ESG data governance: A growing imperative for banks

By Daniel Heller, Andreas Reiter, Sebastian Schöbl, and Henning Soller

The banking industry is facing mounting pressure to meet fast-changing demands in environmental, social, and governance (ESG) issues. New and evolving regulations call for greater transparency and disclosure of ESG-related data (see sidebar, “ESG regulatory and disclosure requirements”). Stakeholders and investors are increasing their scrutiny of the effects investment decisions have on the climate and society. Consumers are holding banks to higher ESG standards as well—in 2019, about 14 percent of total client-driven revenues were controlled by consumers whose banking preferences were influenced by concern about purpose and sustainability.

To meet these expectations, banks must adapt their IT systems to systematically collect, aggregate, and report on a broad range of ESG data. However, many financial institutions still do not have a comprehensive approach to integrating ESG data into their existing risk reporting.

Moving toward this goal will require significant changes to the IT infrastructure, from applications to data integration, architecture, and governance. New applications include not only the management and capture of ESG data but also financed emissions models, climate risk models, ESG scorecards, climate stress tests, and climate-adjusted ratings. ESG data must be woven into existing processes, such as credit approvals and decision making. And banks will need to adjust their data architecture, define a data collection strategy, and reorganize their data governance model to successfully manage and report ESG data.

Investing in the right priorities from the beginning will enable banking IT leaders to quickly build these new capabilities and solutions without accumulating technical debt.

An ESG data road map

Banks can begin by developing an ESG data and technology road map that balances tactical, short-term solutions with a strategic, long-term vision. In the process, banks should consider the following components and steps.

Define potential ESG platform solutions

  • Set up a central data platform that is integrated with existing finance and risk platforms to build a single source of truth.
  • Create a data model to capture ESG data at the certificate level, including integration with third-party data providers (via APIs) and compliance with ESG data policies.
  • Enable investors to gain real-time visibility into the ESG-related aspects of their investment portfolios.
  • Replace legacy ESG platform solutions with a cloud solution to reduce technical debt and modernize the technology infrastructure for future solutions.

Embed ESG requirements into core banking processes

  • Integrate new workflows into existing processes, such as using artificial intelligence to incorporate ESG data into decision-making processes (for example, credit decisions).
  • Communicate ESG requirements across the organization and bring all employees on board with an intentional change management approach.
  • Review and revise existing data processes to comply with changing ESG requirements (for example, increasing the frequency of data updates).
  • Develop a clear plan to support the integration of new ESG policies (such as how to add new certificates to investments).

Build a robust ESG data governance model

  • Identify central ownership and responsibility within the organization (such as by appointing an ESG data officer to serve as a point of contact).
  • Create a cross-functional steering committee for ESG data governance—including leaders from the business, technology, data, risk, and finance functions—with joint accountability and decision-making processes.
  • Establish ESG data controls to ensure compliance with regulatory frameworks (for example, to indicate whether a certificate has been assigned to an investment).
  • Ensure that ESG data governance reflects shifts in market demand (such as investments in offshore wind turbines) and location-specific regulatory requirements (such as bans on investments in combustion engines after 2030 in Germany).

Common detours and dead ends

In our experience, three pitfalls can create significant delays and technical inefficiencies for banks. By taking intentional steps to avoid these detours early on, banking IT leaders can increase their chances of success and accelerate the time to impact.

Functional silos

Too often, organizational silos lead to disjointed processes and a fragmented data architecture that does not allow for synergies across ESG use cases. While some redundancy might be unavoidable, there is often a substantial overlap across data needs. Effective ESG data governance thus requires a coordinated and centralized approach across multiple stakeholders. This can take place only within a culture of open communication, cross-functional collaboration, and close alignment of the business and IT functions. Crucially, the ESG data and technology strategy must be closely integrated into the broader ESG and business strategy, with active sponsorship and a clear mandate from the highest levels of leadership.

Process traps

When redesigning processes to incorporate ESG data governance, banking IT leaders must balance between two extremes—and avoid two common traps. On one side, a narrow focus on simplicity and standardization often leads to a failure to make the necessary adjustments to align with existing business and IT processes. On the other side, anchoring too much on legacy processes can create unnecessary complexity and hamstring the ESG data governance model. Banking IT leaders must therefore find a middle ground by designing new and improved ESG-related processes while addressing the requirements of current processes.

Technical debt

The design of ESG technical solutions involves constant trade-offs between short-term needs and the long-term vision. Trying to solve everything at once—or devise the best possible solution—can extend development time, increase the pressure to implement short-term tactical solutions, and lead to lasting technical debt. Instead, banks should apply a use case–driven approach to introduce new ESG capabilities in the right sequence at the right time.

Leaders can identify and prioritize specific ESG use cases, create clearly defined stage gates, and collect metrics to track success during interim phases. For example, consider how ESG data will be integrated into each step of the credit approval process, from customer data collection and risk scoring to credit monitoring and reporting (exhibit).

Multiple steps must be considered when integrating environmental, social, and governance data into the credit approval process.

Other potential use cases include regulatory and internal stress tests, analytical risk-weighted asset calculations, provisioning, risk-appetite frameworks, credit policies, capital allocation, pricing, portfolio emissions alignment, external disclosures, and internal reporting.

Additionally, some banks default to building in-house technical solutions for which some software-as-a-service (SaaS) solutions may provide a more cost-effective and feasible alternative. Banking IT leaders should implement a clear build-versus-buy framework with proper market screening mechanisms and early-warning capabilities to ensure resources are deployed as efficiently as possible.

Finally, resistance to upgrading legacy IT interfaces can hamper the integration of ESG data. While it may seem like an adequate short-term solution, adding new components to a complex, “spaghetti-like” architecture creates operational risk in the mid- to long term. Indeed, new ESG regulatory and business imperatives present an opportunity for banks to revise their existing enterprise architecture framework to be more closely aligned with best practices. Banks should aim to design modular, decoupled architecture components, linked by a well-managed and standardized API-based integration architecture.


Banking IT leaders must move quickly to integrate ESG data governance into their IT systems and processes to keep pace with the regulatory environment and consumer needs. By developing a road map that balances short-term and long-term objectives—and by taking preemptive measures to avoid detours along the way—banks can get ahead of their competitors and be better prepared to meet the growing ESG demands of tomorrow.

Daniel Heller is an alumnus of McKinsey’s Frankfurt office, where Henning Soller is a partner; Andreas Reiter is a consultant in the Vienna office; and Sebastian Schöbl is an associate partner in the Berlin office.