The minimum requirements with regard to risk management for insurance companies (MaRisk VA) are a binding standard defined by the German Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht-BaFin). MaRisk VA specifies the design of the risk management in German insurance companies and covers qualitative standards for the risk management processes and methods to be introduced.
MaRisk VA sets out corporate management requirements: the company’s strategic risk strategy must be defined, highlighting the objectives and framework of the risk strategy. In addition, an organizational framework must be implemented that focuses on structural and process organization. An Internal Control System must be established and verified on an ongoing basis.
The implemented controls for ensuring the operational capability of the risk management system are a key success factor. MaRisk VA requires performance tests of the implemented controls at least once a year in order to ensure that control weaknesses are evaluated and corresponding measures taken.
ARIS Solution for Governance, Risk & Compliance Management (ARIS GRC) covers all the above aspects of MaRisk VA: the risk strategy and main processes can be mapped and enhanced by defining risks and key controls. Responsibilities can be assigned and extracted into reports using the ARIS Repository. ARIS GRC also supports control testing and issue management to handle measures, ensuring audit-proof storage of all relevant data.
Additional links:
- all articles of the #LoungeTalk series
- www.grc-lounge.com
- GRC discussion group at ARIS Community
- Governance, Risk, and Compliance category