Trends 2025 in Outsourcing Controlling According to MaRisk AT 9
Outsourcing Controlling will become more complex and significant than ever in 2025. The requirements from MaRisk AT 9 compel companies to rethink their processes, modernize their risk management systems, and embrace new technologies. Simultaneously, factors such as sustainability, cyber risks, and internationalization continue to drive development forward. This article highlights the key trends in outsourcing controlling and shows how companies can prepare for them.
1. Stricter Requirements for Risk Management
The 8th MaRisk Amendment has significantly increased the focus on risk management in outsourcing. Companies must identify, assess, and document risks at every stage of the outsourcing chain. The BaFin expects more precise risk analyses that consider not only financial risks but also operational and strategic risks.
What does this mean for you?
- You need to standardize your analysis processes and update them regularly.
- Risk management tools should be able to automatically analyze data and identify vulnerabilities.
2. ESG Criteria Gain Importance
Sustainability is becoming a central component of outsourcing controlling. ESG criteria (Environment, Social, Governance) are increasingly being scrutinized when selecting and monitoring service providers. Companies are required to ensure that their partners pursue sustainable business models and assume social and ecological responsibility.
How you can implement ESG in controlling:
- Develop checklists and evaluation systems to systematically review ESG criteria.
- Require service providers to provide evidence such as sustainability reports or certificates.
3. Focus on Sub-outsourcing
With the increasing use of subcontractors, complexity in the outsourcing chain is growing. Companies must not only control their main service providers but also their subcontractors to ensure compliance with regulatory requirements.
Challenges:
- Transparency throughout the entire supply chain.
- Contract design that sets clear requirements for sub-outsourcing.
4. Automation and AI in Outsourcing Controlling
Technologies such as artificial intelligence (AI) and process automation are set to revolutionize outsourcing controlling. They enable efficient analysis of large data volumes, real-time risk identification, and automation of recurring tasks.
Examples of use:
- Risk scoring: AI models evaluate service providers based on historical and current data.
- Real-time monitoring: Automated tools track key metrics such as performance, compliance, and financial stability.
5. Data Management and Cybersecurity
As services increasingly shift to cloud environments and international outsourcing projects, the importance of data management and security is growing. The requirements of the 6th MaRisk Amendment emphasize the protection of sensitive data.
Tips for implementation:
- Conduct regular security audits.
- Implement strict access controls and encryption mechanisms.
- Require service providers to report on their security measures.
6. Focus on Emergency Management
Business continuity in the event of service provider failures is a central requirement of MaRisk. Companies must not only develop emergency plans but also regularly test whether they work in practice.
What you should keep in mind:
- Develop detailed scenarios for potential disruptions.
- Regularly simulate emergencies to test the effectiveness of your plans.
- Actively involve your service providers in the planning.
7. Expanded Documentation Obligations
Documentation requirements for outsourcing have increased. Companies must document all relevant data on service providers as well as the results of audits, risk analyses, and contract reviews in detail. The BaFin places great emphasis on traceability and currency.
How to implement this:
- Use digital documentation systems that centralize data storage and make it easily accessible.
- Ensure documents are updated regularly.
8. Growing Use of Cloud Services
The use of cloud services is becoming increasingly popular as they offer cost efficiency and flexibility. However, they also pose particular challenges for outsourcing controlling, especially regarding data security, availability, and compliance.
Strategies for cloud outsourcing:
- Select service providers with clear security standards and certifications (e.g., ISO 27001).
- Implement clear SLA agreements that guarantee availability and security.
9. Global Orientation of Controlling
With the increasing internationalization of outsourcing, the requirements for global coordination are rising. Different regulatory requirements, cultural differences, and geographical risks must be considered.
What you should pay attention to:
- Adapt your control processes to local requirements.
- Build a network of experts familiar with the respective regulations.
How S+P Seminars Can Help You
The challenges of outsourcing controlling require practical knowledge and modern approaches. The S+P Seminars offer you everything you need to be prepared for 2025:
- Training on ESG criteria: Learn how to successfully integrate sustainability into your controlling.
- Workshops on AI and automation: Find out how to effectively use modern technologies.
- Emergency management training: Develop robust plans and test their practicality.
The seminars are practically oriented and help you efficiently implement the requirements of MaRisk AT 9.