Integration of EBA guidelines into MaRisk: Strengthening risk-conscious lending and internal governance

On June 29, 2023, Bafin published what is now the 7th amendment to the “Minimum Requirements for Risk Management – MaRisk” framework, which has been in place since 2005. We briefly summarize the contents for you:

Key content of the EBA guidelines on lending and monitoring (EBA/GL/2020/06) is incorporated into MaRisk, in part as references to the guidelines themselves, while maintaining proportionality. This includes but is not limited to

  • Requirements for a more risk-sensitive lending policy
  • Internal governance for lending and monitoring, with topics such as credit risk management, strategy, risk appetite, risk culture and limitation, each related to credit risk and credit decision processes
  • Monitoring the behavior of employees (compliance with the Code of Conduct)
  • Avoidance of conflicts of interest in credit decisions (clarification of so-called “golf course transactions”)
  • Procedure for granting loans differentiated by borrower and type of financing with reference to the guideline

Adjustments for sustainable lending and risk management

In anticipation of the adoption of CRD (Capital Requirements Directive) VI, the 7th MaRisk amendment already implements the key European regulations on the integration of ESG risks as a fully-fledged risk category in lending and risk management at national level. Institutions will be required to include so-called ESG scores in the credit assessment of their borrowers, relying on science-based evidence rather than developing their own climate models. The primary ESG risks to be implemented are environmental risks, in particular climate risks.

For the application of models for the processes described within the framework of MaRisk, e.g., in the application of technology-based innovations for lending purposes or the use of automated models for credit scoring and lending decisions, a new section introduced in the general regulations that places an obligation on institutions to understand, review, manage, and carefully document these models, including when using artificial intelligence. Explicitly excluded are the models used within the framework of the CRR (Capital Requirements Regulation).

Due to the expansion of the real estate business in the sense of acquiring own real estate to generate income, a new module with minimum requirements for the institutions’ real estate business was introduced into MaRisk. The new BTO 3 module provides for lean, principle-based regulations for the organizational structure and processes, which, in accordance with the proportionality principle, are only to be applied after certain threshold values have been exceeded.
Further adjustments to MaRisk relate to, among other things:

  • Analysis and regular review of the business model and introduction of new reporting on the institute’s business situation
  • Clarifications on the risk-based pricing of loans
  • Regulations on trading in the home office
  • Clarification of the special treatment of residential real estate development loans (exemption under the Residential Real Estate Credit Directive).
  • Regulations for major development banks

In principle, MaRisk must be applied from the date of publication. For new regulations, such as the assessment of model risks or the quantification of ESG risks and consideration of the requirements for the real estate business of the institutions, a transition period until 01.01.2024 applies.

The 7th MaRisk amendment replaces the previous minimum requirements for risk management just under two years after they came into force and thus reflects the dynamic development of regulatory requirements. As already made clear in the previous section, the 7th MaRisk amendment includes extensive new regulations that require a differentiated examination of lending processes and risk management. At the same time, the increasing importance of ESG criteria as well as the associated consideration of sustainability-related impacts is also comprehensively addressed, although a definition of concrete qualitative and quantitative standards is pending. In addition, the aspects mentioned must each be considered in connection with the aforementioned EBA guidelines as well as with other regulations, such as CRR II and CRD VI, and, depending on the type of institution and business model, bring with them challenges that we will be happy to support you in overcoming.

talk to

Mario Sonneborn


Mario Sonneborn