Secure e-mail communication with BaFin
BaFin offers supervised institutions and undertakings a secure means of transmitting confi-dential information by e-mail.
On this page:
SecureMail – Options
For transmitting e-mails securely, the following options are available:
- Encrypted e-mail communication using PGP or S/MIME
To use PGP or S/MIME, you need a PGP key or an S/MIME certificate issued for your e-mail address as well as a corresponding e-mail program.
- SSL-protected access to a webmail portal
If you do not have the possibility of using PGP or S/MIME, communication can take place via our webmail portal. Once you have logged on to this portal, you can use it to send e-mails to your contacts at BaFin and to receive e-mails from them.
- Contact form
If you want to send a message to BaFin only once, please use BaFin's contact form. Your message will be transmitted securely.
SecureMail – How it works
Regardless of whether you wish to use S/MIME, PGP or the webmail portal, you first have to register with us once. In the first case, this is done by storing your e-mail address with your key or certificate on our system, and in the latter case an account for use of the webmail portal is set up.
To initiate the registration process, please get in touch with your contact at BaFin. An employee will then address to you a secure e-mail. If you are not already registered, this e-mail will be retained by our system and you will receive an automatically generated registration e-mail providing you with further information on the registration process.
Note: When you receive the registration e-mail, you may be displayed a warning message. That is because this e-mail was signed by a certificate of BaFin that is not known to your e-mail program. To prevent this notice from being displayed in future, you can classify the certificate as trustworthy.
The registration e-mail will describe two options:
- If you have an S/MIME certificate or a PGP key, please send this to us as a reply (in the case of S/MIME you can do this in the form of a signed e-mail; for PGP please send the key as a file attachment). Your key or your certificate is then saved automatically by our system and linked to your e-mail address. Any e-mails from BaFin to be secured are then forwarded to you in secured form.
- If you wish to use the webmail portal, you first need a password. You can request this from your contact.
After that you can register on the portal and then send e-mails to BaFin and receive e-mails using your account. You are automatically informed by e-mail of any new e-mails in your account.
|My webmail logon doesn’t work anymore.||Please get in touch with your contact.|
|I have forgotten/lost my password.|
|My webmail portal account has expired.|
|I have encountered technical problems.|
|Key/certificate of my contact person has expired.||You can request the S/MIME certificate or PGP key using this form.|
|I have not been assigned a BaFin contact yet.||Please contact BaFin using the BaFin contact form.|
|Is my certificate/key recorded immediately when I reply to the registration e-mail?||In our system, some trust positions to well-known certification authorities have been set up. As a result, most certificates are trusted immediately. In the case of certificates/keys that are self-signed or issued by an unknown certification authority, a manual verification may be necessary. In this verification, the fingerprint of the certificate/key that is sent to us is compared with the fingerprint of your certificate to verify that our system has received the right one. For this fingerprint comparison, you will be contacted by an administrator.|
BaFin PGP Root certificate
PGP (Web of Trust)
Valid from 10.06.2015 – does not expire
82 5B B1 04 D6 7A D0 2F DD A8 6B 11 43 C9 7F 05 62 BD 86 25
BaFin Secure Mail Root CA
S/MIME Root CA
Valid from 21.09.2009 until 05.01.2029
ESCB PKI – Root CA
Please download and store also the ESCB PKI Root CA: