Requirements for the risk controlling function
Requirements for the risk controlling function. In the consultation process, the lack of a list of (contractual) parameters to be entered in the outsourcing register was also addressed.
In order to remedy this and at the same time avoid deviations from the Outsourcing Guidelines in the implementation of this new legal requirement of 25 b para. 1 KWG (according to the Financial Market Integrity Strengthening Act – FISG), the final version of AT 9 para. 14 MaRisk refers directly to paras. 54 and 55 of these guidelines.
This is intended to make it easier for European banking groups to set up a central outsourcing register, as permitted in point 53 of the Outsourcing Guidelines. Among the mandatory parameters listed in paragraphs 54 and 55 of the Outsourcing Guidelines, the meeting of the MaRisk expert committee on 4 March 2021 focused in particular on the field of coverage under paragraph 55 lit. a. The aim is to facilitate the establishment of a central outsourcing register for European banking groups, as permitted in paragraph 53 of the Outsourcing Guidelines.
Institutions that are affiliated to central protection schemes should also list the other contractual partners of the outsourcing company from the association. The supervisory authority recognises that this can only be considered proportionate where such a recording can be assumed, in particular when a central outsourcing management is set up at association level.
Requirements for the risk controlling function + MaRisk 6.0: What changes in outsourcing management?
Target group for the course Requirements for the outsourcing register
# Board members, managing directors and managers at banks, savings banks and cooperative banks
# Managers and specialists from the areas of compliance, risk management, overall bank management and internal audit
# Book the seminar Requirements for the outsourcing register + MaRisk 6.0: What changes in outsourcing management? online; convenient and easy with the seminar form online and product no. A 06.
Your benefits with the course: Requirements for the risk controlling function
#1 New requirements for the risk controlling function
#2 Future-oriented capital planning process with SREP and ICAAP
#3 Agile risk management in the lending business
Your advantage with the course: Requirements for the risk controlling function
Each participant receives the S+P Tool Box with the seminar:
+ S+P Checklist „Implementation of MaRisk 2021“
+ S+P Check: Reporting-relevant requirements AT 4.1 and AT 4.2
+ S+P Checklist: 105-point check on risk-bearing capacity
+ S+P Check: MaRisk regulations for the lending business
MaRisk 2021: New requirements for the risk controlling function
# Proper Business Organisation §25a KWG as a Requirement for Internal Risk Management
# Innovations in the supervisory assessment of banks‘ internal risk-bearing capacity concepts
# Extended responsibilities of the risk controlling function
# Process checks for risk-relevant limit approvals – Identification of relevant decision-making processes
Each participant will receive:
+ S+P Guide: Implementation of the new MaRisk
+ S+P Check: Reporting-relevant requirements AT 4.1 and AT 4.2
Future-oriented capital planning process with SREP and ICAAP
# New requirements for the capital planning process: What are the implications for the determination of risk-bearing capacity?
# Innovations in the areas of risk measurement and limitation
# Traffic light and warning systems: Optimal dovetailing of process and control impulses
# Creation of different scenarios in the capital planning process
# New requirements for the limit system with TLAC/MREL
Each participant receives the S+P Tool Box with the seminar:
+ S+P tool „Basel III Simulator“ for the optimal balance sheet structure according to CRD IV and CRR
+ S+P Checklist: 105-point check on risk-bearing capacity
Agile risk management in the lending business
MaRisk BTO 1.2.4: Intensive supervision
- Criteria for the transition to intensive support
- Consideration of concessions in favour of the borrower
(„Forbearance“)
MaRisk BTO 1.2.5: Treatment of problem loans
- Criteria for the transition to problem loan handling
- Examination of non-standardised contracts in restructuring cases
- Voting for restructuring loans and exposures in wind-down portfolios
MaRisk BTO 1.3: Early risk identification in the lending business
- Internal information from the business relationship
- Targeted use of external information sources
- Risk classification procedures and early identification of risks
Update for the risk controlling function
#1 MaRisk 6.0: What changes in outsourcing management?
In order to bundle the central management and monitoring of the risks of outsourcing agreements, each institution that undertakes outsourcing should itself appoint a central outsourcing officer.
The central outsourcing management, which an institution must set up depending on the type, scope and complexity of the outsourcing activities, serves to support the outsourcing officer.
With regard to the new requirement from AT 9 point 12 to appoint an outsourcing officer, the consultation questioned in particular the direct subordination and reporting duty of the outsourcing officer to the management. According to the final version, it is now considered sufficient for the organisational requirements that the outsourcing officer is located in a unit that reports directly to the management. The outsourcing officer can also be the head of (supporting) outsourcing management at the same time.
#2 Central outsourcing management at group level
With the 6th MaRisk amendment, the possibility is now also granted to set up central outsourcing management at group or association level.
The regulations for simplifications at group level only apply in full to those groups where the group as well as the institutions where functions are to be centralised fall under the application of the CRR and thus also the Outsourcing Guidelines.
In addition, the possibilities with regard to the complete outsourcing of the special functions risk controlling function, compliance function and internal audit are expanded to the effect that the complete outsourcing is now also possible under certain circumstances to sister institutions within a group of institutions.
Great importance continues to be attached to these functions as management and control instruments for the management.
#3 Requirements for the outsourcing register + MaRisk 6.0: What changes in outsourcing management?
In the consultation process, the lack of a list of (contractual) parameters to be entered in the outsourcing register was also addressed.
In order to remedy this and at the same time avoid deviations from the Outsourcing Guidelines in the implementation of this new legal requirement of 25 b para. 1 of the German Banking Act (according to the Financial Market Integrity Strengthening Act – FISG -E), the final version of AT 9 para. 14 MaRisk refers directly to paras. 54 and 55 of these guidelines.
Requirements for the outsourcing register: This is intended to facilitate the establishment of a central outsourcing register for European banking groups, as permitted in point 53 of the Outsourcing Guidelines.
Among the mandatory parameters listed in paragraphs 54 and 55 of the Outsourcing Guidelines, the meeting of the MaRisk expert committee on 4 March 2021 focused in particular on the field of recording under paragraph 55 lit. a. The aim is to facilitate the establishment of a central outsourcing register for European banking groups, as permitted by paragraph 53 of the Outsourcing Guidelines.
Institutions that are affiliated to central protection schemes should also list the other contractual partners of the outsourcing company from the association. The supervisory authority recognises that this can only be considered proportionate where such a recording can be assumed, in particular when a central outsourcing management is set up at association level.
The requirement to record the costs of outsourcing in the outsourcing register was also viewed critically. However, this is also a requirement of the Guidelines on Outsourcing, point 55 lit. k. Therefore, also according to MaRisk, which implements these guidelines, an annual entry must be made regarding the estimated costs or budget.
Outsourcing can hardly be compared if there is no cost framework. However, an intra-year entry of cost adjustments is not required for this purpose.
#4 Outsourcing: Consideration of political risks in the risk analysis
With regard to the requirements for the risk analysis, BaFin has included a wording proposal of DK for the implementation of the EBA Outsourcing Guidelines compared to the consultation version and now state in AT 9 para. 2 that the risk analysis must take into account the extent to which an activity or process to be outsourced is of material importance.
MaRisk 6.0: What changes in outsourcing management? The industry has identified the assessment of political risks as a problematic aspect of risk analysis. According to point 68 lit. d of the Guidelines on Outsourcing, this means the assessment of political stability with regard to the security situation of the jurisdiction in question, which is not likely to refer to EEA countries as a rule.
The analysis of political risks is therefore of particular importance for the possible enforcement of contractually agreed rights in third countries. Since country-specific risks have already had to be taken into account in the risk analysis, BaFin does not see any increased requirements in this respect and does not expect a change in the previous practice.
#5 Outsourcing: Consideration of a scenario analysis in the risk analysis
The addition of a scenario analysis to the risk analysis tends to appear disproportionate to the industry and also only partially sensible.
Accordingly, it is clarified in the explanations of the final version of MaRisk that the risk analysis is only to be supplemented by a scenario analysis if this is reasonable and proportionate.
However, in accordance with the explanations in point 65 of the Guidelines on Outsourcing, it is to be assumed that in many cases it may well be reasonable and, taking into account the principle of proportionality, also necessary to assess the possible effects of omitted or even inadequate services by means of a scenario analysis (even before the conclusion of the contract), as they could result, among other things, from external events (to be simulated).