Answers / Risk & Compliance

Explain the structure of MaRisk.

A core Risk & Compliance interview question — asked in analyst and associate interviews across IB, PE, and the Big 4.

THE SHORT ANSWER

MaRisk (Mindestanforderungen an das Risikomanagement) is BaFin's principles-based minimum requirements for risk management at German banks, implementing the qualitative (Pillar 2) supervisory expectations. It's structured in two parts: the AT modules (Allgemeiner Teil — general requirements) covering the overall framework — risk strategy, risk-bearing capacity (Risikotragfähigkeit/ICAAP), internal control system, outsourcing, stress testing, and risk culture; and the BT modules (Besonderer Teil — specific requirements) covering particular areas, notably BTO (organization of lending and trading, with segregation of front/back office) and BTR (risk control processes for credit, market, liquidity, and operational risk), plus BT on internal audit. Being principles-based, it's proportionate to the institution's size and risk. It's the German anchor for how supervisors assess a bank's qualitative risk management, complementary to the quantitative Basel/CRR capital rules.

WHAT INTERVIEWERS LISTEN FOR

  • BaFin's principles-based qualitative (Pillar 2) risk-management minimums
  • AT (general): strategy, risk-bearing capacity, ICS, outsourcing, stress testing, culture
  • BT (specific): BTO lending/trading organization, BTR risk control, internal audit
  • Proportionate to size/risk; complements Basel/CRR quantitative rules

COMMON MISTAKES

  • Confusing MaRisk (qualitative) with Basel capital rules
  • Not knowing AT vs BT structure
  • Ignoring proportionality

Reading isn't the same as answering under pressure.

Interviewers don't hand you the model answer — you deliver yours on a clock. Practice this and 1,000+ questions with AI feedback on every answer.

TRY QUICKFIRE →Or train full Risk & Compliance case simulations →

RELATED QUESTIONS