Powered by CAUSA — our causal AI data engine. Production-grade synthetic banking datasets and the compliance artefacts that DORA, AI Act, BCBS 239, PRA, and FCA examiners expect to find. Polish, CEE, and UK regulatory specifics built in.
25 minutes. Research conversation about your DORA, AI Act, BCBS 239, or PRA SS programmes. No pitch. No follow-up unless you ask for it.
Built from practice
Thirteen years engineering data infrastructure across European financial services — across four jurisdictions, across the regulatory stack: BCBS 239 lineage, KNF risk reporting, Solvency II data quality, model risk validation. First version of CAUSA completed end of 2024 after 18 months of solo R&D. The gap between what synthetic data tools provide and what regulators accept as evidence has been a constant. CAUSA closes it.
EU regulatory coverage
DORA · AI Act · BCBS 239 · CRD VI · KNF Rec S
UK regulatory coverage
PRA SS1/21 · PRA SS1/23 · FCA SDEG · UK DUAA · Consumer Duty
Domain specifics built in
PESEL · NIP · REGON · IBAN PL · BIK · Województwo
Deployment
EU-resident · Self-hosted · Air-gapped option
§ 01 / Forcing functions
Between January 2025 and December 2027, every European and UK retail or corporate bank will need defensible synthetic datasets for at least three concurrent regulatory regimes. Banks that begin preparation in 2026 will pass first cycles cleanly. Those that begin in 2027 will be in remediation mode while AI Act enforcement starts.
Digital Operational Resilience Act
Article 26 mandates threat-led penetration testing on production-like environments. Article 28 requires third-party risk frameworks for every ICT vendor. First completed TLPT cycle deadline: January 2028. Real customer data in TLPT environments triggers GDPR Article 32 breach. CAUSA produces the only audit-defensible alternative.
Capital Requirements Directive VI
New output floor for internal models at 72.5%. Revised standardised approach for credit, market and operational risk. Banks running IRB models need parallel synthetic datasets to test recalibration without exposing real exposure. CAUSA preserves default-rate distributions, LTV cliffs, and counterparty concentrations.
EU AI Act / High-risk systems
Deferred from 2 Aug 2026 to 2 Dec 2027 via Digital Omnibus (07 May 2026, provisional — pending Official Journal publication). Article 10 mandates training data quality. Article 11 requires technical files documenting composition, bias testing, traceability. Penalty: €15M or 3% of global turnover. CAUSA compliance layer produces Article 11 artefacts inline.
Basel Committee / Risk Data Aggregation
14 principles for risk data aggregation and reporting. ECB declared this its #2 supervisory priority for 2025–2027. Lineage, completeness, accuracy, timeliness — all auditable against synthetic test cases. CAUSA multi-table integrity enables auditor-defensible lineage testing.
PRA / UK Operational Resilience
UK Supervisory Statement requires impact tolerance testing for important business services. Continuous demonstrable compliance, not point-in-time. Masked production data fractures referential integrity and breaks SOC/SIEM behaviour. CAUSA produces structurally realistic environments for safe live testing.
FCA / Synthetic Data Expert Group
Nine governance principles for synthetic data in UK financial services. Officially positioned as Model Risk Management imperative under PRA SS1/23. CAUSA produces SDEG-aligned documentation alongside the dataset — explicit lineage, fidelity scorecards, privacy certificates.
§ 02 / What we build
Infundum produces multi-table synthetic datasets that look, feel, and behave like a real European retail bank — with the causal regulatory patterns your auditors expect to find.
Twelve linked tables. Fifty thousand customers. Five million transactions. PESELs that pass checksum validation. IBANs with valid PL26 control digits. Mortgage LTV distributions that show 2014 and 2020 KNF Rekomendacja S amendment cliffs — because the engine encodes regulatory history, not hand-sampled or retrofitted.
Foreign keys, dependencies, referential integrity, time-series consistency across linked tables — without statistical artefacts auditors flag.
PESEL checksums, NIP/REGON validity, IBAN PL26 control digits, województwo distributions, BIK scoring brackets, KNF amendment effects. UK formats on request.
Generated alongside the dataset: DORA TLPT Data Safety Annex, AI Act Article 11 technical file, BCBS 239 lineage map, PRA SS1/23 MRM evidence.
§ 03 / Reference scenario
A fictional Polish universal retail bank. Mid-tier scale. Currently migrating from Oracle Exadata to Snowflake. €5B turnover, 1.2M customers (50k in demo), 280 branches. The reference dataset behind every Infundum evaluation.
Schema
Coverage
1,946 days · 50k customers · ~5M transactions · 280 branches · Transaction history 2021–2026
| CUST_ID | FIRST_NAME | LAST_NAME | PESEL | WOJEWÓDZTWO | OPEN_DATE | SEGMENT | BIK |
|---|---|---|---|---|---|---|---|
| C00041829 | Marta | Wojciechowska | 84051902948 | Mazowieckie | 2014-06-12 | RETAIL_PRIME | 587 |
| C00041830 | Tomasz | Nowak | 77112304671 | Małopolskie | 2009-03-04 | RETAIL_PREMIUM | 612 |
| C00041831 | Agnieszka | Kaczmarek | 91020517385 | Wielkopolskie | 2018-11-22 | RETAIL_STANDARD | 534 |
| C00041832 | Marcin | Lewandowski | 82071402516 | Mazowieckie | 2011-09-08 | RETAIL_PRIME | 598 |
| C00041833 | Katarzyna | Dąbrowska | 89030616829 | Dolnośląskie | 2020-04-15 | RETAIL_STANDARD | 451 |
| C00041834 | Paweł | Wiśniewski | 75091803742 | Pomorskie | 2007-02-19 | RETAIL_PREMIUM | 624 |
| C00041835 | Magdalena | Kowalczyk | 92112808157 | Śląskie | 2022-08-30 | RETAIL_STANDARD | 503 |
| C00041836 | Krzysztof | Zieliński | 80042705294 | Mazowieckie | 2013-12-03 | RETAIL_PRIME | 574 |
Chart 01 / PROD_HIST
Loan-to-value ratio aggregated by year of origination across 50,000 customer book.
The wow moment. CAUSA encodes KNF Rekomendacja S amendment logic directly in the generation layer. The 2014 and 2020 LTV cliffs are reproduced from regulatory domain knowledge — not retrofitted from output samples, not statistically fitted. Any mortgage analyst recognises them immediately.
§ 04 / CAUSA engine
CAUSA is our causal AI data engine. Three composable layers, producing the synthetic dataset and the regulator-ready paper trail in one run.
Specific architecture details are available under NDA during formal evaluation.
Layer 01
Generation engine
CAUSA encodes the structural and behavioral patterns that make banking data behave like banking data — credit policy cliffs, channel migration patterns, default cascades, marriage/divorce transitions — without ingesting customer records. Unlike generators based on statistical mimicry, the engine reproduces the underlying decision logic from domain knowledge.
Layer 02
Domain layer
Identifier validation, regulatory pattern preservation, supervisory expectations. Generic synthetic data tools require manual configuration for any of these. CAUSA applies them natively.
Layer 03
Compliance layer
For each generated dataset, CAUSA produces the documentation auditors and regulators expect. Generation and compliance artefacts arrive together — not as a separate consulting engagement.
DORA
TLPT Data Safety Annex
AI Act
Article 11 technical file
BCBS 239
Lineage map
PRA SS1/21
Resilience test evidence
PRA SS1/23
MRM validation pack
FCA SDEG
9-principles compliance
What each artefact closes
| Artefact | Regulatory gap closed |
|---|---|
| Datasheet + Test Report | AI Act Art. 10(5)(a) exhaustion gate — proof that synthetic alternatives were assessed before real special-category PII processing |
| DORA TLPT Annex | DORA Art. 26 data exposure question — bank-controlled substitution rationale for the formal TLPT documentation pack |
| Lineage File | BCBS 239 Principles 2–3 audit trail gap — OpenLineage JSON-LD, ingest-ready for Collibra, Alation, Atlan |
| Validation Dossier | PRA SS1/23 Principle 4 independent challenge requirement + FCA SDEG Principle 6 fidelity evidence |
| Scenario Manifest | PRA SS1/21 severe-but-plausible scenario evidence + DORA operational resilience scenario testing |
| VERA QC report | GDPR Art. 32 technical measure documentation + AI Act Art. 10 bias-testing evidence gate |
§ 05 / Founder
Arek Kordos
Founder · Kraków + London
"Thirteen years engineering data infrastructure across European financial services — across four jurisdictions, across the regulatory stack. The need for production-quality synthetic data with audit-grade provenance has been a constant. The available tooling has not."
Hands-on across the regulatory stack: BCBS 239 lineage, KNF risk reporting, Solvency II data quality, model risk validation, regulatory data delivery for IRB and stress testing. Founded Infundum after a focused R&D phase on the gap between general-purpose synthetic data tools and what a KNF, ECB, PRA or FCA reviewer accepts as evidence.
The gap I kept hitting: generic synthetic data tools either treated Polish identifiers as strings to be randomised, or generated statistical fidelity without the causal regulatory patterns auditors look for. The financial sector is the vertical where regulatory deadlines hit hardest between 2025 and 2028 — so that is where CAUSA started. Neither generic tools nor manual workarounds survive a serious KNF, ECB, PRA, or FCA review.
CAUSA is the engine I would have wanted to deploy myself in any of the programmes I worked across the past decade. Built for the people on the inside.
13
Years across European financial services
18mo
Solo R&D before v1
4
Jurisdictions delivered into
§ 06 / Research
A research cluster on synthetic banking data, regulatory compliance, and causal AI — written for Chief Data Officers, Heads of Operational Risk, Compliance Officers, and Systems Integrators preparing for the 2026–2028 regulatory window. Polish content for KNF and ECB context. English for UK PRA, FCA, and pan-European audiences.
Pierwszy obowiązkowy cykl TLPT do stycznia 2028. Dlaczego dane prawdziwych klientów naruszają Art. 32 RODO w środowiskach pen-test, a CAUSA produkuje audytowo-defensywne alternatywy.
Read article →Historia Rec S amendments (2006, 2011, 2014, 2020) z konkretnymi LTV cap zmianami. Jak CAUSA enkoduje efekty regulacyjne jako reguły kauzalne — bez ręcznego próbkowania danych wyjściowych.
Read article →Najczęstsza polska migracja banking 2024–2026. Dlaczego legacy SQL subsetting 100+ tabel breaks UAT. SI engagement angle (Accenture, Capgemini, Sii).
Read article →14 zasad RDARR mapowanych do data engineering controls. Aktualne Pillar 2 capital add-on precedensy. Dlaczego żadna znacząca instytucja nie spełnia w pełni.
Read article →Digital Omnibus deferment (07.05.2026) wyjaśnione. Article 10 vs 11 unpack. Testowanie bias bez naruszenia RODO Art. 9. CAUSA compliance layer.
Read article →TLPT cycle anatomy. Article 32 + 28 GDPR risks of real data exposure. DORA Article 28 implications for synthetic data vendors. CAUSA self-hosted advantage.
Coming July 2026Why the December 2027 deferral is a clarifier, not a blocker. Article 10 vs 11 unpack. Bias testing without GDPR Article 9 violation. High-risk system inventory framework.
Read article →14 principles mapped to data engineering controls. Current Pillar 2 capital add-on precedent cases. CAUSA multi-table integrity for lineage testing.
Coming July 2026SS1/21 impact tolerance deadline (31.03.2025) passed. Continuous demonstrable compliance phase. Why masked data fails SOC/SIEM realism tests.
Coming July 2026SS1/23 effective from 17.05.2024. Principle 3 independent effective challenge requirement. Why masking fractures referential integrity. MRM lifecycle documentation.
Coming July 2026August 2025 FCA report. Each of 9 principles unpacked. PRA SS1/23 integration. UK DUAA February 2026 implications. CAUSA SDEG-aligned output.
Coming July 2026UK Data Use & Access Act 2025 "Recognised Legitimate Interests" framework. Consumer Duty (31.07.2023 / 31.07.2024) intersection with synthetic data testing.
Coming July 2026Subscribe for new essay alerts: arek.kordos@infundum.io (manual list, no automation, ~1 message per month).
§ 07 / Common questions
§ 08 / Talk to founder
If you are preparing for DORA TLPT, AI Act readiness, a BCBS 239 cycle, a PRA SS1/21 resilience programme, or a migration where real customer data cannot leave production — let's compare notes. Not pitch.
What happens after the call: a written summary back to you within 24 hours. If there is mutual interest, a follow-up demo with your specific use case. If not, no follow-up at all unless you ask.
Designed for
Coverage
Poland · UK · DACH · Benelux · CEE