Germany’s finance watchdog BaFin to increase IT inspections amid AI risks

Germany's financial regulator is rearming. On Tuesday, BaFin President Mark Branson warned that advances in artificial intelligence have escalated cyber risks from manageable to "substantial," and announced the creation of a dedicated unit to conduct targeted inspections at banks, insurers, and other financial firms. The move amounts to a structural admission: the supervisory toolkit designed for an era of conventional IT audits is insufficient for an era in which generative models can scan, probe, and breach both legacy and modern infrastructure at machine speed.

Branson's warning was specific. New-generation AI models, he said, are capable of detecting security gaps in IT systems "with extreme speed" — a capability that cuts both ways. The same technology that allows a financial institution to automate threat detection also arms adversaries with a reconnaissance engine that can map vulnerabilities faster than patch cycles can close them. The regulator's concern is not theoretical. A survey cited by BaFin found that 39% of cooperative banks had already incurred compliance-related losses of at least $250,000, a data point that Branson explicitly linked to the rationale for heightened oversight.

From Periodic Audits to Continuous Risk Assessment

The new unit represents more than an incremental staffing increase. It signals a shift in supervisory method. BaFin has indicated that its 2026 audit programme will be "risk-based and spread throughout the year," departing from the fixed-schedule inspections that previously characterised its approach. The change is procedural but its implications are operational: financial institutions can no longer prepare for a known inspection window. They must assume that an audit — and a targeted one, focused on AI and ICT risk — could arrive at any point in the calendar.

The scope of these inspections will be shaped by the regulatory architecture that has been accumulating over the past eighteen months. The Digital Operational Resilience Act (DORA), which took full effect in January 2025, provides the legal chassis. BaFin has made clear that DORA's requirements — ICT risk management frameworks, incident reporting protocols, third-party oversight, and annual cyberattack testing — will form the baseline against which institutions are measured. The regulator's DORA supervisory inspection procedure is "designed on a modular basis," allowing examiners to probe specific ICT risk areas rather than conducting blanket reviews.

The AI-Specific Overlay

What distinguishes the new inspection regime from standard DORA compliance audits is the AI-specific guidance BaFin issued in December 2025. That guidance, published jointly with Germany's Federal Ministry of Finance, requires financial institutions to conduct a complete inventory of their AI systems and to integrate AI governance into existing ICT risk management frameworks. The regulator is demanding that AI systems be "consistently governed, secured, and monitored" across their entire lifecycle — from development and deployment through to decommissioning.

The guidance identifies AI-specific risks that fall outside conventional IT risk taxonomies: model drift, data poisoning, prompt injection, and the opacity of black-box decisioning are all flagged as requiring distinct mitigation strategies. BaFin's position is that AI risk cannot be treated as a subset of operational risk; it requires its own governance architecture, and that architecture must be demonstrable to an examiner on demand.

The Broader Regulatory Context

BaFin's move sits within a dense regulatory landscape. The EU AI Act's high-risk classification requirements for financial services become enforceable in phases starting August 2, 2026, with certain provisions potentially extending to December 2027 under the Digital Omnibus still in trilogue negotiations. The European Banking Authority has committed to promoting a "common supervisory approach" across national regulators for AI Act implementation in the banking and payments sector through 2026–2027. BaFin, as the national competent authority for Europe's largest economy, is effectively front-running that harmonisation.

The regulator has also been expanding its mandate on third-party risk. Under DORA, BaFin is responsible for overseeing critical ICT third-party service providers to the financial sector — cloud providers, data analytics firms, and increasingly, AI model vendors. The new inspection unit will have visibility into those dependencies, with the authority to examine not just how a bank manages its AI systems, but how its vendors do.

The Preparedness Gap

The financial industry's readiness for this level of scrutiny is uneven. BaFin's first-year DORA findings, published in late 2025, identified "valuable insights" into how institutions manage — and in some cases fail to manage — ICT risks, incidents, and third-party dependencies. The regulator has offered limited concessions, including simplified first-time audit requirements, but has been clear that the full DORA audit regime will apply from the 2025/26 financial year onward, with all findings to be reported comprehensively.

For banks and insurers operating in Germany, the new inspection unit changes the compliance calculus. It is no longer sufficient to demonstrate that an AI system functions as intended. Institutions must now demonstrate — to a regulator that has built a specialised team to ask precisely these questions — that the system is governed, that its risks are mapped, that its third-party dependencies are documented, and that its vulnerabilities are patched at a tempo that matches the threat landscape. The burden of proof has shifted, and BaFin has signalled that it is prepared to enforce it.