Course Finder


Supervisory Requirements for IT in Financial Institutions, Asset Managers and Insurance Undertakings (BAIT / KAIT/ VAIT / ZAIT)



  • Reference to basic legal framework (KWG, KAGB, VAG) and the corresponding circulars on risk management (MaRisk, KaMaRisk, MaRisk VA)
  • Reference to the European guidelines issued by the EBA, EIOPA, ESMA and current initiatives such as DORA (Digital Operational Resilience Act) and TIBER (Threat Intelligence-based Ethical Red Teaming)
  • Reference to current best practice methodologies (such as Cobit 2019 and ITIL) and standards (such as ISO27.001)
  • Reference to the internal control system (ICS) and the 3 Lines of Defence Model (3LoD)
  • Explanation of the information network and handling of conflicts of interest (also in the agile context)
  • Determination of protection requirements for information and resulting measures for risk management
  • Applicability for audit practice
  • All 12 chapters of the above-mentioned circulars are covered in the training:

  1. IT Strategy
  2. IT Governance
  3. Information Risk Management
  4. Information Security Management
  5. Operational Information Security
  6. Identity and access management (previously user authorisation)
  7. IT projects and application development
  8. IT operations
  9. Outsourcing and other external procurement of IT services
  10. IT Service Continuity Management
  11. Managing relationships with payment service users
  12. Critical infrastructure
For this course you will receive 7.5 CPE Credits.

Learning Target

The seminar enables participants to interpret the relevant regulations and assess the need for adjustments within their own company. The definitions in the BAIT / KAIT / VAIT / ZAIT are explained in a practical manner, according to the current state of the art.

Target Audience

The seminar is aimed at individuals who are involved in IT processes for financial institutions, investment companies, insurance companies or payment service providers. In particular, it is targeted at those working in the areas of IT governance, IT compliance, IT management, IT security, IT controlling, IT auditing, data protection, auditing, (information) risk management, project management, application development and information security. It is also suitable for individuals working in other functions who are interested in the topic, e.g. board members, consultants, IT service providers and employees of public authorities. The BAIT are essentially identical to the requirements of the VAIT (insurance supervisory requirements), the KAIT (capital management supervisory requirements for IT) and the ZAIT (payment services supervisory requirements for the IT of payment and electronic money institutions). Therefore, the topics are relevant for participants from financial institutions as well as from the insurance industry, capital management companies and payment service providers.



Interactive lectures, discussions, presentations, case studies
An optional multiple-choice test is offered after completing the training


1 day

Customised Programmes

Everything we offer in our range of open seminars can be packaged and delivered as tailormade in-house training programmes for companies and organisations. We will be happy to advise you and create an individual offer on request.

Price advantage of 10% from the 2nd participant per company and seminar date.