Slovenia introduces binding ESG risk rules for banks under new Banking Act (ZBan‑4)

ESG risk management becomes a legal obligation for Slovenian banks following the EU’s CRD VI / CRR III reforms

ESG risks are now explicitly embedded into Slovenian banking regulation, requiring banks to upgrade their governance, risk management and disclosure frameworks.

With the adoption of the new Banking Act (ZBan‑4), Slovenia has fully implemented the EU’s CRD VI¹ / CRR III² package, introducing binding obligations for banks to integrate environmental, social and governance risks into their governance, risk‑management and disclosure frameworks.

In parallel, CRR III – applicable across the EU from 1 January 2025 – strengthens prudential expectations regarding ESG risks and expands mandatory disclosures for all institutions.

Key points include:

• the key ESG‑related governance duties introduced by ZBan‑4; and
• timelines and next steps for ESG disclosures and supervisory reporting.

ZBan‑4: strengthened ESG governance obligations

1. Mandatory ESG training for board members: Management and supervisory board members must understand and oversee ESG risks and receive adequate training.
2. ESG‑aligned governance and remuneration: Banks must ensure their governance structures support effective ESG risk management. Remuneration policies must not incentivise excessive ESG‑related risk‑taking. Governing bodies must prepare and oversee ESG plans with measurable objectives.
3. ESG‑inclusive ICAAP³: Capital planning processes must incorporate short‑, medium‑ and long‑term ESG risks.
4. Long‑term ESG stress testing: Banks must integrate environmental scenario analysis into their regular stress‑testing frameworks, consistent with EBA⁴ guidance.

EU supervisory alignment

EBA Guidelines on ESG risk management⁵ apply from:

• 11 January 2026 for large institutions; and
• 11 January 2027 for small and non‑complex institutions.

Timelines and next steps for ESG-related reporting

Banks must comply with the ESG‑related disclosure obligations under the CRR, including reporting exposures to fossil‑fuel sector entities. ESG‑specific reporting requirements will ultimately be governed by revised Implementing Technical Standards (ITS), which the EBA has not yet finalised.

The EBA has confirmed that ESG reporting will be incorporated into the comprehensive revision of the EU supervisory reporting framework (Reporting Framework 4.3), expected during Q3 2026.

Because the CRR itself does not specify an application date for ESG reporting – and only mandates the EBA to prepare the ITS – the obligations will apply once the new ITS becomes effective. According to the Bank of Slovenia, the first inclusion of ESG data in banks’ regular supervisory reporting is expected at the end of 2027, once the updated ITS has been adopted and entered into force.

Impact on Slovenian banks

The new requirements represent a significant shift from principles‑based expectations to binding regulatory obligations. Slovenian banks should now:

• reassess governance structures and board competencies;
• update ICAAP processes to incorporate ESG risks across all time horizons;
• prepare for more granular EBA‑driven ESG stress‑testing expectations;
• review remuneration policies for ESG alignment; and
• prepare data architecture and reporting processes for the start of ESG reporting.

1. Directive (EU) 2024/1619 ↩︎
2. Regulation (EU) 2024/1623 ↩︎
3. Internal Capital Adequacy Assessment Process ↩︎
4. European Banking Authority ↩︎
5. EBA/GL/2025/01 ↩︎