Fit & Proper 2025: How You Will Safely Meet the New BaFin Requirements

🚀 Many boards are lulled into a false sense of security.

Once accepted by BaFin as “fit & proper” – and that’s it? Unfortunately, no. With the new Circular 2025, BaFin is tightening the screws significantly. Suddenly, old experience values are no longer sufficient, new requirements such as ESG knowledge, IT understanding, and digital resilience come into focus.

Even more critically: BaFin will soon require an active self-assessment and regular proof. Ignoring this risks not only reputational damage – but also your own admission and personal liability.

In this article, we show you which new requirements are really important – and how you can proactively and audit-proof set yourself up.

The term “Fit and Proper” comes from English supervisory law and translates to “suitable and reliable”. BaFin uses this to check whether members of management, supervisory board, or other key individuals in banks and financial service providers are professionally suitable and personally reliable. The goal is to ensure that only individuals with sufficient qualifications and integrity are in key positions – to protect the financial system and customers.

Why Are There New Rules?

The previous Fit-and-Proper regulations of BaFin were spread over several information sheets and were partly outdated. In addition, there are new European requirements in recent years, for instance, through the EBA/ESMA guidelines and the Risk Reduction Act. Digitization and the associated risks – keyword cybersecurity – also call for new skills in management. BaFin wants with the new Circular to:

• Enhance legal certainty
• Unify regulations
• Strengthen IT competence
• Improve transparency
• Implement European guidelines

Overview of the Main Innovations

1. One Document for All

Instead of many individual information sheets, there will soon be one unified circular. This makes the application significantly easier and clearer for you as a manager or supervisory board member.

2. Focus on IT Competence

Digitization is indispensable in the financial sector. Therefore, BaFin now requires provable IT knowledge for executives. You must demonstrate that you understand and can manage the risks and opportunities of digitization. This not only concerns classic IT topics like data protection or cybersecurity but also an understanding of digital business models and innovations.

Tip: Consider how you can prove your IT competencies – for example, through certificates, training, or practical experience.

3. Stricter Review of Time Availability

In addition to professional suitability, BaFin is now looking even more closely at your time availability. You must prove that you have enough time for your mandate – even in times of crisis. Taking on too many mandates simultaneously or not being present enough risks a fine of up to five million euros.

Important: BaFin requires an honest self-assessment and, if necessary, proof of how you organize your time.

4. More Transparency and Documentation Obligations

The new rules bring increased transparency. You must document your qualifications, experiences, and time availability in detail. BaFin now also provides specific completion instructions so you know what is expected.

5. Consideration of the Risk Reduction Act

The new Circular implements the requirements of the Risk Reduction Act. This means: The requirements for managers and supervisory boards are further adjusted to the actual risks and the size of the institution.

6. Target Audience: Who Is Affected?

The new rules apply to all institutions under national BaFin supervision (so-called Less Significant Institutions, LSI). For the large, significant banks (Significant Institutions, SI), the ECB remains responsible.

What Does This Mean for You Specifically?

If You Are a Manager…

You must prepare for a more intensive review of your qualifications. This affects not only your education and work experience but also your IT knowledge and time availability. BaFin expects you to regularly continue your education and stay up to date – especially regarding digitization and new technologies.

If You Are a Supervisory Board Member…

As a member of the supervisory board, you must now prove more IT competence. The days when a supervisory board only looked at classic banking topics are over. You should be familiar with topics like cloud computing, artificial intelligence, or cybersecurity.

If You Work in HR or Compliance…

For you, the new Circular means more effort in documentation and candidate selection. You should adapt your processes and checklists to accurately reflect the new requirements. This particularly concerns evidence of IT competence and time availability.

How Can You Best Prepare?

1. Do a Self-Check

Ask yourself honestly: Am I fit for the new requirements? Where do I need to catch up – for example, in IT topics? Are there further training courses I should attend?

2. Update Documentation

Collect all evidence of your qualifications, work experience, and IT competence. Record how much time you spend on your mandate and how you organize yourself.

3. Adjust Processes in the Company

If you are responsible for selecting executives, you should revise your processes and checklists. Incorporate the new requirements early to avoid unpleasant surprises at the next audit.

4. Use Training Opportunities

Take advantage of the wide range of training and certifications in the area of IT, digitization, and supervisory law. This not only shows BaFin that you are keeping up but also helps you in everyday life.

5. Seek Peer Exchange

Talk to colleagues who face similar challenges. Maybe your company or association already has working groups or internal training on the new Fit-and-Proper rules.

What Happens If You Do Not Meet the Requirements?

In such cases, BaFin can prohibit or even revoke the appointment as a manager or supervisory board member. In addition, there are hefty fines – especially regarding time availability. In the worst case, this could mean the end of your career as an executive.

Looking to the Future: What’s Next?

The new Circular is not the end of the development. With the implementation of the CRD VI Directive at the national level, further adjustments are expected – especially in paragraphs 25c and 25d KWG. Therefore, it is worth continuing to follow the topic attentively and regularly obtaining updates.

Conclusion: The New Fit-and-Proper Rules as an Opportunity

Even if the new rules initially appear to be more bureaucracy: They are an opportunity for you and your company. Those who meet the requirements not only show BaFin but also customers and investors that professionalism and future viability are a priority. Take the opportunity to get yourself and your team fit for the future!

In summary:

• BaFin is modernizing and tightening the Fit-and-Proper rules.
• IT competence and time availability are in focus.
• There is more transparency and documentation requirements.
• Preparation and further education are more important than ever.

S+P Tip: Address the new requirements early, take advantage of training opportunities, and keep your documents up to date. This way, you are well prepared for the next Fit-and-Proper examination!

Further Links:

• BaFin: Consultation on the new Fit-and-Proper Circular (May 2025)
• EBA/ESMA Guidelines on Fit and Proper

Stay tuned – the future of the financial industry needs skilled and proper executives like you!

📄 Whitepaper Tip: Fit-&-Proper Self-Check for Boards and Managing Directors

Do you want to know whether you already meet the new Fit-&-Proper requirements – or whether there is a need for action?

👉 Then request our whitepaper with self-check for boards and managing directors for free.
It contains:

• a practical checklist for self-assessment

• Guidelines on documentation requirements towards BaFin

• as well as practical tips for proof in the board team

📬 Request now