After much anticipation, the German Ministry of Finance has finally published its draft act (Draft Act) implementing Directive (EU) 2024/1619 (CRD 6) on 22 August 2025.
A key aspect of CRD 6 is the focus on the integration of environmental, social and governance (ESG) factors in the risk management of European banks (see our separate blogpost on ESG in CRD 6). This blogpost provides an overview of the key requirements that the Draft Act introduces with respect to the management of ESG risks.
The Draft Act generally aims at a 1:1 implementation of the CRD 6 requirements. This is clarified in the explanatory memorandum and justified by level playing field considerations and the interest in an effective and unbureaucratic implementation. At the same time, the Draft Act emphasises the principle of proportionality. Accordingly, the Member State options offered by CRD 6 to exempt ‘small and non-complex institutions’ within the meaning of the CRR from certain requirements, especially in the context of transition planning, have been widely used. Conversely, however, the scope of many requirements has not been limited to CRR credit institutions but also includes non-CRR institutions, such as leasing or factoring institutions, which arguably includes elements of gold-plating.
Before we turn to the key points of the Draft Act in detail, it should be remembered that the management of ESG risks has been on the agenda of supervisory authorities for some time and is therefore nothing new for banks:
- BaFin issued its Guidance Notice on Dealing with Sustainability Risks (Merkblatt zum Umgang mit Nachhaltigkeitsrisiken) in December 2019 and subsequently integrated principles-based requirements in its Minimum Requirements for Risk Management (MaRisk) in June 2023 (see our separate blogpost).
- The ECB published its expectations on the management of climate-related and environmental risks in its Guide of November 2020 and subsequently set several deadlines (March 2023, end of 2023 and end of 2024) for ECB-supervised banks to meet these expectations (see our separate blogpost).
CRD 6 marks the (provisional) end of this development and “formalises” many requirements that already existed in practice as expectations of the supervisory authorities. However, CRD 6 goes further in some respects. This applies in particular to the obligation to draw up prudential transition plans, but also to the stronger focus of the relevant risk management requirements on social and governance risks, i.e. beyond the previous core area of climate-related and environmental risks – risk categories that are now all uniformly defined and set out in Article 4 of the CRR.
Key points of the Draft Act
1. Integrating ESG risks into risk management
The core of the implementation is the insertion of a new sub-chapter (5e) into the Draft German Banking Act (Kreditwesengesetz-Entwurf, KWG-E) setting out specific obligations relating to ESG risks. Relevant requirements are bundled in two entirely new provisions:
- Sec. 26c KWG-E (on ESG risks in risk management) and
- Sec. 26d KWG-E (on the ESG risk plan, i.e. the prudential transition plan).
Together, they form a dedicated “ESG block” in the KWG – giving ESG a prominent position. On the other hand, this regulatory technique does not contribute to clarity. It would be entirely possible to incorporate the requirements (better) into the existing KWG system.
Sec. 26c(1) and (4) KWG-E implement the requirements for considering ESG risks in the institution’s governance arrangements and risk management framework, in particular those set out in Art. 73, 74, 76(1) and 87a CRD. Technically, the new requirements cross-reference and supplement the general requirements for a proper business organisation (Sec. 25a KWG) and related management board duties (Sec. 25c(4a) KWG) with specific respect to ESG risks. Relevant requirements apply at both individual and group level (Sec. 26c(5) KWG-E).
Generally, the new KWG-E provisions seem to closely follow the CRD 6 requirements. The legislative materials also contain no indication of intended gold-plating. It is noticeable, however, that the Draft Act emphasises and explicitly introduces (several times) the minimum ten-year horizon for the assessment of ESG risks – an aspect that is stipulated by CRD 6 in general, but not in such specific detail.
The German legislator made use of the CRD 6 option to allow ‘small and non-complex institutions’ to review relevant strategies and policies for ESG risk management (only) every two years. For other institutions, BaFin is tasked, according to the legislative materials, to specify the review cycle, which according to CRD 6 is at least two years.
Ultimately, it will much depend on how the general obligations laid down in the law are specified in concrete terms. In January 2025, EBA already published Guidelines on the management of environmental, social and governance (ESG) risks in this respect. While the ECB intends to comply with the EBA Guidelines within the limit of and without prejudice to national implementing laws, BaFin has already announced that it plans to grant more flexibility to German small and non-complex and other non-large institutions and only implement some of the additional elements of the EBA Guidelines into MaRisk on a principles-based and proportional basis.
2. Introducing the requirement to draw up a transition plan (ESG risk plan)
Perhaps the most striking innovation of CRD 6 is the introduction of the obligation to draw up and implement a transition plan, or “ESG risk plan” as it is labelled in the KWG-E. Pursuant to new Sec. 26d(1) KWG-E, the plan must
- address financial risks arising from ESG factors, including transition risks linked to EU and national climate legislation,
- set quantifiable targets and metrics for managing these risks,
- incorporate the latest reports of the European Scientific Advisory Board on Climate Change and
- ensure coherence with any plans disclosed under CSRD.
The same applies at group level (Sec. 26c(2) KWG-E).
The plan must address forward-looking ESG risk management aspects over at least a ten-year horizon. It effectively serves as a strategic ESG risk roadmap, integrating prudential planning with broader sustainability objectives. Further guidance can, again, be found in the EBA Guidelines on ESG risk management.
It is noteworthy but not surprising that the explanatory memorandum explicitly links the plan to the German Climate Change Act, thereby embedding national climate targets into prudential transition planning. The reference to national climate targets may give rise to level playing field concerns, to the extent the national climate targets of the EU Member States differ.
For ‘small and non-complex institutions’, proportionality again softens the blow: They may adopt qualitative targets, limit their focus to climate risks until 2029, and decide whether to integrate the EU advisory board’s reports into their planning. In addition to these explicit waivers under German law, the EBA Guidelines also provide for other proportionality measures for ‘small and non-complex’ and other non-large institutions, acknowledging that smaller institutions face data and resource constraints.
In addition, a notification requirement is introduced. Pursuant to Sec. 24(1) No. 16 KWG-E and Sec. 24(3a) sent. 1 No. 10 KWG-E, institutions are required to notify BaFin about the drawing up and any significant change of the ESG risk plan, including submission of the plan, at entity and group level.
3. Methodology for ESG stress testing
Institutions must test the long-term resilience of their business models to ESG risks. In line with CRD 6 requirements, the Draft Act requires stress tests based on a number of scenarios developed by recognised international organisations – a deliberate move to align national practice with global standards (such as those of the Network for Greening the Financial System or the Intergovernmental Panel on Climate Change). The draft also emphasises climate risks as the starting point for resilience testing. Over time, the scope will expand to cover broader ESG factors.
The ECB already published a report on good practices for climate stress testing in 2022. Further guidance on ESG scenario analysis will be provided in dedicated EBA Guidelines (see consultation paper of 16 January 2025).
For the corresponding supervisory stress tests, the ESA’s Joint Guidelines on integrating ESG in supervisory stress test, which are currently under consultation, aim to harmonise methodologies and practices among supervisors in banking and insurance, to ensure proportionality and to enhance the effectiveness and efficiency of ESG stress testing.
4. Supervisory Review and Evaluation Process (SREP) for ESG risks
The SREP is at the heart of prudential supervision, and according to guidance introduced by EBA, ESG is a part of that process since 2022 already.
CRD 6 now explicitly requires supervisors to assess institutions’ ESG risks. Pursuant to the new Sec. 6b(2) sent. 2 no. 15 KWG-E, ESG risk management and the ESG risk plan are subject to the review and evaluation by supervisory authorities, considering also the institution’s business model, its sustainable product offerings, its strategy for financing the economic transition, internal credit policies and ESG-related targets, metrics and limits. In line with CRD 6 requirements, BaFin may cooperate with other federal agencies responsible for climate and environmental policy when reviewing ESG risk plans. The Draft Act extends this cooperation opportunity even further to federal agencies responsible for social and governance factors, leaving it open, however, which federal agencies this actually comprises. The involvement of other authorities is a novelty, embedding prudential oversight in a wider policy ecosystem.
It should also be noted that ESG risk management requirements have been included in the scope of review by external auditors (Sec. 29 KWG-E).
The new Sec. 45(2) no. 15 KWG-E introduces supervisory powers according to which BaFin can require institutions to reduce ESG risks by adjusting their business and risk strategies or risk management, including strengthening their ESG risk plan. Prior to such intervention, BaFin is required to set a deadline for remedying the shortcomings.
5. Other ESG-related changes
The Draft Act implements the prudential option to apply a systemic risk buffer to environmental, in particular climate-related macroprudential risks, as already identified as a potentially well-suited tool to address climate systemic risks by the ESRB and EBA. Sec. 10e KWG-E explicitly mentions climate-related risks as potential systemic threats.
In line with CRD 6, Sec. 26c(2), (3) and (6) KWG-E expand the “fit and proper” regime for members of management board in its management and supervisory function to cover ESG risks. This requirement has already been incorporated into the supervisory guidance issued by the ECB. Institutions must deploy appropriate human and financial resources to ensure the professional suitability of members of the management board, including with regard to ESG risks and their implications.
Finally, ESG risks must also be taken into account in the remuneration systems for the members of the management board and employees (Sec. 26c(1) no. 6 KWG-E). According to the EBA Guidelines on ESG risk management, remuneration systems are also part of ESG risk plans, implying that targets and metrics used in the plan should also be used for remuneration purposes.
Next steps
The consultation period has elapsed on 9 September 2025. A government draft (Regierungsentwurf) should follow soon, with a final act due to be published by 10 January 2026 to meet the CRD 6 deadline - a tight schedule!
Institutions should also keep an eye on developments of further guidance. ESG-related aspects will also be included in EBA’s Guidelines on internal governance (see consultation document of 7 August 2025), EBA’s Guidelines on sound remuneration policies and the Joint ESMA and EBA Guidelines on the assessment of the suitability of members of the management body.
The ECB has announced that it will publish later this year an updated compendium of good practices for climate-related and environmental risk management that banks of different sizes and business models from different countries will be able to draw on. As regards transition planning, the ECB will approach relevant requirements in a gradual and targeted way, focusing on new elements of the EBA Guidelines on ESG risk management. At the end of this year and throughout 2026 the ECB will start informal dialogues with the banks to discuss progress, challenges and areas for improvement. Only at a later stage, in 2027, the ECB will carry out a more formal assessment.
/Passle/5832ca6d3d94760e8057a1b6/SearchServiceImages/2025-09-10-05-35-34-353-68c10e26997156abd1d9c51e.jpg)
/Passle/5832ca6d3d94760e8057a1b6/MediaLibrary/Images/2025-09-04-09-51-46-212-68b961321d680d7ad1a41a53.png)