With the Banking Directives Implementation and Bureaucracy Reduction Act (Bankenrichtlinienumsetzungs- und Bürokratieentlastungsgesetz – BRUBEG), the German Bundestag on January 29, 2026 transposed key requirements of the Capital Requirements Directive VI (CRD VI) into German national law. Implementation is carried out primarily through amendments to the German Banking Act (Kreditwesengesetz, KWG).
ESG risks were already required to be considered prior to the BRUBEG under the MaRisk framework, European guidelines, and supervisory practice. With the BRUBEG, environmental, social, and governance risks are now explicitly addressed in the German Banking Act itself and thus acquire an independent statutory reference beyond their previous supervisory concretization.
What is new is not only the statutory anchoring of ESG risks in the KWG, but also the obligation to present them in a structured manner through an explicit ESG risk plan and to embed this plan within the risk strategy. The ESG risk plan thus becomes an independent, legally anchored component of overall bank management.
The legal basis for this is provided in particular by Section 26c of the KWG (governance requirements) and Section 26d of the KWG (ESG risk plan).
ESG Risks in Risk Management: Regulatory Expectations and Scope for Interpretation
In line with the logic already established under the MaRisk framework, ESG risks are also not defined under the BRUBEG as an independent risk category, but are understood as influencing factors affecting existing risk types. They are to be incorporated into the risk inventory, the business and risk strategy, as well as management and monitoring processes. This includes consideration across short-, medium-, and long-term time horizons. This requirement is reflected in particular in Section 26c (2) of the KWG.
In this context, the ESG risk plan serves as the connecting framework between the risk inventory, strategy, and governance. It translates the qualitative—and, where appropriate, quantitative—assessment of ESG risk drivers into a consistent, documented management and monitoring framework. The ESG risk plan pursuant to Section 26d of the KWG thus concretizes the statutory obligation to address ESG risks in a structured manner within risk management.
For executive boards and audit stakeholders, it is crucial to note that the law does not require a schematic or formulaic translation of ESG aspects into new metric systems. What is decisive instead is a transparent, institution-specific assessment of whether, and to what extent, ESG factors may affect the respective risk profile, and how this assessment is embedded into existing management and governance processes through the ESG risk plan.
Proportionality: Deliberately Provided Relief for Small and Non-Complex Institutions
In the legislative process, the legislator explicitly made use of proportionality options provided under EU law. These are not to be understood as exceptions, but as an integral part of the statutory framework intended to enable risk-appropriate implementation.
The expressly provided relief measures for small and non-complex institutions are set out in Section 26d (4) of the KWG. According to this provision, such institutions may structure the ESG risk plan in particular as follows:
- a biennial strategy review cycle instead of an annual review,
- the qualitative description of ESG-related objectives and metrics where quantitative objectives or metrics are not feasible or would entail disproportionate effort, provided that appropriate management and monitoring remain ensured,
- an overall concise, focused, and risk-profile-based presentation of ESG-related objectives and procedures within the ESG risk plan,
- additional relief in the context of structural changes such as mergers and demergers, particularly for savings banks and cooperative banks.
For supervisory and audit practice, this makes clear that appropriateness and proportionality are expressly intended assessment criteria.
ESG Risk Planning Between Regulatory Obligation and Management Reality
The ESG risk plan is not intended as an instrument for immediate operational steering, but rather as a structured basis for transparently deriving and regularly reviewing the institution-specific steering relevance of ESG risk drivers. This understanding corresponds to the systematics of Section 26d of the KWG.
In current management practice, ESG risks at many credit institutions are not understood as independent operational steering variables, but as potential risk drivers, particularly with medium- to long-term impact. Their possible effects—if any—typically materialize indirectly through existing risk types, such as credit, market, or liquidity risk.
Against this background, ESG risks at many institutions are primarily observed and assessed within the risk inventory, strategic planning, and through qualitative assessments. Immediate operational steering based on stand-alone ESG metrics often does not result from this approach. In this context, the ESG risk plan primarily serves structured documentation, internal alignment, and audit-robust justification of this assessment.
This approach does not conflict with the BRUBEG. The law does not require automatic or blanket steering relevance of ESG risks, but rather appropriate, transparent, and regularly reviewed consideration. The obligation to regularly review and update the ESG risk plan follows from the governance logic set out in Section 26c of the KWG.
Conclusion
The BRUBEG explicitly anchors ESG risks in the German Banking Act and supplements existing supervisory concretizations such as the MaRisk with a statutory obligation to establish an ESG risk plan pursuant to Section 26d of the KWG. At the same time, the legislation builds substantively on existing risk management frameworks and does not require a fundamental reclassification of risk types.
For many institutions, ESG risk planning will initially remain primarily a regulatory compliance exercise. The ESG risk plan nevertheless provides a structured framework for systematically assessing the relevance of ESG risk drivers and for consistently developing their significance for strategic steering over time. Early, proportionate, and methodologically sound design creates the foundation for accompanying this development in an orderly and audit-robust manner.
Next Steps
Executive boards and risk managers at credit institutions are now tasked with implementing the ESG risk plan requirements of the BRUBEG in a manner that is compliant with supervisory expectations and proportionate. This involves balancing implementation effort against steering benefit. Larger institutions in particular face the challenge of presenting ESG risk drivers and their impacts on financial risks not only qualitatively, but increasingly also quantitatively.
I am available to interested institutions for an initial conversation at no charge to classify institution-specific requirements and support the design of an audit-proof ESG risk plan.
Note:
This article is intended to provide a professional interpretation of the regulatory requirements of the BRUBEG from the perspective of bank management and risk management. It does not replace an individual legal or supervisory assessment of a specific case.