# Source index — Finray Intelligence Deduplicated index of every primary regulator, regulation and technical standard cited across Finray Intelligence — 294 sources at 2026-05-03. 168 regulators, 79 regulations, 47 standards. - Source: https://finray.tech/intelligence/sources/ - Editorial principle: primary sources only; one source per URL; cleanest-name preference on dedupe - Publisher: Finray Technologies Ltd, Cyprus Companies Registry HE 445903 - Correspondence and corrections: legal@finray.tech --- ## Regulators (168) Government and supranational supervisory bodies whose published positions, registers or decisions Finray Intelligence cites as primary sources. ### ACPR — Autorité de contrôle prudentiel et de résolution French banking and insurance supervisor; DORA RoI submission via OneGate (DRA for insurance, DRB for banks); 2026 deadline 31 March 2026. - Primary source: https://acpr.banque-france.fr/fr/actualites/remise-des-registres-dinformation - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### ACPR DORA portal ACPR DORA portal is a national competent authority portal for DORA implementation evidence. - Primary source: https://acpr.banque-france.fr/en/european-and-international/dora-regulation-eu-20222554 - Cited on: [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/) ### AFM — Autoriteit Financiële Markten Dutch markets supervisor; DORA RoI submission via the AFM Portal; 2026 deadline 22 March 2026. - Primary source: https://www.afm.nl/en/sector/themas/belangrijke-europese-wet--en-regelgeving/dora/informatieregister - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### AMF — Autorité des marchés financiers French markets supervisor; DORA competent-authority status for in-scope entities under AMF supervision; submission portal not retrieved at cut-off. - Primary source: https://www.amf-france.org/en - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### AMF DOC-2024-08 AMF position incorporating the EBA Travel Rule Guidelines for crypto-asset transfers in France. - Primary source: https://www.amf-france.org/en/regulation/policy/doc-2024-08 - Cited on: [The Travel Rule is not a compliance bolt-on. It is an identity routing problem.](https://finray.tech/intelligence/travel-rule-identity-routing-problem/) ### AMLA Incoming AML authority relevant to future direct-supervision selection. - Primary source: https://www.amla.europa.eu/index_en - Cited on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/) ### AMLA AMLA is the EU anti-money-laundering authority established by Regulation (EU) 2024/1620. - Primary source: https://www.amla.europa.eu/about-amla_en - Cited on: [The Travel Rule is not a compliance bolt-on. It is an identity routing problem.](https://finray.tech/intelligence/travel-rule-identity-routing-problem/) ### Anti-Money Laundering Authority EU central authority for AML/CFT supervision; direct supervisor of selected obliged entities from 1 January 2028. - Primary source: https://www.amla.europa.eu/ - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Anti-Money Laundering Office Croatian FIU; receives, analyses and disseminates suspicious transaction reports. - Primary source: https://mfin.gov.hr/en/anti-money-laundering-office/427 - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### ASF — Autoridade de Supervisão de Seguros e Fundos de Pensões Portuguese insurance and pensions supervisor; DORA competent-authority status; submission portal not retrieved at cut-off. - Primary source: https://www.asf.com.pt/NR/exeres/E80B7EAB-FC42-4CA4-9097-DF7DA4ED5DBE.htm - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### ASF — Autoritatea de Supraveghere Financiară Romanian markets, insurance and pensions supervisor; DORA competent-authority status; submission portal not retrieved at cut-off. - Primary source: https://asfromania.ro/en/ - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### ATVP — Securities Market Agency of Slovenia Slovenian markets supervisor; DORA competent-authority status; submission portal not retrieved at cut-off. - Primary source: https://www.a-tvp.si/eng/ - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### Austrian Financial Intelligence Unit Austrian FIU; receives and analyses suspicious transaction reports and disseminates intelligence to competent authorities. - Primary source: https://bundeskriminalamt.at/202/Geldwaeschemeldestelle/start.aspx - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Austrian Financial Market Authority Austrian financial-market supervisor; supervises AML/CFT compliance by financial institutions. - Primary source: https://www.fma.gv.at/en/cross-sectoral-topics/prevention-of-money-laundering-terrorist-financing/ - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Autorité de contrôle prudentiel et de résolution French prudential supervisor; supervises AML/CFT compliance by banking and insurance firms. - Primary source: https://acpr.banque-france.fr/en/authorisation/supervision-and-controls/anti-money-laundering-and-countering-financing-terrorism - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Autorité de Contrôle Prudentiel et de Résolution French prudential supervisor; co-signs PSAN registration decisions with the AMF and is referenced in joint-decision delisting notices. - Primary source: https://acpr.banque-france.fr/ - Cited on: [MiCA CASP authorisation-withdrawal forensic register](https://finray.tech/intelligence/mica-casp-authorisation-withdrawals/) ### Autorité des Marchés Financiers French Financial Markets Authority; publishes per-entity délibération (decision) PDFs for every PSAN / DASP / CASP delisting and revocation since 2020 — the cleanest historical trail in the EEA. - Primary source: https://www.amf-france.org/ - Cited on: [MiCA CASP authorisation-withdrawal forensic register](https://finray.tech/intelligence/mica-casp-authorisation-withdrawals/) ### AZN — Slovenian Insurance Supervision Agency Slovenian insurance and pensions supervisor; DORA competent-authority status; submission portal not retrieved at cut-off. - Primary source: https://www.a-zn.si/en/ - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### BaFin BaFin is Germany’s federal financial supervisory authority and is included for TFR and MiCA perimeter context. - Primary source: https://www.bafin.de/SharedDocs/Downloads/EN/Jahresbericht/dl_jb_2024_en.pdf?__blob=publicationFile&v=2 - Cited on: [The Travel Rule is not a compliance bolt-on. It is an identity routing problem.](https://finray.tech/intelligence/travel-rule-identity-routing-problem/) ### BaFin — Federal Financial Supervisory Authority German single supervisor; DORA RoI submission via the MVP (Melde- und Veröffentlichungsplattform); 2026 window 9–30 March 2026. - Primary source: https://www.bafin.de/DE/Aufsicht/DORA/Informationsregister_und_Anzeigepflichten/Informationsregister_und_Anzeigepflichten_node.html - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### BaFin DORA implementation portal BaFin DORA implementation portal is a national competent authority portal for DORA implementation evidence. - Primary source: https://www.bafin.de/EN/Aufsicht/Bankenaufsicht/EinheitlicherAufsichtsmechanismus/DORA/dora_node_en.html - Cited on: [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/) ### Banca d'Italia Italian banking supervisor; DORA RoI submission via INFOSTAT; 2026 deadline 15 March 2026. - Primary source: https://www.bancaditalia.it/compiti/vigilanza/avvisi-pub/2026.02.13-regolamento-dora/index.html - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### Banco de España Spanish central bank; supervises AML/CFT compliance by credit institutions and other supervised entities. - Primary source: https://www.bde.es/wbe/en/areas-actuacion/supervision/prevention-money-laundering/ - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Banco de España Spanish banking supervisor; DORA competent-authority status; RoI submission portal page not retrieved at cut-off. - Primary source: https://www.bde.es/wbe/en/supervisores-cooperacion-internacional/transferencia-funciones-supervisoras/digital-operational-resilience-act--dora-.html - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### Banco de Portugal Portuguese central bank; supervises AML/CFT compliance by credit institutions and financial companies. - Primary source: https://www.bportugal.pt/en/page/money-laundering-and-terrorist-financing - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Banco de Portugal Portuguese banking supervisor; DORA competent-authority status; submission portal not retrieved at cut-off. - Primary source: https://www.bportugal.pt/en - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### Bank of Greece Greek central bank; supervises AML/CFT compliance by credit and financial institutions. - Primary source: https://www.bankofgreece.gr/en/main-tasks/supervision/anti-money-laundering-and-combating-the-financing-of-terrorism - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Bank of Greece Greek banking and insurance supervisor for less significant institutions; DORA competent-authority status; submission portal not retrieved at cut-off. - Primary source: https://www.bankofgreece.gr/en/main-tasks/supervision/dora-digital-operational-resilience-act-for-the-financial-sector - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### Bank of Italy Italian central bank; supervises AML/CFT compliance by banks and financial intermediaries. - Primary source: https://www.bancaditalia.it/compiti/vigilanza/antiriciclaggio/ - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Bank of Lithuania Lithuanian central bank and financial supervisor; supervises financial-sector AML/CFT compliance. - Primary source: https://www.lb.lt/en/money-laundering-and-terrorist-financing-prevention - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Bank of Lithuania Lithuanian single supervisor; DORA RoI submission via a Regnology-built reporting system supporting JSON, CSV, xBRL and API integration. - Primary source: https://www.lb.lt/en/digital-operational-resilience-act-dora - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### Bank of Lithuania Lithuanian central bank and financial-services supervisor; publishes English-language press releases for each EMI / PI authorisation revocation. - Primary source: https://www.lb.lt/ - Cited on: [EMI / PI authorisation-withdrawal forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-authorisation-withdrawals/); [EMI / PI licensing-success forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-licensing-success/) ### Bank of Lithuania Lithuanian competent authority with detailed EMI and PI safeguarding guidance and revocation evidence. - Primary source: https://www.lb.lt/en/ - Cited on: [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/) ### Bank of Slovenia Slovenian central bank; supervises AML/CFT compliance by banks and financial institutions. - Primary source: https://www.bsi.si/en/financial-stability/anti-money-laundering-and-terrorist-financing-prevention - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Banka Slovenije Slovenian banking supervisor; DORA competent-authority status; submission portal not retrieved at cut-off. - Primary source: https://www.bsi.si/en/ - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### BNR — Banca Naţională a României Romanian banking supervisor; DORA competent-authority status; submission portal not retrieved at cut-off. - Primary source: https://www.bnr.ro/Home.aspx - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### Bulgarian National Bank Bulgarian central bank; supervises bank AML/CFT obligations and prudential financial-sector controls. - Primary source: https://www.bnb.bg/BankSupervision/BSAntiMoneyLaundering/index.htm?toLang=_EN - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Bulgarian National Bank (BNB) Bulgarian banking and payments supervisor; DORA competent-authority status confirmed; submission portal not retrieved at cut-off. - Primary source: https://www.bnb.bg/RegistersAndServices/RSCIRegisters/BS_CI_REG_BANKSLIST_EN - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### CAA — Commissariat aux Assurances Luxembourg insurance supervisor; DORA RoI submission deadline 1 March 2026 for insurers. - Primary source: https://www.caa.lu/en - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### Cellule de renseignement financier Luxembourg FIU; receives and analyses suspicious transaction reports for prosecution authorities. - Primary source: https://justice.public.lu/fr/organisation-justice/crf.html - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Central Bank of Cyprus Cypriot central bank; supervises AML/CFT obligations of credit institutions and other regulated financial firms. - Primary source: https://www.centralbank.cy/en/licensing-supervision/supervision/compliance/anti-money-laundering - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Central Bank of Cyprus (CBC) Cypriot banking supervisor; DORA competent-authority status; RoI submission portal not retrieved at cut-off. - Primary source: https://www.centralbank.cy/en/financial-stability/operational-resilience - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### Central Bank of Iceland Icelandic central bank and financial supervisor; supervises AML/CFT compliance in the financial sector. - Primary source: https://www.cb.is/financial-supervision/anti-money-laundering/ - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Central Bank of Ireland Irish central bank and financial supervisor; supervises AML/CFT compliance by regulated financial-service providers. - Primary source: https://www.centralbank.ie/regulation/anti-money-laundering-and-countering-the-financing-of-terrorism - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Central Bank of Ireland Irish competent authority for payment and e-money supervisory communications and enforcement. - Primary source: https://www.centralbank.ie/ - Cited on: [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/) ### Central Bank of Ireland (CBI) Irish single supervisor; DORA RoI submission via the Central Bank of Ireland Portal; 2026 window 2–31 March 2026. - Primary source: https://www.centralbank.ie/regulation/digital-operational-resilience-act-dora/reporting-registers-of-information - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### CMVM — Comissão do Mercado de Valores Mobiliários Portuguese markets supervisor; DORA competent-authority status; submission portal not retrieved at cut-off. - Primary source: https://www.cmvm.pt/en - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### CNMV — Comisión Nacional del Mercado de Valores Spanish markets supervisor; supports xBRL-CSV submission and accepts Excel/JSON for the 2026 cycle. - Primary source: https://www.cnmv.es/portal/ciberseguridad?lang=en - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### Commission de Surveillance du Secteur Financier Luxembourg financial-sector supervisor; supervises AML/CFT compliance by financial professionals. - Primary source: https://www.cssf.lu/en/aml-cft/ - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### CONSOB — Commissione Nazionale per le Società e la Borsa Italian markets supervisor; DORA competent-authority status; submission portal not retrieved at cut-off. - Primary source: https://www.consob.it/web/consob-and-its-activities - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### Council of the European Union EU co-legislator publishing Council compromise texts for PSD3 and PSR. - Primary source: https://www.consilium.europa.eu/en/council-eu/ - Cited on: [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/) ### Courts of England and Wales Courts of England and Wales is a public authority or public-source body associated with the regime evidence. - Primary source: https://www.judiciary.uk/judgments/in-the-matter-of-ipagoo-llp-in-administration/ - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/) ### Croatian National Bank Croatian central bank; supervises AML/CFT compliance in the banking and financial sector. - Primary source: https://www.hnb.hr/en/core-functions/supervision/anti-money-laundering-and-terrorist-financing - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Croatian National Bank (HNB) Croatian central bank and supervisor; publishes the register of authorised EMIs and PIs. - Primary source: https://www.hnb.hr/ - Cited on: [EMI / PI licensing-success forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-licensing-success/) ### CSSF — Commission de Surveillance du Secteur Financier Luxembourg banking and markets supervisor; DORA RoI submission via eDesk; 2026 window 11 February to 31 March 2026. - Primary source: https://www.cssf.lu/en/2026/02/dora-submission-timeframe-for-register-of-information-edesk-portal-open-as-of-11-february-2026/ - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### CSSF DORA pages (Luxembourg) CSSF DORA pages (Luxembourg) is a national competent authority portal for DORA implementation evidence. - Primary source: https://www.cssf.lu/en/ict-and-cyber-risk-for-dora-entities/ - Cited on: [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/) ### Cyprus Securities and Exchange Commission Cypriot securities supervisor; publishes per-decision board minutes for CASP register deletions (public-info/decisions) and a separate Deregistered-CASPs register page. - Primary source: https://www.cysec.gov.cy/ - Cited on: [MiCA CASP authorisation-withdrawal forensic register](https://finray.tech/intelligence/mica-casp-authorisation-withdrawals/) ### Cyprus Securities and Exchange Commission (CySEC) Cypriot markets and CASP supervisor; DORA RoI submission via the CySEC XBRL Portal; mandatory xBRL-CSV format from the 2026 cycle. - Primary source: https://www.cysec.gov.cy/en-gb/home/ - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### CySEC Circular C675 CySEC Circular C675 on Regulation (EU) 2023/1113, the EBA Travel Rule Guidelines and reporting obligations for CASPs. - Primary source: https://www.cysec.gov.cy/CMSPages/GetFile.aspx?guid=476aed7e-384a-42d0-b436-7772aaa5571c - Cited on: [The Travel Rule is not a compliance bolt-on. It is an identity routing problem.](https://finray.tech/intelligence/travel-rule-identity-routing-problem/) ### Czech National Bank Czech central bank and financial supervisor; supervises AML/CFT compliance by financial-market entities. - Primary source: https://www.cnb.cz/en/supervision-financial-market/anti-money-laundering-and-counter-terrorist-financing/ - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Czech National Bank (CNB) Czech single supervisor; DORA RoI submission via SDAT (Single Data Collection System); 2026 deadline 2 March 2026. - Primary source: https://www.cnb.cz/cs/statistika/sdat/dora/ - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### Danish Financial Supervisory Authority Danish financial supervisor; supervises AML/CFT compliance in the regulated financial sector. - Primary source: https://www.dfsa.dk/Supervision/Aml - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### De Nederlandsche Bank Dutch central bank and financial supervisor; supervises AML/CFT compliance by financial institutions. - Primary source: https://www.dnb.nl/en/sector-information/supervision-laws-and-regulations/laws-and-eu-regulations/anti-money-laundering-and-anti-terrorist-financing-act/ - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### De Nederlandsche Bank Dutch prudential supervisor; publishes enforcement-measures pages for licence withdrawals against EMIs, PIs and money-exchange firms. - Primary source: https://www.dnb.nl/ - Cited on: [EMI / PI authorisation-withdrawal forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-authorisation-withdrawals/); [EMI / PI licensing-success forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-licensing-success/) ### De Nederlandsche Bank DNB is included as a Dutch authority publishing a compliance overview for ESA guidelines and recommendations. - Primary source: https://www.dnb.nl/media/034jaxpl/compliance-guidelines-and-recommendations-of-the-european-supervisory-authorities.pdf - Cited on: [The Travel Rule is not a compliance bolt-on. It is an identity routing problem.](https://finray.tech/intelligence/travel-rule-identity-routing-problem/) ### De Nederlandsche Bank (DNB) Dutch prudential supervisor; DORA RoI submission via MyDNB Reporting Service; 2026 window 2–20 March 2026. - Primary source: https://www.dnb.nl/en/sector-news/supervision-2026/dora-reporting-dora-registers-of-information-in-march-2026/ - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### DGSFP — Directorate General for Insurance and Pensions Funds Spanish insurance and pensions supervisor; DORA competent-authority status; submission portal not retrieved at cut-off. - Primary source: https://www.dgsfp.mineco.gob.es/en/index.aspx - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### EBA MiCA ART/EMT anchor with adjacent effects for CASPs handling ARTs or EMTs. - Primary source: https://www.eba.europa.eu/regulation-and-policy/asset-referenced-and-e-money-tokens-mica - Cited on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/) ### EBA Q&A 2024_7165 EBA Q&A 2024_7165 is a supervisory or guidance source used to interpret the safeguarding regime. - Primary source: https://www.eba.europa.eu/single-rule-book-qa/qna/view/publicId/2024_7165 - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/); [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/) ### ENISA ENISA is a public authority or public-source body used for DORA RTS/ITS evidence. - Primary source: https://www.enisa.europa.eu/topics/cybersecurity-policy/nis-directive/finance - Cited on: [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/) ### ESAs Joint Committee ESAs Joint Committee is a public authority or public-source body used for DORA RTS/ITS evidence. - Primary source: https://www.eba.europa.eu/publications-and-media/press-releases/esas-publish-list-critical-third-party-providers-under-dora - Cited on: [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/) ### ESMA MiCA Level 2/3 and supervisory-convergence anchor for CASPs. - Primary source: https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/markets-crypto-assets-regulation-mica - Cited on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/) ### Estonian Financial Intelligence Unit Estonian FIU; receives and analyses suspicious transaction reports and supervises some AML obligations. - Primary source: https://fiu.ee/en - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### European Banking Authority EU banking authority issuing outsourcing guidelines and participating in DORA oversight. - Primary source: https://www.eba.europa.eu/activities/single-rulebook/regulatory-activities/internal-governance/guidelines-outsourcing-arrangements - Cited on: [Core banking deployment topology and regulatory alignment — multi-tenant SaaS vs single-tenant in customer cloud account](https://finray.tech/intelligence/deployment-topology-regulatory-alignment/) ### European Banking Authority European Banking Authority is a public authority or public-source body used for DORA RTS/ITS evidence. - Primary source: https://www.eba.europa.eu/activities/direct-supervision-and-oversight/digital-operational-resilience-act/preparation-dora-application - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/); [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/) ### European Banking Authority Maintains the EUCLID payment-institutions register and harmonises the EU EMI/PI prudential framework. - Primary source: https://www.eba.europa.eu/ - Cited on: [EMI / PI licensing-success forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-licensing-success/); [MiCA CASP licensing-success forensic analysis](https://finray.tech/intelligence/mica-casp-licensing-success/); [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/) ### European Banking Authority EBA is the EU supervisory authority issuing Travel Rule Guidelines under the TFR perimeter. - Primary source: https://www.eba.europa.eu/activities/single-rulebook/regulatory-activities/anti-money-laundering-and-countering-financing-terrorism/guidelines-information-requirements-relation-transfers-funds-and-certain-crypto-assets-transfers - Cited on: [The Travel Rule is not a compliance bolt-on. It is an identity routing problem.](https://finray.tech/intelligence/travel-rule-identity-routing-problem/) ### European Commission Adopts DORA delegated and implementing regulations under the Level 2 framework. - Primary source: https://eur-lex.europa.eu/eli/reg_del/2024/1502/oj/eng - Cited on: [Core banking deployment topology and regulatory alignment — multi-tenant SaaS vs single-tenant in customer cloud account](https://finray.tech/intelligence/deployment-topology-regulatory-alignment/) ### European Commission European Commission is a public authority or public-source body used for DORA RTS/ITS evidence. - Primary source: https://finance.ec.europa.eu/regulation-and-supervision/financial-services-legislation/implementing-and-delegated-acts/digital-operational-resilience-regulation_en - Cited on: [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/) ### European Commission EU institution that proposed the PSD3 and PSR reform package. - Primary source: https://commission.europa.eu/about-european-commission_en - Cited on: [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/) ### European Insurance and Occupational Pensions Authority European Insurance and Occupational Pensions Authority is a public authority or public-source body used for DORA RTS/ITS evidence. - Primary source: https://www.eiopa.europa.eu/esas-publish-list-critical-third-party-providers-under-dora-2025-11-18_en - Cited on: [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/) ### European Insurance and Occupational Pensions Authority (EIOPA) EU insurance and pensions supervisor; DORA RoI consolidation hub for the insurance and IORP sector; co-signatory of the November 2025 first batch of CTPP designations. - Primary source: https://www.eiopa.europa.eu/digital-operational-resilience-act-dora_en - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### European Parliament and Council EU co-legislators that adopted PSD2 and EMD2. - Primary source: https://eur-lex.europa.eu/ - Cited on: [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/) ### European Securities and Markets Authority European Securities and Markets Authority is a public authority or public-source body used for DORA RTS/ITS evidence. - Primary source: https://www.esma.europa.eu/digital-finance-and-innovation/digital-operational-resilience-act-dora - Cited on: [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/) ### European Securities and Markets Authority EU securities and markets supervisor; publishes the interim MiCA register but does not currently expose historical withdrawals at row level. - Primary source: https://www.esma.europa.eu/ - Cited on: [MiCA CASP authorisation-withdrawal forensic register](https://finray.tech/intelligence/mica-casp-authorisation-withdrawals/); [MiCA CASP licensing-success forensic analysis](https://finray.tech/intelligence/mica-casp-licensing-success/) ### European Securities and Markets Authority ESMA is the EU securities markets authority responsible for MiCA supervisory convergence and transfer-services guidance under Article 82. - Primary source: https://www.esma.europa.eu/document/guidelines-transfer-services-crypto-assets-under-mica - Cited on: [The Travel Rule is not a compliance bolt-on. It is an identity routing problem.](https://finray.tech/intelligence/travel-rule-identity-routing-problem/) ### European Securities and Markets Authority (ESMA) EU securities and markets supervisor; DORA RoI consolidation hub for the markets sector; co-signatory of the November 2025 first batch of CTPP designations. - Primary source: https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/digital-operational-resilience-act-dora - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### European Supervisory Authorities Joint EBA, EIOPA and ESMA coordination for DORA CTPP designation and oversight. - Primary source: https://www.eiopa.europa.eu/european-supervisory-authorities-designate-critical-ict-third-party-providers-under-digital-2025-11-18_en - Cited on: [Core banking deployment topology and regulatory alignment — multi-tenant SaaS vs single-tenant in customer cloud account](https://finray.tech/intelligence/deployment-topology-regulatory-alignment/) ### European Union Agency for Cybersecurity EU cybersecurity agency preparing and publishing certification framework material under the Cybersecurity Act. - Primary source: https://www.enisa.europa.eu/topics/product-security-and-certification/cybersecurity-certification-framework - Cited on: [Core banking deployment topology and regulatory alignment — multi-tenant SaaS vs single-tenant in customer cloud account](https://finray.tech/intelligence/deployment-topology-regulatory-alignment/) ### Executive Service of the Commission for the Prevention of Money Laundering and Monetary Offences (Sepblac) Spanish FIU and AML supervisory service; receives, analyses and disseminates suspicious transaction reports. - Primary source: https://www.sepblac.es/en/ - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### FATF Global source for Recommendation 16 and VASP/virtual-asset AML guidance. - Primary source: https://www.fatf-gafi.org/en/topics/virtual-assets.html - Cited on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/) ### FDPIC Swiss Federal Data Protection and Information Commissioner. - Primary source: https://www.edoeb.admin.ch/en - Cited on: [Swiss FINMA GRC and ICS software](https://finray.tech/intelligence/swiss-finma-grc-ics/) ### Federal Financial Supervisory Authority (BaFin) German federal financial supervisor; AML/CFT competent authority for credit and financial institutions. - Primary source: https://www.bafin.de/EN/Aufsicht/Geldwaeschebekaempfung/geldwaeschebekaempfung_node_en.html - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### FIN-FSA — Finnish Financial Supervisory Authority Finnish single supervisor; DORA competent-authority status; RoI submission portal page not retrieved at cut-off. - Primary source: https://www.finanssivalvonta.fi/en/publications-and-press-releases/Press-release/2025/application-of-dora-has-started--fin-fsa-to-focus-on-the-management-of-ict-risks-and-cyber-threats-in-its-supervision/ - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### Financial Action Task Force FATF is the international AML/CFT standard-setter for Recommendation 16 Payment transparency and Recommendation 15 virtual-assets expectations. - Primary source: https://www.fatf-gafi.org/en/publications/Fatfrecommendations/Fatf-recommendations.html - Cited on: [The Travel Rule is not a compliance bolt-on. It is an identity routing problem.](https://finray.tech/intelligence/travel-rule-identity-routing-problem/) ### Financial Analytical Office Czech FIU; receives and analyses suspicious transaction reports and coordinates AML financial intelligence. - Primary source: https://fau.gov.cz/en - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Financial Conduct Authority UK conduct regulator maintaining SYSC 8 and cloud outsourcing guidance. - Primary source: https://handbook.fca.org.uk/handbook/SYSC/8/1.html - Cited on: [Core banking deployment topology and regulatory alignment — multi-tenant SaaS vs single-tenant in customer cloud account](https://finray.tech/intelligence/deployment-topology-regulatory-alignment/) ### Financial Conduct Authority UK conduct regulator for financial-services firms; publishes Final Notices for EMI / PI registration cancellations and EMD-revocation status fields in the Financial Services Register. - Primary source: https://www.fca.org.uk/ - Cited on: [EMI / PI authorisation-withdrawal forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-authorisation-withdrawals/); [EMI / PI licensing-success forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-licensing-success/); [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/) ### Financial Conduct Authority Financial Conduct Authority is a public authority or public-source body associated with the regime evidence. - Primary source: https://www.fca.org.uk/publications/policy-statements/ps25-12-changes-safeguarding-regime-payments-and-e-money-firms - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/); [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/) ### Financial Crime Investigation Service Lithuanian FIU; receives and analyses suspicious transactions and investigates financial crime. - Primary source: https://fntt.lrv.lt/en/ - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Financial Intelligence Analysis Unit Maltese FIU; receives, analyses and disseminates suspicious transaction reports and performs AML supervision. - Primary source: https://fiaumalta.org/ - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Financial Intelligence Directorate of the State Agency for National Security Bulgarian FIU; receives and analyses suspicious transaction information for AML/CFT purposes. - Primary source: https://www.dans.bg/en/activities/financial-intelligence - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Financial Intelligence Processing Unit (CTIF-CFI) Belgian FIU; analyses suspicious financial information and transmits cases to prosecutors when appropriate. - Primary source: https://www.ctif-cfi.be/ - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Financial Intelligence Unit for Italy Italian FIU; receives, analyses and disseminates suspicious transaction reports within the Bank of Italy. - Primary source: https://uif.bancaditalia.it - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Financial Intelligence Unit Germany German FIU; receives and analyses suspicious transaction reports within the General Customs Directorate. - Primary source: https://www.zoll.de/EN/FIU/fiu_node.html - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Financial Intelligence Unit Liechtenstein Liechtenstein FIU; receives and analyses suspicious transaction reports and disseminates intelligence. - Primary source: https://www.fiu.li/en/ - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Financial Intelligence Unit of Latvia Latvian FIU; receives and analyses suspicious transaction reports and disseminates financial intelligence. - Primary source: https://www.fid.gov.lv/en - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Financial Intelligence Unit Portugal Portuguese FIU; receives and analyses suspicious transaction reports within the Polícia Judiciária. - Primary source: https://www.policiajudiciaria.pt/unc3t-english/ - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Financial Intelligence Unit Slovakia Slovak FIU; receives and analyses suspicious transaction reports within the Ministry of Interior. - Primary source: https://www.minv.sk/?financial-intelligence-unit - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Financial Market Authority Liechtenstein Liechtenstein financial-market supervisor; supervises AML/CFT compliance by financial intermediaries. - Primary source: https://www.fma-li.li/en/supervision/prevention-of-money-laundering.html - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Financial Reporting Council Financial Reporting Council is a public authority or public-source body associated with the regime evidence. - Primary source: https://www.frc.org.uk/library/standards-codes-policy/audit-assurance-and-ethics/auditors-ethical-standard/ - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/) ### Financial Services and Markets Authority (FSMA Belgium) Belgian markets and conduct supervisor; DORA RoI scope confirmed for 2026 — limited update reporting cycle. - Primary source: https://www.fsma.be/en/news/dora-register-information-third-party-ict-service-providers-limited-update-2026 - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### Financial Stability Board International standard-setting body issuing the third-party risk management and oversight toolkit. - Primary source: https://www.fsb.org/2023/12/final-report-on-enhancing-third-party-risk-management-and-oversight-a-toolkit-for-financial-institutions-and-financial-authorities/ - Cited on: [Core banking deployment topology and regulatory alignment — multi-tenant SaaS vs single-tenant in customer cloud account](https://finray.tech/intelligence/deployment-topology-regulatory-alignment/) ### Financial Supervision Commission (FSC Bulgaria) Bulgarian markets and insurance supervisor; DORA competent-authority status confirmed; submission portal not retrieved at cut-off. - Primary source: https://www.fsc.bg/en/ - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### Financial Supervisory Authority of Norway Norwegian financial supervisor; supervises AML/CFT compliance in the financial sector under EEA-aligned law. - Primary source: https://www.finanstilsynet.no/en/topics/anti-money-laundering/ - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Finansinspektionen Swedish financial supervisor; supervises AML/CFT compliance by regulated financial institutions. - Primary source: https://www.fi.se/en/anti-money-laundering/ - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Finansinspektionen Swedish Financial Supervisory Authority; publishes English-language sanctions decisions including authorisation withdrawals against PIs and EMIs. - Primary source: https://www.fi.se/ - Cited on: [EMI / PI authorisation-withdrawal forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-authorisation-withdrawals/) ### Finansinspektionen — Swedish FSA Swedish single supervisor; DORA RoI submission via FIDAC; 2026 deadline 28 February 2026. - Primary source: https://www.fi.se/en/e-services-and-forms/reporting-to-fi/fidac/reporting-according-to-dora/ - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### Finanstilsynet — Danish FSA (DFSA) Danish single supervisor; DORA RoI submission via e-Reg (replacing FIONA); 2026 window 2 February to 13 March 2026; correction window through 30 April 2026. - Primary source: https://www.dfsa.dk/reporting/new-reporting-system-for-eu-reports - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### Finanstilsynet — Financial Supervisory Authority of Norway Norwegian single supervisor; DORA RoI submission via e-Reg; 2026 deadline 13 March 2026; submissions forwarded to the EBA for validation. - Primary source: https://www.finanstilsynet.no/rapportering/fellesrapporteringer/dora-rapportering-av-register-over-ikt-tjenesteavtaler-roi/ - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### Finantsinspektsioon Estonian financial supervisor; supervises AML/CFT compliance by financial institutions. - Primary source: https://www.fi.ee/en/supervision/anti-money-laundering-and-countering-financing-terrorism - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Finantsinspektsioon — Estonian FSA Estonian single supervisor; DORA competent-authority status; RoI submission portal not retrieved at cut-off. - Primary source: https://fi.ee/en/news/finantsinspektsioon-holding-information-seminar-application-dora - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### FINMA Swiss Financial Market Supervisory Authority. - Primary source: https://www.finma.ch/en/ - Cited on: [Swiss FINMA GRC and ICS software](https://finray.tech/intelligence/swiss-finma-grc-ics/) ### Finnish Financial Intelligence Unit Finnish FIU; receives and analyses suspicious transaction reports within the National Bureau of Investigation. - Primary source: https://poliisi.fi/en/finnish-financial-intelligence-unit - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Finnish Financial Supervisory Authority Finnish financial supervisor; supervises AML/CFT compliance in the financial sector. - Primary source: https://www.finanssivalvonta.fi/en/prevention-of-money-laundering-and-terrorist-financing/ - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### FIU-Netherlands Dutch FIU; receives unusual transaction reports and declares suspicious transactions for law enforcement. - Primary source: https://www.fiu-nederland.nl/en/ - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Fjármálaeftirlitið (FME) — Central Bank of Iceland Financial Supervision Icelandic single supervisor; DORA entered into force in Iceland on 1 November 2025 via the EEA Agreement; first reporting cycle Q1 2026. - Primary source: https://en.fme.is/ - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### FMA Austria — Financial Market Authority Austrian single supervisor for banking, markets and insurance; DORA RoI submission portal: Incoming Platform; 2026 window 16 February to 13 March 2026. - Primary source: https://www.fma.gv.at/en/cross-sectoral-topics/dora/dora-managing-of-ict-third-party-risk/ - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### FMA Liechtenstein — Financial Market Authority Liechtenstein Liechtenstein single supervisor; DORA RoI submission via the e-Service Portal for Financial Intermediaries. - Primary source: https://www.fma-li.li/en/supervision-regulation/dora/dora-reporting - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### Garda Financial Intelligence Unit Irish FIU; receives and analyses suspicious transaction reports within An Garda Síochána. - Primary source: https://www.garda.ie/en/about-us/organised-serious-crime/garda-national-economic-crime-bureau/financial-intelligence-unit/ - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### General Inspector of Financial Information Polish FIU; receives, analyses and disseminates suspicious transaction reports. - Primary source: https://www.gov.pl/web/finance/general-inspector-of-financial-information - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### HANFA — Croatian Financial Services Supervisory Agency Croatian markets, insurance and pensions supervisor; DORA competent-authority status; submission portal not retrieved at cut-off. - Primary source: https://www.hanfa.hr/en/ - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### HCMC — Hellenic Capital Market Commission Greek markets supervisor; DORA competent-authority status; submission portal not retrieved at cut-off. - Primary source: http://www.hcmc.gr/en/web/portal/home - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### Hellenic Financial Intelligence Unit Greek FIU; receives, analyses and disseminates suspicious activity information. - Primary source: https://www.hellenic-fiu.gr/en/ - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### HM Treasury HM Treasury is a public authority or public-source body associated with the regime evidence. - Primary source: https://www.gov.uk/government/calls-for-evidence/payment-services-regulations-review-and-call-for-evidence - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/) ### HM Treasury UK government department responsible for payment-services and electronic-money regulations. - Primary source: https://www.gov.uk/government/organisations/hm-treasury - Cited on: [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/) ### HNB — Croatian National Bank Croatian banking and payments supervisor; DORA competent-authority status; submission portal not retrieved at cut-off. - Primary source: https://www.hnb.hr/en/-/dora-uredba-o-digitalnoj-operativnoj-otpornosti-za-financijski-sektor-u-primjeni-iduce-godine - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### Hungarian Financial Intelligence Unit Hungarian FIU; receives and analyses suspicious transaction reports within the tax and customs administration. - Primary source: https://pei.nav.gov.hu/ - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Icelandic Financial Intelligence Unit Icelandic FIU; receives and analyses suspicious transaction reports for AML/CFT purposes. - Primary source: https://www.logreglan.is/english/ - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### IVASS — Istituto per la Vigilanza sulle Assicurazioni Italian insurance supervisor; DORA competent-authority status; submission portal not retrieved at cut-off. - Primary source: https://www.ivass.it/index.html?com.dotmarketing.htmlpage.language=3 - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### Joint Committee of the ESAs Cross-sectoral coordination body of the three ESAs; signatory of the joint CTPP designation methodology and the joint DORA RoI FAQs. - Primary source: https://www.eba.europa.eu/sites/default/files/2025-03/31bb6e60-7d10-4405-a8c5-9f04934630ac/20250328%20-%20DORA%20RoI%20reporting%20FAQ%20(updated).pdf - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### KNF — Polish Financial Supervision Authority Polish single supervisor; first DORA RoI collection completed April 2025; 2026 cycle ongoing under the Polish DORA implementation framework. - Primary source: https://www.knf.gov.pl/en/ - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### Latvijas Banka Latvian central bank and financial supervisor; supervises AML/CFT compliance in the financial sector. - Primary source: https://www.bank.lv/en/operational-areas/supervision/anti-money-laundering-and-combating-terrorist-and-proliferation-financing - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Latvijas Banka Latvian single supervisor; DORA RoI submission via the dedicated email channel dora@bank.lv; supplemented by the 2025 national Resilience of Digital Operations Law. - Primary source: https://www.bank.lv/en/operational-areas/financial-stability/dora - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### Magyar Nemzeti Bank Hungarian central bank and financial supervisor; supervises financial-sector AML/CFT compliance. - Primary source: https://www.mnb.hu/en/supervision/supervisory-framework/anti-money-laundering - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Malta Financial Services Authority Maltese financial supervisor; supervises financial-sector AML/CFT compliance alongside the FIAU. - Primary source: https://www.mfsa.mt/firms/anti-money-laundering/ - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Malta Financial Services Authority Maltese single financial-services supervisor; publishes per-entity 'Surrender of licence' and 'Decision not to grant licence' notices for the pre-MiCA Virtual Financial Assets (VFA) regime. - Primary source: https://www.mfsa.mt/ - Cited on: [MiCA CASP authorisation-withdrawal forensic register](https://finray.tech/intelligence/mica-casp-authorisation-withdrawals/) ### Malta Financial Services Authority MFSA is included as a Maltese authority relevant to MiCA authorisation and crypto-asset service supervision. - Primary source: https://www.mfsa.mt/wp-content/uploads/2025/12/MFSA-Strategic-Update-2025-Securing-Our-Future-as-a-Resilient-and-Efficient-Jurisdiction.pdf - Cited on: [The Travel Rule is not a compliance bolt-on. It is an identity routing problem.](https://finray.tech/intelligence/travel-rule-identity-routing-problem/) ### MFSA — Malta Financial Services Authority Maltese single supervisor; DORA RoI submission via the LH Portal; 2026 deadline 21 March 2026. - Primary source: https://www.mfsa.mt/wp-content/uploads/2025/11/Regulation-EU-20222554-on-Digital-Operational-Resilience-for-the-Financial-Sector-%E2%80%93-Register-of-Information-Reporting-Timelines-for-the-Year-2026-and-Onwards.pdf - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### MFSA DORA implementation circulars (Malta) MFSA DORA implementation circulars (Malta) is a national competent authority portal for DORA implementation evidence. - Primary source: https://www.mfsa.mt/our-work/financial-services-regulation/dora/ - Cited on: [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/) ### MNB — Magyar Nemzeti Bank Hungarian single supervisor; DORA competent-authority status; submission portal page not retrieved at cut-off. - Primary source: https://www.mnb.hu/en/supervision - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### Money Laundering Secretariat Danish FIU; receives suspicious transaction reports and supports law-enforcement AML analysis. - Primary source: https://politi.dk/en/special-crime-unit/money-laundering-secretariat - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### National Bank of Belgium Belgian central bank and financial supervisor; AML/CFT supervisor for regulated financial institutions. - Primary source: https://www.nbb.be/en/financial-oversight/anti-money-laundering-and-counter-terrorist-financing - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### National Bank of Belgium (NBB) Belgian banking and payments supervisor; DORA RoI submission portal: OneGate (domain DOR). - Primary source: https://www.nbb.be/en/media/16801 - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### National Bank of Romania Romanian central bank; supervises AML/CFT compliance by credit institutions and other financial entities. - Primary source: https://www.bnro.ro/Preventing-and-combating-money-laundering-and-terrorist-financing-19512.aspx - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### National Bank of Slovakia Slovak central bank and financial supervisor; supervises AML/CFT compliance by financial-market entities. - Primary source: https://nbs.sk/en/financial-market-supervision1/anti-money-laundering-and-counter-terrorist-financing/ - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### National Office for Prevention and Control of Money Laundering Romanian FIU; receives and analyses suspicious transaction reports and coordinates AML intelligence. - Primary source: https://www.onpcsb.ro/en - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### NBS — Národná banka Slovenska Slovak single supervisor; DORA competent-authority status; submission portal not retrieved at cut-off. - Primary source: https://nbs.sk/en/financial-market-supervision1/ - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### Norwegian Financial Intelligence Unit Norwegian FIU; receives and analyses suspicious transaction reports within Økokrim. - Primary source: https://www.okokrim.no/financial-intelligence-unit.424377.en.html - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Office for Money Laundering Prevention Slovenian FIU; receives and analyses suspicious transaction reports and coordinates AML prevention. - Primary source: https://www.gov.si/en/state-authorities/bodies-within-ministries/office-for-money-laundering-prevention/ - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Polish Financial Supervision Authority Polish financial supervisor; supervises AML/CFT controls in regulated financial institutions. - Primary source: https://www.knf.gov.pl/en/SUPERVISION/Anti_money_laundering_and_countering_terrorist_financing - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### PRA SS2/21 PRA SS2/21 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. - Primary source: https://www.bankofengland.co.uk/prudential-regulation/publication/2021/march/outsourcing-and-third-party-risk-management-ss - Cited on: [Core banking deployment topology and regulatory alignment — multi-tenant SaaS vs single-tenant in customer cloud account](https://finray.tech/intelligence/deployment-topology-regulatory-alignment/); [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/) ### SNB Swiss National Bank financial-stability authority relevant to systemically important banks. - Primary source: https://www.snb.ch/en/the-snb/mandates-goals/financial-stability/swiss-banking-sector - Cited on: [Swiss FINMA GRC and ICS software](https://finray.tech/intelligence/swiss-finma-grc-ics/) ### Swedish Financial Intelligence Unit Swedish FIU; receives and analyses suspicious transaction reports within the Police Authority. - Primary source: https://polisen.se/en/about-the-police/police-work/financial-intelligence-unit/ - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Swiss Financial Market Supervisory Authority Swiss supervisor issuing Circular 2018/3 on outsourcing by banks, insurers and financial institutions. - Primary source: https://www.finma.ch/en/~/media/finma/dokumente/dokumentencenter/myfinma/rundschreiben/finma-rs-2018-03-01012021_de.pdf?la=en - Cited on: [Core banking deployment topology and regulatory alignment — multi-tenant SaaS vs single-tenant in customer cloud account](https://finray.tech/intelligence/deployment-topology-regulatory-alignment/) ### The Gazette The Gazette is a public authority or public-source body associated with the regime evidence. - Primary source: https://www.thegazette.co.uk/notice/3499762 - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/) ### TRACFIN French FIU; receives, analyses and disseminates suspicious transaction reports. - Primary source: https://www.economie.gouv.fr/tracfin - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### Unit for Combating Money Laundering (MOKAS) Cypriot FIU; receives, analyses and disseminates suspicious transaction reports. - Primary source: http://www.law.gov.cy/law/mokas/mokas.nsf/index_en/index_en?OpenDocument - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ## Regulations (79) Statutes, directives and regulations whose substantive provisions are referenced across the Intelligence body. URLs point to the official journal text where available. ### AMLA Swiss Anti-Money Laundering Act. - Primary source: https://www.fedlex.admin.ch/eli/cc/1998/892_892_892/en - Cited on: [Swiss FINMA GRC and ICS software](https://finray.tech/intelligence/swiss-finma-grc-ics/) ### AMLA Regulation (EU) 2024/1620 Establishes AMLA and its direct and indirect supervisory coordination functions. - Primary source: https://eur-lex.europa.eu/eli/reg/2024/1620/oj/eng - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/); [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/); [The Travel Rule is not a compliance bolt-on. It is an identity routing problem.](https://finray.tech/intelligence/travel-rule-identity-routing-problem/) ### AMLD6 (EU) 2024/1640 EU AML/CFT Directive requiring national transposition by 10 July 2027 for most provisions. - Primary source: https://eur-lex.europa.eu/eli/dir/2024/1640/oj/eng - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/); [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/); [EMI / PI licensing-success forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-licensing-success/); [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/); [The Travel Rule is not a compliance bolt-on. It is an identity routing problem.](https://finray.tech/intelligence/travel-rule-identity-routing-problem/) ### AMLO Swiss Anti-Money Laundering Ordinance. - Primary source: https://www.fedlex.admin.ch/eli/cc/2015/791/en - Cited on: [Swiss FINMA GRC and ICS software](https://finray.tech/intelligence/swiss-finma-grc-ics/) ### AMLR (EU) 2024/1624 EU AML/CFT Regulation directly applicable from 10 July 2027. - Primary source: https://eur-lex.europa.eu/eli/reg/2024/1624/oj/eng - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/); [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/); [EMI / PI licensing-success forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-licensing-success/); [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/); [MiCA CASP authorisation-withdrawal forensic register](https://finray.tech/intelligence/mica-casp-authorisation-withdrawals/); [MiCA CASP licensing-success forensic analysis](https://finray.tech/intelligence/mica-casp-licensing-success/); [The Travel Rule is not a compliance bolt-on. It is an identity routing problem.](https://finray.tech/intelligence/travel-rule-identity-routing-problem/) ### BankG Swiss Banking Act. - Primary source: https://www.fedlex.admin.ch/eli/cc/51/117_121_129/de - Cited on: [Swiss FINMA GRC and ICS software](https://finray.tech/intelligence/swiss-finma-grc-ics/) ### CASS 10A.1 CASS 10A.1 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. - Primary source: https://www.handbook.fca.org.uk/handbook/CASS/10A/1.html?date=2026-05-07 - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/) ### CASS 10A.2 CASS 10A.2 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. - Primary source: https://www.handbook.fca.org.uk/handbook/CASS/10A/2.html?date=2026-05-07 - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/) ### CASS 10A.3 CASS 10A.3 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. - Primary source: https://www.handbook.fca.org.uk/handbook/CASS/10A/3.html?date=2026-05-07 - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/) ### CASS 15.1 CASS 15.1 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. - Primary source: https://www.handbook.fca.org.uk/handbook/CASS/15/1.html?date=2026-05-07 - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/) ### CASS 15.2 CASS 15.2 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. - Primary source: https://www.handbook.fca.org.uk/handbook/CASS/15/2.html?date=2026-05-07 - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/) ### CASS 15.3 CASS 15.3 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. - Primary source: https://www.handbook.fca.org.uk/handbook/CASS/15/3.html?date=2026-05-07 - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/) ### CASS 15.4 CASS 15.4 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. - Primary source: https://www.handbook.fca.org.uk/handbook/CASS/15/4.html?date=2026-05-07 - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/) ### CASS 15.5 CASS 15.5 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. - Primary source: https://www.handbook.fca.org.uk/handbook/CASS/15/5.html?date=2026-05-07 - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/) ### CASS 15.6 CASS 15.6 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. - Primary source: https://www.handbook.fca.org.uk/handbook/CASS/15/6.html?date=2026-05-07 - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/) ### CASS 15.7 CASS 15.7 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. - Primary source: https://www.handbook.fca.org.uk/handbook/CASS/15/7.html?date=2026-05-07 - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/) ### CASS 15.8 CASS 15.8 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. - Primary source: https://www.handbook.fca.org.uk/handbook/CASS/15/8.html?date=2026-05-07 - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/) ### CISA Swiss Collective Investment Schemes Act. - Primary source: https://www.fedlex.admin.ch/eli/cc/2006/822/en - Cited on: [Swiss FINMA GRC and ICS software](https://finray.tech/intelligence/swiss-finma-grc-ics/) ### Commission Delegated Regulation (EU) 2024/1502 — RTS on criticality criteria Commission Delegated Regulation (EU) 2024/1502 — RTS on criticality criteria is a companion Commission act inside the DORA Article 28-35 perimeter. - Primary source: https://eur-lex.europa.eu/eli/reg_del/2024/1502/oj - Cited on: [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/) ### Commission Delegated Regulation (EU) 2024/1505 — RTS on Lead Overseer oversight fees Commission Delegated Regulation (EU) 2024/1505 — RTS on Lead Overseer oversight fees is a companion Commission act inside the DORA Article 28-35 perimeter. - Primary source: https://eur-lex.europa.eu/eli/reg_del/2024/1505/oj - Cited on: [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/) ### Commission Delegated Regulation (EU) 2024/1772 — RTS on ICT-related incident classification Commission Delegated Regulation (EU) 2024/1772 — RTS on ICT-related incident classification is a companion Commission act inside the DORA Article 28-35 perimeter. - Primary source: https://eur-lex.europa.eu/eli/reg_del/2024/1772/oj - Cited on: [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/) ### Commission Delegated Regulation (EU) 2024/1773 — RTS on ICT third-party policy Commission Delegated Regulation (EU) 2024/1773 — RTS on ICT third-party policy is a regulatory anchor for the DORA Article 28 RTS/ITS Pack. - Primary source: https://eur-lex.europa.eu/eli/reg_del/2024/1773/oj - Cited on: [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/) ### Commission Delegated Regulation (EU) 2024/1774 — RTS on ICT risk management Commission Delegated Regulation (EU) 2024/1774 — RTS on ICT risk management is a companion Commission act inside the DORA Article 28-35 perimeter. - Primary source: https://eur-lex.europa.eu/eli/reg_del/2024/1774/oj - Cited on: [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/) ### Commission Delegated Regulation (EU) 2025/295 — RTS on oversight conduct Commission Delegated Regulation (EU) 2025/295 — RTS on oversight conduct is a companion Commission act inside the DORA Article 28-35 perimeter. - Primary source: https://eur-lex.europa.eu/eli/reg_del/2025/295/oj - Cited on: [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/) ### Commission Delegated Regulation (EU) 2025/420 — RTS on Joint Examination Teams Commission Delegated Regulation (EU) 2025/420 — RTS on Joint Examination Teams is a companion Commission act inside the DORA Article 28-35 perimeter. - Primary source: https://eur-lex.europa.eu/eli/reg_del/2025/420/oj - Cited on: [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/) ### Commission Delegated Regulation (EU) 2025/532 — RTS on subcontracting Commission Delegated Regulation (EU) 2025/532 — RTS on subcontracting is a regulatory anchor for the DORA Article 28 RTS/ITS Pack. - Primary source: https://eur-lex.europa.eu/eli/reg_del/2025/532/oj - Cited on: [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/) ### Commission Implementing Regulation (EU) 2024/2956 — ITS on RoI templates Commission Implementing Regulation (EU) 2024/2956 — ITS on RoI templates is a regulatory anchor for the DORA Article 28 RTS/ITS Pack. - Primary source: https://eur-lex.europa.eu/eli/reg_impl/2024/2956/oj - Cited on: [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/) ### Council PSD3 position ST 8222/26 Council compromise text for the PSD3 directive track. - Primary source: https://data.consilium.europa.eu/doc/document/ST-8222-2026-INIT/en/pdf - Cited on: [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/); [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/) ### DORA — Regulation (EU) 2022/2554 EU digital operational resilience regime. - Primary source: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A32022R2554 - Cited on: [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/) ### DORA Article 28 DORA Article 28 is a regulatory anchor for the DORA Article 28 RTS/ITS Pack. - Primary source: https://eur-lex.europa.eu/eli/reg/2022/2554/oj - Cited on: [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/) ### DORA ICT risk-management RTS — Regulation 2024/1774 Specifies ICT risk-management framework elements under DORA. - Primary source: https://eur-lex.europa.eu/eli/reg_del/2024/1774/oj/eng - Cited on: [Core banking deployment topology and regulatory alignment — multi-tenant SaaS vs single-tenant in customer cloud account](https://finray.tech/intelligence/deployment-topology-regulatory-alignment/) ### DORA Regulation (EU) 2022/2554 ICT operational resilience anchor for CASP operating models. - Primary source: https://eur-lex.europa.eu/eli/reg/2022/2554/oj/eng - Cited on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/); [Core banking deployment topology and regulatory alignment — multi-tenant SaaS vs single-tenant in customer cloud account](https://finray.tech/intelligence/deployment-topology-regulatory-alignment/); [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/); [EMI / PI authorisation-withdrawal forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-authorisation-withdrawals/); [EMI / PI licensing-success forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-licensing-success/); [MiCA CASP authorisation-withdrawal forensic register](https://finray.tech/intelligence/mica-casp-authorisation-withdrawals/); [MiCA CASP licensing-success forensic analysis](https://finray.tech/intelligence/mica-casp-licensing-success/) ### DORA subcontracting RTS — Regulation 2025/532 Specifies elements for determining and assessing subcontracting of ICT services supporting critical or important functions. - Primary source: https://eur-lex.europa.eu/eli/reg_del/2025/532/oj/eng - Cited on: [Core banking deployment topology and regulatory alignment — multi-tenant SaaS vs single-tenant in customer cloud account](https://finray.tech/intelligence/deployment-topology-regulatory-alignment/) ### EBA Guidelines on outsourcing arrangements EBA/GL/2019/02 outsourcing guideline. - Primary source: https://www.eba.europa.eu/sites/default/files/documents/10180/2551996/38c80601-f5d7-4855-8ba3-702423665479/EBA%20revised%20Guidelines%20on%20outsourcing%20arrangements.pdf - Cited on: [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/) ### eIDAS 2 Regulation (EU) 2024/1183 Adjacent anchor for digital identity wallet and trust-service onboarding flows. - Primary source: https://eur-lex.europa.eu/eli/reg/2024/1183/oj/eng - Cited on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/) ### Electronic Money Regulations 2011 (UK) UK domestic implementation of EMD2; the source of the FCA E-Money register status field 'EMD Revoked'. - Primary source: https://www.legislation.gov.uk/uksi/2011/99/contents/made - Cited on: [EMI / PI authorisation-withdrawal forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-authorisation-withdrawals/) ### EMD2 Article 7 EU safeguarding requirement for funds received in exchange for electronic money. - Primary source: https://eur-lex.europa.eu/eli/dir/2009/110/oj/eng - Cited on: [EMI / PI authorisation-withdrawal forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-authorisation-withdrawals/); [EMI / PI licensing-success forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-licensing-success/); [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/) ### EMD2 Article 7 EMD2 Article 7 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. - Primary source: https://www.legislation.gov.uk/eudr/2009/110/article/7/adopted - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/) ### EMRs 2011 regulation 20 EMRs 2011 regulation 20 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. - Primary source: https://www.legislation.gov.uk/uksi/2011/99/regulation/20 - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/); [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/) ### ENISA Candidate EUCS cloud-services scheme Draft cloud-services certification scheme under the EU cybersecurity certification framework. - Primary source: https://certification.enisa.europa.eu/publications/candidate-eucs-scheme-v10_en - Cited on: [Core banking deployment topology and regulatory alignment — multi-tenant SaaS vs single-tenant in customer cloud account](https://finray.tech/intelligence/deployment-topology-regulatory-alignment/) ### EU Cybersecurity Act — Regulation (EU) 2019/881 Establishes ENISA mandate and the EU cybersecurity certification framework. - Primary source: https://eur-lex.europa.eu/eli/reg/2019/881/oj/eng - Cited on: [Core banking deployment topology and regulatory alignment — multi-tenant SaaS vs single-tenant in customer cloud account](https://finray.tech/intelligence/deployment-topology-regulatory-alignment/) ### FCA 2025/38 Instrument FCA 2025/38 Instrument is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. - Primary source: https://api-handbook.fca.org.uk/files/instrument/Glossary-GEN-CASS-SUP/FCA%202025/38-2026-05-07.pdf - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/) ### FCA CP24/20 FCA CP24/20 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. - Primary source: https://www.fca.org.uk/publication/consultation/cp24-20.pdf - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/); [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/) ### FCA FG16/5 — Cloud and third-party IT outsourcing FCA guidance for firms outsourcing to cloud and other third-party IT services. - Primary source: https://www.fca.org.uk/publication/finalised-guidance/fg16-5.pdf - Cited on: [Core banking deployment topology and regulatory alignment — multi-tenant SaaS vs single-tenant in customer cloud account](https://finray.tech/intelligence/deployment-topology-regulatory-alignment/) ### FCA PS25/12 FCA PS25/12 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. - Primary source: https://www.fca.org.uk/publication/policy/ps25-12.pdf - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/) ### FINIG Swiss Financial Institutions Act. - Primary source: https://www.fedlex.admin.ch/eli/cc/2018/801/en - Cited on: [Swiss FINMA GRC and ICS software](https://finray.tech/intelligence/swiss-finma-grc-ics/) ### FINMA Circular 2008/24 Supervision and internal control — banks Historical FINMA circular anchor for bank supervision and internal control. - Primary source: https://www.finma.ch/en/documentation/archiv/rundschreiben/archiv-2008/ - Cited on: [Swiss FINMA GRC and ICS software](https://finray.tech/intelligence/swiss-finma-grc-ics/) ### FINMA Circular 2017/01 Corporate governance — banks Current bank corporate-governance and internal-control reference retrieved for this session. - Primary source: https://www.finma.ch/en/~/media/finma/dokumente/dokumentencenter/myfinma/rundschreiben/finma-rs-2017-01-20200101.pdf - Cited on: [Swiss FINMA GRC and ICS software](https://finray.tech/intelligence/swiss-finma-grc-ics/) ### FINMA Circular 2018/03 Outsourcing — banks and insurers FINMA outsourcing circular for banks and insurers. - Primary source: https://www.finma.ch/en/~/media/finma/dokumente/rundschreiben-archiv/2018/rs-18-03/finma-rs-2018-03---20170921.pdf?la=en - Cited on: [Swiss FINMA GRC and ICS software](https://finray.tech/intelligence/swiss-finma-grc-ics/) ### FINMA Circular 2023/01 Operational risks and resilience — banks FINMA operational-risk and resilience circular for banks, effective from 2024. - Primary source: https://www.finma.ch/en/~/media/finma/dokumente/dokumentencenter/myfinma/rundschreiben/finma-rs-2023-01-20221207.pdf - Cited on: [Swiss FINMA GRC and ICS software](https://finray.tech/intelligence/swiss-finma-grc-ics/) ### FINMASA Federal Act on the Swiss Financial Market Supervisory Authority. - Primary source: https://www.fedlex.admin.ch/eli/cc/2008/736/en - Cited on: [Swiss FINMA GRC and ICS software](https://finray.tech/intelligence/swiss-finma-grc-ics/) ### FINSA Swiss Financial Services Act. - Primary source: https://www.fedlex.admin.ch/eli/cc/2019/758/en - Cited on: [Swiss FINMA GRC and ICS software](https://finray.tech/intelligence/swiss-finma-grc-ics/) ### GDPR Regulation (EU) 2016/679 EU data-protection regulation, including Chapter V transfer controls. - Primary source: https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng - Cited on: [Core banking deployment topology and regulatory alignment — multi-tenant SaaS vs single-tenant in customer cloud account](https://finray.tech/intelligence/deployment-topology-regulatory-alignment/) ### I-Item Note ST 8220/26 on PSD3 + PSR Council note for PSD3/PSR final compromise process. - Primary source: https://data.consilium.europa.eu/doc/document/ST-8220-2026-INIT/en/pdf - Cited on: [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/) ### ISA Swiss Insurance Supervision Act. - Primary source: https://www.fedlex.admin.ch/eli/cc/2005/734/de - Cited on: [Swiss FINMA GRC and ICS software](https://finray.tech/intelligence/swiss-finma-grc-ics/) ### ITS on the Register of Information (EU) 2024/2956 Commission Implementing Regulation establishing the standard templates for the Register of Information under DORA Article 28(9). - Primary source: https://eur-lex.europa.eu/eli/reg_impl/2024/2956/oj/eng - Cited on: [Core banking deployment topology and regulatory alignment — multi-tenant SaaS vs single-tenant in customer cloud account](https://finray.tech/intelligence/deployment-topology-regulatory-alignment/); [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### MiCA Title III ART and Title IV EMT overlap MiCA asset-referenced token and e-money token overlap. - Primary source: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A32023R1114 - Cited on: [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/) ### Payment Services Directive 2 (PSD2), Directive (EU) 2015/2366 EU directive whose transposition empowers NCAs to revoke PI authorisation under specified grounds. - Primary source: https://eur-lex.europa.eu/eli/dir/2015/2366/oj/eng - Cited on: [EMI / PI authorisation-withdrawal forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-authorisation-withdrawals/); [EMI / PI licensing-success forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-licensing-success/) ### Payment Services Regulations 2017 (UK) UK domestic transposition of PSD2; regulation 10 grounds the FCA's cancellation power against dormant Small PIs and the broader cancellation framework. - Primary source: https://www.legislation.gov.uk/uksi/2017/752/contents/made - Cited on: [EMI / PI authorisation-withdrawal forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-authorisation-withdrawals/) ### PERG 15 PERG 15 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. - Primary source: https://www.handbook.fca.org.uk/handbook/PERG/15.html - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/) ### PESAR 2021 PESAR 2021 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. - Primary source: https://www.legislation.gov.uk/uksi/2021/1178/contents - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/) ### PRA SS1/21 — Operational resilience PRA expectations for important business services and impact tolerances. - Primary source: https://www.bankofengland.co.uk/prudential-regulation/publication/2021/march/operational-resilience-impact-tolerances-for-important-business-services-ss - Cited on: [Core banking deployment topology and regulatory alignment — multi-tenant SaaS vs single-tenant in customer cloud account](https://finray.tech/intelligence/deployment-topology-regulatory-alignment/) ### PSD2 — Directive (EU) 2015/2366 Current baseline EU payment-services directive. - Primary source: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32015L2366 - Cited on: [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/) ### PSD2 Article 10 PSD2 Article 10 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. - Primary source: https://www.legislation.gov.uk/eudr/2015/2366/article/10/adopted/data.xht - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/) ### PSD2 Article 10 EU safeguarding requirement for payment-service user funds. - Primary source: https://www.eba.europa.eu/regulation-and-policy/single-rulebook/interactive-single-rulebook/16232 - Cited on: [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/) ### PSD3 proposal COM(2023) 366 European Commission proposal for a new directive on payment and e-money services. - Primary source: https://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2023/0366/COM_COM(2023)0366_EN.pdf - Cited on: [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/) ### PSR — Council ST 8221/26 final compromise text Council final compromise text for the proposed payment-services regulation. - Primary source: https://data.consilium.europa.eu/doc/document/ST-8221-2026-INIT/en/pdf - Cited on: [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/) ### PSR proposal COM(2023) 367 European Commission proposal for a directly applicable EU payment-services regulation. - Primary source: https://data.consilium.europa.eu/doc/document/ST-11222-2023-INIT/en/pdf - Cited on: [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/) ### PSRs 2017 regulation 23 PSRs 2017 regulation 23 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. - Primary source: https://www.legislation.gov.uk/uksi/2017/752/regulation/23 - Cited on: [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/); [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/) ### Regulation (EU) 2023/1114 (MiCA) MiCA is the EU crypto-asset markets regulation. Article 82 covers CASPs providing transfer services for crypto-assets on behalf of clients. - Primary source: https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng - Cited on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/); [MiCA CASP authorisation-withdrawal forensic register](https://finray.tech/intelligence/mica-casp-authorisation-withdrawals/); [MiCA CASP licensing-success forensic analysis](https://finray.tech/intelligence/mica-casp-licensing-success/); [The Travel Rule is not a compliance bolt-on. It is an identity routing problem.](https://finray.tech/intelligence/travel-rule-identity-routing-problem/) ### RTS on ICT services supporting critical functions (EU) 2024/1772 Commission Delegated Regulation on classification and reporting of major ICT-related incidents under DORA Articles 18 and 19. - Primary source: https://eur-lex.europa.eu/eli/reg_del/2024/1772/oj/eng - Cited on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### RTS on ICT third-party policy (EU) 2024/1773 Commission Delegated Regulation specifying the policy on contractual arrangements with ICT third-party service providers supporting critical or important functions under DORA Article 28(10). - Primary source: https://eur-lex.europa.eu/eli/reg_del/2024/1773/oj/eng - Cited on: [Core banking deployment topology and regulatory alignment — multi-tenant SaaS vs single-tenant in customer cloud account](https://finray.tech/intelligence/deployment-topology-regulatory-alignment/); [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/) ### SCA RTS — Commission Delegated Regulation (EU) 2018/389 Strong customer authentication and secure communication RTS. - Primary source: https://eur-lex.europa.eu/eli/reg_del/2018/389/oj/eng - Cited on: [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/) ### SUP 16.14A SUP 16.14A is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. - Primary source: https://www.handbook.fca.org.uk/handbook/SUP/16/14A.html?date=2026-05-07 - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/) ### SUP 3A SUP 3A is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. - Primary source: https://www.handbook.fca.org.uk/handbook/SUP/3A/1.html?date=2026-05-07 - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/) ### Swiss FADP / DSG Revised Swiss Federal Act on Data Protection, in force from 1 September 2023. - Primary source: https://www.fedlex.admin.ch/eli/cc/2022/491/en - Cited on: [Swiss FINMA GRC and ICS software](https://finray.tech/intelligence/swiss-finma-grc-ics/) ### SYSC 15A SYSC 15A is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. - Primary source: https://www.handbook.fca.org.uk/handbook/SYSC/15A.html?date=2026-05-07 - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/) ### TFR (EU) 2023/1113 Transfer of Funds Regulation applying information requirements to funds and crypto-asset transfers. - Primary source: https://eur-lex.europa.eu/eli/reg/2023/1113/oj/eng - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/); [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/); [MiCA CASP authorisation-withdrawal forensic register](https://finray.tech/intelligence/mica-casp-authorisation-withdrawals/); [MiCA CASP licensing-success forensic analysis](https://finray.tech/intelligence/mica-casp-licensing-success/); [The Travel Rule is not a compliance bolt-on. It is an identity routing problem.](https://finray.tech/intelligence/travel-rule-identity-routing-problem/) ### UK PSRs 2017 Regulation 23 UK safeguarding rule for authorised payment institutions. - Primary source: https://www.legislation.gov.uk/uksi/2017/752/regulation/23/data.html - Cited on: [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/) ## Standards (47) Technical standards, frameworks and reference architectures cited when describing compliant operating models. ### AMF announcement applying EBA Travel Rule Guidelines AMF public announcement that it applies the EBA Travel Rule Guidelines from 30 December 2024. - Primary source: https://www.amf-france.org/en/news-publications/news/combating-money-laundering-and-terrorist-financing-amf-applies-guidelines-issued-european-banking - Cited on: [The Travel Rule is not a compliance bolt-on. It is an identity routing problem.](https://finray.tech/intelligence/travel-rule-identity-routing-problem/) ### Bank of Lithuania 2025 prudential letter Bank of Lithuania 2025 recommendation letter on EMI and PI prudential requirements. - Primary source: https://www.lb.lt/uploads/documents/files/Rekomendaciju%20rastas%20MEPI%20ENG%202025.pdf - Cited on: [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/) ### Bank of Lithuania CENTROlink safeguarding guidance Bank of Lithuania explanation that CENTROlink does not offer customer-fund safeguarding accounts. - Primary source: https://www.lb.lt/en/centrolink - Cited on: [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/) ### Bank of Lithuania Dear CEO letter 2022 Bank of Lithuania supervisory letter on fintech risk management and licensed activities. - Primary source: https://www.lb.lt/en/news/dear-ceo-letter-advice-to-fintech-institutions-on-risk-management-and-licensed-activities - Cited on: [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/) ### BCBS 239 Basel principles for risk data aggregation and risk reporting. - Primary source: https://www.bis.org/publ/bcbs239.htm - Cited on: [Swiss FINMA GRC and ICS software](https://finray.tech/intelligence/swiss-finma-grc-ics/) ### CBI Payment and E-Money Newsletter Issue 1 December 2025 Central Bank of Ireland newsletter focusing on safeguarding, governance and risk themes. - Primary source: https://www.centralbank.ie/docs/default-source/regulation/industry-market-sectors/electronic-money-institutions/payment-and-e-money-newsletter---issue1---december-2025.pdf?sfvrsn=b0e6c1a_1 - Cited on: [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/) ### COSO 2013 Internal Control framework Internal-control reference architecture for control environment, risk assessment, control activities, information/communication and monitoring. - Primary source: https://www.coso.org/guidance-on-ic - Cited on: [Swiss FINMA GRC and ICS software](https://finray.tech/intelligence/swiss-finma-grc-ics/) ### Directive (EU) 2022/2555 (NIS2) Directive (EU) 2022/2555 (NIS2) is an adjacent standard or legal framework used for control-context mapping. - Primary source: https://eur-lex.europa.eu/eli/dir/2022/2555/oj - Cited on: [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/) ### EBA Final Report on Travel Rule Guidelines The EBA final report supporting EBA/GL/2024/11 explains the policy objectives and implementation rationale for the Travel Rule Guidelines. - Primary source: https://www.eba.europa.eu/sites/default/files/2024-07/6de6e9b9-0ed9-49cd-985d-c0834b5b4356/Travel%20Rule%20Guidelines.pdf - Cited on: [The Travel Rule is not a compliance bolt-on. It is an identity routing problem.](https://finray.tech/intelligence/travel-rule-identity-routing-problem/) ### EBA peer review on PI and EMI authorisation EBA peer-review evidence on authorisation scrutiny, governance and internal-control divergence. - Primary source: https://www.eba.europa.eu/sites/default/files/2025-12/31b327d1-09ef-4ede-a5ec-40ea833fca4d/Follow-up%20peer%20review%20report%20on%20authorisations%20under%20PSD2.pdf - Cited on: [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/) ### EBA-GL-2017-09 EBA-GL-2017-09 is a supervisory or guidance source used to interpret the safeguarding regime. - Primary source: https://www.eba.europa.eu/sites/default/files/documents/10180/1904583/f0f3b7f8-0c2d-4f6d-ba5b-92d4b49d1de0/Guidelines%20on%20the%20information%20to%20be%20provided%20for%20the%20authorisation%20of%20payment%20institutions%20under%20PSD2%20%28EBA-GL-2017-09%29.pdf - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/) ### ESMA Supervisory Briefing on Authorisation of CASPs ESMA supervisory briefing for NCAs on authorisation of CASPs under MiCA. - Primary source: https://www.esma.europa.eu/sites/default/files/2025-01/ESMA75-453128700-1263_Supervisory_Briefing_on_Authorisation_of_CASPs.pdf - Cited on: [The Travel Rule is not a compliance bolt-on. It is an identity routing problem.](https://finray.tech/intelligence/travel-rule-identity-routing-problem/) ### EU consolidated financial sanctions list EU sanctions-list data input for EU CASP sanctions screening. - Primary source: https://data.europa.eu/data/datasets/consolidated-list-of-persons-groups-and-entities-subject-to-eu-financial-sanctions?locale=en - Cited on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/) ### FATF Best Practices on Travel Rule Supervision FATF best-practices paper for supervising Travel Rule implementation. - Primary source: https://www.fatf-gafi.org/content/dam/fatf-gafi/recommendations/Best-Practices-Travel-Rule-Supervision.pdf - Cited on: [The Travel Rule is not a compliance bolt-on. It is an identity routing problem.](https://finray.tech/intelligence/travel-rule-identity-routing-problem/) ### FATF Recommendation 16 and VA/VASP guidance Global Travel Rule methodology for originator and beneficiary information. - Primary source: https://www.fatf-gafi.org/en/publications/Fatfrecommendations/update-Recommendation-16-payment-transparency-june-2025.html - Cited on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/) ### FATF Targeted Report on Stablecoins and Unhosted Wallets, March 2026 FATF March 2026 targeted report on stablecoins, unhosted wallets and peer-to-peer transactions. - Primary source: https://www.fatf-gafi.org/en/publications/Virtualassets/targeted-report-stablecoins-unhosted-wallets.html - Cited on: [The Travel Rule is not a compliance bolt-on. It is an identity routing problem.](https://finray.tech/intelligence/travel-rule-identity-routing-problem/) ### FCA Approach Document May 2026 FCA Approach Document updated for the post-PS25/12 safeguarding regime. - Primary source: https://www.fca.org.uk/publication/finalised-guidance/payment-services-electronic-money-approach.pdf - Cited on: [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/) ### FCA Approach Document May 2026 draft FCA Approach Document May 2026 draft is a supervisory or guidance source used to interpret the safeguarding regime. - Primary source: https://www.fca.org.uk/publication/finalised-guidance/fca-approach-payment-services-electronic-money-2017-may-2026-draft.pdf - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/) ### FCA payments portfolio letter 2023 FCA portfolio letter raising safeguarding weaknesses in the payments sector. - Primary source: https://www.fca.org.uk/publication/correspondence/priorities-payments-firms-portfolio-letter-2023.pdf - Cited on: [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/) ### FCA payments portfolio letter 2025 FCA 2025 supervisory priorities letter for payments firms. - Primary source: https://www.fca.org.uk/publication/correspondence/payments-portfolio-letter-2025.pdf - Cited on: [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/) ### FCA payments report 2026 FCA payments-sector report with safeguarding context for EMIs and PIs. - Primary source: https://www.fca.org.uk/publication/regulatory-priorities/payments-report.pdf - Cited on: [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/) ### FCA risk management and wind-down multi-firm review FCA multi-firm review on risk management and wind-down planning in e-money and payments firms. - Primary source: https://www.fca.org.uk/publications/multi-firm-reviews/risk-management-wind-down-planning-emoney-payments-firms - Cited on: [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/) ### Guidelines on business-wide risk assessment AMLR Art. 10(4) Guidelines setting minimum expectations for obliged entities business-wide risk assessment. - Primary source: https://www.amla.europa.eu/policy/public-consultations/consultation-draft-guidelines-business-wide-risk-assessment_en - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### IETF JMAP Technical reference for structured JSON object workflows; not a MiCA mandate. - Primary source: https://datatracker.ietf.org/doc/html/rfc8620 - Cited on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/) ### ISAE 3402 / SOC 2 Assurance-report standards used in outsourcing and vendor-risk due diligence. - Primary source: https://www.iaasb.org/publications/staff-overview-international-standard-assurance-engagements-isae-3402-assurance-reports-controls - Cited on: [Swiss FINMA GRC and ICS software](https://finray.tech/intelligence/swiss-finma-grc-ics/) ### ISO 20022 Payments message standard relevant at CASP+EMI and fiat-rail intersections. - Primary source: https://www.iso.org/standard/20022-1 - Cited on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/) ### ISO 20022 Canonical financial messaging standard. - Primary source: https://www.iso20022.org/iso-20022 - Cited on: [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/) ### ISO 27001 Information security management-system standard. - Primary source: https://www.iso.org/standard/27001 - Cited on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/); [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/); [Swiss FINMA GRC and ICS software](https://finray.tech/intelligence/swiss-finma-grc-ics/) ### ISO/IEC 27001 ISO/IEC 27001 is an adjacent standard or legal framework used for control-context mapping. - Primary source: https://www.iso.org/isoiec-27001-information-security.html - Cited on: [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/) ### ITS on cooperation for AMLA direct supervision AMLA Regulation Art. 15(3) ITS specifying cooperation inside the AML/CFT supervisory system for direct supervision. - Primary source: https://www.amla.europa.eu/policy/public-consultations/consultation-draft-its-under-art-153-amlar_en - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### IVMS 101 Common data model for required Travel Rule party information. - Primary source: https://www.intervasp.org/ - Cited on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/) ### NIST Cybersecurity Framework 2.0 Cybersecurity framework commonly mapped to risk and resilience controls. - Primary source: https://csrc.nist.gov/pubs/cswp/29/the-nist-cybersecurity-framework-csf-20/final - Cited on: [Swiss FINMA GRC and ICS software](https://finray.tech/intelligence/swiss-finma-grc-ics/) ### OFAC SDN and consolidated screening data US sanctions-list data input for global screening programs. - Primary source: https://ofac.treasury.gov/sanctions-list-service - Cited on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/) ### OpenID Connect Identity protocol reference for authenticated digital identity assertions. - Primary source: https://openid.net/specs/openid-connect-core-1_0.html - Cited on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/) ### Pay.UK Faster Payment System UK real-time retail payment system. - Primary source: https://www.wearepay.uk/what-we-do/payment-systems/faster-payment-system/ - Cited on: [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/) ### Re Allied Wallet Ltd [2022] EWHC 1877 (Ch) Re Allied Wallet Ltd [2022] EWHC 1877 (Ch) is a court judgment interpreting EMRs reg 24 safeguarded-asset pool status. - Primary source: https://www.bailii.org/ew/cases/EWHC/Ch/2022/1877.html - Cited on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/) ### RTS on business relationships, occasional and linked transactions AMLR Art. 19(9) RTS defining criteria for business relationships, occasional transactions, linked transactions and lower thresholds. - Primary source: https://www.amla.europa.eu/policy/public-consultations/consultation-draft-rts-criteria-identifying-business-relationships-occasional-and-linked_en - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### RTS on Customer Due Diligence AMLR Art. 28(1) RTS specifying information and requirements for customer due diligence. - Primary source: https://www.amla.europa.eu/policy/public-consultations/consultation-draft-rts-customer-due-diligence_en - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### RTS on direct-supervision selection methodology AMLA Regulation Art. 12(7) RTS for selecting directly supervised credit and financial institutions or groups. - Primary source: https://www.amla.europa.eu/document/download/1c8bca18-fb5e-4b5e-afee-848111754238_en?filename=2.1_20251216_Final+report+-+RTS+under+art.+12%287%29+AMLAR.pdf - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### RTS on group-wide AML/CFT requirements AMLR Arts. 16(4) and 17(3) RTS setting minimum standards for group-wide frameworks and third-country branches/subsidiaries. - Primary source: https://www.amla.europa.eu/amla-consults-group-wide-requirements-and-business-wide-risk-assessment_en - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### RTS on inherent and residual risk-profile assessment AMLD6 Art. 40(2) RTS setting common methodology for supervisors to assess obliged-entity ML/TF risk profiles. - Primary source: https://www.amla.europa.eu/document/download/c8782141-45bf-4ef9-9d66-33e2f90e607e_en?filename=1.1_20251216_FINAL+REPORT+RTS+40%282%29+AMLD+financial+only_Final.pdf - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### RTS on pecuniary sanctions and supervisory measures AMLD6 Art. 53(10) RTS specifying gravity criteria, sanction factors and periodic penalty methodology. - Primary source: https://www.amla.europa.eu/policy/public-consultations/consultation-draft-rts-pecuniary-sanctions-administrative-measures-and-periodic-penalty-payments_en - Cited on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/) ### SEPA Instant rulebook EPC SEPA Instant Credit Transfer rulebook. - Primary source: https://www.europeanpaymentscouncil.eu/document-library/rulebooks/2025-sepa-instant-credit-transfer-rulebook-version-11 - Cited on: [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/) ### SIX SIC Swiss interbank clearing system. - Primary source: https://www.six-group.com/en/products-services/banking-services/interbank-clearing.html - Cited on: [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/) ### SWIFT CBPR+ SWIFT ISO 20022 usage guidelines for cross-border payments. - Primary source: https://www.swift.com/standards/iso-20022/iso-20022-financial-institutions-focus-payments-instructions - Cited on: [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/) ### T2 / TARGET2 Eurosystem RTGS service. - Primary source: https://www.ecb.europa.eu/paym/target/t2/html/index.en.html - Cited on: [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/) ### TRP — Travel Rule Protocol Open protocol option for Travel Rule data exchange between VASPs. - Primary source: https://gitlab.com/OpenVASP/travel-rule-protocol - Cited on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/)