BaFin - Navigation & Service

Go to:

Topic Risk management Risk management

Article from BaFin's 2017 annual report

BaFin's risk manual entered into force on 26 July 2017. It combines all of the organisational rules, functions and tools of BaFin's internal risk management system.

BaFin's Executive Board had resolved at the start of 2016 to establish an integrated risk management system, covering all of BaFin's risks and bringing together the functions and processes of existing units within the organisation specialising in risk-related issues (e.g. IT security, compliance, internal control system). This integrated approach provides a general overview of the risks of all the Directorates.

Previously, different types of risk were assessed and managed separately in the individual organisational units specialising in risk-related issues. In order to avoid redundancies, moreover, these risks will continue to be identified, evaluated and documented in the relevant organisational units. Specific statutory provisions or standards will apply to these individual components. However, risks assessed as having a particularly high loss potential despite their risk treatment must now be passed on to BaFin's central risk management function. In addition, the central risk management function identifies and manages particularly important risks relating to specific Directorates and risks relating to the whole of BaFin.

Did you find this article helpful?

We appreciate your feedback

Your feedback helps us to continuously improve the website and to keep it up to date. If you have any questions and would like us to contact you, please use our contact form. Please send any disclosures about actual or suspected violations of supervisory provisions to our contact point for whistleblowers.

We appreciate your feedback

* Mandatory field

Publications on this topic

Format Article Erscheinung: from 28.02.2025 Prepar­ing for DO­RA: “We’ve stepped it up a notch”

Companies in the financial sector have had to apply DORA since 17 January 2025. Jens Obermöller, Director-General of IT Supervision at BaFin, talks about how companies and supervisors have been preparing for the new rules – and what will happen next.

Format Article Erscheinung: from 12.12.2024 „A pal­pa­ble con­tri­bu­tion to­wards re­duc­ing bu­reau­cra­cy“

Small institutions can now benefit from additional simplified requirements in the area of risk management. That is thanks to a new supervisory statement published by BaFin. Chief Executive Director Raimund Röseler provides background information as well as some surprising insights.

Format Article Erscheinung: from 04.12.2024 Sim­u­lat­ing at­tacks to en­hance se­cu­ri­ty

Cyberattacks continue to pose a great risk to the financial industry. Special tests can simulate the tactics, techniques and methods of potential attackers. Which companies are required to undergo the tests?
By Hanno Burgau and Lucas Pausewang, BaFin IT Supervision

Format Article Erscheinung: from 13.08.2024 Trans­paren­cy en­sured by re­port­ing re­quire­ments

(BaFinJournal) Starting in January 2025, major ICT incidents will have to be reported to BaFin. What exactly is at stake here? What will happen with the reports? And what role will BaFin play? By Benedikt Queng and Michael Göddecke, BaFin IT Supervision

Format Article Erscheinung: from 24.06.2024 ”Start get­ting ready for DO­RA now”

(BaFinJournal) Throughout Europe, companies in the financial sector are being called on to protect themselves more effectively against IT risk. Jan Kiefer from BaFin’s IT Supervision explains what this means for risk management.

All documents