Industry 01Financial Services
Hikari Blue operates in financial services where the regulatory load is the design constraint, not the compliance afterthought. Every system we ship is audit-defensible by architecture, to DORA, NIS2, GDPR, and the EU AI Act, in parallel.
What makes this sector hard
Five structural pressures shape every engagement we accept in financial services. They are not problems to solve once. They are the operating reality every system we ship must survive in production.
Both regulations enter active enforcement on overlapping perimeters. The platform must answer ICT risk obligations and operator-of-essential-services obligations from the same evidence chain. Built once, audited twice.
Most existing decisioning systems were not designed to emit per-decision evidence. The retrofit cost is structurally underestimated until the first regulator letter arrives.
Mainframe, COBOL, packaged banking suites coexisting with mobile-first customer experience. The seam between the two carries most of the operational risk, and most of the cost of change.
EU sovereignty rules, US frameworks, APAC variations. The system must keep data where the regulator says, while letting decisions flow where the business needs.
The number of engineers who have shipped a system that survived a DORA-grade audit can be counted in three digits per market. Hiring is not a strategy. Mobilizing is.
How we operate here
Four engagement types we accept in financial services. Each is signed by a named partner and carries audit posture as a design property, not as a delivery checklist.
Six to ten weeks. We map the platform against both regulations simultaneously, identify the shared evidence surface, and design the single audit chain that defends both, without two parallel programs.
Signed by Franck OhrelEight to sixteen weeks. We design the evaluation, logging, model registry and kill-switch layer for credit, KYC, claims or fraud decisioning. EU AI Act-ready evidence by architecture.
Signed by Xavier de MaillardTwenty-four to forty-eight weeks. Strangler-pattern replacement of legacy banking core under continuous observability, with reversibility at every step. No big-bang migration.
Signed by Xavier de MaillardSix to twenty-four weeks. Calibrated senior architects mobilized inside your team: sized to the outcome, planned exit, transfer of ownership engineered from day one.
Signed by Rémi ClaverieSolutions mobilized here
Board-level transformation under regulatory pressure. Executive accountability through Run.
AI in production for decisioning, fraud, KYC, claims, with audit trail by architecture.
Banking core replacement under observability. Strangler pattern, reversible at every step.
Delivery posture defensible to DORA, NIS2 and internal audit, between cycles.
Bring the regulator question
Thirty minutes with a senior partner. We listen to your real DORA, NIS2 and AI Act perimeter, then we tell you what is engineered, what is hand-stitched, and what we would attack first.