Following consultation paper (CP) 10/25,1 Supervisory Statement (SS) 5/25 sets out the Prudential Regulation Authority's (PRA’s) updated supervisory expectations for how insurers (and banks) should manage climate-related risks. SS5/25 replaces the previous SS3/19, offering greater clarity and detail, providing 140 paragraphs compared to the previous 32 in SS3/19. Alongside the updated SS, the PRA has also published Policy Statement (PS) 25/25, which provides feedback to the responses received to CP10/25.
Whilst SS3/19 had four areas of expectations, the updated SS5/25 is structured into seven chapters to reflect the more detailed expectations: governance, risk management, climate scenario analysis (CSA), data, disclosures, banking-specific issues and insurance-specific issues.
The updated expectations provide more detailed guidance to help insurers manage the effects of climate change on their businesses, incorporating feedback from industry, the latest international standards and developments in understanding since 2019.
One key area the PRA developed following the consultation is related to proportionality; SS5/25 provides greater guidance to firms on how to adopt a proportionate approach to meeting its expectations and sets out a two-step process that all firms should apply to ensure an appropriate approach. As a first step, firms are required to identify the material climate-related risks they are exposed to, with this assessment being subject to board approval and all material risks identified being added to the risk register. Once this has been assessed and approved, as a second step firms should develop an appropriate risk management response reflecting the level of materiality. An important distinction made by the PRA is that proportionality relates to the materiality of climate risk exposures to the firm itself, rather than to the size of the firm. As such, smaller firms are still required to meet the detailed expectations where the risks are material to the firm. There is allowance for ‘smaller firms [to use] less sophisticated tools and less granular data proxies,’ but this is ‘provided the firm is aware of the limitations of those tools and makes a prudent interpretation of the information produced.’
Following the publication of SS5/25 on 3 December 2025, firms are expected to conduct an internal review against the updated expectations and develop a ‘credible and ambitious’ plan for addressing any identified gaps within six months (i.e., 3 June 2026).
The fourfold increase in paragraphs in SS5/25 relative to SS3/19 means that the vast majority of the specific requirements are ‘new,’ and we focus on the newer aspects (as applicable to insurers) in this summary.
SS5/25 requirements
Our overview of key areas in the new requirements (as relevant to insurers) is set out below. This is not intended to be exhaustive, and direct importance of individual paragraphs will vary by firm. The SS and PS should be consulted for the fuller context and as the basis of the gap analysis required by 3 June 2026.
Governance
- The board to review and agree on material climate-related risks, record them in the risk register and set and own the overall climate-specific risk appetite for these risks.
- Coherence between a firm’s overall strategy and any climate targets the firm has adopted.
- Management bodies to provide the board with relevant, specific, timely and decision-useful information.
- Management responsibility for identifying and managing climate-related risks to be assigned to an individual with an appropriate level of seniority, embedded into existing governance structures with clear reporting lines and accountability, potentially linked to the firm’s appraisal and reward system.
- The board to be provided with an analysis of the performance of the firm’s business strategy under a range of climate scenarios, with the suitability of the scenario selection being approved by the board.
- Boards to set risk appetite and tolerance levels for outsourced and third-party arrangements that may be exposed to, or introduce, climate-related risks.
- Incorporation of climate-related risk into internal control frameworks across the three lines of defence.
- Where firms adopt climate-related goals or targets, they should be able to demonstrate how the plan to meet these is integrated into the firm’s overall strategy, and all firms should consider the relevance for their business model of national climate-related policies and targets.
The updated governance requirements aim to remediate issues that the PRA has observed to date, such as information provided to boards often being unclear and insufficiently specific and a lack of analysis of the impact of climate-related risks on business strategy.
Establishing climate-specific risk appetite statements for any material climate-related risks is an additional requirement introduced in the new SS, and this is likely to be an area where further consideration is needed by many firms. The explicit requirement to incorporate any climate targets with the firm’s overall business strategy is also newly introduced and should help to promote consistency between climate-specific targets such as net-zero goals with wider business practices.
CP10/25 made explicit reference to the PRA’s expectation for board training. Whilst not explicit in PS25/25 and SS5/25, boards are likely to require training for the oversight, decision making and challenge they are required to provide within these expectations.
Risk management
- Firms should periodically carry out structured risk identification and assessment to identify material risks and classify them, substantiating any materiality judgements made within the Own Risk and Solvency Assessment (ORSA). All climate-related risks identified as material should be included in the existing risk register or within a supplementary sub-register.
- Insurers should undertake a risk assessment to understand the risks arising from relationships with policyholders, clients, counterparties and investees, and should identify relationships that have a material impact on the firm’s climate-related risk profile.
- Firms should develop quantitative risk appetite metrics and limits for each material risk, informed by scenario analysis and reverse stress tests.
- In addition to financial risks, firms should manage non-financial risks, including reputation risks over multiple time horizons.
- An appropriate internal risk reporting infrastructure should be developed. Examples of management information (MI) include utilisation of risk appetite limits, changes to the risk register and analysis of the financial impact of climate events.
- Firms should assess the impact of climate-related risk drivers on their operational resilience, considering severe but plausible scenarios.
Non-financial risks and operational resilience are not referenced in SS3/19, and therefore firms will need to ensure that they explicitly consider climate-related impacts on these risks and, in particular, that business continuity plans and disaster recovery adequately cover potential climate-related risk scenarios.
The new SS also introduces more detailed requirements around quantitative metrics, prompted by the PRA’s observation that firms face challenges establishing metrics which can meaningfully inform decisions. However, the PRA does not propose specific metrics, as the appropriateness of specific metrics will vary across firms.
The new SS also considers the categorisation of litigation risk, noting that litigation risk can arise from physical or transition risk, or can arise independently. As such, firms should apply their own judgement when deciding whether to include litigation risk as a subset of physical and/or transition risk, or as an independent risk type.
Climate scenario analysis (CSA)
CSA is a key risk assessment tool supplementing standard approaches, as standard stress testing is not suitable for the non-linear nature of climate-related risks.
The new requirements under the SS indicate the need for more detailed CSA, with firms being required to select, match and tailor scenarios for a range of different use cases. This includes consideration of multiple time horizons, objectives and levels of severity depending on the use case. The number and type of CSA exercises should be commensurate with the firm’s level of climate risk exposure and its size. Figure 1 in SS5/25 contains an example of types of use cases and the appropriate corresponding time horizons, frequency and calibration. This could form a useful starting point for firms to consider expanding their CSA plans and use cases.
- Firms must document how CSA informs decision making and be able to justify scenario selection.
- CSA should be used to inform business strategy, risk management, capital setting and valuation purposes (in line with proportionality requirements).
- Firms should select, match and tailor scenarios to their CSA objectives, exploring a range of plausible (‘central case’) future outcomes and then adjusting the intensity for climate tail risks.
- CSA should capture all material, relevant climate-related risks, at least at a high level in narrative-based scenarios. The PRA expects larger firms with material risk exposures to require more mathematically sophisticated approaches. Narrative scenarios may be more appropriate for remote risks such as those over longer time horizons.
- Firms should have a structured approach to assessing each component of a climate-related scenario, considering the development of the narrative, the use of expert judgement and mathematical models.
- Firms should be aware of the limitations of the climate scenarios and models they use and account for these limitations in their use of results. Lack of capture of ‘non-linearities and potential tipping points’ are referenced as specific limitations to be accounted for.
- Firms should document how CSA is used within the ORSA and include CSA as part of the Stress and Scenario Testing component of the ORSA where material climate-related risks exposures have been identified.
- Firms are expected to conduct scenario-based sensitivity analysis to understand their vulnerabilities and help identify emerging risks. Larger firms and those with higher climate-related risk exposures should also consider whether to conduct reverse stress testing.
- Where a firm cannot conduct an appropriate CSA, or decides not to develop advanced CSA capabilities, it should demonstrate an alternative approach to understand future climate-related risks.
- Firms should regularly review and update scenarios.
Figure 1: Examples of CSA use cases and considerations for scenario time horizons, frequency and calibration
| CSA use case | Scenario time horizon | Frequency | Calibration |
|---|---|---|---|
| Business Strategy | Medium- to long-term, to capture impacts on the firm’s business from longer term developments that may require action now | At least annually review whether the most recent long-term CSA still meets its objective and consider updating in the case of a sudden change in external circumstances | Plausible ‘central case’ whilst recognising some climate-related impacts will materialise in all scenarios |
| Risk Management | Typically short-term, but longer-term if relevant for firm's exposures | In line with the firm's risk management strategy | Should capture severe but plausible tail risks |
| Capital Setting | In line with the firm's internal capital adequacy assessment process (ICAAP)/ORSA | Should capture severe but plausible tail risks | |
| Valuation | In line with relevant accounting standards | Reflecting a range of selected scenarios and in line with relevant accounting standards | |
Source: Table 1 from Supervisory Statement 5/25
Data
- Data gaps remain a significant challenge. Firms should be able to explain how they identify and assess data gaps. Where reliable data are not available, contingency solutions, e.g., appropriate assumptions and proxies, should be used.
- Insurers that rely on external data should have an effective system of governance and plan strategic development of in-house capabilities.
- Firms should have systems to collect and aggregate climate-related risk data.
The new requirements place responsibility on firms to work on developing their in-house data capabilities going forward rather than simply accepting the limitations of external data—this represents an evolution of climate-related risk management with a focus for firms to start to consider addressing current limitations.
Disclosures
The new SS does not contain any substantive changes to the disclosure expectations in SS3/19. A change has been implemented to replace the reference to Task Force on Climate-related Financial Disclosures (TCFD) recommendations with a reference to UK Sustainability Reporting Standards, a framework established by the UK government which is based on global standards developed by the International Sustainability Standards Board (ISSB).
Insurance-specific issues
The new SS clarifies expectations for inclusion of climate-related risks on investments, the ORSA, in the calculation of the Solvency Capital Requirement (SCR) and in preparing the Solvency II balance sheet, where insurers are subject to these obligations.
- Climate-related risks should be reflected in the risk management framework and in risk appetite statements; this ensures that existing risk appetites for natural catastrophe, etc., do not underestimate climate change impact.
- Integrating climate scenarios in the ORSA is required when climate-related risks are material.
- Insurers should detail the investment and underwriting changes they would make in response to climate-related risks, which is particularly relevant for non-life insurers regarding underwriting (e.g., reducing coverage or repricing). Metrics should be specified to inform decisions on the changes.
- Insurers using an internal model (IM) to calculate their SCR should consider the impact of climate-related risks on underwriting, reserving, market, credit and operational risk components of their IM. Insurers using the Standard Formula (SF) should consider the impact of climate-related risks as part of the assessment of SF appropriateness. However, no new additional capital requirements beyond those required by the PRA’s Solvency II SCR rules are being imposed, as the PRA considers the existing regulatory framework to be sufficiently comprehensive to cover climate-related risks implicitly.
- The Solvency II balance sheet should reflect assumptions around climate-related risks. The SS notes that life insurers should consider the impact of climate-related risks on best estimate mortality, morbidity, lapse and expense assumptions. It highlights that secondary impacts on these assumptions should be considered, for example, the impact of changes in the incidence of respiratory or water-borne diseases on mortality and morbidity assumptions, and socio-economic impacts on lapse rates under different climate scenarios.
Conclusion
The new requirements covered by SS5/25 aim to improve the resilience of firms to climate-related risks by providing a more rigorous and coherent approach. It is certainly a step-up in the evolution of climate-related risk management and sets a new standard for firms to attain.
The first half of 2026 will require firms of all sizes to perform an internal review of their current approach to managing climate-related risks against SS5/25 and to develop a plan for closing any gaps identified. In the second half of 2026, firms should be prepared to provide evidence of these reviews and to demonstrate meaningful progress against its plans to the PRA.
Please reach out to the authors or your usual Milliman contacts if you would like to discuss the development of a gap analysis or the implications for your business more broadly.
1 As covered by Consultation Paper (CP) 10/25, note also that Supervisory Statement (SS) 5/25 was originally released as SS4/25 but has been renumbered without change to the statement.