BaFin Strategy 2026–2029: Ten Objectives, One Paradigm Shift

On 26 June 2025, BaFin published its strategic objectives for the period 2026 to 2029. Ten equally ranked objectives form the framework for the authority's work over the next four years. What at first glance looks like a routine strategy paper in fact marks a substantial change in direction: Germany's financial supervisor intends to move away from granular rule-checking and orient itself more strongly towards outcomes and risks. For supervised entities, this changes not just the tone of supervision but its substance.

The realignment does not come in a vacuum. It is embedded in the federal government's political will to make Germany more competitive as a financial centre without lowering safety standards. The Federal Ministry of Finance (Bundesfinanzministerium, BMF) is flanking the BaFin strategy with the Investment Promotion Act (Standortfördergesetz) and the Banking Directive Implementation and Bureaucracy Relief Act (Bankenumsetzungs- und Bürokratieentlastungsgesetz, BRUBEG). Dr Eva Wimmer, Head of the Financial Markets Policy Division at the BMF, summarised the guiding principle: "Simplification is not deregulation."

The Strategic Framework: Why Now?

BaFin defines its strategic objectives in four-year cycles. The previous strategy period 2022–2025 was still shaped by the aftermath of the pandemic, the Wirecard fallout and the first wave of European regulation – from the Digital Operational Resilience Act (DORA) to the Markets in Crypto-Assets Regulation (MiCA) to the EU AI Act. The new strategy responds to a changed landscape: the major European regulatory projects have been adopted, implementation is under way. The focus now is on effectiveness, not new rules.

At the same time, the geopolitical environment has intensified. Cyber risks, geopolitical tensions and the interest rate pivot present financial institutions with operational challenges that cannot be addressed through additional reporting obligations. BaFin draws a clear conclusion: less effort on formal compliance, more focus on the actual risk situation.

The Ten Strategic Objectives at a Glance

The ten objectives are deliberately formulated as equally ranked – there is no prioritisation. In practice, however, three broad thrusts are discernible: safeguarding stability and resilience, modernising the supervisory approach, and making BaFin itself fit for the future.

1. Promote Financial Stability and Security

BaFin intends to ensure that supervised companies operate effective risk management. The focus extends beyond classical balance sheet metrics to explicitly cover the viability of business models and risks from geopolitical developments. Macroprudential instruments are to play a greater role, and resolution plans are to be operationalised more consistently. The authority aims to address weaknesses "swiftly and decisively."

2. Strengthen Operational Resilience

This is where the bridge to DORA is built. BaFin is intensifying examinations in the area of information and communication technology (ICT), building specialist expertise on cyber risks and analysing outsourcing of critical services. The goal is to limit the systemic impact of cyber crises and reduce concentration risks among IT service providers. Given recent large-scale cyber attacks on the financial sector, this objective carries significant operational urgency.

3. Detect Problem Companies Early

BaFin aims to improve its early detection through data-driven analyses and external information sources. Problem companies will be monitored more closely, and measures enforced more consistently – including business restrictions until deficiencies are remedied. For supervised institutions, this means: the era of informally discussing deficits over years is drawing to a close.

4. Combat Money Laundering and Terrorist Financing

BaFin is increasing audit activities and resources in this area, sharpening its focus on payments and the crypto market, and supporting the establishment of the new European Anti-Money Laundering Authority (AMLA). Data-driven supervision and systematic information sharing between stakeholders are central – a signal that the authority considers previous supervisory intensity as insufficient.

5. Ensure Consumer Transparency and Protection

Market analyses are to identify consumer risks before harm materialises. BaFin will take more decisive action against dubious providers and unlicensed operations, examine financial products for genuine consumer benefit, and address the growing influence of social media on investment decisions. The role of digital platforms and finfluencers is thus moving more firmly into the supervisory spotlight.

6. Safeguard Market Transparency and Integrity

The authority is stepping up surveillance of licensing violations and market manipulation. Data analytics and screening procedures will be expanded, and cooperation with law enforcement agencies intensified. A particular focus lies on controlling sustainability reporting – BaFin intends not merely to address greenwashing through regulation but to actively uncover it.

7. Embed Sustainability in Supervision

Environmental, Social and Governance (ESG) risks are being systematically integrated into supervisory practice. BaFin is examining disclosure obligations and taking consistent action against misleading marketing of sustainable financial products. The approach is explicitly risk-oriented: sustainability is not to be a compliance add-on but an integral part of risk management.

8. Support Innovative Technologies Constructively

BaFin is signalling openness to new technologies and business models where they serve consumer interests. Dialogue with market participants is to be intensified, licensing processes accelerated and the supervisory assessment communicated more transparently. For FinTechs and established institutions alike, this is a relevant shift: the authority no longer wants to be merely a gatekeeper but a constructive dialogue partner.

9. Reduce Complexity, Strengthen Proportionality

This objective is the true centrepiece of the paradigm shift. BaFin is advocating at national and European level for less complex, more proportionate and more risk-based regulation and supervision – explicitly "without lowering the safety level." Discretionary margins are to be used in favour of smaller companies, and internal supervisory processes are to be accelerated. For the approximately 950 less significant institutions in Germany, this represents direct relief.

10. Future-Readiness and Attractive Employer

BaFin is also looking inward: interdisciplinary teams, continuous professional development and an open working environment are intended to make the authority more attractive to skilled professionals. IT infrastructure is being modernised, data-driven supervision expanded and paper-based processes systematically eliminated. The latter is no side issue – digitising the authority itself is a prerequisite for effective data-driven supervision.

What Changes for Supervised Institutions

Risk-Based Rather Than Checklist

The shift from rule-based to risk-based supervision sounds abstract but has tangible consequences. Institutions that have hitherto oriented their compliance work around ticking off regulatory requirements must rethink. BaFin will examine more closely whether risk management systems are genuinely effective – not just whether they formally exist. The question is no longer "Do you have the policy?" but "Does your system work in a crisis?"

This requires a cultural shift in many compliance departments. Documentation burden may decrease, but the demand for substance in systems rises. BaFin wants to see results, not paper.

Proportionality as Relief for Smaller Institutions

The proportionality principle has hitherto been more lip service than practice. The new strategy anchors it as a standalone objective. Smaller institutions are to benefit from discretionary margins that BaFin intends to use actively. Combined with BRUBEG, which transposes the Capital Requirements Directive VI (CRD VI) into German law without national gold-plating, a consistent signal emerges: regulation should be proportionate to the actual risk profile.

Data-Driven Supervision Becomes Reality

BaFin is announcing the use of new technologies for supervision and a substantial improvement to its centralised data collection platform. For institutions, this means: the quality of their own regulatory reporting becomes a critical success factor. Those who deliver flawed or inconsistent data will be flagged more quickly than before. At the same time, the digitisation of supervision opens the possibility of accelerating and debureaucratising the dialogue between authority and institution.

Sharpened Focus on Cyber and ICT

The interplay between Objective 2 (operational resilience) and the ongoing DORA implementation signals a notable intensification of ICT examinations. Institutions should expect BaFin to scrutinise cloud outsourcing, concentration risks among critical third-party providers and the effectiveness of incident response processes more intensively than in the previous strategy period.

Assessment: Substance or Strategy Prose?

Strategy papers from supervisory authorities risk remaining mired in generalities. The BaFin objectives 2026–2029 distinguish themselves from their predecessors in three respects.

First: the explicit anchoring of complexity reduction and proportionality as a standalone objective is unprecedented. In the 2022–2025 strategy period, proportionality was a secondary aspect – now it stands on equal footing with financial stability and consumer protection.

Second: the political flanking by the BMF, the Investment Promotion Act and BRUBEG gives the objectives a bindingness that previous strategy papers lacked. BaFin is not acting in isolation but in lockstep with the federal government.

Third: the focus on data-driven supervision and the elimination of paper-based processes addresses a weakness that the industry has criticised for years. If BaFin delivers on this promise, it would represent a genuine efficiency gain for both sides.

The risks lie in execution. Proportionality in a strategy paper is one thing – proportionality in daily supervisory practice quite another. Whether the culture in supervisory teams genuinely shifts from rule-based checking to outcome-oriented supervision will become evident over the next two years. The European dimension – particularly the increasing role of the European Central Bank (ECB) and the European Supervisory Authorities (ESAs) – also limits national scope. Not everything BaFin wishes to simplify lies solely within its remit.

Recommendations for Action

The BaFin strategy 2026–2029 requires supervised institutions to recalibrate their compliance and risk management approaches. Four measures take priority: