PPM (project portfolio management) best practices can support CIOs and project managers in effective BAIT implementation. Read the following article:
In 2017, BaFin published for the first time concrete Supervisory Requirements for IT in Financial Institutions (BAIT), sending the entire industry into a tizzy. In the first quarter of 2021, the regulations were expanded once again to include the topics of operational information security, IT emergency management, and customer relations with payment service users. The amendment is already mandatory as of this year. This increases the documentation effort and ties up even more of the already scarce IT resources.
For 59% of the organizations concerned, BAIT implementation is, therefore, one of the biggest IT challenges, along with digitalization, general cost pressure, and the high data security requirements.
The BAIT guidelines are based on the minimum requirements of risk management (MaRisk), the Data Protection Regulation (DSGVO), and established IT governance frameworks. However, even before BAIT, many companies only had fragmented solutions. Above all, the company-wide consolidation and ongoing expansion of documentation requirements is perceived as a compliance burden. Yet the BAIT implementation and regulations could actually serve to better dovetail IT strategy and operational management. The prerequisite for such synergy effects is the use of suitable technologies for the BAIT implementation itself and an organizational mindset that also understands the banking supervisory requirements as a positive lever for the overall performance of the bank.
The decisive factor for BAFIN's stricter regulations is the increasing digitalization of business models with a simultaneous increase in the risk of cyber risks. Due to the central role of technology for the core business of banks, IT must be considered in the overall corporate context. The supervisory authority therefore stipulates that banks:
The challenges are obvious: many banks have to deal with a historically grown, heterogeneous IT landscape that has an enormous degree of complexity. Ongoing project initiatives to modernize the technical infrastructure even make it difficult to compulsorily map the current status quo in the short to medium term. The situation is further complicated by the fact that the IT and business departments assess necessary measures at the interface between technology and business differently in terms of their priority, relevance, and the associated risk. For a holistic assessment, data from several systems must first be consulted, which results in long decision cycles instead of increased implementation speed. Creating more transparency here also seems to make sense from an organizational perspective.
After three years of BAIT practice, it is clear for most banks that compliance with the guidelines is a continuous, multidimensional task that goes beyond compliance obligations. BAIT implementation is increasingly moving more towards professional program management, for which efficient project portfolio management solutions are used.
A comparison of the BAIT guidelines with the feature spectrum of PPM software makes it clear that the overriding goals of both areas - namely the best possible transparency with regard to risks, costs and complex process flows - are almost identical. Leading PPM providers have evolved in recent years from comprehensive PM tools to powerful IT service management solutions. Therefore, project portfolio management is ideally suited for a stringent BAIT implementation. The technology and method set can be extended to the entire project organization of the bank.
Capture Practice Tip
Start with pre-configured, industry-specific process templates and adapt turnkey solutions as needed for your company-specific requirements.
Want to see our PPM solutions live in action?
To access this document, please enter your email address.
If you want to view this webinar video, please enter your email address in the field below.