LR pixel

avedos GRC News

BaFin publishes new rules for banks

Following the Minimum Requirements for Risk Management (MaRisk), Germany’s Federal Financial Supervisory Authority has now published the Supervisory Requirements for IT, also known as BAIT. This additional set of rules defines binding IT security requirements for banks..

BAIT is the Banking Supervision’s first response to the challenges of an increasingly digitized world of finance. It provides hands-on guidelines for organizing IT in financial institutions with a focus on managing IT resources and IT risk management. The provisions defined in the Minimum Requirements for Risk Management (MaRisk) remain valid and must be further implemented.

BAIT focuses on four main topics:

1.     IT strategy
Defining objectives and actions by top management, documenting the target state and status quo, improving the IT infrastructure, strengthening IT security


2.     Information risk management
Fulfilling MaRisk requirements, implementing an internal control system, analyzing the necessary structures and protection, analyzing risks, evaluating residual risks, implementing a reporting system


3.     Information security management
Appointing an IT security officer, conducting organizational measures, developing guidelines and concepts, defining rules for information security breaches


4.     User permissions management
Defining clear access rights to systems and unique user identification, conducting regular audits, analyses and reports


Unlike in the case of a new law, these requirements correspond to existing laws and regulations. Financial institutions, therefore, should soon check which specifications they have yet to fulfill and take appropriate actions. 

Challenges for top management

A systematic approach to managing risks is an essential core competency of financial institutions and an important part of a successful corporate strategy. This makes enterprise management more complex than ever – especially in light of the high expectations on efficiency. To address these requirements, banks must develop processes and establish standards for modern, efficient enterprise management. Governance, risk and compliance (GRC) processes are taking on a more important role in this regard. GRC sets the guidelines for transparent, sustainable enterprise and performance management that weighs risks and opportunities to generate value. Companies with a comprehensive GRC concept also have more resources to utilize opportunities because they have a better understanding of the risks and contingent liabilities.

Share on facebook
Share on twitter
Share on linkedin
Share on xing
Share on email

GRC alert!

GRC know-how for your inbox!

Get informed on the facts and latest trends in GRC – and stay tuned for upcoming events, webinars, podcast episodes or trainings.

CSM Webinar 150x151 Icon
Podcast icon avedos
CSM Event Icon avedos 150x151
CSM Newsletter Icon avedos 150x151
CSM Training 150x150 Icon