On January 28, 2026, the German Federal Financial Supervisory Authority (‘BaFin’) has published its report “Risks in BaFin´s Focus 2026””. In BaFin´s view, the positive mood in the financial markets is marked by obscuring factors that can impact financial stability such as geopolitical turmoil and advancing digitalisation which is not only increasing the operational risks that arise from internal processes, systems or human error, but also the risk of misuse.

BaFin announced that in 2026, it will focus on a total of nine risks, six financial market risks (I), and three risks for consumers (II). In the publication also addresses three significant trends (III): digitalisation, sustainability and geopolitical turmoil. BaFin highlighted that it will remain essential that supervised institutions appropriately handle risks arising from those longer-term trends.

Given BaFin´s integrated approach on consumer protection and solvency supervision, BaFin has included consumer risks in this year’s report for the first time.

A summary of the nine risks and trends is included below:

I             Financial Market Risks

  1. Risks arising from significant corrections on the international financial markets

Notwithstanding seemingly positive price developments, the situation across the financial markets remains fragile. BaFin has identified that international trade conflicts, the high levels of government debt in some key industrialised nations and spiking valuation levels – as seen in the technology sector – could precipitate a significant price correction. Market risks can be further exacerbated if banks and non-bank financial intermediaries are interconnected.

In mitigation against this risk BaFin will focus on the valuation of market risk and the implementation of liquidity management tools. According to the report BaFin will continue to identify supervised companies with high and risky exposures that are dependent upon the financial markets. In particular, BaFin will analyse the holdings of government bonds and their interconnectedness with non-bank financial intermediaries. BaFin will also analyse the vulnerability of banks to disruptions on the US dollar financing markets. BaFin will support German asset managers with their risk-appropriate implementation of liquidity management tools and also prepare for the introduction of liquidity risk management plans that insurance companies must implement by 29 January 2027.

  1. Risks arising from corporate loan defaults

In light of the present economic situation in Germany, BaFin has also identified the risk of corporate loan defaults. According to BaFin the current trade tensions threaten to severely impact the German economy and are reflected in the rising trend of insolvencies. This increase in insolvencies was accompanied by an increase in the proportion of non-performing loans at German banks.

BaFin will therefore continue to closely monitor the credit risks of banks and insurers in 2026. BaFin’s line of approach will include maintaining the countercyclical capital buffer on all domestic risk exposures and monitoring corporate loans that could be particularly exposed to the present economic uncertainty. BaFin accounted that it will also review the standards for lending to high-risk sectors. BaFin announced that it will identify particularly exposed institutions, especially in the commercially real estate sector, continue to conduct special inspections of lending business and analyse the interconnectedness between banks and non-bank financial intermediaries such as private debts funds. BaFin also outlined its approach in relation to the risk management for insurers. 

  1. Risks arising from the commercial real estate markets

While the German residential real estate market enjoys a stable progression, BaFin has identified the fragility of the German commercial real estate market (which also includes commercial real estate funds or real estate companies) as a risk for 2026. Although prices within the market are rising moderately, transaction volume remains very low owing to weak demand. BaFin warns that weak economic growth also threatens further price drops as investors increasingly prefer other investment opportunities. BaFin will respond to this risk by carrying out further cross-sectional analyses to identify risks such as concentrations or defaults in the commercial real estate lending business at an early stage. It will also analyse whether banks are estimating the value of their commercial real estate regularly and appropriately, with special inspections to be conducted for banks with a high exposure in the commercial real estate market.

  1. Risks arising from cyber incidents with serious consequences

Due to the present geopolitical tensions and the increasing use of complex IT systems and artificial intelligence, BaFin warns of the significant threat of serious cyber incidents. Such incidents could include the leaking or seizure of confidential data held by financial institutions. Under the Digital Operational Resilience Act, which has been in force since 17 January 2025, BaFin acts as the German financial sector reporting hub. In 2026, BaFin will adopt a leading role in bolstering cyber resilience across the German financial sector. In so doing, BaFin will act as the reporting hub for serious cyber incidents affecting the German financial sector. It shall also produce a comprehensive overview of cyber risks, in addition to participating in national and international crisis co-operation, and prevention and resilience testing.

  1. Risks arising from market concentration due to the outsourcing of ICT services

Throughout the digital transformation, we have become increasingly dependent on information and communication services (ICT services) from a very small number of providers, predominantly based outside Germany in other EU member states or third countries, but there are also concentrations in Germany which also has resulted in an increase of market risk concentration due to the outsourcing of ICT services. BaFin will continue to analyse the risks associated with financial sector companies outsourcing to ICT providers. As part of its strategy BaFin will use the DORA register of information for sector-wide analyses of ICT third-party relationships. BaFin will continue to monitor multi-client service providers.

  1. Risks arising from insufficient measures to prevent money laundering and terrorist financing

Against the backdrop of rising geopolitical tensions, the continuing fragmentation of the payment landscape and the expansion of cryptocurrencies, BaFin warns of the risk that financial providers may be misused for money laundering and terrorist financing. Additionally, owing to its size, heterogeneity and location at the centre of Europe, BaFin warns that the German financial market is particularly at risk. BaFin highlighted that the risk of money laundering is rising in tandem with the growing number of transactions on the crypto market which will result in an increasing likelihood that existing control mechanism re being circumvented by crypto transactions. According to the report another significant risk is posed by payment service providers and the growing online commerce which are making the security measures of payment service providers all more critical.

To guard against this risk, BaFin will maintain high levels of inspection and supervision. These will be focused on the banking sector and, particularly, on the non-banking sector. BaFin will also focus on ensuring that obliged entities improve their transaction monitoring and data analysis. BaFin will make use of the tighter legal framework created by the European Money Transfer Regulation and the amendments to the German Money Laundering Act (Geldwäschegesetz – GWG)

II Consumer Risks

In addition to the above listed risks facing the financial markets, BaFin has also identified three risks facing consumers in 2026.

The first risk highlighted by BaFin is the amount of over-indebted consumers financing on credit. The report highlights the risks arising from the “buy now, play later” market. Consumers are currently not protected by the regulations for general consumer loans in the case of micro and short-term loans.  Although this gap in consumer protection has been filled by the amendment to the Consumer Credit Directive, which will come into force in Germany on 20 November 2026, BaFin still sees consumer risk arising from the BNPL market. BaFin will proceed monitoring compliance with the regulatory requirements for consumer loans, focusing particularly on the “buy now, pay later” market. Concurrently, BaFin will also augment its information services in an attempt to increase financial literacy amongst consumers.

The second risk facing consumers identified by BaFin is investment in crypto assets and the influence on investment behaviours by so-called finfluencers online. Consumer protection in relation to the investments in crypto assets was strengthened with the entry into force of the Financial Market Digitalisation Act (Finanzmarktdigitalisierungsgesetz – FinmadiG) which implements, among other things, the Markets in Crypto-Assets Regulation (MiCAR) into national law. However, according to BaFin the crypto markets continues to pose risks. – Again, BaFin will seek to inform consumers as to the risks of the crypto investments. Moreover, while not responsible for their direct supervision, BaFin will however supervise finfluencers when they provide investment advice or make investment recommendations. Finfluencers  – like any other person -are also subject to the market abuse rules of MiCAR, such as the prohibition of market manipulation and insider dealing.

The third identified risk facing consumers is the costs for endowment insurance, with some products said to be unreasonably expensive. BaFin has vowed to continue ensuring that the endowment insurance policies sold by insurers represent value for money. Towards this goal, BaFin will seek to combine clear supervisory expectations with risk-based market surveillance.

III Significant trends

  1. Digitalisation

The digital transformation of the financial sector continues to accelerate. Particularly striking developments include the significant growth of stablecoins denominated in US dollars and the rapid advancement and use of artificial intelligence. In BaFin´s view, both developments present opportunities as well as risks. BaFin will continue to closely monitor and evaluate digital innovations on the financial markets.

  1. Sustainability

According to BaFin and the German Federal Government’s Sustainable Finance Advisory Committee, the financial sector faces two major challenges posed by ongoing climate change: first, it must quantify and manage the financial risks associated with climate change and biodiversity loss. Second, the industry needs to harness its investment activities, lending and insurance services to support the real economy in its transformation towards decarbonisation and adaptation to climate change. Financial companies should manage their sustainability risks effectively not just to ensure that they can provide financial support for the ecological transition, but also in their own interest. In 2026, BaFin will intensify its oversight of physical climate risks and the prevention of greenwashing involving questionable products. As part of its strategy BaFin will examine ESG issues in greater depth at banks as part of the Internal Capital Adequacy Assessment Process and when reviewing lending activities. BaFin will conduct checks to ensure compliance with the requirements of the EU Sustainable Finance Disclosure Regulation (SFDR), In addition BaFin announced that it will make even greater use of its legal powers when reviewing base prospectuses and the related advertising for securities issues in order to prevent green washing more effectively.

  1. Geopolitical turmoil

While geopolitical developments do not constitute a separate risk category, they affect almost all the types of risks relevant for supervision that are faced by supervised entities. Negative effects may be direct (e.g. through credit and market risk exposures in affected regions), indirect (e.g. through disruptions in foreign trade and supply chains) or hybrid in nature (e.g. through cyberattacks or acts of sabotage). In this context, BaFin addresses, inter alia, the global trade order´s radical change, the potential impact of geopolitical conflicts and the increasing risk of state-sponsored cyberattacks. BaFin will ensure that financial institutions address geopolitical risks appropriately in their risk management.