2026-04-01
Added · Updated
The German Federal Financial Supervisory Authority (BaFin) issued a consultation draft for the 9th amendment to the Minimum Requirements for Risk Management (MaRisk) to update the regulatory framework for credit institutions. The document introduces revised guidelines on risk management, governance structures, and specific requirements for credit, trading, and real estate businesses, aligning with recent EU directives. It mandates enhanced internal control systems, stress testing, and reporting processes to ensure robust risk oversight and compliance.
Circular xx/2026 (BA) Minimum Requirements for Risk Management - MaRisk Explanations to (Consultation 02/2026) Status: xx.xx.2026
Table of Contents AT 1 Objective of the Circular 6 AT 2 Scope of Application 14 AT 2.1 Target Group 15 AT 2.2 Risks 16 AT 2.3 Transactions 18 AT 3 Responsibility of the Management Board and the Supervisory Body 20 AT 3.1 Overall Responsibility of the Management Board 20 AT 3.2 Responsibility of the Supervisory Body and its Committees 21 AT 4 General Requirements for Risk Management 21 AT 4.1 Risk Bearing Capacity 22 AT 4.2 Strategies 30 AT 4.3 Internal Control System 32 AT 4.3.1 Structural and Process Organization 32 AT 4.3.2 Risk Steering and Controlling Processes 32 AT 4.3.3 Stress Tests 33 AT 4.3.4 Use of Models 35 AT 4.4 Special Functions 43 AT 4.4.1 Risk Controlling Function 43 AT 4.4.2 Compliance Function 45 AT 4.4.3 Internal Audit 48 AT 5 Organizational Guidelines 53 AT 6 Documentation 55 AT 7 Resources 55 AT 7.1 Personnel 55 AT 7.2 Technical and Organizational Equipment 56 AT 7.3 Emergency Management 57 AT 8 Adaptation Processes 59 AT 8.1 New Product Process 59 AT 8.2 Changes to Operational Processes or Structures; Acquisitions and Mergers 61 AT 9 Outsourcing 63 BT 1 Special Requirements for the Internal Control System 72 BTO Requirements for Structural and Process Organization 73 BTO 1 Credit Business 75 BTO 1.1 Segregation of Functions and Veto Rights 76 BTO 1.2 Requirements for Processes in Credit Business 81 BTO 1.2.1 Credit Granting 88 BTO 1.2.2 Post-Granting Processing 90 BTO 1.2.3 Credit Processing Control 92 BTO 1.2.4 Intensive Supervision 92 BTO 1.2.5 Treatment of Problem Loans 93 BTO 1.2.6 Risk Provisions 96 BTO 1.3 Requirements for Procedures for Early Risk Detection and Treatment of Forbearance 96 BTO 1.3.1 Procedures for Early Risk Detection 96 BTO 1.3.2 Treatment of Forbearance 98 BTO 1.4 Risk Classification Procedures 100 BTO 2 Trading Business 100 BTO 2.1 Segregation of Functions 101 BTO 2.2 Requirements for Processes in Trading Business 102 BTO 2.2.1 Trading 102 BTO 2.2.2 Settlement and Control 105 BTO 2.2.3 Representation in Risk Controlling 108 BTO 3 Real Estate Business 109 BTO 3.1 Structural Organization 109 BTO 3.2 Requirements for Processes in Real Estate Business 110 BTO 3.2.1 Acquisition or Construction of Real Estate 111 BTO 3.2.2 Post-Processing and Monitoring 112 BTR Requirements for Risk Steering and Controlling Processes 113 BTR 1 Counterparty Default Risks 114 BTR 2 Market Price Risks 117 BTR 2.1 General Requirements 118 BTR 2.2 Market Price Risks of the Trading Book 118 BTR 2.3 Market Price Risks of the Banking Book (including Interest Rate Risk) 119 BTR 3 Liquidity Risks 127 BTR 4 Operational Risks 129 BTR 5 Credit Spread Risks in the Banking Book 130 BT 2 Special Requirements for the Design of Internal Audit 132 BT 2.1 Tasks of Internal Audit 132 BT 2.2 Principles for Internal Audit 133 BT 2.3 Audit Planning and Execution 133 BT 2.4 Reporting Obligation 133 BT 2.5 Reaction to Identified Deficiencies 133 BT 3 Requirements for Risk Reporting 133 BT 3.1 General Requirements for Risk Reports 133 BT 3.2 Reports of the Risk Controlling Function 133 List of Abbreviations 136 Circular 06/2024 29.05.2024
Annex 1: MaRisk of 29.05.2024 – Text and Explanations Content AT 1 Preamble 5 AT 2 Scope of Application 8 AT 2.1 Target Group ................................................................................................................................................................................................................................................................................. 9 AT 2.2 Risks .............................................................................................................................................................................................................................................................................................. 10 AT 2.3 Transactions ........................................................................................................................................................................................................................................................................................ 11 AT 3 Overall Responsibility of the Management Board 14 AT 4 General Requirements for Risk Management 15 AT 4.1 Risk Bearing Capacity ....................................................................................................................................................................................................................................................................... 15 AT 4.2 Strategies ........................................................................................................................................................................................................................................................................................ 19 AT 4.3 Internal Control System............................................................................................................................................................................................................................................................. 23 AT 4.3.1 Structural and Process Organization ................................................................................................................................................................................................................................. 23 AT 4.3.2 Risk Steering and Controlling Processes .......................................................................................................................................................................................................... 24 AT 4.3.3 Stress Tests ............................................................................................................................................................................................................................................................................. 25 AT 4.3.4 Data Management, Data Quality and Aggregation of Risk Data ....................................................................................................................................................... 27 AT 4.3.5 Use of Models ........................................................................................................................................................................................................................................... 29 AT 4.4 Special Functions ............................................................................................................................................................................................................................................................... 31 AT 4.4.1 Risk Controlling Function ............................................................................................................................................................................................................................................. 31 AT 4.4.2 Compliance Function ....................................................................................................................................................................................................................................................... 33 AT 4.4.3 Internal Audit .................................................................................................................................................................................................................................................................. 34 AT 4.5 Risk Management at Group Level .............................................................................................................................................................................................................................. 36
Federal Financial Supervisory Authority (BaFin) Annex 1:BA 54 - MaRisk of 29.05.2024 – Text and Explanations xx.xx.2026 Consultation 02/2026 Page 8 of 148 AT 5 Organizational Guidelines 38 AT 6 Documentation 39 AT 7 Resources 40 AT 7.1 Personnel ........................................................................................................................................................................................................................................................................................... 40 AT 7.2 Technical and Organizational Equipment ........................................................................................................................................................................................................................... 41 AT 7.3 Emergency Management .................................................................................................................................................................................................................................................................... 43 AT 8 Adaptation Processes 45 AT 8.1 New Product Process ................................................................................................................................................................................................................................................................. 45 AT 8.2 Changes to Operational Processes or Structures .................................................................................................................................................................................................... 47 AT 8.3 Acquisitions and Mergers ..................................................................................................................................................................................................................................................... 48 AT 9 Outsourcing 49 BT 1 Special Requirements for the Internal Control System 58 BTO Requirements for Structural and Process Organization 59 BTO 1 Credit Business ............................................................................................................................................................................................................................................................................... 62 BTO 1.1 Segregation of Functions and Veto Rights ............................................................................................................................................................................................................................. 62 BTO 1.2 Requirements for Processes in Credit Business .............................................................................................................................................................................................. 67 BTO 1.2.1 Credit Granting...................................................................................................................................................................................................................................................... 73 BTO 1.2.2 Post-Granting Processing ....................................................................................................................................................................................................................................... 75 BTO 1.2.3 Credit Processing Control ............................................................................................................................................................................................................................... 77
Federal Financial Supervisory Authority (BaFin) Annex 1:BA 54 - MaRisk of 29.05.2024 – Text and Explanations xx.xx.2026 Consultation 02/2026 Page 9 of 148 BTO 1.2.4 Intensive Supervision .................................................................................................................................................................................................................................................... 77 BTO 1.2.5 Treatment of Problem Loans .................................................................................................................................................................................................................... 78 BTO 1.2.6 Risk Provisions ........................................................................................................................................................................................................................................................... 80 BTO 1.3 Requirements for Procedures for Early Risk Detection and Treatment of Forbearance.................................................................................................. 81 BTO 1.3.1 Procedures for Early Risk Detection .................................................................................................................................................................................................... 81 BTO 1.3.2 Treatment of Forbearance ............................................................................................................................................................................................................................. 82 BTO 1.4 Risk Classification Procedures ..................................................................................................................................................................................................................................... 84 BTO 2 Trading Business ........................................................................................................................................................................................................................................................................... 85 BTO 2.1 Segregation of Functions ............................................................................................................................................................................................................................................................ 85 BTO 2.2 Requirements for Processes in Trading Business ......................................................................................................................................................................................... 86 BTO 2.2.1 Trading .......................................................................................................................................................................................................................................................................... 86 BTO 2.2.2 Settlement and Control .................................................................................................................................................................................................................................... 88 BTO 2.2.3 Representation in Risk Controlling .......................................................................................................................................................................................................................... 91 BTO 3 Real Estate Business ..................................................................................................................................................................................................................................................................... 92 BTO 3.1 Structural Organization ........................................................................................................................................................................................................................................................... 92 BTO 3.2 Requirements for Processes in Real Estate Business ................................................................................................................................................................................... 93 BTO 3.2.1 Acquisition or Construction of Real Estate ................................................................................................................................................................................................................. 94 BTO 3.2.2 Post-Processing and Monitoring ........................................................................................................................................................................................................... 94 BTO 3.2.3 Processing Controls ......................................................................................................................................................................................................................................... 95 BTR Requirements for Risk Steering and Controlling Processes 96 BTR 1 Counterparty Default Risks ................................................................................................................................................................................................................................................................. 97 BTR 2 Market Price Risks ........................................................................................................................................................................................................................................................................... 99 BTR 2.1 General Requirements ............................................................................................................................................................................................................................................ 99 BTR 2.2 Market Price Risks of the Trading Book ...................................................................................................................................................................................................................... 100 BTR 2.3 Market Price Risks of the Banking Book (including Interest Rate Risk) ............................................................................................................................................. 100 BTR 3 Liquidity Risks ......................................................................................................................................................................................................................................................................... 103 BTR 3.1 General Requirements .......................................................................................................................................................................................................................................... 103 BTR 3.2 Additional Requirements for Capital Market-Oriented Institutions .................................................................................................................................................................. 106 BTR 4 Operational Risks ................................................................................................................................................................................................................................................................ 108 BTR 5 Credit Spread Risks in the Banking Book .................................................................................................................................................................................................................................... 110
Federal Financial Supervisory Authority (BaFin) Annex 1:BA 54 - MaRisk of 29.05.2024 – Text and Explanations xx.xx.2026 Consultation 02/2026 Page 10 of 148 BT 2 Special Requirements for the Design of Internal Audit 111 BT 2.1 Tasks of Internal Audit .......................................................................................................................................................................................................................................... 111 BT 2.2 Principles for Internal Audit ................................................................................................................................................................................................................................... 112 BT 2.3 Audit Planning and Execution................................................................................................................................................................................................................................ 113 BT 2.4 Reporting Obligation .............................................................................................................................................................................................................................................................................. 114 BT 2.5 Reaction to Identified Deficiencies ....................................................................................................................................................................................................................................... 116 BT 3 Requirements for Risk Reporting 117 BT 3.1 General Requirements for Risk Reports ........................................................................................................................................................................................................ 117 BT 3.2 Reports of the Risk Controlling Function ........................................................................................................................................................................................................................... 119
Federal Financial Supervisory Authority (BaFin) Annex 1:BA 54 - MaRisk of 29.05.2024 – Text and Explanations xx.xx.2026 Consultation 02/2026 Page 11 of 148 AT 1 Preamble Objective of the Circular 1 This circular, on the basis of Section 25a(1) of the Banking Act (KWG), provides a flexible and practical framework for the design of the risk management of institutions. It further clarifies the requirements of Section 25a(3) KWG (Risk Management at Group Level) and Section 25b KWG (Outsourcing). An appropriate and effective risk management, taking into account risk bearing capacity, includes in particular the definition of strategies and the establishment of internal control procedures. The internal control procedures consist of the internal control system and internal audit. The internal control system includes in particular § 26c KWG (ESG Risks).