Auditing climate change responses for insurers

The science is clear - global warming is a reality and society is running out of time before witnessing irreversible damage. Success in achieving a carbon-friendly economy will require individuals, business, and governments to improve their understanding of climate risk and the changes that must be made to achieve net-zero targets. The insurance industry, through their role in helping society and business mitigate risk, must play a vital role in this transition, helping navigate the risk and quantify new opportunities in a carbon-friendly economy.

Regulators now expect insurers to integrate climate change risks into their system of internal controls, governance, risk management and Own Risk and Solvency Assessment (ORSA) like all other risks it could be exposed to. As such, the internal audit profession must improve its understanding of climate risk and the various frameworks established to support this transition. See our research on Organisations’ preparedness for climate change and Harnessing internal audit against climate change risk for more thoughts from the profession.

Life and non-life (property and casualty) insurers are exposed to the impacts of climate change, and internal audit plans will need to be adjusted based on actual business operations. For example, life operations may be more focused on the investment (or asset) risks associated with a transition to a climate friendly economy when compared to the risk they need to consider related to their underwriting risk.

Although much of this guidance will be applicable to life insurers, the primary focus is to assist non-life internal auditors to develop a climate risk auditing approach.

Government and regulatory frameworks

The Financial Stability Board established the Task force on Climate-related Financial Disclosures (TCFD) to develop climate-related disclosures that could promote better informed investment, credit, and insurance underwriting decisions and, in turn, enable shareholders to understand better the concentrations of carbon-related assets in the financial sector and the financial system’s exposure to climate-related risks. The TCFD framework is built around the four pillars: Governance, Strategy, Risk Management, and Metrics and Targets.

The Financial Conduct Authority (FCA) has agreed with the UK Government’s commitment to achieve a carbon-friendly (net-zero) economy by 2050, and all UK regulated insurance undertakings must develop a sustainable finance strategy and plans to establish a strategy towards mandatory TCFD-aligned disclosures across the UK by 2025.

The insurance industry cannot wait until 2025 to make TCFD-aligned disclosures as the Prudential Regulation Authority (PRA) issued a Supervisory Statement in March 2019 (PRA SS3/19) that requires insurers to demonstrate how they monitor and manage the financial risks from climate change by the end of 2021. Like TCFD, the PRA has established four pillars: Governance, Risk Management, Scenario analysis, and Disclosure.

There are several other frameworks that internal auditors may want to consider as part of a broader Environmental, Social and Governance (ESG) approach, such as the EU Corporate Sustainability Reporting Directive, United Nations Principles for Sustainable Insurance, and SASB Insurance Sustainability Accounting Standard.

Click here for guidance on implementing the recommendations of TCFD. 

Click here for additional guidance on implement the PRA Supervisory Statement 03/19.

The impacts of climate change on the insurance industry

Both sides of an insurer’s balance sheet (assets and liabilities) and their income statements are exposed to the physical and transition risk associated with moving towards businesses, the financial sector, and the global economy being more carbon friendly.

Climate change challenges the assumption that past losses are a reliable way to estimate the future, thus increasing an insurer’s underwriting and/or insurance risk. Climate change will affect both 1st and 3rd party insurance coverage. The likelihood of increased loss experience could require constant repricing of insurance products and lead to insurance becoming unaffordable for businesses and consumers over the long-term, resulting in a future decrease in demand and ultimately lower revenues for the industry.

As insurance companies have a concentration of ownership of invested assets, they are highly exposed to shifts in the value of investments (especially in carbon-intensive sectors that continue to decrease in the transition to a more climate friendly investment options). And ultimately insurers, like all companies, must consider the impact on their business and strategy (including adaptation and mitigation strategies) for products, services, supply chain, operations, locations, etc as part of their organisational risk management (and control) framework.

Physical risks arise from the physical effects (damage to actual property, supply chain disruption or impact on organisation premises) of climate change and they are either acute (the risk of increasing frequency or severity of weather events), or chronic (the risk of longer-term changes in weather patterns and other climate change impacts).

Transition risks arise in the transition to a low-carbon and climate-resilient economy that includes:

  • Policy and legal risk – the risk from regulation aimed at addressing climate change or increased litigation against insurers, within its liability product offerings, for its failure to avoid or minimise impacts of climate or failing to adapt to climate change
  • Technology – the risk from emerging technologies aimed at supporting the move to a low-carbon economy
  • Market – the risk from shifting supply and demand curves as economies react to climate change; and
  • Reputation – the risks of damage to brand value and loss of customer base from shifting public sentiment around climate change

First and second line risk assessment process

To meet the new regulatory requirements, the first and second lines should have implemented and embedded climate and other ESG risks, paying particular attention to metrics and targets, into their risk and governance frameworks, including but not limited to:

  • Events and issues management (ie, crisis management)
  • First and second line risk assessment processes and tools
  • Processes and controls to ensure that, once material impacts have been assessed, insurers know what needs to be mitigated and which processes need to be adjusted
  • Implementing a scenario analysis tool, for those scenarios where material impacts should be modelled or expected (and the impacts of these modelled impacts should result in management actions and/or controls implemented to prevent risks from crystallising), and
  • Stress testing the above noted scenarios

The European Insurance and Occupational Pensions Authority (EIOPA) expects insurers to consider short, medium, and long-term risk scenarios within the ORSA. For example, insurers must consider how climate change is affecting the frequency and severity of extreme weather events over a short-term horizon (five to 10 years), as well as consider the impacts of climate change by the end of the century (long-term). These risks can be translated into the traditional risk categories considered as part of the ORSA process, such as: underwriting risk, market risk, credit and counterparty risk, operational risk, reputational risk, and strategic risk.

The Financial Stability Board has admitted that the financial impacts of climate-related issues are not always clear, and so identifying issues, assessing potential impacts, and ensuring material issues are reflected in financial filings may be challenging. Their final recommendations advise companies to determine materiality for climate-related issues consistent with how they determine the materiality of other information included in financial filings. Risks are considered material in the context of Solvency II where ignoring the risk could influence the decision-making or the judgement of the users of the information.

Insurers should identify material exposures to climate change through a combination of qualitative and quantitative analysis.

  • Qualitative analysis – analysis of main drivers of climate change risk in terms of traditional prudential risks (market, counterparty, underwriting, operational, reputational, and strategic risk)
  • Quantitative analysis – assesses the exposure of assets and underwriting portfolios to transitional risks (eg, based upon carbon footprint) and physical risks (eg, geographical location).

Internal audit risk assessment, audit universe and audit plan

Climate risk must be embedded within the three lines model, including within the risk (and control) management framework. Based on an organisation’s climate risk maturity, internal audit will need to consider whether audit engagements should be in a single climate-focused review, or as a component of other non-climate related audits. A combination of the two may be optimal as maturity increases.

Internal auditors should take a broad view of climate change risk, including all risks stemming from trends or events caused by climate change. As noted above, regulatory frameworks have classified these risks as physical and transitional risks.

At a minimum, all internal audit plans should include a Project Governance/Readiness Review if the organisation has initiated a project to develop and implement a climate risk framework to meet the requirements of the PRA SS3/19.

For more mature insurers, the following tables describe each of the pillars that are part of the regulatory frameworks previously highlighted. Each pillar identifies potential risks and / or processes that the insurance industry internal auditors should consider as part of their climate risk audit approach.

Strategy and governance risks

Climate risk framework

a.        Lack of board oversight of climate-related issues – processes and frequency of board and their committees (audit, risk, and other committees) are not adequate to address climate-related issues to guide strategy and they do not oversee and monitor progress against goals, targets, etc for ESG

b.        Lack of clear strategy on climate-related risk that feeds into wider ESG strategy

c.        Lack of management’s role in managing climate-related risks (eg, assigning climate-related roles and responsibilities, organizational structures, horizon scanning and monitoring)

a.        Insurers do not take necessary materiality assessment of climate change risks

b.        Lack of risk management engagement - insurers do not have a credible plan for managing exposures to climate-related financial risks including risk identification and measurement

c.        Inadequate or undefined risk appetite for climate risk including evidencing consideration of climate risk at the board level

d.        Insurers do not assess adequacy of climate change risk scenarios on both a qualitative and quantitative basis


Key to establishing a clear strategy on climate-related risk is an understanding as to how these risks align with the insurer’s ORSA considerations. A mature strategy, governance and climate risk framework internal audit approach should consider:

  • Management of insurance and asset management risk: This could be subject to dedicated coverage or consider climate risk as part of underwriting related audit engagements across product areas or asset management related audit engagements.
  • Linkages and interdependencies to other risk and control frameworks operating across insurers: Effective climate risk management should be integrated in every part of business operation including third-party management, IT strategy, business continuity, operational resilience and real estate strategies and management, etc.

Climate change risk

ORSA risk considerations

Underwriting risk

Market risk

Credit/counterparty risk

Operational/ Reputational/ Strategic risk

Physical risk - Acute

a.     Climate change increases the frequency and concentration of extreme weather events and natural catastrophes, damaging physical property (including personal/commercial property, crops, motor, shipping, and aviation), resulting in higher insurance claims, a reduction in the availability of coverage, and increased pricing

b.     Consequential loss – business interruption claims increase as more commercial enterprises are impacted by preventing them from operating following a climate-related event, including non-damage business interruption

c.  Increased cost for claims resolution due to increased demand and cost for building materials and service obligations under the insurance contract (eg, wildfire protection services); and

d.  Creditworthiness of insurers and insureds decrease due to climate change, resulting in higher credit insurance claims

a.    Higher credit spreads on government bonds issued by countries that are highly susceptible to acute physical risks

b.   Downgrade of bonds and declining real estate portfolio values in areas most impacted by extreme weather events

c.    Climate change-related shocks (eg pandemic) negatively affecting global economies; and

d.   Increased currency volatility of countries most vulnerable to extreme weather events increasing foreign exchange risk


a.     Increased frequency and severity lead to defaults of reinsurers, increasing insurers’ net obligations

b.     The availability and cost of reinsurance may become prohibitive for some insurers, reducing the availability of insurance capacity thus increasing the insurance protection gap

c.     Climate change impacts the credit standing of insurers, raising their cost of capital, and

d.     Uninsured losses negatively affect the performance of mortgage loans


a.     Insurers’ operational assets are impacted, increasing costs and compromising operations

b.     Risk management and pricing fails to consider the potential non-linear character of acute physical risks, resulting in unexpected losses

c.     Insurers are unable to underwrite certain classes of business due to level of uncertainty, and

d.     New trade routes (eg, Northwest Passage due to melting arctic ice) will create new risks and opportunities


Physical risk - Chronic

a.  Increasing temperature impacts crop yields, leading to increased claims, and

b.  Decreasing river water levels prevent insureds from operating, resulting in higher non-damage business interruption claims

c.  Higher frequency and severity of vector-borne disease (eg, malaria) leads to high non-life claims (eg, business interruption and credit insurance)


a.    Higher credit spreads on government bonds issued by countries that are highly susceptible to chronic physical risks

b.   Decrease in value of real estate portfolios due to properties being in areas highly impacted by physical risks, and

c.    Shrinking water supply requires rationing that will put pressure on business activities, not directly related to human health, to operate at full capacity leading to a drop in asset value

a.     Higher incidence of pandemics results in losses on commercial mortgages and impact on business interruption insurance and similar insurance products


a.     Water level risk and other adverse weather conditions rendering residential and commercial property in vulnerable areas uninsurable

b.     Demand for crop insurance reduces as farming becomes more difficult, including the availability of water, and

c.      Demand for travel insurance reduces due to increased climate change- induced pandemics

Transition risk

a.    Transition to a low-carbon economy leads to higher claims for some lines of business in carbon-intensive sectors

b.    Higher climate change-related claims under liability policies (eg, Directors & Officers, Professional Indemnity and Environmental Liability)

c.     Increased premium risk in the pricing of products covering green technologies due to lack of data


a.   Energy efficiency regulation increases with carbon taxes, or late government intervention reduces the value of investments or impacts on the wider market

b.   Investments in carbon-intensive sectors decline in value due to increased litigation

c.    Advances in clean energy technology result in stranded assets in carbon-intensive sectors, contributing to a broader systemic financial event

d.   Investments in green technologies may not be successful thus reducing investment value

e.   Shift in customer demand for climate friendly goods and services


a.     Collateral backing of commercial and residential mortgage portfolios decline in value

b.     Increased reinsurance claims activity results in lower credit standing

c.     Increased default rates on loans to companies in carbon-intensive sectors, as well as companies developing unsuccessful green technology

d.     Value of mortgage loans lowers as businesses shift towards occupying more carbon-friendly property space, and

e.     Higher spreads on loans to companies and real estate funds that have a climate-unfriendly reputation

a.  Contraction of the marine insurance market due to a fall in global shipping of oil and gas

b.  Transition to a low-carbon economy reduces demand for insurance products and services where customer base is heavily exposed to conventional carbon-intensive industries

c.  Insurers could be exposed to direct claims for damages and litigation costs for not addressing climate change in their underwriting and investment decisions

d.  Reputational impact from public exposure of non-compliance with regulatory expectation, and

e.  Difficulty in attracting and / or retaining customers and employees due to climate change strategy (eg, underwriting in sectors that contribute to climate change)

  • Stress testing and scenario analysis: Controls around model validation, including completeness and accuracy of data inputs to reduce the potential for future regulatory breaches
  • Reporting and Disclosures: Controls around completeness, accuracy, analysis and reporting of data collection; and assessment of breadth and relevance of metrics

Stress testing and scenario analysis

Disclosures, metrics, and targets

a.      Insurers do not assess adequacy of climate change risk scenarios on both a qualitative and quantitative basis

b.      Scenario analysis undertaken by insurers does not align to the climate change risks that would impact their business (requirement is, at a minimum, two long-term climate scenarios)

c.      Insurers do not assess the time horizon required to assess future outcomes determined by a multitude of external factors, demographic and economic developments, government policy to curb carbon emissions, technological change, and market sentiment

d.      Modelling uncertainty due to feedback from external developments to future transitional and physical risks

e.      Insurers are not embedding climate-related risk within the operation of their business

a.        Necessary financial reporting disclosures are not sufficient or robust to meet regulatory requirements

-    ORSA does not disclose the forward-looking risk-based approach that is necessary to consider the wide range of outcomes required.

-    Financial statements do not meet the required disclosure requirements.

-    Financial disclosures are not consistent with other filings or available information.

b.        Metrics and targets are not sufficient to identify, manage and monitor climate-related risks to the business.

c.        Metrics are not relevant, accurate, timely and consistent to identify risks related to ESG


As part of scenario and stress testing, internal auditors should consider an increased level of uncertainty in the performance of internal audit activities. Internal audit is being asked to consider how the design and operation of controls and processes today will influence events that have not yet occurred.

For example, as part of the PRA General Insurance Stress Test, one scenario considers a sudden transition, ensuing from rapid global action and policies. Depending on the period of transition, this could reduce potential underwriting and insurance risk associated with climate change if the transition occurs within the mid-term time horizon.

To assist insurers and other financial service companies in understanding vulnerability of current business models to future climate impacts, the Bank of England has created a Climate Biennial Exploratory Scenario (CBES) which is intended to be a learning exercise to assist in the modelling of climate-related risks. Although participation in the 2021 CBES is limited to a small number of financial service companies, the framework is a useful tool for firms to consider as they establish their own stress testing and scenario analysis.

This section includes information from Annex 3: Mapping of climate risks to prudential risks – Non-life insurance from EIOPA. Click here to access the complete document.


As stated by the IPCC, the science is clear that human activity has contributed to global warming. Over the past year we have witnessed the human and financial impacts of this trend in increased frequency and severity of acute physical climate risks including unprecedented wildfires, winter storms and flooding.

There are no easy solutions to the complex global challenge of transitioning to a carbon-friendly economy and insurers must be prepared for increased volatility in business performance. We are no longer concerned with how climate change might affect our children’s children; individuals starting their career in internal audit today will witness the results of the decisions made today during their career lifespan.

The transition to a carbon-friendly economy will create new risks and opportunities and success will require collaborative effort amongst individuals, governments, and global economies. Based on regulator expectations that business must improve the development and use of climate-related financial disclosures, it is incumbent on the internal audit profession to develop proficiency regarding climate risk as it becomes an integral part of the internal auditing framework.

Further reading

The following documents were used in the development of this guidance and are only a small list of Further Reading that is available on this topic:

Intergovernmental Panel on Climate Change; Climate Change 2021, The Physical Science Basis

The Economics of Biodiversity: The Dasgupta Review

Implementing the Recommendations of the Task Force on Climate-related Financial Disclosures

Managing climate-related financial risk

A framework for assessing financial impacts of physical climate change

EU Corporate Sustainability Reporting Directive

United Nations Principles for Sustainable Insurance

SASB Insurance Sustainability Accounting Standard

The Geneva Association: Climate Change Litigation, Insights into the evolving global landscape

Position Paper: Materiality and climate-related financial disclosures

EIOPA ORSA Opinion on the supervision of the use of climate change risk scenarios in ORSA

Climate Financial Risk Forum Guide 2020, Scenario Analysis Chapter

Guidance for participants of the 2021 Biennial Exploratory Scenario: Financial risks from climate change

Lloyd’s, Insuring a sustainable greener future: A roadmap for climate action

Organisations’ preparedness for climate change: an internal audit perspective

Harnessing internal audit against climate change risk: A guide for audit committees and directors

More general guidance and resources on climate change are available at:

Content reviewed: 10 November 2021