Skip to content
In the news TRM Labs × Finray — audit-ready crypto transaction monitoring for banking
Finray
Book a briefing

Finray Intelligence

Vendor-neutral, evidence-disciplined buyer guides for the people who procure, build and operate regulated financial infrastructure. Primary sources only. Conflicts of interest disclosed inline.

Last updated
2026-05-09
Editorial principle
Primary sources, accessed-date on every URL.
Disclosure
Finray products are recused from ranking.

Editorial methodology

Read this first if you intend to cite Finray Intelligence.

Every Finray Intelligence page declares the criteria used, the evidence sources consulted, and the limitations of the analysis — a reader should be able to reproduce the reasoning given the same inputs. The methodology page documents the primary-source policy (regulator pages, vendor pages, official journals; analyst reports excluded), the accessed-date discipline applied to every URL, the conflict-of-interest framework when Finray products appear in comparisons, and the update cadence (signal-driven, not quarterly). Read it once before citing the buyer guides or forensic registers below.

Read the editorial methodology Browse the source index Open the glossary

Corebanq cluster

Buyer guides and forensic registers for the Corebanq category.

Corebanq ships in the core-banking category covered below. Corebanq is recused from any qualitative ranking on every linked page.

  • Buyer guide

    Safeguarding reconciliation as solvency discipline

    Architectural radar for EMI and PI safeguarding under PSD2 Article 10, EMD2 Article 7, FCA PS25/12 (CASS 10A / CASS 15 / SUP 3A / SUP 16) and forward-looking PSD3/PSR. 15 control nodes (account designation, segregation, daily reconciliation, intraday integrity, D+1 comparison, books-and-records-at-any-time-no-delay, monthly safeguarding return, resolution pack, annual safeguarding audit, governance 1st/2nd line separation, third-party oversight, settlement-account-not-itself-safeguarding, concentration risk, group oversight). 4 named enforcement cases (BlueSnap CBI 2024, Foxpay BoL 2024, Biilz FCA 2024, Currency Matters FCA supervisory notice). 6 vendors mapped to controls; Corebanq recused from ranking.

    Read methodology

  • Buyer guide

    Core banking deployment topology and regulatory alignment

    Primary-source-cited buyer guide comparing multi-tenant vendor-controlled SaaS and single-tenant customer-cloud deployment topologies for core banking software under DORA, EBA outsourcing, PRA SS2/21, FCA SYSC 8, FINMA Circular 2018/3, GDPR, EU Cybersecurity Act and the FSB third-party-risk toolkit. 8 control axes (outsourcing classification, CTPP designation, audit rights, sub-contractor chain, exit strategy, data sovereignty, concentration risk, operational resilience). Vendor-neutral; Corebanq recused from ranking.

    Read methodology

  • Buyer guide

    EU/UK PI/EMI core banking selection

    Decision graph for EU/UK Payment Institutions and E-Money Institutions selecting core banking software under PSD2/PSD3/PSR, DORA and AML obligations. 14 vendors mapped to the regulatory anchors. Vendor-neutral; Corebanq recused from ranking.

    Read methodology

  • Forensic register

    EMI / PI licensing-success forensic register (EEA + UK)

    Forensic register of 571 successful Electronic Money Institution and Payment Institution authorisations across the FCA, DNB, Bank of Lithuania and HNB registers (cut-off 2 May 2026). Every entity named with home jurisdiction and source-register institution class; PSD2 Annex I + EMD2 service-scope encoded by node size. Verified-floor benchmark.

    Open the register

  • Forensic register

    EMI / PI authorisation-withdrawal forensic register (EEA + UK)

    Forensic register of 63 EMI and PI authorisation withdrawals across the FCA (UK), Bank of Lithuania, Finansinspektionen (SE) and DNB (NL) registers (cut-off 3 May 2026). Each entity classified into one of five withdrawal types — regulator-revocation, voluntary-cancellation, application-refused, lapsed-without-renewal, regime-transition-non-completed — with a primary-source URL on every row. Counter-narrative to the licensing-success register.

    Open the register

  • Buyer guide

    FCA Supplementary Safeguarding Regime (PS25/12)

    Architectural radar for FCA PS25/12 — the supplementary safeguarding regime applying from 2026-05-07 across CASS 15 (operational), CASS 10A (resolution pack), SUP 3A (annual audit) and SUP 16.14A (REP027 monthly return). 18 atomic controls with rule-level Handbook anchors and buyer-DD questions. 10 named UK forensic cases. Corebanq recused from ranking.

    Read methodology

XZiel cluster

Buyer guides and forensic registers for the XZiel category.

XZiel ships in the transaction-monitoring and CASP-compliance category covered below. XZiel is recused from any qualitative ranking on every linked page.

  • Buyer guide

    Travel Rule as identity routing problem

    Architectural radar for CASPs and crypto-bridging payment institutions reading the EU Transfer of Funds Regulation Articles 14-17, MiCA Article 82 transfer-services overlay, EBA/GL/2024/11 Travel Rule Guidelines and FATF Recommendations 15 + 16 (Payment transparency framing) as one identity-routing decision surface. 70 nodes, 183 edges; vendor-support layer (Notabene, Sumsub, OpenVASP, Chainalysis, TRM Labs, Elliptic and others) shown without ranking. No named CASP enforcement — primary-source bar held. XZiel and TRM Labs partnership disclosures inline.

    Read methodology

  • Buyer guide

    CASP MiCA compliance operating model

    Decision graph for Crypto-Asset Service Providers selecting their compliance operating model under MiCA Title V, AMLR, AMLD6, the Transfer of Funds Regulation, FATF Travel Rule and DORA. 19 vendors mapped to the regulatory anchors. Vendor-neutral; XZiel recused from ranking.

    Read methodology

  • Forensic register

    MiCA CASP licensing-success forensic register

    Forensic register of 177 successful MiCA CASP authorisations and Article 60 notifications in ESMA's interim register (cut-off 24 April 2026). Every entity named, connected to its home Member State and pre-MiCA classification archetype; MiCA Title V service-scope encoded by node size.

    Open the register

  • Forensic register

    MiCA CASP authorisation-withdrawal forensic register

    Forensic register of 29 CASP / pre-MiCA DASP authorisation withdrawals across AMF (France), MFSA (Malta) and CySEC (Cyprus) (cut-off 3 May 2026). Each entity classified into the five-class withdrawal taxonomy: 17 voluntary-cancellation, 5 regulator-revocation, 2 application-refused (MFSA only), 2 lapsed-without-renewal (CySEC Deregistered-CASPs), 3 regime-transition-non-completed (April 2026 Coinbase cluster). Coverage gap for remaining NCAs surfaced honestly.

    Open the register

Ordinis cluster

Buyer guides and forensic registers for the Ordinis category.

Ordinis ships in the GRC + ICS category covered below. Ordinis is recused from any qualitative ranking on every linked page.

  • Buyer guide

    Swiss FINMA GRC and ICS software

    Decision graph for Swiss banks, securities firms and asset managers selecting GRC and ICS software under FINMASA, FINMA Circulars 08/24, 17/01, 18/03, 23/01, AMLA and FADP. 13 vendors mapped to the regulatory anchors. Vendor-neutral; Ordinis recused from ranking.

    Read methodology

Authority cluster

Buyer guides and forensic registers for the Authority category.

The Authority cluster contains regulator-monitoring artefacts. Finray Technologies Ltd does not ship a product that competes with regulators; no recusal applies. The standard transparency footer still applies on every linked page.

  • Regulator tracker

    DORA Article 28 RTS/ITS Pack — RoI fields, third-party policy and subcontracting

    Architectural radar for the DORA Article 28 implementing pack — Commission Delegated Regulation (EU) 2024/1773 (RTS on ICT third-party policy), Commission Implementing Regulation (EU) 2024/2956 (ITS on Register of Information templates) and Commission Delegated Regulation (EU) 2025/532 (RTS on subcontracting). 34 RoI field controls + 14 third-party-policy controls + 13 subcontracting controls. All 19 first-batch CTPPs designated 18 November 2025 enumerated by full legal name. WHAT counterpart to the existing Article 28 RoI tracker. Ordinis excluded.

    Open the tracker

  • Regulator tracker

    DORA Article 28 ICT third-party Register of Information tracker

    Quarterly-refreshed tracker of the DORA Article 28 Register of Information supervisory pathway across every EU and EEA national competent authority, plus the EBA / ESMA / EIOPA consolidation layer. Status, deadline and schema per regulator at the 2026-05-03 cut-off. Refreshed quarterly.

    Open the tracker

  • Regulator tracker

    AMLR / AMLD6 / AMLA implementation pathway tracker

    Quarterly-refreshed tracker of the EU AML reform — AMLR (Regulation 2024/1624, applies 10 July 2027), AMLD6 (Directive 2024/1640, transposition deadline 10 July 2027), AMLA Regulation (2024/1620, direct supervision from 1 January 2028) and the Transfer of Funds Regulation — across every EU Member State NCA, EEA non-EU supervisor, and the Anti-Money Laundering Authority itself. Transposition state, supervisory readiness and gold-plating signals per regulator at the 2026-05-07 cut-off.

    Open the tracker
Certificate of Registration NQA · UKAS Management Systems
ISO/IEC 27001:2022 Certificate of Registration issued by NQA to Finray Technologies Ltd, certificate number 215646, valid 21 October 2025 to 21 October 2028
Search
Type to search across Finray, products, company, and journal.

    Press Esc to close · to open the highlighted result.

    Book a briefing 01 / 03

    Step 01

    Identify the institution

    Who is requesting the briefing.