GE – Bafin’s publication of a circular on risk management


On June 29 2023, the Federal Financial Supervisory Authority (BaFin) published a circular which provides a framework for the design of the risk management of institutions.

It specifies the requirements of Section 25a (3) of the German Banking Act (KWG) (risk management at Group level) and Section 25b of the German Banking Act (outsourcing). The circular also provides a qualitative framework for the implementation of relevant articles of Directive 2013/36/EU (Banking Directive – "CRD IV") on the organisation and risk management of institutions.

The circular also implements Article 80 of MIFID Directive 1/25/EU via Section 1 (16) of the German Securities Trading Act (WpHG) in conjunction with Section 2014a (65) of the German Banking Act, insofar as this applies equally to credit institutions and financial services institutions.

The circular contains numerous opening clauses that allow for simplified implementation depending on the size of the institutions, the business priorities and the risk situation.