Photo of Dr. Anselm Reinertshofer

On 3 November 2017, the German regulator for the financial sector, the Federal Financial Supervisory Authority (“BaFin”), published a new circular titled Rundschreiben 10/2017 (BA) vom 3. November 2017 – Bankaufsichtliche Anforderungen an die IT (in English: Circular 10/2017 – Regulatory Requirements for IT-Systems – “BAIT”). The BAIT is available in German language at the BaFin’s website. The final version of the BAIT incorporates a number of revisions that result from the submissions made by stakeholders in the course of a prior public consultation.

Scope of the BAIT

The BAIT’s purpose is to give guidance on the BaFin’s interpretation of the statutory requirements under Section 25a(1) s. 3 no. 4 and 5 and Section 25b of the German Banking Act (Kreditwirtschaftsgesetz – KWG). The BAIT sets out the BaFin’s understanding of how reasonable technical/organisational features of IT systems used within financial institutions should look like, taking in particular into account the requirements for IT security and a sufficient emergency concept. The BAIT also addresses the increased engagement of third party IT suppliers that carry out a wide range of processes on behalf of regulated financial institutions, Section 25b of the German Banking Act.

Continue Reading German Federal Financial Supervisory Authority (BaFin) publishes circular on regulatory requirements for financial institutions’ IT systems