Germany’s Federal Financial Supervisory Authority, BaFin, has published new guidance that places artificial intelligence firmly inside the operational resilience agenda for banks and insurers, rather than treating it as a separate innovation topic.
BaFin, which supervises financial institutions in Europe’s largest banking market from its bases in Bonn and Frankfurt, stressed the document served as non-mandatory advice to help firms apply the EU’s Digital Operational Resilience Act (DORA) when using AI systems across their technology estates.
The regulator warned that AI was already being deployed along the entire financial services value chain, but said the implementation and operation of these systems could entail significant risks, particularly those linked to information and communication technology.
In BaFin’s view, AI systems belonged in the same ICT risk management framework as any other critical technology asset.
The authority said the security and resilience of an AI system had to be guaranteed throughout its full lifecycle, from data acquisition and model development through to ongoing operation and eventual retirement.
Wider reach
That framing resonated beyond Germany. Marina Marusenko, a risk manager at ING, wrote that while BaFin was not her home regulator, the guidance deserved close attention because supervisory thinking tended to travel across borders faster than most institutions prepared for it.
“BaFin treated AI as an ICT risk issue, not an innovation topic,” she wrote on LinkedIn this week, adding that this distinction mattered because it meant the same identification, protection, detection, and recovery requirements applied, with no separate track and no special exemption.
Board accountability moved to the forefront. One of the clearest signals in the guidance concerned governance. BaFin placed responsibility at the top of the organisation, saying management bodies held ultimate accountability for ICT risk and had to maintain sufficient knowledge and skills to understand and assess these risks.
Marusenko said the guidance made board-level accountability explicit. She argued it went beyond signing off on a strategy document and implied ongoing engagement, sufficient expertise, and a willingness to ask uncomfortable questions about technically complex systems.
For QA leaders, the message was that AI oversight could not remain confined to data science teams. It had to become part of enterprise-wide operational resilience control.
Testing shifted from go-live approval to continuous assurance as BaFin devoted significant attention to development and testing, stressing that standard software engineering disciplines such as unit testing, integration testing, and source code reviews remained essential in validating AI systems.
The regulator said testing had to be commensurate with the criticality of the business functions supported, and it highlighted that generative AI posed particular challenges, including the risk of unannounced model changes when firms relied on third-party systems.
Marusenko said lifecycle management ran through the entire document, with development, deployment, monitoring, change management, and decommissioning all addressed.
“A one-time approval at go-live was not sufficient,” she wrote, arguing that AI systems required continuous oversight around model drift, data quality, and version control.
Adversarial resilience testing
BaFin also pushed testing beyond functional validation into cyber resilience. The authority pointed to the need for adversarial testing approaches, including the simulation of attacks such as data poisoning and evasion, as well as penetration testing designed to surface AI-specific vulnerabilities.
It warned that backdoors could be introduced into models during training, and that insecure deployment practices could enable attackers to steal or manipulate systems, leading to wrong decisions being taken by financial entities.
For QA and security teams, this represented a shift toward treating AI models as attack surfaces requiring structured resilience validation.
BaFin repeatedly returned to ICT third-party risk, noting that many AI systems depended on cloud services and a small number of providers. The guidance highlighted the need to assess vendor lock-in, ensure portability of models and training data, negotiate meaningful audit rights, and maintain credible exit strategies.
Marusenko said institutions running large language models through external APIs should give this section a second read, as concentration risk and subcontracting chains could undermine resilience if not governed properly.
Shadow AI emerging as a growing concern
One of the more operational warnings focused on what Marusenko described as “shadow AI.” BaFin noted that applications integrating external AI models via APIs could transform software originally planned as non-AI into AI systems, often without clear visibility.
Marusenko wrote that identifying where AI actually sat in the technology landscape was a prerequisite for managing it.
Although BaFin emphasised that the guidance was non-binding, both the regulator and industry observers framed it as an emerging supervisory blueprint for how DORA applied to AI.
For banks and insurers, the direction of travel appeared clear: AI systems would be governed, tested, and monitored as part of core ICT risk management, with QA teams expected to deliver continuous assurance across the full model lifecycle, from adversarial attack simulation through to operational resilience and exit planning.
As Marusenko concluded, it was worth reading carefully, “even if your regulator sat in a different country.”
QA FINANCIAL EVENTS
Why not become a QA Financial subscriber?
It’s entirely FREE
* Receive our weekly newsletter every Wednesday * Get priority invitations to our Forum events *
REGULATION & COMPLIANCE
Looking for more news on regulations and compliance requirements driving developments in software quality engineering at financial firms? Visit our dedicated Regulation & Compliance page here.
READ MORE
- Why real-time monitoring and scenario testing are becoming core QA disciplines
- BankDhofar takes an automated approach to strengthen QA
- Banks warned AI still fails on real-world software testing tasks
- SEC’s AI emphasis drives new QA and testing imperatives for US banks
- Inside the chaos: The new reliability discipline reshaping banking QA
WATCH NOW
QA FINANCIAL PODCASTS
