ECB Nature Risk Good Practices: What Banks Must Document

Last updated: May 2026

Nature-related risk reporting just moved from theoretical to operational. On 8 May 2026, the ECB published an updated version of its good practices compendium for climate and nature-related risk management, drawing on approaches from more than 60 supervised institutions. This is the successor to the original 2022 report that covered 26 good practices drawn from over 25 institutions. The update adds dedicated good practices for ICAAP integration and nature risk management specifically, areas where the original report only touched the surface.

The practical question is not whether nature-related risks matter. The ECB’s own data shows that 90% of surveyed banks now consider themselves materially exposed to climate-related and environmental risks, up from roughly half in 2021. The compendium uses “climate-related and environmental risks” and “climate and nature-related (C&N) risks” in overlapping ways; when citing these figures, note that the underlying categories are not identical and the compendium does not always distinguish environmental risks from nature-related risks in its aggregate statistics. The question is what your institution should document, how granular that documentation needs to be, and where teams most commonly fall short.

Related reading: ECB SREP 2026 Priorities: What Banks Should Prepare for in Liquidity and Prudential Reviews

What the Updated Compendium Actually Is

The report is titled “Good practices for climate and nature risk management: Observations from the ECB’s five-year climate and nature risk programme (2020-25).” It is not a new regulation. It does not set supervisory expectations or standards. The ECB is explicit: the report frames its practices as illustrations only, intended to help institutions advance their C&N risk management on a proportionate basis, calibrated to materiality and the institution’s own profile.

That caveat matters, but do not over-read it. In practice, ECB supervisors use these compendiums as benchmarks during SREP assessments and on-site inspections. If the ECB publishes a document showing how 60+ institutions handle nature risk in their ICAAP, and your institution has no documented approach at all, that gap will surface in supervisory dialogue.

The update is structured around business strategy (Chapter 2), governance and risk appetite (Chapter 3), risk management (Chapter 4), and a newly expanded Chapter 5 dedicated to managing nature-related risks. That last chapter is the one most reporting and risk teams should read first. It covers materiality assessment (Section 5.1), governance and risk appetite (Section 5.2), due diligence and risk classification (Section 5.3), risk mitigation (Section 5.4), and capital adequacy (Section 5.5).

What teams commonly get wrong here: treating this compendium as optional reading. It is not binding, but it is the clearest signal of what the ECB considers adequate practice. When an on-site inspection team asks how you identify nature-related risk exposures, they will be comparing your answer against these documented approaches.

Nature-Related Risk Materiality: Where Most Banks Are Weakest

The ECB’s Chapter 5 describes a tiered approach to materiality assessment for nature-related risks. At the most basic level, institutions map their exposure to sectors dependent on ecosystem services. At the most advanced level, they run quantitative scenario analyses with financial impact estimates tied to specific nature-related risk drivers like water stress, deforestation, or biodiversity loss.

I have seen institutions default to generic heat maps that classify sectors as “high,” “medium,” or “low” nature risk without linking those classifications to specific risk drivers or transmission channels. The ECB compendium is clear that this is not enough. Institutions should conduct risk-driver deep dives and map specific nature-related dependencies at the counterparty or sector level, not just apply a blanket colour code.

The compendium documents several categories of assessment methods observed in practice. These include exposure analyses based on loan portfolio concentration in sectors with high biodiversity dependency, water-stress assessments for agricultural lending, and analyses of hazardous and non-recyclable waste production across non-financial corporate clients. Some institutions also track nature-related impact metrics and set reduction targets monitored within existing governance structures. Because these examples are drawn from the compendium’s summary descriptions rather than individually verified against named institutions, treat the specific operational details as illustrative of the types of approaches the ECB observed, not as precise institutional case studies.

The common failure: institutions that run a materiality assessment once, file it, and never update it. The ECB expects materiality assessments to feed into the risk inventory and heat maps, which then flow into the ICAAP and ILAAP. If your nature materiality assessment is static, it is not meeting even the basic observed practices.

Governance and Risk Appetite for Nature Risks

The compendium shows that leading institutions include nature-related risk indicators in their Risk Appetite Framework (RAF). In some cases, institutions add these indicators for information purposes initially, then commit to setting hard limits before a predetermined date. This staged approach is considered acceptable, but it requires a documented plan with a target date for limit-setting.

What this means operationally: your RAF should either include nature-related risk limits already or contain a board-approved plan to add them by a specific date. Institutions that have neither a limit nor a plan are behind the curve documented in this compendium.

The governance angle extends to board competence. The EBA’s final Guidelines on the management of ESG risks, issued under Article 87a(5) of Directive 2013/36/EU (CRD) as introduced by CRD6, require institutions to have strategies, policies, processes, and systems for the identification, measurement, management, and monitoring of ESG risks over the short, medium, and long term. The ECB’s compendium explicitly references these EBA Guidelines and notes that some C&N risk management capabilities described in the compendium already featured in the 2022 thematic review monitoring. I have observed that the board competence expectation often catches institutions off guard. The ESMA/EBA suitability assessment guidelines require management bodies to collectively demonstrate knowledge of environmental and sustainability risks. For nature-related risks specifically, institutions should assess whether their board competence framework addresses the distinct risk drivers that nature risk introduces beyond climate transition and physical risk.

A specific operational trap: assigning nature risk oversight to the sustainability or ESG team without a clear reporting line into the risk function. The ECB’s documented good practices show nature risk governance embedded within the CRO’s existing risk management structure, not siloed in a standalone sustainability department. If your nature risk indicators are tracked by a sustainability team that reports to the CEO but not to the CRO, that is a governance gap.

Exposure Mapping: Sectors, Counterparties, and Data Sources

The compendium describes two levels of exposure mapping. The first is a top-down sectoral assessment: which industries in your portfolio depend on ecosystem services that are under pressure? The second is a bottom-up counterparty assessment: for your most material exposures, what specific nature-related dependencies and impacts does each counterparty have?

The ECB documents institutions that analyse exposure to deforestation risk, water pollution, nitrogen emissions, land use change, and waste management. Corporate-related due diligence policies are typically conditioned on counterparty turnover exceeding a threshold or on the counterparty being subject to environmental disclosure regulation.

Data is the central problem. Nature-related data is less standardised than climate data, which itself is still patchy. The compendium acknowledges this. Institutions are observed using a mix of counterparty self-reported data, public environmental databases, and NGO partnerships to fill gaps. External databases commonly used across the industry for nature risk screening (such as ENCORE for ecosystem service dependency mapping, IBAT for biodiversity data, and WWF Risk Filter for water and deforestation risk) are widely referenced in market practice, though institutions should verify whether the ECB compendium itself endorses specific tools or simply describes what it observed. Some institutions have developed specific agricultural monitoring tools in partnership with farming organisations and insurance companies.

Where teams misclassify the risk: treating nature risk as identical to climate transition risk. Water stress, biodiversity loss, and soil degradation are distinct risk drivers with different transmission channels. An institution that maps only carbon exposure and calls it “nature risk” is not aligned with the compendium’s framework. The ECB explicitly separates climate physical risk, climate transition risk, and nature-related risk throughout the report. Chapter 5 exists precisely because nature risk requires its own assessment approach.

Nature-Related Risk in the ICAAP

The most significant addition in the updated compendium is the inclusion of dedicated ICAAP good practices for nature-related risks. Previously, the 2022 version did not address how institutions should reflect nature risks in their internal capital adequacy assessment. This update fills that gap.

The ECB describes a range of observed approaches. At the simpler end, institutions identify nature-related risk materiality for one or more risk categories and acknowledge that they cannot precisely quantify the financial impact due to methodological limitations. Even where institutions do not consider nature risks material within the ICAAP time horizon, the compendium documents practices where institutions include the assessment in their ICAAP documentation as a forward-looking item, flagging that nature risks are expected to become increasingly relevant.

At the more advanced end, the compendium describes institutions that have used scenario analysis to quantify the impact of nature-related risks on their CET1 ratio. In cases where the correlation between climate and nature risk quantification results was observed to be significant, institutions used nature-related scenario results to define an overlay in their internal stress tests, which ultimately affected their normative capital assessment. These descriptions are drawn from the compendium’s aggregated observations rather than individually attributed case studies.

The practical takeaway: even if your institution concludes that nature-related risks are not currently material for ICAAP purposes, you need to document that conclusion with a methodology, and you need to articulate when and how you expect to integrate nature risks more fully. Saying nothing about nature risk in the ICAAP is no longer defensible given that the ECB has now published dedicated good practices on the topic. For more on the broader ICAAP framework, see our ICAAP and ILAAP guide.

Scenario Analysis and Stress Testing for Nature Risks

The ECB published a companion report alongside the compendium: the “ECB report on good practices for climate and nature-related risk stress testing”, dated 8 May 2026. The two documents should be read together.

For nature-related risks specifically, the compendium describes institutions that have built internal scenarios because established external scenarios for nature risks do not yet exist at the same level as climate scenarios (NGFS, for example). The observed scenarios include environmental permit system changes (where a client loses its operating permit due to water pollution, nitrogen emissions, or land use violations), introduction of water pollution taxes, and biomass price shocks.

The compendium describes nature-related scenario analyses applied to non-financial corporate portfolios. Examples include modelling environmental permit revocation scenarios and the introduction of water pollution taxes, with scenarios defined on the basis of EU Directives. Institutions incorporating such estimated credit losses into forward-looking provisioning and capital planning represent the more advanced end of observed practice. As with other institutional examples in the compendium, these are aggregated descriptions of observed approaches rather than verified case studies of named institutions.

What does not work: running a climate stress test and calling it a nature stress test. The risk drivers are different. Climate transition scenarios focus on carbon pricing, stranded assets, and energy transition costs. Nature scenarios need to address ecosystem service disruption, regulatory interventions on biodiversity, water scarcity, and land-use change. If your stress testing framework only covers carbon-based transition risk and acute physical events, it does not cover nature risk.

For institutions that have not yet built nature-specific scenarios, the compendium suggests using sensitivity analyses as a stepping stone. These rely on general indicators and are not full risk quantification, but they provide initial visibility into potential exposure. The ECB explicitly states that while these sensitivity analyses do not fully meet risk quantification expectations, they serve as a first step towards defining an approach for identifying, monitoring, and managing nature-related risks.

Proportionality: What Smaller Institutions Should Do

The compendium directly addresses proportionality for smaller and less materially exposed institutions. The ECB notes that less sophisticated practices and publicly available tools are described throughout the report, and that these approaches can support smaller institutions in making progress without requiring the same investment as larger, more exposed banks.

Specific references include ICAAP approaches (Section 4.6), nature risk tools and information (Chapter 5), and physical risk quantification approaches and tools (Sections 4.6.7 and 3.5.1). The ECB acknowledges that some practices documented in the report may not be sophisticated enough for larger institutions but are suitable starting points for smaller ones.

The common mistake among smaller institutions: doing nothing because the full scope seems overwhelming. The compendium provides a clear proportionality argument. A small institution with limited nature-dependent lending can start with a sectoral screen, document the conclusion, add a nature risk section to its ICAAP even if the assessment shows immateriality, and establish a review cycle. That is more defensible than silence.

The EBA ESG Guidelines Connection

The ECB compendium does not exist in isolation. The EBA’s final Guidelines on the management of ESG risks, mandated under Article 87a(5) of Directive 2013/36/EU (CRD) as introduced by CRD6, establish legal requirements for institutions to integrate environmental risks, including nature-related risks, into their governance, strategy, risk management, and internal processes. The ECB compendium references these guidelines directly and notes that many of the observed good practices align with or go beyond the EBA’s baseline requirements.

For institutions supervised by the ECB under the Single Supervisory Mechanism, this creates a two-layer framework: the EBA Guidelines set the regulatory baseline, and the ECB compendium shows what good practice looks like above that baseline. National competent authorities supervising smaller institutions will apply the EBA Guidelines directly, and the compendium serves as a reference for what “adequate” looks like in practice.

The EBA Guidelines include specific provisions on ESG risk policies and procedures, counterparty due diligence for environmental risks, and the integration of ESG risks into existing risk categories (credit, market, operational, liquidity). Institutions need to map their nature risk framework against both the EBA Guidelines requirements and the ECB compendium practices. Those with Pillar 3 disclosure obligations for ESG-related issues face additional pressure to demonstrate that their nature risk framework is operational, not just documented.

What to Document Now: A Practical Checklist

Based on the compendium and the EBA Guidelines, institutions should ensure they can evidence the following items in their risk management documentation:

Nature-related risk materiality assessment: a documented methodology identifying which nature-related risk drivers (water stress, biodiversity loss, deforestation, pollution, land-use change) are relevant to the institution’s portfolio. The assessment should be sector-specific and, for material exposures, counterparty-specific.

Risk inventory integration: nature-related risk drivers should appear in the institution’s risk inventory with mapped transmission channels to prudential risk categories (credit risk, market risk, operational risk). A standalone nature risk register that does not connect to the prudential risk taxonomy is insufficient.

Governance documentation: board-level or management body awareness of nature-related risks, a clear reporting line from the nature risk function to the CRO, and either existing RAF limits for nature risk indicators or a documented plan with a target date to introduce them.

ICAAP section on nature-related risks: at minimum, a statement of methodology, the materiality conclusion, and a forward-looking assessment of when nature risks are expected to become more relevant. Advanced institutions should include scenario-based quantification or an overlay approach.

Exposure mapping: top-down sectoral assessment and, for material sectors, bottom-up counterparty-level assessment. Document the data sources used and the gaps identified.

Scenario analysis or sensitivity analysis: at least one documented analysis addressing nature-specific risk drivers. This can be exploratory. The ECB accepts emerging methodologies but expects institutions to have started the work.

Sectoral and client-level policies: documented policies that translate the risk appetite into specific restrictions or due diligence requirements for high nature-risk sectors and counterparties.

Review cycle: a documented schedule for updating the materiality assessment, exposure mapping, and scenario analysis. Static assessments that are never refreshed do not meet observed good practices.

Frequently Asked Questions

Is the ECB compendium legally binding?

No. The compendium is illustrative. It does not set supervisory expectations or standards. However, ECB supervisors use these documented practices as benchmarks during SREP assessments and on-site inspections. Institutions that deviate significantly from observed good practices should expect questions.

Does this apply to institutions outside ECB direct supervision?

The compendium draws on practices from ECB-supervised significant institutions. However, the EBA’s ESG risk management Guidelines apply to all EU credit institutions regardless of size or supervisory mechanism. National competent authorities can use the compendium as a reference. Smaller institutions should focus on the proportionality provisions in Chapter 5 and Section 4.6.

How does nature risk differ from climate risk for reporting purposes?

Climate risk focuses on carbon transition (stranded assets, carbon pricing) and physical events (floods, heatwaves). Nature-related risk covers ecosystem service disruption, biodiversity loss, water stress, deforestation, and soil degradation. The ECB separates them explicitly: Chapter 5 of the compendium is dedicated to nature-related risks because the risk drivers, data sources, and assessment methods differ from climate risk.

What if my institution concludes nature risks are not material?

That conclusion is acceptable, but it must be documented with a methodology and reviewed periodically. The compendium shows institutions that reached immateriality conclusions but still included nature risk in their ICAAP documentation as a forward-looking item. Undocumented silence is the problem, not a well-reasoned immateriality conclusion.

Which data sources are commonly used for nature risk assessment?

The compendium describes institutions using a mix of counterparty self-reported data, public environmental databases, and NGO partnerships. External databases widely used across the industry include ENCORE (ecosystem service dependency mapping), IBAT (biodiversity data), and WWF Risk Filter (water and deforestation risk). These tools represent broader market practice for nature risk screening. Some institutions supplement these with agricultural monitoring tools developed in partnership with farming organisations. Data availability remains a challenge; documenting your data gaps is itself a good practice.

Do I need nature-specific stress test scenarios?

The ECB expects institutions to move towards nature-specific scenario analysis. Established external scenarios (like NGFS for climate) do not yet exist for nature risk at the same granularity, so institutions are building internal scenarios. The compendium documents scenarios based on environmental permit revocation, water pollution taxes, and biomass price shocks. A sensitivity analysis is an acceptable starting point for institutions that have not yet developed full scenarios.

How does this connect to the CSRD and TNFD?

The compendium focuses on prudential risk management, not corporate sustainability reporting. However, the data requirements overlap. Institutions subject to CSRD sustainability reporting obligations and those aligning with the Taskforce on Nature-related Financial Disclosures (TNFD) framework will find that the risk identification and materiality assessment work feeds both prudential and disclosure requirements. The ECB does not reference TNFD directly in a prescriptive sense, but the underlying analytical framework is consistent.

What is the timeline for compliance?

There is no single compliance deadline because the compendium is not binding regulation. However, the EBA ESG Guidelines set an application date, and the ECB’s SREP process evaluates nature risk management annually. Institutions that have not started nature risk documentation by mid-2026 will find themselves behind the observed practices of their peers as documented in this compendium.

Related Articles

• ECB SREP 2026 Priorities – Covers the ECB’s supervisory priorities for 2026, including climate and nature-related risk management expectations within the SREP framework
• ICAAP and ILAAP Guide – Explains the internal capital and liquidity adequacy assessment processes where nature risk integration is now expected
• CSRD Sustainability Reporting – Covers the EU Corporate Sustainability Reporting Directive, which creates overlapping data requirements with nature risk prudential assessments
• Pillar 3 Disclosure Requirements for Luxembourg Banks – Details ESG-related disclosure obligations that complement the prudential risk management practices described in the ECB compendium
• ESMA/EBA Suitability Assessment Guidelines – Explains how management body competence requirements now include environmental and sustainability risks

Key Takeaways

• The ECB published an updated good practices compendium in May 2026, adding dedicated sections on nature-related risk management and ICAAP integration, drawing from 60+ institutions.
• Nature-related risk is distinct from climate risk. The ECB separates them explicitly. Institutions that only map carbon exposure are not covering nature risk.
• Materiality assessments must be sector-specific and, for material exposures, counterparty-specific. Generic heat maps without linked risk drivers are insufficient.
• The ICAAP should include a nature-related risk section even if the conclusion is immateriality. Documented methodology and a forward-looking assessment are the minimum.
• Scenario analysis for nature risk does not yet have standardised external scenarios like NGFS. Institutions are expected to build internal scenarios or at minimum run sensitivity analyses.
• Risk appetite frameworks should either include nature-related risk limits or contain a board-approved plan with a target date to add them.
• Smaller institutions can use the compendium’s proportionality provisions, but doing nothing is not proportionate. A basic sectoral screen, documented conclusion, and review cycle is the minimum.
• The EBA ESG Guidelines under Article 87a(5) of Directive 2013/36/EU (CRD) as introduced by CRD6 create the regulatory baseline. The ECB compendium shows what good practice looks like above that baseline.

Sources and References

• ECB Banking Supervision, “Good practices for climate and nature risk management: Observations from the ECB’s five-year climate and nature risk programme (2020-25)”, May 2026 – ECB Banking Supervision climate and nature risk page
• ECB Banking Supervision, “ECB report on good practices for climate and nature-related risk stress testing”, 8 May 2026 (companion report)
• EBA, “Final Report: Guidelines on the management of ESG risks” (EBA/GL/2025/01), issued under Article 87a(5) of Directive 2013/36/EU (CRD) as introduced by CRD6 – EBA ESG risk management guidelines
• ECB, “Guide on climate-related and environmental risks: Supervisory expectations relating to risk management and disclosure”, November 2020
• Directive 2013/36/EU (CRD), as amended by Directive (EU) 2024/1619 (CRD6), Article 87a(5)

Disclaimer: The information on RegReportingDesk.com is for educational and informational purposes only. It does not constitute legal, regulatory, tax, or compliance advice. Always consult your compliance officer, legal counsel, or the relevant supervisory authority for guidance specific to your institution.