The circulars published by the Federal Financial Supervisory Authority (BaFin) are key elements of the regulatory framework that pertains to the security of online payments, the risk management efforts of financial institutions, and the supervisory requirements placed on the IT systems of such institutions and their IT service providers. They fall under the purview of BaFin itself.

"Minimum Requirements for the Security of Internet Payments (MaSI)" (Circular 4/2015 (BA) from 5 May 2015)

"Minimum Requirements for Risk Management (MaRisk)" (Circular 09/2017 (BA) from 27 October 2017)

"Supervisory Requirements for IT in Financial Institutions (BAIT)" (Circular 10/2017 (BA) from 3 November 2017)