FINMA vs. BaFin Fit and Proper: The 2026 DACH Comparison
For banks with business operations in Germany and Switzerland, the fit-and-proper regime is twofold: once BaFin, once FINMA. The procedures differ in important details. If you want to document both consistently, you need to understand both. This guide shows the side-by-side comparison and how to build a unified review architecture.
The common foundation: "Fit" and "Proper"
Both regimes follow the European fit-and-proper principle with two pillars:
Fit (professional suitability): qualifications, experience, competence for the specific role
Proper (personal reliability): no criminal convictions, no insolvency, no sanctions/PEP hits, no conflicts of interest
The differences lie in the legal basis, review procedure, scope, documentation format, and legal remedies.
Side-by-Side Comparison
Criterion | BaFin (DE) | FINMA (CH) |
|---|---|---|
Legal basis | Section 25c KWG, Section 24 VAG, ZAG | Art. 3 BankG, Art. 11 FinIG, Art. 14 VAG |
Review scope (persons) | Managing directors, supervisory board, and from 2026 also CCO/CRO/CFO (CRD VI) | Board of directors, board of trustees, executive management — "fit-and-proper persons" |
Review timing | Upon appointment; ongoing monitoring under Section 25h KWG | At authorisation, upon change, annually as part of the FINMA supervisor process |
Documentation standard | BaFin guidance for managing directors, standard questionnaire | FINMA guidance on fit-and-proper persons, informal self-declaration plus supporting documents |
Consequence of deficiencies | Rejection, removal, fine up to €10 million / 5% of annual revenue | Withdrawal of authorisation, orders, personal ban on activities |
Legal remedies | Objection, lawsuit before the administrative court | FINMA objection, appeal to the Federal Administrative Court |
Language | German | German, French, Italian (depending on the institution) |
Ongoing monitoring | Yes (sanctions, PEP weekly) | Risk-based, depending on FINMA category |
The key differences in detail
1. Depth of review: BaFin is more formalized
BaFin works with a detailed standard questionnaire (28 pages) that asks about every position, qualification, and relevant activity. FINMA, by contrast, expects less formal documentation for fit-and-proper persons — more room for interpretation, but also less clarity about what is "sufficient".
2. Monitoring frequency
Since 2026, BaFin has required ongoing sanctions, PEP, and adverse-media monitoring under Section 25h KWG — at least weekly, ideally daily. FINMA is risk-based: for banks in categories 1-2 (systemically important), similarly close monitoring; for category 5 (the smallest institutions), quarterly is sufficient.
3. Personal liability
BaFin can remove managing directors individually (Section 36 KWG). FINMA can impose personal bans on activities — even on people who are formally no longer working at the institution (Art. 33 FINMAG). Both can have career-ending consequences.
4. Language requirement
BaFin accepts documentation only in German. Depending on the institution's location, FINMA accepts German, French, or Italian — for banks in Zurich, practically German; for Geneva, French; for Lugano, Italian. English is not permitted.
What applies in Austria?
In Austria, the FMA applies fit and proper under Section 5 BWG and is strongly aligned with BaFin standards plus EBA guidelines. One special feature: every change triggers a new review — including transfers within the same institution.
EU-wide harmonisation: EBA-ESMA and CRD VI
The EBA-ESMA Joint Guidelines on Suitability 2024 harmonise the requirements across the EU. CRD VI (from 2026) expands the scope to Chief Financial Officer, Chief Risk Officer, Chief Compliance Officer, and heads of control functions. FINMA has announced that it will refer to EBA-ESMA standards — but, as a non-EU regulator, will not formally adopt them. For Swiss banks, this means adapting governance structures independently.
Practical implementation for multinational institutions
For banks with German/Swiss subsidiaries, three steps are recommended:
Consolidate the role matrix: document all key roles with jurisdiction, regulator, and review requirements
Harmonise the process: a review workflow architecture that documents BaFin and FINMA requirements in parallel (saves up to 40% effort)
Monitoring system: central sanctions/PEP screening that meets BaFin weekly monitoring and derives FINMA documentation in a risk-based way
How Indicium maps both regimes
Parallel documentation in BaFin standard questionnaire and FINMA fit-and-proper format
Ongoing monitoring under Section 25h KWG (weekly) with a FINMA-compatible audit trail
Automatic language selection depending on the institution (DE/FR/IT for CH, DE for AT and DE)
EU servers only — GDPR-compliant, revFADP-compliant in parallel
Conclusion
BaFin and FINMA share the same foundation, but differ in formalism, monitoring frequency, and the severity of consequences. If you operate in both countries, you should build an integrated review architecture — otherwise you end up documenting every role three times: once internally, once for BaFin, once for FINMA.
Book a demo and see the integrated BaFin-FINMA workflow. Further reading: BaFin Fit and Proper 2026 and Fit and Proper KWG Section 25c.
Read more — related articles
Nabil El Berr
