{"id":477,"date":"2026-05-19T07:00:00","date_gmt":"2026-05-18T21:00:00","guid":{"rendered":"https:\/\/nexiant.ai\/resources\/blogs\/?p=477"},"modified":"2026-05-14T14:23:20","modified_gmt":"2026-05-14T04:23:20","slug":"dora-financial-crime-systems","status":"publish","type":"post","link":"https:\/\/nexiant.ai\/resources\/blogs\/dora-financial-crime-systems\/","title":{"rendered":"DORA and Financial Crime Systems: What EU-Based Institutions Must Know"},"content":{"rendered":"\n<style>\n  .nx-blog * { box-sizing: border-box; margin: 0; padding: 0; }\n  .nx-blog { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; font-size: 16px; line-height: 1.75; color: #1a1a2e; max-width: 820px; margin: 0 auto; }\n  .nx-blog h2 { font-size: 1.55rem; font-weight: 700; color: #00184C; margin: 2.5rem 0 0.75rem; padding-bottom: 0.4rem; border-bottom: 3px solid #073EA1; }\n  .nx-blog h3 { font-size: 1.15rem; font-weight: 700; color: #073EA1; margin: 1.75rem 0 0.5rem; }\n  .nx-blog h4 { font-size: 0.98rem; font-weight: 700; color: #00184C; margin: 1.25rem 0 0.35rem; }\n  .nx-blog p { margin-bottom: 1rem; }\n  .nx-blog ul, .nx-blog ol { margin: 0.5rem 0 1rem 1.4rem; }\n  .nx-blog li { margin-bottom: 0.4rem; }\n  .nx-blog strong { color: #00184C; }\n\n  .nx-hero { background: linear-gradient(135deg, #00184C 0%, #073EA1 100%); color: #fff; border-radius: 12px; padding: 1.75rem 2rem; margin-bottom: 2rem; }\n  .nx-hero .nx-tag { display: inline-block; background: rgba(255,255,255,0.15); color: #AEC9FF; font-size: 0.75rem; font-weight: 600; text-transform: uppercase; letter-spacing: 0.08em; padding: 4px 12px; border-radius: 20px; margin-bottom: 0.6rem; }\n  .nx-hero .nx-meta { font-size: 0.95rem; color: #AEC9FF; margin: 0; }\n\n  .nx-callout { border-left: 4px solid #073EA1; background: #f0f4ff; border-radius: 0 8px 8px 0; padding: 1rem 1.25rem; margin: 1.5rem 0; }\n  .nx-callout.nx-callout--warning { border-left-color: #A30000; background: #fff5f5; }\n  .nx-callout .nx-callout-title { font-size: 0.8rem; font-weight: 700; text-transform: uppercase; letter-spacing: 0.07em; color: #073EA1; margin-bottom: 0.4rem; }\n  .nx-callout.nx-callout--warning .nx-callout-title { color: #A30000; }\n  .nx-callout p { margin: 0; font-size: 0.95rem; color: #1a1a2e; }\n\n  .nx-grid { display: grid; grid-template-columns: repeat(auto-fit, minmax(185px, 1fr)); gap: 12px; margin: 1.25rem 0 1.75rem; }\n  .nx-card { background: #fff; border: 1px solid #d0daf5; border-radius: 10px; padding: 1rem; }\n  .nx-card-icon { width: 36px; height: 36px; border-radius: 8px; background: #073EA1; display: flex; align-items: center; justify-content: center; margin-bottom: 0.6rem; }\n  .nx-card-icon svg { width: 18px; height: 18px; fill: #fff; }\n  .nx-card h4 { font-size: 0.88rem; font-weight: 700; color: #00184C; margin-bottom: 0.2rem; }\n  .nx-card p { font-size: 0.8rem; color: #555; margin: 0; line-height: 1.5; }\n\n  .nx-obligations { margin: 1.25rem 0 1.75rem; }\n  .nx-obl-item { background: #fff; border: 1px solid #d0daf5; border-left: 4px solid #073EA1; border-radius: 0 10px 10px 0; padding: 1rem 1.25rem; margin-bottom: 10px; }\n  .nx-obl-item h4 { font-size: 0.93rem; font-weight: 700; color: #00184C; margin-bottom: 0.3rem; }\n  .nx-obl-item p { font-size: 0.87rem; color: #444; margin: 0; line-height: 1.6; }\n\n  .nx-timeline-h { display: grid; grid-template-columns: repeat(3, 1fr); gap: 0; margin: 1.25rem 0 1.75rem; position: relative; }\n  .nx-timeline-h::before { content: ''; position: absolute; top: 18px; left: 10%; right: 10%; height: 2px; background: #d0daf5; z-index: 0; }\n  .nx-tl-h-item { text-align: center; position: relative; z-index: 1; padding: 0 0.5rem; }\n  .nx-tl-h-dot { width: 36px; height: 36px; border-radius: 50%; background: #073EA1; color: #fff; font-size: 0.8rem; font-weight: 700; display: flex; align-items: center; justify-content: center; margin: 0 auto 0.6rem; }\n  .nx-tl-h-label { font-size: 0.75rem; font-weight: 700; color: #073EA1; text-transform: uppercase; letter-spacing: 0.05em; margin-bottom: 0.25rem; }\n  .nx-tl-h-item p { font-size: 0.8rem; color: #555; margin: 0; line-height: 1.45; }\n\n  .nx-table-wrap { overflow-x: auto; margin: 1.25rem 0 1.75rem; }\n  .nx-table { width: 100%; border-collapse: collapse; font-size: 0.9rem; }\n  .nx-table thead tr { background: #00184C; color: #fff; }\n  .nx-table th { text-align: left; padding: 10px 14px; font-weight: 600; }\n  .nx-table td { padding: 9px 14px; border-bottom: 1px solid #e0e7f5; color: #1a1a2e; vertical-align: top; }\n  .nx-table tbody tr:nth-child(even) { background: #f5f8ff; }\n  .nx-badge { display: inline-block; font-size: 0.73rem; font-weight: 600; padding: 2px 9px; border-radius: 20px; }\n  .nx-badge--red { background: #fde8e8; color: #A30000; }\n  .nx-badge--blue { background: #EEF2FF; color: #073EA1; }\n\n  .nx-inline-link { color: #073EA1; text-decoration: underline; font-weight: 600; }\n  .nx-inline-link:hover { color: #00184C; }\n\n  .nx-faq { margin: 1.25rem 0 1.75rem; }\n  .nx-faq-item { border: 1px solid #d0daf5; border-radius: 8px; margin-bottom: 8px; overflow: hidden; }\n  .nx-faq-q { width: 100%; background: #fff; border: none; text-align: left; padding: 1rem 1.25rem; font-size: 0.95rem; font-weight: 600; color: #00184C; cursor: pointer; display: flex; justify-content: space-between; align-items: center; gap: 1rem; }\n  .nx-faq-q:hover { background: #f5f8ff; }\n  .nx-faq-q .nx-chevron { flex-shrink: 0; width: 20px; height: 20px; border-radius: 50%; background: #EEF2FF; display: flex; align-items: center; justify-content: center; transition: transform 0.25s; }\n  .nx-faq-q .nx-chevron svg { width: 10px; height: 10px; stroke: #073EA1; fill: none; }\n  .nx-faq-q[aria-expanded=\"true\"] .nx-chevron { transform: rotate(180deg); background: #073EA1; }\n  .nx-faq-q[aria-expanded=\"true\"] .nx-chevron svg { stroke: #fff; }\n  .nx-faq-a { display: none; padding: 0 1.25rem 1rem; font-size: 0.92rem; color: #333; line-height: 1.7; background: #fff; }\n  .nx-faq-a.open { display: block; }\n\n  .nx-cta { background: linear-gradient(135deg, #00184C 0%, #073EA1 100%); border-radius: 12px; padding: 2rem; text-align: center; margin-top: 2.5rem; }\n  .nx-cta h3 { color: #fff; font-size: 1.3rem; font-weight: 700; margin-bottom: 0.5rem; }\n  .nx-cta p { color: #AEC9FF; font-size: 0.95rem; margin-bottom: 1.25rem; }\n  .nx-cta a { display: inline-block; background: #E11A1A; color: #fff; font-weight: 700; font-size: 0.95rem; padding: 0.7rem 1.8rem; border-radius: 6px; text-decoration: none; transition: background 0.2s; }\n  .nx-cta a:hover { background: #A30000; }\n  .nx-divider { border: none; border-top: 1px solid #e0e7f5; margin: 2rem 0; }\n  .nx-disclaimer { font-size: 0.8rem; color: #888; font-style: italic; text-align: center; margin-top: 1.5rem; }\n<\/style>\n\n<div class=\"nx-blog\">\n\n  <div class=\"nx-hero\">\n    <span class=\"nx-tag\">Technical Guide &nbsp;\u00b7&nbsp; May 2026 &nbsp;\u00b7&nbsp; EU Focus<\/span>\n    <p class=\"nx-meta\">The EU&#8217;s Digital Operational Resilience Act applies to AML and fraud detection platforms. Here&#8217;s what compliance teams at EU-regulated institutions need to understand.<\/p>\n  <\/div>\n\n  <p>The EU&#8217;s Digital Operational Resilience Act (DORA), Regulation (EU) 2022\/2554, entered into force in January 2025 and applies to a broad range of financial entities and their critical ICT third-party service providers. For compliance leaders, DORA&#8217;s relevance extends beyond IT risk management: <a href=\"https:\/\/nexiant.ai\/resources\/blogs\/transaction-monitoring-rules-vs-ai-best-practices-2026\/\" class=\"nx-inline-link\">AML transaction monitoring platforms<\/a>, fraud detection systems, <a href=\"https:\/\/nexiant.ai\/resources\/blogs\/sanctions-screening-guide\/\" class=\"nx-inline-link\">sanctions screening tools<\/a>, and case management solutions are all ICT systems within scope.<\/p>\n\n  <div class=\"nx-callout nx-callout--warning\">\n    <div class=\"nx-callout-title\">\u26a0 An active obligation \u2014 not a future consideration<\/div>\n    <p>For institutions operating AML and fraud detection platforms in the EU, integrating DORA compliance into financial crime technology governance requires immediate assessment of ICT classifications, contractual gaps, and resilience testing programmes.<\/p>\n  <\/div>\n\n  <h2 id=\"dora-core-requirements\"><span class=\"ez-toc-section\" id=\"DORAs_Core_Requirements_Relevant_to_Financial_Crime_Systems\"><\/span>DORA&#8217;s Core Requirements Relevant to Financial Crime Systems<span class=\"ez-toc-section-end\"><\/span><\/h2>\n  <p>DORA imposes requirements in five main areas. Each has direct implications for financial crime technology infrastructure:<\/p>\n\n  <div class=\"nx-grid\">\n    <div class=\"nx-card\">\n      <div class=\"nx-card-icon\"><svg viewBox=\"0 0 20 20\"><path d=\"M10 1L3 5v6c0 4.25 3 8.22 7 9 4-.78 7-4.75 7-9V5l-7-4zm0 2.18l5 2.78V11c0 3.13-2.18 6.07-5 6.93C7.18 17.07 5 14.13 5 11V5.96l5-2.78z\"\/><\/svg><\/div>\n      <h4>ICT Risk Management<\/h4>\n      <p>Identify and classify ICT assets, assess associated risks, and implement protection, detection, response, and recovery measures<\/p>\n    <\/div>\n    <div class=\"nx-card\">\n      <div class=\"nx-card-icon\"><svg viewBox=\"0 0 20 20\"><path d=\"M10 2a8 8 0 100 16A8 8 0 0010 2zm1 11H9V9h2v4zm0-6H9V5h2v2z\"\/><\/svg><\/div>\n      <h4>Incident Classification &amp; Reporting<\/h4>\n      <p>Classify and notify major ICT-related incidents within defined regulatory timelines \u2014 including AML system outages<\/p>\n    <\/div>\n    <div class=\"nx-card\">\n      <div class=\"nx-card-icon\"><svg viewBox=\"0 0 20 20\"><path d=\"M3 3h14v2H3zm0 4h14v2H3zm0 4h10v2H3zm0 4h7v2H3z\"\/><\/svg><\/div>\n      <h4>Resilience Testing<\/h4>\n      <p>Basic testing for all in-scope entities; advanced Threat-Led Penetration Testing (TLPT) for significant institutions<\/p>\n    <\/div>\n    <div class=\"nx-card\">\n      <div class=\"nx-card-icon\"><svg viewBox=\"0 0 20 20\"><path d=\"M17 8h-1V5a4 4 0 00-8 0v3H7a2 2 0 00-2 2v7a2 2 0 002 2h10a2 2 0 002-2v-7a2 2 0 00-2-2zM10 3a2 2 0 012 2v3H8V5a2 2 0 012-2zm7 14H7v-7h10v7z\"\/><\/svg><\/div>\n      <h4>ICT Third-Party Risk Management<\/h4>\n      <p>Enhanced contractual requirements for Critical ICT Third-Party Providers \u2014 directly relevant to cloud-hosted AML and fraud platforms<\/p>\n    <\/div>\n    <div class=\"nx-card\">\n      <div class=\"nx-card-icon\"><svg viewBox=\"0 0 20 20\"><path d=\"M13 6a3 3 0 11-6 0 3 3 0 016 0zm5 10a7 7 0 00-14 0h14z\"\/><\/svg><\/div>\n      <h4>Information Sharing<\/h4>\n      <p>Participation in cyber threat intelligence sharing arrangements within the EU financial sector<\/p>\n    <\/div>\n  <\/div>\n\n  <h2 id=\"incident-reporting\"><span class=\"ez-toc-section\" id=\"Incident_Reporting_for_Financial_Crime_System_Outages\"><\/span>Incident Reporting for Financial Crime System Outages<span class=\"ez-toc-section-end\"><\/span><\/h2>\n  <p>An outage of an <a href=\"https:\/\/nexiant.ai\/resources\/blogs\/transaction-monitoring-rules-vs-ai-best-practices-2026\/\" class=\"nx-inline-link\">AML transaction monitoring<\/a> or <a href=\"https:\/\/nexiant.ai\/resources\/blogs\/sanctions-screening-guide\/\" class=\"nx-inline-link\">sanctions screening<\/a> platform could meet the threshold for a major incident classification if it affects a significant volume of transactions or creates a period of non-compliance. The DORA reporting timeline is strict:<\/p>\n\n  <div class=\"nx-timeline-h\">\n    <div class=\"nx-tl-h-item\">\n      <div class=\"nx-tl-h-dot\">4h<\/div>\n      <div class=\"nx-tl-h-label\">Initial Notification<\/div>\n      <p>Within 4 hours of classifying as major (no later than 24h of becoming aware)<\/p>\n    <\/div>\n    <div class=\"nx-tl-h-item\">\n      <div class=\"nx-tl-h-dot\">72h<\/div>\n      <div class=\"nx-tl-h-label\">Intermediate Report<\/div>\n      <p>Intermediate update to the competent authority within 72 hours<\/p>\n    <\/div>\n    <div class=\"nx-tl-h-item\">\n      <div class=\"nx-tl-h-dot\">1mo<\/div>\n      <div class=\"nx-tl-h-label\">Final Report<\/div>\n      <p>Full final report submitted within one month of the intermediate report<\/p>\n    <\/div>\n  <\/div>\n\n  <div class=\"nx-callout\">\n    <div class=\"nx-callout-title\">\ud83d\udca1 Compliance teams must coordinate with ICT risk functions<\/div>\n    <p>Financial crime system outages must be included in the incident classification framework \u2014 and notification procedures must be documented and tested before an incident occurs, not drafted in response to one.<\/p>\n  <\/div>\n\n  <h2 id=\"third-party-contracts\"><span class=\"ez-toc-section\" id=\"ICT_Third-Party_Risk_What_Contracts_Must_Include\"><\/span>ICT Third-Party Risk: What Contracts Must Include<span class=\"ez-toc-section-end\"><\/span><\/h2>\n  <p>DORA&#8217;s third-party risk requirements are particularly relevant for institutions using cloud-hosted or vendor-managed AML and fraud detection platforms. Contracts with Critical ICT Third-Party Providers must include specific provisions:<\/p>\n\n  <div class=\"nx-obligations\">\n    <div class=\"nx-obl-item\">\n      <h4>Information Security<\/h4>\n      <p>Defined security standards, access controls, encryption requirements, and vulnerability management obligations for the vendor.<\/p>\n    <\/div>\n    <div class=\"nx-obl-item\">\n      <h4>Data Access and Audit Rights<\/h4>\n      <p>The institution&#8217;s right to audit the vendor&#8217;s systems and access data held on its behalf \u2014 on demand and with defined notice periods.<\/p>\n    <\/div>\n    <div class=\"nx-obl-item\">\n      <h4>Service Continuity and Disaster Recovery<\/h4>\n      <p>Defined recovery time objectives, business continuity plans, and geographic redundancy requirements to ensure AML system availability.<\/p>\n    <\/div>\n    <div class=\"nx-obl-item\">\n      <h4>Exit Assistance and Data Portability<\/h4>\n      <p>Clear obligations on the vendor to support migration to an alternative provider \u2014 including data export in usable formats within defined timelines.<\/p>\n    <\/div>\n    <div class=\"nx-obl-item\">\n      <h4>Regulatory Access and Inspection Rights<\/h4>\n      <p>Supervisory authorities&#8217; right to access and inspect the vendor&#8217;s premises and systems where relevant to the institution&#8217;s regulated activities.<\/p>\n    <\/div>\n    <div class=\"nx-obl-item\">\n      <h4>Incident Notification<\/h4>\n      <p>Vendor obligations to notify the institution of ICT incidents within defined timeframes consistent with the institution&#8217;s own DORA reporting obligations.<\/p>\n    <\/div>\n  <\/div>\n\n  <h2 id=\"procurement-implications\"><span class=\"ez-toc-section\" id=\"Implications_for_Financial_Crime_Technology_Procurement\"><\/span>Implications for Financial Crime Technology Procurement<span class=\"ez-toc-section-end\"><\/span><\/h2>\n  <p>DORA significantly raises the due diligence bar for procuring financial crime technology from third-party vendors. Procurement assessments must now evaluate:<\/p>\n\n  <div class=\"nx-table-wrap\">\n    <table class=\"nx-table\">\n      <thead>\n        <tr>\n          <th>Assessment Area<\/th>\n          <th>Key Questions<\/th>\n          <th>Priority<\/th>\n        <\/tr>\n      <\/thead>\n      <tbody>\n        <tr>\n          <td><strong>Operational Resilience<\/strong><\/td>\n          <td>Business continuity, disaster recovery, geographic redundancy<\/td>\n          <td><span class=\"nx-badge nx-badge--red\">Critical<\/span><\/td>\n        <\/tr>\n        <tr>\n          <td><strong>Security Certifications<\/strong><\/td>\n          <td>ISO 27001, SOC 2, or equivalent \u2014 current and auditable<\/td>\n          <td><span class=\"nx-badge nx-badge--red\">Critical<\/span><\/td>\n        <\/tr>\n        <tr>\n          <td><strong>DORA Contractual Provisions<\/strong><\/td>\n          <td>Ability to support all mandatory DORA contract requirements<\/td>\n          <td><span class=\"nx-badge nx-badge--red\">Critical<\/span><\/td>\n        <\/tr>\n        <tr>\n          <td><strong>CTPP Designation Status<\/strong><\/td>\n          <td>Is the vendor designated or likely to be designated as a Critical Third-Party Provider?<\/td>\n          <td><span class=\"nx-badge nx-badge--blue\">Monitor<\/span><\/td>\n        <\/tr>\n        <tr>\n          <td><strong>Testing Cooperation<\/strong><\/td>\n          <td>Ability to support TLPT and vulnerability assessment programmes<\/td>\n          <td><span class=\"nx-badge nx-badge--red\">Critical<\/span><\/td>\n        <\/tr>\n      <\/tbody>\n    <\/table>\n  <\/div>\n\n  <div class=\"nx-callout nx-callout--warning\">\n    <div class=\"nx-callout-title\">\u26a0 Existing contracts must be reviewed<\/div>\n    <p>Institutions should revisit existing contracts with financial crime technology vendors to assess DORA compliance gaps and initiate renegotiation where necessary. DORA required existing contracts to be brought into compliance by the application date \u2014 a requirement that has driven significant contract review activity across the EU financial sector since 2024.<\/p>\n  <\/div>\n\n  <hr class=\"nx-divider\">\n\n  <h2 id=\"frequently-asked-questions\"><span class=\"ez-toc-section\" id=\"Frequently_Asked_Questions\"><\/span>Frequently Asked Questions<span class=\"ez-toc-section-end\"><\/span><\/h2>\n  <div class=\"nx-faq\">\n    <div class=\"nx-faq-item\">\n      <button class=\"nx-faq-q\" aria-expanded=\"false\">What is DORA and which financial entities does it apply to?<span class=\"nx-chevron\"><svg viewBox=\"0 0 10 6\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><path d=\"M1 1l4 4 4-4\"\/><\/svg><\/span><\/button>\n      <div class=\"nx-faq-a\">DORA (Regulation (EU) 2022\/2554) applies to a broad range of EU financial entities including banks, investment firms, payment institutions, insurance companies, crypto-asset service providers, and their critical ICT third-party service providers. It establishes requirements for ICT risk management, incident reporting, resilience testing, and third-party risk management to ensure the digital operational resilience of the EU financial sector.<\/div>\n    <\/div>\n    <div class=\"nx-faq-item\">\n      <button class=\"nx-faq-q\" aria-expanded=\"false\">Does DORA apply to AML and fraud detection systems?<span class=\"nx-chevron\"><svg viewBox=\"0 0 10 6\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><path d=\"M1 1l4 4 4-4\"\/><\/svg><\/span><\/button>\n      <div class=\"nx-faq-a\">Yes. AML transaction monitoring platforms, sanctions screening tools, fraud detection systems, and financial crime case management solutions are ICT systems within DORA&#8217;s scope for EU financial entities. Those classified as critical ICT systems face enhanced governance requirements including board-level accountability, resilience planning, and inclusion in the digital operational resilience testing programme.<\/div>\n    <\/div>\n    <div class=\"nx-faq-item\">\n      <button class=\"nx-faq-q\" aria-expanded=\"false\">What are the incident reporting timelines under DORA?<span class=\"nx-chevron\"><svg viewBox=\"0 0 10 6\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><path d=\"M1 1l4 4 4-4\"\/><\/svg><\/span><\/button>\n      <div class=\"nx-faq-a\">For major ICT-related incidents, DORA requires: an initial notification within four hours of classifying the incident as major (and no later than 24 hours after becoming aware), an intermediate report within 72 hours, and a final report within one month of the intermediate report. Financial entities must have documented and tested procedures to classify incidents and initiate reporting within these timelines.<\/div>\n    <\/div>\n    <div class=\"nx-faq-item\">\n      <button class=\"nx-faq-q\" aria-expanded=\"false\">What contracts with financial crime technology vendors need to be updated for DORA?<span class=\"nx-chevron\"><svg viewBox=\"0 0 10 6\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><path d=\"M1 1l4 4 4-4\"\/><\/svg><\/span><\/button>\n      <div class=\"nx-faq-a\">Contracts with ICT third-party providers of financial crime technology must include provisions on information security, data access and audit rights, service continuity and disaster recovery, exit assistance and data portability, sub-contracting restrictions, regulatory access and inspection rights, and incident notification. DORA specifies minimum contractual requirements that must be reflected in all in-scope agreements.<\/div>\n    <\/div>\n    <div class=\"nx-faq-item\">\n      <button class=\"nx-faq-q\" aria-expanded=\"false\">How does DORA interact with EU AML regulations?<span class=\"nx-chevron\"><svg viewBox=\"0 0 10 6\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><path d=\"M1 1l4 4 4-4\"\/><\/svg><\/span><\/button>\n      <div class=\"nx-faq-a\">DORA governs how financial entities manage the ICT systems that underpin their regulated activities \u2014 it does not change the substantive AML obligations under the Anti-Money Laundering Directives. However, an institution that cannot demonstrate its AML systems are operationally resilient, tested, and recoverable faces both DORA compliance risk and the potential for an AML compliance failure during an ICT outage. The two frameworks are complementary and must be managed in parallel.<\/div>\n    <\/div>\n  <\/div>\n\n  <div class=\"nx-cta\">\n    <h3>Assessing your financial crime systems for DORA compliance?<\/h3>\n    <p>Nexiant supports EU-regulated institutions in aligning their AML and fraud detection technology governance with DORA&#8217;s operational resilience requirements.<\/p>\n    <a href=\"\/contact\">Get in touch with our team<\/a>\n  <\/div>\n\n  <p class=\"nx-disclaimer\">This article was accurate at the time of publication in May 2026 and is intended for general informational purposes only. It does not constitute legal or compliance advice. Organisations should seek qualified professional counsel in relation to their specific obligations under EU law.<\/p>\n\n<\/div>\n\n<script>\n  document.querySelectorAll('.nx-faq-q').forEach(function(btn) {\n    btn.addEventListener('click', function() {\n      var expanded = this.getAttribute('aria-expanded') === 'true';\n      this.setAttribute('aria-expanded', !expanded);\n      this.nextElementSibling.classList.toggle('open', !expanded);\n    });\n  });\n<\/script>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Your AML transaction monitoring platform, sanctions screening tool, and fraud detection system are all ICT systems under DORA. Here&#8217;s what EU-regulated institutions must have in place \u2014 and where compliance gaps are most commonly found.<\/p>\n","protected":false},"author":2,"featured_media":478,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[47,15],"tags":[],"class_list":["post-477","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-european-union","category-risk-management"],"blocksy_meta":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/nexiant.ai\/resources\/blogs\/wp-json\/wp\/v2\/posts\/477","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nexiant.ai\/resources\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nexiant.ai\/resources\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nexiant.ai\/resources\/blogs\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nexiant.ai\/resources\/blogs\/wp-json\/wp\/v2\/comments?post=477"}],"version-history":[{"count":1,"href":"https:\/\/nexiant.ai\/resources\/blogs\/wp-json\/wp\/v2\/posts\/477\/revisions"}],"predecessor-version":[{"id":479,"href":"https:\/\/nexiant.ai\/resources\/blogs\/wp-json\/wp\/v2\/posts\/477\/revisions\/479"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nexiant.ai\/resources\/blogs\/wp-json\/wp\/v2\/media\/478"}],"wp:attachment":[{"href":"https:\/\/nexiant.ai\/resources\/blogs\/wp-json\/wp\/v2\/media?parent=477"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nexiant.ai\/resources\/blogs\/wp-json\/wp\/v2\/categories?post=477"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nexiant.ai\/resources\/blogs\/wp-json\/wp\/v2\/tags?post=477"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}