Minimum requirements for risk management (BA)

from Wikipedia, the free encyclopedia

The minimum requirements for risk management (BA) , abbreviated to MaRisk (BA) , are administrative instructions that were published with a circular from the Federal Financial Supervisory Authority (BaFin) for the design of risk management in German credit institutions . They were first published by BaFin with circular 18/2005 of December 20, 2005 and were last amended on October 27, 2017 by circular 09/2017 (BA). BA stands for banking supervision.

Basic data
Title: Circular 10/2012 (BA)
Minimum requirements for risk management
Short title: Minimum requirements for risk management
Abbreviation: MaRisk
Type: Administrative instruction
Scope: Federal Republic of Germany
Legal matter: Administrative law
References : -
Original version from: December 20, 2005
Entry into force on: December 20, 2005
Last revision from: October 27, 2017
Entry into force of the
new version on: 		October 27, 2017
Please note the note on the applicable legal version.

The MaRisk specify section 25a KWG and are the implementation of the qualitative requirements from Basel II and Basel III for the risk control of banks and the corresponding banking supervisory review processes in German law (so-called "second pillar" of Basel II / III). They are (their legal nature) so-called norm-interpreting administrative regulations, which represent a self-binding of the German supervision towards the financial institutions or insurance companies. The MaRisk are thus de facto a binding interpretation of Section 25a (1) KWG. They are intended to enable the supervisory authority to use them consistently vis-à-vis financial institutions and insurance companies and create legal and planning security.

Compliance with MaRisk is checked by the auditor as part of the annual audit. They are also the subject of special audits in accordance with Section 44 (1) KWG . Such audits are carried out by Bundesbank auditors in accordance with the new version of the supervisory guideline, which specifies the division of labor between BaFin and the Deutsche Bundesbank on the basis of Section 7 KWG.

Structure of MaRisk

The MaRisk circular has a modular structure: the general part (module AT) contains basic principles for the design of risk management , organizational guidelines , documentation , human resources or contingency planning and the framework for the design of outsourcing. In particular part (module BT) specific requirements for the organization and the processes for managing and controlling are counterparty risks , market risks , liquidity risks and operational risks resigned. In addition, the framework for structuring internal auditing is specified there.

Further development of MaRisk

The so-called MaRisk specialist committee meets at certain intervals to discuss questions of interpretation and application in practice . This is made up of experts from industry, auditors, association representatives and banking supervisors (BaFin, Bundesbank). Suggestions for adjustments are discussed in the committee. If accepted by BaFin, the MaRisk will be formulated accordingly. The minutes and draft amendments (working versions) are published on the Internet.

On October 30, 2007, the MaRisk was revised, in which the MaRisk was supplemented above all to include regulations on outsourcing.

In response to the financial market crisis, the Financial Stability Forum , in which the banking supervisory authorities, central banks and finance ministries of numerous economically important countries are represented, published recommendations in April 2008, which also affect risk management in the institutions. In February 2009, BaFin published a draft of the MaRisk containing the relevant adjustments. This draft was the basis for the revised version published on August 14, 2009. Quotation circular from BaFin:

“The new version of MaRisk will primarily tighten and expand the supervisory requirements for stress testing , liquidity risk and risk concentrations. In the future, all institutions will have to carry out stress tests for their material risks on the basis of the risk factors identified. Above all, risk concentrations must also be taken into account. In addition, banks must manage and monitor their liquidity risks in such a way that they can identify impending liquidity bottlenecks at an early stage. The institutions must appropriately include the dangers of loss resulting from risk concentrations in risk management. In future, the supervisory authority will also place higher demands on group-wide risk management. It now also explicitly requires that a strategy be developed for the entire group. In addition, institutions no longer have to guarantee their risk-bearing capacity on an individual basis, but do so for the group as a whole.

The supervisory authority is now also giving greater weight to the interaction between the Management Board and the Supervisory Board. The new MaRisk also contained much more specific requirements for the banks' remuneration systems. "

In section AT 7.2, specific requirements are placed on authorization systems for the supporting IT systems.

At the end of 2010, the MaRisk (BA) were revised again (circular 11/2010 (BA) of December 15, 2010). The regulations on the remuneration systems of the banks were taken out of the MaRisk in the course of the revision and can now be found in more detail in the Instituts Remuneration Ordinance (InstitutsVergV).

On April 26, 2012, BaFin published a draft of a further revision of MaRisk. The final version of MaRisk 2012 was published on December 14, 2012 and came into force on January 1, 2013. The new version represents u. a. the compliance and risk control functions in the institutes are more strongly represented as independent processes that have to be set up independently and structurally separate from the monitored areas. In addition, more specific regulations on risk-bearing capacity studies are given.

A fifth MaRisk amendment was announced in 2016. The focus is on risk data aggregation and risk reporting, the risk culture in the institutes and outsourcing. The consultation was published on February 18, 2016. In the statements of the banking associations, in particular, it was criticized that the regulatory requirements sometimes went well beyond international requirements and, particularly with regard to outsourcing, could sometimes only be implemented with considerable additional effort for the banks. On June 24, 2016, BaFin provided the banking associations with a further unofficial interim status for a final consultation. The final version should initially be published in the second half of 2016. The final version of MaRisk 2017 was published on October 27, 2017 by circular 09/2017 (BA). Major innovations are

  • the introduction of a risk culture,
  • the implementation of the requirements of BCBS 239 in German law,
  • binding introduction of a product catalog and
  • Tightening with regard to outsourcing,
  • Introduction of a liquidity planning process.

Historical development

MaRisk are the central building block in the further development of qualitative banking supervision, the development of which began in 1975 with the minimum requirements for bank-internal control measures in foreign exchange transactions. The decisive change is the holistic approach, which replaces the previous regulations for sub-areas. This applies in particular to strategies, risk-bearing capacity, liquidity risks and operational risks . The regulations of the MaH and MaK remain i. W. received, as before, the requirements depend on the scope of the business (principle of proportionality).

In the MaRisk, the BaFin, as the supervisory authority, has the up to then valid for the specification of § 25a KWG

consolidated, updated and supplemented.

All requirements transferred from MaH, MaIR and MaK to MaRisk were valid from the publication in December 2005. However, new requirements only had to be implemented when Basel II came into force on January 1, 2007. Institutions that made use of the option under Art. 152 (7) Equity Capital Directive allowed the EU legal requirements to postpone the application of Basel II until January 1, 2008.

The first publication of the Minimum Requirements for Risk Management (VA) for the insurance industry , abbreviated MaRisk (VA) , made it necessary to add “(BA)” in brackets to the requirements for banking.

Regulatory requirements for IT

The Information Technology is the basic infrastructure for all professional, but also all non-functional processes at banks. The banking supervisory requirements for IT , abbreviated to BAIT, are administrative instructions that were published in BaFin's circular 10/2017 (BA). The BAIT specify the legal requirements of Section 25a Paragraph 1 Clause 3 Nos. 4 and 5 of the Banking Act (KWG). It explains what is meant by adequate technical and organizational equipment of the IT systems, with special consideration of the requirements for information security and an appropriate emergency concept. Since credit institutions are increasingly obtaining IT services from third parties, also in the context of outsourcing, Section 25b KWG is also included in this specification.

literature

  • Ralf Hannemann, Andreas Schneider, Thomas Weigl: Minimum requirements for risk management (MaRisk) . Schäffer-Poeschel Verlag, Stuttgart 2013, 4th edition, ISBN 978-3-7910-3307-5
  • Axel Becker, Walter Gruber, Dirk Wohlert (eds.): MaRisk manual. Minimum requirements for risk management in banking practice . Fritz Knapp Verlag, Frankfurt am Main 2006, ISBN 3-8314-0777-0
  • Carl Th. Samm, Axel Kokemoor (Hrsg.): Law on the credit system (KWG) . CF Müller Verlag, Heidelberg. Commentary in loose-leaf collection, 129th update February 2008, ISBN 978-3-8114-5670-9

Web links

Individual evidence

  1. Circular 09/2017 (BA) - Minimum Requirements for Risk Management - MaRisk. Retrieved November 1, 2017 .
  2. Banking supervision. Retrieved February 27, 2019 .
  3. Detlef Hellenkamp, Bankwirtschaft , 2015, p. 85
  4. Circular 05/2007  ( page no longer available , search in web archivesInfo: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice.@1@ 2Template: Toter Link / www.bafin.de  
  5. Recommendations of the Financial Stability Forum ( Memento of the original of July 24, 2008 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. (PDF, English; 409 kB) , published April 7, 2008 @1@ 2Template: Webachiv / IABot / www.fsforum.org
  6. BaFinJournal 07/2009, p. 10 ff. ( Memento of the original dated January 30, 2012 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / www.bafin.de
  7. BaFinJournal 08/2009, p. 6 ff. ( Memento of the original from January 30, 2012 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / www.bafin.de
  8. BaFinJournal 01/2011, p. 6 ff. ( Memento of the original dated February 20, 2011 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / www.bafin.de
  9. BaFinJournal 01/2011, p. 13 ff. ( Memento of the original from February 20, 2011 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / www.bafin.de
  10. Consultation 1/2012 - Revision of MaRisk
  11. MaRisk version dated December 14, 2012, including explanations and notes on changes ( memento of the original dated December 31, 2012 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / www.bundesbank.de
  12. Consultation MaRisk (BA) 2016. Accessed June 12, 2016 .
  13. The interim draft of the MaRisk amendment is there - a new analysis of the requirements is required - PwC Risk Blog. July 1, 2016, accessed July 6, 2016 .
  14. Federal Financial Supervisory Authority: Circular 09/2017 (BA) - Minimum Requirements for Risk Management - MaRisk. Retrieved November 9, 2017 .
  15. Svend Reuse: MaRisk 6.0 - appreciation of the final version of October 27, 2017, presentation of implementation recommendations and development of a project plan . In: Finanz Colloquium Heidelberg (ed.): Banken-Times SPEZIAL special edition MaRisk . Heidelberg November 3, 2017 ( fc-heidelberg.de [accessed January 14, 2018]).
  16. Wolfgang Stützle: The process of further developing the minimum requirements (MaH, MaIR, MaK) to the minimum requirements for risk management . In Becker, Gruber, Wohlert (ed.): MaRisk manual .
  17. Dirk Wohlert: MaRisk versus MaH / MaK . In Becker, Gruber, Wohlert (ed.): MaRisk manual .
  18. Federal Financial Supervisory Authority: Circular 10/2017 (BA) - Banking Supervision Requirements for IT (BAIT). Retrieved November 9, 2017 .