Risk management

Risk Management and Compliance are fundamental processes of our business model: we aim to mitigate risk by adhering to a Risk Appetite Framework which balances sustainable future objectives with the healthy long-term growth of our business.

In 2022 we continued to embed ESG factors in our risk framework and improve transparency while further reinforcing our risk management approach with a specific focus on climate-related risks and cyber risk protection.

Climate & Environmental Risk

In the Group Risk Management Department, a dedicated Climate Risk and Risk Governance global unit reporting to Group Enterprise Risk Management has been created to oversee climate-related and environmental risks and climate-related topics.

Climate change exposes UniCredit to several types of risk

These risks include credit, market, liquidity and reputational ones

We set up a bank-wide climate risk management framework to manage and supervise processes related both to climate and environmental risks, and to UniCredit's approach to sensitive sectors


Bank-wide Climate risk management Framework

  • Climate & Environmental risk assessment
  • Exposure towards high GHG emitters
  • From PACTA to Net Zero
  • Sector policies
  • Financial risk management
  • Physical risk assessment



In the transition process we work alongside industries that need large investments to combat climate change and achieve the objectives set by the EU Green Deal roadmap.

The integration of climate and environmental risks and opportunities in our credit risk management is a necessary step of the journey in this direction. A specific methodology and process have there upon been developed to identify scope, collect data, carry out assessments and validate results.

In order to integrate such risks in our business strategy, correctly take them into account through all stages of the credit-granting process and monitor this kind of risk in our credit portfolio, we have designed a Climate and Environmental Risk Assessment Questionnaire to determine our clients' position on the transition pathway.

The questionnaire has been designed to assess transition risk exposure along three key dimensions:

  • level of current exposure
  • level of future vulnerability
  • economic impact.

The results of the climate and environmental assessments integrate the files submitted to Credit Committees, enabling them to correctly consider climate and environmental factors when granting decisions during the underwriting phase. In addition, transition risk scores (retrieved by external providers) are translated into ad hoc steering signals and are fully embedded in the Industry Credit Risk Strategies framework.


>c.1,000 Counterparts

were assessed during the year, representing
of our Corporate EAD

Risk of our clients

Low/medium-low risk
Medium-high risk
High risk

Exposure towards NACE sectors of TOP 5 Countries selected for the ECB Climate Stress Test as having the highest GHG Intensity (>1000tCO2e/m€).


of Top 5 Countries Corporate portfolio

Exposures are well differentiated among industries with relatively higher concentration in Electricity & Gas supply and manufacturing of basic metals.
Our ESG strategy is to evaluate and support the climate transition of counterparties with reliable plans.



NACE Description

% on Non Financial Corporate FY22A

% on Non Financial Corporate FY21A


Crop and animal production, hunting and related service activities



B05-B09 Mining and quarrying <1% <1%
C19 Manufacture of coke and refined petroleum products 2% 2%
C20 Manufacture of chemicals and chemical products 2% 2%
C23 Manufacture of other non-metallic mineral products 1% 1%
C24-25 Manufacture of basic metals
Manufacture of fabricated metal products, except machinery and equipment
3% 4%
D35 Electricity, gas, steam and air-conditioning supply 6% 6%
H50 Water transport <1% <1%
Total   15% 16%

A. Exposure equal to €231.7bn as at 31 December 2022. Exposure equal to €228.4bn as at 31 December 2021. Exposure referred to top 5 countries (Italy, Germany, Austria, Czech Republic, Russia) as reported to ECB in the Climate Stress Test exercise.

Since 2020, with the road-test PACTA for banks methodology developed by 2DII, we have been measuring  the alignment of our lending portfolio with a set of climate scenarios considering several levels of ambition measured in relation to the increase in global temperature.

After joining the Net-Zero Banking Alliance, we set up a working group to disclose targets on our priority sectors and monitor our decarbonisation trajectory. In this context, we considered the most updated and reliable methodology available for each sector, moving beyond PACTA.

Environmental and social risk assessments are guided by our environmental, social, operational and reputational risk sector policies as well as by our human rights commitment. When possible, the Equator Principles (EP) also apply. The following polices/commitments are in place:

Mining sector UPDATE
Defence/Armaments UPDATE

Coal sector

Nuclear energy

Oil & Gas sector

Water infrastructure

Human rights commitment

Deforestation commitment

Tobacco commitment

Mining sector UPDATE

Coal sector

Nuclear energy

Oil & Gas sector

Water infrastructure

Defence/Armaments UPDATE

Human rights commitment

Deforestation commitment

Tobacco commitment

We intend to review and, if necessary, set up policies in other sensitive ESG sectors. This will be done on the basis of our portfolio analysis and with the support of scientific experts in order to address such topics from a factual and impact-based perspective and based on our principle of doing the right thing and finding a good social and environmental balance.

Several concrete initiatives have been launched to integrate Climate and Environmental (C&E) risk into the financial risk management framework. Find below the key pillars of the approach followed:

  1. an overall methodological approach has been defined
  2. C&E KRIs have been included within Market Risk Strategy and dedicated limits and warning levels will be applied in 2023 for both the trading and banking book with respect to transition and physical risk; additionally also stress test warning levels will be applied. All market risk limits could be either set at Group level only or following the usual cascading process for GMLs based on materiality
  3. The assessment of C&E drivers is included in the process for evaluating of new financial products for which the Legal Entities have also to verify if any C&E risk is embedded in the payoff/structure of the product and ensure the consistency with Group ESG strategy by involving the local competent function if needed
  4. Enhancement of monthly reporting and monitoring framework (Physical and Transition Risks), and Climate Stress Tests for Market and Counterparty Credit Risk (suggesting limited materiality)
  5. Extension of Sectoral Policies (Coal and Oil&Gas) for Financial Risk.



UniCredit has developed a methodology to estimate the potential actual annual deterioration of the fair value (FV) of the collateral behind the mortgage portfolio.
The approach envisages:

  1. Identification of key acute physical risks impacting the bank's geographies at postal code/municipality level
  2. Quantification of the potential damage of the collaterals located in critical sites (i.e. high physical risk areas)
  3. Evaluation of the percentage of fair value potentially damaged by the event.

estimate of the impact of the fair value 12

  • River floods (acute events): a warming at the end of the 21st century of more than 2°C relative to the preindustrial period (1850-1900) would at most affect 13%2 of the total portfolio fair value compared to the current 9%2 (assuming the same distribution of collateral)
  • Sea level rise (chronic events): it would at most affect 2%1 of the total current portfolio FV, considering a scenario that leads to a warming at the end of the 21st century of probably more than 4°C (assuming the same distribution of collateral).


We perform regular assessments to evaluate the resilience of our data centres and key buildings as well as to ensure that our business continuity processes are protected from physical change in weather patterns or other acute and/or chronic, climate-related environmental changes.

The Operational Risk framework is evolving to address operational risk linked to climate and environmental risk; the following actions have already been adopted:

  • The Operational Losses dataset has been enriched to identify loss events related to Climate and Environmental risk that will be subject to periodical monitoring and analysis
  • A dedicated scenario analysis (i.e. greenwashing and extreme flood event) was performed by major Legal Entities in 2022. The activity will be further enhanced in 2023, asking all main Legal Entities to perform an additional scenario analysis on “extreme heat wave compromising the servers cooling system”
  • The Group Non-Financial Risks Committee is duly informed in cases of critical evidence deriving from assessments, losses trend and scenario analyses.

1. Data as at 31 December 2022.
2. Portion of Fair Value in high risk zones over total Fair Value.

Information and Communication Technology (ICT)/Cyber Risks

During 2022, we continued to work on a number of initiatives to reinforce the Group’s ICT & Cyber defences.


  • Risk and Control Self-Assessment: In place since 2021 in all main Legal Entities, covering relevant end-to-end banking business processes and assets
  • IT and Cyber Risk dashboard: Established in 2021, extended to the Central and Eastern perimeter in 2022, continuously enhanced with risk indicators on emerging risks
  • External Events Surveillance on external IT and Cyber events: Outcomes are regularly shared with the Group Executive Committee (GEC) members
  • Cyber Risk scenario analysis: To assess UniCredit Group controls and countermeasures with respect to specific threats
  • Cyber Risk appetite: RAF extended also to IT risks. RAF in place in all main Legal Entities, reviewed yearly to assure coherence with key emerging risks