Climate change risk and cyber attacks could have “devastating” consequences for Australia’s financial system, the reserve bank has warned.
But in a speech to the Australasian Finance and Banking Conference online on Thursday, Jonathan Kearns, the RBA’s head of financial stability, said the climate risk to banks could be “managed” because they were less exposed than other sectors in a transition to a low emissions economy.
However, he warned that cyber attacks were now growing in frequency.
The speech comes ahead of the release of a report into the climate policies of banks and insurers from a controversial parliamentary inquiry pushed by Nationals MP George Christensen and the resources minister, Keith Pitt.
The banks fear the inquiry could result in mixed signals, with most regulators urging them to reduce their exposure to emissions intensive electricity sources, but some in the government wanting to force them not to “debank” fossil fuel companies or their enablers.
The banks told the inquiry they need to actively manage climate risk because governments and regulators require it, and because the investor community is “increasingly transitioning its focus towards a net zero emissions economy”.
Kearns said climate risk consisted of both a “physical risk” from the reduction in a bank’s income or the damage to its assets and a “transition risk” due to losses resulting from changes in policy, technology and behaviours to achieve a low emissions economy.
Climate change could harm banks by reducing their borrowers’ income or assets due to drought, storms or policy changes affecting the value of a coalmine; by preventing them rolling over short-term funding because investors are concerned about exposure to climate change; or operational risks, such as Hurricane Sandy forcing banks to close in New York.
Kearns noted banks in Australia now pay “substantial attention” to climate risk, a fact that has also been acknowledged with respect to global markets by the treasurer, Josh Frydenberg.
Kearns said banks have difficulty “quantifying and pricing the impact of climate change” due to insufficient data on their emissions exposure, the location of assets and “uncertainty” about climate change policies.
Kearns said the RBA’s work on climate risk suggests there could be house price falls in regions most exposed to extreme weather but “the overall losses for the financial system appear to be manageable”.
“Banks are also exposed to transition risks from their lending to emissions-intensive industries which again exposes them to credit risk, although overall, Australian banks’ portfolios appear to be less emissions-intensive than the economy as a whole.”
Kearns said cyber-attacks posed considerable threat and were growing in frequency.
The risk consisted of disruption, failure or misuse of IT systems including theft of funds or other valuable commercial or personal information, to disruption of services, or corruption of data, possibly for ransom.
“It is difficult to assess the extent of cyber risk as firms don’t tend to publicly disclose attacks and there isn’t uniform or comprehensive reporting of cyber-attacks,” he said.
“But everything points to cyber-attacks growing in frequency.”
Kearns said these two risks could be systemic if the bank affected is large, if the risk is correlated across multiple banks, if there is a high degree of interconnection, if the effects are long-lasting and “if it is realised when uncertainty or risk aversion is particularly high [eg during a global pandemic]”.
“The financial risks from climate change are clearly systemic as climate change will affect the portfolios of all banks.
Quick GuideHow to get the latest news from Guardian Australia
Show
Email: sign up for our daily morning and afternoon email newsletters
App: download our free app and never miss the biggest stories
Social: follow us on YouTube, TikTok, Instagram, Facebook or Twitter
Podcast: listen to our daily episodes on Apple Podcasts, Spotify or search "Full Story" in your favourite app
“Cyber risk need not be systemic. It could affect only one bank, but if that bank is large and interconnected, or the cyber attack affects a critical node in the financial system, it could very well become systemic.”
He said big banks “have substantial resources to deploy in their cyber defences” while smaller banks have difficulty maintaining equivalent defences.
He noted the council of financial regulators planned to help banks by cyberwar games testing their defences by “mimicking the tactics, techniques and procedures that are used in real cyber attacks”.
“It is crucial that banks continue to adapt their risk management for these evolving risks, as those bank risks can morph into systemic risks that have the potential for dire consequences for the economy and people’s livelihoods.”