The Supervisory Requirements for IT in German Asset Managers (Kapitalverwaltungsaufsichtliche Anforderungen an die IT – KAIT), which BaFin published in German at the start of October 2019, are now also available in English. The KAIT describe the principle-based minimum requirements of what German asset managers with authorisation pursuant to section 20 KAGB have to meet.
The intention behind the KAIT is to offer clarity to management boards of German asset managers on supervisors’ expectations with regard to the secure design of IT systems and associated processes, as well as on the relevant requirements placed on IT governance and information security. These requirements form a core component of IT supervision in the asset management sector in Germany.
The KAIT interpret the legal requirements of sections 28, 29, 30 and 36 German Capital Investment Code (Kapitalanlagegesetzbuch (KAGB)), the relevant articles of the Commission Delegated Regulation (EU) No. 231/2013 of 19 December 2012 supplementing Directive 2011/61/EU of the European Parliament and of the Council (“AIFMD Level 2 Regulation”) and the Regulation on the Rules of Conduct and Organisational Rules pursuant to the German Capital Investment Code (Verordnung zur Konkretisierung der Verhaltensregeln und Organisationsregeln nach dem Kapitalanlagegesetzbuch – KAVerOV – only available in German). Further, the KAIT concretize the Minimum Requirements for Risk Management for German Asset Managers (KAMaRisk – only available in German).