2024-05-29
Added · Updated
The German Federal Financial Supervisory Authority (BaFin) issued Circular 06/2026 to update the Minimum Requirements for Risk Management (MaRisk), establishing a flexible framework for risk management, internal controls, and group-level oversight. The document mandates that institutions define risk-bearing capacity, implement robust internal control systems including segregation of duties, and integrate specific functions such as risk controlling, compliance, and internal audit. It further details operational requirements for credit, trading, and real estate businesses, alongside strict standards for data management, stress testing, and risk reporting.
Table of Contents
AT 1 Objective of the Circular 6 AT 2 Scope of Application 14 AT 2.1 Target Group 15 AT 2.2 Risks 16 AT 2.3 Transactions 18 AT 3 Responsibility of Management and Supervisory Body 20 AT 3.1 Overall Responsibility of Management 20 AT 3.2 Responsibility of the Supervisory Body and its Committees 21 AT 4 General Requirements for Risk Management 21 AT 4.1 Risk-Bearing Capacity 22 AT 4.2 Strategies 30 AT 4.3 Internal Control System 32 AT 4.3.1 Structural and Process Organization 32 AT 4.3.2 Risk Steering and Controlling Processes 32 AT 4.3.3 Stress Tests 34 AT 4.3.4 Use of Models 36 AT 4.4 Special Functions 43 AT 4.4.1 Risk Controlling Function 43 AT 4.4.2 Compliance Function 46 AT 4.4.3 Internal Audit 48 AT 5 Organizational Policies 53 AT 6 Documentation 55 AT 7 Resources 55 AT 7.1 Personnel 56 AT 7.2 Technical and Organizational Equipment 56 AT 7.3 Emergency Management 58 AT 8 Adaptation Processes 60 AT 8.1 New Product Process 60 AT 8.2 Changes to Operational Processes or Structures; Acquisitions and Mergers 62
AT 9 Outsourcing 63 BT 1 Special Requirements for the Internal Control System 73 BTO Requirements for Structural and Process Organization 73 BTO 1 Credit Business 76 BTO 1.1 Segregation of Functions and Veto Rights 76 BTO 1.2 Requirements for Processes in Credit Business 82 BTO 1.2.1 Granting of Credit 88 BTO 1.2.2 Further Processing of Credit 91 BTO 1.2.3 Control of Credit Processing 92 BTO 1.2.4 Intensive Care 93 BTO 1.2.5 Treatment of Problem Loans 93 BTO 1.2.6 Provisions for Risks 96 BTO 1.3 Requirements for Procedures for Early Detection of Risks and Treatment of Forbearance 97 BTO 1.3.1 Procedures for Early Detection of Risks 97 BTO 1.3.2 Treatment of Forbearance 98 BTO 1.4 Risk Classification Procedures 100 BTO 2 Trading Business 101
BTO 2.1 Segregation of Functions 101 BTO 2.2 Requirements for Processes in Trading Business 102 BTO 2.2.1 Trading 102 BTO 2.2.2 Settlement and Control 105 BTO 2.2.3 Representation in Risk Controlling 108 BTO 3 Real Estate Business 110 BTO 3.1 Structural Organization 110 BTO 3.2 Requirements for Processes in Real Estate Business 111 BTO 3.2.1 Acquisition or Construction of Real Estate 112 BTO 3.2.2 Further Processing and Monitoring 113 BTR Requirements for Risk Steering and Controlling Processes 114 BTR 1 Counterparty Default Risks 115 BTR 2 Market Price Risks 118 BTR 2.1 General Requirements 119 BTR 2.2 Market Price Risks of the Trading Book 119 BTR 2.3 Market Price Risks of the Banking Book (including Interest Rate Risks) 120
BTR 3 Liquidity Risks 128 BTR 4 Operational Risks 130 BTR 5 Credit Spread Risks in the Banking Book 132 BT 2 Special Requirements for Risk Reporting 134 BT 2.1 General Requirements for Risk Reports 134 BT 2.2 Reports by the Risk Controlling Function 135 List of Abbreviations 139 Circular 06/2024 29.05.2024
Annex 1: MaRisk as of 29.05.2024 – Text and Explanations
Content
AT 1 Preamble 5 AT 2 Scope of Application 8 AT 2.1 Target Group ................................................................................................................................................................................................................................................................................... 9 AT 2.2 Risks ................................................................................................................................................................................................................................................................................................ 10 AT 2.3 Transactions .......................................................................................................................................................................................................................................................................................... 11 AT 3 Overall Responsibility of Management 14 AT 4 General Requirements for Risk Management 15 AT 4.1 Risk-Bearing Capacity ......................................................................................................................................................................................................................................................................... 15 AT 4.2 Strategies .......................................................................................................................................................................................................................................................................................... 19 AT 4.3 Internal Control System .............................................................................................................................................................................................................................................................. 23 AT 4.3.1 Structural and Process Organization .................................................................................................................................................................................................................................... 23 AT 4.3.2 Risk Steering and Controlling Processes ............................................................................................................................................................................................................. 24 AT 4.3.3 Stress Tests ............................................................................................................................................................................................................................................................................... 25 AT 4.3.4 Data Management, Data Quality and Aggregation of Risk Data ........................................................................................................................................................... 27 AT 4.3.5 Use of Models ............................................................................................................................................................................................................................................. 29 AT 4.4 Special Functions ................................................................................................................................................................................................................................................................. 31 AT 4.4.1 Risk Controlling Function ............................................................................................................................................................................................................................................... 31 AT 4.4.2 Compliance Function ......................................................................................................................................................................................................................................................... 33 AT 4.4.3 Internal Audit ................................................................................................................................................................................................................................................................... 34 AT 4.5 Risk Management at Group Level ................................................................................................................................................................................................................................. 36 AT 5 Organizational Policies 38
Federal Financial Supervisory Authority (BaFin) Annex 1: MaRisk as of 29.05.2024 – Text and Explanations BA 54 - MaRisk as of 30.06.2026 Federal Financial Supervisory Authority (BaFin) Page 8 of 149
AT 6 Documentation 39 AT 7 Resources 40 AT 7.1 Personnel............................................................................................................................................................................................................................................................................................. 40 AT 7.2 Technical and Organizational Equipment .............................................................................................................................................................................................................................. 41 AT 7.3 Emergency Management ..................................................................................................................................................................................................................................................................... 43 AT 8 Adaptation Processes 45 AT 8.1 New Product Process .................................................................................................................................................................................................................................................................... 45 AT 8.2 Changes to Operational Processes or Structures ........................................................................................................................................................................................................ 47 AT 8.3 Acquisitions and Mergers ....................................................................................................................................................................................................................................................... 48 AT 9 Outsourcing 49 BT 1 Special Requirements for the Internal Control System 58 BTO Requirements for Structural and Process Organization 59 BTO 1 Credit Business ..................................................................................................................................................................................................................................................................................62 BTO 1.1 Segregation of Functions and Veto Rights ................................................................................................................................................................................................................................ 62 BTO 1.2 Requirements for Processes in Credit Business ................................................................................................................................................................................................. 67 BTO 1.2.1 Granting of Credit ........................................................................................................................................................................................................................................................ 73 BTO 1.2.2 Further Processing of Credit .......................................................................................................................................................................................................................................... 75 BTO 1.2.3 Control of Credit Processing .................................................................................................................................................................................................................................. 77 BTO 1.2.4 Intensive Care ...................................................................................................................................................................................................................................................... 77 BTO 1.2.5 Treatment of Problem Loans ........................................................................................................................................................................................................................78
Federal Financial Supervisory Authority (BaFin) Annex 1: MaRisk as of 29.05.2024 – Text and Explanations BA 54 - MaRisk as of 30.06.2026 Federal Financial Supervisory Authority (BaFin) Page 9 of 149
BTO 1.2.6 Provisions for Risks ............................................................................................................................................................................................................................................................. 80 BTO 1.3 Requirements for Procedures for Early Detection of Risks and Treatment of Forbearance ........................................................................................................ 81 BTO 1.3.1 Procedures for Early Detection of Risks ......................................................................................................................................................................................................... 81 BTO 1.3.2 Treatment of Forbearance ................................................................................................................................................................................................................................ 82 BTO 1.4 Risk Classification Procedures ...................................................................................................................................................................................................................................... 84 BTO 2 Trading Business ............................................................................................................................................................................................................................................................................. 85 BTO 2.1 Segregation of Functions.............................................................................................................................................................................................................................................................. 85 BTO 2.2 Requirements for Processes in Trading Business............................................................................................................................................................................................. 86 BTO 2.2.1 Trading ............................................................................................................................................................................................................................................................................ 86 BTO 2.2.2 Settlement and Control ..................................................................................................................................................................................................................................... 88 BTO 2.2.3 Representation in Risk Controlling .............................................................................................................................................................................................................................91 BTO 3 Real Estate Business ......................................................................................................................................................................................................................................................................92 BTO 3.1 Structural Organization ............................................................................................................................................................................................................................................................ 92 BTO 3.2 Requirements for Processes in Real Estate Business ...................................................................................................................................................................................... 93 BTO 3.2.1 Acquisition or Construction of Real Estate ................................................................................................................................................................................................................... 94 BTO 3.2.2 Further Processing and Monitoring .............................................................................................................................................................................................................. 94 BTO 3.2.3 Processing Controls .......................................................................................................................................................................................................................................... 95 BTR Requirements for Risk Steering and Controlling Processes 96 BTR 1 Counterparty Default Risks .................................................................................................................................................................................................................................................................. 97 BTR 2 Market Price Risks ........................................................................................................................................................................................................................................................................... 99 BTR 2.1 General Requirements .............................................................................................................................................................................................................................................. 99 BTR 2.2 Market Price Risks of the Trading Book ........................................................................................................................................................................................................................ 100 BTR 2.3 Market Price Risks of the Banking Book (including Interest Rate Risks) ............................................................................................................................................... 100 BTR 3 Liquidity Risks .......................................................................................................................................................................................................................................................................... 103 BTR 3.1 General Requirements ............................................................................................................................................................................................................................................ 103 BTR 3.2 Additional Requirements for Capital Market-Oriented Institutions ................................................................................................................................................................... 106 BTR 4 Operational Risks ................................................................................................................................................................................................................................................................. 108 BTR 5 Credit Spread Risks in the Banking Book ....................................................................................................................................................................................................................................... 110
Federal Financial Supervisory Authority (BaFin) Annex 1: MaRisk as of 29.05.2024 – Text and Explanations BA 54 - MaRisk as of 30.06.2026 Federal Financial Supervisory Authority (BaFin) Page 10 of 149
BT 2 Special Requirements for the Design of Internal Audit 111 BT 2.1 Tasks of Internal Audit .............................................................................................................................................................................................................................................. 111 BT 2.2 Principles for Internal Audit ...................................................................................................................................................................................................................................... 112 BT 2.3 Audit Planning and Execution .................................................................................................................................................................................................................................. 113 BT 2.4 Reporting Obligation ............................................................................................................................................................................................................................................................................... 114 BT 2.5 Reaction to Identified Deficiencies ......................................................................................................................................................................................................................................... 116 BT 3 Requirements for Risk Reporting 117 BT 3.1 General Requirements for Risk Reports ............................................................................................................................................................................................................ 117 BT 3.2 Reports by the Risk Controlling Function .............................................................................................................................................................................................................................. 119
Federal Financial Supervisory Authority (BaFin) Annex 1: MaRisk as of 29.05.2024 – Text and Explanations BA 54 - MaRisk as of 30.06.2026 Federal Financial Supervisory Authority (BaFin) Page 11 of 149
AT 1 Preamble
Objective of the Circular
1 This Circular provides, on the basis of Section 25a (1) of the German Banking Act (KWG), a flexible and practice-oriented framework for the design of the risk management of institutions. It further specifies the requirements of Section 25a (3) KWG (Risk Management at Group Level) and Section 25b KWG (Outsourcing). An appropriate and effective risk management includes, taking into account the risk-bearing capacity, the definition of strategies as well as the establishment of internal control procedures. The internal control procedures consist of the internal control system and Internal Audit. The internal control system includes in particular Section 26c KWG (ESG Risks).
Branches according to Section 53 KWG CRD Third-Country Branches Since CRD third-country branches do not have a supervisory body, these institutions must instead involve their head offices in an appropriate manner.
2 The Circular also provides a qualitative framework for the implementation of significant articles of Directive 2013/36/EU (Banking Directive)...