Article November 30, 2025

2026 EU financial services compliance: the tech and teams you need to succeed

From AI governance to instant payments and fraud liability, EU regulation is reshaping how fintechs operate. Here’s what’s changing in 2026 and how to prepare your technology and teams for what comes next.

What’s driving EU financial services compliance in 2026

From capital adequacy and operational resilience to ESG reporting, AI governance, and anti-money laundering, regulatory expectations now reach deep into financial institutions’ technology stacks and operating models. Frameworks such as CRR III/CRD VI, DORA, PSD3, and the upcoming AMLA regime are already reshaping how banks and fintechs build, secure, and scale their systems.

Meeting these requirements is not just about implementing the right tools. It requires teams that can continuously adapt systems, respond to evolving guidance, and support stricter supervisory scrutiny. In this article, we look at the key EU financial services regulations shaping 2026, and the technology and skills financial institutions need to stay compliant without slowing innovation.

Core EU regulations shaping banks and financial institutions

Looking ahead, the 2025 regulatory landscape marks a transformative phase for European financial institutions, focusing on areas like fraud prevention, operational resilience, and risk management. Here’s a closer look at the regulations you must prepare for and how our teams can assist you in making compliance more manageable.

CRR III/CRD VI Banking Package

Built on the Basel III framework, the CRR III/CRD VI Banking Package is one of the most extensive regulations to come into force in 2025. It aims to improve banks’ financial stability and resilience by updating the EU's capital requirements, risk assessments, and reporting obligations. Meeting the new mandates won’t be easy; for example, CRR III requires banks to evaluate the quality of property collateral, its legal enforceability, and careful valuation, going beyond standard methods to ensure they have enough resources to manage financial stress.

If you're gearing up for these changes, AI-enhanced collateral management systems and automated valuation models provide priceless support. They effectively track, manage, and optimise the assets pledged as collateral to ensure maximum value and protection against loans or credit risks. To do that reliably and ensure compliance with CRR III's strict provisions, modern collateral management systems use real-time data to evaluate a bank’s assets and provide an up-to-date view of the bank's financial condition and risks.

In addition, automated valuation models, especially those using machine learning, offer accurate, real-time property valuations while reducing human error. They can instantly analyse massive datasets to deliver precise valuations, consistent with previous property appraisals. Instead of using unreliable spreadsheet-based processes and fragmented workflows, these models allow bank staff to track every asset with just a few clicks.

To tap into these and other innovations that will make compliance with CRR III/CRD VI requirements less complex, you need support from professionals proficient at handling machine learning models. For example, a data science expert adept in Python, Django, PostgreSQL, and machine learning technologies and algorithms who led an AI-driven project for one of our fintech clients. The right mix of skills and experience, along with the strategic hiring of a dedicated team, will facilitate the development of solutions that ensure compliance with the new banking package.

Digital Operational Resilience Act (“DORA”)

With DORA’s arrival in January 2025, the EU is raising the bar for IT resilience across financial institutions. Now, systems will be required to withstand, adapt, and recover from disruptions seamlessly.

DORA focuses on cybersecurity and data protection. These standards require real-time threat intelligence, swift incident response, and strong encryption measures to keep data safe and confidential. This also extends to the entire supply chain. Financial firms must ensure their providers adhere to the new procedures, including those for incident reporting, exit strategies, and contractual obligations around resilience.

As cybercrime risks continue to rise, the finance sector is increasing its investment in regulatory technology (regtech) to ensure stronger regulatory oversight. In 2021, the global investment in regtech solutions reached €11 billion. These tools reduce administrative loads and minimise potential errors by automating compliance tracking and simplifying reporting. They can also apply analytical capabilities to detect and mitigate risks by analysing past patterns and enhancing those analyses with incoming, real-time information.

Another effective tool that can effectively help financial organisations meet DORA requirements and keep their asset safe is digital twins. By creating virtual replicas of their systems, banks and fintechs can simulate outages and cyberattacks and assess how their infrastructure performs without compromising the integrity or confidentiality of data. Powered by machine learning algorithms, this technology analyses thousands of potential risk scenarios and provides insights for better risk assessment.

Again, as crucial as regtech and digital twins may be for DORA compliance, they demand highly specialised skills. These can be secured fast with augmented teams providing essential cybersecurity, system automation, and data processing expertise.

Payment Services Directive (PSD3)

PSD3 tightens customer authentication and information-sharing standards, encouraging secure data exchange between banks, payment providers, and third-party services. The goal is to make financial services safer and more accessible for EU Member States. To meet these standards, fintech companies continue to adopt open banking APIs. These allow them to instantly and securely share data across platforms, creating a seamless, interconnected financial ecosystem with other financial providers, regulatory bodies, data aggregators, investment and e-commerce platforms, and so on.

Secure financial exchanges are also enabled by distributed ledger technologies (DLT), including blockchain, currently in use by 22% of EU banks, with 60% more exploring their capabilities. Technology can support compliance with PSD3 regulations in many ways. First, by making tracing payment flows easier, as all transactions are verified across multiple nodes. By offering an immutable record of all transactions and making them easy to access and monitor, DLT allows for easy verification of all dealings and precludes tampering with records. Blockchain and its counterparts also subscribe to PSD3’s reporting and real-time monitoring standards, offering on-demand insight into current transactions.

To adequately respond to PSD3’s push to improve customer identification and reduce payment fraud, finance institutions are deploying multi-factor authentication (MFA) and AI-powered Know Your Customer (KYC) solutions. Automated KYC models replace manually reviewing passports and IDs and cross-referencing details against the government and third-party databases with real-time, immediate identity checks. This helps eliminate human error and improves the onboarding experience for customers, who can securely manage their finances from their phone screens.

The tools to meet requirements mandated by PSD3 are there, but someone needs to integrate them into a complex financial tech stack. Finding tech professionals skilled in industry-specific technologies and regulatory compliance can be challenging, but we can support you. Through staff augmentation, we quickly place API experts, data analysts, and AI developers into your team, shortening your path to secure, scalable compliance with no upfront fees or risks involved.

EBA guidelines on the management of ESG risks

The European Banking Authority’s guidelines on managing Environmental, Social, and Governance (ESG) risks call for financial institutions to integrate ESG factors into their strategic and operational decisions. These guidelines will press your business to rigorously monitor and report ESG exposures and impacts.

So, where do you start? A few essential technologies can streamline your ESG journey, such as risk management platforms, sustainability assessment tools, and environmental monitoring systems. These solutions – each individually and together – help evaluate your organisation’s environmental, social, and economic impacts by tracking and analysing vast data. This can include energy use, waste generation, and carbon emissions.

The potential of ESG tools spans beyond measuring things and tracking their compliance against the imposed thresholds. Enhanced with predictive models, they can deliver actionable insights that help companies forecast environmental impacts, identify non-compliance, and predict financial risks. Altogether, this leads to a better alignment of business strategy with sustainability goals and regulations.

On the downside, integrating these vital yet advanced systems often requires niche expertise in data science, environmental analytics, and regulatory standards. These skills typically fall outside the core experience of a traditional finance team. And even if you already have them in place, a proper setup and data strategy are necessary to ensure ROI and compliance. Meanwhile, 82% of banks globally lack the quality data to integrate ESG, and another 75% lack the right talent to do so. At Nortal, we can quickly bridge these gaps for you with specialists in data science, environmental analytics, and regulatory standards. Our network of experts can help your team turn ESG data into actionable insights, ensuring compliance and impact.

Anti-Money Laundering Authority (AMLA) Checks

The Anti-Money Laundering Authority (AMLA) is set to become the EU’s central authority for anti-money laundering (AML), bringing stricter, harmonised measures to financial institutions across member states. This agency will close regulatory loopholes, unify AML and counter-terrorist financing (CTF) practices, and streamline compliance across borders. It is about to impact how your organisation manages and monitors financial transactions.

Compliance with AMLA will demand advanced tools like transaction monitoring systems, screening solutions, and risk assessment platforms. Transaction monitoring systems detect suspicious activity in real-time while screening solutions to cross-check customer data against global watchlists. With global AML technology spending projected to reach $51.7 billion by 2028, industry leaders like Deutsche Bank are already enhancing their AML infrastructure (likely to protect themselves from incurring hefty multi-million dollar fines from the Financial Conduct Authority due to past AML failures).

But the task, again, is not easy. Building a strong AMLA compliance infrastructure involves a mix of languages and frameworks (including Python for AI and ML programming and R for statistical analyses and predictive analytics) and industry-specific algorithms for screening, classifying and assessing transactions. And the challenge goes beyond technology. It’s also about securing the right expertise to maintain compliance as standards evolve.

Building in-house teams with AML, data analytics, and compliance skills is time-intensive and costly, especially for fintechs aiming to scale. In contrast, our augmented teams offer immediate access to tech specialists with experience in the financial sector. They ensure that systems are tailored to meet AMLA’s stringent requirements, while their flexibility helps institutions stay ahead of evolving regulatory expectations.

New fintech-specific regulations shaping compliance in 2026

While core banking and financial services regulations continue to evolve, fintechs are facing an additional layer of regulatory change driven by the way digital financial products are built and operated. In 2025 and 2026, regulators are placing increasing focus on areas such as artificial intelligence, real-time payments, fraud prevention, and digital identity – all of which sit at the heart of modern fintech platforms.

These developments go beyond traditional compliance checklists. They directly affect product architecture, data governance, and operating models, requiring fintechs to adapt not just what they build, but how systems are designed, monitored, and maintained over time. The following regulatory shifts are particularly important for fintech organisations preparing for 2026.

The EU AI Act: a turning point for fintech compliance

The EU Artificial Intelligence Act introduces an entirely new compliance layer that is particularly significant for fintechs and digitally led financial institutions. While the regulation entered into force in 2024, its impact accelerates through 2025 and becomes fully enforceable for high-risk systems from August 2026. Many of the AI use cases common in fintech – including credit scoring, loan approval, fraud detection, AML risk profiling, and automated decision-making that affects access to financial services – are explicitly classified as high-risk AI systems under the Act.

From 2025, organisations are already required to avoid prohibited AI practices and begin documenting AI systems, their intended use, and training data. Once full obligations apply in 2026, high-risk systems must meet strict requirements around risk management, human oversight, transparency, auditability, and ongoing monitoring. For fintechs, this marks a shift away from treating AI purely as a performance optimisation tool. Compliance now depends on how AI models are built, governed, tested, and maintained over time, often requiring changes to operating models, internal controls, and team capabilities, not just technical adjustments to algorithms.

Instant euro payments and verification of payee (VoP)

From 2026, new EU rules will require payment service providers to support instant euro credit transfers, available 24/7 and executed within seconds. Alongside this, providers must implement verification of payee (VoP) checks before transactions are completed, allowing customers to confirm that the beneficiary details match the intended recipient. The aim is to reduce misdirected payments and combat fraud, particularly in real-time payment environments.

For fintechs, these requirements raise the bar significantly. Supporting instant payments at scale demands highly resilient infrastructure, real-time monitoring, and automated compliance controls that operate without introducing friction or delays. VoP checks must be tightly integrated into payment flows, identity data, and fraud detection systems. Together, these changes place new demands on both system architecture and operational readiness, particularly for fintechs handling high transaction volumes across multiple markets.

Digital identity and onboarding: the EU Digital Identity Wallet

The rollout of the EU Digital Identity Wallet (EUDI Wallet) represents another major shift for fintech compliance and customer onboarding. Under the revised eIDAS framework, EU Member States must make at least one digital identity wallet available by late 2026. Regulated private-sector services – including banks and fintechs – will be expected to accept wallet-based authentication for use cases requiring strong identity verification in the years that follow.

For fintechs, this will reshape KYC, onboarding, and authentication processes. Identity verification flows will need to support new standards for credential exchange, user consent, and interoperability across borders. While the wallet promises improved security and user experience, integrating it into existing systems will require updates to identity APIs, compliance workflows, and data governance practices. As with other regulatory changes, the challenge is not only technical integration, but ensuring teams are equipped to operate and maintain compliant identity systems as standards evolve.

How augmented teams support ongoing regulatory compliance

The fines imposed by global financial regulators on banking and finance institutions for non-compliance in the first half of 2025, totalling $1.23bn – a 417% increase on the same period in 2024.

And while multi-billion-dollar global institutions like Nordea Bank or William Hill can absorb regulatory fines, smaller financial organisations are at risk. For them, this could mean insolvency, especially if their reputation takes a hit and customers start turning their backs.

Augmented finance tech teams may help reduce that risk. They bring a mix of skills and expertise to build solutions that keep you compliant with current and upcoming regulations. Here’s why it’s an option worth considering:

Fast access to niche skills

Speed is essential for adapting to time-sensitive regulations like AMLA. That means you need your tech experts to start working as soon as possible. With our tried and tested hiring process, you’ll have the best candidates ready to join your team in 4 to 8 weeks.

Consistent and reliable staffing

Traditional hiring can lead to turnover, disrupting compliance efforts. However, we focus on finding talent who match your team’s skill requirements and company culture. Our augmented teams boast a remarkable retention rate of 95.7%, safeguarding the continuity of your business.

Expertise in enabler tech

Financial compliance today demands an advanced understanding of technologies like AI-powered risk assessment, open banking APIs, RegTech, and digital twins. Our global talent network spans specialists proficient in blockchain, AI, and cybersecurity, both, in theory and practice. This minimises the need for extensive training and allows their seamless integration into your projects, being ready to add value from day one.

Scalability on demand

Regulatory demands fluctuate, so you always have the option to adjust your team size without the cost commitments of permanent hiring. This flexibility helps you manage unpredictable regulatory timelines more efficiently, either way.

Compliance experience across markets

Compliance requirements are in constant flux. Augmented teams offer ongoing, real-time access to professionals closely tracking these regulatory changes. With over 120 roles filled for finance and fintech clients, we are well-prepared to handle unexpected changes and tight deadlines.

Preparing for 2026 and beyond

If you’re looking to strengthen your compliance capability for 2026 and beyond, the right mix of technology and talent makes all the difference.