Change Ahead on Corporate Loans: Banks to Screen for Sustainability Risks

While large companies are familiar with sustainability reporting, extended responsibilities present new challenges. However, compliance offers a competitive advantage, Grant Thornton, a leading business and tax advisory firm, told its guests.

In the final days of last year, the Hungarian Parliament passed national legislation to promote sustainable financing and unified corporate responsibility, known as the ESG Act. The Hungarian National Bank also launched consultations on its Minimum Sustainability Questionnaire with the financial sector.

While many are aware of the obligations defined by the ESG Act, particularly the requirement to prepare a sustainability report, less attention has been paid to the MNB’s supplier screening and ESG questionnaire, which is currently in draft form. These will impose additional new obligations on a wide range of Hungarian companies.

According to a draft recommendation sent by the central bank to financial institutions, from July 1, banks will have to assess environmental and social sustainability risks for every corporate loan application, loan guarantee or factoring transaction exceeding HUF 50 million. From Jan. 1, 2025, the same will be required for every corporate application exceeding HUF 10 mln.

In practice, financial institutions must incorporate their risk assessments into a questionnaire format to screen all corporate clients exceeding these thresholds.

The relevant workshop is ongoing, so the recommendation does not necessarily reflect the final situation. However, based on the current plans, clients will be required to answer between 30 and 90 questions about the ESG aspects of their operations, including the impact of climate change on their business.

Péter Kóczé

Gradual Extension

The MNB's Minimum Sustainability Questionnaire is expected to be gradually extended to cover all corporate lending following the conclusion of the expert consultations.

Away from the banks, the reporting requirements for the Sustainability Act, which will be extended in stages, will first apply to large companies of public interest from this year. These companies must also develop a sustainability strategy and risk management system.

The requirement to assess actual and potential adverse impacts on human rights and the environment applies not only to their operations and those of their subsidiaries but also to their business partners.

Therefore, the law requires obliged parties to screen their suppliers to assess the sustainability of the entire corporate value chain. They must also prepare an annual ESG report on fulfilling their obligations, including supplier screening.

“While a significant number of large companies are already familiar with sustainability reporting, the obligation to conduct sustainability screening is a new task for the vast majority, which is practically impossible without accredited IT solutions,” András Balásfalvi-Kiss, head of ESG and sustainability at Grant Thornton, said at the firm’s event.

“Large companies in Hungary must now appoint a sustainability officer, implement a whistleblowing system, and establish both preventive and corrective measures for sustainability-related issues,” Péter Kóczé, accounting and tax automation business unit manager at Grant Thornton Digital Ltd., added.

Additionally, they will have to manage and report data on environmental, social, and governance factors and prepare an annual ESG report summarizing their sustainability efforts. These new regulations indirectly impact almost all Hungarian companies, including SMEs, as they apply to a wide range of businesses involved in various sectors and transactions.

ESG Compliance: A Cost-Benefit Analysis for Hungarian Businesses

The cost of complying with ESG obligations depends on a company’s size. As the law’s primary objective is to ensure participation, penalties are suspended for the first year. However, in line with EU practice, companies that fail to meet their reporting obligations could face fines of up to 2% of their turnover in subsequent years, as well as exclusion from tenders and public procurement projects.

Complying with the obligations brings other benefits than simply avoiding punishment, however. Firms can gain valuable insights, for example, into the extent and nature of their exposure to the harmful effects of climate change. Moreover, in international markets, the ability to report on sustainability and provide data is (or will be) a competitive factor.

Therefore, while complying with the new requirements will undoubtedly be an additional burden for those affected, it will be a prerequisite for maintaining competitiveness in the long term. It may even offer an advantage over companies in countries that delay the implementation of these requirements.

The ESG law thus serves several purposes. Improving the protection of the environment and human rights is a significant value in itself. On the other hand, the early and forward-looking adoption of the EU directives is driven by the intention of a smooth transition to a sustainable economy. Grant Thornton says that one of the main goals of the new framework is to minimize the inevitable administrative burden of the transition and to ensure a competitive advantage for Hungarian businesses.

Thousands of Companies Affected by Cybersecurity Regulations

“Hungarian companies will have to comply with other new obligations in line with EU regulations,” stated Anna Király of Hungary's Cybersecurity Certification Directorate. Among other significant ESG-related news for Hungarian companies this year is the enactment of the Cybersecurity Certification and Supervision Act, which aims to implement the EU’s new cybersecurity directives (NIS2).

“This legislation is designed to use regulatory tools to check the information security readiness of thousands of Hungarian companies and to set obligations for them for 2024, depending on their size and field of activity,” added Király.

Companies with more than 50 employees or an annual turnover of more than EUR 10 mln and operating in strategically risky sectors fall under the scope of NIS2. The novelty is that this definition now designates a much broader spectrum of companies for regulatory inspection than those previously required to deal with cybersecurity.

For example, companies in energy, transportation, healthcare, water management, pharmaceuticals, digital infrastructure and services, logistics, waste management, electronics and automotive manufacturing, food production and distribution, chemicals, and research will all be affected.

Between Jan. 1 and June 30 this year, affected organizations will have to self-identify and classify their security and appoint a dedicated person responsible for cybersecurity. From 2025, they will have to undergo a mandatory IT audit every two years by an auditor registered with the Supervisory Authority for Regulated Activities of Hungary (SzTFH).

Meeting these requirements may pose significant challenges for affected organizations, so it is advisable to start preparing as soon as possible, Grant Thornton’s experts emphasized.

This article was first published in the Budapest Business Journal print issue of February 9, 2024.