Back Matter

Appendix I. New IOSCO Principles

41. In June 2010, IOSCO reviewed its Principles; 9 new Principles were added and one Principle removed (Principle 6). IOSCO is currently developing a revised Methodology, which will put in place criteria for the assessment of these new Principles. Until the methodology is in place the new Principles are not assessed. However, a short discussion on the new Principles was held on the “state of readiness” to implement these Principles when they come into effect. A summary of each is below.

Systemic risk monitoring and perimeter of regulation

New Principle 6: The Regulator should have or contribute to a process to monitor, mitigate and manage systemic risk, appropriate to its mandate.

New Principle 7: The Regulator should have or contribute to a process to review the perimeter of regulation, appropriate to regularly.

42. Existing structures and practices in BaFin support a focus on systemic risk.

43. Within the Directorate responsible for cross-sector issues there is a risk and financial markets analysis department, with organizational units dealing with separate aspects of financial market stability and market developments (financial stability, risk analysis, financial instruments, basic issues relating to accounting and auditing, and the real economy and effects on the financial sector). Other directorates (banking, insurance and securities) also conduct sector-based research.

44. Two years ago, BaFin established an organization-wide risk committee with representatives from all sectors, including insurance and supervision.

45. In addition, a new risk committee was formed in late 2010 to focus on the nonbank components of the securities industry, such as hedge funds. The committee has representatives from each department in the Securities Directorate (investment management, intermediaries etc). Its function is to channel information from the banking and insurance area to the relevant parts of the Securities Directorate, and from the Securities Directorate to other areas of BaFin.

46. BaFin reports regularly to the BMF on issues relating to the regulation of financial markets, and on occasion produces special reports on particular aspects. For example, in 2009 BaFin reported to BMF on problems in the regulation of the “grey” capital market, and suggested the need for more stringent regulation.


New Principle 8: The Regulator should seek to ensure that conflicts of interest and misalignment of incentives are avoided, eliminated, disclosed or otherwise managed.

47. Criteria for this Principle have yet to be developed but are expected to focus on conflicts of interest arising in securitization. Securitization was therefore the focus of discussion with the BaFin.

48. The regulation of securitization is implemented on an EU-wide basis. The EU has taken the view that conflicts of interest should be addressed via obligations for investors (rather than issuers/originators). Regulation includes conflicts of interest provisions in CRD (banks), Solvency II (insurers), and AIFM (fund managers) and through central bank initiatives. As these are the major investor groups, the rules developed will apply to all securitizations in the EU. Meanwhile, detailed conflict rules for licensed market intermediaries are in force (see under Principle 23 and the material referred to there).

49. In January 2011, a new legislative framework for securitization came into effect in Germany. For new securitizations conducted after January 1, 2011 this framework introduced:

  • a 5 percent retention rule: a credit institution may only be exposed to the credit risk of a securitization position if the originator, sponsor or original lender of the securitization has explicitly disclosed that it will maintain a net economic interest in the securitization on an ongoing basis of not less than 5 percent. The minimum retention level will increase to 10 percent in 2015; and

  • disclosure rules for sponsors and originators of securitizations: : next to their level of retention sponsors and originators have to disclose all materially relevant data on the credit quality and performance of individual underlying exposures, cash flows and collateral supporting a securitization exposure; disclosure must also comprise information necessary to perform comprehensive and well informed stress tests on the cash flows and collateral values supporting the underlying exposures.

50. Furthermore, the new regulation requires investors to be able to demonstrate that they have a comprehensive and thorough understanding of their investments in securitized positions. This enables them to analyze (i) all relevant information such as the risk characteristics of the securitized positions and the underlying exposures; (ii) the reputation and loss experience in earlier transactions of the originators or sponsors; and (iii) the disclosures made by the originators or sponsors, or their agents or advisers regarding their due diligence on the securitized exposures and the quality of the collateral (if applicable). Banks investing in securitizations also have to implement formal policies and procedures to record, analyze, and monitor relevant information including prepayment rates and default rates of the exposures underlying the securitized positions. Additional investors’ duties comprise the performance of own stress tests and a thorough understanding of all structural features of a securitization, which have a material impact on their exposures such as the contractual waterfall, waterfall-related triggers, credit enhancements, and liquidity enhancements. Investors have to notify any breach of the requirements to the competent authorities. If they do not meet their duties in any material respect, the authorities will impose a risk weight that is at least 3.5 times higher than the risk weight which would regularly apply to this securitized position (maximum 1 250 percent). In case of subsequent infringements the risk weight will be progressively increased by the competent authorities.

51. Originators and sponsors have to apply the same sound and well-defined criteria for credit-granting and the same processes for amending, renewing, and refinancing credits to exposures to be securitized as they apply to exposures to be held on their book. Originators not complying with this provision are not allowed to exclude the securitized exposures from the calculation of their capital requirements.

52. In case of a material breach of the disclosure requirements mentioned under point b., the competent authorities impose an increased risk weight that is at least 3.5 times higher than the risk weight regularly applied to the retention exposure held by the sponsor or originator (maximum 1250 percent).

53. The compliance with the new German regulation will be part of the banks’ annual audit. In addition to the new law, German securitization transactions usually consist of credits from the bank balance sheet, meaning that they have gone through a credit origination process, where the sales force does not know which credit is going to be securitized later on.

54. Assessment of conflicts of interest and misalignment of incentives are part of ongoing supervision of regulated entities. This is done through regular contact by BaFin with the regulated entity (by supervisory interviews and participation in the auditors’ on-site examination), analysis of auditors’ reports (reports according to the Banking Act in conjunction with Deutsche Bundesbank), request for information and relevant documents as well as exchange of information on ongoing supervision in national and international bodies. BaFin has adopted and published a Circular on the Minimum Requirements for the Compliance Function and Additional Requirements Governing Rules of Conduct, Organisation and Transparency pursuant to Sections 31 et seq. of the Securities Trading Act (Wertpapierhandelsgesetz - WpHG) for Investment Services Enterprises (Mindestanforderungen an die Compliance-Funktion und die weiteren Verhaltens-, Organisations- und Transparenzpflichten nach §§ 31 ff. WpHG für Wertpapierdienst-leistungsunternehmen – MaComp). This Circular strengthens the compliance function in regulated entities, promoting sufficient measures to detect and resolve conflicts of interest. Also, recent legislative actions target the adequate assessment and resolution of conflicts of interest: minutes need to be written down when investment advice is given, a register for investment advisors is in place as well as the so called “key investor document” pursuant to the Securities Trading Act (Produktinformationsblatt) which will be mandatory from July, 1 2011. BaFin acts actively and preventive in the scope of its delegated power. With regard to the new key investment documents, for example, a market survey will take place in summer to assess the quality and comparability of this information.

Auditor oversight

New Principle 19: Auditors should be subject to adequate levels of oversight

New Principle 20: Auditors should be independent of the issuing entity that they audit.

New Principle 21: Audit standards should be of a high and internationally acceptable quality

55. The new Principles expand on Principle 16, accounting and auditing standards, and reflect some of the detailed work IOSCO has done on oversight of auditors and auditor independence. The assessment found full compliance with Principle 16.

56. Auditors are subject to a system of public oversight by:

  • requiring auditors to be subject supervision by the Chamber of Auditors (Wirtschaftsprüferkammer, WPK). WPK is a professional body with public law responsibilities. It conducts examinations and reviews of audits and auditors. Auditors are required by legislation to submit to peer reviews and are subject to monitoring and disciplinary action by WPK.

  • making the Auditor Oversight Commission (Abschlussprüferaufsichtskommission, APAK) responsible for supervision of the WPK, including its oversight and disciplinary activities. APAK’s most senior roles are held by independent people who are not current members of the audit profession. APAK operates according to published rules of procedure approved by the Federal Ministry of Economics and Labor. The APAK is also responsible for cross-border co-operation concerning statutory auditor.

57. Independence standards are specified in the Commercial Code. They include a requirement for auditor rotation after 7 years. The Banking Act also allows BaFin to require the rotation of an audit partner or at any time.

58. The Commercial Code provides that audit standards adopted by the European Commission apply to statutory audits (such as those for listed issuers). To date there are no such standards and the audit standards in use are those issued by the Institute of Auditors (Institut der Wirtschaftsprüfer in Deutschland e.V., IDW).

59. Audit standards are largely in line with international audit standards (ISAs).

Credit rating agencies

New Principle 22: Credit rating agencies should be subject to adequate levels of oversight. The regulatory system should ensure that credit rating agencies whose ratings are used for regulatory purposes are subject to registration and ongoing supervision

60. A comparatively large number of locally based CRAs (8), as well the three global CRAs are active in Germany.

61. Regulation of CRAs is set at the EU level and there is no separate German national regime. The relevant European Regulation (EC 1060/2009) provides a comprehensive set of rules regarding conflicts of interest, procedures, internal organization, transparency and the presentation of ratings. This framework reflects the IOSCO code of conduct for CRAs.

62. Current oversight of CRAs is based on an integrated oversight model involving supervisory colleges. These colleges deal with the “Big 3” CRAs and consist of 10-15 authorities and deal with applications for registration and taking supervisory measures. Applications require a unanimous decision, but current applications have not yet reached the decision stage.

63. A specialist team within BaFin is examining applications for locally based CRAs and working with the existing colleges.

64. From mid 2011 the European Securities and Markets Authority (ESMA) will assume responsibility for CRA regulation. Future assessments will have to determine whether ESMA, rather than the any national regulator, is adequately fulfilling this function.

65. Under the European Regulation credit rating agencies are required to declare if they adhere to any Code of Conducts, including the IOSCO Code of Conduct. While not obliged to adhere to the IOSCO Code of Conduct, the conditions within the Regulation mirror that of the IOSCO Code of Conduct. Specifically:

Independence and avoidance of conflicts of interest

66. The Regulation requires sound internal controls and sound reporting lines, clearly separating the rating function from business incentives. External surveillance is strengthened by internal discipline by giving the independent, non-executive members of the administrative or supervisory board of the credit rating agency specific tasks to ensure efficient control (Article 5 and Annex I, Section A, Point 2).

67. To ensure the independence of ratings, credit rating agencies are required to prevent conflicts of interest and/or to manage these conflicts adequately where they are unavoidable. They must disclose conflicts of interest in a complete, timely, clear, concise, specific and prominent manner and record all significant threats to the rating agency’s independence or that of its employees involved in the credit rating process, together with the safeguards applied to mitigate those threats. They must limit their activity to credit rating and related operations, excluding consultancy or advisory services (Article 5 and Annex I, Section B).

68. CRAs must have adequate internal policies and procedures to insulate employees involved in credit rating from conflicts of interest and ensure the quality, integrity and thoroughness of the rating and review process at all times. Linked to this, agencies must allocate sufficient employees with appropriate knowledge and experience to their credit rating activity and make appropriate rotation arrangements for analysts and persons approving credit ratings. (Article 6 and Annex I, Section C).

69. The compensation arrangements of employees involved in the rating process must be determined primarily by the quality, accuracy, thoroughness and integrity of their work (Article 6(6)).


70. Under the Regulation CRAs are obliged to disclose ratings on a non-selective basis and in a timely manner, unless the ratings are only distributed by subscription. CRAs have to distinguish between ratings for structured products and for traditional products (corporate, sovereign) by the use of a different rating category for structured finance instruments or the provision of additional information on their risk characteristics. Specific disclosure requirements apply to unsolicited credit ratings (Article 8).

71. To ensure that internal processes and procedures are sufficiently transparent, credit rating agencies must publicly disclose some important information, e.g., on conflicts of interest, methodologies and key rating assumptions and the general nature of their compensation policy. They must also periodically disclose data on the historical default rates of rating categories and give competent authorities certain elements such as the list of the largest 20 clients by revenue (Article 9 and Annex I, Section E).

72. To ensure that relevant, standardised data on credit rating agencies’ performance is available to allow market participants to make industry-wide comparisons, CESR is to create a publicly available central repository for such data (Article 9(2)). To restore public confidence in the rating business, credit rating agencies must publish an annual transparency report (Article 10 and Annex I, Section E, Part III), and keep records of their activities (Articles 5-7 and Annex I, Section B, Points 7-9).

Confidential Information

73. Credit rating agencies shall ensure that employees directly involved in the credit rating process:

  • take all reasonable measures to protect property and records in possession of the credit rating agency from fraud, theft or misuse;

  • do not disclose any information about credit ratings or possible future credit ratings of the credit rating agency, except to the rated entity or its related third party;

  • do not share confidential information entrusted to the credit rating agency with employees of any person directly or indirectly linked to it by control; and

  • do not use or share confidential information for the purpose of trading financial instruments, or for any other purpose except the conduct of the business of credit rating agency.


Principle 23: Other entities that offer investors analytical or evaluative services should be subject to oversight and regulation appropriate to the impact their activities have on the market or the degree to which the regulatory system relies on them.

74. In Germany, round 400 licensed banks and financial services institutions provide forward looking analysis to their clients. In addition, about 150 “independent analysts” provide these services.

75. For licensed firms, research activities from part of the regulated activities supervised by BaFin. These activities are subject the relevant requirements of MiFID and the Market Abuse Directive (MAD). BaFin undertook thematic work on research activities in 2010 by focusing on conflicts of interest and the use of watch lists. BaFin will also deal with any complaints about analysis activity. Research activities are part of the risk analysis process within BaFin.

76. The independent analysts are not required to be licensed but they are subject to regulation:

  • they must inform BaFin of their identity and planned activities, including the types of securities on which they will provide research (though BaFin approval is not required);

  • MAD provisions apply;

  • the same disclosure requirements as for analysts working for banks and financial service institutions (section 34b Securities Trading Act); and

  • broad provisions of the Commercial Code apply, including requirements as to conflicts of interest.

Hedge Funds

Principle 28: Regulation should ensure that hedge funds and/or hedge fund managers/advisers are subject to appropriate oversight

77. Hedge funds are already subject to regulation in Germany under the regulation applying to collective investment schemes. They are subject to the same rules as apply to other collective investment schemes, and to additional rules that apply specifically to them. These rules are described in the detailed assessment under Principle 17 (see also Principle 10).

78. A basis distinction is made between single hedge funds and funds of hedge funds. Single hedge funds are subject to few investment restrictions but are not permitted to invest in commodities (other than precious metals) or real estate.

79. Among the hedge fund specific rules are:

  • disclosure rules - the simplified prospectus rules do not apply to hedge funds; and hedge funds are subject to additional mandated disclosures;

  • marketing rules - the legislation prohibits public marketing of hedge funds in Germany.

80. BaFin monitors hedge funds more closely than most other collective investment schemes, and in its risk classification hedge funds management is automatically considered high impact.

81. The European Directive on Alternative Investment Funds Managers (AIFM) was formally approved in late 2010. It is intended to come into force in early 2011 and be transposed into national law and applied by Member States by 2013.

82. BaFin does not anticipate any major changes will be required to the existing regime to comply with the new IOSCO Principle, or the European AIFM directive.


The assessment was undertaken by Malcolm Rodgers, former Executive Director and Acting Commissioner of the Australian Securities and Investments Commission.


The IOSCO methodology was amended in 2008 to update footnotes to reflect recent IOSCO publications. Currently IOSCO is expanding the methodology to cover the new principles adopted in mid 2010.


For example, the Transparency and the Markets in Financial Instruments Directive (MiFID) directives—among others—have come into effect since 2003. At the national level there have been numerous developments, including legislation—for example—legislation restricting and imposing a transparency regime for short selling.


This framework includes directives covering prospectuses, transparency of information provided by issuers, markets in financial instruments, capital requirements, market abuse, takeovers, and collective investment schemes.


Examples include ship investment, real estate, and private equity funds. Data on the overall size of activity in grey markets are not readily available.


Proposals were published in April 2011 to treat “grey market” products as other financial instruments and to provide full BaFin supervision over investment services in grey capital market products performed by investment firms under BaFin’s supervision.


Principles governing the exercise of legal and technical supervision of BaFin by the Federal Ministry of Finance, February 2010, available on the BaFin website:


See Guideline on carrying out and ensuring the quality of the ongoing monitoring of credit and financial services institutions by the Deutsche Bundesbank of February 21, 2008.


Directive 2003/71/EC of the European Parliament and the Council of 4 November 2003 on the prospectus to be published when securities are offered to the public or admitted to trading and amending Directive 2001/34/EC.


Commission Regulation (EC) No 809/2004 of 29 April 2004 implementing Directive 2003/71/EC of the European Parliament and of the Council as regard to information contained in prospectuses as well as the format, incorporation by reference and publication of such prospectuses and dissemination of advertisements.


Directive 2004/109/EC of the European Parliament and of the Council of December 15, 2004 on the harmonization of transparency requirements in relation to information about issuers whose securities are admitted to trading on a regulated market and amending Directive 2001/34/EC.




Verordnung über den Inhalt der Angebotsunterlage, die Gegenleistung bei Übernahmeangeboten und Pflichtangeboten und die Befreiung von der Verpflichtung zur Veröffentlichung und zur Abgabe eines Angebots, (WpÜGAngebV).


Amendments to the WPO implemented Article 29 of Directive 2006/43/EC on statutory audit and the recommendation on external quality assurance for statutory auditors and audit firms auditing public interest entities (2008/362/EC).


Verordnung über die Inhalte der Prüfungsberichte für Kapitalanlagegesellschaften, Investmentaktiengesellschaften und Sondervermögen (Investmentprüfungsberichtsverordnung).


Verordnung über Inhalt, Umfang und Darstellung von Jahres-, Halbjahres-, Zwischen-, Auflösungs- und Liquidationsberichten von Sondervermögen und der Jahresabschlüsse und Lageberichte, Halbjahres-, Zwischen-, Auflösungs- und Liquidationsberichte von Investmentaktiengesellschaften sowie die Bewertung der dem Investmentvermögen zugehörigen Vermögensgegenstände (Investment- Rechnungslegungs- und Bewertungsverordnung)


The relevant regulation is a regulation on the obligations commercial brokers and agents, including investment brokers and advisers, and property developers (Bauträger- und Marklerverordnung, BMV).


The simplified prospectus is to be replaced by a 2 page Key Investor Document by July 2011 in the German legislation implementing Directive 2009/65/EC.


Official Requirements regarding Safe Custody Business, Depot-Bek (Amtliche Anforderungen an das Depotgeschaft - Bekanntmachung über die Anforderungen an die Ordnungsmäbigkeit des Depotgeschäfts und der Erfüllung von Wertpapierlieferungsverpflichtungen).


Verordnung über die Zulassung von Wertpapieren zum regulierten Markt einer Wertpapierbörse, BörsZulV.


Such as Börsenverordnung des Landes Hessen, BörsV HE, and Börsenordnung für die Frankfurter Wertpapierbörse, BO FWB


Directive 98/26/EC of the European Parliament and of the Council of 19 May 1998 on settlement finality in payment and securities settlement systems

Germany: Financial Sector Assessment Program: Detailed Assessment of Observance of IOSCO Objectives and Principles of Securities Regulations
Author: International Monetary Fund