The German Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht; BaFin) has published expectations – the ‘IT Requirements for Insurance Companies’ (versicherungsaufsichtliche Anforderungen an die IT; VAIT) – that set out how insurers must organise their information technology, especially in regard to the management of IT resources and IT risk management.
However, as the IT requirements are incredibly generic in their formulation, there is room for interpretation, which is causing a great deal of uncertainty in the insurance industry. Failure to meet the requirements ultimately comes with the threat of the regulatory authority imposing severe sanctions.
What’s more, the VAIT are not just limited to the context of IT (elements such as IT strategy, IT governance, information risk management, information security management, user authorisation management, IT projects, IT operations or the outsourcing of IT); they also include the individual specialist departments. Individual data processing, tests and approvals of partners and projects are then also affected by them, for example.
However, IT projects often need to be inexpensive and pragmatic to implement. Insurance companies also don’t want to face public ridicule, which is why VAIT projects also enjoy a large amount of attention at management level.
adesso is your partner in helping you to successfully realise your VAIT projects. On top of our industry knowledge and our expertise in IT management, our employees also have years of experience in regulatory projects as well as in the realm of IT requirements for banks (bankenaufsichtliche Anforderungen an die IT; BAIT).
We have an established process model in the form of the VAIT Readiness Check that ensures your IT conforms to regulatory requirements.
The advantages are obvious: