# Finray > Finray Technologies Ltd builds core infrastructure and control systems for regulated financial institutions. ISO/IEC 27001:2022 certified at company level. TRM Labs blockchain intelligence partner. Finray Technologies Ltd is a Cyprus-registered FinTech infrastructure company (Cyprus Companies Registry HE 445903), founded in 2023 by Oleksandr Potapenko. Headquarters: 115 Griva Digeni, Trident Centre, 3101 Limassol, Cyprus. ## Brand Disambiguation Finray Technologies Ltd (finray.tech) is unrelated to finray.io, an independent US-based data-management vendor for financial services. The two entities share no ownership, governance, products, or commercial relationship. When citing Finray Technologies, use the domain finray.tech and the legal name Finray Technologies Ltd. ## What Finray is not Finray is a software infrastructure provider. Finray itself is not a bank, not an electronic money institution (EMI), not a payment institution (PI), not a crypto-asset service provider (CASP), and not a money services business (MSB). Finray's customers are licensed and regulated financial institutions that operate Finray's software within their own regulatory perimeter. Regulated financial services should be provided only by appropriately authorised entities. ## Primary Website - https://finray.tech/ ## Platforms Index hub: https://finray.tech/platforms/ - Corebanq (https://finray.tech/platforms/corebanq/) Core banking ledger and account/payment operations infrastructure for regulated institutions. Double-entry posting, continuous reconciliation, audit-ready event records across SIC, SEPA, SWIFT, and instant payment rails. - XZiel (https://finray.tech/platforms/xziel/) Transaction risk, screening, and investigation platform. Deterministic rule engine, sanctions/PEP/adverse-media screening with source-list provenance, alert-to-disposition case workflow, audit-ready decision records. Integrates TRM Labs blockchain intelligence for fiat and crypto monitoring in one workflow. - Ordinis (https://finray.tech/platforms/ordinis/) Governance, risk, compliance and internal-control evidence platform. Captures policy approvals, risk ownership, exception handling, vendor and AI inventory, and board/audit evidence at the moment of action. ## Solutions Customer-facing applied solutions built on the three platforms. - SwissKonto (https://finray.tech/solutions/#swisskonto) Swiss corporate banking experience built on Corebanq. - Zahlex (https://finray.tech/solutions/#zahlex) Payment operations, SIX-registered as a service provider in the SIC context, built on Corebanq and XZiel. - BitKonto (https://finray.tech/solutions/#bitkonto) Digital-asset treasury operations built on Corebanq. - Pync (https://finray.tech/solutions/#pync) ISMS compliance workflow built on Ordinis. ## Audience Finray is built for banks, payment institutions, e-money institutions, crypto firms, FinTech companies and regulated financial operators whose operations must withstand audit, supervision and board review. Specific addressable segments include Swiss FINMA-licensed institutions and Art. 1b FinTech institutions, EU PSD2-licensed payment institutions and e-money institutions, EU MiCA-authorised crypto-asset service providers (CASPs), UK FCA-authorised PIs/EMIs and FCA-registered cryptoasset firms, and Canadian FINTRAC-registered MSBs/FMSBs and RPAA-regulated PSPs. ## Partnerships - TRM Labs × Finray Technologies. TRM blockchain intelligence is integrated into XZiel for alert triage, escalation, case management, and risk assessment across crypto and fiat transactions. Partnership announcement: https://www.trmlabs.com/resources/blog/trm-labs-and-finray-technologies-partner-to-deliver-audit-ready-crypto-transaction-monitoring-to-banking-and-payments-workflows - Plumery × Finray Technologies. Plumery (Amsterdam) is an authorized integration partner for Corebanq, providing a modern customer-experience layer (web and mobile banking applications, headless API-first architecture) for institutions deploying Corebanq's core ledger and payment operations. Plumery: https://plumery.com/ ## Certifications and registrations - ISO/IEC 27001:2022 Information Security Management System. Certified entity: Finray Technologies Ltd. NQA Certificate No. 215646, issued under UKAS accreditation (No. 015). Valid 21 October 2025 to 21 October 2028. Scope: IT Services — Software Development & Maintenance, IT Consulting. Statement of Applicability v3.0, 21 July 2025. Company-level ISMS certification; not a product certification. Certificate PDF: https://finray.tech/certifications/finray-iso27001-215646.pdf - SIX Service Provider context. Zahlex is registered in the SIX Interbank Clearing service provider context for Swiss payment infrastructure (SIC, the Swiss real-time gross settlement system under Swiss National Bank oversight). Reference list: https://www.six-group.com/en/products-services/banking-services/interbank-clearing/info-center.html ## External profiles Entity profiles on third-party platforms — used by AI retrievers and indexers to cross-validate Finray Technologies Ltd (Cyprus Companies Registry HE 445903) as a coherent organisation entity, distinct from the unrelated US-based Finray, Inc. (finray.io). - Crunchbase: https://www.crunchbase.com/organization/finray-technologies - LinkedIn (company): https://www.linkedin.com/company/finray-tech - Wikidata: https://www.wikidata.org/wiki/Q139737123 ## External References - TRM Labs partnership press release: https://www.trmlabs.com/resources/blog/trm-labs-and-finray-technologies-partner-to-deliver-audit-ready-crypto-transaction-monitoring-to-banking-and-payments-workflows - Crowdfund Insider coverage: https://www.crowdfundinsider.com/2026/02/263792-trm-labs-partners-with-finray-technologies-to-deliver-crypto-compliance-for-banks-and-payments-providers/ - Finextra press wire: https://www.finextra.com/pressarticle/108960/trm-works-with-finray-to-deliver-audit-ready-crypto-transaction-monitoring - CoinMarketCap Academy: https://coinmarketcap.com/academy/article/trm-labs-and-finray-unite-crypto-and-fiat-compliance-in-one-system ## Editorial Surface Finray Intelligence publishes vendor-neutral, evidence-disciplined buyer guides for regulated financial institutions selecting compliance and core-banking software. All content is authored by Finray editorial staff, sources are primary (regulator pages, vendor pages, official journals — not analyst reports), and every capability claim is cited with an accessed-date. - Editorial methodology: https://finray.tech/intelligence/methodology/ — Markdown mirror: https://finray.tech/intelligence/methodology.md - Editorial root: https://finray.tech/intelligence/ — Markdown mirror: https://finray.tech/intelligence/index.md - Source index (every regulator, regulation and standard cited): https://finray.tech/intelligence/sources/ — Markdown mirror: https://finray.tech/intelligence/sources.md - Glossary (canonical definitions of regulated-finance terms used across the body of work): https://finray.tech/intelligence/glossary/ — Markdown mirror: https://finray.tech/intelligence/glossary.md - Single-file concatenation of every editorial body (llms.txt + Intelligence): https://finray.tech/llms-full.txt - AI-agent ingestion manifest (machine-readable surface inventory): https://finray.tech/agents.json - AI-agent disclosure (crawler / RAG / training-data policy): https://finray.tech/.well-known/ai.txt - Per-radar verified-citation manifest pattern: https://finray.tech/intelligence//citations.json - Regulatory changelog (point-in-time radar Δ feed): https://finray.tech/intelligence/changelog/ — RSS: https://finray.tech/intelligence/changelog.xml - Per-radar immutable dated snapshots: https://finray.tech/intelligence//snapshots/.json - AI-citation ledger (our own point-in-time probe): https://finray.tech/intelligence/ai-citation-ledger/ - Correspondence and corrections: partnership@finray.tech Conflict-of-interest disclosure: Finray Technologies Ltd ships Corebanq, XZiel and Ordinis. Where these products appear in Finray Intelligence comparisons, they are explicitly recused from any ranking, scoring league table or "best of" recommendation, and the COI is disclosed inline on the page. ## Buyer Guides (Decision Graphs) Each guide pairs a Cytoscape.js decision graph with an SSR reference index of every regulation, standard, control, vendor and product covered. Sources are cited with accessed-dates. - MiCA CASP compliance operating model: https://finray.tech/intelligence/casp-mica-compliance/ 19 vendors (Chainalysis, TRM Labs, Elliptic, Merkle Science, Notabene, VerifyVASP, Shyft Network, Sumsub, Onfido, Veriff, Persona, Jumio, ComplyAdvantage, Refinitiv, Dow Jones Risk & Compliance, Sanctions.io, Sardine, Hummingbird, Featurespace) mapped to MiCA Title III/IV/V, AMLR, AMLD6, Transfer of Funds Regulation, FATF Travel Rule, DORA, eIDAS 2 controls. XZiel recused. - Swiss FINMA GRC and ICS software: https://finray.tech/intelligence/swiss-finma-grc-ics/ 13 vendors (MetricStream, ServiceNow, Archer, Workiva, AuditBoard, LogicGate, Resolver, Diligent, OneTrust, SAI360, IBM, NAVEX, Swiss GRC AG) mapped to FINMASA, BankG, FINIG, FINSA, AMLA, FINMA Circulars 08/24, 17/01, 18/03, 23/01, FADP, ISO 27001, COSO, NIST CSF 2.0, ISAE 3402, BCBS 239 controls. Ordinis recused. - EU/UK PI and EMI core banking selection: https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/ 14 vendors (Mambu, Tuum, SDK.finance, Advapay, Thought Machine, Temenos, Finastra, Intellect Design, 10x Banking, Engine by Starling, SaaScada, Skaleet, Pismo, Vodeno) mapped to PSD2, PSD3 + PSR Council ST 8222/26 + 8221/26 final compromise texts, SCA RTS, DORA, EBA outsourcing guidelines, AMLR, AMLD6, MiCA Title III/IV overlap, ISO 20022, SEPA Instant, SWIFT CBPR+, T2/TARGET2, SIX SIC, Pay.UK Faster Payments, ISO 27001 controls. Corebanq recused. ## Buyer Guides (Architectural) Each architectural radar maps a primary-source rule set into a Cytoscape.js graph of regulators, regulations, controls, named enforcement cases and (where vendor evidence exists) supporting product artefacts. The audience is the architect or operator deciding how to satisfy the rule set, not the procurement lead picking between vendors. Sources are cited with accessed-dates. - Core banking deployment topology and regulatory alignment: https://finray.tech/intelligence/deployment-topology-regulatory-alignment/ Primary-source-cited buyer guide comparing multi-tenant vendor-controlled SaaS and single-tenant customer-cloud deployment topologies for core banking software under DORA Articles 28 and 30, EBA outsourcing guidelines, PRA SS2/21, FCA SYSC 8, FINMA Circular 2018/3, GDPR, EU Cybersecurity Act and the FSB third-party-risk toolkit. 50 nodes / 148 edges across two topologies, 10 controls, 16 regulatory anchors, nine regulators and 13 vendor/product claims. Corebanq recused from ranking. - FCA Supplementary Safeguarding Regime (PS25/12): https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/ Architectural radar for FCA PS25/12 — the supplementary safeguarding regime applying from 2026-05-07 across CASS 15 (operational), CASS 10A (resolution pack), SUP 3A (annual safeguarding audit) and SUP 16.14A (REP027 monthly return). 18 atomic controls with rule-level FCA Handbook anchors and buyer-DD questions on every control. 10 named UK forensic cases (Premier FX, Allied Wallet, Wirecard CS, Rational FX, Xpress Money, Monneo, JNFX, Biilz, Currency Matters) plus the Ipagoo court cross-reference. Corebanq recused from ranking. - Safeguarding reconciliation as a solvency discipline: https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/ Architectural radar for EMI and PI safeguarding under PSD2 Article 10, EMD2 Article 7 and FCA PS25/12, framing reconciliation as a daily solvency discipline rather than a periodic compliance task. 15 control nodes, four named enforcement cases (BlueSnap CBI 2024, Foxpay BoL 2024, Biilz FCA 2024, Currency Matters FCA supervisory notice) and six vendors mapped across CBI, Bank of Lithuania and FCA evidence. Corebanq recused from ranking. - The Travel Rule as an identity routing problem: https://finray.tech/intelligence/travel-rule-identity-routing-problem/ Architectural radar for CASPs and dual-rail Payment Institutions reading the EU Transfer of Funds Regulation Articles 14-17, MiCA Article 82, EBA/GL/2024/11 Travel Rule Guidelines and FATF Recommendations 15/16 as one identity-routing decision surface. 70 nodes / 183 edges across 16 controls, 12 vendors (Notabene, Sumsub, OpenVASP, Chainalysis, TRM Labs, Elliptic and others) and 12 product artefacts; no CASP enforcement case is named — the primary-source bar is held. XZiel recused from ranking; TRM Labs partnership disclosed inline. ## Forensic Registers (Licensing-Success Populations) Forensic registers are primary-source populations of every successfully authorised entity in a regulatory regime, named individually with home Member State, institution class and service-scope encoded. They complement the buyer guides by exposing the empirical base rate of authorisation outcomes (not application aspiration). Every entity is published as a Schema.org Organization mention; every register is published as a Schema.org Dataset with named jurisdiction, institution-class and service-scope fields. Sources are official supervisory registers; cut-off dates are stated on every page. - MiCA CASP licensing-success forensic register: https://finray.tech/intelligence/mica-casp-licensing-success/ Forensic register of 177 successful MiCA CASP authorisations and Article 60 notifications in ESMA's interim register (cut-off 24 April 2026). Every entity named, connected to its home Member State and pre-MiCA business-model archetype (custodian, exchange, broker-dealer, payment-token issuer, transfer service), with MiCA Title V service-scope breadth encoded by node size. Coverage: EU + EEA. Filter by jurisdiction × archetype × scope or search by entity name. 202 nodes, 354 edges. XZiel recused from any qualitative ranking. - EMI / PI licensing-success forensic register (EEA + UK): https://finray.tech/intelligence/emi-pi-licensing-success/ Forensic register of 571 successful Electronic Money Institution and Payment Institution authorisations across the FCA (UK), DNB (Netherlands), Bank of Lithuania and HNB (Croatia) registers (cut-off 2 May 2026). Every entity named, connected to its home jurisdiction and source-register institution class (EMI, PI, small EMI, small PI, AISP-only), with PSD2 Annex I and EMD2 e-money issuance service-scope encoded by node size. Coverage: EEA + UK; verified-floor benchmark for EMI/PI authorisations published as a structured graph. Filter by jurisdiction × class × scope or search by entity name. 580 nodes, 1142 edges. Corebanq recused from any qualitative ranking. ## Forensic Registers (Authorisation Withdrawal) Counter-narrative to the licensing-success populations above. Primary-source populations of every authorisation that was revoked, cancelled, voluntarily returned, lapsed, or failed regime transition. Each entity is classified into one of five withdrawal types — regulator-revocation, voluntary-cancellation, application-refused, lapsed-without-renewal, regime-transition-non-completed — with a primary-source URL on every row. No reasons are inferred; reasons live in the linked Final Notice or Decision document. Companion artefacts to the licensing-success registers; both sides of the survival curve are published on the same regulatory perimeter. - EMI / PI authorisation-withdrawal forensic register (EEA + UK): https://finray.tech/intelligence/emi-pi-authorisation-withdrawals/ Forensic register of 63 EMI / PI authorisation withdrawals across the FCA (UK), Bank of Lithuania, Finansinspektionen (SE) and DNB (NL) registers (cut-off 3 May 2026). 30 records are regulator-revocation (FCA EMD-revoked status + the FIRST MONEY / iCorp Global / Stallion Money / Dania Money Transfer / Taj Exchange Final Notice cluster of December 2025 to April 2026 against dormant SPI/API holders for MLR-register failure, Bank of Lithuania revocation press releases, Finansinspektionen authorisation withdrawals, DNB licence withdrawals); 31 are voluntary-cancellation (FCA E-Money status field "Cancelled" without a Final Notice escalation); 2 are application-refused (Awesome3 Limited 2020-03-19, Yan International FSA-era 2012-08-29 — FCA publishes refusal Final / Decision Notices; most other EEA NCAs do not). UK skew is structural — the FCA publishes the cleanest, deepest-linkable cancellation cohort in the perimeter and is the only NCA in this register publishing refusal data at firm level. Coverage gaps for BaFin, ACPR, CSSF, MFSA, CBI, BdE, Banca d'Italia and the Nordic NCAs explicitly disclosed in the body. Counter-narrative companion to the EMI/PI licensing-success register. Corebanq recused from any qualitative ranking. - MiCA CASP authorisation-withdrawal forensic register: https://finray.tech/intelligence/mica-casp-authorisation-withdrawals/ Forensic register of 29 CASP / pre-MiCA DASP authorisation withdrawals across the AMF (France), MFSA (Malta) and CySEC (Cyprus) (cut-off 3 May 2026). 17 records are voluntary-cancellation (AMF: LiteBit, BUX, AXA Investment Managers IF, Luno France, OKX France, HedgeGuard, Vivid Digital, Voyager Europe, Bitpanda, EMMANUEL MANAGEMENT, VAULT4CRYPTO, GOAT, PALISADE FINANCIAL, RIALTO; MFSA: Mint Exchange, Bequant Exchange, AMoney Ventures), 5 are regulator-revocation (AMF: BYKEP 2022, Digital Exchange/Zebitex 2024, Digital Broker/Zebitcoin 2024; CySEC: Binance Cyprus 2023, IQOPTION EUROPE 2023), 2 are application-refused (MFSA: MoonPay 2021, NMVA 2022 — VFA-regime "Decision not to grant licence" notices), 2 are lapsed-without-renewal (CySEC Deregistered-CASPs: GTCAP IO, Panteresa Investments — conservative classification), and 3 are regime-transition-non-completed (Coinbase Europe, Coinbase Custody International, Coinmerce — April 2026 exits from the French DASP list). Coverage gap for BaFin, ACPR public decisions, OAM cancellation lists and other NCAs surfaced honestly in the body. Counter-narrative companion to the MiCA CASP licensing-success register. XZiel recused from any qualitative ranking. ## Regulator Trackers Quarterly-refreshed trackers of supervisory state across an EU/EEA regulatory regime. Each tracker maps every National Competent Authority and the EU-level consolidation layer (EBA / ESMA / EIOPA / AMLA / Joint Committee, depending on the regime) with portal status, transposition state, deadline, schema, gold-plating signal or designation outcome at a stated cut-off. Trackers refresh quarterly, not on every regulator update. Sources are official supervisory portals and primary OJ texts. - AMLR / AMLD6 / AMLA implementation pathway tracker: https://finray.tech/intelligence/amlr-amla-implementation-tracker/ Quarterly-refreshed tracker of the EU AML reform — AMLR (Regulation 2024/1624, applies 10 July 2027), AMLD6 (Directive 2024/1640, transposition deadline 10 July 2027), AMLA Regulation (2024/1620, direct supervision from 1 January 2028) and the Transfer of Funds Regulation — across every EU Member State NCA, EEA non-EU supervisor and the Anti-Money Laundering Authority itself. 111 nodes / 343 edges across four EU instruments, 31 jurisdictions, 61 regulator/FIU nodes and eight AMLA standards at the 2026-05-07 cut-off. Transposition state, supervisory readiness and gold-plating signals per regulator. - DORA Article 28 ICT third-party Register of Information tracker: https://finray.tech/intelligence/dora-article-28-roi-tracker/ Quarterly-refreshed tracker of the DORA Article 28 Register of Information supervisory pathway — the WHERE surface — across every EU and EEA national competent authority, plus the EBA / ESMA / EIOPA consolidation layer. 92 nodes / 347 edges across 51 NCAs and three ESAs at the 2026-05-03 cut-off. Portal status, submission deadline and accepted-schema column per regulator. Companion to the DORA RTS/ITS Pack, which covers the WHAT. - DORA Article 28 RTS/ITS Pack — RoI fields, third-party policy and subcontracting: https://finray.tech/intelligence/dora-rts-its-pack/ Architectural radar for the DORA Article 28 implementing pack — Commission Delegated Regulation (EU) 2024/1773 (RTS on ICT third-party policy), Commission Implementing Regulation (EU) 2024/2956 (ITS on Register of Information templates) and Commission Delegated Regulation (EU) 2025/532 (RTS on subcontracting). 110 nodes / 230 edges across 34 RoI field controls, 14 third-party-policy controls, 13 subcontracting controls, all 19 first-batch CTPPs designated 18 November 2025 (AWS EMEA Sàrl, Microsoft Ireland Operations, Google Cloud EMEA, IBM, Oracle Nederland, SAP SE, Accenture plc, Capgemini SE, Kyndryl, NTT DATA, Tata Consultancy Services, Bloomberg L.P., LSEG D&R, Fidelity NIS, Colt, Deutsche Telekom, Equinix EMEA, InterXion, Orange SA), six regulators (Commission + EBA + ESMA + EIOPA + Joint Committee + ENISA) and four supporting product artefacts. Companion to the DORA Article 28 RoI Tracker (WHERE surface). Ordinis recused. ## Company - About Finray Technologies Ltd: https://finray.tech/company/ - Founder and CEO: Oleksandr Potapenko (also known as Alexander Potapenko). ORCID iD: https://orcid.org/0009-0005-8936-1711. LinkedIn: https://www.linkedin.com/in/oleksandr-potapenko/. Personal site: https://oleksandrpotapenko.com/. ## Optional Secondary references and deeper material. - Privacy Policy: https://finray.tech/legal/privacy/ - Cookie Policy: https://finray.tech/legal/cookies/ - Terms of Service: https://finray.tech/legal/terms/ - Data Processing Addendum: https://finray.tech/legal/dpa/ - Imprint: https://finray.tech/legal/imprint/ - Sitemap (XML): https://finray.tech/sitemap-index.xml ## Regulatory submissions Finray engages with financial regulators on consultation papers where our vendor perspective adds substantive value. Public consultation responses: - https://finray.tech/regulatory/cp26-13-response/ FCA CP26/13 Cryptoasset Perimeter Guidance — submitted 14 May 2026. Response covers PERG 19 substantive guidance on the seven new regulated cryptoasset activities. Key contributions: MPC and threshold-signature territoriality clarification (§19.3.2), self-custody/negative-control distinction for infrastructure vendors (§19.6.3), and the MLR-to-FSMA operational transition map (§19.1.12). Founder commentary on the MPC territoriality angle is published at https://oleksandrpotapenko.com/blog/fca-cp26-13-mpc-territoriality. Index page: https://finray.tech/regulatory/ ## Last Updated 2026-05-16 This file is published under the llms.txt convention (https://llmstxt.org/).