22 September, 2025
1. The DORA obligations
The Digital Operational Resilience Act (DORA) will be expanded to bring smaller financial institutions under the regulations. This means that they must fully integrate and demonstrate their supplier management and external screening. Organisations are required to report security incidents related to employees or external parties and must continuously monitor who has access to critical IT systems. For IT managers and compliance teams, this means stricter checks on third-party access and continuous integrity monitoring
2. Stricter ESG reporting requirements
Boards and executives will face stricter ESG reporting requirements as the Enhanced ESG Transparency Directive comes into effectgovernance structures, including the integrity of executives and key employees. Executive due diligence and comprehensive background checks for senior management are becoming the norm, and boards are becoming personally liable for inadequate screening of senior employees. Managers or directors run the risk of sanctions or reputational damage if insufficient screening is carried out. Screening data plays a crucial role in these transparency requirements.
3. The AI Governance Act
This rule is especially important because AI technology is constantly evolving. Organisations that use AI tools for recruitment and screening must meet strict requirements for transparency and fairness. This includes full documentation of AI decision-making and regular checks for discrimination in automated screening systems. AI decisions must always be controlled by humans, and this will become a legal requirement. For example, an AI tool that assesses CVs should not contain any bias towards age or nationality.
4. The extension of the Know Your Employee (KYE) duty
The FEC (Financial Economic Crime) guidelines are being tightened. This means that the well-known 'Know Your Customer' obligation will be extended to a broader 'Know Your Employee' obligation. Organisations must now screen not only employees in high-risk positions, but all employees and external workers through employment screening and integrity checks. This also includes temporary workers and agency staff. Prepare for a significant increase in the number of screenings and ensure you have automated systems that can handle this volume.
5. Make your compliance measurable with the right KPIs
In 2026, auditors want to see concrete evidence, not stories. Organisations need to track of the right key metrics: how many screenings are complete, how long processes take, and how quickly are issues resolved. Reporting tools and audit compliance KPI dashboards become essential for demonstrating directly to auditors that processes are compliant and effectively managed.
Why investing now pays off
2026 will be the year in which it becomes clear who has their compliance properly organised. Organisations that invest in smart, automated screening systems now will not only be compliant, but also operationally stronger and more agile. By taking the right steps now, organisations can turn compliance from cost center into competitive advantage.
Want to know more? Download the white paper: How do you make your employment screening audit compliant? or view the checklist: Prevent 7 common mistakes during integrity checks.