Governance & Regulation

This blog post explains why internal governance is becoming a decisive competitive factor for banks. It focuses on the integration of ESG risks into business models, lending processes and risk management, the importance of business model analysis (SREP), and the requirements set out in MaRisk and DORA. Today, banks must demonstrate resilience to climate risks, cyber risks and market changes – from strategy through to operational implementation. Key factors here are double materiality, robust data, digital stability and long-term remuneration systems.

The 9th amendment to the MaRisk (consultation 02/2026) establishes the categories “small institution” (SNCI) and “very small institution” directly within the circular and transposes numerous reliefs from the supervisory notice of 26 November 2024 into binding supervisory law – including in relation to validation, stress testing, separation of functions, outsourcing, lending activities and reporting.

In pillar 4 of our governance matrix, we move away from the psychological level and focus on the ‘hard’ infrastructure: the integrity of information and proactive management through compliance.

The Instant Payments Regulation supplements the existing SEPA Regulation with new, uniform reporting requirements (regulatory reporting). In the future, payment service providers must submit their data in a structured format to the relevant national supervisory authority. What does this mean for banks?