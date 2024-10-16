Risk in the financial sector is at an all-time high: Evidence of concerns around risk comes from the Bank of England survey, which identified cyberattacks as the most concerning cited risk to the UK financial system (79% of respondents). MaRisk attempts to redress this by providing a framework to help the banking sector and associated companies to reduce risks of their activities.

Banks and MaRisk

German banks have experienced significant data breaches in recent years, an example being the 2022 cyberattack at Deutsche Bank, which resulted in 60 GB of stolen customer data. Banks and other financial sector entities come under the German Banking Act, BaFin, and MaRisk regulatory umbrella. Under MaRisk, the document “Supervisory Requirements for IT in Financial Institutions” sets out the measures required to meet the IT security requirements for banks. In addition, MaRisk requires German banks to secure their data flows, and one of the latest amendments to the regulation has included adding security to ”home trading” that requires a minimum standard of IT security to guarantee data confidentiality. Zero Trust principles of least privilege enforce access controls from all locations, including home offices.

Cloud service suppliers to banks

'The supply chain of cloud service providers to the banking sector in Germany comes under MaRisk regulation. Cloud service providers must follow the IT supervisory requirements to help ensure that a client (bank or other financial institution) implements risk control to comply. A risk assessment should demonstrate that information risk management, information security, and emergency response measures are in place, and comply with MaRisk and associated BAIT and BaFin. Cloud and IT service providers will typically include these assessments in client contracts. Cloud service providers should explore Zero Trust approaches to robust access controls across a distributed service architecture.