How are the European Banking Authority guidelines enforced by the draft of the 7th MaRisk novel?

Executive summary

• What: 7th MaRisk novel published for consultation on 26th September 2022
• Timeline: Until 28th of October 2022
• Target group: Especially important for less significant institutions (LSI)

Planned implementation of EBA GL 2020/06 requirements

Existing German MaRisk circulars already cover several parts of the EBA GL on loan origination and monitoring. BaFin and Deutsche Bundesbank have therefore opted for a differentiated approach when implementing the EBA GL. The EBA requirements, which were already considered in the existing MaRisk, were supplemented with individual clarifications where necessary. If the respective section in the EBA GL LoAM contains completely new requirements a direct reference is made to the EBA GL. BaFin clarifies that for the implementation of requirements arising from EBA GL the principle of proportionality can be applied (AT 1 No. 3).

Internal governance for credit granting and monitoring

It is remarkable that although the requirements for credit risk policies and procedures were included in the MaRisk by direct reference, the policy requirements for anti-money laundering and counter-terrorist financing (EBA GL LoAM section 4.3.1) as well as data infrastructure (EBA GL LoAM section 4.3.7) were explicitly excluded from the MaRisk.

Section 4.3.5 of the MaRisk is completely new and contains requirements for the use of models that go beyond the requirements of the EBA GL, as these do not only relate to credit risk models or models for automating processes. According to MaRisk a model is a quantitative method, system, or approach that applies statistical or mathematical theories, techniques, and assumptions to process input data into quantitative estimates.

Loan origination procedures

Requirements for the credit approval processes are regulated in the EBA GL section loan origination procedures. The structure differs from the process-oriented requirements in the MaRisk due to the distinction between borrowers and products, so that reference in the new novel is made here in full to the EBA GL.

The cover letter to the MaRisk draft clarifies that real estate consumer loans that are granted as promotional loans and which are largely exempt from the application of the mortgage credit directive, were therefore not included in the MaRisk.

Monitoring Framework

The requirements regarding the monitoring framework, which also contain explicit requirements for the data infrastructure (e.g. capability to gather and automatically compile data regarding credit risk and generation of granular risk data) are included in the MaRisk section for risk management and controlling by direct reference to the EBA GL.

The MaRisk draft version itself does not contain any transition period for collecting missing information and data as mentioned in the EBA GL LoAM (until 30 June 2024). It is common practice for transitional periods to be published with the cover letter for the final version of the MaRisk.

Consideration of ESG risks

The term “sustainability” in terms of ESG (environmental, social and governance) has been defined in the non-binding “Guidance Notice on Dealing with Sustainability Risks” published by BaFin in December 2019.
With the planned introduction of the MaRisk novel, this good practice will become a mandatory obligation for all credit institutions, because ESG risks must be considered within the risk inventory of banks.

Several requirements considering ESG risks are integrated in the general requirements of the MaRisk from risk strategy to organizational manuals.

A significant part of the ESG requirements have also been integrated into the specific requirements for the lending business referring directly to the requirements of the EBA GL section environmental, social and governance factors.

For the risk classification process of borrowers, MaRisk currently offers two options. The effects of ESG risks can be part of the risk classification process (creditworthiness-induced effects) or evaluated separately (e.g. in the form of an ESG score). In the long run BaFin expects that ESG risks are directly integrated into the rating models. This requirement will then lead to a lot of effort for the banks, because integrating new risk parameters requires a recalibration of the rating models.

ESG factors must also be included in the evaluation of collaterals, e.g. energy efficiency of buildings.

In the end ESG risks must be part of the overall credit risk assessment and a correspondingly long observation period must be selected (also relevant for object and project financing).

Data availability for ESG criteria

While ESG criteria for investment decisions now are widely available, the consideration of ESG criteria for loan granting is a special challenge for banks, because not all borrowers are large listed companies obliged to publish ESG relevant information. Furthermore, the primary use of external data for ESG assessment may not meet the bank’s own claim. As a result, banks will have to deal with collecting information about/from clients themselves for at least some of their borrowers (who maybe have not yet dealt with ESG risks at all themselves). In the case of borrowers with external available information the question remains how this can be integrated into the creditworthiness assessment process and into the existing IT data infrastructure.

The draft of 7th MaRisk novel does not contain any major surprises, but we still think that especially the consideration of ESG factors and data collection to assess those risk will remain a challenge. The BaFin is aware that sustainability risks are sometimes difficult to measure and control due to the often-lacking historical data basis, the many factors that must be considered over a longer period and various uncertainties about future climate and political scenarios. At the same time banks as well as companies will have to disclose information on ESG related risks to the authorities (EBA ITS 2022/01 on prudential disclosures on ESG risks, NFRD, CSRD, SFDR, etc.).