With the most recent amendment, BaFin is implementing clarifications of the prudential view and integrating international regulatory initiatives such as the "Principles for the Effective Aggregation of Risk Data and Risk Reporting" according to BCBS 239 and the "Risk Culture Requirements" of the Financial Stability Board. In addition, existing regulations on the handling of IT risks, individual data processing, the handling of outsourcing as well as the integration of measures for payment difficulties of the debtor ("forbearance") into risk management become extended.
The areas of the 5th MaRisk amendment with significant changes and new requirements for the banks can be broken down as follows.
On 6 November 2017, BaFin published the "Bank Supervisory Requirements for IT Risk Management" (BAIT). With these, BaFin explains what it means by appropriate technical and organizational equipment of the IT systems, with particular regard to the requirements of information security and an appropriate emergency concept. In essence, the BAIT is a concretization of the requirements of MaRisk to IT.
The following graph presents an overview of the fields of action and the focal points of the BAIT.
In addition, institutions must comply with the requirements of the BSI-KritisV amended as of 30 July 2017, provided that they are operators of services that are considered Critical Infrastructures due to the exceeding of mostly transaction-oriented thresholds.
The table below presents an overview of the criticial services according to the KritisV.
With the FMC Quick Risk Assessment, which has been specially developed for banks and financial service providers, you receive quick and targeted insights that show you the necessary action areas effectively and in detail.
The FMC Quick Risk Assessment is suitable for analysis and implementation
With the FMC Quick Risk Assessment, we help institutes with the content and deadlines of the supervisory requirements of the MaRisk amendment, the new BAIT and the KritisV. With our procedural model, we enable a reliable identification of the institution-specific GAPs when implementing new or amended risk-type requirements and, together with the institute, achieve both technical and deadline compliance.
For almost two decades FMC Feindt Management Consulting GmbH (FMC) has been successfully supporting banks and their partners in business, software and regulatory issues. In doing so, FMC combines industry-specific know-how with information technology (especially in the SAP environment), regulatory expertise and organizational competence to increase the competitiveness of its clients.
Download our FMC Quick Risk Assessment brochure here.