The deadline for initial notification has been significantly extended from 2 to 4 hours following identification of the incident. Due to reorganization of the three notification types, it is no longer necessary to provide as much information in the initial and interim notifications. This is due to the newly introduced “completion” of the notification forms, meaning that only the final report needs to contain all information pertaining to the incident. The criteria previously referred to as “Level 1” and “Level 2” proved insufficiently self-explanatory and have been replaced by the terms “Lower Impact Level” and “Higher Impact Level.” For the Higher Impact Level criterion, the number of transactions concerned has been increased from one million to five million euros.

Continue

On 16 March 2017, BaFin – Germany’s financial regulator – held its fourth information meeting on the supervision of IT for banks with roughly 500 attendees. The press and media coverage (FAZ, Handelsblatt, Börsenzeitung) placed emphasis on the vulnerability of bank IT systems to attacks and the need for them to improve their IT security, whereas BaFin and the Bundesbank announced important details regarding future supervision and monitoring of bank IT, with keynote presentations on BAIT (supervisory requirements for bank IT), monitoring of IT matters in practice by banking regulators, and the implementation of the IT Security Act by means of the Federal Office for In- formation Security Act (BSI) and the Payment Service Directive (PSD) II.

Continue

Financial instruments such as securities, derivatives (warrants) and money market instruments are frequently used by firms and investors today for asset, liquidity and risk management. As was made crystal clear by the financial crisis of 2008, these instruments can be useful for risk management, but if used in the wrong way, they can also have a destabilizing effect on financial markets. Financial instruments are therefore quite rightly subject to greater critical scrutiny from the public and from regulators. The latter have produced a series of rules (especially EMIR, MiFID II, MAR, CRD IV and PRIIP) in order to ensure the stability of financial markets on the one hand and to protect consumers on the other.

Continue