Banking supervisory requirements for IT
| Basic data | |
|---|---|
| title | Circular 10/2017 (BA) Banking supervisory requirements for IT |
| Short title | Banking supervisory requirements for IT |
| abbreviation | BAIT |
| scope | Federal Republic of Germany |
| Original version dated | 3rd November 2017 |
| Last revision from | September 14, 2018 |
The banking supervisory requirements for IT , abbreviated to BAIT , are administrative instructions that were published in a circular from the Federal Financial Supervisory Authority (BaFin) for the secure design of IT systems and the associated processes and related requirements for IT governance in German credit institutions. They were published by BaFin in circular 10/2017 (BA) of November 3, 2017.
Like the minimum requirements for risk management , the BAIT specify the legal requirements of Section 25a (1) sentence 3 nos. 4 and 5 of the Banking Act . They are administrative regulations that interpret standards and represent a self-binding obligation on the part of the German supervisory authority vis-à-vis the credit institutions.
In the banking supervisory IT requirements, the supervisory authority formulates a framework for the technical and organizational equipment of the institutes - in particular for the management of IT resources and for IT risk management. Since the institutes increasingly obtain IT services from third parties, also in the context of outsourcing, Section 25b KWG is also included in this interpretation.
On September 14, 2018, BaFin published an updated version of the BAIT. The new BAIT contain an additional section on the topic of critical infrastructures . Otherwise the contents are unchanged compared to the original version.
See also
- Insurance supervisory requirements for IT (VAIT)
- Capital management supervisory requirements for IT (KAIT)