Cybersecurity SME
Check Compliance

Cybersecurity for the Finance & Investments Sector

Asset management companies, investment firms and fintech. 20-500 employees.

Applicable Regulations

ACN Determination - NIS2 Security Measures

0 guides

Determina ACN 38565/2025

Soggetti essenziali e importanti registrati presso ACN. Authority: ACN - Agenzia per la Cybersicurezza Nazionale.

Penalties: Sanzioni previste dal D.Lgs. 138/2024
Authority: ACN - Agenzia per la Cybersicurezza Nazionale
Deadline: April 14, 2025
Explore guides

ACPR IT Security Instructions for Financial Sector

0 guides

Instruction ACPR 2014-I-07

Etablissements de credit et d'assurance sous supervision ACPR. Authority: ACPR (Autorite de Controle Prudentiel et de Resolution).

Penalties: Disciplinary sanctions by ACPR
Authority: ACPR (Autorite de Controle Prudentiel et de Resolution)
Deadline: November 4, 2014
Explore guides

AI Act

4 guides

EU Regulation 2024/1689

Regulation of artificial intelligence systems in the EU with a risk-based approach. Phased application: prohibited practices from Feb 2, 2025, GPAI obligations from Aug 2, 2025, high-risk systems from Aug 2, 2026

Penalties: Up to €35M or 7% of turnover (prohibited practices); €15M or 3% (other obligations); €7.5M or 1% (inaccurate information). SMEs: proportionate caps
Authority: AI Office (EU Commission) + AgID (Italy)
Deadline: August 2, 2026
Explore guides

BaFin IT Requirements for Capital Management Companies

0 guides

KAIT (BaFin Rundschreiben 11/2019)

Kapitalverwaltungsgesellschaften (KVG). Authority: BaFin.

Penalties: Regulatory measures by BaFin including license revocation
Authority: BaFin
Deadline: October 1, 2019
Explore guides

Banco de Portugal Notice 1/2021 - ICT Risk Management

0 guides

Aviso BdP n. 1/2021

Instituicoes de credito e empresas de investimento. Authority: Banco de Portugal.

Penalties: Regulatory sanctions by Banco de Portugal
Authority: Banco de Portugal
Deadline: January 1, 2021
Explore guides

Bank of Greece IT Risk Management Framework

0 guides

BoG Governor Act 2577/2006 (as amended)

Pistotika idrymata kai epicheiriseis ependyseon. Authority: Trapeza tis Ellados (Bank of Greece).

Penalties: Regulatory sanctions by Bank of Greece
Authority: Trapeza tis Ellados (Bank of Greece)
Deadline: March 9, 2006
Explore guides

Bank of Lithuania Resolution on ICT Management Requirements

0 guides

LB Nutarimas Nr. 03-18 (2020)

Kredito istaigas, draudimo imones, mokejimo istaigas. Authority: Lietuvos bankas (Bank of Lithuania).

Penalties: Regulatory sanctions by Bank of Lithuania
Authority: Lietuvos bankas (Bank of Lithuania)
Deadline: June 1, 2020
Explore guides

Bank of Slovenia Decision on Information Security Management

0 guides

Sklep BS (Ur. l. RS 73/2018)

Kreditne institucije in poddruznice tujih bank. Authority: Banka Slovenije.

Penalties: Regulatory sanctions by Bank of Slovenia
Authority: Banka Slovenije
Deadline: December 1, 2018
Explore guides

Bank of Spain Circular 2/2023 on Technology Risk Supervision

0 guides

Circular 2/2023 BdE

Entidades de credito y proveedores de servicios de pago. Authority: Banco de Espana.

Penalties: Regulatory sanctions by Banco de Espana
Authority: Banco de Espana
Deadline: June 30, 2023
Explore guides

Bankaufsichtliche Anforderungen an die IT

0 guides

BAIT

Banks and financial service providers. Authority: BaFin.

Penalties: National penalties apply
Authority: BaFin
Deadline: November 6, 2017
Explore guides

Bankitalia 285 - Disposizioni di Vigilanza Banche (Titolo IV)

2 guides

BANKITALIA285

National cybersecurity and compliance obligations for organizations within the scope of this regulation.

Penalties: National penalties apply
Authority: Banca d'Italia
Deadline: December 17, 2013
Explore guides

Bankwesengesetz - IT security provisions

0 guides

BWG

Banks, credit institutions. Authority: FMA / OeNB.

Penalties: National penalties apply
Authority: FMA / OeNB
Deadline: January 1, 1993
Explore guides

BNR Norm 4/2018 on IT Operational Risk Management

0 guides

Norma BNR nr. 4/2018

Institutii de credit si institutii financiare. Authority: Banca Nationala a Romaniei (BNR).

Penalties: Regulatory sanctions by BNR
Authority: Banca Nationala a Romaniei (BNR)
Deadline: June 1, 2018
Explore guides

CBI Cross-Industry Guidance on IT and Cybersecurity Risks

0 guides

CBICROSS

Financial services firms regulated by CBI. Authority: CBI.

Penalties: National penalties apply
Authority: CBI
Deadline: September 1, 2016
Explore guides

CBI Operational Resilience Guidelines

0 guides

CBIOPRES

Banks, insurance companies, investment firms. Authority: CBI.

Penalties: National penalties apply
Authority: CBI
Deadline: December 1, 2021
Explore guides

CSIRT KNF - Financial Sector CSIRT

0 guides

CSIRTKNF

Financial sector entities. Authority: KNF.

Penalties: National penalties apply
Authority: KNF
Deadline: January 1, 2020
Explore guides

CSSF Circulars on IT outsourcing and cybersecurity (17/654, 22/806)

0 guides

CSSFCIRC

Financial sector entities. Authority: CSSF.

Penalties: National penalties apply
Authority: CSSF
Deadline: June 1, 2017
Explore guides

Danish FSA IT Security Requirements for Financial Sector

0 guides

BEK nr. 1580 af 17/12/2019

Pengeinstitutter, forsikringsselskaber og vaerdipapirhandlere. Authority: Finanstilsynet.

Penalties: Regulatory measures by Finanstilsynet
Authority: Finanstilsynet
Deadline: January 1, 2020
Explore guides

DNB Good Practice Information Security

0 guides

DNB Guidance 2019

Financiele instellingen onder toezicht van DNB. Authority: De Nederlandsche Bank (DNB).

Penalties: DNB regulatory measures
Authority: De Nederlandsche Bank (DNB)
Deadline: April 1, 2019
Explore guides

DORA

3 guides

EU Regulation 2022/2554

Digital operational resilience for the financial sector

Penalties: Up to €10M or 5% of annual turnover
Authority: EBA, ESMA, EIOPA (ESAs) - Bank of Italy in Italy
Deadline: January 17, 2025
Explore guides

EFSA Guidelines on IT Risk Management for Financial Sector

0 guides

Finantsinspektsiooni soovituslik juhend (2020)

Krediidiasutused, kindlustusseltsid, investeerimisettevotted. Authority: Finantsinspektsioon (EFSA).

Penalties: Regulatory sanctions by EFSA
Authority: Finantsinspektsioon (EFSA)
Deadline: January 1, 2020
Explore guides

FCMC Regulations on IT and Security Risk Management

0 guides

FKTK normativie noteikumi 233 (2020)

Kreditiestades, apdrosinasanas sabiedribas, ieguldijumu uznemumi. Authority: FKTK (Finansu un kapitala tirgus komisija) / Latvijas Banka.

Penalties: Regulatory sanctions by Latvijas Banka
Authority: FKTK (Finansu un kapitala tirgus komisija) / Latvijas Banka
Deadline: September 1, 2020
Explore guides

FFFS 2014:5 Informationssaekerhet, it-verksamhet

0 guides

FFFS20145

Banks, securities companies, credit market companies. Authority: Finansinspektionen.

Penalties: National penalties apply
Authority: Finansinspektionen
Deadline: May 1, 2014
Explore guides

Finanssivalvonta Standards and Regulations on IT risk management

0 guides

FINFSASTANDARDS

Banks, insurance companies, pension funds, investment firms. Authority: Finanssivalvonta.

Penalties: National penalties apply
Authority: Finanssivalvonta
Deadline: January 1, 2004
Explore guides

FMA IT Security Regulation for Financial Sector

0 guides

FMA-IT-SichV 2021

Kreditinstitute, Versicherungsunternehmen, Wertpapierfirmen. Authority: FMA (Finanzmarktaufsicht).

Penalties: Regulatory measures by FMA
Authority: FMA (Finanzmarktaufsicht)
Deadline: September 1, 2021
Explore guides

GDPR

4 guides

EU Regulation 2016/679

Personal data protection in the European Union

Penalties: Up to €20M or 4% of annual global turnover
Authority: Data Protection Authority (Garante per la Protezione dei Dati Personali)
Explore guides

IKT-forskrift for finansforetak (IKT regulation for financial entities)

0 guides

IKT_FORSKRIFT

Banks, insurance, pension, securities firms. Authority: Finanstilsynet.

Penalties: National penalties apply
Authority: Finanstilsynet
Deadline: May 21, 2003
Explore guides

ISO 27001

2 guides

ISO/IEC 27001:2022 - International standard

Information Security Management System (ISMS)

Penalties: N/A (voluntary standard)
Authority: Accredited certification bodies (Accredia in Italy)
Explore guides

KNF Recommendation D - Management of IT and ICT Environment

0 guides

KNFREKOM

Banks, credit institutions. Authority: KNF.

Penalties: National penalties apply
Authority: KNF
Deadline: January 1, 2013
Explore guides

Legislative Decree 138/2024 - NIS2 Transposition

0 guides

D.Lgs. 138/2024

Soggetti essenziali e importanti nei 18 settori NIS2 (50+ dipendenti o 10M+ fatturato). Authority: ACN - Agenzia per la Cybersicurezza Nazionale.

Penalties: Fino a 10 milioni di euro o 2% del fatturato mondiale annuo
Authority: ACN - Agenzia per la Cybersicurezza Nazionale
Deadline: October 16, 2024
Explore guides

MFSA ICT Risk Management Requirements (Banking Rule BR/22)

0 guides

MFSA Banking Rule BR/22

Credit institutions, insurance undertakings, investment services licensees. Authority: MFSA (Malta Financial Services Authority).

Penalties: Regulatory sanctions by MFSA
Authority: MFSA (Malta Financial Services Authority)
Deadline: January 1, 2021
Explore guides

MNB Recommendation on IT Security for Financial Institutions

0 guides

MNB Ajnlas 8/2020

Hitelintezetek, biztositok, penzugyi valalatok. Authority: Magyar Nemzeti Bank (MNB).

Penalties: Regulatory sanctions by MNB
Authority: Magyar Nemzeti Bank (MNB)
Deadline: October 1, 2020
Explore guides

NBB Circular on ICT Security Expectations for Financial Institutions

0 guides

Circulaire NBB_2015_32

Etablissements de credit, entreprises d'assurance, institutions de paiement. Authority: Banque Nationale de Belgique (NBB/BNB).

Penalties: Regulatory sanctions by NBB
Authority: Banque Nationale de Belgique (NBB/BNB)
Deadline: November 18, 2015
Explore guides

NBS Measure 3/2018 on IT Risk Management

0 guides

Opatrenie NBS c. 3/2018

Banky, poistovne, investicne spolocnosti. Authority: Narodna banka Slovenska (NBS).

Penalties: Regulatory sanctions by NBS
Authority: Narodna banka Slovenska (NBS)
Deadline: July 1, 2018
Explore guides

NIS2

4 guides

EU Directive 2022/2555 - Legislative Decree 138/2024

Network and information security for essential and important entities

Penalties: Up to €10M or 2% of annual turnover
Authority: ACN - National Cybersecurity Agency
Deadline: October 17, 2024
Explore guides

Ordinance on Minimum Network and Information Security Requirements

0 guides

Naredba za MMIS (prieta s PMS 186/2019)

Operators of essential services and digital service providers. Authority: State Agency for Cybersecurity.

Penalties: BGN 5,000 to BGN 25,000 for first offence
Authority: State Agency for Cybersecurity
Deadline: August 2, 2019
Explore guides

PCI-DSS

2 guides

PCI-DSS v4.0 (effective March 31, 2024)

Security standard for entities that handle, process, or transmit payment card data

Penalties: Fines from card networks (Visa, Mastercard) up to $500K/month + revocation
Authority: PCI Security Standards Council
Explore guides

Discover Your Compliance Level for Finance & Investments

Check in just a few minutes which regulations apply to your finance & investments business and the priority actions to become compliant.

Start Free Assessment

Audit your website automatically

Scan your public website for GDPR cookie banner, accessibility (WCAG 2.1 AA), legal transparency and security headers — AI generates copy-pasteable fixes and a PDF report.

Discover the Website Compliance Audit