Yesterday, an important regulatory circular reached all credit and financial services institutions in Germany: The German Federal Financial Supervisory Authority (BaFin) published an update of the Minimum Requirements for Risk Management (MaRisk).
In the 7th update of MaRisk, BaFin implements the guidelines of the European Banking Authority (EBA), for example on lending and monitoring. It also updates key aspects and even introduces new ones.
We have worked out the most important changes for you here:
- Addition of the risk category "ESG risks" (Environmental, Social and Governance) and highlighting their relevance for the institutions
- Defining Risk Culture monitoring as a new management responsibility
- Inclusion of minimum requirements on institutions' real estate business
- Addition of a new section to address Model Risks
- Establishing regulations on trading at the residential workplace
The chapters describing Information Security Risks for institutions remain almost completely unaffected by the update.
Like previous BaFin regulatory circulars, the updated version of MaRisk will become effective immediately. Institutions are granted a transition period until January 1, 2024 to implement the requirements.
The current MaRisk 05/2023 in German can be found here: https://www.bafin.de/SharedDocs/Veroeffentlichungen/DE/Rundschreiben/2023/rs_05_2023_MaRisk_BA.html
Your organization is regulated by BaFin and you need assistance with a harmonization project or with the implementation of individual information security requirements? Contact us, we are happy to help.
