9th Amendment to the MaRisk 2026: What reliefs does the consultation offer to small and very small institutions (SNCIs)?
The 9th amendment to the MaRisk (consultation 02/2026) establishes the categories “small institution” (SNCI) and “very small institution” directly within the circular and transposes numerous reliefs from the supervisory notice of 26 November 2024 into binding supervisory law – including in relation to validation, stress testing, separation of functions, outsourcing, lending activities and reporting.
- What are small and very small institutions under MaRisk 9?
- What reliefs apply to validation and risk-bearing capacity?
- What reliefs apply to stress tests?
- How are the requirements for specific functions changing?
- What relief measures apply in the case of outsourcing?
- What changes are taking place in the lending sector?
- What reliefs apply to reporting?
- What should SNCI institutions do now?
- Key Takeaways
- FAQ on the 9th Amendment to the MaRisk for SNCIs
- Source
Included in this collection:
Open collection
9th Amendment to the MaRisk 2026: What reliefs does the consultation offer to small and very small institutions (SNCIs)?
Data as the foundation: Why compliance and reporting will determine survival in 2026
The “magic triangle” of surveillance: why harmony puts your bank at risk
Fit and Proper 2.0: Why the human factor determines your capital requirements
Preferential Treatment of Retail Exposures in the Credit Risk Standardised Approach (CRSA) – EBA clarifies requirements regarding the granularity criterion
Artificial Intelligence in Treasury – from periodic financial reporting to a continuous management function
Changes to the LSI Stress Test 2026
CRR III and the property business: Removing the brake on new business
Early repayment penalty: Are liquidity costs the same as counterparty risk costs?1
Interview: Making of msg.ORRP
For the approximately three-quarters of German credit institutions that, according to BaFin estimates, are classified as SNCI, the changes introduced by the 9th amendment to MaRisk mean:
Resources can be focused more effectively on the risks that are actually material, without falling below the minimum regulatory standards.
Risk management for SNCIs in the context of the 9th amendment to the MaRisk
The new amendment to the MaRisk introduces a stronger focus on principles and greater proportionality. At this free information session (only in German), our experts will present potential approaches to make targeted use of exemption clauses and simplifications whilst ensuring compliance with governance requirements.
What are small and very small institutions under MaRisk 9?
- Very small institutions: total assets ≤ €1 billion (purely a size criterion; all MaRisk exemption clauses permitted)
- Small institutions or other SNCIs: total assets ≤ €5 billion (more precisely: SNCI criteria in accordance with Article 4(1)(145) of the CRR)
Very small institutions may also make use of the relief measures for small institutions without an SNCI classification.
What reliefs apply to validation and risk-bearing capacity?
The validation requirements have been aligned with the principle of proportionality. For small institutions, the current amendment significantly reduces both the workload and the frequency:
- Minimum interval: In future, follow-up validations will only need to be carried out at least every three years and on an ad hoc basis.
- No separation of functions: Small institutions may dispense with the separation between model development and validation.
- No separation of personnel between model parameterisation and adequacy testing is required.
Where centrally validated procedures provided by external service providers are used, an institution-specific adequacy test remains mandatory. Furthermore, the forward-looking analysis of the business model may be carried out in a simplified manner.
What reliefs apply to stress tests?
The stress testing area is one of the most significant areas of relief. The amendment distinguishes between small and very small institutions:
- Small institutions: A severe economic downturn as a bank-wide scenario is sufficient, provided that all material risks are negatively impacted. Inverse stress tests may be dispensed with entirely.
- Very small institutions: It is also possible to dispense with risk-specific stress tests, provided these risks are covered in the overall stress test.
- Environmental risks: Qualitative approaches are permitted for small institutions instead of quantitative sensitivity analyses.
- Liquidity risks: Only the scenario with the greatest impact needs to be analysed.
How are the requirements for specific functions changing?
The current amendment addresses the fact that small institutions are often unable to strictly separate control functions in terms of staffing:
- Risk control function: In small institutions, this function may be performed jointly with the back-office department, provided there are no significant conflicts of interest.
- Compliance function: A combination with the anti-money laundering officer, the ICT risk control function under DORA or the data protection officer is possible; however, the roles of anti-money laundering officer and data protection officer cannot be combined. In very small institutions, the role of compliance officer may be assigned to a managing director.
- Internal audit: In very small institutions, a managing director may take on these duties if a dedicated audit unit would be disproportionate.
What relief measures apply in the case of outsourcing?
Section 9 of the MaRisk contains several practical exemptions relating in particular to intra-group structures and reporting:
- Full outsourcing: Very small institutions may fully outsource the compliance function or internal audit, regardless of the group context.
- Audit officer: In very small institutions, a senior manager may perform these duties if appointing someone below senior management level would be disproportionate.
- Reporting: For very small institutions, reporting on significant outsourcing arrangements at a board meeting is sufficient. I
t should be noted that overall responsibility for compliance with the obligations associated with the outsourced functions and processes remains with the institution, even in the case of full outsourcing.
What changes are taking place in the lending sector?
In the lending business, the current amendment to the MaRisk allows for a simplified implementation of the organisational structure and operational processes:
- Votation: Very small institutions may dispense with this if senior management is directly involved in the granting of risk-relevant loans.
- Collateral valuation: For small institutions, a review of valuation procedures every two years is sufficient; this requirement does not apply in the case of standardised procedures (e.g. BelWertV). Very small institutions may dispense with the rotation of property valuers.
- Market fluctuation concept: Small institutions with a regionally concentrated loan book may dispense with the purchase of external data if their own transactions provide sufficient insight into the market.
What reliefs apply to reporting?
The overall risk report is to be submitted at least quarterly. However, specific relief measures are being introduced for small institutions:
- reference to previous reports where the risk situation remains unchanged.
- No reporting obligation during the year for risks with high stability.
- Where risk appetite is low in a material risk category, a reference to the strategic decision is sufficient during the year.
- The quarterly stress test reporting obligation may be met by a rolling review of individual tests.
What should SNCI institutions do now?
- Review their classification: Clarify whether your institution meets the criteria for an SNCI or a very small institution – and make use of the option to choose.
- Carry out a gap analysis: Systematically compare your current implementation with the new simplifications. Excessive requirements are often still being applied, particularly in relation to validation, stress testing and reporting.
- Adapt documentation: Organisational guidelines, stress testing programmes and reporting formats should be consistently aligned with the new relief measures once they come into force.
Key Takeaways
- The 9th amendment to MaRisk formally establishes the categories of ‘small institution’ (SNCI) and ‘very small institution’ for the first time.
- The core of the regulatory relief lies in reduced requirements for stress testing, validation, functional separation, outsourcing, lending activities and reporting.
- A structured gap analysis systematically identifies potential areas for relief.
FAQ on the 9th Amendment to the MaRisk for SNCIs
Who is considered a small institution under MaRisk 9?
A small institution is an institution classified as an SNCI under Article 4(1)(145) of the CRR or a third-country CRD branch in risk class 2.
What is the threshold for very small institutions?
The balance sheet total must not exceed €1 billion on a four-year average. In the case of factoring institutions, a receivables purchase volume of no more than €5 billion is added to this.
How often will validations need to be carried out in future?
Validations must be carried out at least every three years and whenever circumstances require. Small institutions may also choose not to separate model development from validation.
Can small institutions do without inverse stress tests altogether?
Yes, small and very small institutions will no longer be required to carry out inverse stress tests in future.
Can a managing director take on the role of internal auditor?
In the case of very small institutions, yes, provided that having an in-house audit unit would be disproportionate and measures to prevent conflicts of interest have been implemented (AT 4.4.3, para. 1).
You must login to post a comment.