MaRisk does offer generally recognised and leading methods for the identification, measurement and control of financial risks.
MaRisk (Minimum Requirements for Risk Management) is a binding policy for German financial institutions, based on Section 25a of the German Banking Act [KWG], that specifies a holistic framework for the organizational and operational structure for financial risk management. In contrast to banks, MaRisk is not legally binding upon industrial companies. MaRisk does, however, offer generally recognised and leading methods for the identification, measurement and control of financial risks and thus represents a frame of reference for industrial companies as well. Every larger non-financial company should be in a position to justify deviations from the specifications either through the absence or immateriality of the risk in question. This is why numerous risk-management guidelines and policies are oriented around the specifications of MaRisk. MaRisk is thus indirectly significant for a broader group of companies as well.
For the most part, however, while the rules do not apply to credit transactions in industrial companies, the rules on risk-bearing capacity, internal control system, risk management and controlling are highly relevant in the corporate treasury and in commodities and energy trading.
Given the risks involved, specifically companies with extensive activity in the trading of derivative and non-derivative financial instruments as well as contracts for commodities and energy are more likely to apply the specifications of MaRisk voluntarily, in some cases commissioning independent auditors to confirm correct application of the specifications. For these companies, MaRisk presents a clear guideline that is laid down by in-house supervisory bodies and forms the point of reference for internal organisation. MaRisk is also often applied so as to help build trust in the eyes of external trading partners and banks.
MaRisk has been in existence since 2005 and has been amended several times since. After multiple postponements, the policy published on 27 October 2017 is now available in its fifth, amended form and takes effect immediately, without any transition deadlines.
With the current amendment to MaRisk, regulatory authorities take into account, among other things, international specifications of the European Banking Authority (EBA) and the Basel Committee on Banking Supervision (BCBS) while at the same time attempting to curtail previous interpretative latitude. Major amendments that are also of relevance to industrial companies can be found in the following sections:
In future, risk management will include an appropriate risk culture. Aside from defining the appetite for risk, creating a risk culture also calls for promoting behaviour commensurate with risk and an open exchange about risk-related issues within the enterprise.
Risk reporting must be performed regularly, based on up-to-date, complete and exact data. Achieving this requires group-wide rules on data management, data quality and data aggregation.
Generally speaking, the bulk of the amendments tend to be less relevant for industrial companies than they are for banks. Nevertheless, publication of the 5th set of amendments to MaRisk ought to provide many companies an occasion not only to take the new requirements into account but also to redouble their efforts to apply existing rules and refine the rigour with which the rules are carried out.
Source: KPMG Corporate Treasury News, Edition 73, November 2017
Author: Daniel Rahmann, Manager, Finance Advisory, firstname.lastname@example.org
© 2018 KPMG AG Wirtschaftsprüfungsgesellschaft, ein Mitglied des KPMG-Netzwerks unabhängiger Mitgliedsfirmen, die KPMG International Cooperative (“KPMG International”), einer juristischen Person schweizerischen Rechts, angeschlossen sind. Alle Rechte vorbehalten.