The biggest ESG development in the EU this month is the political agreement reached between EU institutions on the proposed Corporate Sustainability Due Diligence Directive or CS3D. Large companies will have to perform due diligence when the directive is implemented into national law, which is still some two years away. This will cover adverse impacts to human rights and the environment from their operations, their subsidiaries and those of their business counterparts. CS3D includes rules on penalties and imposes civil liability for infringing its obligations. A debate has been raging over the financial sector’s exclusion from CS3D or the modification of its obligations. The industry, supported by a number of member states, most prominently France, have argued against applying due diligence obligations on downstream activities of financial institutions, such as lending. They say this would be disproportionate and unworkable, impeding the flow of finance to the economy. 

So, while the European Parliament’s lead MEP Lara Wolters has declared the law to be “a historic breakthrough”, financial institutions will for the moment be largely excluded from CS3D. While at the time of writing the compromise text is not yet available, it appears, that there will be a review clause providing for the sector’s future inclusion to be based on an impact assessment. The parameters of that assessment and its timing are not yet known. In the meantime, banks, asset managers and investment groups will be caught only on their internal and upstream activities. For example, their purchasing of office equipment, but not the activities of customers to whom they lend or provide services to.

What’s Next?

This is not the end of the matter, however. Banks with more than 500 employees will still need to have a climate transition plan to show how they are mitigating their impact on global warming. That is, that their business model complies with the goal of limiting global warming to 1.5°C. To prepare such a plan requires due diligence into the customer and on the use to which the proceeds of transition or sustainability-linked finance is to be put.

Moreover, financial institutions may still be caught indirectly by CS3D when in-scope business counterparties perform mandated due diligence on them. What’s more, under the Corporate Sustainability Reporting Directive (CSRD), financial institutions will need to perform due diligence to report (as required) on material risks and opportunities arising from social and environmental issues. This is true not only from their own operations, but from business counterparties, their so-called value chain.  This directive will be phased in beginning in 2025 for the publication of 2024 reports.

We suggest that the direction of travel remains clear. As a result financial institutions must have an understanding of their ESG risks posed by their downstream customers, if not for the purposes of CS3D, but for their transition plans and obligations under other legislation. They may also need to adjust their risk and compliance processes as to any new obligations over their upstream and internal operations under CS3D.   


Eva-Maria Ségur-Cabanac heads Baker McKenzie's Sustainability offering for Financial Institutions. She is a dual-qualified lawyer, admitted to practice in Austria and New York and focuses her practice on cross-border transactional work. She also advises clients on ongoing capital markets and corporate compliance issues and represents clients in related disputes. She is a regular speaker and author of articles related to Sustainable Finance and the EU regulatory framework regarding ESG.


Richard Powell is Lead Knowledge Lawyer for Baker McKenzie's Financial Institutions Industry Group where he is responsible for legal content projects, training and knowledge initiatives. Previously he was a member of the UK Financial Conduct Authority's Enforcement Division where he advised on regulatory cases. He has also been an editor of Bloomberg Law's UK Financial Services Law Journal.