Risk Management + Compliance
For board members and managing directors at banks, financial service providers, leasing and factoring companies and
specialists from the areas of treasury and risk controlling
665,-€
Programm
-
Proper business organisation and indicators for
An appropriate risk culture
MaRisk AT 3: Requirements of the supervisory standard setters for the
- Leadership culture (Tone from the Top)
- Employee responsibilities (Accountability)
- Open communication and critical dialogue (Effective Communication and Challenge) and
- Appropriate incentive structures (Incentives)
Operationalisation of the risk culture: definition of appropriateness, Appropriateness and materiality
MaBail-In: Risk strategy and structural limits put to the test
Liability trap ad hoc reporting and audit-proof escalation procedure
Current requirements for risk management
MaRisk BTR: Components and perspectives of the risk capacity concept
- Risk identification in the normative perspective
- Risk identification in the economic perspective
MaRisk AT 4.1: Forward-looking capital planning process
- Consideration beyond the balance sheet date
- P2R – Pillar 2 Requirement
- P2G – Pillar 2 Guidance – Own funds target ratio
- Capital for own funds target ratio can be backed by reserves according to § 340 f HGB.
can be backed by reserves - SREP capital surcharge constitutes hard capital requirement
- Small Banking Box – Discussion of a three-tiered approach
Current BaFin guideline: Changes in the practice of risk management
S+P Tool Box
- S+P Check: These are the “red lines” you must observe
- S+P Checklist: 105-point check on risk-bearing capacity
- Organisational manual for the Information Security Guideline (Length approx. 30 pages)
Risk Management + Compliance
-
New BAIT: Stricter requirements for information risk management Information Risk Management
BAIT Tz 8: Actively manage compliance, information security, money laundering prevention and data protection
- Regulating tasks and accountability
- Monitoring + control + reporting
- Manage interfaces in an audit-proof manner
- Agile communication techniques in the commissioning process
Modules of an effective IT compliance system:
Interface management to:- Processing directory Art. 30 EU GDPR
- Data protection impact assessment Art. 35 EU-DSGVO
- Deletion concept Art. 17 EU-DSGVO and DIN standard 66398
BAIT 6: Secure handling of self-developed IT applications, access rights, IT acceptance as well as changes in the IT system
Compliance requirements for control and reporting obligations in the IT sector
