Germany: BaFin launches public consultation on revised circular on risk management for banks, addresses IT systems and outsourcing
The German Federal Financial Supervisory Authority ('BaFin') issued, on 26 October 2020, a draft for public consultation on the revised circular on minimum requirements for risk management for banks. In particular, the draft outlines, among other things, general requirements for risk management including the implementation of an internal control system which includes stress testing and data management, organisational guidelines, documentation requirements as well as addressing outsourcing. More specifically, the draft notes that outsourcing officers and information security officers may not be included within the compliance unit, that organisational procedures should address significant outsourcing, and that IT systems should guarantee the availability, authenticity and confidentiality of data.
You can download the draft, only available in German, here.