Region

Jurisdiction

Regulator

2023-06-29

Annex 2: All Changes to the Minimum Requirements for Risk Management (MaRisk) Compared to the Version of 29.06.2023

The German Federal Financial Supervisory Authority (BaFin) issued this document on May 29, 2024, to detail all amendments to the Minimum Requirements for Risk Management (MaRisk) relative to the June 29, 2023 version. The text serves as a comprehensive change log for financial institutions, outlining updates to risk management frameworks, internal control systems, and specific operational requirements for credit, trading, and real estate activities. It mandates adherence to revised standards regarding risk capacity, stress testing, data management, and the organizational structure of compliance and internal audit functions.

Germany

Deutsche Bundesbank

Minimum Requirements for Risk Management - MaRisk Changes compared to the MaRisk version of 29.06.2023 29.05.2024

Annex 2: MaRisk of 29.05.2024 – All Changes Compared to the MaRisk Version of 29.06.2023

Table of Contents AT 1 Preamble ...................................................................................................................................................................................................................................................................................9 AT 2 Scope of Application ......................................................................................................................................................................................................................................................................12 AT 2.1 Target Group.....................................................................................................................................................................................................................................................................13 AT 2.2 Risks....................................................................................................................................................................................................................................................................................14 AT 2.3 Transactions ..............................................................................................................................................................................................................................................................................15 AT 3 Overall Responsibility of the Management Board .........................................................................................................................................................................................................................18 AT 4 General Requirements for Risk Management ....................................................................................................................................................................................................19 AT 4.1 Risk Capacity .............................................................................................................................................................................................................................................................19 AT 4.2 Strategies..............................................................................................................................................................................................................................................................................23 AT 4.3 Internal Control System ...................................................................................................................................................................................................................................................27 AT 4.3.1 Structural and Process Organization.........................................................................................................................................................................................................................27 AT 4.3.2 Risk Steering and Controlling Processes...................................................................................................................................................................................................28 AT 4.3.3 Stress Tests ...................................................................................................................................................................................................................................................................29 AT 4.3.4 Data Management, Data Quality and Aggregation of Risk Data ..................................................................................................................................................31 AT 4.3.5 Use of Models...................................................................................................................................................................................................................................33 AT 4.4 Special Functions......................................................................................................................................................................................................................................................35 AT 4.4.1 Risk Controlling Function ....................................................................................................................................................................................................................................35 AT 4.4.2 Compliance Function..............................................................................................................................................................................................................................................37 AT 4.4.3 Internal Audit ........................................................................................................................................................................................................................................................38 AT 4.5 Risk Management at Group Level ......................................................................................................................................................................................................................40 AT 5 Organizational Policies ................................................................................................................................................................................................................................................................42 AT 6 Documentation................................................................................................................................................................................................................................................................................43 AT 7 Resources........................................................................................................................................................................................................................................................................................44 AT 7.1 Personnel.................................................................................................................................................................................................................................................................................44 AT 7.2 Technical and Organizational Equipment ...................................................................................................................................................................................................................45 AT 7.3 Emergency Management ..........................................................................................................................................................................................................................................................47 AT 8 Adaptation Processes......................................................................................................................................................................................................................................................................49 AT 8.1 New Product Process........................................................................................................................................................................................................................................................49 AT 8.2 Changes to Operational Processes or Structures .............................................................................................................................................................................................51 AT 8.3 Acquisitions and Mergers ............................................................................................................................................................................................................................................52 AT 9 Outsourcing......................................................................................................................................................................................................................................................................................53 BT 1 Special Requirements for the Internal Control System ...............................................................................................................................................................................................62 BTO Requirements for Structural and Process Organization ...................................................................................................................................................................................................63

Federal Financial Supervisory Authority (BaFin) Annex 2: MaRisk of 29.05.2024 – All Changes Compared to the MaRisk Version of 29.06.2023 Page 3 of 127

BTO 1 Credit Business......................................................................................................................................................................................................................................................................66 BTO 1.1 Separation of Functions and Veto Rights......................................................................................................................................................................................................................66 BTO 1.2 Requirements for Processes in Credit Business .......................................................................................................................................................................................71 BTO 1.2.1 Granting of Credit.............................................................................................................................................................................................................................................77 BTO 1.2.2 Further Processing of Credit ...............................................................................................................................................................................................................................79 BTO 1.2.3 Control of Credit Processing ........................................................................................................................................................................................................................81 BTO 1.2.4 Intensive Care ...........................................................................................................................................................................................................................................81 BTO 1.2.5 Treatment of Problem Loans.............................................................................................................................................................................................................82 BTO 1.2.6 Risk Provisions..................................................................................................................................................................................................................................................84 BTO 1.3 Requirements for Procedures for Early Detection of Risks and Treatment of Forbearance...............................................................................................85 BTO 1.3.1 Procedures for Early Detection of Risks..............................................................................................................................................................................................85 BTO 1.3.2 Treatment of Forbearance .....................................................................................................................................................................................................................86 BTO 1.4 Risk Classification Procedures.............................................................................................................................................................................................................................88 BTO 2 Trading Business..................................................................................................................................................................................................................................................................89 BTO 2.1 Separation of Functions ...................................................................................................................................................................................................................................................89 BTO 2.2 Requirements for Processes in Trading Business ...................................................................................................................................................................................90 BTO 2.2.1 Trading.................................................................................................................................................................................................................................................................90 BTO 2.2.2 Settlement and Control............................................................................................................................................................................................................................92 BTO 2.2.3 Representation in Risk Controlling ..................................................................................................................................................................................................................95 BTO 3 Real Estate Business ...........................................................................................................................................................................................................................................................96 BTO 3.1 Structural Organization..................................................................................................................................................................................................................................................96 BTO 3.2 Requirements for Processes in Real Estate Business.............................................................................................................................................................................97 BTO 3.2.1 Acquisition or Construction of Real Estate .........................................................................................................................................................................................................98 BTO 3.2.2 Further Processing and Monitoring ....................................................................................................................................................................................................98 BTO 3.2.3 Processing Controls.................................................................................................................................................................................................................................99 BTR Requirements for Risk Steering and Controlling Processes........................................................................................................................................................................... 100 BTR 1 Counterparty Default Risks..................................................................................................................................................................................................................................................... 101 BTR 2 Market Price Risks .............................................................................................................................................................................................................................................................. 103 BTR 2.1 General Requirements................................................................................................................................................................................................................................. 103 BTR 2.2 Market Price Risks of the Trading Book ............................................................................................................................................................................................................. 104 BTR 2.3 Market Price Risks of the Banking Book (including Interest Rate Risks) ....................................................................................................................................... 104 BTR 3 Liquidity Risks............................................................................................................................................................................................................................................................... 108 BTR 3.1 General Requirements................................................................................................................................................................................................................................. 108 BTR 3.2 Additional Requirements for Capital Market-Oriented Institutions ............................................................................................................................................................ 111

Federal Financial Supervisory Authority (BaFin) Annex 2: MaRisk of 29.05.2024 – All Changes Compared to the MaRisk Version of 29.06.2023 Page 4 of 127

BTR 4 Operational Risks ...................................................................................................................................................................................................................................................... 113 BTR 5 Credit Spread Risks in the Banking Book ........................................................................................................................................................................................................................... 115 BT 2 Special Requirements for the Design of Internal Audit .................................................................................................................................................................. 116 BT 2.1 Tasks of Internal Audit ................................................................................................................................................................................................................................. 116 BT 2.2 Principles for Internal Audit .......................................................................................................................................................................................................................... 117 BT 2.3 Audit Planning and Execution....................................................................................................................................................................................................................... 118 BT 2.4 Reporting Obligation ................................................................................................................................................................................................................................................................... 119 BT 2.5 Reaction to Identified Deficiencies ............................................................................................................................................................................................................................. 121 BT 3 Requirements for Risk Reporting .................................................................................................................................................................................................................. 122 BT 3.1 General Requirements for Risk Reports ................................................................................................................................................................................................ 122 BT 3.2 Reports from the Risk Controlling Function .................................................................................................................................................................................................................. 124 AT 1 Preamble ...................................................................................................................................................................................................................................................................................5 AT 2 Scope of Application ........................................................................................................................................................................................................................................................................8 AT 2.1 Target Group.......................................................................................................................................................................................................................................................................9 AT 2.2 Risks....................................................................................................................................................................................................................................................................................10 AT 2.3 Transactions ..............................................................................................................................................................................................................................................................................11 AT 3 Overall Responsibility of the Management Board .........................................................................................................................................................................................................................14 AT 4 General Requirements for Risk Management ....................................................................................................................................................................................................15 AT 4.1 Risk Capacity .............................................................................................................................................................................................................................................................15 AT 4.2 Strategies..............................................................................................................................................................................................................................................................................19 AT 4.3 Internal Control System .................................................................................