Our Risk Appetite Framework has been designed to mitigate risks – balancing sustainability objectives with the long-term growth of our business.

During 2023, we continued to evolve the Framework in order to enhance our approach to risk management, placing greater focus on climate-related risks and cyber threats, further embedding ESG factors and improving transparency.

Climate Risk Management

We recognise Climate & Environmental Risk factors as crucial elements in safeguarding our clients’ portfolios and assets from climate-related risks. To achieve this goal, we are integrating climate and environmental factors into our risk management processes and procedures. Climate Risk management encompasses the identification, measurement, and monitoring of these risks as well as the implementation of mitigation measures. We actively engage and support corporate clients in transitioning to a lower carbon business model, fully exploiting green business opportunities. Furthermore, we aim to assist our clients in achieving a just transition, ensuring fairness throughout the process.

Risk Identification

Our annual risk identification process is a comprehensive framework that proactively identifies all potential risks the Group may encounter.

In line with the European Banking Authority’s (EBA) eight and the European Central Bank’s (ECB) nine expectations, our risk identification process covers ESG risk dimensions. These are assessed through the lenses of physical and transition risk drivers, considering that these could positively or negatively affect the risk types already incorporated in our risk management framework.

The Six Sensitive Sectors Identified

Transition risks

Transition risks refer to the risks arising from the transition to a lower-carbon economy, which may entail extensive policy, legal, technology, and market changes to address mitigation and adaptation requirements related to climate change. Depending on the nature, pace and focus of these changes, transition risks can pose different levels of financial and reputational risk for organisations.

  • Policy and Legal Risks: stemming from continuously evolving policy actions, attempting to either constrain actions that contribute to the adverse effects of climate change or seeking to promote adaptation to climate change, and from litigation or legal risks
  • Technology Risk: arising from technological improvements or innovations that support the transition to a lower-carbon, energy-efficient economic system and that can have a significant impact on organisations to the extent that new technology replaces old systems and disrupts some parts of the existing economic system
  • Market Risk: relating to the potential shifts in supply and demand for certain commodities, products and services
  • Reputational Risks: resulting from changing client or community perceptions of the organisation’s contribution to or detraction from the transition to a lower-carbon economy
Matrix Scoring Methodology

Physical risks

Physical risks refer to the risks related to the physical impact of climate change. These types of risk can be event-driven (acute) or long-term shifts (chronic) in climate patterns and, as such, their effects can be felt both in the short- and medium-/longterm horizon.

  • Acute physical risks are event-driven, including increased severity of extreme weather events (e.g. droughts, floods, etc.)
  • Chronic risks refer to longer-term shifts in climate patterns (e.g. sustained higher temperatures)


of Corporate portfolio

Exposure towards high GHG emitters

Exposure towards NACE sectors having the highest GHG Intensity (>1,000tCO2e/m€). Exposures are well differentiated among industries with relatively higher concentration in Electricity & Gas supply and manufacturing of basic metals. Our ESG strategy is to evaluate and support the climate transition of counterparties with reliable plans.


NACE code

NACE description

% on Non Financial Corporate FY231

% on Non Financial Corporate FY22


Agriculture & Livestock
















Non-metallic minerals








Electricity & Gas




Water transport








1. Group exposure (GCA) equal to €224 bn as at 31 December 2023. Exposure equal to €241bn as at 31 December 2022.

Scenario Analysis

Operational risk

Risk for the Group of facing temporary disruption or unavailability of key premises (e.g. data centres, operational centres, headquarters) or for the discontinuity of services suffered by some of its third party service providers due to adverse extreme climate conditions.

For all Legal Entities, the Group carries out an annual assessment aimed at identifying critical locations where unavailability could harm business continuity (e.g. data centres, headquarters, operational centres). In 2023, 103 buildings were selected. Each location is classified according to current risks from extreme adverse climate conditions (such as floods and wildfires) that could affect it.

Regarding the 10 buildings potentially exposed to high or medium-high risk, in 2023, the related business continuity plan was assessed to check the effectiveness of protection in cases of adverse climate conditions.

Digital Risk Management

During 2023, we continued to develop a number of initiatives to reinforce the Group’s Digital (ICT & Cyber) defences. These included:

How We Managed Digital Risk In 2023

Download the report

UniCredit Intergrated Report cover


Discover now

Our sustainable business model

Discover more