Author: Marharyta Tatarova, Counsel and Head of the ESG Practice
On 3 February 2026, the NBU Board adopted a resolution approving amendments to the Methodological Recommendations on the Organisation of Corporate Governance in Banks.
The document sets out the National Bank’s expectations regarding the integration of ESG factors into the strategy, risk management system and internal controls of banking institutions. The deadline for adapting internal regulatory documents has been set for 31 July 2026.
At first glance, the status of “methodological recommendations” might give the impression that they can be postponed. But in reality, this is not the case – the NBU is systematically embedding ESG into the logic of its Supervisory Review and Evaluation Process (SREP). Therefore, ignoring the document or merely complying with it in a perfunctory manner will be reflected in the SREP results.
In practice, the absence of a functioning ESG risk management system will be perceived by the NBU as an inadequate level of corporate governance and overall risk management. Such an assessment will result in specific supervisory actions, including requirements to strengthen internal controls, prepare a plan to rectify deficiencies, and, where necessary, apply enforcement measures.
ESG terminology from the regulator
The updated guidelines introduce clear definitions for banks and reduce the scope for arbitrary interpretations. The NBU sets out key concepts in a single framework, including ‘responsible business conduct’, ‘ESG factors’, ‘ESG risks’ and ‘greenwashing’. These terms become part of internal policies, procedures and controls.
An important point lies in how the NBU describes ESG risks themselves. The regulator does not classify them as a separate type of risk – on the contrary, environmental, social and governance factors manifest themselves through risks familiar to banks, such as credit, market, operational and liquidity risks.
Double materiality
The NBU’s decision also reflects the double materiality approach. This involves a parallel assessment:
firstly, how environmental, social and governance factors affect the bank’s sustainability through credit, operational, market and other risks;
secondly, what impact the bank’s financing itself has on the environment and society through clients, projects and value chains.
In practice, this means that the bank must implement filters that simultaneously enable it to answer two questions: does this client pose risks to the portfolio, and does the bank’s financing itself create negative consequences on such a scale that they will eventually return to the bank in the form of legal claims, regulatory restrictions, loss of access to financing, etc.
Sustainable corporate governance
According to the NBU’s decision, sustainable development is defined as an integral component of corporate governance, requiring the implementation of principles of economic, environmental and social responsibility at all levels of decision-making.
A sustainable development strategy may be integrated into the bank’s overall business strategy or adopted as a separate document. In any case, the key factor is not the form but the content, as the NBU requires the development of a system covering transparency of operations, business integrity, supply chain monitoring, anti-corruption standards and engagement with counterparties.
From a management perspective, this requires a clear division of responsibilities among governing bodies. The supervisory board must assume responsibility for approving the ESG risk appetite and monitoring the achievement of sustainable development goals. The executive body, on the other hand, will be responsible for the operational implementation of these goals across business lines, credit procedures and the internal control system.
Furthermore, in practice, the bank will need a dedicated function or coordinator to keep ESG assessment standards up to date, collate data from business lines, ensure alignment with risk appetite, and prepare materials for management reporting.
Banks need to clearly delineate roles within the three lines of defence:
- who, at the front-office level, is responsible for the initial collection of ESG data from clients;
- how risk management integrates this data into the final assessment;
- who has the right of veto in the event of critical non-compliance;
- how and at what intervals management reports are generated for the supervisory board.
ESG in lending: how client assessment is changing
The document will have the most significant impact on underwriting procedures and interactions with corporate clients, as banks will need to implement systematic checks of clients’ ESG profiles. This issue will be particularly acute for sectors with a high concentration of environmental and social risks: heavy industry, energy, construction, infrastructure, agriculture, etc.
The credit file must clearly show how the bank has taken the borrower’s environmental and social factors into account during the underwriting process and why the credit decision aligns with the bank’s risk appetite. Similarly, specific response tools are required in the event that a client’s ESG risks exceed established limits.
Typical tools that a bank may apply in practice to manage ESG risks include:
- ESG risk assessment matrices integrated into existing credit rating models;
- expanded lists of exclusions based on sanctions compliance, as well as unacceptable environmental and social practices;
- clauses in loan agreements obliging the borrower to comply with specified ESG metrics, with the bank retaining the right to demand early repayment in the event of a breach.
Greenwashing
The definition of ‘greenwashing’ in the corporate governance guidelines is significant in that the NBU explicitly identifies this risk in regulatory terminology. Accordingly, the labelling of financial products as “sustainable” or “green” must undergo the same scrutiny for validity and substantiation as any other customer-sensitive disclosures, including the total cost of credit.
For the bank, this means the need to refine its approaches to public communications and products in relation to ESG. Compliance, the legal department and the risk management unit must work in coordination when validating “green” products and communications, and the risk of greenwashing must be assessed as a reputational and regulatory risk, which in certain situations may lead to claims of misleading consumers.
It is advisable to clearly set out the criteria for classifying assets and products as “green” in the bank’s internal documents. Separately, a list of documents confirming the targeted environmental or “sustainable” use of funds should be defined, as well as the compliance department’s authority to block products or applications if the evidence base is insufficient or questionable.
Sustainable development in the context of economic recovery
The NBU’s approach is rooted in the context of wartime and future reconstruction, hence the emphasis is on financing critical infrastructure, energy resilience and industrial recovery.
In this context, ESG requirements function as a risk management tool, enabling the financing of reconstruction without incorporating future losses into the portfolio.
When reconstruction projects are financed without taking into account environmental requirements or basic social standards, particularly occupational health and safety, the bank faces an increased risk of disputes, regulatory claims and costs, which ultimately affect asset quality and may increase the proportion of NPLs (non-performing loans), i.e. loans where the borrower has failed to meet payment obligations for an extended period and which the bank is forced to classify as non-performing.
The shift towards EU standards and the approaches of international financial organisations reinforces this logic at the level of access to resources. In practice, participation in guarantee schemes, risk-sharing programmes and recovery financing instruments increasingly requires that the bank and its borrowers can demonstrate compliance with ESG approaches and ensure basic data transparency.
For banks, this means that ESG is increasingly becoming part of the list of conditions for participation in external reconstruction financing programmes.
The significance of the deadline
The set deadline (31 July 2026) is the final date by which the new architecture must be rolled out and tested. By this date, banks should conduct a comprehensive audit of existing policies and procedures, identify gaps and approve an updated regulatory framework.
Thus, the NBU’s decision marks the banking sector’s transition from declarative ESG to prescriptive ESG. The presence of strict definitions, a defined deadline and the integration of these requirements into the Supervisory Review and Evaluation Process (SREP) indicate that the regulator will assess the actual level of control and the evidence supporting decisions.
For banks, this means they must bring their internal documents and processes into line with the new framework; otherwise, gaps in ESG risk management will be noted in the SREP and may result in supervisory requirements, and in the event of systemic breaches or risky activities – in the application of enforcement measures.
