MaRisk Compliance

Programm

• 9.15 am – 1.00 pm

  Interface to outsourcing AT 9 MaRisk

  ---

  Optimal interaction with the central outsourcing officer design:

  • New service provider management AT 9.7 with risk analysis and new outsourcing report
  • Compliance officer as central outsourcing officer?

  ---

  Pre-outsourcing analysis according to MaRisk AT 9 and EBA guidelines:

  • Minimum requirements for the due diligence of a prospective service provider:
  • When is it mandatory to classify an outsourcing as critical / material?
    outsourcing take place?

  ---

  What does the compliance officer have to pay attention to in the adaptation processes AT 8 MaRisk have to pay attention to?

  ---

  AT 8.1 MaRisk: Securely integrate annual New Product Check

  ---

  Interface Compliance Officer to ISB and DPO

  ---

  Regulatory requirements for IT governance:

  • Is the outsourcing data protection compliant?
  • Establish audit-proof interfaces between outsourcing officer, ISB and DPO.

  ---

  AT 7: Audit focus on IT compliance:

  • IT strategy, IT environment and IT organisation in focus of the new MaRisk
  • Secure handling of self-developed IT applications, access rights, IT approvals and changes in the IT system

• 2.00 pm – 17.00 pm

  Duties as Compliance Officer: Monitoring + Control

  ---

  Acute need for action for the compliance function from EBA and SREP requirements

  ---

   Fulfil due diligence obligations as a Compliance Officer safely – Limiting risks from the guarantor position in a targeted manner

  ---

  Avoiding legal risks:

  • Risk analysis for an audit-proof legal inventory
  • Supervisory law: requirements for a legal inventory
  • Carrying out the qualitatively more stringent risk analysis on the basis of
    uniform scoring criteria

  ---

  Control Plan Compliance:

  • Overview of monitoring and control activities
  • Audit-proof review of compliance requirements