BaFin AI Supervision

What is BaFin?

BaFin is the Bundesanstalt für Finanzdienstleistungsaufsicht, the German Federal Financial Supervisory Authority. It is a federal supervisory agency headquartered in Bonn and Frankfurt am Main, established on 1 May 2002 by merging the Federal Banking Supervisory Office, the Federal Insurance Supervisory Office, and the Federal Securities Supervisory Office.

BaFin is not a regulation. It is the institution that enforces the regulations. The underlying rules sit in statutes (KWG, VAG, KAGB, WpHG), EU regulations (DORA, EU AI Act, MiCA), and BaFin's own circulars (MaRisk, BAIT, VAIT, MaGo). BaFin reports to the Federal Ministry of Finance.

What BaFin supervises

• Around 1,600 credit institutions
• Around 540 insurance undertakings
• Around 700 capital management companies
• Investment firms and other financial services institutions
• Payment institutions and e-money institutions
• Crypto-asset service providers (since MiCA came into force)

For banking supervision, BaFin works hand in glove with the Deutsche Bundesbank under the Joint Supervisory Procedure. Within the European banking union, larger banks are supervised directly by the European Central Bank under the Single Supervisory Mechanism (SSM); BaFin supports for those institutions and continues to be the primary supervisor for less significant institutions.

How BaFin is structured

Supervisory directorates are organised by sector:

• Banking Supervision
• Insurance and Pension Funds Supervision
• Asset Management Supervision
• Securities Supervision and Market Conduct

Cross-cutting functions sit alongside:

• Resolution
• Consumer Protection
• IT and Cyber Security Supervision (the function most relevant to AI; cross-sector)
• Integrity of the Financial System (anti-money laundering)

How BaFin supervises in practice

BaFin combines four types of activity.

1. Off-site monitoring

Regular review of regulatory returns: risk-bearing capacity reports, ICAAP submissions, recovery plans, ICT incident reports under DORA, third-party registers, internal audit reports, Section 29 KWG audit reports. The off-site team flags anomalies for deeper engagement.

2. On-site examinations

Periodic in-depth examinations on specific themes: credit risk, IT and cyber resilience, outsourcing, model risk, increasingly AI. Examinations range from a handful of examiners on a focused topic to a dozen or more on a comprehensive review.

3. Ad-hoc engagements

Triggered by incidents, complaints, market events, or specific concerns. Includes written enquiries (Schreiben), formal information requests, fact-finding visits, and emergency interventions.

4. Ongoing supervisory dialogue

Beyond formal examinations, BaFin maintains a relationship with each supervised institution through assigned supervisors, regular meetings, and topic-specific deep dives.

How BaFin treats AI

BaFin's position has been consistent since 2018:

• AI is not a new risk category. The existing frameworks apply
• Where AI introduces specific risks (drift, lack of explainability, scale, novel data sources), the institution must show how those risks are addressed inside the existing framework
• BaFin examines AI through MaRisk, BAIT, DORA, and (high-risk duties from 2 December 2027, deferred from August 2026 by the Digital Omnibus) the EU AI Act

The supervisor has built up AI expertise through speeches, guidance papers, BaFin conferences, and AI-specific lines of enquiry inside routine examinations.

What examiners ask for

An AI-focused examination typically requests:

• Inventory of AI and machine learning models in use across the institution, with purpose, business owner, model owner, data sources, validation status, risk classification
• Documentation per model: training data, validation reports, performance metrics, known limitations
• Validation reports by an independent function with bias, robustness, stability tests
• Evidence of ongoing monitoring: dashboards, thresholds, drift detection, action history
• Override logs with justification
• Customer-facing decision explanation arrangements
• IT environment around the model: hosting, access, change management, monitoring
• Vendor file: due diligence, contract, audit reports, performance reviews
• Board and committee minutes touching the AI system
• Internal audit reports

Findings BaFin commonly identifies on AI

• Model inventory incomplete or stale; shadow AI in production
• Validation done by people too close to the developers
• Insufficient testing of bias and concentration effects
• Drift detection theoretical, not actually running in production
• Override logs missing, ad-hoc, or not aggregated
• Cloud sub-dependencies not traced in the outsourcing register
• Documentation not matching the deployed code
• AI risk not integrated into the risk-bearing capacity framework

The EU AI Act handover (now December 2027)

From 2 December 2027 (deferred from 2 August 2026 by the EU Digital Omnibus, political agreement reached May 2026), the high-risk obligations of the EU AI Act become enforceable. BaFin's expected approach:

• Coordinate with the German market surveillance authority for the EU AI Act on financial-sector AI
• From 2026 onwards, examinations will probe EU AI Act conformity alongside the existing frameworks
• Mature MaRisk model risk frameworks are a good starting point but do not by themselves satisfy EU AI Act conformity assessment, CE marking, and EU database registration
• Institutions should expect questions on the conformity assessment, technical documentation, CE marking process, fundamental rights impact assessment under Article 27, and post-market monitoring plan

How BaFin interacts with the other frameworks

• MaRisk: BaFin is the supervisor; MaRisk is the rulebook. AT 4.3.5 (model risk) is the most relevant module for AI
• BAIT: BaFin examines BAIT chapter by chapter
• DORA: BaFin is the German national competent authority for DORA
• EU AI Act: BaFin will coordinate with the AI Act market surveillance authority for the financial sector
• NIS2: financial entities sit primarily inside DORA. BaFin retains a hand in NIS2-adjacent matters affecting supervised institutions
• ISO 42001: BaFin treats ISO 42001 as a useful reference. Certified institutions can use the certification as evidence of mature AI governance, though not as a substitute for the substantive supervisory expectations

What to do next

• If you are a German bank or insurer: consolidate your AI file into a single coherent narrative that answers MaRisk, BAIT, DORA, and (from 2026) EU AI Act lines of enquiry consistently
• Run mock examinations through internal audit before BaFin arrives. The findings you surface yourself cost less to fix
• Track BaFin speeches, BaFinJournal articles, and supervisory letters as they appear. They preview supervisory direction
• Train the management body on AI risk. Liability and supervisory expectations make this a board-level topic
• If you are an AI vendor selling to BaFin-supervised institutions: prepare a supervisor-ready evidence pack your customers can drop into their files
• Use the classifier tool to map your AI against the supervisory expectations BaFin examines