Supervisory priorities for 2023-25

Each year, BaFin and the Bundesbank define their supervisory priorities for institutions under national supervision in Germany for the upcoming year. In addition to that, BaFin and the Bundesbank closely monitor current developments at institutions and developments in financial markets, with additional supervisory measures being taken as needed. The defined supervisory priorities remain unchanged.

In a new approach starting this year, the time horizon covered by the supervisory strategy has been extended to three years, with six medium-term supervisory projects being adopted. The supervisory priorities use as their starting point the identified key risks and the supervisory measures for addressing said risks. The Single Supervisory Mechanism (SSM) sets priorities for the SSM as a whole, and these are taken into account when the national priorities are determined. 

In light of macroeconomic developments, there is a danger of credit risk increasing significantly. Soaring prices for energy and energy-intensive commodities in particular are likely to impact primarily on loans to enterprises. Policy rate hikes by central banks in an effort to tame the high rates of inflation are driving up credit risk and could affect demand for real estate. The ongoing rate hiking cycle combined with extensive maturity transformation has the potential to drag heavily on net interest income, while market developments are inflicting losses and write-downs on institutions in the near term. It is for this reason that supervisors are devoting particular attention to interest rate risk and market risk. 

Furthermore, having powerful, state-of-the-art IT systems and being highly resilient to cyberattacks is crucial for keeping operations running smoothly at institutions. Outsourcing material activities and processes remains an ever more important endeavour for institutions, leaving them increasingly reliant on external service providers. In light of these risks, the following two supervisory priorities have been defined for 2023:

1. Monitoring and improving institutions’ resilience to credit risk, interest rate risk and market risk

Work here will play out against the backdrop of current economic developments and the impact of the Russia-Ukraine war, particularly the energy crisis, inflation, rising interest rates and supply chain problems, and includes the following.

  • As a follow-up to the LSI stress test, flagged institutions will be monitored closely, supervisory intensity will be stepped up at institutions in economic distress and, if necessary, institutions will be asked to provide crisis plans.
  • Surveys among institutions and horizontal analyses will be carried out (e.g. concerning the impact on interest rate positions in the trading book and banking book, residential real estate loans, and to review/monitor the impact of the sectoral systemic risk buffer).
  • Priorities will be arranged pursuant to  Section 30 of the German Banking Act and prudential assessments of adequate risk provisioning/ impairment tests will be carried out.

2. Scrutinising and addressing cyber/IT risk in detail

  • More on-site inspections concerning cyber/IT risks will be carried out (including at multi-client IT service providers and at selected payment and electronic money institutions) as a means of examining institutions’ digital operational resilience.
  • These will be rounded out by ad hoc “flash surveys”.


The projects running through to 2025 are as follows:

Medium-term projects up to 2025

Sustainability, climate risk and transformation risk

Activities related to setting framework legislation, incorporating risk into standard prudential processes, carrying out first ESG inspections

Strengthening (quantitative) risk management

Close supervisory monitoring of the changeover to new internal capital adequacy perspectives, including ICAAP inspections and “pilot inspections” at multi-client service providers

Accompanying institutions in the digital transformation process

Create a secure regulatory and supervisory framework, survey institutions to determine the state of play, use insights gained to design future activities, e.g. surveys, inspections


Intensive engagement with senior management/supervisory bodies, priorities set under Section 30 of the Banking Act and horizontal analyses of selected aspects

Further development of data-driven analyses

Develop new capabilities to enable supervisors to analyse and evaluate data with the aid of modern technologies

Enhancing prudential reporting

Work on ways to make it easier to implement reporting requirements, actively monitor the introduction of the ESCB’s Integrated Reporting Framework (IReF)