Resources
Publications·01/08/2026·1 Stunde

The New Compliance Function: Implementation of CRD VI and the EBA Guidelines on Internal Governance – Part 3 (german only)

Published in "Compliance Berater" (CB), Issue 08/2026. The concluding Part 3 turns operational, tracing the full path from norm to lived practice. It shows how institutions translate the requirements of CRD VI, EBA guidelines and the 9th MaRisk amendment into an audit-proof process: from integration into risk strategy and risk appetite, through "forward looking" regulatory monitoring, to the proportionality matrix for risk-based clustering of legal domains. The contribution by Prof. Dr. Frank Passing, Markus Müller and Finn Brüggemann is rounded out by a compliance synopsis that structures and contrasts the tasks and framework conditions of the Regulatory/MaRisk compliance function, also available on the Fairfield & Archer website.

The New Compliance Function: Implementation of CRD VI and the EBA Guidelines on Internal Governance – Part 3 (german only)
Share

The first two parts of our series of expert articles in #ComplianceBerater have traced the regulatory framework and the shift from MaRisk compliance to regulatory compliance. The concluding third part (CB 8/2026) takes an operational approach: How do institutions translate the requirements of CRD VI, EBA guidelines, and the 9th MaRisk amendment into a robust, audit-ready process?

The article by Prof. Dr. Frank Passing, Markus Müller, and Finn Brüggemann traces the entire path from regulation to practical implementation:

  • integration into risk strategy and risk appetite—compliance risks become part of the risk strategy as operational risks; strategic decisions, including those under AT 8 and AT 9 of MaRisk, should include a valid compliance check. A new development is the closer collaboration with the risk controlling function (AT 4.4.2, para. 5)
  • regulatory monitoring as a structured, “forward-looking” process for the ongoing tracking of legal changes—enhanced by the revised wording in the 9th MaRisk amendment, which stipulates that compliance must now be ensured “as part of a structured process”
  • the proportionality matrix, which clusters legal areas—from supervisory, tax, and labor law to data protection and ESG—according to their relevance and risk specific to each institution, thereby enabling a risk-based gross/net assessment

The article is supplemented by a compliance synopsis that provides a structured comparison of the tasks and framework conditions of the regulatory/MaRisk compliance function—a practical tool for understanding the national and supranational requirements for the function at a glance. The synopsis is also available on the Fairfield & Archer website.

Published in Compliance-Berater (CB) 8/2026.


To the article (German only):
https://online.ruw.de/dfv-xaver/ruw/start.xav#/text/CB_2026_08%2FCB_2026_08_b8?_ts=1784108759176

https://beck-online.beck.de/Dokument?vpath=bibdata%2Fzeits%2Fcb%2F2026%2Fcont%2Fcb.2026.h08.nameinhaltsverzeichnis.htm&anchor=Y-300-Z-CB

The New Compliance Function: Implementation of CRD VI and the EBA Guidelines on Internal Governance – Part 3 (german only) — Fairfield & Archer