MaRisk Implementation

The Minimum Requirements for Risk Management (MaRisk) are a part of the regulatory Supervisory Review and Evaluation Process (SREP) for banks and are thus part of the second pillar of Basel III. With these requirements, the special organizational obligations of banks in accordance with Section 25a (1) of the German Banking Act (Kreditwesengesetz, KWG) were specified for the first time in 2005 for the implementation of an adequate and effective risk management. After several updates, the last version of MaRisk was published in October 2017, with the inclusion of more recent developments, particularly on account of international regulation initiatives.

MaRisk has a modular structure. After the formulation of fundamental requirements (General Part “GP”) come specific requirements for organization, risk management processes and for the design of internal audit (Specific Part “SP”). The updated version of MaRisk 2017 addresses the following subject areas in particular:

National Implementation of the Requirements under BCBS 239

There are significant changes due to the implementation of international regulations under BCBS 239 in which the Basel Committee formulated the principles for the effective aggregation of risk data and the risk reporting. They are transposed in MaRisk GP 4.3.4 “Data Management, Data Quality and Aggregation of Risk Data” and are to be implemented by all systemic, German institutions. By October 2020, they are obligated to implement the requirements for data governance (definition of principles with regard to data management, data quality and risk data aggregation, full documentation of processes and data flows) and data architecture and IT infrastructure (e.g. specification of roles and responsibilities, adequate controls during the entire data cycle, high degree of automation). Furthermore, it is necessary to ensure the ability to properly collect risk data in light of the principles of precision, completeness, integrity, updating and flexibility. The MaRisk module SP 3 “Requirements for Risk Reporting,” which contains the content and procedural requirements for risk reporting, must be implemented by all banks by October 2018.

FAS Support in the Implementation of MaRisk

In the implementation of MaRisk, the principle of dual proportionality must be observed. It says that both the individual design and the regulatory review of implementation are oriented to the size and the risk profile of a credit institution. Based on this criteria, FAS AG provides support for the introduction and optimization of individual MaRisk modules and draws up reasonable solution packages geared for the size of the institution and its complexity. Depending on the requirements, the spectrum of services ranges from a comprehensive GAP analysis to the individual implementation of sub-modules. Particularly in the area of the risk bearing capacity calculation, the controlling of liquidity risks or as part of the implementation of new tools for risk reporting, FAS AG has sophisticated methodological knowledge and implements it with consideration given to the framework conditions specific to the institution in each case.

If you are interested or have any questions, please contact us.

 Andreas Huthmann Managing Partner