BaFin’s Digital Supervisory Briefing: Focus on governance and proportionality

The stance on regulation complexity shaped the “digital supervisory briefing” of the German Federal Financial Supervisory Authority (BaFin)¹. The message behind it: actual risk management should once again take center stage, while the purely administrative fulfillment of regulatory requirements should be noticeably simplified.

Geopolitical tensions and macroeconomic risks

The supervisory authority emphasised the massive systemic challenges at the beginning. Geopolitical tensions such as the war in Ukraine expose the economy to volatility. The focus is particularly on the erratic customs politics of the USA, which, in combination with a potential Die BaFin hat ihr digitales Aufsichtsbriefing veröffentlicht, das sich auf die Themen Governance und Proportionalität konzentriert. In diesem Dokument werden wesentliche Aspekte der Unternehmensführung im Finanzsektor hervorgehoben, um den Anforderungen an eine angemessene Aufsicht gerecht zu werden. Die BaFin betont die Notwendigkeit, individuelle Lösungen zu entwickeln, die den spezifischen Gegebenheiten der jeweiligen Unternehmen Rechnung tragen. Diese Initiative zielt darauf ab, die Effizienz und Transparenz innerhalb der Aufsicht zu erhöhen. weakness of the dollar, could put pressure on German export strength. According to BaFin, these external factors are not yet sufficiently priced in by the market.

Credit risks and the increase in NPLs

The supervisory authority is seeing an increase in non-performing loans (NPLs) and a rise in insolvencies of around 10%. As the property interest rate shock (particularly for commercial property and US exposures) has not yet been fully absorbed, the supervisory authority is asking institutions to be cautious in terms of risk provisioning.

In view of the developments described above, BaFin will continue to monitor credit risks intensively in 2026. Impairment tests/PAAR in combination with credit process audits will therefore remain a focus of audits.

ESG risks: Focus on the ‘E’

The supervisory authority is also specifying its expectations with regard to sustainability and is currently focussing on the ecological component. BaFin expects institutions to analyse their physical risks and be able to prove whether these are relevant to them or not.

Focus on professionalism in governance

The supervisory authority sent a clear signal to the boards and managers of the institutions. According to BaFin, the ‘level of professionalism is not as high as we would like it to be’. It was criticised that governance deficiencies have often been the starting point for serious problems in institutions in the recent past.

The expectation is clear: Management does not fulfill regulatory requirements by simply holding the appropriate formal qualifications. Instead, management decisions (in practice) must reflect an appropriate level of quality. The Management Board must be able to explain the business at all times in such a way that the Supervisory Board and employees of the institution fully understand it. For institutions, this means that continuous further training of the committees is a core supervisory requirement.

MaRisk amendment: Moving away from the checklist

The 9th MaRisk amendment announced for March 2026 is intended to significantly expand proportionality. In future, around 85% of institutions (instead of the previous 10%) will be able to benefit from simplifications.

The supervisory authority wants to move away from rigid checklists and towards supervision based on principles. This offers the institutions more leeway, but at the same time requires more intensive ‘thinking’. In a more flexible framework with more room for interpretation, each institution must be able to precisely justify its individual risks.

Digitisation and ICT risks (DORA)

In the area of digitisation, the supervisory authority urges caution when it comes to dependencies on US hyperscalers. Institutions are obliged to analyse their ICT risks in detail and have viable exit strategies in place. Management must know at all times exactly who is providing which services. As cyber risks are categorised as a systemic threat, intensive engagement with DORA remains an ongoing task.

Progress in the small banking regime

There were positive signals regarding the small banking regime. The joint initiative by BaFin and the Bundesbank aims to reduce the complexity of the capital stack order at European level. Initial feedback from the industry shows that the institutions are positively surprised by the proposed relief. Simplifications are already being introduced with the upcoming LSI stress test.

Conclusion and outlook

The supervisory authority is planning an even more risk-oriented audit practice for 2026. The focus here will be on credit risk, property exposures and IT security. Institutions should utilise the announced leeway, but critically scrutinise the appropriateness of their governance structures.