The PRA sets final climate risk management expectations with SS 5/25

15 December 2025

On 3 December 2025, the Prudential Regulation Authority (PRA) published its Policy Statement (PS) 25/25[1] alongside Supervisory Statement (SS) 5/25[2].

How we got to SS 5/25: Recap of SS 3/19 and CP 10/25

The Prudential Regulation Authority’s (PRA) PS 25/25 and SS 5/25 supersede SS 3/19[3] from the date of publication and finalising proposals consulted on in Consultation Paper (CP) 10/25[4]. CP 10/25’s aim was not to rewrite the playbook but to introduce stronger expectations for consultation based on prior supervisory feedback, align with international standards (e.g., the Basel Committee on Banking Supervision’s (BCBS) climate‑risk principles and the International Sustainability Standards Board’s (ISSB) disclosure baseline), and clarify practical guidance where firms had asked for it.

SS 5/25 is proportionate and practical, bringing together previous Dear CEO/CFO letters[5], climate adaptation reports, and observed good practice into a single, structured statement. It sets strengthened expectations for banks, building societies and (re)insurers while recognising differences in business model, complexity and size, and is organised into seven chapters covering governance, risk management, Climate Scenario Analysis (CSA), data, disclosures, and banking‑ and insurance‑specific issues. Firms must complete an internal review and gap analysis of their climate‑risk frameworks and practices against SS 5/25 expectations by 3 June 2026. While supervisors will not request evidence until after this six‑month review window, firms are expected to have credible, ambitious plans to address gaps and to demonstrate early progress during supervisory engagement. Scope remains unchanged from SS 3/19: the expectations apply to UK banks, building societies, PRA‑designated investment firms, and (re)insurers (Solvency II and non‑Solvency II, including Lloyd’s and managing agents), and do not apply to branches of overseas entities operating in the UK.

What does SS 5/25 mean for banks, building societies and (re)insurers?

SS 5/25 is in force and expects firms to embed climate risk within existing governance and risk frameworks in a proportionate, evidence-based way. This starts with a board-endorsed materiality assessment that maps sectoral and geographic exposures, traces physical/transition pathways and sets time horizons. Where exposures are material, firms should scale the response: deepened metrics and limits; upgraded data governance and MI; defined CSA cadence and scenario set; and integrated climate drivers into core processes (for banks, underwriting standards, collateral valuation, IFRS 9 judgements/overlays) and prudential documents (Internal Capital Adequacy Assessment Process (ICAAP) / Internal Liquidity Adequacy Assessment Process (ILAAP)). Firms must also keep an audit trail from CSA outputs to risk appetite decisions and capital/liquidity planning, and organise delivery through a sequenced plan with clear owners, milestones and progress reporting.

By the end of the six-month review window, 3 June 2026, firms should have completed their internal reviews and gap analyses against SS 5/25, obtained board sign-offs on the materiality assessments, and established credible, ambitious remediation plans already in motion. Concretely, firms are expected to have documented CSA frameworks; updated risk appetites and sector/counterparty limits informed by CSA; climate data inventories with ownership, lineage and stated uncertainties/proxies; and initial changes visible in Asset-Liability Committee (ALCO) / Board packs, underwriting/credit policies, and financial reporting governance. While supervisors will not request evidence until after the review period, firms should be ready to demonstrate their plans, explain prioritisation, and show early progress—linking climate metrics and scenarios to tangible management actions and prudential outcomes.

What are the key updates of the PRA’s SS 5/25 from CP 10/25?

The PRA received feedback on CP 10/25 requesting clearer distinctions between expectations and illustrative guidance, greater flexibility for smaller firms, and clarification on governance and implementation timelines. In response, the PRA made changes in each of the key areas discussed below, though there is significant overlap between CP 10/25’s proposals and the expectations set out in SS 5/25. These changes are largely for clarification purposes and aim to reduce potential burden by emphasising proportionality.

Proportionality is a new principle introduced by PS 25/25 and SS 5/25. This means firms must first carry out a board-approved risk identification and materiality assessment, then scale their responses according to the level of exposure and materiality. Where risks are material, this involves strengthening analytics, metrics, management information, and CSA.

Also, litigation risk is now explicitly recognised as a transmission channel and must be assessed as part of firms’ frameworks. In addition, there are targeted changes across governance, risk management, CSA, data, and banking/insurance specifics—these are summarised in the table below, as well as other key updates (and clarification points) between SS 3/19, CP 10/25, and SS 5/25.

Key differences between SS 3/19, CP 10/25 & SS 5/25

Topic	SS 3/19	CP 10/25	SS 5/25
Governance	Focuses on foundational governance with an emphasis on awareness and oversight, without formal links to specific accountability functions.	Expands on these expectations by emphasising board accountability, integrating climate risk into business strategy, and linking governance to the Senior Managers & Certification Regime (SM&CR). It also highlights the importance of defining a climate risk appetite and promoting an internal challenge culture.	Expectations emphasise board accountability, integrating climate risk into business strategy, and linking governance to the SM&CR. It also highlights the importance of defining a climate risk appetite and promoting an internal challenge culture. Highlights defining climate risk appetite and promoting a challenge culture. No new SMF required; responsibilities may be embedded in existing SM&CR and committee structures with clear accountability, Management Information (MI) and evidence of board challenge. Governance scaled by the materiality of climate risk exposure.
Risk Management	Encourages integration of climate risks into the firm’s existing risk management framework. Provides limited guidance on how climate risks might manifest across traditional risk categories.	Provides a detailed mapping of how climate risks can transmit through credit, market, liquidity, insurance, and operational risks. Firms need to create internal classifications and identify exposures to both transition and physical risks. Firms must show how climate risk factors are identified, monitored, and mitigated— rather than just acknowledged. Requires documentation of control effectiveness and procedures for escalating issues related to climate risk.	Provides a detailed mapping of how climate risks can transmit through credit, market, liquidity, insurance, and operational risks. Firms must embed climate risks into ICAAP/ILAAP, capital, liquidity and limit frameworks with quantitative metrics where material. Firms may use existing risk registers or sub-registers to list climate risks. Firms need to create internal classifications and identify exposures to both transition and physical risks; ‘accept, manage, avoid’ terminology is suggested, not mandatory. Map climate into operational, outsourcing and third-party risk controls and align Operational Resilience expectations with SS 1/21. Litigation risk can be treated separately or under other channels.
Climate Scenario Analysis (CSA)	Recommends firms use scenario analysis for both short-term and long-term assessment of financial risks, but offers little on methodology or application. No expectations regarding governance or documentation of results.	Encourages firms to embed CSA in their business planning and decision-making processes. Emphasises alignment with existing stress testing and scenario analysis approaches issued by regulatory authorities, such as the BCBS and International Association of Insurance Supervisors (IAIS). Suggests use of specific methodological approaches to CSA and outlines expectations for scenario design, including varying levels of severity and time horizons. Recommends firms clearly document the assumptions, parameters, results, and board engagement with scenario outputs. Proposes firms regularly review and update the scenarios in use, including the use of sensitivity analyses on current model selections and calibrations to ensure the scenarios remain in line with market best practice.	Encourages firms to embed CSA in their business planning and decision-making processes. Emphasises alignment with existing stress testing and scenario analysis approaches issued by regulatory authorities, such as BCBS and IAIS. Firms have the flexibility to select scenarios suited to their risk profile, and the number and type of exercises should match their climate risk exposure, and proportionality should apply. Longer-term scenarios may be more narrative with judgment-based quantification. They may choose whether to utilise reverse stress tests and/or sensitivity analysis. Firms must document assumptions, parameters, results, and show how outputs inform strategy, risk appetite, and capital/liquidity planning.
Disclosures	Supports Task Force on Climate-related Financial Disclosures (TCFD)-aligned disclosures.	Builds on SS 3/19 by recommending alignment with the ISSB, which incorporates the previous TCFD recommendations.	Builds on SS 3/19 by recommending alignment with the UK-ISSB baseline. Disclosures should explain how climate risk is integrated into governance and risk frameworks and maintain consistency with ICAAP/ILAAP and solvency reporting. No new standalone disclosure regime introduced.
Data	Notes the importance of data but doesn’t treat it as a standalone theme. Recommends the use of data from publicly available sources or external experts.	Emphasises the importance of robust, standardised climate-related data with sufficient coverage and relevance. Highlights the risks of data gaps and recommends that firms implement strategic plans to close data gaps wherever possible while implementing contingency solutions in the interim periods. Encourages firms to assess the credibility of third-party data providers and establish adequate governance overuse of third-party data. Recommends firms to develop internal capabilities for climate data sourcing, processing, and validation.	Emphasises robust, standardised climate-related data with sufficient coverage and relevance. Firms should implement plans to close data gaps and contingency solutions in the interim. Governance over third-party data and internal capability building remains key. Expectation reduced from ‘quantify’ uncertainty to ‘understand’ it; firms should select appropriate proxies without default conservative bias and integrate data into measurement and decision-making.
Banking-specific Issues	Applies a uniform set of expectations to banks and insurers without sector-specific tailoring.	Considerations for accounting for climate-related risks in financial reporting requirements. Integration of climate-related credit and market risks into risk management frameworks, in line with BCBS regulations. Embedding climate risk in ICAAP processes and capital planning. Incorporation of climate-related risks into funding and liquidity adequacy assessments under ILAAP. Potential impact of climate risks on business reputation and strategy.	ICAAP/ILAAP scenario horizons may align with standard timeframes; longer-term scenarios inform strategy. Financial reporting expectations remain consistent with accounting standards despite data challenges. Climate risk should be reflected in risk appetite metrics and embedded into capital and liquidity processes, including limit frameworks and early warning indicators.
Insurance-specific Issues	Offers no detailed expectations tailored to insurers. Mentions Own Risk and Solvency Assessment (ORSA) and Solvency Capital Requirement (SCR) in passing, but provides no direct guidance.	Embed climate risk in ORSA. Adjust underwriting policies based on long-term climate projections. Factor climate change into investment strategies and valuation models. Consider climate stress scenarios in the SCR. Encourages alignment with international initiatives under Solvency II enhancements.	Existing SCR rules provide flexibility for insurers to address climate-related risks appropriately, and the PRA considers climate-related risks to be a risk driver in various SCR components. Firms may adjust credit ratings or reflect underpriced climate risks in their ORSAs and SCRs, where appropriate.

Focus on some key pillars

Proportionality

The PRA applies proportionality based on two main factors: a firm’s size and its overall exposure to climate-related financial risks. All else equal, firms with higher exposures are expected to adopt more comprehensive measures, such as detailed risk appetite statements, granular metrics, and sophisticated stress testing and scenario analysis. Where exposures are similar, larger firms are expected to leverage their greater resources to implement advanced practices, including enhanced data governance, integration of climate data into risk models, and more frequent or complex climate scenario exercises.

This scaling principle means the PRA expects all firms to meet minimum standards, but the sophistication, frequency, and depth of implementation should reflect both the materiality of risk and the firm’s capacity to manage it. In practice, this avoids a one-size-fits-all approach while maintaining robust standards across banks and insurers.

Risk Management

Firms are expected to identify climate-related risks and assess how physical and transition risks could transmit through different channels to impact credit, market, liquidity, operational, resilience, underwriting, reserving, reputational, and litigation risk. This requires a forward-looking approach that considers both short-term and long-term impacts, including second-order effects such as supply chain disruption or shifts in consumer behaviour.

Where climate risks are material, firms should introduce quantitative metrics and limits, and ensure capital and liquidity planning reflects these considerations. For banks, this means embedding climate drivers into core risk processes, including underwriting standards, collateral valuations, and IFRS 9 models. Climate-related risks must also be integrated into the ICAAP and ILAAP, ensuring stress testing and scenario analysis capture plausible climate pathways and their impact on capital and liquidity buffers. For insurers, climate risk must be explicitly assessed within the ORSA, with clear links to underwriting, pricing, reserving, and reinsurance strategies.

Across both sectors, firms should develop robust climate risk management frameworks, set risk limits informed by scenario analysis, and demonstrate resilience under severe but plausible climate scenarios in capital and liquidity planning. Catastrophe models should be updated to reflect evolving physical risk trends, and firms should evidence how these changes influence strategic decisions and risk appetite. Reverse stress testing should also be considered as a complement to scenario-based sensitivity analysis, helping firms identify the point at which climate-related risks alone could render their business unviable. Where vulnerabilities are identified, firms should implement realistic measures to mitigate or prevent potential business failure.

Risk appetite statements should categorise climate risks into levels such as “accept, manage, or avoid”, supported by appropriate metrics, limits, and exclusion policies. Qualitative details may also be included to distinguish between risks the firm is willing to accept and those it seeks to minimise within its business model.

Climate Scenario Analysis (CSA)

CSA should inform strategic decisions, risk appetite, and capital planning. The PRA expects firms to adopt a structured approach combining clear scenario narratives, expert judgment, and quantitative modelling. This often involves using externally produced scenarios, such as those developed by the Network for Greening the Financial System (NGFS) or the Intergovernmental Panel on Climate Change (IPCC), which link transition and physical risk projections under different emissions pathways.

Banks should assess how severe but plausible climate pathways could affect CET1 ratios, credit losses, and liquidity positions, while insurers should evaluate impacts on solvency coverage, underwriting risk, and the effectiveness of reinsurance programmes. Scenarios must be supported by transparent assumptions and subject to robust management challenge to ensure credibility and relevance.

Across both sectors, firms should set exposure limits informed by CSA, taking account of transition-sensitive sectors and, where appropriate, counterparty-level granularity. Capital and liquidity planning processes must demonstrate resilience under severe but plausible climate scenarios. Catastrophe models should be updated to reflect evolving physical risk trends, and firms should evidence how these changes influence strategic decisions and risk appetite.

Data

The PRA emphasises the importance of reliable climate-related data and expects firms to critically assess the sources, coverage, and quality of the information they use. Where proxies or estimates are necessary, firms should understand their limitations and document these shortcomings clearly.

Banks need data that captures the geographic location of exposures, sectoral classifications, and other relevant attributes to assess vulnerability to physical and transition risks. Insurers require detailed hazard and vulnerability data to support underwriting and investment decisions, particularly for catastrophe modelling and portfolio risk assessments.

To meet these expectations, firms should establish a comprehensive inventory of climate-related data, assign clear ownership and governance responsibilities, and ensure data flows directly into risk measurement and decision-making processes. This includes implementing robust data governance frameworks, validating third-party datasets for accuracy and relevance, and integrating climate data into core processes so that it informs risk management, pricing, and lending or underwriting strategies.

How Forvis Mazars Can Help

We can support banks, building societies, and (re)insurers to ensure they are in line with the latest regulatory standards, including SS 5/25.

We are working with clients to:

Perform gap analysis against regulatory requirements and provide recommendations for enhancement with bespoke implementation plans.
Develop robust climate risk frameworks that meet the PRA’s expectations and integrate them seamlessly into existing governance and risk management processes.
Validate the firms’ existing approaches to managing climate-related financial risks.
Incorporate climate considerations into stress testing and scenario analysis via our proprietary CliMate web tool, ensuring scenarios and models are aligned with supervisory standards.

For further information, kindly contact our team members using the contact us button below.