Climate-related financial risk disclosure has moved from a regulatory horizon topic to an active compliance obligation in the span of roughly three years. The progression has been uneven — different regulatory bodies have moved at different paces, with different legal authorities, toward partially overlapping but distinct requirements. For compliance officers at commercial banks, specialty finance firms, and asset managers, the challenge is not a single climate disclosure rule to implement. It is a set of overlapping regulatory frameworks from the SEC, the Federal Reserve, the OCC, and state regulators, each with its own scope, its own timeline, and its own compliance architecture. This guide maps the current landscape as it stands for mid-size financial institutions.
Before the specifics: we are not taking a position on climate policy or the merit of climate risk disclosure as a regulatory priority. This analysis is about what has been issued, what compliance obligations follow, and how compliance programs should structure their response. The regulatory frameworks described here are public documents issued through official channels; their substance is a compliance fact, not an advocacy position.
The SEC Climate Disclosure Rule: Scope and Current Status
The SEC finalized its climate-related disclosure rule in March 2024, amending Regulation S-K and Regulation S-X to require climate-related disclosures from public companies. The rule applies to SEC-reporting companies — not directly to all financial institutions, but to publicly traded banks, insurance holding companies, asset managers, and specialty finance companies with registered securities. The disclosures required include: governance disclosures about board and management oversight of climate-related risks; strategy disclosures about material climate-related risks and their actual or likely effects on business, strategy, and financial condition; risk management disclosures about how the company identifies, assesses, and manages climate-related risks; and metrics and targets disclosures for companies with material climate-related risks or publicly disclosed targets.
The rule's implementation timeline was affected by consolidated legal challenges, and the SEC voluntarily stayed the rule's effectiveness pending judicial review. The practical compliance planning implication: publicly traded financial institutions need to track the litigation docket affecting the rule's effective dates, not just the rule's publication date. An institution that built a climate disclosure compliance program around the original effective date calendar may have allocated implementation resources ahead of the actual compliance timeline; one that deferred preparation entirely based on the stay may be underprepared when the legal challenges resolve. The appropriate posture is continued preparation — program design and data infrastructure — while monitoring the litigation timeline for confirmed compliance dates. Our coverage feed monitors SEC climate disclosure developments, including litigation-related status changes.
Federal Reserve Climate Guidance: Scenario Analysis and Governance
The Federal Reserve's approach to climate risk has operated through supervisory guidance rather than formal rulemaking — at least at the mid-size institution level. The Fed's 2023 pilot climate scenario analysis exercise involved six of the largest bank holding companies and produced public findings on how those institutions were approaching physical and transition risk modeling. That exercise's scope was explicitly limited to the largest institutions; its policy implications, however, have been wider.
The Federal Reserve also issued supervisory guidance in 2023 addressing climate-related financial risk management expectations for large bank holding companies (those with $100 billion or more in total assets). SR Letter 23-12 outlined the Fed's expectations for governance, climate-risk identification and assessment, strategy, scenario analysis, data and risk quantification, and internal audit. The guidance was explicitly scoped to large institutions — and this scope limitation is important for mid-size bank compliance programs to understand correctly.
We are not saying that mid-size banks below the $100 billion threshold face the same SR 23-12 supervisory expectations as the Fed's large bank supervisory program. They do not — the guidance does not apply directly. What compliance officers at mid-size institutions should understand is that the Fed has signaled its expectation that climate risk governance is a legitimate component of board and management risk oversight for any institution of meaningful scale, and that expectations are likely to extend to smaller institutions over time. The present compliance obligation at the mid-size level is monitoring — not immediate program overhaul — but monitoring with an understanding of where the trajectory points.
OCC Climate Risk Management Principles
The OCC issued draft principles for climate-related financial risk management for large banks and federal savings associations in 2021, finalized through a bulletin in 2023. Like the Federal Reserve's guidance, the OCC's finalized principles are explicitly scoped to large national banks and federal savings associations with more than $100 billion in total assets. The OCC's approach frames climate risk within its existing risk management framework — credit risk, liquidity risk, operational risk — rather than creating a separate climate compliance category.
For mid-size national banks — those below the $100 billion threshold but under OCC supervision — the practical compliance implication of the OCC's climate risk principles is similar to the Federal Reserve guidance: direct application is not required now, but the OCC's framing of climate risk as a credit risk, concentration risk, and operational risk issue signals that these dimensions may enter examination discussions for smaller institutions. A commercial bank with significant commercial real estate exposure in coastal markets or significant energy sector lending concentration is already subject to OCC scrutiny on those credit concentrations — the climate risk framing adds an analytical lens that the OCC has indicated it expects sophisticated institutions to apply.
State-Level Disclosure Requirements: California and Beyond
California's Climate Corporate Data Accountability Act (SB 253) and the Climate-Related Financial Risk Act (SB 261) — both signed into law in 2023 — create disclosure obligations for large companies operating in California, including financial institutions with California operations above the revenue thresholds. SB 253 requires companies with revenues exceeding $1 billion that do business in California to publicly disclose Scope 1, Scope 2, and Scope 3 greenhouse gas emissions. SB 261 requires companies with revenues exceeding $500 million that do business in California to prepare and publicly disclose climate-related financial risk reports aligned with a recognized framework.
These California statutes are operationally distinct from the SEC climate disclosure rule in scope, methodology, and enforcement mechanism — they are state law, not federal securities regulation, and enforcement pathways differ. However, for mid-size financial institutions with California commercial banking operations or California-based holding companies, both statutes may apply and neither obligation disappears because the SEC rule is stayed.
Building the Compliance Monitoring Response
For a compliance officer at a mid-size commercial bank or specialty finance firm, the climate disclosure landscape requires a monitoring posture that is proportionate but not dismissive. The near-term compliance obligation for most mid-size institutions is limited: the directly applicable requirements (SEC climate disclosure for public companies, California statutes for applicable California operators) should be in active compliance programs. The Federal Reserve and OCC large-bank guidance warrants horizon monitoring — tracking how the large-bank frameworks evolve and when the regulators signal extension to smaller institutions.
The most common error we observe in climate risk compliance program design at mid-size institutions is conflating what currently applies with what will eventually apply and trying to prepare for the future state at current resources. A more durable approach is building the monitoring infrastructure now — capturing SEC, Fed, OCC, and state regulator climate publications as they are issued, classified by obligation type and applicability scope — and building the compliance response as the applicable scope expands to the institution's tier. For how Ruleward's classification framework handles applicability scoping alongside obligation type, see the discussion in our regulatory obligation taxonomy article. For the full set of regulatory bodies we monitor with climate risk relevance, the industries page covers the commercial banking and asset management monitoring profiles in detail.