Banking supervisory requirements for IT

from Wikipedia, the free encyclopedia
Basic data
title Circular 10/2017 (BA) Banking supervisory requirements for IT
Short title Banking supervisory requirements for IT
abbreviation BAIT
scope Federal Republic of Germany
Original version dated 3rd November 2017
Last revision from September 14, 2018

The banking supervisory requirements for IT , abbreviated to BAIT , are administrative instructions that were published in a circular from the Federal Financial Supervisory Authority (BaFin) for the secure design of IT systems and the associated processes and related requirements for IT governance in German credit institutions. They were published by BaFin in circular 10/2017 (BA) of November 3, 2017.

Like the minimum requirements for risk management , the BAIT specify the legal requirements of Section 25a (1) sentence 3 nos. 4 and 5 of the Banking Act . They are administrative regulations that interpret standards and represent a self-binding obligation on the part of the German supervisory authority vis-à-vis the credit institutions.

In the banking supervisory IT requirements, the supervisory authority formulates a framework for the technical and organizational equipment of the institutes - in particular for the management of IT resources and for IT risk management. Since the institutes increasingly obtain IT services from third parties, also in the context of outsourcing, Section 25b KWG is also included in this interpretation.

On September 14, 2018, BaFin published an updated version of the BAIT. The new BAIT contain an additional section on the topic of critical infrastructures . Otherwise the contents are unchanged compared to the original version.

See also

Web links