By its Circular 05/2017 (BA) of 27 October 2017, the German Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht – BaFin) published amended Minimum Requirements for Risk Management (Mindestanforderungen an das Risikomanagement – MaRisk).

MaRisk provide

  • a framework on how to structure the risk management of institutions on the basis of Section 25a para. 1 German Banking Act (Kreditwesengesetz – KWG);
  • guidelines for adequate supervision, control and monitoring processes on the basis of CRD IV (Capital Requirements Directive IV);
  • a framework for general organisational requirements, risk management, internal audit, requirements to the responsibility of the senior management and outsourcings on the basis of  Section 33 para. 1 German Securities Trading Act (Wertpapierhandelsgesetz – WpHG).

MaRisk are to be complied with by all institutions within the meaning of Section 1 para. 1b KWG and Section 53 para. 1 KWG, respectively. They also apply to branches of German institutions abroad. They do not apply to branches of undertakings which have their registered office in another state of the European Economic Area in accordance with Section 53b KWG.

The amendments to MaRisk affect almost all modules (in particular, however,

  • AT 4.1 risk-bearing capacity;
  • AT 4.3.1 organisational and procedural structure;
  • AT 4.3.4 data management, data quality and aggregation of risk data;
  • AT 8.1 new product process;
  • AT 9 outsourcing;
  • BTR 3 liquidity risks;
  • BT 3 requirements to risk reports).

BaFin has made available an overview of the amendments made to the MaRisk version of 14 December 2012.