The PRA has published PS25/25 and the final supervisory statement SS4/25, replacing SS3/19 in full with immediate effect (3 December 2025). The supervisory statement is relevant to insurers, banks, building societies and PRA-designated investment firms. This note summarises the key outcomes, highlights changes from the consultation (CP10/25, see our client note for a summary of this consultation), and sets out practical implications for impacted firms.
Key takeaway
The PRA has confirmed a materially more detailed, but principles-based and “proportionate”, framework of their expectations for managing climate-related financial risks. The final policy largely confirms CP10/25 but introduces clarifications to emphasise proportionality, flexibility in the application of scenario tools, and pragmatic expectations on data, governance, and documentation. Firms must complete a six‑month internal review and action plan but are not expected to close all gaps within that period.
What is new or clarified compared to CP10/25
The PRA has made targeted clarifications rather than substantive policy shifts from the consultation. The most relevant changes include:
- Proportionality and materiality: The PRA has added an “overarching aims” section to explain how firms should scale their approach based on the materiality of climate risk and business model, not size alone. Smaller firms with material exposures may still use less sophisticated tools, provided limitations are understood and a prudent interpretation is applied.
- Six‑month review period: Starting from 3 December, firms have six months for gap analysis and credible planning, but supervisors will not request evidence until after the period ends and firms are not expected to remediate all gaps within six months.
- Litigation risk: The PRA has stated that firms may treat climate-related litigation as a distinct transmission channel or as part of physical/transition risks, applying judgment to reflect their business profile.
- Governance: The PRA has clarified that no “new” SMF is required (despite indicating that responsibilities for climate risk must be assigned at appropriate levels of seniority such as an SMF). Firms may integrate climate responsibilities into existing structures if risk identification remains robust. The PRA has also clarified that the “accept/manage/avoid” risk appetite taxonomy is illustrative, not prescriptive.
- Risk register and appetite: The PRA has noted that firms may integrate climate risks into existing risk registers or a sub‑register.
- Climate scenario analysis (CSA): The PRA has stated that the number and type of CSA exercises should be commensurate with exposure. Longer‑horizon analysis can rely more on narrative scenarios with judgment‑based quantification. Boards are expected to understand objectives, limitations, and how results inform decisions.
- Data: The expectation to “quantify” uncertainty has been softened to “understand.” Firms should select appropriate proxies, document rationale, and interpret results prudently in light of limitations. Governance over third‑party data remains important, but building in‑house capabilities is encouraged but not mandatory.
- Operational resilience: Language has been aligned with SS1/21. Firms should assess and manage operational resilience risks from climate events, including through mitigants and contingency planning, without implying prevention of disruption in scenarios beyond “severe but plausible.”
- Banking specifics: ICAAP/ILAAP climate scenarios may align with standard horizons for those processes, while using longer horizons in strategic planning where relevant. ILAAP assessments should focus on stressed conditions. Expectations on financial reporting remain aligned with accounting standards and audit requirements.
- Insurance specifics: The SCR framework is sufficiently flexible to capture climate as a driver of existing risk components and no separate “climate SCR” is required. Narrative scenarios with expert judgment can be used where appropriate. Where market pricing or CRA methodologies are judged to under‑reflect climate risk, firms may reflect this in ORSA and via appropriate internal credit assessment adjustments or MA attestations.
Practical implications for firms
Impacted firms should now pivot to implementation planning under the clarified framework. Key areas of focus include:
- Governance and accountability: Firms must ensure clear allocation of climate responsibilities to existing SMFs or senior individuals, with appropriate information flows to the board. They should set or refine climate‑specific qualitative risk appetite and, where appropriate, quantitative metrics/limits aligned to the risk register and material exposures.
- Proportionate risk assessment: Firms should run a structured, documented process to identify material climate risks across transmission channels and traditional risk types, focusing on sectors, geographies, and counterparties that drive the firm’s profile. Firms should record rationales for materiality thresholds and exclusions.
- Scenario toolkit and use cases: Firms should calibrate a coherent CSA programme sized to their risk exposure.
- Data strategy: Firms should map critical data gaps and uncertainty and set out pragmatic remediation plans, combining external providers with selective internal development and client/counterparty engagement. Where proxies are used, firms should document choices, caveats and controls. Firms should build governance for third‑party data and model risk.
- Operational resilience: Firms should incorporate climate drivers into business continuity, important business services, and third‑party risk management (including intra‑group arrangements), with a focus on severe but plausible scenarios.
Next steps
Firms now need to conduct and document the internal review and gap analysis by 3 June 2026 (in line with the PRA’s six-month deadline), with a credible remediation plan and governance sign‑off
