Pursuant to Section 4 (3) FinDAG, the client intends to commission auditors to carry out IT audits at two institutions for the banking supervision division in accordance with Section 44 of the German Banking Act.
The purpose of supervisory IT audits is to check whether institutions meet the requirements of the banking supervisory requirements for IT (BAIT). An audit report is prepared on the result of the IT audit.
The services to be awarded are advertised in two lots.
Carrying out BAIT testing in accordance with Section 44 KGW for credit institutions outside the Single Supervisory Mechanism based in Rhineland-PalatinateThe audits are intended to cover all areas - with the exception of the chapter "Critical Infrastructures" - of the banking supervisory requirements for IT (BAIT) in the version valid at the time of the audit. Circular 10/2017 of the Federal Financial Supervisory Authority was last published in the version of 16.08.2021 (see BaFin homepage under Law & Regulations > Administrative Letter > Circular > Circular 10/2017 [BA] - Banking Supervisory Requirements for IT [BAIT]).
If the activities of the institutions belonging to the audit areas are carried out at group level or by external service providers, they must be included in the audit (including internal IT service providers within the group of companies) and at the same time their integration into the institution to be audited must be examined.
Implementation of BAIT audit in accordance with § 44 KGW in conjunction with § 53 KWG at credit institutions (third-country branch) outside the single supervisory mechanism with the registered office of the branch in HesseThe audits are intended to cover all areas - with the exception of the chapter "Critical Infrastructures" - of the banking supervisory requirements for IT (BAIT) in the version valid at the time of the audit. Circular 10/2017 of the Federal Financial Supervisory Authority was last published in the version of 16.08.2021 (see BaFin homepage under Law & Regulations > Administrative Letter > Circular > Circular 10/2017 [BA] - Banking Supervisory Requirements for IT [BAIT]).
If the activities of the institutions belonging to the audit areas are carried out at group level or by external service providers, they must be included in the audit (including internal IT service providers within the group of companies) and at the same time their integration into the institution to be audited must be examined.