James Aspinwall — February 2026
You build software. You know distributed systems, fault tolerance, concurrent pipelines. Now someone hands you a spec full of GwG sections, CRR articles, FATF recommendations, and a word called “Verdachtsmeldung.” This article translates all of it.
Everything here comes from the Solaris agent articles. If a term appears in those articles, it is explained here — what it means, why it exists, and what your code needs to do about it.
The Regulators: Who Enforces What
Think of these as the production environment your software runs in. You do not get to choose the rules.
BaFin (Bundesanstalt für Finanzdienstleistungsaufsicht)
Germany’s financial regulator. Supervises banks, insurance companies, and securities firms. Equivalent to the SEC + OCC + FDIC combined into one agency. They issue binding rules (circulars), conduct examinations, impose fines, and can restrict a bank’s operations.
When the articles say “a BaFin examiner could look at this without flinching” — they mean the software must produce audit trails and documentation that satisfy a government inspector who has legal authority to shut down the bank.
BaFin fined Solaris EUR 500,000 in June 2025 for exceeding exposure limits. They appointed a special representative (Sonderbeauftragter) to monitor Solaris on-site since 2022. This is the equivalent of having a government auditor sitting in your office watching your deploys.
EBA (European Banking Authority)
The EU-level banking regulator. Publishes guidelines that all 27 EU member states must follow. Operates through “comply or explain” — when EBA publishes a guideline, BaFin has 2 months to declare whether Germany will comply. If yes, it becomes binding in Germany.
The gap between EBA publication and BaFin transposition is where the Regulatory Tracker agent earns its keep — a new obligation exists but the bank may not have assessed it yet.
FIU (Financial Intelligence Unit)
Germany’s financial crime investigation unit. When a bank suspects money laundering, it files a report (Verdachtsmeldung) with the FIU via a platform called goAML. The FIU decides whether to investigate further or forward to law enforcement.
FATF (Financial Action Task Force)
The global standard-setter for anti-money laundering. 39 member countries. FATF publishes Recommendations (numbered 1-40) that every country is expected to implement. When the articles cite “FATF Recommendation 10” or “FATF structuring typology,” they are referencing these global standards.
FATF also maintains the grey list (countries with strategic deficiencies in AML) and black list (countries under counter-measures). Being on these lists makes customers from those countries automatically higher risk.
AMLA (Anti-Money Laundering Authority)
Brand new EU agency, headquartered in Frankfurt. Will directly supervise the highest-risk cross-border financial entities starting 2028. Think of it as the EU creating its own federal-level AML enforcer on top of national regulators like BaFin.
Bundesbank
Germany’s central bank. Relevant here because banks submit regulatory reports through the Bundesbank’s ExtraNet portal, and the Bundesbank operates the Evidenzzentrale — a credit register where banks report all exposures above EUR 1 million.
The Laws: What the Code Must Enforce
German Law
GwG (Geldwäschegesetz) — Money Laundering Act
The core German AML law. Every section referenced in the articles maps to a specific obligation your software must support:
| Section | What It Requires | What Your Code Does |
|---|---|---|
| §10 | Identify and verify the customer (CDD) | KYC pipeline — collect documents, verify identity |
| §12 | Acceptable identity documents | Validation rules — Personalausweis, Reisepass, residence permit |
| §14 | Simplified due diligence for low-risk | Auto-approve path with lighter checks |
| §15 | Enhanced due diligence for high-risk | EDD queue — senior management approval, source of wealth docs |
| §25h KWG | Automated transaction monitoring | The Compliance Monitor agent — rule engine scanning every transaction |
| §43 | File suspicious activity report “without delay” | SAR drafting pipeline — detect, draft, route to MLRO for approval |
| §44 | 3-day transaction freeze after filing | Freeze logic — hold funds, extendable by FIU for 30 more days |
| §47 | Tipping off is a criminal offense | Never notify the customer that a report was filed. Ever. |
| §8 | Retain KYC data 5-10 years | Data retention policy — min 5 years, max 10, then destroy |
| §56 | Penalties up to EUR 5M or 10% of turnover | Why all of this matters |
KWG (Kreditwesengesetz) — Banking Act
The foundational German banking law. §44 gives BaFin the right to conduct special examinations (Sonderprüfungen) — unannounced audits where examiners review your systems, processes, and documentation.
HGB (Handelsgesetzbuch) — Commercial Code
§257 requires financial records retained for 10 years. This is why the articles specify 7-10 year retention for large exposure records.
BaFin Circulars (Rundschreiben)
These are BaFin’s binding supervisory guidance — detailed rules that interpret the laws above. Think of them as the regulatory equivalent of RFCs.
MaRisk (Circular 10/2021 BA) — Minimum Requirements for Risk Management
The central framework. Every section referenced in the articles:
| Section | What It Governs | Software Impact |
|---|---|---|
| AT 4.3.2 | Escalation procedures for limit breaches | Exposure Monitor thresholds and alert routing |
| AT 4.4.2 | Compliance function must track all regulatory changes | The entire Regulatory Tracker agent |
| AT 6 | Audit trail — “knowledgeable third party” must understand decisions | Every agent must log inputs, outputs, recommendations, and human decisions |
| AT 7.2 | Model validation — independent, annual, champion-challenger | ML models in Compliance Monitor and API Anomaly Detector need validation framework |
“Knowledgeable third party” is the key phrase. It means: if a BaFin examiner who understands banking but has never seen your system sits down with your audit logs, they must be able to reconstruct what happened, what the AI recommended, what the human decided, and why.
BAIT (Circular 10/2017 BA) — IT Governance Requirements
BaFin’s IT-specific rules. Requires centralized security event evaluation, log retention, zero trust architecture, and documented IT emergency management. This is what makes the API Anomaly Detector a regulatory requirement, not just good practice.
MaComp (Circular 05/2018 WA) — Compliance Function Requirements
Minimum requirements for the compliance function itself — staffing, independence, reporting lines. The compliance officer (Compliance-Beauftragter) has personal responsibility.
EU Regulations
CRR (Capital Requirements Regulation — 575/2013)
The EU regulation that governs how much capital a bank must hold and how much exposure it can have to any single counterparty. Articles 387-403 define the large exposure framework — the rules the Exposure Monitor enforces.
The core rule: no exposure to a single client exceeding 25% of Tier 1 capital. This is law, not a guideline. There is no board-level override for ongoing exceedance.
CRR has been amended twice:
- CRR II (2019): Changed the denominator from total own funds to Tier 1 only (made the limit effectively tighter)
- CRR III (2024): Output floor, revised credit risk approach, crypto-asset treatment
CRD (Capital Requirements Directive)
The companion directive to CRR. CRR is directly applicable EU law. CRD must be transposed into national law by each member state.
DORA (Digital Operational Resilience Act — 2022/2554)
In force since January 17, 2025. Governs ICT risk management for all EU financial entities. The key articles for the API Anomaly Detector:
| Article | Requirement | Timeline |
|---|---|---|
| Art. 17 | Detect, manage, and notify ICT incidents | Ongoing |
| Art. 18 | Classify incidents as “major” using quantitative thresholds | Per incident |
| Art. 19 | Initial notification within 4 hours of classification | 4h / 72h / 30 days |
The reporting timeline is strict: 4 hours for initial notification (from classifying as major, within 24 hours of detection), 72 hours for intermediate report, 1 month for final report. The final report contains 101 structured data points.
PSD2 (Payment Services Directive 2)
Opened bank APIs to third parties (Open Banking). Defines Strong Customer Authentication (SCA) — the two-factor auth requirement for payments. As of January 2025, DORA supersedes PSD2 for incident reporting, but SCA requirements remain.
The AML Package (4AMLD / 5AMLD / 6AMLD / AMLR)
The EU’s evolving anti-money laundering framework:
- 4AMLD/5AMLD: Established CDD tiers, PEP definitions, beneficial ownership registers
- 6AMLD: Defined 22 predicate offenses (the crimes that generate dirty money), minimum 4-year imprisonment
- AMLR (Regulation 2024/1624): The new single EU AML rulebook. Directly applicable — no transposition. Prescribes specific KYC refresh intervals. Full effect July 2027.
- Cash payment limit: EUR 10,000 harmonized across the EU
EU AI Act (Regulation 2024/1689)
All five agents are classified as high-risk AI under Annex III. Deadline: August 2, 2026. Requirements:
| Article | In Plain English |
|---|---|
| Art. 9 | Document your risk management process |
| Art. 10 | Your training data must be representative and bias-examined |
| Art. 11 | Write technical documentation before deployment |
| Art. 12 | Log everything automatically, retain for 5+ years |
| Art. 13 | Tell deployers what the system can and cannot do |
| Art. 14 | Humans must be able to understand, interpret, override, and interrupt |
| Art. 15 | Define accuracy metrics, test against adversarial attacks |
Penalties: up to EUR 35 million or 7% of worldwide turnover.
GDPR
Relevant where it intersects with AML. GDPR Article 6(1)(c) — processing for legal obligations — provides the lawful basis for KYC. You do not need consent for AML processing (and should not rely on it — consent can be withdrawn). GDPR Article 17(3)(b) exempts AML data from the right to erasure during the mandatory retention period.
Banking Concepts: What the Business Logic Actually Does
KYC (Know Your Customer)
The process of verifying who a customer is before letting them open an account. It is a pipeline:
- Collect identity documents
- Verify them (OCR, MRZ extraction, liveness check)
- Screen against sanctions lists, PEP databases, adverse media
- Score the risk
- Decide — approve, review, escalate, or decline
The pipeline has three intensity levels:
| Level | Full Name | When Applied | What It Means |
|---|---|---|---|
| SDD | Simplified Due Diligence | Low-risk customers | Lighter checks, less frequent review |
| CDD | Customer Due Diligence | Standard customers | Full identity verification, standard monitoring |
| EDD | Enhanced Due Diligence | High-risk customers (PEPs, high-risk countries) | Senior management approval, source of wealth docs, annual review |
AML (Anti-Money Laundering)
Money laundering has three stages:
- Placement — getting dirty cash into the financial system (cash deposits, currency exchange)
- Layering — moving money through multiple accounts/jurisdictions to obscure the trail
- Integration — the clean-looking money re-enters the legitimate economy
The Compliance Monitor detects patterns associated with these stages.
Structuring (Smurfing)
Splitting a large transaction into smaller ones to stay below reporting thresholds. In Germany, transactions above EUR 10,000 trigger reporting. So someone sends 8 transfers of EUR 9,750 each instead of one transfer of EUR 78,000. The Compliance Monitor’s rule engine detects this by aggregating linked transactions within a time window.
SAR / Verdachtsmeldung (Suspicious Activity Report)
When a bank suspects money laundering, it must file a report. In Germany, this is called a Verdachtsmeldung. It goes to the FIU via the goAML platform. The report includes: who, what transactions, why it looks suspicious, which regulation triggered it.
The MLRO (Money Laundering Reporting Officer, or Geldwäschebeauftragter in German) carries personal criminal liability for the filing decision. This is why the agent drafts the report but a human must approve it.
PEP (Politically Exposed Person)
Government officials and their families: heads of state, ministers, parliamentarians, supreme court members, central bank board members, ambassadors, senior military officers, state-owned enterprise directors.
PEPs are automatically high-risk because their position gives them opportunity for corruption. Their spouses, children, parents, and close associates (RCA — Relatives and Close Associates) get the same treatment.
PEP status does not expire cleanly. The legal minimum is 12 months after leaving office, but FATF says there is no fixed time limit. In practice, banks monitor for 3-5 years.
Sanctions Screening
Checking a person or entity against official lists of sanctioned individuals. The lists:
- EU Consolidated Financial Sanctions List — EU sanctions
- UN Security Council Consolidated List — UN sanctions
- OFAC SDN List — US sanctions (relevant if the bank has USD exposure)
- BaFin/Bundesbank restrictions — Germany-specific
The tricky part: fuzzy matching. Sanctioned individuals use aliases, transliterations, and name variations. The industry uses:
| Algorithm | What It Does | When to Use It |
|---|---|---|
| Jaro-Winkler | String similarity, weighted toward matching prefixes | Individual names |
| Levenshtein | Edit distance — how many character changes to transform one string into another | Company/entity names |
| Soundex/Metaphone | Phonetic matching — sounds-like comparison | Cross-language transliterations |
A Jaro-Winkler score of 0.95+ is a hard match (freeze everything). 0.85-0.94 is a near-match (human reviews). Below 0.75 is auto-cleared.
Beneficial Ownership
For companies: who actually owns or controls the entity? The GwG threshold is 25% — any natural person who owns or controls more than 25% must be identified. You trace through all layers of corporate structure.
Germany maintains a Transparenzregister (transparency register) for this purpose.
Counterparty
Any entity the bank has financial exposure to — a borrower, a bond issuer, a derivatives counterparty, a guarantor. The Exposure Monitor tracks exposure per counterparty.
Connected Clients
CRR Article 4(1)(39): entities linked by control relationships or economic interdependence. If one fails, the others likely face financial difficulty. Their exposures are aggregated for limit purposes.
This is where it gets interesting for AI — two entities that appear unrelated may share a common beneficial owner discovered through corporate registry filings or financial statement analysis.
Exposure and Capital
Tier 1 Capital: The bank’s core capital — the money that absorbs losses. Two components:
- CET1 (Common Equity Tier 1): Share capital + retained earnings. The highest quality.
- AT1 (Additional Tier 1): Contingent convertible bonds (CoCos) and similar instruments.
Tier 2 Capital: Subordinated debt and other supplementary capital. Lower quality than Tier 1.
Own Funds: Tier 1 + Tier 2. CRR II changed the large exposure limit denominator from own funds to Tier 1 only.
The large exposure limit: 25% of Tier 1 capital. If the bank has EUR 10 billion in Tier 1 capital, no single counterparty can have more than EUR 2.5 billion in exposure. This is the number the Exposure Monitor watches.
Exposure types — everything counts:
| Type | What It Is |
|---|---|
| Loans | Money lent to the counterparty |
| Undrawn facilities | Credit lines the counterparty can draw but hasn’t yet (after CCF — Credit Conversion Factor) |
| Bonds | Debt securities the bank holds from that counterparty |
| Derivatives | Mark-to-market value plus potential future exposure (calculated via SA-CCR) |
| Guarantees | Promises to pay if the counterparty defaults |
CRM (Credit Risk Mitigation): Collateral, guarantees from third parties, netting agreements. These reduce the net exposure used for the limit check.
Utilization: Net exposure as a percentage of the limit. The Exposure Monitor uses color-coded thresholds:
| Level | Utilization | Action |
|---|---|---|
| Green | < 70% | Normal monitoring |
| Amber | 70-80% | Monthly review |
| Orange | 80-90% | Weekly review, escalate to Head of Credit Risk |
| Red | 90-100% | Daily monitoring, freeze new approvals without CRO sign-off |
| Breach | > 100% | Immediate BaFin notification, remediation plan |
Passive breach: The limit is exceeded not because the bank lent more money, but because the denominator shrank (quarterly loss reduces capital) or FX rates moved (USD exposure grew when converted to EUR). BaFin treats these more leniently than active breaches but still requires notification and remediation.
COREP (Common Reporting Framework)
The standardized reporting templates banks submit quarterly to regulators. For large exposures:
| Template | What It Reports |
|---|---|
| C 26.00 (LE1) | Tier 1 capital, limit amount |
| C 27.00 (LE2) | Every counterparty with exposure > 10% of Tier 1 |
| C 28.00 (LE3) | Trading book vs non-trading book breakdown |
| C 29.00 (LE4) | Individual entities within connected client groups |
| C 30.00 (LE5) | Maturity bucket breakdown |
Deadline: T+30 working days after quarter-end. Submitted via Bundesbank ExtraNet.
Syndication
Selling a portion of a loan to other banks to reduce the lending bank’s exposure. If the bank has too much exposure to one counterparty, it can syndicate (sell off) part of the loan. This is one of the Exposure Monitor’s recommended remediation actions.
CDS (Credit Default Swap)
Insurance against a counterparty defaulting. The bank pays a premium to a third party; if the counterparty defaults, the third party pays out. Buying CDS protection reduces net exposure for limit purposes.
Security Concepts in the API Anomaly Detector
OWASP API Security Top 10 (2023)
The standard list of API vulnerabilities. The ones that matter here:
| # | Name | What It Means |
|---|---|---|
| API1 | BOLA (Broken Object Level Authorization) | Attacker changes an ID in the URL to access another customer’s data. #1 API vulnerability, ~40% of all API attacks. |
| API4 | Unrestricted Resource Consumption | Brute-force attacks, scraping, automated abuse that exhausts rate limits. |
| API6 | Business Logic Abuse | Exploiting workflows the system technically allows but shouldn’t — e.g., automated loan applications. |
MITRE ATT&CK
A knowledge base of adversary tactics and techniques. When the API Anomaly Detector identifies a credential stuffing attack, it maps it to T1110.004 (Credential Stuffing) in MITRE ATT&CK. This gives security teams a common language.
Credential Stuffing
Attackers take stolen email/password pairs from data breaches and test them against bank login endpoints. Modern campaigns use residential IP botnets (so source IPs look like normal home users), rotate User-Agent strings, and mimic real user behavior. In API logs, you see: spike in 401 responses, distributed source IPs, mismatched User-Agents.
Statistical Anomaly Detection
The API Anomaly Detector uses three methods:
| Method | Formula | Best For |
|---|---|---|
| Z-Score |
(current - mean) / std_deviation — flag beyond ±3 sigma |
Normally distributed metrics (request rates, error counts) |
| IQR (Interquartile Range) | Flag below Q1 - 1.5×IQR or above Q3 + 1.5×IQR | Skewed distributions (latency data) |
| MAD (Median Absolute Deviation) |
median(|Xi - median(X)|) |
Heavy-tailed distributions — robust against outliers |
German Terms You Will Encounter
| German | English | Context |
|---|---|---|
| Verdachtsmeldung | Suspicious Activity Report | Filed with FIU via goAML |
| Geldwäschebeauftragter | Money Laundering Reporting Officer (MLRO) | Personal criminal liability for filing decisions |
| Geldwäschegesetz (GwG) | Money Laundering Act | Core German AML law |
| Kreditwesengesetz (KWG) | Banking Act | Foundation of German banking regulation |
| Rundschreiben | Circular | BaFin’s binding supervisory guidance |
| Konsultation | Consultation paper | Draft circulars published for industry comment |
| Auslegungsentscheidung | Interpretive letter | Binding clarification of ambiguous provisions |
| Sonderprüfung | Special examination | Unannounced BaFin audit under §44 KWG |
| Sonderbeauftragter | Special representative | Government-appointed monitor inside the bank |
| Vier-Augen-Prinzip | Four eyes principle | Two independent reviewers for critical decisions |
| Normenkataster | Regulatory inventory | The master list mapping regulations to controls |
| Transparenzregister | Transparency register | Beneficial ownership database |
| Evidenzzentrale | Credit register | Bundesbank database of all exposures > EUR 1M |
| Personalausweis | National identity card | German ID card, including eID function |
| Reisepass | Passport | German passport |
| Aufenthaltstitel | Residence permit | For non-German residents |
| Verwaltungssprache | Administrative language | The notoriously complex German regulatory prose |
| Geschäftsleitung | Management board | Executive leadership of the bank |
| Compliance-Beauftragter | Compliance officer | Personal responsibility under MaRisk AT 4.4.2 |
| Millionenkreditmeldung | Million-credit notification | Report to Evidenzzentrale for exposures > EUR 1M |
How It All Fits Together
The regulatory stack works like a dependency tree:
FATF Recommendations (global standards)
└── EU Directives & Regulations (CRR, AMLR, DORA, EU AI Act)
└── BaFin Circulars (MaRisk, BAIT, MaComp)
└── Bank's internal policies and controls
└── Your softwareEach layer adds specificity. FATF says “do customer due diligence.” The EU says “here are three tiers of due diligence with specific criteria.” BaFin says “here is exactly how you implement this in Germany, with these documents, these timelines, and these approval chains.” Your software enforces the bottom layer.
The five agents map to five compliance domains:
| Domain | Law/Regulation | Agent | Core Question |
|---|---|---|---|
| Transaction monitoring | GwG §25h KWG, §43 GwG | Compliance Monitor | “Is this transaction suspicious?” |
| Regulatory change | MaRisk AT 4.4.2 | Regulatory Tracker | “Does a new regulation create a gap in our controls?” |
| API/ICT security | DORA Articles 17-19, BAIT | API Anomaly Detector | “Is our infrastructure under attack or degrading?” |
| Exposure limits | CRR Articles 387-403 | Exposure Monitor | “Are we too exposed to any single counterparty?” |
| Customer onboarding | GwG §§10-15 | KYC Orchestrator | “Should we accept this customer, and at what risk level?” |
Every domain follows the same pattern: ingest data → detect patterns → generate narrative → present to human for decision. The orchestrator ties them into a single timeline with a unified audit trail.
The human-in-the-loop requirement is not a design choice — it is law. The MLRO has personal criminal liability for SAR filing decisions. Senior management must personally approve PEP relationships. The CRO must review exposure breach notifications. The EU AI Act requires that humans can understand, interpret, override, and interrupt every AI system.
Your software drafts. The human decides. The audit trail captures both.