Executive Summary
Assessing climate risk at the level of an individual company is difficult. Assessing it across an entire portfolio - of customers, suppliers, assets or counterparties - is significantly more complex. However, this is exactly what organisations are now expected to do. Regulatory frameworks, internal risk requirements and commercial realities are converging around a single expectation: Organisations must understand where climate risk sits across their portfolios - and how that risk is distributed, concentrated and evolving over time. In practice, most organisations struggle to meet this requirement. Data is fragmented, methodologies are inconsistent, and analysis is often limited to small subsets of entities rather than entire populations. This article explores what portfolio-level climate risk assessment actually involves, why it is difficult to implement, and what a structured approach looks like in practice.
1. Context: From Entity-Level Insight to Portfolio-Level Responsibility
Historically, climate and ESG analysis has focused on individual entities. Examples include: assessing emissions for a specific company, reviewing sustainability disclosures, and analysing risk at the asset level.
While useful, this approach is no longer sufficient. Organisations now need to assess exposure across: lending portfolios, insurance books, supplier networks, customer bases, and operational footprints.
This shift reflects a broader change: Climate risk is not just about individual entities - it is about how risk accumulates across populations.
2. What Portfolio Risk Means in Practice
Portfolio-level climate risk is not simply the sum of individual risks. It is shaped by: distribution (how risk is spread across entities), concentration (where risk is clustered), correlation (how risks may occur simultaneously), and materiality (which exposures are most significant).
For example: A single high-risk entity may not be material. Hundreds of similar entities in the same region may create significant exposure. Multiple sectors may respond differently to transition pressure. Geographic clustering can amplify physical risk.
Understanding this requires a shift from entity-level analysis to population-level insight.
3. The Structural Challenges
Most organisations face several structural barriers when attempting portfolio-level analysis.
Fragmented Data Across Systems: Relevant data is typically distributed across customer systems, supplier databases, operational platforms, ESG datasets, and external risk sources. These datasets are not designed to work together. As a result, organisations struggle to build a unified view.
Lack of Entity-Level Consistency: Even basic questions such as 'what is in the portfolio?' can be difficult to answer consistently. Challenges include: duplicate records, inconsistent naming conventions, missing identifiers, and incomplete coverage. Without a clean entity-level foundation, analysis becomes unreliable.
Limited Coverage at Scale: While data may exist for large entities, it is often missing for SMEs, regional suppliers, and smaller customers. This creates gaps that become more visible as analysis scales.
Inconsistent Methodologies: Different teams may assess risk differently: ESG teams may focus on emissions, risk teams may focus on financial exposure, and procurement teams may focus on suppliers. This leads to inconsistent outputs and difficulty aligning insights.
Inability to Scale Analysis: Approaches that work for small samples do not scale to thousands of entities, millions of records, or multiple regions and sectors. Manual processes and surveys become impractical.
4. Why Traditional Approaches Fall Short
Many organisations attempt to assess portfolio risk using: sampled analysis, high-level sector assumptions, manual aggregation, and consulting-led exercises.
These approaches have limitations. They often: miss concentration effects, rely on proxies rather than data, lack consistency across reporting cycles, and are difficult to repeat and audit.
As a result, they provide insight - but not capability.
5. What Portfolio-Level Assessment Actually Requires
To assess climate risk effectively across a portfolio, organisations need to answer a series of fundamental questions.
What Entities Are in Scope? A clear and consistent view of customers, suppliers, assets, and counterparties. This requires a structured entity-level dataset.
Where Are They Located? Geographic context is critical. Organisations must understand locations of operations, distribution across regions, and exposure to environmental conditions.
What Activities Do They Undertake? Industry classification provides context for transition risk, sector exposure, and economic sensitivity. This must reflect current activity, not static classifications.
What Risks Affect Those Locations and Activities? This includes physical risk (e.g. flood, bushfire) and transition risk (e.g. regulatory pressure, sector shifts).
Where Is Risk Concentrated? This is one of the most important questions. Organisations must identify geographic clustering, sector concentration, and overlapping risk factors.
How Does This Change Over Time? Risk is dynamic. Assessment must be repeatable, refreshable, and comparable across periods.
6. Building a Structured Approach
Organisations that successfully assess portfolio-level climate risk typically follow a structured approach.
Step 1: Establish an Entity-Level Foundation. Create a consistent view of all entities within the portfolio. This includes deduplication, standardisation, and unique identification.
Step 2: Enrich with Location and Activity Data. Add geographic context, industry classification, and operational attributes.
Step 3: Integrate Risk Indicators. Link entities to physical risk data, transition risk indicators, and ESG and emissions context.
Step 4: Analyse Distribution and Concentration. Move beyond individual entities to identify clusters, detect patterns, and understand systemic exposure.
Step 5: Enable Repeatable Workflows. Ensure that analysis can be updated regularly, applied consistently, and audited and explained.
7. What Good Looks Like
A mature portfolio-level climate risk capability has several characteristics.
Population-Level Coverage: Analysis extends across the full portfolio, not just selected entities.
Consistency Across Teams: All functions operate from the same underlying dataset.
Integrated Insight: Climate risk is connected to financial exposure, operational dependencies, and strategic decisions.
Dynamic Monitoring: Exposure is tracked over time, not assessed once.
Auditability: Outputs can be explained, traced and validated.
8. From Insight to Decision-Making
The ultimate goal of portfolio analysis is not visibility - it is action. This includes: identifying high-risk segments, prioritising intervention, informing risk appetite, supporting capital allocation, guiding customer or supplier engagement, and shaping long-term strategy.
Without this link to decision-making, analysis has limited value.
9. Implications for Organisations
To move forward, organisations should focus on: building structured data foundations, enabling analysis at scale, aligning teams around consistent methodologies, and embedding climate risk into core processes.
This requires a shift from isolated ESG initiatives to integrated, data-driven frameworks.
10. Conclusion
Assessing climate risk across a portfolio is fundamentally different from assessing individual entities. It requires: scale, consistency, integration, and repeatability.
Most organisations currently lack the infrastructure to do this effectively. However, as expectations increase, this capability will become essential.
Organisations that build it will be better positioned to: understand their exposure, meet regulatory requirements, make informed decisions, and manage risk proactively.
Closing Insight
Achieving this requires a structured approach that connects entities, locations and risk indicators into a unified framework - enabling organisations to move from fragmented analysis to portfolio-level insight.