Back to Insights
Blog Posts

From Bark to Bite

The First Climate Fines Have Landed
July 10, 2026

The European Central Bank has issued its first penalties for climate-risk failures, and the Bank of England has rewritten what it expects of UK firms. The headline figures are modest. The direction of travel is not.

‍

‍

Two Fines, One Message

European supervisors have moved from setting expectations to enforcing them.

In November 2025 the European Central Bank fined the Spanish lender ABANCA €187,650. Three months later it fined CrĂ©dit Agricole – one of Europe’s largest banking groups, and a globally systemically important institution – just over €7.5 million. Both were first of their kind, never before had a banking supervisor penalised a lender specifically for the way it manages climate-related risk.

Neither of these were a fine for poor disclosure. The ECB acted because both banks missed binding deadlines to complete a basic piece of risk work, a materiality assessment establishing whether, and how badly, climate and environmental factors threaten their balance sheets. ABANCA was 65 days late. Crédit Agricole was 75. The penalties were periodic penalty payments under Article 18(7) of the SSM Regulation, the tool the ECB uses to enforce compliance with its supervisory decisions, accruing for each day a bank stays in breach. The shortfall was in the analysis itself, and that analysis was dependant on data neither bank had fully to hand.

The ECB fines are negligible relative to the balance sheet size of the penalized banks, but they serve as a clear signal that the prudential authority is prepared to use the measures available within its supervisory toolkit to enforce its expectations. Periodic penalty payments can reach 5% of average daily turnover for every day of breach, up to six months. For a bank of CrĂ©dit Agricole’s size, that statutory maximum sits close to €1 billion, or roughly 2.5% of group revenue. The ECB applied a daily rate around fifty times below the cap. The machinery for far larger penalties is already built but the supervisor has chosen not to use it yet.

For banks, the message in these decisions is less about the sums than the precedent they set, climate-risk management is now enforceable, and the size of the institution is no protection.

‍

‍

Escalating Green Supervision

EU regulators set forth supervisory expectations and disclosure mandates– the ECB fines expose the risk of treating C&E risk assessment as a 'box-ticking exercise'

In 2025, the ECB published a review of Eurozone banks’ progress on climate risk readiness. Compared with 2022, when most systemically important banks had limited to no practices in place for managing exposures, by 2024 over 56% of significant institutions had adopted leading practices for at least some exposures, aligning with the ECB’s supervisory expectations for climate and environmental (C&E) risks. Yet, despite mounting regulatory pressure and measurable improvements in data readiness, the ECB’s periodic penalty payments (PPP) clearly indicate that persistent gaps remain between climate strategy/risk integration and supervisory-ready materiality assessments.

‍

The data challenge

While banks' materiality assessments have become increasingly sophisticated—over 90% now consider themselves materially exposed to climate and environmental (C&E) risks, up from around half in 2021—the ability to translate these assessments into decision-useful, supervisory-ready outputs remains uneven.

Robust materiality assessments depend on a complete chain linking risk identification, measurement, management, and reporting, supported by fit-for-purpose data, systems, and governance. The ECB's November 2025 fine on Credit Agricole was not simply about a delayed response, but the bank's inability to produce ‘granular’ materiality assessments within the required supervisory timeframe. This is particularly notable given CrĂ©dit Agricole's was considered a leading bank at the time by several measures, from ambitious net-zero commitments to sector-specific transition targets, dedicated governance structures, and significant investment in sustainable finance capabilities.

CrĂ©dit Agricole established 2030 net-zero decarbonisation targets across ten of the most emissions-intensive sectors—Oil & Gas, Electricity, Automotive, Commercial Real Estate, Cement, Steel, Aviation, Shipping, Residential Real Estate, and Agriculture. The Group progressively tightened its fossil fuel policies, including a commitment to cease financing new fossil fuel extraction projects and adopt a ‘selective approach’ to finance transition focused energy players. In early 2024, CrĂ©dit Agricole CIB became one of the first major global banks to stop participating in unlabelled conventional bonds issued by the oil and gas sector. Between 2020 and 2023, the bank’s portfolio allocation trended towards transition-related projects with low-carbon energy increased by 81%, reaching €19.7 billion, while exposure to fossil fuel extraction declined by 24% to €7.5 billion. Aside from capital deployment, Credit Agricole integrated decarbonization priorities into its budgetary process and strengthened its steering and governance plank for the implementation of net zero commitments.  This included the creation of two committees – The Societal Commitment Committee and the ESG Strategy Committee tasked with monitoring commitments, including at the highest level of entities concerned. Despite these early initiatives and its clearly defined climate strategy, Credit Agricole could not deliver the granular portfolio- and business-line-level materiality assessment views required by the ECB on time. ABANCA faced a similar challenge in producing a timely, granular materiality assessment.

The ECB fines serve as both a warning and a signal of intent. They reinforce the ECB's expectation that climate commitments and transition plans must be supported by the data, systems, and governance needed to evidence risk exposure and conduct robust materiality assessments. C&E risk data more than just a reporting obligation, it is the foundation for sound governance, risk management, and long-term resilience. Furthermore, the fines demonstrate the ECB's willingness to use the enforcement tools at its disposal to drive meaningful integration of climate and environmental risks into risk management practices. Fines may currently represent a negligible portion of the balance sheet size, but ECB and other regulators can also impose sanctions for continued breach (6 months or more) and escalate enforcement measures.

Importantly, climate-related enforcement actions pose not only financial risk but also significant and compliance and reputational risks for banks. The first climate fines have branded institutions as laggards in climate risk management and underscored the urgency for banks to fortify their C&E risk data infrastructure.

‍

The regulatory outlook

The ECB has conducted periodic reviews and landscape assessments to identify primary challenges for climate risk integration. The ECB has reinforced the imperative for banks to embed risk assessment across all prudential categories—credit, market, operational, liquidity, reputational—through transmission channels that affect the real economy, across portfolios and geographies, over short-, medium-, and long-term horizons. C&E risks are now treated as complementary to the traditional Basel framework drivers, and early enforcement actions are setting precedent for how they will factor into SREP assessments going forward.

Progress is visible among banks investing seriously in data infrastructure, with more mature materiality assessments emerging. The ECB has emphasised the need to address transition and physical risks in tandem, assess exposures at gross rather than net level, and move beyond identification toward active mitigation and adaptive business model resilience. The deeper structural challenge it highlights is forward-looking data. C&E risks do not follow historical patterns, banks relying on backward-looking data will systematically underestimate their exposures. Frontrunner banks are already integrating forward-looking information to identify risk drivers across portfolios and regions. For Eurozone institutions, robust C&E materiality assessment and sound risk management are intrinsically linked.

Beyond this, the EBA has also set forth the regulatory rationale for climate risk integration across the EU financial sector. The EBA Joint Guidelines (2025) require banks to operationalize climate and environmental (C&E) risk management, including risk identification, measurement, mitigation, and reporting, from 2027 onwards. Complementing these requirements, the EBA has published its first draft methodology for the 2027 EU-wide climate stress test, which will cover approximately 75% of the EU banking sector and, for the first time, incorporate transition and physical risks in a structured and consistent manner alongside traditional macro-financial shocks. Together, the Joint Guidelines and the 2027 climate stress test represent key pillars of the EU supervisory framework.

The message banking regulators are sending is that compliance is the floor, not the ceiling. While disclosure deadlines are clearly defined under regulations such as the EBA Pillar 3 framework, banks also face broader ECB-driven operational and supervisory expectations to integrate climate and environmental (C&E) risks into their risk management practices. Beyond periodic penalty payments for non-compliance, the ECB has broader tools at its disposal including sanctions which can be imposed for continued breach of supervisory expectations past the 6-month mark. Where C&E risks are assessed as not properly managed or inadequately reflected in a bank's capital position, the ECB can set Pillar 2 capital requirements as part of the annual Supervisory Review and Evaluation Process (SREP).  This transforms C&E risk from a reporting obligation into a direct balance sheet consideration and inadequate risk management translates into higher capital costs.

‍

The UK Raises the Bar: SS5/25

The PRA’s new statement is a step-change in what UK firms must be able to evidence.

Britain is moving the same direction, and in December 2025 it took a substantial step. The Prudential Regulation Authority published Supervisory Statement SS5/25, replacing the 2019 statement that had made the UK the first country to set prudential climate expectations for banks and insurers. The original was short and principles-based, barely thirty paragraphs written to get boards paying attention. Its replacement runs to around 140, across seven chapters, and treats climate risk with the seriousness given to credit, market and liquidity risk.

‍

SS5/25 at a glance

PUBLISHED  3 December 2025, replacing the 2019 statement (SS3/19)

BOARD DEADLINE  3 June 2026 – sign-off on a materiality assessment and a plan to close gaps

It expects firms to find and fill their own climate-data gaps – going to clients and counterparties directly where bought-in data falls short.

‍

The requirement that will cost firms the most effort is the data. SS5/25 wants banks to know where their climate data is incomplete, and to test the quality of what they buy from third-party providers. Where that data still falls short, firms are expected to go to clients and counterparties directly. A bank cannot satisfy this by licensing a data feed and filing it. It must know where that feed is wrong or silent and close the gap itself, including for the private and unlisted counterparties that publish almost nothing.

There is a catch, and it cuts against the headline. A supervisory statement sets expectations, not directly binding rules, so the PRA cannot fine a firm merely for falling short of SS5/25. The consequences arrive by a different route; a shortfall becomes evidence of a breach of the binding Fundamental Rules and above all the duty to run sound risk management. This opens the way to skilled-person reviews, extra capital under Pillar 2, pressure on the accountable senior manager, and, in the worst cases, penalties under the Financial Services and Markets Act. No UK firm has yet been fined over climate risk management. However, the ECB’s example shows where the road runs and the UK could be headed on the same path.  

Furthermore, following a similar change by the European Central Bank, which added a climate factor to its collateral framework in 2025 to better manage financial risk from climate change, the Bank of England issued a Market Notice updating its collateral eligibility framework, including, for the first time, climate transition risk factors in its methodology for valuing corporate bonds pledged as collateral. Together, the move by these central banks signals a decisive shift toward enhanced green supervision.

‍

We Have Seen This Play Out Before

The risk-data rulebook shows how a principles-based regime hardens into enforcement.

For a sense of where climate enforcement goes next, we can look at how supervisors have handled another data problem: risk data aggregation. In 2013 the Basel Committee published its principles for effective risk data aggregation and risk reporting, known as BCBS 239, requiring banks to prove their risk data could be pulled together accurately and on time. Full compliance was meant to arrive by 2016. It never did. A decade on, the Basel Committee’s own progress report found only two of 31 global systemically important banks fully compliant, with not a single principle implemented across all of them. The ECB has since made risk data aggregation one of its top supervisory priorities through 2027, published its own guide on the subject, and warned laggards of escalation, capital add-ons and the removal of responsible executives.

That is the same enforcement ladder now being built for climate data, one rung further up. And it has already produced large penalties – though not in Europe, and not under the principles’ own name. In the United States, where supervisors reached the cash-fine stage first, Citigroup paid $400 million in 2020 and a further $136 million in 2024 over its persistent failure to fix risk data and reporting. There is no such thing as a “BCBS 239 fine”; the principles are not directly enforceable. But the cost of ignoring them has been real, and steep.

The lesson for climate is plain. A principles-based data regime starts as encouragement and hardens into enforcement once supervisors run out of patience. On climate, in Europe, that patience has now run out.

‍

What This Means for Banks

Lessons learned from supervisory enforcement actions

Read together, the ECB’s penalties, SS5/25 and the BCBS 239 story point at one non-negotiable: climate data. The assessment ABANCA and CrĂ©dit Agricole failed to deliver on time was, underneath, a data exercise – mapping climate exposure across an entire lending book, including counterparties that disclose next to nothing. SS5/25 asks the same of UK firms and expects them to chase the gaps themselves. The wider European framework, through financed-emissions reporting and taxonomy-alignment metrics, makes that exposure impossible to measure without granular counterparty data.

  1. Find the gaps before a supervisor does. Map where climate data is missing or weak across the whole book – not just listed corporates, but the private and non-EU counterparties that disclose little.
  2. Close gaps at source. Where third-party data falls short, the shortfall has to be resolved through direct engagement with clients and counterparties, not worked around.
  3. Make the analysis evidence ready. Supervisors increasingly expect to see the assessment itself – documented and signed off – rather than the disclosure that sits on top of it.
  4. Integrate forward-looking data to identify emerging risks. Integrate forward-looking indicators into assessments and internal review processes—including progress towards net-zero commitments, decarbonisation trajectories, transition plans, and scenario analysis—to assess how counterparties' climate risk profiles are expected to evolve over time.

Climate risk non-compliance is intrinsically linked to both financial and reputational consequences. The climate fines underscore the urgency for banks to identify gaps in counterparty climate data, improve data quality, and streamline disclosure processes before these deficiencies translate into legal, financial, regulatory, and compliance risks.

‍

ESG Book’s Disclosure Utility enables banks to collect, validate, and monitor climate and sustainability data across their portfolios. Access and benchmark more than 76,000 companies against 500+ climate and sustainability metrics, including EU Taxonomy classifications, Scope 1–3 emissions (including estimates), and data for hard-to-abate sectors. Request missing counterparty data through automated workflows and reminders, while AI-powered prefill leverages public disclosures and previous submissions to reduce manual effort. Leverage the ESG Book Platform for ongoing performance tracking and monitor progress against climate strategies, targets, and regulatory disclosure requirements. Validate counterparty data in real-time with automated consistency checks, source-linked data, and standardized units improve data quality, auditability, and integration into materiality assessment workflows.

‍

The Bottom Line

Climate risk is now enforced with money, on both sides of the Channel. The banks that come through this best will be the ones that already know where their data runs out – long before a supervisor asks to see it.

Subscribe to our Monthly Policy Digest to stay up to date on the latest in sustainability regulation and its impact on you.
Stay Up To Date
Thank you. Your submission has been received.
Oops! Something went wrong while submitting the form.