Overview
The Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin), translated as the Federal Financial Supervisory Authority, is Germany's integrated financial supervisory authority. It is an independent federal institution headquartered in Bonn and Frankfurt, operating under the legal and technical oversight of the Federal Ministry of Finance. BaFin is Germany's unified regulator for banks, financial services providers, insurance undertakings, securities trading, payment institutions, e-money institutions, crypto custody services, and investment firms.
Basic Identity
Field | Value |
|---|---|
Official Name (English) | Federal Financial Supervisory Authority Bafin |
Official Name (Local Language) | Federal Financial Supervisory Authority Bafin |
Acronym | BaFin |
Country | Germany |
Jurisdiction Level | National |
Official Website | |
Official Website Language(s) | German (primary), English (partial) |
Headquarters | Bonn and Frankfurt, operating under the legal and technical oversight of the Fed |
Year Established | 1952 |
Current Status | Active |
Classification
Field | Value |
|---|---|
Entity Type | Official Regulator |
Control Layer | Layer 1 — Sovereign/Government Regulator |
Legal Authority Level | Binding |
Jurisdiction Level | National |
Scope of Power | Licensing, Supervision, Enforcement, Rulemaking |
Inclusion Justification
Field | Value |
|---|---|
Why This Entity Is Included | Government-backed financial regulatory authority with statutory licensing, supervisory, and enforcement powers |
Type of Influence | Direct |
Exclusion Risk | Removes a key financial regulatory authority from the jurisdiction's control map |
What This Entity Oversees
Regulated Entities
BaFin supervises approximately:
2,700 banks (credit institutions and branches of foreign credit institutions)
800 financial services institutions (including investment firms, brokers, and fund managers)
700+ insurance undertakings (life, property and casualty, reinsurers)
Payment institutions and electronic money (e-money) institutions
Crypto asset service providers (CASPs) holding crypto custody licenses
Securities trading firms and investment advisors
Supervisory Authority and Control
BaFin exercises binding supervisory authority over all regulated entities within its jurisdiction. As a Layer 1 control authority, BaFin's regulatory determinations are enforceable and legally binding, with violation subject to administrative and criminal penalties under German financial law.
Crypto Asset Custody and Regulation
Regulatory Framework
BaFin has been at the forefront of crypto regulation since 2020, requiring all entities storing crypto assets for clients to obtain licenses. Germany's regulatory approach was formalized under MiCAR (Markets in Crypto-Assets Regulation), which came into effect on 1 January 2025, and has been transposed into German law through amendments to the Banking Act (KWG).
Crypto Asset Service Provider (CASP) Licensing
Scope of CASP Authorization
The crypto custody license permits:
Custody and administration of crypto assets on behalf of clients
Safeguarding of digital asset keys and wallet management
Mixed portfolios combining crypto with traditional financial assets
Multi-signature and cold storage solutions
Account reconciliation and reporting services
Services requiring CASP authorization:
Custody of crypto assets for clients
Operation of crypto trading platforms
Exchange of crypto for fiat currency
Exchange of crypto for other crypto assets
Crypto-to-crypto conversion services
Portfolio management involving crypto assets
Authorization Requirements
BaFin's authorization process requires 47 separate documentation components. Key requirements include:
Minimum capital: EUR 150,000 initial capital
Ownership structure: Reliable and fit-and-proper owners
Management team: Qualified, experienced, and honest managing directors
Risk management: Comprehensive operational and cybersecurity frameworks
Customer protection: Segregation of client assets and custody procedures
AML/CFT compliance: German Money Laundering Act (GwG) compliance
Business continuity: Disaster recovery and operational resilience planning
Regulatory Timeline
Processing time: Average of 7.2 months
MiCAR implementation: Fully effective since 1 January 2025
Transitional provisions: Legacy crypto businesses given grace periods for compliance
Anti-Money Laundering and Compliance Obligations
Key obligations:
Customer Due Diligence (CDD) - Identity verification and beneficial ownership verification
Enhanced Due Diligence (EDD) - High-risk customers and jurisdictions
Transaction monitoring - Detection of suspicious activity patterns
Crypto Asset Transfer Regulation (CATR) - Specific due diligence for crypto transfers
Reporting - Suspicious transaction reporting (STR) to Financial Intelligence Unit (FIU)
European Regulatory Integration
Authority Status Within EU Framework
European Banking Authority (EBA) - Banking regulation and supervision
European Insurance and Occupational Pensions Authority (EIOPA) - Insurance and pension scheme oversight
European Securities and Markets Authority (ESMA) - Securities market regulation
Supervisory Colleges and Coordination
BaFin participates in:
Single Supervisory Mechanism (SSM) - Joint ECB-BaFin supervision of significant banking institutions
Banking Union governance - Asset Quality Review (AQR) and stress testing
European Systemic Risk Board (ESRB) - Macroprudential surveillance
AML/CFT coordination - Information sharing through FIU and Europol networks
Current Supervisory Priorities (2026)
Risk Assessment and Focus Areas
BaFin publishes annual risk assessments in its "Risks in BaFin's Focus" publication. For 2026, identified supervisory priorities include:
Digital investment services - High-risk exposure to retail investors in digital assets and cryptocurrencies
Short-term and unsecured lending - Rapid growth in high-cost consumer credit
Property fund stability - Increasing risks in smaller real estate funds
Cyber resilience - Operational technology and data security threats
Geopolitical disruption - Financial system stability under international tensions
Artificial intelligence in financial services - Model validation and governance frameworks
Regulatory Modernization Initiatives
MaRisk Amendment (9th Amendment):
BaFin issued a draft for the 9th Amendment of the Minimum Requirements for Risk Management (MaRisk - Mindestanforderungen an das Risikomanagement) on 1 April 2026, with industry consultation period. MaRisk establishes foundational risk management standards for all institutions under BaFin supervision.
Legal Instruments and Powers
Primary Legal Authorities
BaFin's regulatory powers are grounded in:
Banking Act (Kreditwesengesetz - KWG) - Core banking supervision framework
Securities Trading Act (Wertpapierhandelsgesetz - WpHG) - Securities market conduct
Insurance Supervision Act (Versicherungsaufsichtsgesetz - VAG) - Insurance regulation
Payment Services Supervision Act (Zahlungsdiensteaufsichtsgesetz - ZAG) - Payment services
Money Laundering Act (Geldwäschegesetz - GwG) - AML/CFT compliance
BaFin Statutes (Satzung) - Organizational governance
Enforcement Powers
BaFin exercises extensive enforcement authority:
Licensing and authorization - Grant, revoke, or condition operating licenses
Supervisory measures - On-site examinations, remote audits, and data requests
Administrative penalties - Fines up to EUR 10 million or 10% of annual revenue
Operational restrictions - Prohibition of activities, account freezing, asset seizure
Emergency intervention - Receivership, asset transfer, or wind-down procedures
Market conduct enforcement - Market manipulation, insider trading, and conduct rule violations
Funding and Operational Structure
Financial Model
BaFin is funded through:
Fees and contributions from supervised institutions
Budgetary allocation from the Federal Ministry of Finance
User fees for specific licensing and approval services
This model ensures operational independence while maintaining accountability to the Federal Ministry of Finance and the German Parliament.
Employment and Workforce
BaFin employs over 1,500 regulatory professionals, economists, technology specialists, legal experts, and support staff across its Bonn and Frankfurt offices.
Key Prudential Standards
BaFin enforces European and German prudential standards including:
Capital Requirements Regulation (CRR/CRD IV) - Minimum capital ratios and buffers
Anti-Money Laundering Directive (AMLD5/AMLD6) - AML/CFT compliance
Markets in Crypto-Assets Regulation (MiCAR) - Crypto service provider requirements
Deposit Guarantee Scheme Directive (DGSD) - Depositor protection
Central Bank payment system participation - TARGET2 and other core infrastructure
Consumer Protection Standards
Payment Services Directive (PSD2/PSD3) - Consumer rights and redress
Distance Marketing Finance Directive (DMFD) - Remote sales regulations
Insurance Distribution Directive (IDD) - Insurance product governance
Investor Compensation Scheme Directive (ICSD) - Investor protection up to EUR 20,000
Performance Indicators (2026)
Authorization processing time (Payment Institutions): 90-120 days typical
Authorization processing time (Crypto Custody): 180-240 days (7.2 months average)
On-site examination frequency: Annual for significant institutions; multi-year cycles for smaller entities
Supervisory staffing per institution: Average 2-4 dedicated supervisors per significant bank
Regulatory technology investment: Ongoing modernization of supervisory tools and data analytics
Conclusion
BaFin stands as one of Europe's most comprehensive and integrated financial supervisors, combining banking, insurance, securities, and payment services regulation under a unified structure. Established through the FinDAG 2002 merger and headquartered in Bonn and Frankfurt, the authority has evolved to meet contemporary challenges including cryptocurrency regulation, digital finance services, and cross-border payment innovation. With binding Layer 1 authority over approximately 4,200+ active regulated entities and 1,500+ supervisory professionals, BaFin plays a central role in maintaining financial stability, consumer protection, and market integrity across Germany's financial system and European markets.
Regulatory Powers
This entity exercises integrated regulatory powers across multiple financial sectors:
Power | Description |
|---|---|
Multi-Sector Licensing | Issues licenses for banking, insurance, securities, and/or payment services |
Prudential Supervision | Conducts prudential oversight of all regulated financial institutions |
Conduct Supervision | Monitors market conduct and consumer protection compliance |
Enforcement | Investigates violations, imposes penalties, and takes corrective actions |
Payment Services Oversight | Regulates payment service providers and payment institutions |
AML/CFT Supervision | Supervises compliance with anti-money laundering requirements across sectors |
Rulemaking | Issues regulations and guidelines binding on all regulated entities |
Systemic Risk Monitoring | Monitors systemic risks to financial stability |
Regulatory Role and Function
BaFin is led by a Board consisting of:
President - Executive head of the authority
Four Executive Directors overseeing:
Securities supervision
Banking supervision
Insurance supervision
Cross-functional areas and internal administration
Current Leadership
Mark Branson has served as President of BaFin since August 2021. Branson, born in the United Kingdom in 1968, leads the organization's modernization efforts and strategic direction.
Key Contact Information:
Head of Communications and President's Spokesperson: Phone: +49 (0) 228 / 4108-4629; Email: [email protected]
Head of Press Relations and Social Media: Phone: +49 (0) 228 4108-7094; Email: [email protected]
Official Website: https://www.bafin.de
BaFin's organizational framework comprises operational pillars and cross-organizational departments:
Operational Pillars (Sectors)
The authority is organized into specialized divisions with dedicated supervisory responsibilities:
Banking Supervision Division - Oversight of credit institutions, payment institutions, and financial services providers
Insurance Supervision Division - Regulation of insurance undertakings and occupational pension schemes
Securities Supervision Division - Market conduct, trading venue supervision, and securities regulation
Payment Services and FinTech Division - Payment institutions, e-money institutions, and crypto custody authorization
Cross-Organizational Departments
Supporting departments include:
Risk Modeling and Analysis
Anti-Money Laundering (AML) and Counter-Terrorist Financing
International Cooperation and Regulatory Affairs
Human Resources and Administration
Financial Reporting Enforcement
As defined in the BaFin Statutes, the organizational structure is established by the President with approval of the Federal Ministry of Finance.
Legal Foundation
BaFin was established on 1 May 2002 through the merger of three predecessor agencies under the Financial Services Supervision Act (Gesetz über die integrierte Finanzaufsicht, known as FinDAG), which was enacted on 22 April 2002. This landmark legislation consolidated:
Bundesaufsichtsamt für das Kreditwesen (BAKred) - Federal Banking Supervisory Office
Bundesaufsichtsamt für das Versicherungswesen (BAV) - Federal Insurance Supervisory Office (established 1952 in West Berlin; relocated to Bonn in 2000)
Bundesaufsichtsamt für den Wertpapierhandel (BAWe) - Federal Supervisory Office for Securities Trading (established 1995 in Frankfurt)
The primary objective of the FinDAG 2002 was to create a single integrated financial regulator capable of supervising all financial markets under one unified authority, eliminating regulatory fragmentation and enhancing supervisory coordination.
Licensing and Authorization Relevance
Official Registers
ZAG Register (Payment Institutions and E-Money Institutions) - Public database of authorized payment service providers
Bank Register - Register of authorized credit institutions
Insurance Register - Register of authorized insurers
Organizational Chart (PDF) - Current BaFin organizational structure
Main Office Locations
Bonn Office - Graurheindorfer Straße 108, 53117 Bonn, Germany
Frankfurt Office - Lurgiallee 12, 60439 Frankfurt am Main, Germany
Inquiry and Support
General inquiries: Phone: +49 (0) 228 4108-0 | Email: [General contact form available on website]
Licensing questions: Dedicated application portals for payment institutions, e-money institutions, and crypto custody
Supervisory concerns: Anonymous whistleblower hotline available
Payments and Money Movement Relevance
Legal Framework
BaFin oversees payment institutions and e-money institutions under the Payment Services Supervision Act (ZAG - Zahlungsdiensteaufsichtsgesetz), which implements the European Union's Payment Services Directives.
Payment Institutions (Section 10 ZAG)
Entities wishing to provide payment services as a payment institution in Germany require written authorization from BaFin. BaFin maintains a public register of authorized payment institutions pursuant to Section 34 ZAG and Section 43(1) ZAG.
Authorization Requirements:
Documented business plan with risk management framework
Sufficient initial capital (minimum thresholds vary by institution type)
Reliable ownership structure
Qualified and fit-and-proper managing directors
Professional indemnity insurance or equivalent guarantee
E-Money Institutions (Section 11 ZAG)
E-money institution licensing is governed by Section 11 ZAG. An e-money institution license permits:
Issuance of electronic money
Provision of all payment services under PSD2/PSD3
Automatic authorization to offer complete payment service offerings
PSD2 and PSD3 Implementation
BaFin implements the European Payment Services Directive 2 (PSD2) through German law and is actively managing the transition to PSD3.
PSD2 Supervisory Requirements
BaFin oversees authorization procedures and ongoing supervision under PSD2. Key requirements include:
Payment Initiation Services (PIS) - Requires BaFin authorization
Account Information Services (AIS) - Requires registration with BaFin
Open Banking/Open Finance - Supervised under BaFin's FinTech division
Strong Customer Authentication (SCA) - Enforcement and oversight
Payment transaction security - Operational resilience standards
PSD3 Transition and Grandfathering
Under the new PSD3 framework:
EMIs are reclassified and aligned with payment institutions
Existing PSD2 licensees benefit from phased transition periods
18-month deadline: Capturing of existing PSD2 licenses
24-month deadline: Final compliance deadline and end of grandfathering period
BaFin manages orderly migration to PSD3 requirements
Freedom of Establishment and Passport Rights
BaFin facilitates cross-border passport rights for payment institutions and e-money institutions within the European Economic Area (EEA). Payment service providers authorized by BaFin may:
Establish branches in other EEA member states without separate authorization
Provide payment services across the EEA under freedom to provide services
Operate under the "pass-through" provisions of PSD2/PSD3
Payment Systems Governed or Overseen
The Federal Financial Supervisory Authority Bafin has the following relationship to payment infrastructure in Germany:
Function | Relationship to Payments |
|---|---|
Regulatory Oversight | Exercises supervisory authority over entities involved in payment activities within its mandate |
Licensing | Issues authorizations to entities within its regulatory scope that may include payment-related activities |
AML/CFT Compliance | Ensures regulated entities meet anti-money laundering requirements applicable to payment activities |
Consumer Protection | Enforces consumer protection standards for financial services including payment-related products |
This entity's role in payment systems is primarily regulatory and supervisory rather than operational. It does not directly operate national payment infrastructure but contributes to the regulatory framework governing payment activities in Germany.
Relationship to Other Regulators
The Federal Financial Supervisory Authority Bafin operates within Germany's broader financial regulatory architecture and maintains relationships with:
Counterpart Type | Relationship |
|---|---|
Central Bank | Monetary policy and financial stability coordination |
Ministry of Finance / Treasury | Policy coordination and legislative framework |
Financial Intelligence Unit (FIU) | AML/CFT information sharing |
Other Financial Regulators | Cross-sector coordination and information sharing |
International Organizations | Cooperation through relevant international standard-setting bodies |
Geography and Jurisdiction Notes
Field | Value |
|---|---|
Applies Nationwide | Yes |
Applies at State or Sub-National Level Only | No |
Cross-Border or Regional Reach | No |
Special Territorial Notes | National jurisdiction within Germany |
Important Departments and Divisions
Division / Department | Primary Function |
|---|---|
Supervision Division | Oversight of regulated entities |
Licensing Division | Processing of applications and authorizations |
Enforcement Division | Investigation and prosecution of violations |
Policy and Research Division | Regulatory policy development |
Compliance Division | AML/CFT and regulatory compliance monitoring |
Key Public Resources
Resource | URL |
|---|---|
Official Website | |
Laws and Regulations | [Verify on official website] |
Licensing Information | [Verify on official website] |
Publications and Reports | [Verify on official website] |
Consumer Information | [Verify on official website] |
Notes on Naming and Language
Field | Value |
|---|---|
Preferred English Rendering | Federal Financial Supervisory Authority Bafin |
Official Local-Language Rendering | Federal Financial Supervisory Authority Bafin |
Primary Language | German |
English Availability | Partial |
Official Website Language(s) | German (primary), English (partial) |