Check against delivery.

Mr von Sandersleben,
Dr Tamm,
Ladies and Gentlemen,

Many speakers start their presentations by expressing their thanks for the invitation, in order to emphasise at the same time how pleased they are to visit the respective city. When I do the same today, it is not just a trite truism; it is actually an honest truth. Leipzig engagements are special for me for two reasons. My father was a member of the St. Thomas Choir of Leipzig. He never spoke much of his time at the boarding school attached to it, but his mother, my grandmother, told me that as a Königsberg boy who was only just ten, he ran away from the school twice due to homesickness, before the brilliant Ms Ramin comforted him and took him under her wing. I know for a fact that the segment of his life that my father spent in Leipzig had a lasting effect on him. But please be assured that I will not be taking to my heels this evening.

Secondly, I have the trade fair city to thank for a very formative experience of my own. A few days after the fall of the wall I travelled from West Berlin, where I lived at the time, to Leipzig with some friends in an old, rickety Ford in order to take part in a Monday demonstration.

It was breathtaking the way that people proceeded through the city in their thousands with cries ringing out for freedom, democracy and, increasingly, unity. I started to imagine how much more of an effect these demonstrations must have had on those who lived in Leipzig, who had been demonstrating there just a couple of weeks previously when the Socialist Unity Party of Germany and the State Security Service still seemed to be all-powerful. The security services were capable of putting an end to dreams of freedom and unity at any time. On 9 October 1989, around 70,000 demonstrators stood holding candles opposite a well-equipped police force. They had to face being bludgeoned or driven apart. And unlike us imported demonstrators, the citizens of Leipzig didn't have a passport for West Germany in their pockets that, if in doubt, they could use to travel back towards West Berlin.

It was not without good reason that at that time all of Europe was watching Leipzig and the momentous changes that began here. The oft-cited winds of change altered the face of the whole continent. It is in the nature of things, though, that the magic inherent in every beginning wears off at some point. And so it is that democracy and European unity are perceived less and less to be a great promise, not only in this city. There was a reason why the President of the Federal Republic of Germany, Joachim Gauck, in October 2014 on the 25th anniversary of the Peaceful Revolution warned against taking democratic achievements for granted. To be successful in the long term, he declared, democracy needed the ongoing commitment of its citizens. Which is something that is always easier said than done once what Brecht called "die Mühen der Ebene", the "troubles of the plains", start.¹

I will admit, in particular when I think of the occasionally very long-drawn-out coordination and decision-making processes in European financial regulation, the troubles of the plains are sometimes tangible.
Europe in everyday life can be complicated. This is precisely when I have to call to mind those formative memories from autumn 1989. It is for this Europe and this democracy, with its painstaking but participatory and balanced decision-making processes, that the people in the GDR went out into the streets.

But who would know better than you here in Leipzig that it is distinctly more desirable to make decisions about your life yourself rather than having them made by others. And so we would be wise to support our democratic system and work on viable and sustainable solutions in a unified Europe. That applies to my own field, too: financial supervision and regulation. We, too, need European, if not global, solutions, as the national sphere of action has long been too small for the globalised financial markets.

Ladies and Gentlemen,

From my experiences in Leipzig in November 1989, I also learnt that certainties that seem set in stone today can be proved wrong tomorrow. And that applies to financial markets too, of course. We only have to think of the 2007/2008 financial crisis. Overnight, many underwent a Damascene conversion from laissez-faire attitudes to regulation.
In the years leading up to the crisis, the efficient market hypothesis had come into fashion. In brief, this meant that there was a widely held belief among many economists and politicians, and even regulators, that the market could do everything, or at least a great deal, all by itself, and we just had to trust it and leave it in peace. As a theoretical construct, that might all work absolutely marvellously. But those among you who are also of the perhaps justified opinion that the market will sort itself out, at least in the long term, might remember what John Maynard Keynes said: "Markets can remain irrational longer than you can remain solvent." Nevertheless, the guiding idea of the efficiency of the markets hung over many reforms, which all only had the goal of reducing the legislative burden on the financial industry.

Of course, there were those solitary voices that had been warning of excessive faith in the markets in the decades before the crisis. But barely anybody was willing to listen to them. In the words of the former head of the Socialist Unity Party, Erich Honecker, “always forward, never backward!”
This expression, which is known all too well in Eastern Germany, is also a good description for the attitude at that time of some fans of the laissez-faire approach. They no longer considered regulation, or rather proper regulation, to be suited to the times. If regulation and supervision had to exist at all, then at most the "light touch" kind. It was only under the strain and pressure of the global crisis that the course for financial market regulation could be reset, consistently and quickly: legislators and regulators immediately started to initiate, and subsequently implement, fundamental reforms with more stringent targets at a global level, and at a European and a national level too.

As necessary as these changes were given the significance of the crisis, they are still responses to deficiencies. Vast deficiencies. It is, of course, better to stop such a mess from being created in the first place. This is only possible if regulators and legislators keep scrutinising their own actions and seek regular dialogue with a diverse range of partners from academia, the economy and the legislature. That might be a way to prevent regulation being intertwined with ideological trends and the Zeitgeist of the time more than is good for it. One thing that we need to avoid at all costs is a regulatory "pork cycle" of crisis – regulation – deregulation and another crisis. Instead, what both the industry and the general public should be interested in is regulatory stability and reliability.

Financial markets therefore need strong institutions that keep watch to ensure that laws and guidelines are adhered to and that impose sanctions when rules are broken in cases of malpractice. This is where we come in, among others: the Federal Financial Supervisory Authority, BaFin for short, and today I am tasked with informing you about BaFin's work. I intend to concentrate primarily on banking supervision.

Ladies and Gentlemen,

At this point, let me provide a brief definition of what supervision and regulation really mean: supervision consists of applying and implementing the law in force; regulation consists of developing and setting new legal norms, which is actually the job of the legislature.
At BaFin, we primarily carry out supervision. But, of course, we also cooperate a great deal on regulatory planning too – at a national, European and global level. We are subject to the legal and technical supervision of the Federal Ministry of Finance, and therefore, as part of the executive branch, the scrutiny of parliament, i.e. the German Bundestag.

Politics also played an important role when BaFin first saw the light of day in 2002. Because banks, financial services providers and insurers were at that time increasingly competing for the same customers with similar products, and powerful financial conglomerates were forming, the separation of the supervisory areas over several authorities, which came about as a result of historical circumstances, was no longer suited to the times. And so the legislature decided to combine the Federal Banking Supervisory Office (Bundesaufsichtsamt für das Kreditwesen – BAKred), the Federal Insurance Supervisory Office (Bundesaufsichtsamt für das Versicherungswesen – BAV) and the Federal Securities Supervisory Office (Bundesaufsichtsamt für den Wertpapierhandel – BAWe), whose roots in part went back more than 100 years, to form a single, cross-sectoral financial supervisor. Some say that two's company while three's a crowd, but that wasn't the case when BaFin was formed. At the start of next year, there will be a new addition to our authority.
The national resolution authority, which until now has been based in the Federal Agency for Financial Market Stabilisation (FMSA), will be incorporated into BaFin. There will then be a total of around 2800 employees working at BaFin.

However, the merging process at our authority has not always been smooth. In particular, its inception ended up being quite a whirlwind. In the controversy surrounding the Immigration Act of the German government at the time, the Ministers-President for the CDU/CSU-governed states surprised everybody by deciding to leave the key Bundesrat session in March 2002 early in protest. The bill regarding the integrated financial supervisory authority then surprisingly passed through the shrunken Bundesrat without any problems, without needing a lap through the Mediation Committee as everybody had been expecting. And so BaFin officially started work on 4 May 2002 under the leadership of the BaFin President of the time, Jochen Sanio. As you can imagine, this was quite an organisational and logistical feat. But in a city like Leipzig, where a whole political system was turned upside down, "nothing is impossible!" is perhaps a well-established guiding principle.

Incidentally, BaFin does not just combine various supervisory areas; we also carry out both solvency-based supervision, which is primarily guided by quantitative provisions, and conduct supervision. Among other things, conduct supervision focuses on implementing standards to preserve institutional and private investors' confidence in the financial markets. To this end, we are fighting insider dealing and market manipulation, for example. In 2015, the legislature introduced the German Retail Investor Protection Act, in which collective consumer protection is anchored in law as an additional supervisory goal for all of BaFin's directorates. BaFin is now able to prevent or rectify deficiencies relevant for consumer protection if it becomes apparent that a general clarification is necessary in the interests of consumer protection.

Collective consumer protection means that we will take supervisory action if one or more of the financial undertakings that we supervise acts contrary to the interests of a large number of consumers in a manner which is unlawful.
But it is not our job as supervisors to help individual consumers enforce their rights. This still falls to the courts, consumer centres and ombudspersons.

Of course, solvency supervision and conduct supervision can conflict, which means it is sensible to structure these two perspectives such that they are self-contained within an integrated authority. But when it comes to making balanced decisions, this can be done best under the roof of an integrated authority. Conflicts between solvency supervision and conduct supervision don't just disappear when they are handed over to separate authorities.

Just as was the case 15 years ago, there are still many convincing arguments in favour of our integrated supervisory model. Despite their many differences, banks, insurers and capital market companies have many things in common and, what's more, the sectors are closely intertwined.

Our cross-sectoral viewpoint helps us to observe things from various perspectives, for instance the consequences of the low interest rate policy or the challenges that the United Kingdom's upcoming departure from the European Union is currently facing us with. Brexit in particular has highlighted to us again quite precisely the advantages of an integrated supervisory authority. Whether it's questions about banking or insurance business or questions about broker-dealers, which is a topic that relates heavily to securities supervision, BaFin is in a position to be a one stop shop.

Germany also has the particularity that banking supervision is divided up between BaFin and the Deutsche Bundesbank, with BaFin having authority in supervisory matters.

The Bundesbank, which has a decentralised organisational structure that has developed over the years, gathers information about the risk situation of the banks as part of its ongoing monitoring, and BaFin uses this information to decide what measures it will take. This cooperation works very well and has proven its worth over a number of years. Today, large groups of institutions that conduct business internationally are supervised by the European Central Bank (ECB), and BaFin and the Bundesbank contribute to this process. I will go into this in more detail shortly when I start talking about the increasing Europeanisation of supervision more specifically. The 2007/2008 financial crisis was a significant catalyst for this, too.

Ladies and Gentlemen,

The crisis presented BaFin, just five years after its inception, with what was perhaps the ultimate test. As I described at the start, this truly challenging event revealed glaring gaps in the international regulatory system, and these had to be resolved.

New, far-reaching requirements had to be developed that were suitable for the majority at an international level, during a time of high tension. The heads of state and government of the G20 set out the key goal for post-crisis regulation approximately nine years ago: all financial markets, all products and all market participants should be regulated – but, and this is the key point, proportionately! In countless, mostly international committees, many BaFin colleagues have since been contributing to the formulation of new, more consistent requirements for international financial regulation that will hopefully be sustainable in the long-term.

The further development of capital regulations for the global banking sector was undoubtedly one of the most important packages of reforms. In 2004, even before the crisis, the key global rule-setter for the banking industry, the Basel Committee on Banking Supervision, decided on the set of reformed rules known as Basel II, followed by Basel III at the end of 2010, which is still being wrestled towards final completion. The latter introduced higher capital and liquidity requirements as well as more robust qualitative requirements for capital instruments. The implementation of Basel III was and remains a feat of strength.
In Europe, it was initially achieved through a comprehensive overhaul of the supervisory framework, consisting of the Capital Requirements Regulation (CRR) and the new Capital Requirements Directive (CRD IV) – a massive package of regulation which meant a fundamental change in EU banking supervisory law. This package is currently being revised; it contains the requirements called the "finalisation of Basel III".

It wasn't just substantive law that became more Europeanised following the crisis; the supervisory architecture was also given a much more European foundation. Precursors to this were drawn up back in 2001 when the Committee of European Securities Regulators (CESR) was brought into being. This was followed three years later by the Committee of European Banking Supervisors (CEBS) and the Committee of European Insurance and Occupational Pensions Supervisors (CEIOPS).
Although the committees were a significant step forward, they barely went beyond the status of being regular meetings of knowledgeable women and men in which the focus was on exchanging experiences. The sovereignty of national authorities remained untouched.

The financial crisis was eventually the key catalyst for the European System of Financial Supervision in its current form to be launched at the start of 2011. It consists of the European Banking Authority, the EBA; its equivalent for insurance and pension funds supervision, EIOPA; and the European Securities and Markets Authority, ESMA. It is complemented by the European Systemic Risk Board (ESRB), which is able to make recommendations for action on macro-prudential issues in the European Union. The legal basis for this was three EU regulations from 2010. In comparison with their predecessor organisations, the three European Supervisory Authorities have much further reaching powers, even though, despite their names, they are more regulatory harmonisers than supervisory authorities. For example, they are able to develop binding regulatory and implementing technical standards and issue guidelines and recommendations themselves.

Finally, in November 2014 the Single Supervisory Mechanism (SSM) was launched under the umbrella of the European Central Bank (ECB) as the first pillar of the banking union. This was the first time that a real operational supervisory mandate for the 126 largest European groups of institutions had been raised from national to European level. This represents a significant difference. While European financial regulation is different in terms of content, but not structure, from other legislative, i.e. political, fields, the Europeanisation of direct administrative practice – including far-reaching powers of intervention – was something completely new.

As a result, the SSM – with its 19 sovereign states – demands much more from all those involved than the more or less rehearsed balancing of political compromises found in European bodies otherwise. We experience this every two weeks live in the European banking supervision Supervisory Board of the ECB. Both the workload created and the degree of detail to be managed as well as the occasional inevitable politicisation of individual supervisory decisions are fundamental and permanent challenges in our work.
To be clear: what has been built up here in a very short space of time and what has been achieved since then is a remarkable accomplishment on the part of the ECB and all other institutions and individuals involved. Nevertheless, the integration of very different supervisory cultures, languages and banking systems remains a huge task, and one that may never be fully finished.

Ladies and Gentlemen,

I cannot stress enough the significance of the increasing Europeanisation of European banking supervision and regulation. As necessary as this process might be in principle, it does give rise to some friction, which I am sure does not come as a surprise to you. And that isn't only in the financial institutions concerned, which, of course, do not take long to complain about feeling over-regulated or about bureaucracy perceived as excessive, but also from the point of view of figures in national politics, in fact. Concepts that in Charlemagne Prize speeches are called "an ever closer union" and "European harmonisation" simply mean loss of sovereignty in everyday life at national level.

This becomes particularly relevant when individual European regulations and the national implementation thereof lead to wider discussions among the general population, as we saw recently in the case of the Mortgage Credit Directive, for example.

I hope you will forgive me for wishing to highlight, in light of the numerous recurring and occasionally thoroughly difficult processes of balancing interests of European harmonisation on the one side and national particularities on the other, the continuing need for a strong and competent national financial supervisor. From my perspective, mediating on the delicate point of intersection between national and European interests is still a major task. Conversely, it is crystal clear that financial regulation in today's internationally connected community would no longer function without a strong European quality. Anybody who thinks that it is still possible to act purely as a nation state might like to take another look at the world as it stands. For instance, at the moment we financial regulators are occupied by the advancement of digitalisation.
Money is now transferred around the globe in seconds with just a couple of clicks of a mouse, and transactions are being processed worldwide via digital platforms. Changes and technical advancement do form part of a market economy, which is why I welcome new technology-driven companies with novel business models entering the market. At the same time, however, we have to keep in mind the inevitable risks for the financial markets.

The phenomenon known generically as "cyber risk" is also an essentially new threat to financial companies that can be caused by either internal or external attacks. Such attacks do not only jeopardise the confidentiality, integrity and availability of data and IT systems; they can also put at risk the reputation of entire companies and even financial stability itself. The attackers often act in professionally structured criminal networks – and certainly don't stop at national borders.

A high-profile example of this was the successful cyberattack on the central bank of Bangladesh last year, which ultimately caused 81 million dollars in damages, and it was only thanks to a typing error that the attacker made in the transfer and didn't pick up on that the damages caused didn't run into the billions.

One thing that exacerbates the problem is that many credit institutions have outsourced certain services in recent years and now only have limited control over their own IT security. Such a tough nut likewise has to be cracked at an international level. And I am glad that there is a general awareness of the problem at this level. Just over a year ago in Washington, the finance ministers and central bank governors of the G7 explicitly addressed virtual threats to the capital markets. Moreover, cyber risks are a topic under consideration in the global Financial Stability Board (FSB). They are also on the agenda in the SSM. As the German supervisory authority, we have to meet the challenges we face in our own country too, however. We are working intimately with Germany's National Cyber Defence Centre, among others, and in this respect are cooperating very closely with our neighbours at the Federal Office for Information Security (BSI) in Bonn.

And in this context, we ourselves decided to draw up a separate circular, the Banking Supervisory Requirements for IT (BAIT), to flesh out the IT requirements, which are not represented in adequate detail in the Minimum Requirements for Risk Management (MaRisk), which have been used until now. The Banking Supervisory Requirements for IT are primarily intended to increase institutions' awareness of IT risks – including with regard to external IT service providers. In the foreseeable future, there will also be a comparable circular, "Insurance Supervisory Requirements for IT" (VAIT), for insurance supervision. After all, insurance companies also have sensitive data that hackers might regard as being lucrative spoils.

Whatever we do with regard to cyber risks, the fact is: IT security will never be definitive; technology moves far too quickly for that. And where criminal intent and digital knowledge come together, danger is rapidly at hand.

Something that we consider today to be completely safe can be an advantageous weak point for cyber villains by tomorrow. Simply being aware of that is a contribution to data security in itself.

Ladies and Gentlemen,

I hope that my brief tour d'horizon has given you some insights into the work of the German financial supervisory authority. 15 years of BaFin in its current form – that might not sound like a very long time, but just think back to 15 years ago. Back then, in 2002, people still used mobile phones for making telephone calls; smartphones didn't exist. And anybody who wanted to build a social network generally went to the nearest pub or joined a sports club. Facebook and Twitter had not yet been created.

Measured in supervisory years, this time period seems even longer. Since BaFin was founded we have overcome a wide variety of different challenges, or at least collaborated on overcoming them, including a true global financial crisis.
A dynamic environment meant that we constantly had to change, both in terms of staffing and in the structure of our organisation. As the financial markets will undoubtedly continue to change in this age of digitalisation and globalisation, our working environment will have to continue to change too. The dynamic nature of the developments I mentioned also demand a certain pace of adjustment. Mikhail Gorbachev is said to have declared "he who comes too late is punished by life"; that applies not only to obstinate members of Central Committees, but also to supervisory authorities.

Meanwhile, the peaceful revolution in the GDR that started right here in Leipzig showed us what people can achieve with drive and the desire for change. The Leipzig residents of autumn 1989 set an example; they did not give up hope in the face of momentous changes, and instead rolled up their sleeves and got stuck in. I would venture to claim that this is something that they have in common with us, financial supervisors.

On that note, thank you for your attention. I look forward to the subsequent discussions!

Footnote: