Implementing the sixth version of “MaRisk”
Executive Education / 30 June 2022
  • Share

  • 4040

  • 0

  • Print
Henning Heuter, Dipl.-Bankbetriebswirt, ist geschäftsführender Partner bei einem spezialisierten Beratungsunternehmen. In seiner Tätigkeit, die neben den Fragen des Risikomanagements auch deren aufsichtliche Behandlung umfasst, berät er Kreditinstitute aller Institutsgruppen im In- und Ausland. Zu seinen Tätigkeiten gehörten außerdem die Konzeption und die Weiterentwicklung des Limitsystems der Gesamtbank, der Kreditrisikostrategie und des Adressenrisikomanagements auf Gesamtbankebene. Er ist seit vielen Jahren erfolgreich im Bereich Risikomanagement als Dozent für die Frankfurt School tätig.

To Author's Page

More Blog Posts
Auditing with intelligent co-pilots: Generative Artificial Intelligence in Audit
Agile Transformation: Nachhaltige Integration einer agilen Kultur in Unternehmen
Digital Society – Buzzword oder bald Realität?

In August 2021, the German Federal Financial Supervisory Authority (BaFin) published the Sixth Amendment to its Minimum Requirements for Bank Risk Management (6th MaRisk-Novelle). The key starting point was the application of European regulatory initiatives, in the form of the three European Banking Authority (EBA) guidelines on the management of non-performing and deferred exposures (NPEs), non-performing loans (NPLs) and outsourcing, as well as the management of ICT and security risks. The new version also included enhancements and clarifications of existing requirements and expectations – concerning, for example, the complex of issues surrounding forbearance – as well as updates such as the upgrade of crypto assets to the same status as trading transactions.

Deadlines for implementing MaRisk

The new version of MaRisk came into force as soon as it was published. The deadlines for implementation were staggered, so that institutions were required to apply changes that were essentially just clarifications immediately following publication. For implementing new regulations – such as the requirements applying to institutions with large NPL portfolios – an additional grace period was granted until 31 December 2021. A separate implementation deadline for adjusting outsourcing agreements that are currently under negotiation or already in place was set for 31 December 2022.

The requirements for the ongoing assurance of capital adequacy were also refined. Should the aggregation of multiple immaterial risks result in a risk that is (as a whole) material, internal procedures for safeguarding capital adequacy must ensure that the institution’s risk-bearing capacity covers the combined risks. This means that they must be taken into account and if necessary adjusted during the risk inventory process, as well as in the various risk management and risk controlling processes.

The world of capital adequacy – old and new

As of the sixth amendment, normative and economic risk perspectives have now been incorporated into MaRisk AT 4.1. For details of the relevant requirements, the explanatory note to AT 4.1 point 2 refers the reader to the explanations included in the revised “Guidelines on the supervisory assessment of bank-internal capital adequacy concepts” published by BaFin and Deutsche Bundesbank in May 2018. This guideline gave less significant institutions (LSIs) subject to direct supervision by Deutsche Bundesbank the option of using the old-style going-concern approach. In the letter accompanying the sixth amendment, BaFin had already announced that they would only continue to accept the “old world” of capital adequacy for a limited period of time, and that institutions should change over to the “new world” of bank-internal capital adequacy as soon as possible.

Normative and economic perspectives on capital adequacy

Institutions may only use the old-style going-concern approach described in the capital adequacy guidelines until the end of 2022. After that, the supervisory authority expects institutions to apply normative and economic perspectives without any additional transition period. But implementing this requirement involves overcoming a number of challenges. These include the enhancement of existing capital planning processes to include normative capital adequacy calculations, the dynamic simulation of all normative input variables (such as exposures to loans and securities, risk-weighted assets – RWA), and the projection of normative earnings variables for at least three years into the future (as well as core and Tier 1 capital, leverage ratios, large exposure limits). Other challenges include:

  • establishing economic capital adequacy,
  • determining economic values for all material risks (typically by taking a value-at-risk approach, including parameterisation),
  • identifying various scenarios for the risk and stress perspectives (especially the adverse scenario and economic downturn scenario), and
  • calculating limits to apply in the economic perspective.

To do this, institutions may rely on established methods in some cases, but are also required to develop new and/or enhanced methods.

To benchmark and further develop a bank-internal capital adequacy strategy, it is essential for the bank’s specialists and executives to build up their professional expertise. Executive education courses in the above-mentioned areas – especially in risk management for small and medium-sized credit institutions – as well as knowledge transfer by experienced lecturers and via an established network, make it possible for them to acquire practical know-how while sharing and discussing ideas with other professionals.