Source index
Every primary source cited across Finray Intelligence
A deduplicated index of the regulators, regulations and technical standards every Finray Intelligence page rests on. Each row links to the original primary source and lists the editorial pages that cite it. No analyst reports; no secondary aggregators; no paywalled intermediaries.
- Regulators
- 168
- Regulations
- 79
- Standards
- 47
- Last updated
- 2026-05-03
Read the editorial methodology for the primary-source policy, accessed-date discipline, and the conflict-of-interest framework that governs every page below.
/0.2 Regulators
Supervisory authorities and rule-makers cited across the body of work.
168 regulators — ESAs, national competent authorities, FATF and other supervisory bodies whose published positions, registers or decisions are quoted on at least one Finray Intelligence page.
- ACPR — Autorité de contrôle prudentiel et de résolution
acpr.banque-france.fr/fr/actualites/remise-des-registres-dinformation
French banking and insurance supervisor; DORA RoI submission via OneGate (DRA for insurance, DRB for banks); 2026 deadline 31 March 2026.
Cited on
- ACPR DORA portal
acpr.banque-france.fr/en/european-and-international/dora-regulation-eu-20222554
ACPR DORA portal is a national competent authority portal for DORA implementation evidence.
Cited on
- AFM — Autoriteit Financiële Markten
www.afm.nl/en/sector/themas/belangrijke-europese-wet--en-regelgeving/dora/informatieregister
Dutch markets supervisor; DORA RoI submission via the AFM Portal; 2026 deadline 22 March 2026.
Cited on
- AMF — Autorité des marchés financiers
www.amf-france.org/en
French markets supervisor; DORA competent-authority status for in-scope entities under AMF supervision; submission portal not retrieved at cut-off.
Cited on
- AMF DOC-2024-08
www.amf-france.org/en/regulation/policy/doc-2024-08
AMF position incorporating the EBA Travel Rule Guidelines for crypto-asset transfers in France.
Cited on
- AMLA
www.amla.europa.eu/index_en
Incoming AML authority relevant to future direct-supervision selection.
Cited on
- AMLA
www.amla.europa.eu/about-amla_en
AMLA is the EU anti-money-laundering authority established by Regulation (EU) 2024/1620.
Cited on
- Anti-Money Laundering Authority
www.amla.europa.eu
EU central authority for AML/CFT supervision; direct supervisor of selected obliged entities from 1 January 2028.
Cited on
- Anti-Money Laundering Office
mfin.gov.hr/en/anti-money-laundering-office/427
Croatian FIU; receives, analyses and disseminates suspicious transaction reports.
Cited on
- ASF — Autoridade de Supervisão de Seguros e Fundos de Pensões
www.asf.com.pt/NR/exeres/E80B7EAB-FC42-4CA4-9097-DF7DA4ED5DBE.htm
Portuguese insurance and pensions supervisor; DORA competent-authority status; submission portal not retrieved at cut-off.
Cited on
- ASF — Autoritatea de Supraveghere Financiară
asfromania.ro/en
Romanian markets, insurance and pensions supervisor; DORA competent-authority status; submission portal not retrieved at cut-off.
Cited on
- ATVP — Securities Market Agency of Slovenia
www.a-tvp.si/eng
Slovenian markets supervisor; DORA competent-authority status; submission portal not retrieved at cut-off.
Cited on
- Austrian Financial Intelligence Unit
bundeskriminalamt.at/202/Geldwaeschemeldestelle/start.aspx
Austrian FIU; receives and analyses suspicious transaction reports and disseminates intelligence to competent authorities.
Cited on
- Austrian Financial Market Authority
www.fma.gv.at/en/cross-sectoral-topics/prevention-of-money-laundering-terrorist-financing
Austrian financial-market supervisor; supervises AML/CFT compliance by financial institutions.
Cited on
- Autorité de contrôle prudentiel et de résolution
acpr.banque-france.fr/en/authorisation/supervision-and-controls/anti-money-laundering-and-countering-financing-terrorism
French prudential supervisor; supervises AML/CFT compliance by banking and insurance firms.
Cited on
- Autorité de Contrôle Prudentiel et de Résolution
acpr.banque-france.fr
French prudential supervisor; co-signs PSAN registration decisions with the AMF and is referenced in joint-decision delisting notices.
Cited on
- Autorité des Marchés Financiers
www.amf-france.org
French Financial Markets Authority; publishes per-entity délibération (decision) PDFs for every PSAN / DASP / CASP delisting and revocation since 2020 — the cleanest historical trail in the EEA.
Cited on
- AZN — Slovenian Insurance Supervision Agency
www.a-zn.si/en
Slovenian insurance and pensions supervisor; DORA competent-authority status; submission portal not retrieved at cut-off.
Cited on
- BaFin
www.bafin.de/SharedDocs/Downloads/EN/Jahresbericht/dl_jb_2024_en.pdf?__blob=publicationFile&v=2
BaFin is Germany’s federal financial supervisory authority and is included for TFR and MiCA perimeter context.
Cited on
- BaFin — Federal Financial Supervisory Authority
www.bafin.de/DE/Aufsicht/DORA/Informationsregister_und_Anzeigepflichten/Informationsregister_und_Anzeigepflichten_node.html
German single supervisor; DORA RoI submission via the MVP (Melde- und Veröffentlichungsplattform); 2026 window 9–30 March 2026.
Cited on
- BaFin DORA implementation portal
www.bafin.de/EN/Aufsicht/Bankenaufsicht/EinheitlicherAufsichtsmechanismus/DORA/dora_node_en.html
BaFin DORA implementation portal is a national competent authority portal for DORA implementation evidence.
Cited on
- Banca d'Italia
www.bancaditalia.it/compiti/vigilanza/avvisi-pub/2026.02.13-regolamento-dora/index.html
Italian banking supervisor; DORA RoI submission via INFOSTAT; 2026 deadline 15 March 2026.
Cited on
- Banco de España
www.bde.es/wbe/en/areas-actuacion/supervision/prevention-money-laundering
Spanish central bank; supervises AML/CFT compliance by credit institutions and other supervised entities.
Cited on
- Banco de España
www.bde.es/wbe/en/supervisores-cooperacion-internacional/transferencia-funciones-supervisoras/digital-operational-resilience-act--dora-.html
Spanish banking supervisor; DORA competent-authority status; RoI submission portal page not retrieved at cut-off.
Cited on
- Banco de Portugal
www.bportugal.pt/en/page/money-laundering-and-terrorist-financing
Portuguese central bank; supervises AML/CFT compliance by credit institutions and financial companies.
Cited on
- Banco de Portugal
www.bportugal.pt/en
Portuguese banking supervisor; DORA competent-authority status; submission portal not retrieved at cut-off.
Cited on
- Bank of Greece
www.bankofgreece.gr/en/main-tasks/supervision/anti-money-laundering-and-combating-the-financing-of-terrorism
Greek central bank; supervises AML/CFT compliance by credit and financial institutions.
Cited on
- Bank of Greece
www.bankofgreece.gr/en/main-tasks/supervision/dora-digital-operational-resilience-act-for-the-financial-sector
Greek banking and insurance supervisor for less significant institutions; DORA competent-authority status; submission portal not retrieved at cut-off.
Cited on
- Bank of Italy
www.bancaditalia.it/compiti/vigilanza/antiriciclaggio
Italian central bank; supervises AML/CFT compliance by banks and financial intermediaries.
Cited on
- Bank of Lithuania
www.lb.lt/en/money-laundering-and-terrorist-financing-prevention
Lithuanian central bank and financial supervisor; supervises financial-sector AML/CFT compliance.
Cited on
- Bank of Lithuania
www.lb.lt/en/digital-operational-resilience-act-dora
Lithuanian single supervisor; DORA RoI submission via a Regnology-built reporting system supporting JSON, CSV, xBRL and API integration.
Cited on
- Bank of Lithuania
www.lb.lt
Lithuanian central bank and financial-services supervisor; publishes English-language press releases for each EMI / PI authorisation revocation.
Cited on
- Bank of Lithuania
www.lb.lt/en
Lithuanian competent authority with detailed EMI and PI safeguarding guidance and revocation evidence.
Cited on
- Bank of Slovenia
www.bsi.si/en/financial-stability/anti-money-laundering-and-terrorist-financing-prevention
Slovenian central bank; supervises AML/CFT compliance by banks and financial institutions.
Cited on
- Banka Slovenije
www.bsi.si/en
Slovenian banking supervisor; DORA competent-authority status; submission portal not retrieved at cut-off.
Cited on
- BNR — Banca Naţională a României
www.bnr.ro/Home.aspx
Romanian banking supervisor; DORA competent-authority status; submission portal not retrieved at cut-off.
Cited on
- Bulgarian National Bank
www.bnb.bg/BankSupervision/BSAntiMoneyLaundering/index.htm?toLang=_EN
Bulgarian central bank; supervises bank AML/CFT obligations and prudential financial-sector controls.
Cited on
- Bulgarian National Bank (BNB)
www.bnb.bg/RegistersAndServices/RSCIRegisters/BS_CI_REG_BANKSLIST_EN
Bulgarian banking and payments supervisor; DORA competent-authority status confirmed; submission portal not retrieved at cut-off.
Cited on
- CAA — Commissariat aux Assurances
www.caa.lu/en
Luxembourg insurance supervisor; DORA RoI submission deadline 1 March 2026 for insurers.
Cited on
- Cellule de renseignement financier
justice.public.lu/fr/organisation-justice/crf.html
Luxembourg FIU; receives and analyses suspicious transaction reports for prosecution authorities.
Cited on
- Central Bank of Cyprus
www.centralbank.cy/en/licensing-supervision/supervision/compliance/anti-money-laundering
Cypriot central bank; supervises AML/CFT obligations of credit institutions and other regulated financial firms.
Cited on
- Central Bank of Cyprus (CBC)
www.centralbank.cy/en/financial-stability/operational-resilience
Cypriot banking supervisor; DORA competent-authority status; RoI submission portal not retrieved at cut-off.
Cited on
- Central Bank of Iceland
www.cb.is/financial-supervision/anti-money-laundering
Icelandic central bank and financial supervisor; supervises AML/CFT compliance in the financial sector.
Cited on
- Central Bank of Ireland
www.centralbank.ie/regulation/anti-money-laundering-and-countering-the-financing-of-terrorism
Irish central bank and financial supervisor; supervises AML/CFT compliance by regulated financial-service providers.
Cited on
- Central Bank of Ireland
www.centralbank.ie
Irish competent authority for payment and e-money supervisory communications and enforcement.
Cited on
- Central Bank of Ireland (CBI)
www.centralbank.ie/regulation/digital-operational-resilience-act-dora/reporting-registers-of-information
Irish single supervisor; DORA RoI submission via the Central Bank of Ireland Portal; 2026 window 2–31 March 2026.
Cited on
- CMVM — Comissão do Mercado de Valores Mobiliários
www.cmvm.pt/en
Portuguese markets supervisor; DORA competent-authority status; submission portal not retrieved at cut-off.
Cited on
- CNMV — Comisión Nacional del Mercado de Valores
www.cnmv.es/portal/ciberseguridad?lang=en
Spanish markets supervisor; supports xBRL-CSV submission and accepts Excel/JSON for the 2026 cycle.
Cited on
- Commission de Surveillance du Secteur Financier
www.cssf.lu/en/aml-cft
Luxembourg financial-sector supervisor; supervises AML/CFT compliance by financial professionals.
Cited on
- CONSOB — Commissione Nazionale per le Società e la Borsa
www.consob.it/web/consob-and-its-activities
Italian markets supervisor; DORA competent-authority status; submission portal not retrieved at cut-off.
Cited on
- Council of the European Union
www.consilium.europa.eu/en/council-eu
EU co-legislator publishing Council compromise texts for PSD3 and PSR.
Cited on
- Courts of England and Wales
www.judiciary.uk/judgments/in-the-matter-of-ipagoo-llp-in-administration
Courts of England and Wales is a public authority or public-source body associated with the regime evidence.
Cited on
- Croatian National Bank
www.hnb.hr/en/core-functions/supervision/anti-money-laundering-and-terrorist-financing
Croatian central bank; supervises AML/CFT compliance in the banking and financial sector.
Cited on
- Croatian National Bank (HNB)
www.hnb.hr
Croatian central bank and supervisor; publishes the register of authorised EMIs and PIs.
Cited on
- CSSF — Commission de Surveillance du Secteur Financier
www.cssf.lu/en/2026/02/dora-submission-timeframe-for-register-of-information-edesk-portal-open-as-of-11-february-2026
Luxembourg banking and markets supervisor; DORA RoI submission via eDesk; 2026 window 11 February to 31 March 2026.
Cited on
- CSSF DORA pages (Luxembourg)
www.cssf.lu/en/ict-and-cyber-risk-for-dora-entities
CSSF DORA pages (Luxembourg) is a national competent authority portal for DORA implementation evidence.
Cited on
- Cyprus Securities and Exchange Commission
www.cysec.gov.cy
Cypriot securities supervisor; publishes per-decision board minutes for CASP register deletions (public-info/decisions) and a separate Deregistered-CASPs register page.
Cited on
- Cyprus Securities and Exchange Commission (CySEC)
www.cysec.gov.cy/en-gb/home
Cypriot markets and CASP supervisor; DORA RoI submission via the CySEC XBRL Portal; mandatory xBRL-CSV format from the 2026 cycle.
Cited on
- CySEC Circular C675
www.cysec.gov.cy/CMSPages/GetFile.aspx?guid=476aed7e-384a-42d0-b436-7772aaa5571c
CySEC Circular C675 on Regulation (EU) 2023/1113, the EBA Travel Rule Guidelines and reporting obligations for CASPs.
Cited on
- Czech National Bank
www.cnb.cz/en/supervision-financial-market/anti-money-laundering-and-counter-terrorist-financing
Czech central bank and financial supervisor; supervises AML/CFT compliance by financial-market entities.
Cited on
- Czech National Bank (CNB)
www.cnb.cz/cs/statistika/sdat/dora
Czech single supervisor; DORA RoI submission via SDAT (Single Data Collection System); 2026 deadline 2 March 2026.
Cited on
- Danish Financial Supervisory Authority
www.dfsa.dk/Supervision/Aml
Danish financial supervisor; supervises AML/CFT compliance in the regulated financial sector.
Cited on
- De Nederlandsche Bank
www.dnb.nl/en/sector-information/supervision-laws-and-regulations/laws-and-eu-regulations/anti-money-laundering-and-anti-terrorist-financing-act
Dutch central bank and financial supervisor; supervises AML/CFT compliance by financial institutions.
Cited on
- De Nederlandsche Bank
www.dnb.nl
Dutch prudential supervisor; publishes enforcement-measures pages for licence withdrawals against EMIs, PIs and money-exchange firms.
Cited on
- De Nederlandsche Bank
www.dnb.nl/media/034jaxpl/compliance-guidelines-and-recommendations-of-the-european-supervisory-authorities.pdf
DNB is included as a Dutch authority publishing a compliance overview for ESA guidelines and recommendations.
Cited on
- De Nederlandsche Bank (DNB)
www.dnb.nl/en/sector-news/supervision-2026/dora-reporting-dora-registers-of-information-in-march-2026
Dutch prudential supervisor; DORA RoI submission via MyDNB Reporting Service; 2026 window 2–20 March 2026.
Cited on
- DGSFP — Directorate General for Insurance and Pensions Funds
www.dgsfp.mineco.gob.es/en/index.aspx
Spanish insurance and pensions supervisor; DORA competent-authority status; submission portal not retrieved at cut-off.
Cited on
- EBA
www.eba.europa.eu/regulation-and-policy/asset-referenced-and-e-money-tokens-mica
MiCA ART/EMT anchor with adjacent effects for CASPs handling ARTs or EMTs.
Cited on
- EBA Q&A 2024_7165
www.eba.europa.eu/single-rule-book-qa/qna/view/publicId/2024_7165
EBA Q&A 2024_7165 is a supervisory or guidance source used to interpret the safeguarding regime.
Cited on
- ENISA
www.enisa.europa.eu/topics/cybersecurity-policy/nis-directive/finance
ENISA is a public authority or public-source body used for DORA RTS/ITS evidence.
Cited on
- ESAs Joint Committee
www.eba.europa.eu/publications-and-media/press-releases/esas-publish-list-critical-third-party-providers-under-dora
ESAs Joint Committee is a public authority or public-source body used for DORA RTS/ITS evidence.
Cited on
- ESMA
www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/markets-crypto-assets-regulation-mica
- Estonian Financial Intelligence Unit
fiu.ee/en
Estonian FIU; receives and analyses suspicious transaction reports and supervises some AML obligations.
Cited on
- European Banking Authority
www.eba.europa.eu/activities/single-rulebook/regulatory-activities/internal-governance/guidelines-outsourcing-arrangements
EU banking authority issuing outsourcing guidelines and participating in DORA oversight.
Cited on
- European Banking Authority
www.eba.europa.eu/activities/direct-supervision-and-oversight/digital-operational-resilience-act/preparation-dora-application
European Banking Authority is a public authority or public-source body used for DORA RTS/ITS evidence.
Cited on
- European Banking Authority
www.eba.europa.eu
Maintains the EUCLID payment-institutions register and harmonises the EU EMI/PI prudential framework.
Cited on
- European Banking Authority
www.eba.europa.eu/activities/single-rulebook/regulatory-activities/anti-money-laundering-and-countering-financing-terrorism/guidelines-information-requirements-relation-transfers-funds-and-certain-crypto-assets-transfers
EBA is the EU supervisory authority issuing Travel Rule Guidelines under the TFR perimeter.
Cited on
- European Commission
eur-lex.europa.eu/eli/reg_del/2024/1502/oj/eng
Adopts DORA delegated and implementing regulations under the Level 2 framework.
Cited on
- European Commission
finance.ec.europa.eu/regulation-and-supervision/financial-services-legislation/implementing-and-delegated-acts/digital-operational-resilience-regulation_en
European Commission is a public authority or public-source body used for DORA RTS/ITS evidence.
Cited on
- European Commission
commission.europa.eu/about-european-commission_en
EU institution that proposed the PSD3 and PSR reform package.
Cited on
- European Insurance and Occupational Pensions Authority
www.eiopa.europa.eu/esas-publish-list-critical-third-party-providers-under-dora-2025-11-18_en
European Insurance and Occupational Pensions Authority is a public authority or public-source body used for DORA RTS/ITS evidence.
Cited on
- European Insurance and Occupational Pensions Authority (EIOPA)
www.eiopa.europa.eu/digital-operational-resilience-act-dora_en
EU insurance and pensions supervisor; DORA RoI consolidation hub for the insurance and IORP sector; co-signatory of the November 2025 first batch of CTPP designations.
Cited on
- European Parliament and Council
eur-lex.europa.eu
EU co-legislators that adopted PSD2 and EMD2.
Cited on
- European Securities and Markets Authority
www.esma.europa.eu/digital-finance-and-innovation/digital-operational-resilience-act-dora
European Securities and Markets Authority is a public authority or public-source body used for DORA RTS/ITS evidence.
Cited on
- European Securities and Markets Authority
www.esma.europa.eu
EU securities and markets supervisor; publishes the interim MiCA register but does not currently expose historical withdrawals at row level.
Cited on
- European Securities and Markets Authority
www.esma.europa.eu/document/guidelines-transfer-services-crypto-assets-under-mica
ESMA is the EU securities markets authority responsible for MiCA supervisory convergence and transfer-services guidance under Article 82.
Cited on
- European Securities and Markets Authority (ESMA)
www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/digital-operational-resilience-act-dora
EU securities and markets supervisor; DORA RoI consolidation hub for the markets sector; co-signatory of the November 2025 first batch of CTPP designations.
Cited on
- European Supervisory Authorities
www.eiopa.europa.eu/european-supervisory-authorities-designate-critical-ict-third-party-providers-under-digital-2025-11-18_en
Joint EBA, EIOPA and ESMA coordination for DORA CTPP designation and oversight.
Cited on
- European Union Agency for Cybersecurity
www.enisa.europa.eu/topics/product-security-and-certification/cybersecurity-certification-framework
EU cybersecurity agency preparing and publishing certification framework material under the Cybersecurity Act.
Cited on
- Executive Service of the Commission for the Prevention of Money Laundering and Monetary Offences (Sepblac)
www.sepblac.es/en
Spanish FIU and AML supervisory service; receives, analyses and disseminates suspicious transaction reports.
Cited on
- FATF
www.fatf-gafi.org/en/topics/virtual-assets.html
Global source for Recommendation 16 and VASP/virtual-asset AML guidance.
Cited on
- FDPIC
www.edoeb.admin.ch/en
- Federal Financial Supervisory Authority (BaFin)
www.bafin.de/EN/Aufsicht/Geldwaeschebekaempfung/geldwaeschebekaempfung_node_en.html
German federal financial supervisor; AML/CFT competent authority for credit and financial institutions.
Cited on
- FIN-FSA — Finnish Financial Supervisory Authority
www.finanssivalvonta.fi/en/publications-and-press-releases/Press-release/2025/application-of-dora-has-started--fin-fsa-to-focus-on-the-management-of-ict-risks-and-cyber-threats-in-its-supervision
Finnish single supervisor; DORA competent-authority status; RoI submission portal page not retrieved at cut-off.
Cited on
- Financial Action Task Force
www.fatf-gafi.org/en/publications/Fatfrecommendations/Fatf-recommendations.html
FATF is the international AML/CFT standard-setter for Recommendation 16 Payment transparency and Recommendation 15 virtual-assets expectations.
Cited on
- Financial Analytical Office
fau.gov.cz/en
Czech FIU; receives and analyses suspicious transaction reports and coordinates AML financial intelligence.
Cited on
- Financial Conduct Authority
handbook.fca.org.uk/handbook/SYSC/8/1.html
UK conduct regulator maintaining SYSC 8 and cloud outsourcing guidance.
Cited on
- Financial Conduct Authority
www.fca.org.uk
UK conduct regulator for financial-services firms; publishes Final Notices for EMI / PI registration cancellations and EMD-revocation status fields in the Financial Services Register.
Cited on
- Financial Conduct Authority
www.fca.org.uk/publications/policy-statements/ps25-12-changes-safeguarding-regime-payments-and-e-money-firms
Financial Conduct Authority is a public authority or public-source body associated with the regime evidence.
Cited on
- Financial Crime Investigation Service
fntt.lrv.lt/en
Lithuanian FIU; receives and analyses suspicious transactions and investigates financial crime.
Cited on
- Financial Intelligence Analysis Unit
fiaumalta.org
Maltese FIU; receives, analyses and disseminates suspicious transaction reports and performs AML supervision.
Cited on
- Financial Intelligence Directorate of the State Agency for National Security
www.dans.bg/en/activities/financial-intelligence
Bulgarian FIU; receives and analyses suspicious transaction information for AML/CFT purposes.
Cited on
- Financial Intelligence Processing Unit (CTIF-CFI)
www.ctif-cfi.be
Belgian FIU; analyses suspicious financial information and transmits cases to prosecutors when appropriate.
Cited on
- Financial Intelligence Unit for Italy
uif.bancaditalia.it
Italian FIU; receives, analyses and disseminates suspicious transaction reports within the Bank of Italy.
Cited on
- Financial Intelligence Unit Germany
www.zoll.de/EN/FIU/fiu_node.html
German FIU; receives and analyses suspicious transaction reports within the General Customs Directorate.
Cited on
- Financial Intelligence Unit Liechtenstein
www.fiu.li/en
Liechtenstein FIU; receives and analyses suspicious transaction reports and disseminates intelligence.
Cited on
- Financial Intelligence Unit of Latvia
www.fid.gov.lv/en
Latvian FIU; receives and analyses suspicious transaction reports and disseminates financial intelligence.
Cited on
- Financial Intelligence Unit Portugal
www.policiajudiciaria.pt/unc3t-english
Portuguese FIU; receives and analyses suspicious transaction reports within the Polícia Judiciária.
Cited on
- Financial Intelligence Unit Slovakia
www.minv.sk/?financial-intelligence-unit
Slovak FIU; receives and analyses suspicious transaction reports within the Ministry of Interior.
Cited on
- Financial Market Authority Liechtenstein
www.fma-li.li/en/supervision/prevention-of-money-laundering.html
Liechtenstein financial-market supervisor; supervises AML/CFT compliance by financial intermediaries.
Cited on
- Financial Reporting Council
www.frc.org.uk/library/standards-codes-policy/audit-assurance-and-ethics/auditors-ethical-standard
Financial Reporting Council is a public authority or public-source body associated with the regime evidence.
Cited on
- Financial Services and Markets Authority (FSMA Belgium)
www.fsma.be/en/news/dora-register-information-third-party-ict-service-providers-limited-update-2026
Belgian markets and conduct supervisor; DORA RoI scope confirmed for 2026 — limited update reporting cycle.
Cited on
- Financial Stability Board
www.fsb.org/2023/12/final-report-on-enhancing-third-party-risk-management-and-oversight-a-toolkit-for-financial-institutions-and-financial-authorities
International standard-setting body issuing the third-party risk management and oversight toolkit.
Cited on
- Financial Supervision Commission (FSC Bulgaria)
www.fsc.bg/en
Bulgarian markets and insurance supervisor; DORA competent-authority status confirmed; submission portal not retrieved at cut-off.
Cited on
- Financial Supervisory Authority of Norway
www.finanstilsynet.no/en/topics/anti-money-laundering
Norwegian financial supervisor; supervises AML/CFT compliance in the financial sector under EEA-aligned law.
Cited on
- Finansinspektionen
www.fi.se/en/anti-money-laundering
Swedish financial supervisor; supervises AML/CFT compliance by regulated financial institutions.
Cited on
- Finansinspektionen
www.fi.se
Swedish Financial Supervisory Authority; publishes English-language sanctions decisions including authorisation withdrawals against PIs and EMIs.
Cited on
- Finansinspektionen — Swedish FSA
www.fi.se/en/e-services-and-forms/reporting-to-fi/fidac/reporting-according-to-dora
Swedish single supervisor; DORA RoI submission via FIDAC; 2026 deadline 28 February 2026.
Cited on
- Finanstilsynet — Danish FSA (DFSA)
www.dfsa.dk/reporting/new-reporting-system-for-eu-reports
Danish single supervisor; DORA RoI submission via e-Reg (replacing FIONA); 2026 window 2 February to 13 March 2026; correction window through 30 April 2026.
Cited on
- Finanstilsynet — Financial Supervisory Authority of Norway
www.finanstilsynet.no/rapportering/fellesrapporteringer/dora-rapportering-av-register-over-ikt-tjenesteavtaler-roi
Norwegian single supervisor; DORA RoI submission via e-Reg; 2026 deadline 13 March 2026; submissions forwarded to the EBA for validation.
Cited on
- Finantsinspektsioon
www.fi.ee/en/supervision/anti-money-laundering-and-countering-financing-terrorism
Estonian financial supervisor; supervises AML/CFT compliance by financial institutions.
Cited on
- Finantsinspektsioon — Estonian FSA
fi.ee/en/news/finantsinspektsioon-holding-information-seminar-application-dora
Estonian single supervisor; DORA competent-authority status; RoI submission portal not retrieved at cut-off.
Cited on
- FINMA
www.finma.ch/en
- Finnish Financial Intelligence Unit
poliisi.fi/en/finnish-financial-intelligence-unit
Finnish FIU; receives and analyses suspicious transaction reports within the National Bureau of Investigation.
Cited on
- Finnish Financial Supervisory Authority
www.finanssivalvonta.fi/en/prevention-of-money-laundering-and-terrorist-financing
Finnish financial supervisor; supervises AML/CFT compliance in the financial sector.
Cited on
- FIU-Netherlands
www.fiu-nederland.nl/en
Dutch FIU; receives unusual transaction reports and declares suspicious transactions for law enforcement.
Cited on
-
Icelandic single supervisor; DORA entered into force in Iceland on 1 November 2025 via the EEA Agreement; first reporting cycle Q1 2026.
Cited on
- FMA Austria — Financial Market Authority
www.fma.gv.at/en/cross-sectoral-topics/dora/dora-managing-of-ict-third-party-risk
Austrian single supervisor for banking, markets and insurance; DORA RoI submission portal: Incoming Platform; 2026 window 16 February to 13 March 2026.
Cited on
- FMA Liechtenstein — Financial Market Authority Liechtenstein
www.fma-li.li/en/supervision-regulation/dora/dora-reporting
Liechtenstein single supervisor; DORA RoI submission via the e-Service Portal for Financial Intermediaries.
Cited on
- Garda Financial Intelligence Unit
www.garda.ie/en/about-us/organised-serious-crime/garda-national-economic-crime-bureau/financial-intelligence-unit
Irish FIU; receives and analyses suspicious transaction reports within An Garda Síochána.
Cited on
- General Inspector of Financial Information
www.gov.pl/web/finance/general-inspector-of-financial-information
Polish FIU; receives, analyses and disseminates suspicious transaction reports.
Cited on
- HANFA — Croatian Financial Services Supervisory Agency
www.hanfa.hr/en
Croatian markets, insurance and pensions supervisor; DORA competent-authority status; submission portal not retrieved at cut-off.
Cited on
- HCMC — Hellenic Capital Market Commission
www.hcmc.gr/en/web/portal/home
Greek markets supervisor; DORA competent-authority status; submission portal not retrieved at cut-off.
Cited on
- Hellenic Financial Intelligence Unit
www.hellenic-fiu.gr/en
Greek FIU; receives, analyses and disseminates suspicious activity information.
Cited on
- HM Treasury
www.gov.uk/government/calls-for-evidence/payment-services-regulations-review-and-call-for-evidence
HM Treasury is a public authority or public-source body associated with the regime evidence.
Cited on
- HM Treasury
www.gov.uk/government/organisations/hm-treasury
UK government department responsible for payment-services and electronic-money regulations.
Cited on
- HNB — Croatian National Bank
www.hnb.hr/en/-/dora-uredba-o-digitalnoj-operativnoj-otpornosti-za-financijski-sektor-u-primjeni-iduce-godine
Croatian banking and payments supervisor; DORA competent-authority status; submission portal not retrieved at cut-off.
Cited on
- Hungarian Financial Intelligence Unit
pei.nav.gov.hu
Hungarian FIU; receives and analyses suspicious transaction reports within the tax and customs administration.
Cited on
- Icelandic Financial Intelligence Unit
www.logreglan.is/english
Icelandic FIU; receives and analyses suspicious transaction reports for AML/CFT purposes.
Cited on
- IVASS — Istituto per la Vigilanza sulle Assicurazioni
www.ivass.it/index.html?com.dotmarketing.htmlpage.language=3
Italian insurance supervisor; DORA competent-authority status; submission portal not retrieved at cut-off.
Cited on
- Joint Committee of the ESAs
www.eba.europa.eu/sites/default/files/2025-03/31bb6e60-7d10-4405-a8c5-9f04934630ac/20250328%20-%20DORA%20RoI%20reporting%20FAQ%20(updated).pdf
Cross-sectoral coordination body of the three ESAs; signatory of the joint CTPP designation methodology and the joint DORA RoI FAQs.
Cited on
- KNF — Polish Financial Supervision Authority
www.knf.gov.pl/en
Polish single supervisor; first DORA RoI collection completed April 2025; 2026 cycle ongoing under the Polish DORA implementation framework.
Cited on
- Latvijas Banka
www.bank.lv/en/operational-areas/supervision/anti-money-laundering-and-combating-terrorist-and-proliferation-financing
Latvian central bank and financial supervisor; supervises AML/CFT compliance in the financial sector.
Cited on
- Latvijas Banka
www.bank.lv/en/operational-areas/financial-stability/dora
Latvian single supervisor; DORA RoI submission via the dedicated email channel dora@bank.lv; supplemented by the 2025 national Resilience of Digital Operations Law.
Cited on
- Magyar Nemzeti Bank
www.mnb.hu/en/supervision/supervisory-framework/anti-money-laundering
Hungarian central bank and financial supervisor; supervises financial-sector AML/CFT compliance.
Cited on
- Malta Financial Services Authority
www.mfsa.mt/firms/anti-money-laundering
Maltese financial supervisor; supervises financial-sector AML/CFT compliance alongside the FIAU.
Cited on
- Malta Financial Services Authority
www.mfsa.mt
Maltese single financial-services supervisor; publishes per-entity 'Surrender of licence' and 'Decision not to grant licence' notices for the pre-MiCA Virtual Financial Assets (VFA) regime.
Cited on
- Malta Financial Services Authority
www.mfsa.mt/wp-content/uploads/2025/12/MFSA-Strategic-Update-2025-Securing-Our-Future-as-a-Resilient-and-Efficient-Jurisdiction.pdf
MFSA is included as a Maltese authority relevant to MiCA authorisation and crypto-asset service supervision.
Cited on
- MFSA — Malta Financial Services Authority
www.mfsa.mt/wp-content/uploads/2025/11/Regulation-EU-20222554-on-Digital-Operational-Resilience-for-the-Financial-Sector-%E2%80%93-Register-of-Information-Reporting-Timelines-for-the-Year-2026-and-Onwards.pdf
Maltese single supervisor; DORA RoI submission via the LH Portal; 2026 deadline 21 March 2026.
Cited on
- MFSA DORA implementation circulars (Malta)
www.mfsa.mt/our-work/financial-services-regulation/dora
MFSA DORA implementation circulars (Malta) is a national competent authority portal for DORA implementation evidence.
Cited on
- MNB — Magyar Nemzeti Bank
www.mnb.hu/en/supervision
Hungarian single supervisor; DORA competent-authority status; submission portal page not retrieved at cut-off.
Cited on
- Money Laundering Secretariat
politi.dk/en/special-crime-unit/money-laundering-secretariat
Danish FIU; receives suspicious transaction reports and supports law-enforcement AML analysis.
Cited on
- National Bank of Belgium
www.nbb.be/en/financial-oversight/anti-money-laundering-and-counter-terrorist-financing
Belgian central bank and financial supervisor; AML/CFT supervisor for regulated financial institutions.
Cited on
- National Bank of Belgium (NBB)
www.nbb.be/en/media/16801
Belgian banking and payments supervisor; DORA RoI submission portal: OneGate (domain DOR).
Cited on
- National Bank of Romania
www.bnro.ro/Preventing-and-combating-money-laundering-and-terrorist-financing-19512.aspx
Romanian central bank; supervises AML/CFT compliance by credit institutions and other financial entities.
Cited on
- National Bank of Slovakia
nbs.sk/en/financial-market-supervision1/anti-money-laundering-and-counter-terrorist-financing
Slovak central bank and financial supervisor; supervises AML/CFT compliance by financial-market entities.
Cited on
- National Office for Prevention and Control of Money Laundering
www.onpcsb.ro/en
Romanian FIU; receives and analyses suspicious transaction reports and coordinates AML intelligence.
Cited on
- NBS — Národná banka Slovenska
nbs.sk/en/financial-market-supervision1
Slovak single supervisor; DORA competent-authority status; submission portal not retrieved at cut-off.
Cited on
- Norwegian Financial Intelligence Unit
www.okokrim.no/financial-intelligence-unit.424377.en.html
Norwegian FIU; receives and analyses suspicious transaction reports within Økokrim.
Cited on
- Office for Money Laundering Prevention
www.gov.si/en/state-authorities/bodies-within-ministries/office-for-money-laundering-prevention
Slovenian FIU; receives and analyses suspicious transaction reports and coordinates AML prevention.
Cited on
- Polish Financial Supervision Authority
www.knf.gov.pl/en/SUPERVISION/Anti_money_laundering_and_countering_terrorist_financing
Polish financial supervisor; supervises AML/CFT controls in regulated financial institutions.
Cited on
- PRA SS2/21
www.bankofengland.co.uk/prudential-regulation/publication/2021/march/outsourcing-and-third-party-risk-management-ss
PRA SS2/21 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline.
Cited on
- SNB
www.snb.ch/en/the-snb/mandates-goals/financial-stability/swiss-banking-sector
Swiss National Bank financial-stability authority relevant to systemically important banks.
Cited on
- Swedish Financial Intelligence Unit
polisen.se/en/about-the-police/police-work/financial-intelligence-unit
Swedish FIU; receives and analyses suspicious transaction reports within the Police Authority.
Cited on
- Swiss Financial Market Supervisory Authority
www.finma.ch/en/~/media/finma/dokumente/dokumentencenter/myfinma/rundschreiben/finma-rs-2018-03-01012021_de.pdf?la=en
Swiss supervisor issuing Circular 2018/3 on outsourcing by banks, insurers and financial institutions.
Cited on
- The Gazette
www.thegazette.co.uk/notice/3499762
The Gazette is a public authority or public-source body associated with the regime evidence.
Cited on
- TRACFIN
www.economie.gouv.fr/tracfin
French FIU; receives, analyses and disseminates suspicious transaction reports.
Cited on
- Unit for Combating Money Laundering (MOKAS)
www.law.gov.cy/law/mokas/mokas.nsf/index_en/index_en?OpenDocument
Cypriot FIU; receives, analyses and disseminates suspicious transaction reports.
Cited on
/0.3 Regulations
Statutes, directives and regulations cited across the body of work.
79 regulatory instruments — EU regulations and directives, UK statutory instruments, Swiss federal acts and FINMA circulars whose substantive provisions are quoted on at least one Finray Intelligence page. Every link resolves to the official journal or legislative gazette text, not a secondary summary.
- AMLA
www.fedlex.admin.ch/eli/cc/1998/892_892_892/en
- AMLA Regulation (EU) 2024/1620
eur-lex.europa.eu/eli/reg/2024/1620/oj/eng
Establishes AMLA and its direct and indirect supervisory coordination functions.
Cited on
- AMLD6 (EU) 2024/1640
eur-lex.europa.eu/eli/dir/2024/1640/oj/eng
EU AML/CFT Directive requiring national transposition by 10 July 2027 for most provisions.
Cited on
- AMLO
www.fedlex.admin.ch/eli/cc/2015/791/en
- AMLR (EU) 2024/1624
eur-lex.europa.eu/eli/reg/2024/1624/oj/eng
EU AML/CFT Regulation directly applicable from 10 July 2027.
Cited on
- BankG
www.fedlex.admin.ch/eli/cc/51/117_121_129/de
- CASS 10A.1
www.handbook.fca.org.uk/handbook/CASS/10A/1.html?date=2026-05-07
CASS 10A.1 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline.
Cited on
- CASS 10A.2
www.handbook.fca.org.uk/handbook/CASS/10A/2.html?date=2026-05-07
CASS 10A.2 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline.
Cited on
- CASS 10A.3
www.handbook.fca.org.uk/handbook/CASS/10A/3.html?date=2026-05-07
CASS 10A.3 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline.
Cited on
- CASS 15.1
www.handbook.fca.org.uk/handbook/CASS/15/1.html?date=2026-05-07
CASS 15.1 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline.
Cited on
- CASS 15.2
www.handbook.fca.org.uk/handbook/CASS/15/2.html?date=2026-05-07
CASS 15.2 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline.
Cited on
- CASS 15.3
www.handbook.fca.org.uk/handbook/CASS/15/3.html?date=2026-05-07
CASS 15.3 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline.
Cited on
- CASS 15.4
www.handbook.fca.org.uk/handbook/CASS/15/4.html?date=2026-05-07
CASS 15.4 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline.
Cited on
- CASS 15.5
www.handbook.fca.org.uk/handbook/CASS/15/5.html?date=2026-05-07
CASS 15.5 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline.
Cited on
- CASS 15.6
www.handbook.fca.org.uk/handbook/CASS/15/6.html?date=2026-05-07
CASS 15.6 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline.
Cited on
- CASS 15.7
www.handbook.fca.org.uk/handbook/CASS/15/7.html?date=2026-05-07
CASS 15.7 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline.
Cited on
- CASS 15.8
www.handbook.fca.org.uk/handbook/CASS/15/8.html?date=2026-05-07
CASS 15.8 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline.
Cited on
- CISA
www.fedlex.admin.ch/eli/cc/2006/822/en
- Commission Delegated Regulation (EU) 2024/1502 — RTS on criticality criteria
eur-lex.europa.eu/eli/reg_del/2024/1502/oj
Commission Delegated Regulation (EU) 2024/1502 — RTS on criticality criteria is a companion Commission act inside the DORA Article 28-35 perimeter.
Cited on
- Commission Delegated Regulation (EU) 2024/1505 — RTS on Lead Overseer oversight fees
eur-lex.europa.eu/eli/reg_del/2024/1505/oj
Commission Delegated Regulation (EU) 2024/1505 — RTS on Lead Overseer oversight fees is a companion Commission act inside the DORA Article 28-35 perimeter.
Cited on
- Commission Delegated Regulation (EU) 2024/1772 — RTS on ICT-related incident classification
eur-lex.europa.eu/eli/reg_del/2024/1772/oj
Commission Delegated Regulation (EU) 2024/1772 — RTS on ICT-related incident classification is a companion Commission act inside the DORA Article 28-35 perimeter.
Cited on
- Commission Delegated Regulation (EU) 2024/1773 — RTS on ICT third-party policy
eur-lex.europa.eu/eli/reg_del/2024/1773/oj
Commission Delegated Regulation (EU) 2024/1773 — RTS on ICT third-party policy is a regulatory anchor for the DORA Article 28 RTS/ITS Pack.
Cited on
- Commission Delegated Regulation (EU) 2024/1774 — RTS on ICT risk management
eur-lex.europa.eu/eli/reg_del/2024/1774/oj
Commission Delegated Regulation (EU) 2024/1774 — RTS on ICT risk management is a companion Commission act inside the DORA Article 28-35 perimeter.
Cited on
- Commission Delegated Regulation (EU) 2025/295 — RTS on oversight conduct
eur-lex.europa.eu/eli/reg_del/2025/295/oj
Commission Delegated Regulation (EU) 2025/295 — RTS on oversight conduct is a companion Commission act inside the DORA Article 28-35 perimeter.
Cited on
- Commission Delegated Regulation (EU) 2025/420 — RTS on Joint Examination Teams
eur-lex.europa.eu/eli/reg_del/2025/420/oj
Commission Delegated Regulation (EU) 2025/420 — RTS on Joint Examination Teams is a companion Commission act inside the DORA Article 28-35 perimeter.
Cited on
- Commission Delegated Regulation (EU) 2025/532 — RTS on subcontracting
eur-lex.europa.eu/eli/reg_del/2025/532/oj
Commission Delegated Regulation (EU) 2025/532 — RTS on subcontracting is a regulatory anchor for the DORA Article 28 RTS/ITS Pack.
Cited on
- Commission Implementing Regulation (EU) 2024/2956 — ITS on RoI templates
eur-lex.europa.eu/eli/reg_impl/2024/2956/oj
Commission Implementing Regulation (EU) 2024/2956 — ITS on RoI templates is a regulatory anchor for the DORA Article 28 RTS/ITS Pack.
Cited on
- Council PSD3 position ST 8222/26
data.consilium.europa.eu/doc/document/ST-8222-2026-INIT/en/pdf
Council compromise text for the PSD3 directive track.
Cited on
- DORA — Regulation (EU) 2022/2554
eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A32022R2554
- DORA Article 28
eur-lex.europa.eu/eli/reg/2022/2554/oj
DORA Article 28 is a regulatory anchor for the DORA Article 28 RTS/ITS Pack.
Cited on
- DORA ICT risk-management RTS — Regulation 2024/1774
eur-lex.europa.eu/eli/reg_del/2024/1774/oj/eng
Specifies ICT risk-management framework elements under DORA.
Cited on
- DORA Regulation (EU) 2022/2554
eur-lex.europa.eu/eli/reg/2022/2554/oj/eng
ICT operational resilience anchor for CASP operating models.
Cited on
- DORA subcontracting RTS — Regulation 2025/532
eur-lex.europa.eu/eli/reg_del/2025/532/oj/eng
Specifies elements for determining and assessing subcontracting of ICT services supporting critical or important functions.
Cited on
- EBA Guidelines on outsourcing arrangements
www.eba.europa.eu/sites/default/files/documents/10180/2551996/38c80601-f5d7-4855-8ba3-702423665479/EBA%20revised%20Guidelines%20on%20outsourcing%20arrangements.pdf
- eIDAS 2 Regulation (EU) 2024/1183
eur-lex.europa.eu/eli/reg/2024/1183/oj/eng
Adjacent anchor for digital identity wallet and trust-service onboarding flows.
Cited on
- Electronic Money Regulations 2011 (UK)
www.legislation.gov.uk/uksi/2011/99/contents/made
UK domestic implementation of EMD2; the source of the FCA E-Money register status field 'EMD Revoked'.
Cited on
- EMD2 Article 7
eur-lex.europa.eu/eli/dir/2009/110/oj/eng
EU safeguarding requirement for funds received in exchange for electronic money.
Cited on
- EMD2 Article 7
www.legislation.gov.uk/eudr/2009/110/article/7/adopted
EMD2 Article 7 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline.
Cited on
- EMRs 2011 regulation 20
www.legislation.gov.uk/uksi/2011/99/regulation/20
EMRs 2011 regulation 20 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline.
Cited on
- ENISA Candidate EUCS cloud-services scheme
certification.enisa.europa.eu/publications/candidate-eucs-scheme-v10_en
Draft cloud-services certification scheme under the EU cybersecurity certification framework.
Cited on
- EU Cybersecurity Act — Regulation (EU) 2019/881
eur-lex.europa.eu/eli/reg/2019/881/oj/eng
Establishes ENISA mandate and the EU cybersecurity certification framework.
Cited on
- FCA 2025/38 Instrument
api-handbook.fca.org.uk/files/instrument/Glossary-GEN-CASS-SUP/FCA%202025/38-2026-05-07.pdf
FCA 2025/38 Instrument is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline.
Cited on
- FCA CP24/20
www.fca.org.uk/publication/consultation/cp24-20.pdf
FCA CP24/20 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline.
Cited on
- FCA FG16/5 — Cloud and third-party IT outsourcing
www.fca.org.uk/publication/finalised-guidance/fg16-5.pdf
FCA guidance for firms outsourcing to cloud and other third-party IT services.
Cited on
- FCA PS25/12
www.fca.org.uk/publication/policy/ps25-12.pdf
FCA PS25/12 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline.
Cited on
- FINIG
www.fedlex.admin.ch/eli/cc/2018/801/en
- FINMA Circular 2008/24 Supervision and internal control — banks
www.finma.ch/en/documentation/archiv/rundschreiben/archiv-2008
Historical FINMA circular anchor for bank supervision and internal control.
Cited on
- FINMA Circular 2017/01 Corporate governance — banks
www.finma.ch/en/~/media/finma/dokumente/dokumentencenter/myfinma/rundschreiben/finma-rs-2017-01-20200101.pdf
Current bank corporate-governance and internal-control reference retrieved for this session.
Cited on
- FINMA Circular 2018/03 Outsourcing — banks and insurers
www.finma.ch/en/~/media/finma/dokumente/rundschreiben-archiv/2018/rs-18-03/finma-rs-2018-03---20170921.pdf?la=en
- FINMA Circular 2023/01 Operational risks and resilience — banks
www.finma.ch/en/~/media/finma/dokumente/dokumentencenter/myfinma/rundschreiben/finma-rs-2023-01-20221207.pdf
FINMA operational-risk and resilience circular for banks, effective from 2024.
Cited on
- FINMASA
www.fedlex.admin.ch/eli/cc/2008/736/en
- FINSA
www.fedlex.admin.ch/eli/cc/2019/758/en
- GDPR Regulation (EU) 2016/679
eur-lex.europa.eu/eli/reg/2016/679/oj/eng
EU data-protection regulation, including Chapter V transfer controls.
Cited on
- I-Item Note ST 8220/26 on PSD3 + PSR
data.consilium.europa.eu/doc/document/ST-8220-2026-INIT/en/pdf
- ISA
www.fedlex.admin.ch/eli/cc/2005/734/de
- ITS on the Register of Information (EU) 2024/2956
eur-lex.europa.eu/eli/reg_impl/2024/2956/oj/eng
Commission Implementing Regulation establishing the standard templates for the Register of Information under DORA Article 28(9).
Cited on
- MiCA Title III ART and Title IV EMT overlap
eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A32023R1114
- Payment Services Directive 2 (PSD2), Directive (EU) 2015/2366
eur-lex.europa.eu/eli/dir/2015/2366/oj/eng
EU directive whose transposition empowers NCAs to revoke PI authorisation under specified grounds.
Cited on
- Payment Services Regulations 2017 (UK)
www.legislation.gov.uk/uksi/2017/752/contents/made
UK domestic transposition of PSD2; regulation 10 grounds the FCA's cancellation power against dormant Small PIs and the broader cancellation framework.
Cited on
- PERG 15
www.handbook.fca.org.uk/handbook/PERG/15.html
PERG 15 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline.
Cited on
- PESAR 2021
www.legislation.gov.uk/uksi/2021/1178/contents
PESAR 2021 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline.
Cited on
- PRA SS1/21 — Operational resilience
www.bankofengland.co.uk/prudential-regulation/publication/2021/march/operational-resilience-impact-tolerances-for-important-business-services-ss
PRA expectations for important business services and impact tolerances.
Cited on
- PSD2 — Directive (EU) 2015/2366
eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32015L2366
- PSD2 Article 10
www.legislation.gov.uk/eudr/2015/2366/article/10/adopted/data.xht
PSD2 Article 10 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline.
Cited on
- PSD2 Article 10
www.eba.europa.eu/regulation-and-policy/single-rulebook/interactive-single-rulebook/16232
EU safeguarding requirement for payment-service user funds.
Cited on
- PSD3 proposal COM(2023) 366
www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2023/0366/COM_COM(2023)0366_EN.pdf
European Commission proposal for a new directive on payment and e-money services.
Cited on
- PSR — Council ST 8221/26 final compromise text
data.consilium.europa.eu/doc/document/ST-8221-2026-INIT/en/pdf
Council final compromise text for the proposed payment-services regulation.
Cited on
- PSR proposal COM(2023) 367
data.consilium.europa.eu/doc/document/ST-11222-2023-INIT/en/pdf
European Commission proposal for a directly applicable EU payment-services regulation.
Cited on
- PSRs 2017 regulation 23
www.legislation.gov.uk/uksi/2017/752/regulation/23
PSRs 2017 regulation 23 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline.
Cited on
- Regulation (EU) 2023/1114 (MiCA)
eur-lex.europa.eu/eli/reg/2023/1114/oj/eng
MiCA is the EU crypto-asset markets regulation. Article 82 covers CASPs providing transfer services for crypto-assets on behalf of clients.
Cited on
- RTS on ICT services supporting critical functions (EU) 2024/1772
eur-lex.europa.eu/eli/reg_del/2024/1772/oj/eng
Commission Delegated Regulation on classification and reporting of major ICT-related incidents under DORA Articles 18 and 19.
Cited on
- RTS on ICT third-party policy (EU) 2024/1773
eur-lex.europa.eu/eli/reg_del/2024/1773/oj/eng
Commission Delegated Regulation specifying the policy on contractual arrangements with ICT third-party service providers supporting critical or important functions under DORA Article 28(10).
Cited on
- SCA RTS — Commission Delegated Regulation (EU) 2018/389
eur-lex.europa.eu/eli/reg_del/2018/389/oj/eng
- SUP 16.14A
www.handbook.fca.org.uk/handbook/SUP/16/14A.html?date=2026-05-07
SUP 16.14A is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline.
Cited on
- SUP 3A
www.handbook.fca.org.uk/handbook/SUP/3A/1.html?date=2026-05-07
SUP 3A is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline.
Cited on
- Swiss FADP / DSG
www.fedlex.admin.ch/eli/cc/2022/491/en
Revised Swiss Federal Act on Data Protection, in force from 1 September 2023.
Cited on
- SYSC 15A
www.handbook.fca.org.uk/handbook/SYSC/15A.html?date=2026-05-07
SYSC 15A is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline.
Cited on
- TFR (EU) 2023/1113
eur-lex.europa.eu/eli/reg/2023/1113/oj/eng
Transfer of Funds Regulation applying information requirements to funds and crypto-asset transfers.
Cited on
- UK PSRs 2017 Regulation 23
www.legislation.gov.uk/uksi/2017/752/regulation/23/data.html
UK safeguarding rule for authorised payment institutions.
Cited on
/0.4 Standards
Technical standards, protocols and reference data feeds.
47 non-statutory references — ISO standards, FATF guidance, sanctions data feeds, and protocol specifications cited as building blocks for compliant operating models. These are not regulations; they're the technical layer that regulations point to.
- AMF announcement applying EBA Travel Rule Guidelines
www.amf-france.org/en/news-publications/news/combating-money-laundering-and-terrorist-financing-amf-applies-guidelines-issued-european-banking
AMF public announcement that it applies the EBA Travel Rule Guidelines from 30 December 2024.
Cited on
- Bank of Lithuania 2025 prudential letter
www.lb.lt/uploads/documents/files/Rekomendaciju%20rastas%20MEPI%20ENG%202025.pdf
Bank of Lithuania 2025 recommendation letter on EMI and PI prudential requirements.
Cited on
- Bank of Lithuania CENTROlink safeguarding guidance
www.lb.lt/en/centrolink
Bank of Lithuania explanation that CENTROlink does not offer customer-fund safeguarding accounts.
Cited on
- Bank of Lithuania Dear CEO letter 2022
www.lb.lt/en/news/dear-ceo-letter-advice-to-fintech-institutions-on-risk-management-and-licensed-activities
Bank of Lithuania supervisory letter on fintech risk management and licensed activities.
Cited on
- BCBS 239
www.bis.org/publ/bcbs239.htm
- CBI Payment and E-Money Newsletter Issue 1 December 2025
www.centralbank.ie/docs/default-source/regulation/industry-market-sectors/electronic-money-institutions/payment-and-e-money-newsletter---issue1---december-2025.pdf?sfvrsn=b0e6c1a_1
Central Bank of Ireland newsletter focusing on safeguarding, governance and risk themes.
Cited on
- COSO 2013 Internal Control framework
www.coso.org/guidance-on-ic
Internal-control reference architecture for control environment, risk assessment, control activities, information/communication and monitoring.
Cited on
- Directive (EU) 2022/2555 (NIS2)
eur-lex.europa.eu/eli/dir/2022/2555/oj
Directive (EU) 2022/2555 (NIS2) is an adjacent standard or legal framework used for control-context mapping.
Cited on
- EBA Final Report on Travel Rule Guidelines
www.eba.europa.eu/sites/default/files/2024-07/6de6e9b9-0ed9-49cd-985d-c0834b5b4356/Travel%20Rule%20Guidelines.pdf
The EBA final report supporting EBA/GL/2024/11 explains the policy objectives and implementation rationale for the Travel Rule Guidelines.
Cited on
- EBA peer review on PI and EMI authorisation
www.eba.europa.eu/sites/default/files/2025-12/31b327d1-09ef-4ede-a5ec-40ea833fca4d/Follow-up%20peer%20review%20report%20on%20authorisations%20under%20PSD2.pdf
EBA peer-review evidence on authorisation scrutiny, governance and internal-control divergence.
Cited on
- EBA-GL-2017-09
www.eba.europa.eu/sites/default/files/documents/10180/1904583/f0f3b7f8-0c2d-4f6d-ba5b-92d4b49d1de0/Guidelines%20on%20the%20information%20to%20be%20provided%20for%20the%20authorisation%20of%20payment%20institutions%20under%20PSD2%20%28EBA-GL-2017-09%29.pdf
EBA-GL-2017-09 is a supervisory or guidance source used to interpret the safeguarding regime.
Cited on
- ESMA Supervisory Briefing on Authorisation of CASPs
www.esma.europa.eu/sites/default/files/2025-01/ESMA75-453128700-1263_Supervisory_Briefing_on_Authorisation_of_CASPs.pdf
ESMA supervisory briefing for NCAs on authorisation of CASPs under MiCA.
Cited on
- EU consolidated financial sanctions list
data.europa.eu/data/datasets/consolidated-list-of-persons-groups-and-entities-subject-to-eu-financial-sanctions?locale=en
- FATF Best Practices on Travel Rule Supervision
www.fatf-gafi.org/content/dam/fatf-gafi/recommendations/Best-Practices-Travel-Rule-Supervision.pdf
FATF best-practices paper for supervising Travel Rule implementation.
Cited on
- FATF Recommendation 16 and VA/VASP guidance
www.fatf-gafi.org/en/publications/Fatfrecommendations/update-Recommendation-16-payment-transparency-june-2025.html
Global Travel Rule methodology for originator and beneficiary information.
Cited on
- FATF Targeted Report on Stablecoins and Unhosted Wallets, March 2026
www.fatf-gafi.org/en/publications/Virtualassets/targeted-report-stablecoins-unhosted-wallets.html
FATF March 2026 targeted report on stablecoins, unhosted wallets and peer-to-peer transactions.
Cited on
- FCA Approach Document May 2026
www.fca.org.uk/publication/finalised-guidance/payment-services-electronic-money-approach.pdf
FCA Approach Document updated for the post-PS25/12 safeguarding regime.
Cited on
- FCA Approach Document May 2026 draft
www.fca.org.uk/publication/finalised-guidance/fca-approach-payment-services-electronic-money-2017-may-2026-draft.pdf
FCA Approach Document May 2026 draft is a supervisory or guidance source used to interpret the safeguarding regime.
Cited on
- FCA payments portfolio letter 2023
www.fca.org.uk/publication/correspondence/priorities-payments-firms-portfolio-letter-2023.pdf
FCA portfolio letter raising safeguarding weaknesses in the payments sector.
Cited on
- FCA payments portfolio letter 2025
www.fca.org.uk/publication/correspondence/payments-portfolio-letter-2025.pdf
FCA 2025 supervisory priorities letter for payments firms.
Cited on
- FCA payments report 2026
www.fca.org.uk/publication/regulatory-priorities/payments-report.pdf
FCA payments-sector report with safeguarding context for EMIs and PIs.
Cited on
- FCA risk management and wind-down multi-firm review
www.fca.org.uk/publications/multi-firm-reviews/risk-management-wind-down-planning-emoney-payments-firms
FCA multi-firm review on risk management and wind-down planning in e-money and payments firms.
Cited on
- Guidelines on business-wide risk assessment
www.amla.europa.eu/policy/public-consultations/consultation-draft-guidelines-business-wide-risk-assessment_en
AMLR Art. 10(4) Guidelines setting minimum expectations for obliged entities business-wide risk assessment.
Cited on
- IETF JMAP
datatracker.ietf.org/doc/html/rfc8620
Technical reference for structured JSON object workflows; not a MiCA mandate.
Cited on
- ISAE 3402 / SOC 2
www.iaasb.org/publications/staff-overview-international-standard-assurance-engagements-isae-3402-assurance-reports-controls
Assurance-report standards used in outsourcing and vendor-risk due diligence.
Cited on
- ISO 20022
www.iso.org/standard/20022-1
Payments message standard relevant at CASP+EMI and fiat-rail intersections.
Cited on
- ISO 20022
www.iso20022.org/iso-20022
- ISO 27001
www.iso.org/standard/27001
Information security management-system standard.
Cited on
- ISO/IEC 27001
www.iso.org/isoiec-27001-information-security.html
ISO/IEC 27001 is an adjacent standard or legal framework used for control-context mapping.
Cited on
- ITS on cooperation for AMLA direct supervision
www.amla.europa.eu/policy/public-consultations/consultation-draft-its-under-art-153-amlar_en
AMLA Regulation Art. 15(3) ITS specifying cooperation inside the AML/CFT supervisory system for direct supervision.
Cited on
- IVMS 101
www.intervasp.org
- NIST Cybersecurity Framework 2.0
csrc.nist.gov/pubs/cswp/29/the-nist-cybersecurity-framework-csf-20/final
Cybersecurity framework commonly mapped to risk and resilience controls.
Cited on
- OFAC SDN and consolidated screening data
ofac.treasury.gov/sanctions-list-service
- OpenID Connect
openid.net/specs/openid-connect-core-1_0.html
Identity protocol reference for authenticated digital identity assertions.
Cited on
- Pay.UK Faster Payment System
www.wearepay.uk/what-we-do/payment-systems/faster-payment-system
- Re Allied Wallet Ltd [2022] EWHC 1877 (Ch)
www.bailii.org/ew/cases/EWHC/Ch/2022/1877.html
Re Allied Wallet Ltd [2022] EWHC 1877 (Ch) is a court judgment interpreting EMRs reg 24 safeguarded-asset pool status.
Cited on
- RTS on business relationships, occasional and linked transactions
www.amla.europa.eu/policy/public-consultations/consultation-draft-rts-criteria-identifying-business-relationships-occasional-and-linked_en
AMLR Art. 19(9) RTS defining criteria for business relationships, occasional transactions, linked transactions and lower thresholds.
Cited on
- RTS on Customer Due Diligence
www.amla.europa.eu/policy/public-consultations/consultation-draft-rts-customer-due-diligence_en
AMLR Art. 28(1) RTS specifying information and requirements for customer due diligence.
Cited on
- RTS on direct-supervision selection methodology
www.amla.europa.eu/document/download/1c8bca18-fb5e-4b5e-afee-848111754238_en?filename=2.1_20251216_Final+report+-+RTS+under+art.+12%287%29+AMLAR.pdf
AMLA Regulation Art. 12(7) RTS for selecting directly supervised credit and financial institutions or groups.
Cited on
- RTS on group-wide AML/CFT requirements
www.amla.europa.eu/amla-consults-group-wide-requirements-and-business-wide-risk-assessment_en
AMLR Arts. 16(4) and 17(3) RTS setting minimum standards for group-wide frameworks and third-country branches/subsidiaries.
Cited on
- RTS on inherent and residual risk-profile assessment
www.amla.europa.eu/document/download/c8782141-45bf-4ef9-9d66-33e2f90e607e_en?filename=1.1_20251216_FINAL+REPORT+RTS+40%282%29+AMLD+financial+only_Final.pdf
AMLD6 Art. 40(2) RTS setting common methodology for supervisors to assess obliged-entity ML/TF risk profiles.
Cited on
- RTS on pecuniary sanctions and supervisory measures
www.amla.europa.eu/policy/public-consultations/consultation-draft-rts-pecuniary-sanctions-administrative-measures-and-periodic-penalty-payments_en
AMLD6 Art. 53(10) RTS specifying gravity criteria, sanction factors and periodic penalty methodology.
Cited on
- SEPA Instant rulebook
www.europeanpaymentscouncil.eu/document-library/rulebooks/2025-sepa-instant-credit-transfer-rulebook-version-11
- SIX SIC
www.six-group.com/en/products-services/banking-services/interbank-clearing.html
- SWIFT CBPR+
www.swift.com/standards/iso-20022/iso-20022-financial-institutions-focus-payments-instructions
- T2 / TARGET2
www.ecb.europa.eu/paym/target/t2/html/index.en.html
- TRP — Travel Rule Protocol
gitlab.com/OpenVASP/travel-rule-protocol