Safeguard
Tag

financial-services

Safeguard articles tagged "financial-services" — guides, analysis, and best practices for software supply chain and application security.

27 articles

Compliance

DORA compliance for financial services: the software supply chain angle

The Digital Operational Resilience Act is now in force across EU financial services. Here's how its five pillars reach into your software supply chain and ICT third parties.

Jul 8, 20265 min read
Compliance

DORA regulation deep dive: ICT risk, testing, and third-party rules

The Digital Operational Resilience Act applies to EU financial entities and their ICT providers. Here are the five pillars, the register of information, and what your software supply chain now has to withstand.

Jul 1, 20266 min read
Solutions

Software Supply Chain Security for Financial Services

Banks, insurers, and fintechs now answer to DORA, PCI DSS 4.0, NYDFS 500, and SEC disclosure rules for the software they depend on. Here is what a supply chain security program needs, and how Safeguard delivers it.

Jul 1, 20266 min read
Compliance

FTC Safeguards Rule: Enforcement Heats Up in 2026

The FTC finalized 30-day breach notification in 2025 and pursued multi-million-dollar settlements through 2026. Non-bank financial institutions need to take the Rule seriously.

May 27, 20266 min read
Compliance

NY DFS 23 NYCRR 500 amendments and third-party software risk in 2026

The November 2023 amendments to NY DFS 23 NYCRR Part 500 tightened third-party service provider requirements and added new obligations around software supply chain risk. Covered entities are now in steady-state implementation.

May 14, 20268 min read
Compliance

NYDFS Part 500: The November 2025 Deadlines, One Year On

The Second Amendment to NYDFS Part 500 added universal MFA and an asset inventory mandate on November 1, 2025. The April 2026 certification reveals where covered entities stand.

May 6, 20266 min read
Regulatory Compliance

DORA Financial Services Supply Chain Obligations in 2026

The Digital Operational Resilience Act has been in application since January 2025. The ICT third-party risk management obligations are the operational center of gravity in 2026.

Apr 20, 20265 min read
Compliance

DORA Third-Party ICT Risk for Financial Services 2026

A senior engineer's view of DORA third-party ICT risk in 2026: register of information, concentration risk, subcontractor depth, and the operational controls regulators actually test.

Mar 18, 20268 min read
Compliance

Supply Chain Security for Financial Services 2026

Supply chain security for financial services in 2026 means DORA, NYDFS 500, FFIEC, and OCC expectations. A practical guide for banks, insurers, and fintechs.

Mar 5, 20268 min read
Compliance

DORA for Financial Services Software Supply Chain

How EU DORA is reshaping software supply chain expectations for financial services in 2026, with practical guidance on ICT third-party risk, SBOMs, and incident reporting.

Feb 25, 20266 min read
Regulatory Compliance

Financial Services Supply Chain Controls for 2026

What banks, broker-dealers, and insurers should require from their software vendors in 2026: DORA, NYDFS Part 500, OCC guidance, and the operational resilience controls that actually hold up.

Jan 22, 20266 min read
Industry Analysis

The Hidden Cost of AI Code in Financial Services

Banks and fintechs are shipping AI-generated code faster than they can vet it. The bill for that speed is starting to come due.

Jan 22, 20267 min read
financial-services — Safeguard Blog