BaFin - Navigation & Service

Erscheinung:09.02.2018 BAIT now available in English

The Supervisory Requirements for IT in Financial Institutions (Bankaufsichtliche Anforderungen an die IT – BAIT), which BaFin published in German at the start of November, are now also available in English.

The intention behind the BAIT is to offer clarity to management boards of institutions on banking supervisors' expectations with regard to the secure design of IT systems and associated processes, as well as on the relevant requirements placed on IT governance. These requirements now form a core component of IT supervision in the banking sector in Germany.

Like the Minimum Requirements for Risk Management for financial institutions (MaRisk), the latest version of which was published by BaFin at the end of October, the BAIT provide an interpretation of the legal requirements of section 25a (1) sentence 3 nos. 4 and 5 of the German Banking Act (Kreditwesengesetz – KWG - only available in German). The BAIT describe what banking supervisors consider to be appropriate technical and organisational resources for IT systems, with particular regard to the requirements for information security and suitable contingency plans. As institutions are increasingly obtaining IT services from third parties, including as part of outsourcing arrangements, this interpretation also incorporates section 25b of the KWG.

Did you find this article helpful?

We appreciate your feedback

Your feedback helps us to continuously improve the website and to keep it up to date. If you have any questions and would like us to contact you, please use our contact form. Please send any disclosures about actual or suspected violations of supervisory provisions to our contact point for whistleblowers.

We appreciate your feedback

* Mandatory field