In February 2016, the German Financial Services Supervisory Authority (BaFin) published a draft of the revised ‘Minimum Requirements for Risk Management’ (MaRisk). The MaRisk refine the rather vague statutory requirements for German banks and investment firms to have a proper business organisation in place.

The MaRisk also provide for a qualitative framework for the implementation of those articles of Directive 2013/36/EU (CRD IV) dealing with the organisation and risk management of institutions, particularly with respect to robust governance arrangements, effective processes to determine, monitor and communicate risks as well as adequate internal processes for risk controlling. This also includes specifications of the internal capital adequacy assessment process (ICAAP).

Given the relevance of such risk management requirements for the internal organisation of institutions and for the outcome of the supervisory review and evaluation process (SREP) under CRD IV, this article will give an overview of the general concept pursued by the MaRisk and particularly the changes envisaged by the draft of the revised MaRisk published by BaFin (Draft MaRisk).

Legal nature of the MaRisk

The MaRisk are not statutory law but constitute technically a compendium of the administrative practice of BaFin with respect to the regulatory requirements concerning the risk management of credit institutions and investment firms. In practice, however, the MaRisk are as relevant as statutory law as BaFin adheres to the MaRisk in supervising the German institutions. Whether the MaRisk will retain its nature as a summary of mere administrative practice is currently under scrutiny.

Jul-Sep 2016 Issue

Noerr LLP