Resumen

Review DORA ICT risk management framework for core banking services

Conduct a full DORA gap analysis across all Core service units and remediate critical ICT risk management deficiencies within 30 days.

Complete PSD2 Strong Customer Authentication compliance audit

Execute a comprehensive SCA compliance audit covering all payment initiation and account information flows.

Submit EU AI Act conformity assessment for FinScore

Prepare and submit the mandatory conformity assessment for the FinScore credit scoring system classified as high-risk under the EU AI Act.

Conduct GDPR data minimization review for banking aggregation

Audit all PSD2 account information data flows to ensure data minimization principles are enforced and excess data retention is eliminated.

Establish NIS2 incident reporting procedures

Implement NIS2-compliant incident reporting workflows with 24-hour early warning and 72-hour full notification capabilities across all service units.

Assess partner API concentration risk for lending providers

Evaluate third-party concentration risk across lending partner integrations and establish fallback routing for critical credit data providers.