA) has laid out strict expectations for banks, building societies, investment and insurance bodies on how to identify and manage climate-related risks.
Financial institutions must conduct a full internal review of current approaches and demonstrate how they will meet updated requirements under the new supervisory statement by 3 June 2026.
This long-awaited update to the UK’s climate risk supervisory framework replaces SS3/19 from six years ago and raises standards across governance, risk management, data, scenario analysis and sector-specific requirements.
The PRA now places climate risk in same boat as financial risks such as credit, liquidity, and operational risks by asking firms to ensure stronger oversight, better data, more forward-looking analysis, and clear proof behind every judgement.
This is where FinregE comes in. We help organisations turn those expectations into organised, auditable, and actionable workflows, capturing every decision made to demonstrate regulatory compliance.
Why the PRA is updating its climate expectations
While there have been improvements since 2019, the PRA notes that there’s still inconsistency in how businesses are managing climate-related risks.
International standards have improved, transition strategies are accelerating, and climate events are having a more noticeable impact on balance sheets.
The revised supervisory statement offers clearer guidance on what “good” looks like and aligns the UK’s expectations with new international frameworks including ISSB (International Sustainability Standards Board), BCBS (Basel Committee on Banking Supervision), and IAIS (International Association of Insurance Supervisors).
The regulator also highlights that size no longer determines exposure. A smaller company with a more concentrated portfolio may be at greater risk than a larger, more diversified one. The PRA’s new criteria for governance, proportionality, and materiality reflect this shift.
What climate risk requirements are changing
The PRA has tightened expectations across several core areas; here are the most significant changes:
Increased board responsibility
To manage climate risk, boards must have a documented understanding of the following:
- how climate factors affect business strategy.
- where exposures are located across portfolios.
- how climate metrics, limits and triggers are monitored.
- how scenario analysis influences decisions.
It is impossible to isolate climate risk, so it needs to be incorporated into the board’s routine risk assessment and strategic planning.
A structured approach to materiality and proportionality
According to the new two-step paradigm, businesses must:
- determine materiality using forward-looking tools, such as scenario analysis.
- Adapt their risk management strategy to that evaluation, supporting each decision with data.
Proportionality is not a free pass as firms still need to demonstrate why a certain approach is suitable.
Requirements for enhanced scenario analysis
Scenario analysis is now central to supervisory expectations. Firms must:
- select scenarios that match specific use cases (strategy, ICAAP (Internal Capital Adequacy Assessment Process)/ORSA (Own Risk and Solvency Assessment), valuations, risk appetite).
- evaluate vulnerabilities over a range of time periods.
- apply sensitivity analysis as standard.
- use reverse stress testing when appropriate.
When exact quantification is less significant, long-term scenarios can rely on narratives, but they still need to guide decisions.
Greater scrutiny of data and assumptions
The PRA wants firms to demonstrate that they understand the limits of their data. Expectations now include:
- identifying and prioritising data gaps.
- documenting assumptions and proxy choices.
- adopting structured data governance.
Businesses must now understand and communicate data uncertainty rather than measure it.
Litigation risk takes on new significance
Unlike SS3/19, the PRA now allows firms to treat climate-related litigation risk as a separate transmission channel when appropriate, which reflects the evolving threat landscape and global regulatory thinking.
Sector-specific requirements for banks and insurers
For banks, climate risk must be reflected in:
- ICAAP
- Internal Liquidity Adequacy Assessment Process (stressed scenarios only)
- IFRS 9 (International Financial Reporting Standard 9) expected credit loss (ECL) methodologies valuations and collateral assessments
For insurers, firms must integrate climate risk into:
- ORSA
- long-term reserving assumptions
- underwriting cycles
- where relevant, components of the SCR (Solvency Capital Requirement)
Implementation timeline
The new supervisory statement applies immediately, with the PRA expecting firms to begin strengthening their governance, data, risk assessments and scenario analysis without delay.
Effective now
SS4/25 replaces SS3/19 from the date of publication. Firms are now expected to start aligning their frameworks and decision-making processes.
Within six months
To comply with the new regulations, businesses must conduct a thorough internal review. This includes determining skill gaps, reevaluating materiality, and developing a convincing remedy strategy.
The PRA anticipates a well-reasoned evaluation and a clear plan, but it is not expecting gaps to be closed in six months.
After the six-month window
Supervisors may request evidence of the review, including documentation of:
- materiality assessments
- scenario analysis choices
- data governance decisions
- remediation plans and timelines
Ongoing
The PRA expects continuous improvement. That means regular updates to scenario analysis, better data over time, stronger governance reporting and deeper integration of climate risk into capital, liquidity, underwriting and strategic planning.
What firms need to do now
With timelines now set and expectations clarified, firms should start reworking their climate-risk frameworks. Key actions include:
- Use the PRA’s new approach to review climate risk materiality assessments and make sure judgements are supported by forward-looking scenario analysis.
- Update the enterprise risk register to include all significant climate risks and link them clearly to traditional financial and operational risk categories.
- Boost governance to ensure that climate supervision is in line with SMF (Senior Management Function) duties and give boards relevant information, challenge points, and escalation triggers.
- Update climate-related risk appetite statements, including thresholds, limits, and indicators that call for further investigation or management action.
- Use sensitivity analysis appropriately to ensure that scenario analysis is appropriate for use in ICAAP, ILAAP (Internal Liquidity Adequacy Assessment Process), ORSA, strategy, and business model assessments.
- Close identified data gaps through enhanced data collection, improved external datasets, or well-documented proxies supported by strong governance.
- Integrate climate implications into key prudential processes, from ECL and credit assessment to underwriting, solvency planning and capital strategy.
- Prepare for increased scrutiny of disclosures, making sure they adhere to UK Sustainability Reporting Standards and international norms.
How FinregE helps firms meet climate risk requirements
Businesses must now deal with a stricter, evidence-based climate risk regulation.
The PRA demands transparent audit trails, defensible data, forward-looking analysis, and organised governance. FinregE integrates these components and provides enterprises with five useful strategies to operationalise the new requirements:
- Translating PRA expectations into actionable requirements
FinregE directly maps the new requirements into a company’s current risk framework. This helps align prudential procedures such as ICAAP, ILAAP, and ORSA, risk registers, appetite statements, and governance structures.
- Keeping firms ahead of regulatory change
By tracking rules across 160+ countries and 2000+ regulatory sources, FinregE always keeps an eye on PRA updates, international standards, and cross-jurisdictional developments. Businesses can modify their frameworks before gaps appear because they have early visibility into new requirements.
- Strengthening climate risk governance and oversight
FinregE gives boards and executives a comprehensive understanding of climate-risk exposures, compliance gaps, thresholds, and trends. Stronger challenges, more transparent reporting periods, and better monitoring are all supported by this, which is exactly what the PRA now demands at the governance level.
- Supporting scenario analysis and decision-making
Assumptions, data sources, sensitivity tests, and long-horizon narratives are among the scenario analysis outputs that the platform assists businesses in organising and monitoring. This provides boards and management with the transparency that the PRA demands when evaluating scenario choices and comprehending business-model resilience.
- Creating the evidence trail supervisors will look for
FinregE maintains a structured, timestamped audit trail that records decisions, assumptions, mitigations, and actions.
To demonstrate compliance under SS4/25, with FinregE, firms can show why specific approaches were selected, how they evaluated the requirements and present how climate risk is tracked.
With FinregE, firms can move confidently into this new era of climate risk regulation.
The platform translates complex regulatory obligations into operational clarity, supports ongoing compliance, and helps risk leaders focus on what matters most: resilience, accountability and strategic foresight.
Book a demo today.
