Risk management and internal controls over sustainability reporting (GOV‑5)

Download
PDF
  • ESRS:
  • Risk management and internal controls over sustainability reportingGOV-5
    Risk management and internal controls over sustainability reporting

In the context of sustainability reporting, the main risks relate to the adequacy, accuracy, and completeness of the reported data (including the completeness of disclosures in sustainability reporting). We manage these risks in several ways. We have implemented appropriate internal regulations, including the ”Guidelines for preparing sustainability reporting in accordance with CSRD and the accompanying ”Guidelines for double materiality assessmentaccording to which:

  • The designated units of the Bank are responsible for analysing double materiality and preparing sustainability reporting in accordance with the regulations. This includes, among other things, the collection and verification of the quantitative and qualitative data used in the disclosures.
  • The business owners responsible for the individual data points and reported metrics within the Group ensure the quality of the quantitative and qualitative data, including its completeness, accuracy and verifiability. These owners also implement the control processes to ensure this data quality.
  • Sustainability reporting is subject to attestation by a certified auditor with appropriate qualifications.
  • The content of the statement is approved together with the Management Board Report on Activities by the Bank’s bodies, including the Management Board, Supervisory Board and relevant committees.

In 2024, work was carried out to adapt the Bank’s systems to collect and process ESG data and to expand the central repository of this data. As part of the development of data governance processes, end-to-end solutions are being implemented to establish quantitative and qualitative controls at successive stages: data acquisition from source systems, data processing and finally calculation of sustainability metrics. The completeness of the entire process will increase along with the level of automation of the individual stages of the data management process. Another element that will affect data consistency is the achievement of stability in terms of the scope of reported metrics in subsequent reporting periods.

The Bank is also working on strengthening the control environment within the Internal Control Model (ICM)., Controls are being implemented to monitor the quality and reliability of the information contained in the Consolidated Sustainability Statement. The model is in line with international standards and guidelines established by the COSO Committee (Committee of Sponsoring Organisation of the Treadway Commission). Under ICM, the Bank identifies the most significant risks and then establishes necessary controls to mitigate them, which includes the process of reporting sustainability information. As with financial information, controls are periodically evaluated (at least annually) both in their design and implementation through the formal ICM certification process. This process is designed to ensure that the Internal Control Model is functioning properly. The Model will be developed and completed to cover all aspects of reporting of sustainability data.

More details can be found in Chapter XII “Statement on corporate governance in 2024”.

 

Issues relating to sustainability reporting, and more broadly ESG metrics reporting, are a standing item on the ESG Forum agenda. As part of the Forum’s work, the status of the preparation of the current report is monitored, significant challenges and risks related to the reporting process are notified and solutions are developed. Conclusions and recommendations are then presented to the ESG Committee for decision, and if strategic decisions are required, to the Bank’s Management Board.

 

Additionally, processes related to sustainability reporting are reviewed by the internal audit function. In 2024, the Bank fully implemented the recommendations of this function, which included:

  • Ensuring an appropriate process for preparing reports, including defining the roles and responsibilities of involved units, the process of reviewing and approving disclosures, and updating the internal control system.
  • Implementing internal regulations regarding the process for conducting the double materiality analysis and preparing reports.