Skip to main content
White paper

PRA consultation paper CP10/25: “Enhancing banks’ and insurers’ approaches to managing climate-related risks–update to SS3/19”

Key issues and implications for insurance CROs

ByNick Spencer
18 July 2025
Download PDFDownload

CRO action summary

CP10/25 is the consultation paper for the long-telegraphed update to Supervisory Statement (SS) 3/19. The original SS3/19 was a foundational framework seeking to embed climate-related risk awareness into governance and risk management. It focused on identifying risks and building basic processes. The updated draft pivots to far greater prescription and is focused on outcome-driven results demanding operational integration of climate-related risks into capital, strategy and decision-making.

Beyond the standard gap analysis (our draft checklist runs to over 100 line items), the key themes from a CRO perspective are:

  • Supervisory focus: CP10/25 represents a material upgrade in the articulation of expectations. The PRA is likely to seek evidencing actions on the impact of climate-related risks. Board minutes showing board challenge on climate-related risk matters is one element, with a further need to show how climate considerations have impacted strategy and risk appetites.
  • Cross-functional integration: the ability to integrate perspectives across internal silos, such as impacts on operational and reputational risks.
  • Reimagination of climate scenarios: CP10/25 resets approaches to climate scenario modelling from the risk identification process, including the need to consider multiple use cases and tailor the scenario testing approach commensurately, the need to explicitly include consideration of nonlinearities and tipping points, the separation of central and stress scenarios, and the understanding of model-chains.
  • Upgraded governance including resources and data infrastructure an implicit shift to greater internal capability and oversight with an emphasis on keeping pace with emerging science and industry practices.
  • Competitive positioning: Whilst the PRA ‘expects that firms will require time to implement the proposals and that this will vary across firms [making] it less likely that all firms suddenly price in climate-related risk,’ do you want to be first or last in that pricing queue?
  • Prudential, reputational and litigation risks: The very detailed nature of CP10/25 not only spotlights specific areas to address but also potentially magnifies reputational and litigation risks if gaps in compliance can be identified.

A summary of the key new elements is given in the Appendix.

Internal response: Shifting risk management paradigms

The new draft consolidates the subsequent guidance and expectations of the UK Prudential Regulation Authority (PRA) and integrate best practices that have emerged since 2019. Whilst this is a draft, we do not anticipate significant changes in the final version, and we are aware that several insurers are already engaged in gap analyses.

One reading of the updated draft is to consider climate-related risks as having moved from a novel, emerging risk to an endemic, emerged risk which needs to be integrated into decision-making across the whole of the business. This implicit paradigm shift requires:

  • Strategic alignment: Climate-related risks are no longer a siloed side-issue but a core driver of business resilience.
  • Supervisory scrutiny: The PRA will prioritise evidence of action over policy compliance pushing for actionable granularity, such as expecting boards to evidence how climate-related risks directly inform capital allocation.
  • Dynamic adaptation: Climate strategies must evolve with scientific, geopolitical and market shifts (e.g., carbon border taxes and litigation risks).

The shift from awareness to accountability are likely to require CRO teams to:

  • Lead cross-functional integration: Break silos between risk, finance and strategy teams and evidence decision impact from climate-related risk integration.
  • Demand board advocacy: Ensure climate-related risks are central to strategic debates and capital allocation.
  • Upgrade internal capabilities, data and model governance infrastructure: Training for board, risk teams and model developers, internalise ownership of gaps in data and tools, and be explicit on implications of modelling limitations when using the results.
  • Build adaptive resilience: Treat climate-related risk integration as a continuous process, with ongoing modelling and governance upgrading, not a one-off project.

Whilst there are numerous references to proportionality, the guidance on the practical implications is limited. We hope more guidance will be given as part of the consultation feedback. However, the focus of comments on proportionality are mostly around the sophistication of the techniques and tools being proportionate to the degree of risk rather than the size of organisation. The draft comments point to the use of prudence where uncertainties lie or where less sophisticated approaches are used. There are some allowances for less quantified approaches and less reverse stress testing for smaller and less complex organisations.

Provisional CRO action plan

Those currently undertaking a review of their climate-related risk scenarios will want to consider the implications of CP10/25 as part of that review. Others may wish to get started now, but everyone should already be considering the workplan implications that will follow once the statement is formalised.

Whilst details and exact priorities may vary by firm and timelines are indicative only and depend on the PRA implementation expectations, core action plan elements are likely to include:

1. Immediate priorities (0–6 months)

  • Gap analysis: Map current practices against CP10/25’s explicit requirements.
  • Board engagement and capability building: Secure board approval for climate upskilling programmes and revised governance mandates.
  • Data roadmap: Identify critical data gaps and dependencies (e.g., financed emissions and supply chain risks), as well as quality of external data and externally sourced scenarios.

2. Medium-term priorities (6–12 months)

  • Risk identification and assessment review: Establish not only economic investment impacts but also implications for business strategy, capital pricing and reputational and operational risks.
  • Review internal climate scenario analysis capabilities: Identify reliance on external modelling, the understanding of assumptions in the underlying chain of models and ability to make sensitivity adjustments on key assumptions, and the ability to assess impacts of tipping points and nonlinearities.
  • Risk appetite and trigger points reset: Redefine risk limits and review triggers for reassessing risk appetites with quantified metrics.
  • Third-party resilience: Review climate-related risk resilience of key third-party relationships.

3. Long-term priorities (12–24 months)

  • Capital integration: Embed updated climate scenario analysis into Solvency Capital Requirement (SCR) and Own Risk Solvency Assessment (ORSA) processes and adjust liquidity buffers.
  • Compensation alignment: Redesign incentive and performance frameworks to reward climate target delivery.
  • Dynamic monitoring: Implement processes to track regulatory, scientific and market shifts (e.g., updated guidance from Climate Financial Risk Forum (CFRF).

Endzone vision

There is much detail to address within the new statement. At one level, it is straightforward—to treat climate-related risks as a core and cross-sectional risk, giving it the same prominence in risk management processes as other core risks. Undertake a gap analysis to the statement requirements and move forwards.

However, the near-annual reframe in PRA’s ‘Dear CEO’ letter that ‘all firms need to make more progress on managing climate-related risks’ highlights that the industry standard tools and approaches have fallen short of this ambition. Recent Institute and Faculty of Actuaries (IFoA) papers have highlighted many modelling gaps in the standard published scenarios, particularly those from tipping points, damage functions and illustrations of stress scenarios1. Whilst some of these shortcomings may be addressed in future releases, the IFoA reports highlight structural gaps that will not be simple to address. Moreover, the supervisory expectations require consideration of the specific risks and vulnerabilities to an individual insurer risk profile which an off-the-shelf scenario cannot directly address.

Appendix: Key new elements in CP10/25 draft Supervisory Statement

1. Governance and accountability

CP10/25 elevates governance to operational rigour, demanding granular reporting, documented accountability and strategic alignment with climate goals. This shift reflects the PRA’s emphasis on actionable outcomes rather than policy statements. Specific elements include:

  • Strategic alignment: Demands coherence between a firm’s strategy and its climate targets (e.g., net-zero commitments), as well as consideration of any national climate targets (explicitly mentioning UK Government’s 100% reduction of 1990 levels by 2050). Requires boards to ensure business strategies align with their own long-term transition plans, particularly in the setting of clear risk appetite hierarchies.
  • Board analysis: Requires climate-related risk reporting to boards to be decision-useful, with scenario-based financial impacts over short-, medium- and long-term horizons.
  • Board expertise: Requires mandatory climate training for boards, with documented evidence of the challenge they provide to management on climate analysis and strategy.
  • Senior Management Function (SMF) accountability: Mandates climate responsibilities be documented in Statements of Responsibilities (e.g., CRO and CFO) and then reflected in their objectives and appraisal and review systems (e.g., variable remuneration).

Action plan: Review board skills matrices, update role descriptions, and align incentive structures with climate-related risk performance indicators.

2. Risk management

CP10/25 upgrades risk management to precision and proactivity and reflects regulators’ demand for forward-looking, data-driven risk practices that inform capital allocation and strategic pivots.

  • Risk assessment: Identify the combination of transmission channels and risk types that materially impact the firm as a whole and business line impacts, as well as whether impacts are expected in the short- or long-term.
  • Quantification: Demands financial impact metrics and that firms assess climate-related risks across all material sectors, including indirect exposures, and consider scenario analysis and reverse stress testing using appropriate, conservative proxies for data, model or measurement gaps.
  • Horizon alignment: Requires short-, medium- and long-term analysis with explicit integration of climate-related risks into 3–5-year business planning cycles (e.g., adjusting underwriting standards for insurers) and stress-tests, including the ORSA.
  • Operational and third-party risks: Assess operational climate resilience and the resilience of reinsurers, suppliers, outsourcing partners and data vendors.
  • Transition plans: Mandates alignment of risk models with the firm’s transition plan, including policy-driven risks (e.g., carbon border taxes).
  • Internal reporting: Sets expectations on internal reporting infrastructure and execution.

There is allowance for proportionality, but these comments mostly relate to the sophistication of scenarios and tools and the need for reverse stress testing rather than limiting the scope of risk identification.

Action plan: Undertake a renewed risk identification and assessment process, recalibrate risk appetite statements with quantified exposure limits, and embed climate criteria into vendor due diligence.

3. Scenario analysis

CP10/25 significantly advances climate scenario analysis (CSA) requirements, moving from foundational principles to more prescriptive, actionable standards, including:

  • Central and stress cases: Consider climate-related impacts under a range of plausible future outcomes relevant to the firm’s business model and risk appetite, including both ‘central case’ and ‘extreme but plausible’ scenarios.
  • Be aware of model limitations: Acknowledge that climate scenarios and models may not capture all elements of climate-related risks, such as nonlinearities and potential tipping points. Identify the gaps and adopt processes to clearly communicate these limitations in the internal and external use of the results.
  • Strategic and capital integration: Requires CSA to directly inform capital adequacy (SCR/ORSA), liquidity planning and credit risk policies. CP10/25 explicitly requires alignment of CSA calibrations of severity, time horizons and frequency with their use which should include business strategy, risk management, capital setting and potentially valuation.
  • Scenario tailoring: Mandates firms document and justify scenario selections (e.g., carbon price pathways and physical risk timelines) and document how outcomes drive decisions. At least one scenario should be consistent with climate targets applicable in the relevant jurisdictions where these exist (e.g., UK and EU).
  • Reverse stress testing: Identify scenarios that breach risk tolerances (e.g., simultaneous physical and transition shocks) and that make the business model unviable.
  • Model validation: Requires in-house validation of climate models, including a structured approach to each component of the model chain, sensitivity testing and back-testing. CSA toolkits should be subject to challenge and periodic review.

Action: Develop in-house modelling capabilities with processes to assess impact of potential tipping points and nonlinearities. Develop processes to articulate scenario modelling gaps and to integrate climate-related risks into SCR and ORSA frameworks.

4. Data and disclosures

Whilst disclosure impacts are limited, CP10/25 raises the data-governance bar by requiring firms to actively manage data quality, develop in-house capabilities and ensure robust governance over both internal and external data sources. This supports more accurate risk modelling and better-informed business decisions. In short, it makes data management a central, proactive part of climate-related risk strategy—not just a back-office concern.

  • Strategic planning: Requires firms to have a clear, documented plan to close data gaps, with a focus on developing in-house data capabilities and effective governance of external data suppliers.
  • Proxies and assumptions: Explicitly expects firms to use appropriately conservative assumptions and proxies when data is unavailable and to be transparent about these choices.
  • Data governance: Demands robust oversight of external data suppliers and internal systems for collecting, aggregating and validating climate-related risk data.
  • Continuous updates: Mandates firms regularly review and update their data strategies in line with modelling advances and changing risks.
  • International Sustainability Standards Board (ISSB) alignment: Expects disclosures to transition to International Financial Reporting Standards (IFRS) frameworks.

Action: Audit and create government oversight of data and model pipelines, prioritise high-impact gaps, and prepare to align disclosures with IFRS S1 and S2.2

5. Insurance-specific requirements

Insurers must now take a proactive, structured approach to climate-related risk—embedding it into ORSA, SCR, underwriting and investment strategies. They must also continuously improve data and analytical capabilities and ensure that risk management is proportionate to their exposures.

  • ORSA integration: Embed climate-related risk considerations into the ORSA processes.
  • Underwriting adjustments: Adjust underwriting policies based on long-term climate projections, such as increased frequency and severity of weather events (physical risk) and changes in demand for coverage in carbon-intensive sectors (transition risk).
  • Investment strategies: Factor climate-related risk into investment strategies, including consideration of climate-related credit risks and the impact on illiquid assets eligible for the Matching Adjustment (MA).
  • SCR and Fundamental Spread: Consider climate-related risk in the calculation of the SCR (for internal model firms), and consider climate-related risks with standard formula appropriateness exercises. Ensure that the Fundamental Spread reflects retained climate-related risks, especially for complex or illiquid investments.

Action: Reassess investment strategies, asset valuations and underwriting policies. Ensure use of updated catastrophe models, and document SCR and ORSA linkages.

1 Institute and Faculty of Actuaries. (4 July 2023). Emperor’s new climate scenarios – a warning for financial services. Retrieved 10 July 2025 from https://actuaries.org.uk/emperors-new-climate-scenarios. Trust, S., et al. (March 2024). Climate scorpion: The sting in the tail. Institute and Faculty of Actuaries and University of Exeter. Retrieved 10 July 2025 from https://actuaries.org.uk/media/g1qevrfa/climate-scorpion.pdf.

2 IFRS. IFRS Sustainability Standards Navigator. Retrieved 10 July 2025 from https://www.ifrs.org/issued-standards/ifrs-sustainability-standards-navigator/.

Explore more tags from this article

thought leadershipinsuranceclimate risk

About the Author(s)

Nick Spencer

We’re here to help

Ask the tough questions. We’re ready for them.