BAIT now available in English
The Supervisory Requirements for IT in Financial Institutions (Bankaufsichtliche Anforderungen an die IT – BAIT), which BaFin published in German at the start of November, are now also available in English.
The intention behind the BAIT is to offer clarity to management boards of institutions on banking supervisors' expectations with regard to the secure design of IT systems and associated processes, as well as on the relevant requirements placed on IT governance. These requirements now form a core component of IT supervision in the banking sector in Germany.
Like the Minimum Requirements for Risk Management for financial institutions (MaRisk), the latest version of which was published by BaFin at the end of October, the BAIT provide an interpretation of the legal requirements of section 25a (1) sentence 3 nos. 4 and 5 of the German Banking Act (Kreditwesengesetz – KWG - only available in German). The BAIT describe what banking supervisors consider to be appropriate technical and organisational resources for IT systems, with particular regard to the requirements for information security and suitable contingency plans. As institutions are increasingly obtaining IT services from third parties, including as part of outsourcing arrangements, this interpretation also incorporates section 25b of the KWG.