{ "id": "eu-uk-pi-emi-core-banking-software-buyer-guide", "title": "EU/UK PI and EMI Core Banking Software Buyer Guide", "description": "Vendor-neutral Cytoscape.js graph for PSD2-licensed Payment Institutions and E-Money Institutions, EEA applicants, and UK PSR 2017 overlay buyers selecting core banking software. Pure CASP and pure FINMA buyers are out of scope; hybrid PI+CASP buyers are flagged as an open question.", "layout": "cose", "lastReviewed": "2026-04-30", "evidenceCutoff": "2026-04-30", "nodes": [ { "id": "seg-eea-uk-pi-emi", "label": "EEA/UK PI and EMI buyers", "type": "firm-segment", "subtype": "buyer-segment", "summary": "PSD2-licensed PIs/EMIs, applicants, and UK PSR 2017 overlay buyers.", "description": "Buyer segment focused on safeguarding, ledgering, rail access, SCA/API, outsourcing, resilience, observability and commercial deliverability.", "url": "https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32015L2366", "evidence": [ "https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32015L2366, accessed 2026-04-30 [stale — older than 2024]", "https://www.legislation.gov.uk/uksi/2017/752/regulation/23, accessed 2026-04-30 [stale — older than 2024]" ], "tags": [ "EU", "UK", "PI", "EMI", "RFP" ], "isFinrayProduct": false, "coiNote": null, "watching": "Hybrid PI+CASP buyers require a separate MiCA/CASP overlay." }, { "id": "reg-psd2", "label": "PSD2 — Directive (EU) 2015/2366", "type": "regulation", "subtype": "current-baseline", "summary": "Current baseline EU payment-services directive.", "description": "Use as the current EU PI/EMI baseline for payment services, safeguarding, access-to-account and conduct mapping.", "url": "https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32015L2366", "evidence": [ "https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32015L2366, accessed 2026-04-30 [stale — older than 2024]" ], "tags": [ "EU", "PSD2", "safeguarding" ], "isFinrayProduct": false, "coiNote": null, "watching": "PSD3/PSR transition timing." }, { "id": "reg-psd3", "label": "PSD3 — Council ST 8222/26 final compromise text", "type": "regulation", "subtype": "final-compromise-text", "summary": "Council final compromise text for the proposed payment-services directive.", "description": "Forward-looking overlay, not a replacement for current PSD2 obligations until legislative completion and transposition.", "url": "https://data.consilium.europa.eu/doc/document/ST-8222-2026-INIT/en/pdf", "evidence": [ "https://data.consilium.europa.eu/doc/document/ST-8222-2026-INIT/en/pdf, accessed 2026-04-30", "https://data.consilium.europa.eu/doc/document/ST-8220-2026-INIT/en/pdf, accessed 2026-04-30" ], "tags": [ "EU", "PSD3", "future-state" ], "isFinrayProduct": false, "coiNote": null, "watching": "Final legislative adoption and national transposition timeline." }, { "id": "reg-psr", "label": "PSR — Council ST 8221/26 final compromise text", "type": "regulation", "subtype": "final-compromise-text", "summary": "Council final compromise text for the proposed payment-services regulation.", "description": "Forward-looking directly applicable regulation overlay for payment-services conduct, APIs and fraud controls.", "url": "https://data.consilium.europa.eu/doc/document/ST-8221-2026-INIT/en/pdf", "evidence": [ "https://data.consilium.europa.eu/doc/document/ST-8221-2026-INIT/en/pdf, accessed 2026-04-30", "https://data.consilium.europa.eu/doc/document/ST-8220-2026-INIT/en/pdf, accessed 2026-04-30" ], "tags": [ "EU", "PSR", "future-state" ], "isFinrayProduct": false, "coiNote": null, "watching": "Final legislative adoption and API/fraud implementation standards." }, { "id": "reg-inote-8220", "label": "I-Item Note ST 8220/26 on PSD3 + PSR", "type": "regulation", "subtype": "council-note", "summary": "Council note for PSD3/PSR final compromise process.", "description": "Governance anchor for the Council final compromise texts for PSD3 and PSR.", "url": "https://data.consilium.europa.eu/doc/document/ST-8220-2026-INIT/en/pdf", "evidence": [ "https://data.consilium.europa.eu/doc/document/ST-8220-2026-INIT/en/pdf, accessed 2026-04-30" ], "tags": [ "EU", "Council", "PSD3", "PSR" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "reg-sca-rts", "label": "SCA RTS — Commission Delegated Regulation (EU) 2018/389", "type": "regulation", "subtype": "technical-standard", "summary": "Strong customer authentication and secure communication RTS.", "description": "Controls SCA, exemptions, secure communication and AIS/PIS access design evidence.", "url": "https://eur-lex.europa.eu/eli/reg_del/2018/389/oj/eng", "evidence": [ "https://eur-lex.europa.eu/eli/reg_del/2018/389/oj/eng, accessed 2026-04-30 [stale — older than 2024]" ], "tags": [ "EU", "SCA", "API" ], "isFinrayProduct": false, "coiNote": null, "watching": "PSD3/PSR may alter related operational expectations." }, { "id": "reg-dora", "label": "DORA — Regulation (EU) 2022/2554", "type": "regulation", "subtype": "operational-resilience", "summary": "EU digital operational resilience regime.", "description": "RFPs should require ICT risk, incident, outsourcing, subcontracting, audit, exit and resilience evidence.", "url": "https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A32022R2554", "evidence": [ "https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A32022R2554, accessed 2026-04-30 [stale — older than 2024]" ], "tags": [ "EU", "DORA", "resilience" ], "isFinrayProduct": false, "coiNote": null, "watching": "Ongoing RTS/ITS and supervisory practice." }, { "id": "reg-eba-outsourcing", "label": "EBA Guidelines on outsourcing arrangements", "type": "regulation", "subtype": "guideline", "summary": "EBA/GL/2019/02 outsourcing guideline.", "description": "Procurement evidence should cover critical/important outsourcing, audit rights, subcontracting, exit, documentation and retained substance.", "url": "https://www.eba.europa.eu/sites/default/files/documents/10180/2551996/38c80601-f5d7-4855-8ba3-702423665479/EBA%20revised%20Guidelines%20on%20outsourcing%20arrangements.pdf", "evidence": [ "https://www.eba.europa.eu/sites/default/files/documents/10180/2551996/38c80601-f5d7-4855-8ba3-702423665479/EBA%20revised%20Guidelines%20on%20outsourcing%20arrangements.pdf, accessed 2026-04-30 [stale — older than 2024]" ], "tags": [ "EU", "EBA", "outsourcing" ], "isFinrayProduct": false, "coiNote": null, "watching": "Interaction with DORA ICT third-party risk requirements." }, { "id": "reg-amlr", "label": "AMLR — Regulation (EU) 2024/1624", "type": "regulation", "subtype": "aml", "summary": "EU AML regulation.", "description": "Relevant to CDD data lineage, financial-crime integrations, audit trails and evidentiary controls.", "url": "https://eur-lex.europa.eu/eli/reg/2024/1624/oj/eng", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2024/1624/oj/eng, accessed 2026-04-30" ], "tags": [ "EU", "AML" ], "isFinrayProduct": false, "coiNote": null, "watching": "National supervisory implementation and AMLA practice." }, { "id": "reg-amld6", "label": "AMLD6 — Directive (EU) 2024/1640", "type": "regulation", "subtype": "aml", "summary": "EU AML directive.", "description": "Relevant as an AML governance and national-implementation overlay for PI/EMI buyers.", "url": "https://eur-lex.europa.eu/eli/dir/2024/1640/oj/eng", "evidence": [ "https://eur-lex.europa.eu/eli/dir/2024/1640/oj/eng, accessed 2026-04-30" ], "tags": [ "EU", "AML" ], "isFinrayProduct": false, "coiNote": null, "watching": "Member-state transposition." }, { "id": "reg-mica-art-emt", "label": "MiCA Title III ART and Title IV EMT overlap", "type": "regulation", "subtype": "crypto-payment-overlap", "summary": "MiCA asset-referenced token and e-money token overlap.", "description": "Use only for hybrid PI/EMI plus CASP or tokenized-money models; pure CASP procurement is out of scope.", "url": "https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A32023R1114", "evidence": [ "https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A32023R1114, accessed 2026-04-30 [stale — older than 2024]" ], "tags": [ "EU", "MiCA", "ART", "EMT" ], "isFinrayProduct": false, "coiNote": null, "watching": "Hybrid PI+CASP scoping question." }, { "id": "reg-uk-psr23", "label": "UK PSR 2017 regulation 23 safeguarding overlay", "type": "regulation", "subtype": "uk-overlay", "summary": "UK safeguarding overlay for payment institutions.", "description": "Use as UK-specific safeguarding overlay; do not assume EU PSD2 Article 10 evidence is automatically sufficient.", "url": "https://www.legislation.gov.uk/uksi/2017/752/regulation/23", "evidence": [ "https://www.legislation.gov.uk/uksi/2017/752/regulation/23, accessed 2026-04-30 [stale — older than 2024]" ], "tags": [ "UK", "PSR2017", "safeguarding" ], "isFinrayProduct": false, "coiNote": null, "watching": "FCA safeguarding review and supervisory expectations." }, { "id": "std-iso20022", "label": "ISO 20022", "type": "standard", "subtype": "message-standard", "summary": "Canonical financial messaging standard.", "description": "Reference model for payment objects, rail adapters and cross-border message migration.", "url": "https://www.iso20022.org/iso-20022", "evidence": [ "https://www.iso20022.org/iso-20022, accessed 2026-04-30" ], "tags": [ "ISO20022", "payments" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "std-sepa-instant", "label": "SEPA Instant rulebook", "type": "standard", "subtype": "scheme-rulebook", "summary": "EPC SEPA Instant Credit Transfer rulebook.", "description": "Evidence anchor for instant euro payment support claims.", "url": "https://www.europeanpaymentscouncil.eu/document-library/rulebooks/2025-sepa-instant-credit-transfer-rulebook-version-11", "evidence": [ "https://www.europeanpaymentscouncil.eu/document-library/rulebooks/2025-sepa-instant-credit-transfer-rulebook-version-11, accessed 2026-04-30" ], "tags": [ "SEPA", "instant", "EPC" ], "isFinrayProduct": false, "coiNote": null, "watching": "2026 address-format transition." }, { "id": "std-swift-cbpr", "label": "SWIFT CBPR+", "type": "standard", "subtype": "cross-border-standard", "summary": "SWIFT ISO 20022 usage guidelines for cross-border payments.", "description": "Evidence anchor for SWIFT MX/CBPR+ readiness and lifecycle handling.", "url": "https://www.swift.com/standards/iso-20022/iso-20022-financial-institutions-focus-payments-instructions", "evidence": [ "https://www.swift.com/standards/iso-20022/iso-20022-financial-institutions-focus-payments-instructions, accessed 2026-04-30" ], "tags": [ "SWIFT", "CBPR+", "ISO20022" ], "isFinrayProduct": false, "coiNote": null, "watching": "Post-coexistence migration controls." }, { "id": "std-target-t2", "label": "T2 / TARGET2", "type": "standard", "subtype": "rtgs", "summary": "Eurosystem RTGS service.", "description": "Evidence anchor for euro RTGS connectivity, sponsor-bank routing or orchestration claims.", "url": "https://www.ecb.europa.eu/paym/target/t2/html/index.en.html", "evidence": [ "https://www.ecb.europa.eu/paym/target/t2/html/index.en.html, accessed 2026-04-30" ], "tags": [ "ECB", "T2", "RTGS" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "std-six-sic", "label": "SIX SIC", "type": "standard", "subtype": "interbank-clearing", "summary": "Swiss interbank clearing system.", "description": "Included only for cross-border buyers touching Swiss clearing; pure FINMA buyers are out of scope.", "url": "https://www.six-group.com/en/products-services/banking-services/interbank-clearing.html", "evidence": [ "https://www.six-group.com/en/products-services/banking-services/interbank-clearing.html, accessed 2026-04-30" ], "tags": [ "SIC", "Switzerland" ], "isFinrayProduct": false, "coiNote": null, "watching": "Pure FINMA procurement remains separate." }, { "id": "std-payuk-fps", "label": "Pay.UK Faster Payment System", "type": "standard", "subtype": "uk-scheme", "summary": "UK real-time retail payment system.", "description": "Evidence anchor for FPS direct, directly connecting non-settling, indirect agency or sponsor models.", "url": "https://www.wearepay.uk/what-we-do/payment-systems/faster-payment-system/", "evidence": [ "https://www.wearepay.uk/what-we-do/payment-systems/faster-payment-system/, accessed 2026-04-30", "https://www.wearepay.uk/wp-content/uploads/2026/02/Pay.UK-Faster-Payments-System-Principles-v-11-Jan-2026.pdf, accessed 2026-04-30" ], "tags": [ "UK", "FPS", "Pay.UK" ], "isFinrayProduct": false, "coiNote": null, "watching": "FPS access model for non-bank PSPs." }, { "id": "std-iso27001", "label": "ISO 27001", "type": "standard", "subtype": "security-standard", "summary": "Information security management-system standard.", "description": "Baseline security evidence; not sufficient alone for DORA or outsourcing compliance.", "url": "https://www.iso.org/standard/27001", "evidence": [ "https://www.iso.org/standard/27001, accessed 2026-04-30 [stale — older than 2024]" ], "tags": [ "security", "ISO27001" ], "isFinrayProduct": false, "coiNote": null, "watching": "Certificate scope and issuer validity." }, { "id": "ctrl-ledger-safeguarding", "label": "Ledger & safeguarding", "type": "control", "subtype": "control-domain", "summary": "Double-entry posting, immutable corrections, segregation, reconciliation and insolvency-priority evidence.", "description": "Require ledger rules, correction workflows, safeguarding account mapping, reconciliation reports and insolvency treatment.", "url": "https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32015L2366", "evidence": [ "https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32015L2366, accessed 2026-04-30 [stale — older than 2024]", "https://www.legislation.gov.uk/uksi/2017/752/regulation/23, accessed 2026-04-30 [stale — older than 2024]", "[evidence pending — vendor outreach required: double-entry proof; immutable correction workflow; client-funds segregation mapping; reconciliation design; insolvency-priority treatment]" ], "tags": [ "ledger", "safeguarding" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "ctrl-rail-coverage", "label": "Payment rail coverage", "type": "control", "subtype": "control-domain", "summary": "Rail-by-rail coverage: SEPA Instant, T2/TARGET2, SWIFT, SIC and FPS.", "description": "Distinguish native scheme connectivity, sponsor-bank routing, partner orchestration and file-based processing.", "url": "https://www.iso20022.org/iso-20022", "evidence": [ "https://www.iso20022.org/iso-20022, accessed 2026-04-30", "https://www.europeanpaymentscouncil.eu/document-library/rulebooks/2025-sepa-instant-credit-transfer-rulebook-version-11, accessed 2026-04-30", "https://www.swift.com/standards/iso-20022/iso-20022-financial-institutions-focus-payments-instructions, accessed 2026-04-30" ], "tags": [ "payments", "rails" ], "isFinrayProduct": false, "coiNote": null, "watching": "Vendors often blur native connectivity and orchestration." }, { "id": "ctrl-api-sca", "label": "API & SCA integration", "type": "control", "subtype": "control-domain", "summary": "OpenAPI, webhooks, sandbox, SCA delegation, consent, AIS/PIS, idempotency and rate limits.", "description": "Require API specifications, SCA flows, consent lifecycle, sandbox terms, idempotency and rate-limit commitments.", "url": "https://eur-lex.europa.eu/eli/reg_del/2018/389/oj/eng", "evidence": [ "https://eur-lex.europa.eu/eli/reg_del/2018/389/oj/eng, accessed 2026-04-30 [stale — older than 2024]", "[evidence pending — vendor outreach required: OpenAPI specifications; webhook catalogue; sandbox terms; SCA delegation flow; consent lifecycle; AIS/PIS access model; idempotency and rate limits]" ], "tags": [ "API", "SCA" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "ctrl-resilience-outsourcing", "label": "Resilience & outsourcing", "type": "control", "subtype": "control-domain", "summary": "Deployment posture, tenant isolation, ICT subcontracting, audit rights, exit rights and incident reporting.", "description": "Require DORA/EBA evidence for cloud model, subprocessor map, RTO/RPO, audit, exit and incident reporting.", "url": "https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A32022R2554", "evidence": [ "https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A32022R2554, accessed 2026-04-30 [stale — older than 2024]", "https://www.eba.europa.eu/sites/default/files/documents/10180/2551996/38c80601-f5d7-4855-8ba3-702423665479/EBA%20revised%20Guidelines%20on%20outsourcing%20arrangements.pdf, accessed 2026-04-30 [stale — older than 2024]", "[evidence pending — vendor outreach required: DORA artefact pack; tenant isolation; subcontractor list; exit plan; incident reporting workflow]" ], "tags": [ "DORA", "outsourcing" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "ctrl-audit-observability", "label": "Audit & observability", "type": "control", "subtype": "control-domain", "summary": "Event logs, evidence retention, regulator-inspection pack, data lineage and telemetry.", "description": "Require immutable event history, telemetry, evidence exports, retention periods and transaction-to-ledger lineage.", "url": "https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A32022R2554", "evidence": [ "https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A32022R2554, accessed 2026-04-30 [stale — older than 2024]", "https://eur-lex.europa.eu/eli/reg/2024/1624/oj/eng, accessed 2026-04-30", "[evidence pending — vendor outreach required: event retention period; regulator-inspection pack; data-lineage exports; telemetry coverage]" ], "tags": [ "audit", "observability" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "ctrl-commercial-delivery", "label": "Commercial & delivery fit", "type": "control", "subtype": "control-domain", "summary": "Pricing basis, implementation timeline, vendor-as-software versus vendor-as-bank, partner ecosystem and exit economics.", "description": "Treat pricing, licence model, migration route, source-code access, partner dependency and exit economics as compliance evidence.", "url": "https://www.eba.europa.eu/sites/default/files/documents/10180/2551996/38c80601-f5d7-4855-8ba3-702423665479/EBA%20revised%20Guidelines%20on%20outsourcing%20arrangements.pdf", "evidence": [ "https://www.eba.europa.eu/sites/default/files/documents/10180/2551996/38c80601-f5d7-4855-8ba3-702423665479/EBA%20revised%20Guidelines%20on%20outsourcing%20arrangements.pdf, accessed 2026-04-30 [stale — older than 2024]", "[evidence pending — vendor outreach required: pricing model; implementation timeline; software-only versus regulated-bank dependency; partner dependency map; exit fees and data export format]" ], "tags": [ "commercial", "delivery" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "vendor-mambu", "label": "Mambu", "type": "vendor", "subtype": "software-vendor", "summary": "Vendor of Mambu Cloud Banking Platform and Mambu Payments API.", "description": "Vendor node only; product claims are attached to product nodes.", "url": "https://mambu.com/en", "evidence": [ "https://mambu.com/en, accessed 2026-04-30" ], "tags": [ "cloud-core", "payments" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "product-mambu-cloud", "label": "Mambu Cloud Banking Platform", "type": "product", "subtype": "core-banking-software", "summary": "Composable cloud banking platform for lending, deposits and payments.", "description": "Evidence supports cloud banking and API positioning; PI/EMI safeguarding and tenant isolation remain outreach items.", "url": "https://mambu.com/en/cloud-banking-platform", "evidence": [ "https://mambu.com/en/cloud-banking-platform, accessed 2026-04-30", "https://docs.mambu.com/docs/mambu-apis/, accessed 2026-04-30", "[evidence pending — vendor outreach required: PI/EMI safeguarding artefact pack; tenant isolation; EU data residency options; pricing basis; implementation timeline]" ], "tags": [ "cloud-core", "API" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "product-mambu-payments-api", "label": "Mambu Payments API", "type": "product", "subtype": "payments-api", "summary": "Payments API documentation with public deprecation/discontinuation notices for older materials.", "description": "Use only with written confirmation of current support horizon, migration path and current product boundary.", "url": "https://docs.mambu.com/api/pages/payments-mpg/about-the-mambu-payments-api/", "evidence": [ "https://docs.mambu.com/api/pages/payments-mpg/about-the-mambu-payments-api/, accessed 2026-04-30", "https://docs.mambu.com/docs/mambu-payments/, accessed 2026-04-30", "[evidence pending — vendor outreach required: current Payments API support horizon; migration path to current Mambu Payments module; rail-directness; SCA delegation and rate limits]" ], "tags": [ "payments", "API", "deprecation" ], "isFinrayProduct": false, "coiNote": null, "watching": "Public deprecation/discontinuation notices exist for Mambu Payments API/Payment Gateway documentation; require written support-horizon and migration confirmation before procurement." }, { "id": "vendor-tuum", "label": "Tuum", "type": "vendor", "subtype": "software-vendor", "summary": "Vendor of Tuum Core Banking Platform.", "description": "Vendor node only; product claims are attached to product nodes.", "url": "https://tuum.com/", "evidence": [ "https://tuum.com/, accessed 2026-04-30" ], "tags": [ "cloud-core", "API-first" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "product-tuum-core", "label": "Tuum Core Banking Platform", "type": "product", "subtype": "core-banking-software", "summary": "Cloud-native, modular, API-first core banking platform.", "description": "Evidence supports accounts, real-time transactions and payments; rail-directness and safeguarding require outreach.", "url": "https://tuum.com/core-banking/", "evidence": [ "https://tuum.com/core-banking/, accessed 2026-04-30", "https://tuum.com/payments/, accessed 2026-04-30", "[evidence pending — vendor outreach required: native versus partner rail connectivity; SCA delegation; rate limits; DORA artefact pack; tenant isolation; PI/EMI safeguarding design]" ], "tags": [ "cloud-core", "payments", "API" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "vendor-sdkfinance", "label": "SDK.finance", "type": "vendor", "subtype": "software-vendor", "summary": "Vendor of SDK.finance Real-Time Ledger and EMI software.", "description": "Vendor node only; product claims are attached to product nodes.", "url": "https://sdk.finance/", "evidence": [ "https://sdk.finance/, accessed 2026-04-30" ], "tags": [ "ledger", "API" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "product-sdk-ledger", "label": "SDK.finance Real-Time Ledger", "type": "product", "subtype": "ledger-software", "summary": "Real-time ledger with APIs and webhooks.", "description": "Evidence supports ledger API/webhook positioning; safeguarding reconciliation and correction immutability need outreach.", "url": "https://sdk.finance/solutions/real-time-ledger-software/", "evidence": [ "https://sdk.finance/solutions/real-time-ledger-software/, accessed 2026-04-30", "https://sdk.finance/getting-started/accounting/, accessed 2026-04-30", "[evidence pending — vendor outreach required: double-entry proof; immutable correction model; client-funds segregation; reconciliation reports; DORA artefact pack]" ], "tags": [ "ledger", "webhooks", "API" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "product-sdk-emi", "label": "SDK.finance EMI software", "type": "product", "subtype": "emi-software", "summary": "EMI-oriented software offering based on SDK.finance platform materials.", "description": "Exact EMI product boundary, licensing model and rail support require vendor confirmation.", "url": "https://sdk.finance/", "evidence": [ "https://sdk.finance/, accessed 2026-04-30", "https://sdk.finance/getting-started/, accessed 2026-04-30", "[evidence pending — vendor outreach required: EMI software product boundary; EU/UK reference clients; rail-by-rail support; SCA delegation flow; pricing model; implementation timeline]" ], "tags": [ "EMI", "platform" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "vendor-advapay", "label": "Advapay", "type": "vendor", "subtype": "software-vendor", "summary": "Vendor of Macrobank.", "description": "Vendor node only; product claims are attached to product nodes.", "url": "https://advapay.eu/", "evidence": [ "https://advapay.eu/, accessed 2026-04-30" ], "tags": [ "Macrobank" ], "isFinrayProduct": false, "coiNote": null, "watching": "Several public Macrobank pages are pre-2024 and require refresh." }, { "id": "product-macrobank", "label": "Macrobank", "type": "product", "subtype": "core-banking-software", "summary": "Digital core banking software marketed for banking and payment functions.", "description": "Evidence supports accounts, payments, Open API and deployment options, but public evidence is older and must be refreshed.", "url": "https://advapay.eu/core-banking-software-solution/", "evidence": [ "https://advapay.eu/core-banking-software-solution/, accessed 2026-04-30 [stale — older than 2024]", "https://advapay.eu/digital-core-banking-software-solution/, accessed 2026-04-30 [stale — older than 2024]", "[evidence pending — vendor outreach required: current Macrobank product scope; current rail-directness for SEPA/SWIFT/FPS/CHAPS; OpenAPI specification; SCA delegation; DORA artefact pack; current implementation timeline]" ], "tags": [ "core-banking", "payments" ], "isFinrayProduct": false, "coiNote": null, "watching": "Public Macrobank evidence retrieved was pre-2024; require current product pack." }, { "id": "vendor-thought-machine", "label": "Thought Machine", "type": "vendor", "subtype": "software-vendor", "summary": "Vendor of Vault Core and Vault Payments.", "description": "Vendor node only; product claims are attached to product nodes.", "url": "https://www.thoughtmachine.net/", "evidence": [ "https://www.thoughtmachine.net/, accessed 2026-04-30" ], "tags": [ "cloud-core", "payments" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "product-vault-core", "label": "Vault Core", "type": "product", "subtype": "core-banking-software", "summary": "Cloud-native core banking product.", "description": "Evidence supports configurable products; PI/EMI safeguarding evidence must be separately proven.", "url": "https://www.thoughtmachine.net/vault-core", "evidence": [ "https://www.thoughtmachine.net/vault-core, accessed 2026-04-30", "[evidence pending — vendor outreach required: PI/EMI safeguarding configuration; tenant isolation; EU deployment model; implementation timeline; pricing model]" ], "tags": [ "core-banking", "cloud" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "product-vault-payments", "label": "Vault Payments", "type": "product", "subtype": "payments-platform", "summary": "Cloud-native payments processing platform.", "description": "Evidence supports ISO 20022 and lifecycle positioning; scheme-by-scheme connectivity requires outreach.", "url": "https://www.thoughtmachine.net/vaultpayments", "evidence": [ "https://www.thoughtmachine.net/vaultpayments, accessed 2026-04-30", "https://www.thoughtmachine.net/blog/the-modern-payments-platform-engineered-for-efficiency, accessed 2026-04-30", "[evidence pending — vendor outreach required: SEPA Instant directness; T2/TARGET2 connectivity; SWIFT CBPR+ certification artefacts; SCA delegation; rate limits]" ], "tags": [ "payments", "ISO20022" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "vendor-temenos", "label": "Temenos", "type": "vendor", "subtype": "software-vendor", "summary": "Vendor of Temenos Transact and Temenos Core Banking.", "description": "Vendor node only; product claims are attached to product nodes.", "url": "https://www.temenos.com/", "evidence": [ "https://www.temenos.com/, accessed 2026-04-30" ], "tags": [ "core-banking", "SaaS" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "product-temenos-transact", "label": "Temenos Transact", "type": "product", "subtype": "core-banking-software", "summary": "Core banking product represented by Temenos Transact materials.", "description": "Evidence supports broad core banking/API claims; PI/EMI safeguarding and rail evidence require outreach.", "url": "https://www.temenos.com/resource/temenos-transact-brochure/", "evidence": [ "https://www.temenos.com/resource/temenos-transact-brochure/, accessed 2026-04-30", "https://developer.temenos.com/transact-apis, accessed 2026-04-30", "[evidence pending — vendor outreach required: PI/EMI reference architecture; safeguarding ledger design; rail-by-rail payment support; DORA artefact pack; tenant isolation; pricing model]" ], "tags": [ "core-banking", "API" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "product-temenos-core", "label": "Temenos Core Banking", "type": "product", "subtype": "core-banking-software", "summary": "Temenos modular cloud-native core banking platform.", "description": "Buyer must confirm whether proposal is Transact, SaaS core, or a bundle with payment hub or partner modules.", "url": "https://www.temenos.com/products/core-banking/", "evidence": [ "https://www.temenos.com/products/core-banking/, accessed 2026-04-30", "[evidence pending — vendor outreach required: exact SKU boundary; payments module dependency; tenant isolation; EU/UK PI/EMI references; implementation timeline]" ], "tags": [ "core-banking", "cloud" ], "isFinrayProduct": false, "coiNote": null, "watching": "Confirm product boundary versus Transact and payment hub modules." }, { "id": "vendor-finastra", "label": "Finastra", "type": "vendor", "subtype": "software-vendor", "summary": "Vendor of Fusion Essence and Essence Analytics.", "description": "Vendor node only; product claims are attached to product nodes.", "url": "https://www.finastra.com/", "evidence": [ "https://www.finastra.com/, accessed 2026-04-30" ], "tags": [ "core-banking", "open-APIs" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "product-fusion-essence", "label": "Fusion Essence", "type": "product", "subtype": "core-banking-software", "summary": "Finastra Essence core banking product.", "description": "Evidence supports open/extensible and event-driven architecture claims; PI/EMI details require outreach.", "url": "https://www.finastra.com/universal-banking/solutions/essence", "evidence": [ "https://www.finastra.com/universal-banking/solutions/essence, accessed 2026-04-30", "https://developer.fusionfabric.cloud/, accessed 2026-04-30", "[evidence pending — vendor outreach required: PI/EMI safeguarding design; rail-by-rail support; tenant isolation; DORA artefact pack; pricing model]" ], "tags": [ "core-banking", "API" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "product-essence-analytics", "label": "Essence Analytics", "type": "product", "subtype": "analytics-observability", "summary": "Analytics product for dashboards, audit trails and event publication feed.", "description": "Use as an observability adjunct, not as a standalone core banking product.", "url": "https://www.finastra.com/universal-banking/solutions/essence-analytics", "evidence": [ "https://www.finastra.com/universal-banking/solutions/essence-analytics, accessed 2026-04-30", "[evidence pending — vendor outreach required: retention periods; regulator inspection pack; data lineage from payment to ledger; integration scope with Fusion Essence]" ], "tags": [ "analytics", "audit" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "vendor-intellect", "label": "Intellect Design", "type": "vendor", "subtype": "software-vendor", "summary": "Vendor of iGCB Core Banking and eMACH.ai.", "description": "Vendor node only; product claims are attached to product nodes.", "url": "https://www.intellectdesign.com/", "evidence": [ "https://www.intellectdesign.com/, accessed 2026-04-30" ], "tags": [ "core-banking", "eMACH.ai" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "product-igcb-core", "label": "iGCB Core Banking", "type": "product", "subtype": "core-banking-software", "summary": "iGCB core banking product.", "description": "Evidence supports core/digital-core architecture; payment rail support depends on selected bundle.", "url": "https://www.igcb.com/products/core-banking/", "evidence": [ "https://www.igcb.com/products/core-banking/, accessed 2026-04-30", "https://www.intellectdesign.com/solutions/payments-collections-solutions/payments/, accessed 2026-04-30", "[evidence pending — vendor outreach required: exact product bundle; PI/EMI safeguarding design; rail-directness; SCA delegation; DORA artefact pack]" ], "tags": [ "core-banking", "payments" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "product-emach-ai", "label": "eMACH.ai", "type": "product", "subtype": "banking-architecture", "summary": "Open finance technology architecture for banking products.", "description": "Treat as technology architecture; implementation scope is required before treating it as a complete PI/EMI core.", "url": "https://www.igcb.com/technology/emach-ai/", "evidence": [ "https://www.igcb.com/technology/emach-ai/, accessed 2026-04-30", "[evidence pending — vendor outreach required: implementation SKU; core ledger boundaries; payments module boundaries; tenant isolation; audit pack]" ], "tags": [ "open-finance", "architecture" ], "isFinrayProduct": false, "coiNote": null, "watching": "Confirm whether proposed implementation includes full core ledger and payments modules." }, { "id": "vendor-10x", "label": "10x Banking", "type": "vendor", "subtype": "software-vendor", "summary": "Vendor of 10x Cloud Banking Platform.", "description": "Vendor node only; product claims are attached to product nodes.", "url": "https://www.10xbanking.com/", "evidence": [ "https://www.10xbanking.com/, accessed 2026-04-30" ], "tags": [ "cloud-core", "API" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "product-10x-platform", "label": "10x Cloud Banking Platform", "type": "product", "subtype": "core-banking-software", "summary": "Cloud-native core banking platform.", "description": "Evidence supports modular/API and security posture; direct rails and PI/EMI safeguarding require outreach.", "url": "https://www.10xbanking.com/platform/cloud-core-banking", "evidence": [ "https://www.10xbanking.com/platform/cloud-core-banking, accessed 2026-04-30", "https://www.10xbanking.com/insights/enhanced-core-banking-system-security, accessed 2026-04-30", "[evidence pending — vendor outreach required: PI/EMI safeguarding artefacts; rail-by-rail support; SCA delegation; rate limits; tenant isolation; implementation timeline]" ], "tags": [ "cloud-core", "API" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "vendor-starling-bank", "label": "Starling Bank", "type": "vendor", "subtype": "software-vendor", "summary": "Vendor of Engine by Starling.", "description": "Vendor node only; product claims are attached to product nodes.", "url": "https://enginebystarling.com/", "evidence": [ "https://enginebystarling.com/, accessed 2026-04-30" ], "tags": [ "bank-originated-platform", "Engine" ], "isFinrayProduct": false, "coiNote": null, "watching": "Confirm software-only procurement terms versus bank-originated platform dependency." }, { "id": "product-engine-by-starling", "label": "Engine by Starling", "type": "product", "subtype": "core-banking-software", "summary": "Cloud-native digital banking platform.", "description": "Evidence supports near real-time ledgers, API platform and dashboards; PI/EMI rail directness requires outreach.", "url": "https://enginebystarling.com/", "evidence": [ "https://enginebystarling.com/core-banking/, accessed 2026-04-30", "https://enginebystarling.com/management-portal/dashboards-and-workflows/, accessed 2026-04-30", "[evidence pending — vendor outreach required: software-only procurement model; PI/EMI safeguarding artefacts; rail-by-rail connectivity; SCA delegation; tenant isolation; DORA artefact pack]" ], "tags": [ "cloud-core", "ledger" ], "isFinrayProduct": false, "coiNote": null, "watching": "Confirm software-only procurement model and rail responsibility split." }, { "id": "vendor-saascada", "label": "SaaScada Limited", "type": "vendor", "subtype": "software-vendor", "summary": "Vendor of SaaScada Core Banking Platform.", "description": "London-headquartered vendor node; product claims are attached to product node.", "url": "https://www.saascada.com/", "evidence": [ "https://www.saascada.com/, accessed 2026-04-30", "https://saascada.com/security-and-privacy/, accessed 2026-04-30" ], "tags": [ "UK-HQ", "cloud-native" ], "isFinrayProduct": false, "coiNote": null, "watching": "UK HQ; EEA deployment evidence and rail-by-rail support require outreach." }, { "id": "product-saascada-core", "label": "SaaScada Core Banking Platform", "type": "product", "subtype": "core-banking-software", "summary": "5th-generation cloud-native SaaS core banking platform with open APIs and no product modules architecture.", "description": "Evidence supports ISO 27001:2022, London HQ, open APIs, no product modules, AWS isolation and client stories/logos; customer-contract scope needs outreach.", "url": "https://www.saascada.com/", "evidence": [ "https://www.saascada.com/, accessed 2026-04-30", "https://saascada.com/security-and-privacy/, accessed 2026-04-30", "https://saascada.com/clients/, accessed 2026-04-30", "[evidence pending — vendor outreach required: EEA deployment evidence; rail-by-rail native versus partner support; regulated firm customer scope for Allica Bank, DF Capital, Arie Finance, Relio, Nexa Finance, Tint FS, Zorrz and Solance; SCA delegation; pricing model; implementation timeline]" ], "tags": [ "cloud-native", "ISO27001", "open-APIs" ], "isFinrayProduct": false, "coiNote": null, "watching": "UK HQ; need EEA deployment evidence; rail-by-rail support requires outreach." }, { "id": "vendor-finray", "label": "Finray Technologies Ltd", "type": "vendor", "subtype": "software-vendor", "summary": "Vendor of Corebanq.", "description": "Vendor node for Finray Technologies Ltd; Corebanq is a Finray product and is recused from ranking.", "url": "https://finray.tech/", "evidence": [ "https://finray.tech/, accessed 2026-04-30" ], "tags": [ "Finray", "COI-source" ], "isFinrayProduct": false, "coiNote": null, "watching": "Conflict-of-interest controls apply to Corebanq." }, { "id": "product-corebanq", "label": "Corebanq", "type": "product", "subtype": "core-banking-software", "summary": "Finray Technologies Ltd core banking product.", "description": "Evidence supports API-first core, ledger, payments, compliance and audit positioning; independent assurance required.", "url": "https://finray.tech/corebanq", "evidence": [ "https://finray.tech/corebanq, accessed 2026-04-30", "https://docs.corebanq.com/introduction, accessed 2026-04-30", "[evidence pending — vendor outreach required: independent security audit; tenant isolation; EU rail-directness; SCA delegation flow; DORA artefact pack; external reference checks; pricing model; implementation timeline]" ], "tags": [ "core-banking", "API", "audit", "COI" ], "isFinrayProduct": true, "coiNote": "Finray Technologies Ltd ships Corebanq; Finray Intelligence recuses this product from ranking, scoring league tables and any best-of recommendation. Buyers should require independent assurance artefacts and external review before procurement.", "watching": "Finray product; independent assurance and external review required before procurement." }, { "id": "vendor-skaleet", "label": "Skaleet", "type": "vendor", "subtype": "software-vendor", "summary": "Additional EU/UK PI/EMI-relevant core banking vendor discovered during research.", "description": "Vendor node only; product claims are attached to product node.", "url": "https://skaleet.com/en", "evidence": [ "https://skaleet.com/en, accessed 2026-04-30" ], "tags": [ "additional-discovered", "SaaS-core" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "product-skaleet-core", "label": "Skaleet Core Banking Platform", "type": "product", "subtype": "core-banking-software", "summary": "SaaS core banking platform.", "description": "Evidence supports cloud/API core positioning; rail, safeguarding and outsourcing evidence require outreach.", "url": "https://skaleet.com/en", "evidence": [ "https://skaleet.com/en, accessed 2026-04-30", "https://skaleet.com/en/use-case/switching-core-banking, accessed 2026-04-30", "[evidence pending — vendor outreach required: PI/EMI reference clients; rail-by-rail support; safeguarding ledger design; tenant isolation; DORA artefact pack; pricing model]" ], "tags": [ "SaaS-core", "API" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "vendor-pismo", "label": "Pismo", "type": "vendor", "subtype": "software-vendor", "summary": "Additional banking/cards platform vendor discovered during research.", "description": "Vendor node only; product claims are attached to product node.", "url": "https://www.pismo.io/", "evidence": [ "https://www.pismo.io/, accessed 2026-04-30" ], "tags": [ "additional-discovered", "platform" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "product-pismo-platform", "label": "Pismo Platform", "type": "product", "subtype": "banking-platform", "summary": "Cloud-native banking/cards platform.", "description": "Evidence supports platform/API posture; EU/UK PI/EMI core suitability requires outreach.", "url": "https://www.pismo.io/", "evidence": [ "https://www.pismo.io/, accessed 2026-04-30", "https://www.pismo.io/developers-overview/, accessed 2026-04-30", "[evidence pending — vendor outreach required: EU/UK PI/EMI reference architecture; safeguarding ledger design; rail-by-rail support; DORA artefact pack; tenant isolation; pricing model]" ], "tags": [ "platform", "APIs" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "vendor-vodeno", "label": "Vodeno", "type": "vendor", "subtype": "software-vendor", "summary": "Additional BaaS/cloud banking platform vendor discovered during research.", "description": "Vendor-as-bank dependency may be material; product node flags this.", "url": "https://vodeno.com/", "evidence": [ "https://vodeno.com/, accessed 2026-04-30" ], "tags": [ "additional-discovered", "BaaS" ], "isFinrayProduct": false, "coiNote": null, "watching": "Separate software procurement from bank sponsorship or BaaS dependency." }, { "id": "product-vodeno-cloud-platform", "label": "Vodeno Cloud Platform", "type": "product", "subtype": "banking-platform", "summary": "Cloud banking/BaaS platform with core banking positioning.", "description": "Buyer must separate software capability from Aion Bank or bank-sponsor dependency.", "url": "https://vodeno.com/vodeno-cloud-platform/", "evidence": [ "https://vodeno.com/vodeno-cloud-platform/, accessed 2026-04-30", "https://vodeno.com/, accessed 2026-04-30", "[evidence pending — vendor outreach required: software-only procurement availability; Aion Bank dependency model; rail-by-rail support; safeguarding responsibility split; DORA outsourcing package; pricing model]" ], "tags": [ "BaaS", "cloud-platform" ], "isFinrayProduct": false, "coiNote": null, "watching": "Watch vendor-as-bank dependency and whether buyer can procure software without regulated-bank services." } ], "edges": [ { "source": "seg-eea-uk-pi-emi", "target": "reg-psd2", "type": "requires", "label": "buyer must assess", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32015L2366, accessed 2026-04-30 [stale — older than 2024]" ] }, { "source": "seg-eea-uk-pi-emi", "target": "reg-psd3", "type": "requires", "label": "future-state overlay", "strength": "partial", "evidence": [ "https://data.consilium.europa.eu/doc/document/ST-8222-2026-INIT/en/pdf, accessed 2026-04-30" ] }, { "source": "seg-eea-uk-pi-emi", "target": "reg-psr", "type": "requires", "label": "future-state overlay", "strength": "partial", "evidence": [ "https://data.consilium.europa.eu/doc/document/ST-8221-2026-INIT/en/pdf, accessed 2026-04-30" ] }, { "source": "seg-eea-uk-pi-emi", "target": "reg-inote-8220", "type": "requires", "label": "legislative-status evidence", "strength": "partial", "evidence": [ "https://data.consilium.europa.eu/doc/document/ST-8220-2026-INIT/en/pdf, accessed 2026-04-30" ] }, { "source": "seg-eea-uk-pi-emi", "target": "reg-sca-rts", "type": "requires", "label": "API/SCA evidence", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg_del/2018/389/oj/eng, accessed 2026-04-30 [stale — older than 2024]" ] }, { "source": "seg-eea-uk-pi-emi", "target": "reg-dora", "type": "requires", "label": "resilience evidence", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A32022R2554, accessed 2026-04-30 [stale — older than 2024]" ] }, { "source": "seg-eea-uk-pi-emi", "target": "reg-eba-outsourcing", "type": "requires", "label": "outsourcing evidence", "strength": "full", "evidence": [ "https://www.eba.europa.eu/sites/default/files/documents/10180/2551996/38c80601-f5d7-4855-8ba3-702423665479/EBA%20revised%20Guidelines%20on%20outsourcing%20arrangements.pdf, accessed 2026-04-30 [stale — older than 2024]" ] }, { "source": "seg-eea-uk-pi-emi", "target": "reg-amlr", "type": "requires", "label": "AML evidence", "strength": "partial", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2024/1624/oj/eng, accessed 2026-04-30" ] }, { "source": "seg-eea-uk-pi-emi", "target": "reg-amld6", "type": "requires", "label": "AML overlay", "strength": "partial", "evidence": [ "https://eur-lex.europa.eu/eli/dir/2024/1640/oj/eng, accessed 2026-04-30" ] }, { "source": "seg-eea-uk-pi-emi", "target": "reg-mica-art-emt", "type": "requires", "label": "hybrid PI+CASP overlay only", "strength": "partial", "evidence": [ "https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A32023R1114, accessed 2026-04-30 [stale — older than 2024]" ] }, { "source": "seg-eea-uk-pi-emi", "target": "reg-uk-psr23", "type": "requires", "label": "UK safeguarding overlay", "strength": "full", "evidence": [ "https://www.legislation.gov.uk/uksi/2017/752/regulation/23, accessed 2026-04-30 [stale — older than 2024]" ] }, { "source": "reg-psd2", "target": "ctrl-ledger-safeguarding", "type": "requires", "label": "drives safeguarding evidence", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32015L2366, accessed 2026-04-30 [stale — older than 2024]" ] }, { "source": "reg-psd2", "target": "ctrl-api-sca", "type": "requires", "label": "drives open-banking/API evidence", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32015L2366, accessed 2026-04-30 [stale — older than 2024]" ] }, { "source": "reg-sca-rts", "target": "ctrl-api-sca", "type": "requires", "label": "drives SCA and secure communication evidence", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg_del/2018/389/oj/eng, accessed 2026-04-30 [stale — older than 2024]" ] }, { "source": "reg-dora", "target": "ctrl-resilience-outsourcing", "type": "requires", "label": "drives ICT risk and outsourcing evidence", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A32022R2554, accessed 2026-04-30 [stale — older than 2024]" ] }, { "source": "reg-dora", "target": "ctrl-audit-observability", "type": "requires", "label": "drives incident/audit evidence", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A32022R2554, accessed 2026-04-30 [stale — older than 2024]" ] }, { "source": "reg-eba-outsourcing", "target": "ctrl-resilience-outsourcing", "type": "requires", "label": "drives outsourcing evidence", "strength": "full", "evidence": [ "https://www.eba.europa.eu/sites/default/files/documents/10180/2551996/38c80601-f5d7-4855-8ba3-702423665479/EBA%20revised%20Guidelines%20on%20outsourcing%20arrangements.pdf, accessed 2026-04-30 [stale — older than 2024]" ] }, { "source": "reg-eba-outsourcing", "target": "ctrl-commercial-delivery", "type": "requires", "label": "drives vendor dependency and exit evidence", "strength": "full", "evidence": [ "https://www.eba.europa.eu/sites/default/files/documents/10180/2551996/38c80601-f5d7-4855-8ba3-702423665479/EBA%20revised%20Guidelines%20on%20outsourcing%20arrangements.pdf, accessed 2026-04-30 [stale — older than 2024]" ] }, { "source": "reg-amlr", "target": "ctrl-audit-observability", "type": "requires", "label": "drives AML evidence and lineage", "strength": "partial", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2024/1624/oj/eng, accessed 2026-04-30" ] }, { "source": "reg-amld6", "target": "ctrl-audit-observability", "type": "requires", "label": "drives AML governance evidence", "strength": "partial", "evidence": [ "https://eur-lex.europa.eu/eli/dir/2024/1640/oj/eng, accessed 2026-04-30" ] }, { "source": "reg-mica-art-emt", "target": "ctrl-ledger-safeguarding", "type": "requires", "label": "hybrid token-money overlap", "strength": "partial", "evidence": [ "https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A32023R1114, accessed 2026-04-30 [stale — older than 2024]" ] }, { "source": "reg-uk-psr23", "target": "ctrl-ledger-safeguarding", "type": "requires", "label": "UK safeguarding evidence", "strength": "full", "evidence": [ "https://www.legislation.gov.uk/uksi/2017/752/regulation/23, accessed 2026-04-30 [stale — older than 2024]" ] }, { "source": "ctrl-ledger-safeguarding", "target": "reg-psd2", "type": "compliant-with", "label": "supports compliance evidence for", "strength": "partial", "evidence": [ "https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32015L2366, accessed 2026-04-30 [stale — older than 2024]" ] }, { "source": "ctrl-ledger-safeguarding", "target": "reg-uk-psr23", "type": "compliant-with", "label": "supports compliance evidence for", "strength": "partial", "evidence": [ "https://www.legislation.gov.uk/uksi/2017/752/regulation/23, accessed 2026-04-30 [stale — older than 2024]" ] }, { "source": "ctrl-api-sca", "target": "reg-sca-rts", "type": "compliant-with", "label": "supports compliance evidence for", "strength": "partial", "evidence": [ "https://eur-lex.europa.eu/eli/reg_del/2018/389/oj/eng, accessed 2026-04-30 [stale — older than 2024]" ] }, { "source": "ctrl-resilience-outsourcing", "target": "reg-dora", "type": "compliant-with", "label": "supports compliance evidence for", "strength": "partial", "evidence": [ "https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A32022R2554, accessed 2026-04-30 [stale — older than 2024]" ] }, { "source": "ctrl-resilience-outsourcing", "target": "reg-eba-outsourcing", "type": "compliant-with", "label": "supports compliance evidence for", "strength": "partial", "evidence": [ "https://www.eba.europa.eu/sites/default/files/documents/10180/2551996/38c80601-f5d7-4855-8ba3-702423665479/EBA%20revised%20Guidelines%20on%20outsourcing%20arrangements.pdf, accessed 2026-04-30 [stale — older than 2024]" ] }, { "source": "ctrl-audit-observability", "target": "reg-dora", "type": "compliant-with", "label": "supports compliance evidence for", "strength": "partial", "evidence": [ "https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A32022R2554, accessed 2026-04-30 [stale — older than 2024]" ] }, { "source": "ctrl-commercial-delivery", "target": "reg-eba-outsourcing", "type": "compliant-with", "label": "supports compliance evidence for", "strength": "partial", "evidence": [ "https://www.eba.europa.eu/sites/default/files/documents/10180/2551996/38c80601-f5d7-4855-8ba3-702423665479/EBA%20revised%20Guidelines%20on%20outsourcing%20arrangements.pdf, accessed 2026-04-30 [stale — older than 2024]" ] }, { "source": "ctrl-ledger-safeguarding", "target": "seg-eea-uk-pi-emi", "type": "evidence-for", "label": "RFP evidence domain", "strength": "full", "evidence": [ "[evidence pending — vendor outreach required: buyer-specific regulator feedback]" ] }, { "source": "ctrl-rail-coverage", "target": "seg-eea-uk-pi-emi", "type": "evidence-for", "label": "RFP evidence domain", "strength": "full", "evidence": [ "[evidence pending — vendor outreach required: buyer-specific rail access model]" ] }, { "source": "ctrl-api-sca", "target": "seg-eea-uk-pi-emi", "type": "evidence-for", "label": "RFP evidence domain", "strength": "full", "evidence": [ "[evidence pending — vendor outreach required: buyer-specific SCA delegation and consent scope]" ] }, { "source": "ctrl-resilience-outsourcing", "target": "seg-eea-uk-pi-emi", "type": "evidence-for", "label": "RFP evidence domain", "strength": "full", "evidence": [ "[evidence pending — vendor outreach required: buyer-specific DORA outsourcing classification]" ] }, { "source": "ctrl-audit-observability", "target": "seg-eea-uk-pi-emi", "type": "evidence-for", "label": "RFP evidence domain", "strength": "full", "evidence": [ "[evidence pending — vendor outreach required: buyer-specific retention and inspection pack]" ] }, { "source": "ctrl-commercial-delivery", "target": "seg-eea-uk-pi-emi", "type": "evidence-for", "label": "RFP evidence domain", "strength": "full", "evidence": [ "[evidence pending — vendor outreach required: buyer-specific procurement and exit model]" ] }, { "source": "reg-psd3", "target": "reg-psd2", "type": "complementary-to", "label": "future-state overlay", "strength": "partial", "evidence": [ "https://data.consilium.europa.eu/doc/document/ST-8222-2026-INIT/en/pdf, accessed 2026-04-30" ] }, { "source": "reg-psr", "target": "reg-psd2", "type": "complementary-to", "label": "future-state overlay", "strength": "partial", "evidence": [ "https://data.consilium.europa.eu/doc/document/ST-8221-2026-INIT/en/pdf, accessed 2026-04-30" ] }, { "source": "reg-inote-8220", "target": "reg-psd3", "type": "complementary-to", "label": "Council compromise process", "strength": "full", "evidence": [ "https://data.consilium.europa.eu/doc/document/ST-8220-2026-INIT/en/pdf, accessed 2026-04-30" ] }, { "source": "reg-inote-8220", "target": "reg-psr", "type": "complementary-to", "label": "Council compromise process", "strength": "full", "evidence": [ "https://data.consilium.europa.eu/doc/document/ST-8220-2026-INIT/en/pdf, accessed 2026-04-30" ] }, { "source": "reg-dora", "target": "reg-eba-outsourcing", "type": "complementary-to", "label": "ICT outsourcing context", "strength": "partial", "evidence": [ "https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A32022R2554, accessed 2026-04-30 [stale — older than 2024]" ] }, { "source": "reg-mica-art-emt", "target": "reg-psr", "type": "complementary-to", "label": "hybrid payment/token overlap", "strength": "partial", "evidence": [ "https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A32023R1114, accessed 2026-04-30 [stale — older than 2024]" ] }, { "source": "std-iso20022", "target": "ctrl-rail-coverage", "type": "prerequisite-for", "label": "message-format baseline", "strength": "partial", "evidence": [ "https://www.iso20022.org/iso-20022, accessed 2026-04-30" ] }, { "source": "std-sepa-instant", "target": "ctrl-rail-coverage", "type": "prerequisite-for", "label": "euro instant rail baseline", "strength": "partial", "evidence": [ "https://www.europeanpaymentscouncil.eu/document-library/rulebooks/2025-sepa-instant-credit-transfer-rulebook-version-11, accessed 2026-04-30" ] }, { "source": "std-swift-cbpr", "target": "ctrl-rail-coverage", "type": "prerequisite-for", "label": "cross-border message baseline", "strength": "partial", "evidence": [ "https://www.swift.com/standards/iso-20022/iso-20022-financial-institutions-focus-payments-instructions, accessed 2026-04-30" ] }, { "source": "std-target-t2", "target": "ctrl-rail-coverage", "type": "prerequisite-for", "label": "euro RTGS baseline", "strength": "partial", "evidence": [ "https://www.ecb.europa.eu/paym/target/t2/html/index.en.html, accessed 2026-04-30" ] }, { "source": "std-six-sic", "target": "ctrl-rail-coverage", "type": "prerequisite-for", "label": "Swiss clearing baseline", "strength": "partial", "evidence": [ "https://www.six-group.com/en/products-services/banking-services/interbank-clearing.html, accessed 2026-04-30" ] }, { "source": "std-payuk-fps", "target": "ctrl-rail-coverage", "type": "prerequisite-for", "label": "UK FPS baseline", "strength": "partial", "evidence": [ "https://www.wearepay.uk/what-we-do/payment-systems/faster-payment-system/, accessed 2026-04-30" ] }, { "source": "std-iso27001", "target": "ctrl-resilience-outsourcing", "type": "prerequisite-for", "label": "security baseline", "strength": "partial", "evidence": [ "https://www.iso.org/standard/27001, accessed 2026-04-30 [stale — older than 2024]" ] }, { "source": "std-iso27001", "target": "ctrl-audit-observability", "type": "prerequisite-for", "label": "security-management baseline", "strength": "partial", "evidence": [ "https://www.iso.org/standard/27001, accessed 2026-04-30 [stale — older than 2024]" ] }, { "source": "product-mambu-cloud", "target": "vendor-mambu", "type": "produced-by", "label": "produced by", "strength": "full", "evidence": [ "https://mambu.com/en/cloud-banking-platform, accessed 2026-04-30" ] }, { "source": "product-mambu-payments-api", "target": "vendor-mambu", "type": "produced-by", "label": "produced by", "strength": "full", "evidence": [ "https://docs.mambu.com/api/pages/payments-mpg/about-the-mambu-payments-api/, accessed 2026-04-30" ] }, { "source": "product-tuum-core", "target": "vendor-tuum", "type": "produced-by", "label": "produced by", "strength": "full", "evidence": [ "https://tuum.com/core-banking/, accessed 2026-04-30" ] }, { "source": "product-sdk-ledger", "target": "vendor-sdkfinance", "type": "produced-by", "label": "produced by", "strength": "full", "evidence": [ "https://sdk.finance/solutions/real-time-ledger-software/, accessed 2026-04-30" ] }, { "source": "product-sdk-emi", "target": "vendor-sdkfinance", "type": "produced-by", "label": "produced by", "strength": "full", "evidence": [ "https://sdk.finance/, accessed 2026-04-30" ] }, { "source": "product-macrobank", "target": "vendor-advapay", "type": "produced-by", "label": "produced by", "strength": "full", "evidence": [ "https://advapay.eu/core-banking-software-solution/, accessed 2026-04-30 [stale — older than 2024]" ] }, { "source": "product-vault-core", "target": "vendor-thought-machine", "type": "produced-by", "label": "produced by", "strength": "full", "evidence": [ "https://www.thoughtmachine.net/vault-core, accessed 2026-04-30" ] }, { "source": "product-vault-payments", "target": "vendor-thought-machine", "type": "produced-by", "label": "produced by", "strength": "full", "evidence": [ "https://www.thoughtmachine.net/vaultpayments, accessed 2026-04-30" ] }, { "source": "product-temenos-transact", "target": "vendor-temenos", "type": "produced-by", "label": "produced by", "strength": "full", "evidence": [ "https://www.temenos.com/resource/temenos-transact-brochure/, accessed 2026-04-30" ] }, { "source": "product-temenos-core", "target": "vendor-temenos", "type": "produced-by", "label": "produced by", "strength": "full", "evidence": [ "https://www.temenos.com/products/core-banking/, accessed 2026-04-30" ] }, { "source": "product-fusion-essence", "target": "vendor-finastra", "type": "produced-by", "label": "produced by", "strength": "full", "evidence": [ "https://www.finastra.com/universal-banking/solutions/essence, accessed 2026-04-30" ] }, { "source": "product-essence-analytics", "target": "vendor-finastra", "type": "produced-by", "label": "produced by", "strength": "full", "evidence": [ "https://www.finastra.com/universal-banking/solutions/essence-analytics, accessed 2026-04-30" ] }, { "source": "product-igcb-core", "target": "vendor-intellect", "type": "produced-by", "label": "produced by", "strength": "full", "evidence": [ "https://www.igcb.com/products/core-banking/, accessed 2026-04-30" ] }, { "source": "product-emach-ai", "target": "vendor-intellect", "type": "produced-by", "label": "produced by", "strength": "full", "evidence": [ "https://www.igcb.com/technology/emach-ai/, accessed 2026-04-30" ] }, { "source": "product-10x-platform", "target": "vendor-10x", "type": "produced-by", "label": "produced by", "strength": "full", "evidence": [ "https://www.10xbanking.com/platform/cloud-core-banking, accessed 2026-04-30" ] }, { "source": "product-engine-by-starling", "target": "vendor-starling-bank", "type": "produced-by", "label": "produced by", "strength": "full", "evidence": [ "https://enginebystarling.com/, accessed 2026-04-30" ] }, { "source": "product-saascada-core", "target": "vendor-saascada", "type": "produced-by", "label": "produced by", "strength": "full", "evidence": [ "https://www.saascada.com/, accessed 2026-04-30" ] }, { "source": "product-corebanq", "target": "vendor-finray", "type": "produced-by", "label": "produced by", "strength": "full", "evidence": [ "https://finray.tech/corebanq, accessed 2026-04-30" ] }, { "source": "product-skaleet-core", "target": "vendor-skaleet", "type": "produced-by", "label": "produced by", "strength": "full", "evidence": [ "https://skaleet.com/en, accessed 2026-04-30" ] }, { "source": "product-pismo-platform", "target": "vendor-pismo", "type": "produced-by", "label": "produced by", "strength": "full", "evidence": [ "https://www.pismo.io/, accessed 2026-04-30" ] }, { "source": "product-vodeno-cloud-platform", "target": "vendor-vodeno", "type": "produced-by", "label": "produced by", "strength": "full", "evidence": [ "https://vodeno.com/vodeno-cloud-platform/, accessed 2026-04-30" ] }, { "source": "product-mambu-cloud", "target": "ctrl-api-sca", "type": "implements", "label": "API evidence", "strength": "partial", "evidence": [ "https://docs.mambu.com/docs/mambu-apis/, accessed 2026-04-30", "[evidence pending — vendor outreach required: SCA delegation; rate limits; sandbox; OpenAPI coverage]" ] }, { "source": "product-mambu-payments-api", "target": "ctrl-rail-coverage", "type": "implements", "label": "payments evidence with deprecation caveat", "strength": "partial", "evidence": [ "https://docs.mambu.com/api/pages/payments-mpg/about-the-mambu-payments-api/, accessed 2026-04-30", "[evidence pending — vendor outreach required: support horizon; migration path; rail-directness]" ] }, { "source": "product-tuum-core", "target": "ctrl-ledger-safeguarding", "type": "implements", "label": "ledger evidence", "strength": "partial", "evidence": [ "https://tuum.com/core-banking/, accessed 2026-04-30", "[evidence pending — vendor outreach required: safeguarding reconciliation; immutable corrections]" ] }, { "source": "product-tuum-core", "target": "ctrl-rail-coverage", "type": "implements", "label": "payments evidence", "strength": "partial", "evidence": [ "https://tuum.com/payments/, accessed 2026-04-30", "[evidence pending — vendor outreach required: rail-directness for SEPA/SWIFT/local schemes; T2/FPS/SIC scope]" ] }, { "source": "product-sdk-ledger", "target": "ctrl-ledger-safeguarding", "type": "implements", "label": "ledger evidence", "strength": "partial", "evidence": [ "https://sdk.finance/solutions/real-time-ledger-software/, accessed 2026-04-30", "[evidence pending — vendor outreach required: safeguarding segregation; immutable correction workflow]" ] }, { "source": "product-sdk-emi", "target": "ctrl-commercial-delivery", "type": "implements", "label": "commercial evidence", "strength": "partial", "evidence": [ "https://sdk.finance/getting-started/, accessed 2026-04-30", "[evidence pending — vendor outreach required: licence model; source-code terms; implementation timeline]" ] }, { "source": "product-macrobank", "target": "ctrl-ledger-safeguarding", "type": "implements", "label": "core evidence", "strength": "partial", "evidence": [ "https://advapay.eu/core-banking-software-solution/, accessed 2026-04-30 [stale — older than 2024]", "[evidence pending — vendor outreach required: current ledger proof; safeguarding reports]" ] }, { "source": "product-macrobank", "target": "ctrl-rail-coverage", "type": "implements", "label": "rail evidence", "strength": "partial", "evidence": [ "https://advapay.eu/digital-core-banking-software-solution/, accessed 2026-04-30 [stale — older than 2024]", "[evidence pending — vendor outreach required: current rail-directness; scheme certifications]" ] }, { "source": "product-vault-core", "target": "ctrl-ledger-safeguarding", "type": "implements", "label": "core ledger evidence", "strength": "partial", "evidence": [ "https://www.thoughtmachine.net/vault-core, accessed 2026-04-30", "[evidence pending — vendor outreach required: PI/EMI safeguarding configuration; reconciliation evidence]" ] }, { "source": "product-vault-payments", "target": "ctrl-rail-coverage", "type": "implements", "label": "payments evidence", "strength": "partial", "evidence": [ "https://www.thoughtmachine.net/vaultpayments, accessed 2026-04-30", "[evidence pending — vendor outreach required: scheme-specific connectivity; sponsor versus direct model]" ] }, { "source": "product-temenos-transact", "target": "ctrl-ledger-safeguarding", "type": "implements", "label": "core evidence", "strength": "partial", "evidence": [ "https://www.temenos.com/resource/temenos-transact-brochure/, accessed 2026-04-30", "[evidence pending — vendor outreach required: PI/EMI safeguarding design]" ] }, { "source": "product-temenos-core", "target": "ctrl-resilience-outsourcing", "type": "implements", "label": "deployment evidence", "strength": "partial", "evidence": [ "https://www.temenos.com/products/core-banking/, accessed 2026-04-30", "[evidence pending — vendor outreach required: DORA artefact pack; tenant isolation; audit/exit rights]" ] }, { "source": "product-fusion-essence", "target": "ctrl-ledger-safeguarding", "type": "implements", "label": "core evidence", "strength": "partial", "evidence": [ "https://www.finastra.com/universal-banking/solutions/essence, accessed 2026-04-30", "[evidence pending — vendor outreach required: PI/EMI safeguarding design; reconciliation evidence]" ] }, { "source": "product-essence-analytics", "target": "ctrl-audit-observability", "type": "implements", "label": "audit analytics evidence", "strength": "partial", "evidence": [ "https://www.finastra.com/universal-banking/solutions/essence-analytics, accessed 2026-04-30", "[evidence pending — vendor outreach required: retention periods; regulator inspection export; data lineage]" ] }, { "source": "product-igcb-core", "target": "ctrl-ledger-safeguarding", "type": "implements", "label": "core evidence", "strength": "partial", "evidence": [ "https://www.igcb.com/products/core-banking/, accessed 2026-04-30", "[evidence pending — vendor outreach required: PI/EMI safeguarding ledger design]" ] }, { "source": "product-igcb-core", "target": "ctrl-rail-coverage", "type": "implements", "label": "payments evidence", "strength": "partial", "evidence": [ "https://www.intellectdesign.com/solutions/payments-collections-solutions/payments/, accessed 2026-04-30", "[evidence pending — vendor outreach required: bundle inclusion; rail-directness; scheme certificates]" ] }, { "source": "product-emach-ai", "target": "ctrl-api-sca", "type": "implements", "label": "architecture/API evidence", "strength": "partial", "evidence": [ "https://www.igcb.com/technology/emach-ai/, accessed 2026-04-30", "[evidence pending — vendor outreach required: API catalogue; SCA/open-banking flows; rate limits]" ] }, { "source": "product-10x-platform", "target": "ctrl-resilience-outsourcing", "type": "implements", "label": "security/resilience evidence", "strength": "partial", "evidence": [ "https://www.10xbanking.com/insights/enhanced-core-banking-system-security, accessed 2026-04-30", "[evidence pending — vendor outreach required: DORA artefact pack; subprocessor map; tenant isolation]" ] }, { "source": "product-10x-platform", "target": "ctrl-ledger-safeguarding", "type": "implements", "label": "core evidence", "strength": "partial", "evidence": [ "https://www.10xbanking.com/platform/cloud-core-banking, accessed 2026-04-30", "[evidence pending — vendor outreach required: PI/EMI safeguarding design; reconciliation reports]" ] }, { "source": "product-engine-by-starling", "target": "ctrl-ledger-safeguarding", "type": "implements", "label": "ledger evidence", "strength": "partial", "evidence": [ "https://enginebystarling.com/core-banking/, accessed 2026-04-30", "[evidence pending — vendor outreach required: PI/EMI safeguarding account mapping; reconciliation evidence]" ] }, { "source": "product-engine-by-starling", "target": "ctrl-audit-observability", "type": "implements", "label": "dashboard evidence", "strength": "partial", "evidence": [ "https://enginebystarling.com/management-portal/dashboards-and-workflows/, accessed 2026-04-30", "[evidence pending — vendor outreach required: retention periods; evidence export; regulator inspection pack]" ] }, { "source": "product-saascada-core", "target": "ctrl-ledger-safeguarding", "type": "implements", "label": "core evidence", "strength": "partial", "evidence": [ "https://www.saascada.com/, accessed 2026-04-30", "[evidence pending — vendor outreach required: double-entry proof; safeguarding reconciliation reports; immutable correction model]" ] }, { "source": "product-saascada-core", "target": "ctrl-resilience-outsourcing", "type": "implements", "label": "security evidence", "strength": "partial", "evidence": [ "https://saascada.com/security-and-privacy/, accessed 2026-04-30", "[evidence pending — vendor outreach required: DORA artefact pack; EU/EEA deployment; subprocessor map; exit plan]" ] }, { "source": "product-saascada-core", "target": "ctrl-rail-coverage", "type": "implements", "label": "partner rail evidence", "strength": "indirect", "evidence": [ "https://saascada.com/insights/saascada-and-inventi-partnership/, accessed 2026-04-30", "[evidence pending — vendor outreach required: native versus Inventi partner rail support; SEPA/SWIFT/TARGET2/TIPS evidence; FPS/SIC scope]" ] }, { "source": "product-corebanq", "target": "ctrl-ledger-safeguarding", "type": "implements", "label": "ledger evidence", "strength": "partial", "evidence": [ "https://finray.tech/corebanq, accessed 2026-04-30", "[evidence pending — vendor outreach required: independent ledger assurance; safeguarding reconciliation proof; immutable correction audit]" ] }, { "source": "product-corebanq", "target": "ctrl-api-sca", "type": "implements", "label": "API evidence", "strength": "partial", "evidence": [ "https://docs.corebanq.com/introduction, accessed 2026-04-30", "[evidence pending — vendor outreach required: SCA delegation flow; OpenAPI rate limits; sandbox; AIS/PIS access model]" ] }, { "source": "product-corebanq", "target": "ctrl-audit-observability", "type": "implements", "label": "audit evidence", "strength": "partial", "evidence": [ "https://docs.corebanq.com/api-reference/rbac/rbac, accessed 2026-04-30", "[evidence pending — vendor outreach required: independent audit pack review; retention periods; regulator inspection exports]" ] }, { "source": "product-skaleet-core", "target": "ctrl-api-sca", "type": "implements", "label": "API evidence", "strength": "partial", "evidence": [ "https://skaleet.com/en, accessed 2026-04-30", "[evidence pending — vendor outreach required: OpenAPI catalogue; SCA delegation; rate limits]" ] }, { "source": "product-pismo-platform", "target": "ctrl-api-sca", "type": "implements", "label": "developer/API evidence", "strength": "partial", "evidence": [ "https://www.pismo.io/developers-overview/, accessed 2026-04-30", "[evidence pending — vendor outreach required: OpenAPI catalogue for banking core; SCA delegation; rate limits; webhooks]" ] }, { "source": "product-vodeno-cloud-platform", "target": "ctrl-commercial-delivery", "type": "implements", "label": "BaaS commercial evidence", "strength": "partial", "evidence": [ "https://vodeno.com/, accessed 2026-04-30", "[evidence pending — vendor outreach required: software-only model; Aion Bank dependency; pricing basis; implementation timeline]" ] } ], "legend": { "firm-segment": { "color": "#355C7D", "shape": "round-rectangle", "note": "Buyer or applicant cohort; no vendor recommendation implied." }, "regulation": { "color": "#6C5B7B", "shape": "diamond", "note": "Binding or proposed legal/regulatory instrument used for RFP control mapping." }, "standard": { "color": "#F8B195", "shape": "hexagon", "note": "Scheme, security or messaging standard that informs technical evidence." }, "control": { "color": "#C06C84", "shape": "octagon", "note": "Due-diligence control domain buyers should evidence during RFP and onboarding." }, "vendor": { "color": "#99B898", "shape": "rectangle", "note": "Vendor company node; kept separate from product nodes." }, "product": { "color": "#FECEAB", "shape": "ellipse", "note": "Specific product or platform node; not scored or ranked." } } }