Risk management

Risk management

Our ability to anticipate and manage environmental and social risks allows us to improve both our sustainability performance and the group's performance.

 

How we identify and monitor risks

Identifying and managing emerging and future risks is critical to ensuring business continuity and achieving our goals.

Our internal control system consists of a series of safeguards that aim to identify, monitor and mitigate the risks identified in the various business and customer segments. 

The Sustainable Development Assessment model subjects the Group's operations to an ex-ante ESG impact assessment. This complements the more traditional risk, compliance and legal assessments and supports our intention to make choices with positive impacts that generate not only economic value but environmental and social value too.

The various types of risk are set out within the Group Risk Policy, which is approved by the Board of Directors and updated every six months, and outlined in the Risk Regulation and associated documents, each of which relates to a specific risk category.

In particular, risk monitoring tools also include aspects related to the management of social, environmental and economic risks. We are fully committed to making responsible investment decisions in order to grow awareness and transparency.

ESG risk classification and management

Climate, environmental, social and governance (ESG) risks are identified by the Risks Directorate and established in line with financial and banking regulation.

Specifically, climate and environmental risks include the following elements: 

  • Physical risk: risk from direct or indirect economic damage due to recurrent or extreme climate-related or natural phenomena;
  • Transition risk: business risk linked to global warming containment policies;
  • Environmental risk: risks of pollution and environmental damage with potential reputational consequences for the finance provider. 
ESG risk assessment

ESG risks are monitored and assessed by the organisational units of the Risk Department, as part of second-level control activities.

The Risk Management unit assesses the climate and environmental risks of new operations based on an internal, qualitative-quantitative methodology that makes it possible to separately assess these risks and analytically summarise them in a rating, with risk classes that have been predetermined based on the definition of a score. Starting from 2023, the analysis has also been extended to social and governance aspects.

During 2023, we adopted an internal regulation “ESG Risk Assessment and Management”, which describes the principles and metrics the Group must adopt in assessing environmental, social and governance risks for new operations.

ESG risks are managed in the context of reputational risks, compliance risks and money laundering and terrorist financing risks. More specifically, the Group’s methods of assessing the reputational risk of operations, also comprise the use of risk assessment indicators related to ethics and integrity, and to social and environmental requirements.

Climate change risks and the TCFD

We are aware of how fundamental the issue of climate change is and we look carefully at emerging climate risks, both in terms of possible economic and financial impacts and in terms of potential reputational risks. For this reason, the CDP Group has decided to report, on a voluntary basis, on information relating to climate change, based on the areas set out by Task Force on Climate-related Financial Disclosures (TCFD) - the international body responsible for monitoring and promoting the stability of financial markets.

For more information on risk management, see the dedicated page of the Integrated Report


See also