Commercial Banks Standard - en GB
Commercial Banks Standard - en GB
Commercial Banks Standard - en GB
FINANCIALS SECTOR
sasb.org
© 2023 The IFRS Foundation. All Rights Reserved.
ABOUT THE SASB STANDARDS
As of August 2022, the International Sustainability Standards Board (ISSB) of the IFRS Foundation assumed
responsibility for the SASB Standards. The ISSB has committed to maintain, enhance and evolve the SASB
Standards and encourages preparers and investors to continue to use the SASB Standards.
IFRS S1 General Requirements for Disclosure of Sustainability-related Financial Information (IFRS S1) requires
entities to refer to and consider the applicability of disclosure topics in the SASB Standards when identifying
sustainability-related risks and opportunities that could reasonably be expected to affect an entity’s prospects.
Similarly, IFRS S1 requires entities to refer to and consider the applicability of metrics in the SASB Standards when
determining what information to disclose regarding sustainability-related risks and opportunities.
In June 2023, the ISSB amended climate-related topics and metrics in the SASB Standards to align them with the
industry-based guidance accompanying IFRS S2 Climate-related Disclosures. In December 2023, the ISSB amended
the non-climate-related topics and metrics in connection with the International Applicability of SASB Standards
project.
Effective Date
This version 2023-12 of the Standard is effective for all entities for annual periods beginning or after January 1, 2025.
Early adoption is permitted for all entities.
1. Industry descriptions – which are intended to help entities identify applicable industry guidance by describing the
business models, associated activities and other common features that characterise participation in the industry.
2. Disclosure topics – which describe specific sustainability-related risks or opportunities associated with the
activities conducted by entities within a particular industry.
3. Metrics – which accompany disclosure topics and are designed to, either individually or as part of a set, provide
useful information regarding an entity’s performance for a specific disclosure topic.
4. Technical protocols – which provide guidance on definitions, scope, implementation and presentation of
associated metrics.
5. Activity metrics – which quantify the scale of specific activities or operations by an entity and are intended for use
in conjunction with the metrics referred to in point 3 to normalise data and facilitate comparison.
Entities using the SASB Standards as part of their implementation of ISSB Standards should consider the relevant
ISSB application guidance.
For entities using the SASB Standards independently from ISSB Standards, the SASB Standards Application
Guidance establishes guidance applicable to the use of all Industry Standards and is considered part of the
Standards. Unless otherwise specified in the technical protocols contained in the Industry Standards, the guidance in
the SASB Standards Application Guidance applies to the definitions, scope, implementation, compilation and
presentation of the metrics in the Industry Standards.
Historically, the SASB Conceptual Framework set out the basic concepts, principles, definitions and objectives that
guided the SASB Standards Board in its approach to setting standards for sustainability accounting.
The disclosure topics and associated metrics contained in this Standard have been identified as those that are likely
to be useful to investors. However, the responsibility for making materiality judgements and determinations rests with
the reporting entity.
Industry Description
Commercial banks accept deposits and make loans to individuals and corporations, and engage in lending to
infrastructure, real estate and other projects. By providing these services, the industry serves an essential role in the
functioning of global economies and in facilitating the transfer of financial resources to their most productive capacity.
The industry is driven by the volume of deposits, quality of loans made, the economic environment and interest rates.
The risk from mismatched assets and liabilities further characterises the industry. The regulatory environment
governing the commercial banking industry witnessed significant changes in the wake of the 2008 global financial
crisis and continues to evolve today. These and other regulatory trends may affect performance. Commercial banks
with global operations must manage new regulations in many jurisdictions that are creating regulatory uncertainty,
particularly regarding the consistent application of new rules.
Note: This standard addresses ‘pure play’ commercial banking services, which may not include all the activities of
integrated financial institutions, such as investment banking and brokerage services, mortgage finance, consumer
finance, asset management and custody services, and insurance. Separate standards address the sustainability
issues for activities in those industries.
UNIT OF
TOPIC METRIC CATEGORY CODE
MEASURE
(1) Number of data breaches,
Number,
(2) percentage that are personal data
Quantitative Percentage FN-CB-230a.1
breaches, (3) number of account holders
Data Security (%)
affected 1
Incorporation
of
Environmental, Description of approach to incorporation
Discussion and
Social, and of environmental, social and governance n/a FN-CB-410a.2
Analysis
Governance (ESG) factors in credit analysis
Factors in
Credit Analysis
continued...
1 Note to FN-CB-230a.1 – The disclosure shall include a description of corrective actions implemented in response to data breaches.
2 Note to FN-CB-240a.1 – The disclosure shall include a description of how the entity’s compliance with applicable jurisdictional laws or
regulations are integrated into its financial inclusion and capacity building strategy.
3 Note to FN-CB-240a.4 – The disclosure shall include a description of financial literacy initiatives.
UNIT OF
TOPIC METRIC CATEGORY CODE
MEASURE
Total amount of monetary losses as a
result of legal proceedings associated with
fraud, insider trading, antitrust, anti- Presentation
Quantitative FN-CB-510a.1
competitive behaviour, market currency
Business
manipulation, malpractice, or other related
Ethics
financial industry laws or regulations 4
UNIT OF
ACTIVITY METRIC CATEGORY CODE
MEASURE
Number,
(1) Number and (2) value of checking and savings accounts
Quantitative Presentation FN-CB-000.A
by segment: (a) personal and (b) small business
currency
Number,
(1) Number and (2) value of loans by segment: (a) personal,
Quantitative Presentation FN-CB-000.B
(b) small business, and (c) corporate6
currency
4 Note to FN-CB-510a.1 – The entity shall briefly describe the nature, context and any corrective actions taken because of monetary
losses.
5 Note to FN-CB-550a.1 – The entity shall describe whether the Global Systemically Important Bank (G-SIB) score is calculated by the
entity or obtained from regulatory authorities and whether the entity is required to report the underlying data to the regulators.
6 Note to FN-CB-000.B – Mortgage loans as well as revolving credit loans shall be excluded from the scope of the disclosure.
Metrics
FN-CB-230a.1. (1) Number of data breaches, (2) percentage that are personal data
breaches, (3) number of account holders affected
1 The entity shall disclose (1) the total number of data breaches identified during the reporting period.
1.1 A data breach is defined as an unauthorised occurrence on, or conducted through, an entity’s information
systems that jeopardises the confidentiality, integrity or availability of an entity’s information systems or any
information contained therein.
1.1.1 Information systems are defined as information resources, owned or used by the entity, including
physical or virtual infrastructure controlled by such information resources, or components thereof,
organised for the collection, processing, maintenance, use, sharing, dissemination or disposition of
an entity’s information to maintain or support operations.
1.2 The scope of the disclosure excludes occurrences in which an entity has reasonable and supportable belief
that the occurrence (i) does not pose a risk of damage to the entity’s business performance or prospects
and (ii) does not pose a risk of economic or social disadvantage to individuals.
2 The entity shall disclose (2) the percentage of data breaches that were personal data breaches.
2.1 A personal data breach is defined as a data breach resulting in the accidental or unauthorised destruction,
loss, alteration, disclosure of, or access to, personal data transmitted, stored or otherwise processed.
2.2 Personal data is defined as any information that relates to an identified or identifiable living individual.
Various pieces of information, which collected together can lead to the identification of a particular person,
also constitute personal data.
2.2.1 The entity may define personal data based on applicable jurisdictional laws or regulations. In such
cases, the entity shall disclose the applicable jurisdictional standard or definition used.
3 The entity shall disclose (3) the total number of unique account holders affected by personal data breaches.
3.1 Accounts that the entity cannot verify as belonging to the same account holder shall be disclosed
separately.
4 The entity may delay disclosure if a law enforcement agency has determined that notification impedes a criminal
investigation, and may be delayed until the law enforcement agency determines that such notification does not
compromise the investigation.
Note to FN-CB-230a.1
1 The entity shall describe any corrective actions taken in response to data breaches, such as changes in
operations, management, processes, products, business partners, training or technology.
2 All disclosure shall be sufficient such that it is specific to the risks the entity faces, but disclosure itself would not
compromise the entity’s ability to maintain data privacy and security.
3 The entity may disclose its policy for disclosing data breaches to affected account holders in a timely manner.
1.1 Vulnerability is defined as a weakness in an information system, implementation, system security procedure
or internal control that could be exploited.
1.2 Data security risk is defined as the risk of any circumstance or event with the potential to affect
organisational operations (including mission, functions, image or reputation), assets, individuals, or other
organisations or governments through an information system via unauthorised access, destruction,
disclosure, modification of information or denial of service.
2 The entity shall describe its approach to managing identified data security risks and vulnerabilities, which may
include operational procedures, management processes, structure of products, selection of business partners,
employee training and use of technology.
3 The entity shall discuss observed trends in type, frequency and origination of attacks on its data security and
information systems.
4 The entity shall describe its policies and procedures for disclosing data breaches to its customers in a timely
manner.
5.1 Emerging cyber threats may include cyber threats arising from the use of near-field communication
payment systems, mobile banking and web-based banking.
5.2 Attack vectors may include ransomware, loan stacking schemes, money mule schemes and remote access
attacks.
6 The entity shall describe the regulatory environment in which it operates related to data security.
6.1 The discussion shall include data security policies and procedures the entity adopted for regulatory
compliance or voluntarily as an industry best practice.
7 The entity shall describe the degree to which its approach aligns with an external standard or framework or
applicable jurisdictional legal or regulatory framework for managing data security, such as:
7.2 the National Institute of Standards and Technology (NIST), Framework for Improving Critical Infrastructure
Cybersecurity, 2018;
7.3 the New York State Department of Financial Services 23 NYCRR 500, Cybersecurity Requirements for
Financial Services Companies; and
7.4 the Office of the Comptroller of the Currency (OCC) Bulletin 2013-29, Third-Party Relationships: Risk
Management Guidance, 2013.
8 All disclosure shall be sufficient such that it is specific to the risks the entity faces, but disclosure itself would not
compromise the entity’s ability to maintain data privacy and security.
Metrics
FN-CB-240a.1. (1) Number and (2) amount of loans outstanding that qualify for
programmes designed to promote small business and community development
1 The entity shall disclose (1) the total number of loans outstanding that qualify for programmes designed to
promote small business and community development, and (2) the total amount outstanding on these loans.
1.1 Loans that qualify for programmes designed to promote small business and community development are
defined in accordance with applicable jurisdictional laws or regulations. The entity shall disclose the
jurisdictional standards or definitions used.
2 The scope of community development loans includes loans primarily funding community services for low- or
moderate-income individuals, and the development, revitalisation or stabilisation of low- or moderate-income
regions.
3 The scope of community development loans includes loans related to microfinance lenders, social banks or
community development finance institutions (CDFIs).
5 The scope of the disclosure excludes loans for personal expenditures or residential property.
Note to FN-CB-240a.1
1 The entity shall provide a description of its short- and long-term strategy or plan to expand its portfolio of qualified
loans promoting small business and community development.
2 The entity shall include a discussion of its examination results for compliance with applicable jurisdictional laws or
regulations related to the disclosure.
FN-CB-240a.2. (1) Number and (2) amount of past due and nonaccrual loans or
loans subject to forbearance that qualify for programmes designed to promote
small business and community development
1 The entity shall disclose (1) the total number of past due and nonaccrual loans or, alternatively, the total number
of loans subject to forbearance that qualify for programmes designed to promote small business and community
development, and (2) the total amount outstanding on these loans.
1.1 Loans that qualify for programmes designed to promote small business and community development are
defined in accordance with applicable jurisdictional laws or regulations. The entity shall disclose the
jurisdictional standards or definitions used.
2 The scope of community development loans includes loans primarily funding community services targeted to low-
or moderate-income individuals, and the development, revitalisation or stabilisation of low- or moderate-income
regions.
3 The scope of community development loans includes loans related to microfinance lenders, social banks or
community development finance institutions (CDFIs).
5 The scope of the disclosure excludes loans for personal expenditures or residential property.
6 The scope of disclosure includes loans originated and purchased by the entity.
1.1 No-cost checking accounts are defined as bank accounts providing core services without extra fees,
monthly or annual maintenance fees, or minimum average balance requirements.
1.1.1 Core services may include access to a debit card, access to internet and mobile banking, or access
to deposits and withdrawals.
1.2 Unbanked customers are defined as individuals and families who have rarely, if ever, held a checking
account, a savings account, or other type of transaction or cheque cashing account at an insured
depository institution.
1.3 A household is categorised as underbanked if it had a checking or savings account and used one of these
products or services from an alternative financial services (AFS) provider in the past 12 months: money
orders, cheque cashing, international remittances, payday loans, refund anticipation loans, rent-to-own
services, pawn shop loans or auto title loans.
1.1 The scope of financial literacy initiatives may include educational programmes, workshops, seminars,
courses, counselling and community partnerships.
1.2 Unbanked customers are those in households without a checking or savings account who may rely on
alternative financial services (AFS), such as payday loans, non-bank money orders, non-bank cheque
cashing services, non-bank remittances, rent-to-own services, pawn shops or refund anticipation loans.
1.3 Underbanked customers are in households that have a checking or a savings account but may still use AFS
regularly.
1.4 Underserved customers include those who are unbanked, underbanked or otherwise have limited access to
mainstream financial services, often because of limited or no credit history.
2 The entity shall calculate the total number of unique individuals who are documented to have participated in at
least one initiative conducted by the entity during the reporting period.
2.1 The disclosure shall include participants in ongoing programmes for which active participation can be
documented during the reporting period.
3 The scope of the disclosure shall include both individual retail customers and relevant commercial customers (for
example, small and medium-sized enterprises and minority owned business).
4 The scope of the disclosure shall include financial literacy initiatives provided by the entity directly as well as by
third parties that have a contractual agreement with the entity to provide such initiatives.
Note to FN-CB-240a.4
1 The entity shall describe its initiatives, programmes or financial services focused on enhancing the financial
literacy of unbanked, underbanked or underserved customers.
Metrics
1.1 The definition of incorporation of ESG factors is aligned with that of the Global Sustainable Investment
Alliance (GSIA) and includes the use of ESG information in the investment decision-making processes.
1.2 Examples of ESG factors and issues are provided in the PRI Reporting Framework—Main definitions 2018,
section ‘ESG issues’.
1.3 Credit analysis is defined as a method to calculate the creditworthiness of a business or organisation to
honour debt obligations. This method seeks to identify the appropriate level of default risk associated with
financing such business, organisation or project.
2 The scope of disclosure shall include commercial and industrial lending as well as project finance.
3 The entity shall describe the policies that determine its approach to the incorporation of ESG factors in its credit
analysis.
4 The entity shall discuss how it incorporates ESG factors when estimating credit losses over the contractual term
of the entity’s financial assets.
5 The entity shall describe its approach to implementation of the aspects of the entity’s ESG incorporation
practices.
6 The entity shall describe its oversight and accountability approach to the incorporation of ESG factors.
7 The entity shall discuss whether it conducts scenario analysis or modelling in which the risk profile of future ESG
trends is calculated at the portfolio level of commercial and industrial credit exposure.
7.1 ESG trends may include climate change, natural resource constraints, human capital risks and
opportunities, and cybersecurity risks.
8 The entity shall discuss ESG trends it considers apply broadly in terms of their effect on sectors and industries, as
well as the trends it deems as sector- or industry-specific.
8.1 The entity may further provide the discussion in the context of geographical exposure of its commercial and
industrial credit portfolio.
9 The entity shall describe significant concentrations of credit exposure to ESG factors, which may include carbon-
related assets, water-stressed regions and cybersecurity risks.
10 The entity shall describe how ESG factors are incorporated in the assessment of and influence the entity’s views
on:
10.1 Traditional macroeconomic factors such as the economic conditions, central bank monetary policy, industry
trends, and geopolitical risks that affect creditworthiness of borrowers
10.2 Traditional microeconomic factors such as supply and demand for products or services that affect financial
conditions and operational results of borrowers as well as their creditworthiness
10.5 Expected loss, including probability of default, exposure at default and loss given default
11.1 Number of commercial and industrial loans and project finance screened according to the Equator
Principles (EP III) (or equivalent) by EP Category
11.2 Number of loans for which a review of environmental or social risks was performed, for example, by the
entity’s Environmental and Social Risk Management (ESRM) group
Metrics
1.1 In preparing this disclosure, the entity shall apply the requirements for measuring greenhouse gas
emissions in accordance with paragraph 29(a) of IFRS S2 Climate-related Disclosures (S2) and the
corresponding requirements in paragraph B62 for entities with commercial banking activities.
1.2 In applying paragraph B62 of S2, the entity shall apply the principles of aggregation and disaggregation
from paragraphs B29 and B30 of IFRS S1 General Requirements for Disclosure of Sustainability-related
Financial Information.
1.1 In preparing this disclosure, the entity shall apply the requirements in paragraph B62 of IFRS S2 Climate-
related Disclosures for entities with commercial banking activities.
1.2 In applying paragraph B62 of S2, the entity shall apply the principles of aggregation and disaggregation
from paragraphs B29 and B30 of IFRS S1 General Requirements for Disclosure of Sustainability-related
Financial Information.
1.1 In preparing this disclosure, the entity shall apply the corresponding requirements in paragraph B62 of
IFRS S2 Climate-related Disclosures (S2) for entities with commercial banking activities.
1.2 In applying paragraph B62 of S2, the entity shall apply the principles of aggregation and disaggregation
from paragraphs B29 and B30 of IFRS S1 General Requirements for Disclosure of Sustainability-related
Financial Information.
2 If the percentage of the entity’s gross exposure included in the financed emissions calculation is less than 100%,
the entity shall disclose information that explains the exclusions, including the type of assets excluded.
1.1 In preparing this disclosure, the entity shall apply the requirements in paragraph B62 of IFRS S2 Climate-
related Disclosures (S2) for entities with commercial banking activities.
1.2 In applying paragraph B62 of S2, the entity shall apply the principle of estimation from Paragraph 78 of
IFRS S1 General Requirements for Disclosure of Sustainability-related Financial Information.
Metrics
2 The legal proceedings shall include any adjudicative proceeding involving the entity, whether before a court, a
regulator, an arbitrator or otherwise.
3 The losses shall include all monetary liabilities to the opposing party or to others (whether as the result of
settlement, verdict after trial or otherwise), including fines and other monetary liabilities incurred during the
reporting period as a result of civil actions (for example, civil judgements or settlements), regulatory proceedings
(for example, penalties, disgorgement or restitution) and criminal actions (for example, criminal judgements,
penalties or restitution) brought by any entity (for example, governmental, business or individual).
4 The scope of monetary losses shall exclude legal and other fees and expenses incurred by the entity in its
defence.
5 The scope of the disclosure shall include legal proceedings associated with the enforcement of applicable
jurisdictional laws or regulations.
6 The disclosure also shall include enforcements related to activities adjudicated by applicable jurisdictional
regulators with mandates broader than the financial industry.
7 The entity shall disclose the relevant jurisdictional regulatory authority or authorities used in its calculation.
Note to FN-CB-510a.1
2 The entity shall describe any corrective actions implemented in response to the legal proceedings. This may
include specific changes in operations, management, processes, products, business partners, training or
technology.
2 The disclosure shall identify the applicable jurisdictional whistleblower laws or regulations with which the entity
must comply.
3 The disclosure shall include a discussion of any violations of whistleblower regulations and any corrective actions
the entity has implemented in response to violations.
Metrics
2 The G-SIB scores are defined by, and shall be calculated according to, the methodology established by the latest
version of the Bank of International Settlements’ (BIS) Basel Committee on Banking Supervision’s Global
systematically important banks: updated assessment methodology and the higher loss absorbency requirement
(BCBS assessment methodology).
2.1 The set of indicators used in the calculation of the G-SIB score is outlined by the BCBS assessment
methodology in the reporting instructions and the reporting template.
2.1.1 The entity shall refer to the reporting instructions and the reporting template for the relevant
reporting period.
2.2 The G-SIB score calculation is provided by the technical summary of the BCBS assessment methodology.
The BCBS assessment methodology further provides:
2.2.1 denominators used for score calculation for the relevant reporting period; and
2.2.2 the cut-off score used to identify G-SIBs, and bucket thresholds used to allocate G-SIBs to buckets
for the purposes of calculating the specific higher loss absorbency (HLA) requirements for each
institution.
3 The entity shall disclose the latest available G-SIB score at the time of reporting.
Note to FN-CB-550a.1
1 The entity shall describe whether it obtains the score from the relevant supervisory authority after reporting the
indicators used to calculate the G-SIB score, or whether it calculates the score internally using the BCBS
assessment methodology.
2 The entity shall describe whether its applicable jurisdictional legal or regulatory authority requires the entity to
report the data required for the G-SIB calculation, or whether the entity chooses to report the data voluntarily.
2 The entity shall discuss how the stress test results inform its approach with respect to its environmental, social
and governance (ESG) strategy.
3 The entity may disclose the results of its stress tests along with this discussion.