Risk management: Relief for small credit institutions

The BaFin also points out existing leeways that banks have not always utilized. Using specific examples, the BaFin shows that small institutions can make their risk management processes less complex without affecting the effective management of their risks from a supervisory perspective.

According to BaFin’s assessment, this results in simplifications for about 950 institutions, i.e. around three-quarters of German credit institutions, in the implementation of the minimum requirements for risk management of banks (MaRisk) issued by the BaFin.

Harmonisation and clarification of the definition of small institutions

The focus is on harmonising the definition of small institutions with European regulations. From the end of November 2024, institutions that are classified as small and non-complex institutions (SNCIs) per Art. 4 (1) no. 145 of the Capital Requirements Regulation (CRR) will be considered small per MaRisk.

In addition, BaFin adopts the term ‘very small institutions’ from the Guidelines on the Supervisory Assessment of Banks' Internal Capital Adequacy Assessment Processes of 29 May 2018, according to which a threshold of 1 billion euros is set for the total assets of these institutions, which is determined based on the four-year average in the same way as the threshold values for SNCIs.

Key points of the relief

Risk inventory and insignificant risks: When calculating their risk-bearing capacity, small credit institutions only have to take into account aggregated insignificant risks that exceed a materiality threshold of 5% of their economic risk coverage potential. This simplifies the risk inventory and enables a focused consideration of significant risks.

Risk-bearing capacity: For very small institutions, the RBC guideline allows near-present value procedures and so-called ‘Pillar 1+’ approaches. These methods allow a simplified yet effective risk measurement and assessment. Very small and, at the same time, less complex institutions can also use an approach to approximate the economic perspective in which they determine the risk values for the other material risks not or insufficiently taken into account in Pillar 1 in a simplified or generalised manner. Instead of generalized estimates of risks that are difficult to quantify – e. g. model risks – and taking these into account on the risk side, appropriate buffers can also be maintained in the risk coverage potential. In this case, however, the individual risks that the buffer is intended to cover on a flat-rate basis must be documented.

In addition to the quantitative criterion ‘very small’, the qualitative criterion ‘low complexity’ must also be met to apply the 'Pillar 1+' approach. This criterion is an indeterminate legal term that is not further specified in the present supervisory communication. Therefore, very small institutions should consult with the supervisory authority to determine the extent to which their institution fulfils the 'low complexity' criterion and thus whether the 'Pillar 1+' approach is permissible.

Stress tests: Small institutions can reduce the number of stress tests and now dispense with inverse stress tests, provided that the management of their material risks is assured. In addition, very small institutions are entitled to perform only cross-risk-type stress tests and simplified sensitivity analyses.

Reporting: In principle, risk reporting to management must occur quarterly. However, the updating of reports can be extended to longer-term intervals for stable business areas. Additionally, if no relevant changes have occurred, the current report can refer to the previous report. Monitoring of strategies and capital planning only has to take place every two years if an additional buffer of 2% is maintained in addition to the regulatory and recommended capital base.

Validation reports from service providers: Small institutions are not required to prepare their validation reports for the risk measurement models of central service providers, but may instead refer to the service provider's report or enclose the service provider's report with their report.

No requirement to prepare separate reports on recovery plan indicators: A separate report on recovery plan indicators and their distance from the set thresholds is not required. Reporting in the overall risk report is sufficient.

Reliefs in credit business: In non-risk-relevant credit transactions, institutions may use simplified procedures for creditworthiness checks and are no longer required to check all possible influencing factors.

Outsourcing management: Greater use of group-internal or association-internal outsourcing management solutions will be possible. It is also considered permissible to dispense with a central outsourcing management system within an institution. In the case of internal outsourcing within an association, there is no need to establish exit processes and options for action.

Waiver of annual market fluctuation concept for monitoring real estate price development: Smaller institutions that are highly concentrated regionally are now allowed to dispense with the use of these concepts, provided that they have sufficient internal transaction data for their market monitoring to enable them to monitor regional price developments using key figures they have developed themselves.

Outlook

This supervisory message makes it clear that the BaFin is willing to ease the regulatory burden on small institutions to boost their competitiveness. However, a continuous review of the granted reliefs should take place counteract unfavourable developments. Further adjustments could follow in future amendments to MaRisk, permanently integrating the reliefs that have now been granted.

The announced relaxations will apply with immediate effect from the end of November 2024. Institutions that have previously been confronted with divergent audit findings now have clarity and legal certainty. Findings made in this context are no longer to be assessed as deficiencies that need to be remedied.