Compliance Briefing — December 30, 2021

Executive briefing: On 30 December 2021 the Hong Kong Monetary Authority (HKMA) issued Supervisory Policy Manual module GS-1 Climate Risk Management, codifying supervisory expectations for authorised institutions (AIs) on governance, strategy, risk management, and disclosure of climate-related financial risks.¹² The module builds on HKMA’s three-phased approach to integrating climate risk and requires banks to demonstrate board-level oversight, robust data and scenario capabilities, and transparent reporting aligned with global standards.

Governance expectations

• Board accountability. Boards must approve climate risk appetites, integrate climate considerations into corporate strategy, and receive regular reporting on exposures, mitigation progress, and scenario analysis outcomes.²
• Management responsibilities. Senior management should embed climate risk roles across business, risk, finance, and sustainability functions, ensuring clear lines of responsibility and escalation.²
• Policies and resources. AIs must adopt policies covering climate risk identification, measurement, monitoring, and control, and allocate sufficient resources (staff, systems, training) to implement them.²

Strategy and risk appetite

HKMA expects banks to assess how physical and transition risks affect business models, product offerings, and geographic footprints. Climate considerations should be incorporated into strategic planning, capital allocation, and new product approval processes.² Banks must establish climate risk appetites with quantitative and qualitative metrics (e.g., portfolio emissions, sector concentration limits) and integrate them into internal targets and remuneration frameworks.

Risk management integration

• Risk identification. AIs should map climate risk drivers to existing risk types (credit, market, liquidity, operational, reputational) and identify vulnerable sectors and counterparties.²
• Measurement. Banks must develop methodologies to quantify climate exposures using scenario analysis, stress testing, and portfolio heat maps. HKMA encourages use of international scenarios (NGFS) and development of internal scenarios tailored to Hong Kong and Mainland China exposures.²
• Risk controls. Incorporate climate factors into credit underwriting, collateral valuation, portfolio management, and operational resilience. Review risk limits and early warning indicators to reflect climate vulnerabilities.
• Monitoring. Establish regular monitoring and reporting of climate metrics to management and the board, leveraging HKMA’s Common Assessment Framework to benchmark maturity.¹

Data and systems

HKMA emphasises the need for robust data governance covering emissions metrics, geographic exposures, and supply-chain dependencies. Banks should implement data quality controls, metadata documentation, and processes to address data gaps via proxies or external providers.² Systems must support scenario calculations, dashboarding, and integration with core risk platforms.

Stress testing and ICAAP

AIs are expected to incorporate climate risk scenarios into their Internal Capital Adequacy Assessment Process (ICAAP) and capital planning. HKMA’s 2021–2025 roadmap anticipates periodic supervisory reviews of climate stress testing capabilities; banks should prepare to demonstrate methodologies, assumptions, and management actions.¹² Recovery planning should consider climate-driven stress events, such as acute weather disruptions or rapid policy shifts.

Disclosure requirements

• TCFD alignment. HKMA encourages banks to adopt Task Force on Climate-related Financial Disclosures (TCFD) recommendations, covering governance, strategy, risk management, and metrics/targets.²
• Quantitative metrics. Disclosures should include financed emissions, portfolio alignment metrics, exposure to carbon-intensive sectors, and progress toward transition targets.
• Qualitative narratives. Banks should describe governance structures, scenario analysis results, risk appetite statements, and engagement with clients on transition strategies.

Implementation roadmap

1. Assessment. Perform a GS-1 gap analysis, leveraging HKMA’s Common Assessment Framework to evaluate current maturity across governance, risk management, and disclosures.¹
2. Action plan. Develop a board-approved roadmap detailing milestones, resource needs, and timelines for closing gaps—typically within 12–18 months.
3. Integration. Embed climate risk metrics into risk appetite, credit policies, and investment decisions; integrate with ESG frameworks and sustainability financing initiatives.
4. Scenario capability. Build or enhance scenario modelling tools, incorporating NGFS pathways, local climate data, and customer-specific transition plans.
5. Disclosure enhancements. Align annual reports and sustainability disclosures with TCFD, ensuring consistency with regulatory submissions and investor communications.

Controls and assurance

• Internal audit. Plan periodic audits of climate governance, data quality, and scenario modelling processes.
• Model validation. Establish independent validation for climate scenario models, including back-testing where feasible.
• Compliance monitoring. Track adherence to HKMA guidance, monitor regulatory developments, and maintain evidence for supervisory reviews.

Programme risks and mitigations

• Data limitations. Mitigation: engage with industry consortia, data providers, and clients to improve data availability; document assumptions and use sensitivity analyses.
• Capability gaps. Mitigation: invest in training, hire climate risk specialists, and leverage external consultants or academic partnerships.
• Operational complexity. Mitigation: integrate climate risk into existing risk systems, avoid siloed spreadsheets, and automate reporting where possible.
• Regulatory scrutiny. Mitigation: maintain transparent documentation, proactive communication with HKMA, and readiness for thematic examinations.

Forward look

HKMA will monitor implementation through supervisory reviews, thematic examinations, and engagement with the Green and Sustainable Finance Cross-Agency Steering Group.¹ Banks should expect evolving guidance on climate stress testing, data templates, and disclosure requirements. Early investment in governance, data, and scenario capabilities will support compliance, investor expectations, and participation in sustainable finance markets.

Sources

• ¹ HKMA circular announcing GS-1 Climate Risk Management module.
• ² Supervisory Policy Manual GS-1 Climate Risk Management.

Zeph Tech equips banks with HKMA-aligned climate risk frameworks, stress-testing models, and disclosure playbooks.

Disclosure roadmap

HKMA encourages banks to publish climate-related disclosures annually and to progressively enhance quantitative metrics as data quality improves.² Institutions should map GS-1 expectations to existing sustainability reports, align with TCFD timelines, and coordinate with parent bank reporting where applicable. Establish disclosure working groups with representation from finance, risk, investor relations, and sustainability teams to ensure consistent messaging.

Collaboration and external engagement

AIs are expected to engage with industry initiatives such as the Green and Sustainable Finance Cross-Agency Steering Group, the International Sustainability Standards Board, and regional central bank forums.¹ Participation facilitates access to shared data repositories, scenario tools, and best practices, and demonstrates commitment during supervisory discussions.

Client engagement

HKMA expects banks to engage clients in high-emitting sectors to understand transition plans, support decarbonisation, and manage reputational risks.² Document engagement strategies, escalation triggers for clients with limited progress, and criteria for adjusting lending terms or offering sustainable finance products.

Data strategy

Develop multi-year data strategies that map internal and external data sources, establish data stewardship roles, and evaluate emerging taxonomies (EU, Mainland China, ISSB) for consistent classification of green and brown assets.

Related briefings

Curated signals from the same pillar or overlapping topics.

Compliance · Credibility 88/100 · June 11, 2021

Policy Briefing — Germany Supply Chain Due Diligence Act

Germany’s Supply Chain Due Diligence Act cleared the Bundestag, compelling large companies to operate human rights and environmental risk management systems ahead of its 2023 effective date.

Compliance · Credibility 90/100 · October 20, 2023

Compliance Briefing — Brazil CVM Resolution 193 anchors ISSB-aligned sustainability assurance

On 20 October 2023 the Comissão de Valores Mobiliários (CVM) issued Resolution 193, requiring listed companies in Brazil to publish sustainability reports aligned to ISSB IFRS S1 and S2 from fiscal 2026 (large issuers)…

Compliance · Credibility 90/100 · December 7, 2023

Compliance Briefing — December 7, 2023

The Basel Committee’s climate-related disclosure framework sets phased Pillar 3 expectations for banks, demanding board oversight, implementation programs, and DSAR-ready controls over financed emissions, scenario…

Compliance · Credibility 86/100 · March 15, 2024

Compliance Briefing — March 15, 2024

Greenhouse Gas Reporting Program facilities have two weeks to certify 2023 emissions in e-GGRT, verify third-party QA, and document methodology updates before the March 31 deadline.

Compliance · Credibility 50/100 · August 6, 2025

Compliance Briefing — August 6, 2025

EPA’s Methane Waste Emissions Charge bills 2024 emissions in early 2025, so upstream oil and gas operators have only weeks to reconcile data gaps before first payments and certification packages reach regulators.

Continue in the Compliance pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

• Third-Party Risk Oversight Playbook — Zeph Tech

  Operationalize OCC, Federal Reserve, EBA, and MAS outsourcing expectations with lifecycle controls, continuous monitoring, and board reporting.

• Compliance Operations Control Room — Zeph Tech

  Implement cross-border compliance operations that satisfy Sarbanes-Oxley, DOJ guidance, EU DORA, and MAS TRM requirements with verifiable evidence flows.

• SOX Modernization Control Playbook — Zeph Tech

  Modernize Sarbanes-Oxley (SOX) compliance by aligning PCAOB AS 2201, SEC management guidance, and COSO 2013 controls with data-driven testing, automation, and board reporting.