Fit and Proper 2.0: Why the human factor determines your capital requirements

In traditional banking theory, risks were long categorised into neat silos:

• market price risks,
• credit risks,
• operational risks.

Governance? That was the ‘soft’ topic that was relegated to the notes to the annual report. But by 2026, the tide had turned.

With the tightening of the EBA guidelines and the new IDW guidance, it has become clear: The suitability of management bodies is no longer an HR issue, but a key risk factor with a direct impact on the balance sheet.

The End of the “Figureheads”: From Formal to Substantive Suitability

The term “fit and proper” is not new. However, the way it is interpreted by the supervisory authorities (BaFin/ECB) has undergone a radical transformation. Whereas in the past it was often sufficient to tick boxes on CVs and ensure there were no criminal records, modern supervisory practice now demands substantive relevance.

It is no longer simply a matter of whether a board member has 15 years’ banking experience. It is about whether he or she can manage the specific complexities of the institution in question in a digitalised, ESG-driven world.

Today, the auditor no longer looks merely at ‘proper’ (reliability), but delves deeply into ‘fit’ (professional suitability). And this is where the greatest source of error lies: many institutions underestimate the fact that a lack of expertise in future-oriented fields is now regarded as a structural deficit in risk control.

The Suitability Matrix: The ECG of Board Work

One of the most powerful tools in modern governance is the Suitability Matrix. It is far more than just a routine task for the legal department. Used correctly, it acts as an early warning system for the institution.

Fit and Proper: Focus on collective suitability

A key aspect highlighted by the new IDW guidance is collective suitability. A supervisory board or executive board does not need to consist of five all-round geniuses. However, as a team, it must cover all relevant areas of expertise.

The key question is: If your institution suffers a massive cyber attack or ESG reporting collapses due to poor data quality – is there someone on the relevant committee who will ask the right questions before it is too late?

If there are gaps in the matrix here (for example, no IT expertise on the risk committee), a governance gap arises. For the regulator, this is not a mere cosmetic flaw, but an indicator of heightened operational risks.

The consequence: a lower score in the SREP process (Supervisory Review and Evaluation Process).

The selection process as a safeguard against the “diffusion of responsibility”

A common point of criticism in audit reports is the lack of transparency in the appointment of key roles. The days when positions were awarded based on ‘old-boy networks’ or within small, informal circles are well and truly over.

Why the process is more important than the name

Today, the auditor examines the appointment process. A robust process must document the following steps in a transparent manner:

1. Strategic derivation: What skills profile does the institution require based on its 2030 business strategy?
2. Gap analysis: What skills are missing from the current board?
3. Objective selection: How was it ensured that the candidate is suitable not only professionally, but also in terms of time (overboarding regulations!) and personally?

If this chain is missing, the appointment becomes vulnerable. In practice, this often leads to the phenomenon of diffusion of responsibility: if roles are not assigned with crystal-clear clarity regarding suitability and accountability, in a crisis everyone feels a little bit responsible, but no one feels truly accountable.

The economic logic: governance quality and capital

Why should a CFO be interested in ‘fit and proper’? The answer lies in the hard currency of banking supervision: capital.

The quality of internal governance (Pillar 2 of banking regulation) feeds directly into the overall SREP assessment. A poor rating regarding the suitability of management bodies almost inevitably leads to a higher Pillar 2 Requirement (P2R).

Those who cut corners on governance end up paying the price – through higher capital buffers that hamper growth and reduce return on equity. An excellent fit-and-proper structure is therefore a direct lever for returns. It signals to the regulator: “We have the people who understand and manage our risks.”

The role of the auditor: From co-driver to systems diagnostician

With the new IDW guidance, the role of the auditor has changed. They are no longer merely the person who confirms that the documentation is in order. Instead, they are increasingly acting as a systems diagnostician.

They scrutinise the interaction within the board. A passive suitability matrix that is updated once a year but never used for strategic succession planning is worthless. The auditor seeks out the “living system”. They check whether training measures for board members actually take place or whether they exist only on paper.

Conclusion: Governance starts in the mind

Fit and Proper is far more than a burdensome regulatory obligation. It is the insurance policy for your institution’s future viability. In a world where business models are disrupted by technology and regulation within a matter of years, the collective intelligence of your senior management is the only asset that cannot simply be copied.

Those who invest today in transparent processes and targeted competency profiles lay the foundations for regulatory trust – and save themselves costly SREP surcharges tomorrow. Governance excellence is not an end state, but a continuous process that begins with the people who steer the system.