The national supervisory programme (NSP) contains the supervisory priorities jointly defined each year by the Federal Financial Supervisory Authority (BaFin) and the Bundesbank for the institutions subject to national supervision in Germany. These priorities are the outcome of a comprehensive assessment of the risks and the areas of activity of the institutions under supervision. The second step is to formulate supervisory measures to address those risks and areas of activity. In parallel to this, the Single Supervisory Mechanism (SSM) sets priorities for the SSM as a whole, and these feed into the formulation of the national priorities. In addition to the priorities for 2026, medium-term supervisory priorities up to 2028 are identified that take into account structural and medium-term challenges facing the banking sector.

Furthermore, BaFin and the Bundesbank closely monitor current developments at institutions and developments in financial markets and take additional supervisory measures where necessary and adapt the focus areas of supervision.

Intense uncertainty is shaping the economic situation in Germany and is being driven to a significant extent by factors including geopolitical volatility. The foreign and trade policy of the United States, wars and global conflicts are leading to volatile financial markets and a deterioration in the global economic outlook, and in particular the economic outlook for Germany as a heavily export-oriented country. Starting in 2026, though, the expansionary national fiscal policy stance should help the German economy recover significantly.

A worsening in the already tense global political situation could further increase the need for impairments in the loan portfolio and thus ultimately also impact the profitability of German institutions. Credit risk indicators are deteriorating in many segments for both enterprises and households. Market risks and turmoil in the financial markets pose an additional challenge, which can affect both the stability of institutions and the supply of credit to the real economy.

Residential real estate lending is a key component of the business model for a large portion of German credit institutions and thus an important income component. There are currently signs of positive developments in new business. The commercial real estate (CRE) market may have recently bounced back somewhat from the slump triggered by the turnaround in interest rates, but only time will tell if this recovery will last. Overall, risks in the commercial real estate sector remain elevated. Lending standards and risk management therefore remain an area of focus for supervisors. 

In addition, sound governance has a significant impact on an institution's long-term stability. Weaknesses in the business organisation and governance in particular may lead to risks being misassessed or to bad decisions. This applies all the more in an environment characterised by rapid change and uncertainty. 

The risk of cyberattacks is persistently high, partly owing to ongoing geopolitical tensions. At the same time, the outsourcing of key IT activities and processes and the technological dependence on a few service providers are factors that are continuing to grow in importance. Moreover, banking business is becoming increasingly digital through the use of innovative technologies such as blockchain and artificial intelligence. From a supervisory perspective, it is important for institutions to identify the potential of cyber and IT risks, take into account possible concentrations on multi-client service providers and implement the requirements of the Digital Operational Resilience Act (DORA).

In light of these developments and risks, BaFin and the Bundesbank have defined the following supervisory priorities and their main areas of action for 2026:

1. Economic environment, incl. geopolitical uncertainty

• Developments in lending standards, credit default ratios and collateral values are monitored on an ongoing basis.
• Monitoring the adequacy of lending processes, risk provisioning and risk management is ensured through impairment tests, targeted reviews and supervisory dialogues.
• The LSI stress test will be carried out in 2026.

2. IT security

• The aim is to identify the risk potential presented by cyber/IT risks, including concentrations on third-party providers (especially cloud providers).
• Implementation of DORA requirements is checked by means of thematic reviews and supporting analyses at selected institutions and their IT service providers. Identified gaps are addressed in a risk-oriented manner. 

3. Governance

• Identification and sanctioning of institutions with governance vulnerabilities and misconduct. The focus is increasingly on ensuring that top management and the supervisory body are qualified. This is done partly through special audits with specific audit modules.
• Review of specialist and technical data quality in the context of reporting, especially at network institutions. 

In summary, it can be said that geopolitical tensions and therefore economic uncertainties have again grown in significance compared to 2025. In this regard, German supervisors will pay particular attention to the effects and risks in the real estate market and institutions’ lending standards and risk management. As national priorities, IT security and governance also remain under supervisory scrutiny.