Strategic Resilience & ESG – Governance as a Compass in a Time of Change

In the first four pillars, we have laid the foundations: we have discussed structures (Pillar 1)  and people (Pillar 2), analysed the nervous system of communication (Pillar 3) and built the data highway (Pillar 4). But what is the point of all this if the destination is shrouded in mist?

In Pillar 5, we leave the bank’s engine room and step onto the bridge. By 2026, internal governance will no longer be a static set of rules, but rather an organisation’s ability to hold its own amidst constant transformation. It is about strategic resilience and the deep integration of ESG criteria (Environmental, Social, Governance) into the very heart of the bank’s management.

Business Model Viability: Governance is the duty to ensure profitability

For a long time, business strategy was viewed as something separate from risk management. By 2026, this separation will be a thing of the past. As part of the SREP process, the supervisory authorities (ECB/BaFin) regard the Business Model Analysis (BMA) as a central component of governance.

When strategy becomes a risk

A business model that does not earn its cost of capital is, in the view of the regulators, a failure of governance. Why? Because an institution with chronically low profitability inevitably tends to take on higher risks or cut back on necessary investments (IT, compliance).

Governance Excellence in Pillar 5 means:

• Critical self-reflection: Can our model survive in an environment of volatile interest rates and digital disruption?
• Scenario planning: We no longer manage according to the ‘best-case’ scenario, but according to resilience against multiple shocks (geopolitical, economic, technological).

ESG: From a “nice-to-have” to a key risk driver

By 2026, ESG will no longer be a matter for the marketing department. It will be an integral part of MaRisk. Identifying and managing ESG risks is now a core responsibility of senior management.

Double materiality

Modern governance requires an understanding of the dual perspective:

1. Outside-in: How do climate change and social upheavals affect our loan portfolio and asset values? (Physical risks and transition risks).
2. Inside-out: What impact do our actions as a bank have on the environment and society?

An institution that fails to integrate ESG risks into its credit decisions and risk limit system is acting negligently. Auditors now specifically check whether the ESG strategy exists only on paper or whether it permeates right down to individual decisions at the point of sale.

Digital Resilience: Stability in the Cloud (DORA & Co.)

Another cornerstone of strategic resilience is operational stability in a digitalised world. With the full implementation of the Digital Operational Resilience Act (DORA), IT risk management has finally become a top priority.

Cyber resilience as a matter of survival

Governance in this context means that the board not only recognises the opportunities presented by AI and cloud technology, but also understands the dependencies.

• Third-party risk: How secure are our outsourcing partners?
• Incident management: How quickly can the bank resume operations following a cyber attack?

Those who cut corners here risk not only fines but also the withdrawal of their operating licence. Strategic resilience means that the bank is built ‘by design’ in such a way that it remains functional even after a partial failure of the digital infrastructure.

The time factor: short-term profit vs. long-term stability

One of the most challenging aspects of governance is overcoming short-term thinking. Quarterly figures often drive decisions that jeopardise the company’s long-term viability.

The remuneration system as a management tool

Pillar 5 links strategy with incentives. By 2026, remuneration structures (particularly for risk-takers and the executive board) must be explicitly linked to long-term, sustainable goals. Governance excellence is demonstrated when bonuses are reduced if, although profits are good, strategic resilience has been weakened (e.g. due to neglected IT investments or ignored ESG risks).

The role of the supervisory board as a “guardian of the future”

Under Pillar 5, the supervisory board is more than just a monitor of the past. It is the guardian of long-term sustainability.

• It must scrutinise the executive board’s strategic assumptions within the framework of the Strategic Challenge.
• It requires its own expertise in ESG and IT so that it can not only rubber-stamp the Executive Board’s proposals but also validate them from a technical perspective.

If the Supervisory Board fails to recognise or address the strategic erosion of an institution, this constitutes the ultimate failure of the third line of defence.

Economic relevance: A competitive edge through future-proofing

Why are we investing so heavily in Pillar 5? Because the market and regulators reward resilience.

1. Refinancing costs: Green bonds and sustainable refinancing are significantly cheaper for institutions with strong ESG governance.
2. SREP relief: An institution that can demonstrate it has ESG risks under control and maintains IT resilience to DORA standards will receive a higher qualitative SREP score. This significantly reduces the $P2R$ surcharge.
3. Investor confidence: In 2026, institutional investors will primarily look at the governance rating before committing capital.

Practical checklist: Is your organisation “future-proof”?

Ask your board the following questions regarding Pillar 5:

• Scenarios: Do we have a strategy for a scenario in which our core business is eliminated by technology or regulation?
• ESG integration: Are ESG scores incorporated directly into our credit pricing models?
• DORA readiness: Can we simulate a complete IT failure and be back online within the specified time?
• Incentives: Does our remuneration system promote sustainable growth or does it reward short-term risk-taking?

Conclusion: Governance as a safeguard for survival

Our series has shown that modern internal governance is far more than just compliance. It is the sum of clear structures, competent people, honest communication, reliable data and strategic foresight.

Pillar 5 brings everything full circle. Without a vision of what the bank should look like in 10 years’ time and how it will master the ESG transformation, the other pillars remain empty shells. True governance excellence is not a goal to be achieved once and for all, but a continuous process of questioning and adapting.

Those who master these five pillars are not building a house of cards, but a fortress – ready for whatever the financial world of tomorrow has in store.