Capital management regulatory requirements for IT
| Basic data | |
|---|---|
| title | Circular 11/2019 (WA) Capital management regulatory requirements for IT |
| Short title | Capital management regulatory requirements for IT |
| abbreviation | KAIT |
| scope | Federal Republic of Germany |
| Original version dated | 1st October 2019 |
| Last revision from | 1st October 2019 |
The capital management supervisory requirements for IT , abbreviated KAIT , are administrative instructions that were published in a circular from the Federal Financial Supervisory Authority (BaFin) for the secure design of IT systems and the associated processes and the related IT governance requirements for German capital management companies . They were published by BaFin in circular 11/2019 (WA) of October 1, 2019. It applies to capital management companies within the meaning of Section 17 of the Capital Investment Code (KAGB).
The KAIT specify the legal requirements of the capital management companies ("KVGen") within the meaning of Section 17 of the Capital Investment Code (KAGB). They are administrative regulations that interpret standards and represent a voluntary commitment by the German supervisory authority to the insurance companies.
In the capital management supervisory requirements for IT, the supervisory authority formulates a framework for the technical and organizational equipment of the company - in particular for the management of IT resources and for IT risk management. Since capital management companies are increasingly purchasing IT services from third parties, KAIT now requires - regardless of whether this is the main service or a supplementary service to another main service - a risk analysis, for example, in advance.
Likewise, the KAIT now calls for § 2 Paragraph 8 and § 4 Paragraph 26 to implement at least the state of the art in information security , whereby at least the topics of identification, protection, detection, reaction and recovery must be covered.
In addition, the BaFin is now calling for the information on the use of cloud services from the leaflet "Orientation aid on outsourcing to cloud providers" (KAIT § 8 Paragraph 64) to be taken into account.
See also
- Banking supervisory requirements for IT (BAIT)
- Insurance supervisory requirements for IT (VAIT)