Glossary
The vocabulary of regulated-finance compliance
A canonical glossary of the 52 terms that recur across Finray Intelligence — firm categories, regulatory regimes, supervisory bodies, and the technical standards that regulations point to. Each definition is one or two sentences, traceable to the primary source where the term is formally defined.
- Firm categories
- 10
- Regulatory regimes
- 12
- Supervisory perimeter
- 12
- Functions and technical standards
- 18
- Last updated
- 2026-05-03
Reading order tip: the editorial methodology explains how a term qualifies for inclusion (it must be cited as primary source on at least one editorial page); the source index is the deduplicated list of every authoritative URL behind those definitions.
/0.2 Firm categories
Firm categories.
Authorisation classes that determine which regulatory regime applies. The licence type — not the marketing label — is what governs prudential, conduct and AML obligations.
-
Account Information Service Provider
Abbreviation · AISP
PSD2, Article 4(19) -
PSD2 service category for firms that consolidate account information across a customer's payment accounts held at other institutions, typically through API-mediated access. AISPs require registration but face a lighter prudential regime than full Payment Institutions.
Used on
-
Article 60 notification (MiCA)
MiCA, Article 60 -
MiCA fast-track route by which an EU-authorised credit institution, investment firm, EMI, UCITS management company, AIFM or market operator can begin providing CASP services on the basis of a notification (rather than a full Article 59 authorisation) within 18 months of MiCA application.
Used on
-
Asset-Referenced Token issuer
Abbreviation · ART issuer
MiCA, Title III -
Issuer of a crypto-asset that purports to maintain a stable value by referencing another value, right, or a combination of those, including one or more official currencies. Authorised under MiCA Title III with EBA as lead supervisor for significant ARTs.
Used on
-
Crypto-Asset Service Provider
Abbreviation · CASP
MiCA, Article 3(1)(15) -
Legal person authorised under MiCA Title V to provide one or more of the ten enumerated crypto-asset services (custody, exchange, execution, placing, reception/transmission, advice, portfolio management, transfer, operation of a trading platform, exchange of crypto-assets for fiat or other crypto-assets) on a professional basis.
Used on
-
Digital Asset Service Provider
Abbreviation · DASP
AMF DASP register -
French pre-MiCA national regime for digital-asset firms registered with the AMF and ACPR (formerly PSAN — Prestataire de Services sur Actifs Numériques). DASPs must transition to MiCA CASP authorisation by 1 July 2026 in most Member States or exit the French market.
Used on
-
E-Money Token issuer
Abbreviation · EMT issuer
MiCA, Title IV -
Issuer of a crypto-asset that purports to maintain a stable value by referencing the value of one official currency. Authorised under MiCA Title IV; EMT issuance is restricted to credit institutions and EMIs.
Used on
-
Electronic Money Institution
Abbreviation · EMI
EMD2, Article 2(1) -
Legal person authorised under EMD2 to issue electronic money — a monetary value stored electronically on receipt of funds, accepted by a person other than the issuer. EMIs may also provide payment services within their authorisation.
Used on
-
Money Service Business
Abbreviation · MSB
-
Non-bank financial institution providing one or more of currency dealing, money transmission, cheque cashing, or payment instrument issuance — supervised under jurisdiction-specific AML/CTF regimes (FinCEN in the US, FINTRAC in Canada, HMRC in the UK).
-
Payment Initiation Service Provider
Abbreviation · PISP
PSD2, Article 4(18) -
PSD2 service category for firms that initiate payments at the request of a payment-service user from an account held at another institution, typically through API-mediated access. PISPs require full PI authorisation, not just registration.
Used on
-
Payment Institution
Abbreviation · PI
PSD2, Article 4(4) -
Legal person authorised under PSD2 to provide payment services across the eight Annex I categories. Subject to safeguarding, conduct, AML and outsourcing rules; capital requirements scale with service scope.
Used on
/0.3 Regulatory regimes
Regulatory regimes.
Statutes, directives and regulations whose substantive provisions are referenced across the Intelligence body. Definitions point to the official journal text.
-
Anti-Money Laundering Authority Regulation
Abbreviation · AMLA Regulation
Regulation (EU) 2024/1620 -
EU regulation establishing the Anti-Money Laundering Authority (AMLA) as the new direct-supervision and coordination authority for the AML rulebook. Applies from July 2025 with direct supervision of selected obliged entities from 2028.
Used on
-
Anti-Money Laundering Directive 6
Abbreviation · AMLD6
Directive (EU) 2024/1640 -
Member-State implementing directive that sits alongside the AMLR. Covers FIU powers, beneficial-ownership registers, and Member-State institutional infrastructure for AML/CTF supervision; transposition deadline July 2027.
Used on
-
Anti-Money Laundering Regulation
Abbreviation · AMLR
Regulation (EU) 2024/1624 -
Single AML rulebook applicable directly across the EU, replacing fragmented Member-State transpositions of AMLD4/5. Covers CDD, beneficial ownership, sanctions screening and reporting; extends to CASPs from July 2027.
Used on
-
Digital Operational Resilience Act
Abbreviation · DORA
Regulation (EU) 2022/2554 -
EU regulation harmonising ICT risk management and operational-resilience requirements across the financial sector. Five pillars: ICT risk management, incident reporting, digital operational-resilience testing, third-party risk and information sharing. Applies from January 2025.
Used on
- amlr-amla-implementation-tracker
- casp-mica-compliance
- deployment-topology-regulatory-alignment
- dora-article-28-roi-tracker
- dora-rts-its-pack
- emi-pi-authorisation-withdrawals
- emi-pi-licensing-success
- eu-uk-pi-emi-core-banking
- fca-supplementary-safeguarding-regime
- mica-casp-authorisation-withdrawals
- mica-casp-licensing-success
- safeguarding-reconciliation-solvency-discipline
- swiss-finma-grc-ics
- travel-rule-identity-routing-problem
-
DORA Article 28 Register of Information
Abbreviation · RoI
ITS (EU) 2024/2956 -
Standardised register of all contractual arrangements with ICT third-party service providers that DORA-scope financial entities must maintain and submit annually to their NCA. Schema fixed by ITS (EU) 2024/2956; first submission window opened Q1 2025.
Used on
-
Electronic Money Directive 2
Abbreviation · EMD2
Directive 2009/110/EC -
EU directive establishing the prudential regime for Electronic Money Institutions, including the issuance of e-money, safeguarding, and capital requirements. National transpositions provide each Member State's authorisation framework.
Used on
-
FCA PS25/12 — Supplementary Safeguarding Regime
Abbreviation · PS25/12
FCA PS25/12 -
FCA policy statement (May 2025) introducing the Supplementary Safeguarding Regime — additional CASS 15 (operational), CASS 10A (resolution pack), SUP 3A (annual audit) and SUP 16.14A (monthly REP027 return) obligations for payment institutions and electronic money institutions. Effective 2026-05-07; runs in parallel to PSD2 Article 10 / EMD2 Article 7 until PSD3 / PSR transposition.
Used on
-
FINMA Circular 23/01 — Operational risks and resilience
FINMA Circulars -
FINMA circular consolidating expectations on operational-risk management and ICT/cyber resilience for Swiss banks and securities firms. Replaces the former FINMA Circ. 08/21 and embeds Basel principles for sound operational-risk management.
Used on
-
Markets in Crypto-Assets Regulation
Abbreviation · MiCA
Regulation (EU) 2023/1114 -
EU regulation harmonising the prudential and conduct regime for crypto-asset issuers and CASPs. Title III governs ARTs, Title IV governs EMTs, Title V governs CASPs. Title V application: 30 December 2024; Member-State transitional period for pre-MiCA national-regime entities runs to 1 July 2026.
Used on
-
Payment Services Directive 2
Abbreviation · PSD2
Directive (EU) 2015/2366 -
EU directive establishing the prudential and conduct regime for Payment Institutions and the eight Annex I payment services. Introduced strong customer authentication (SCA) and access-to-account (XS2A) for AISPs and PISPs.
Used on
-
Payment Services Regulation (PSD3 package)
Abbreviation · PSR
Council ST 8221/2026 (final compromise) -
Directly-applicable regulation in the PSD3 package replacing the PSD2 conduct provisions with harmonised EU rules on fraud, dispute resolution and consumer protection. Companion to the PSD3 directive (which keeps prudential rules at directive level).
Used on
-
Transfer of Funds Regulation
Abbreviation · ToFR
Regulation (EU) 2023/1113 -
EU regulation extending the FATF Travel Rule to crypto-asset transfers. CASPs must collect and transmit originator and beneficiary information for every transfer, regardless of value. Applies from 30 December 2024.
Used on
/0.4 Supervisory perimeter
Supervisory perimeter.
European Supervisory Authorities, national competent authorities and international standard-setters whose published positions, registers or decisions Finray Intelligence cites as primary sources.
-
Anti-Money Laundering Authority
Abbreviation · AMLA
AMLA portal -
EU authority established under Regulation (EU) 2024/1620 to coordinate AML/CTF supervision across Member States and directly supervise selected obliged entities. Headquartered in Frankfurt; operational from 2025, direct supervision from 2028.
Used on
-
Autorité des Marchés Financiers
Abbreviation · AMF
AMF portal -
French Financial Markets Authority. Co-supervises crypto-asset firms with ACPR and publishes per-entity délibération PDFs for every PSAN/DASP/CASP delisting and revocation since 2020 — the cleanest historical trail in the EEA.
Used on
-
Bank of Lithuania
Abbreviation · BoL
Bank of Lithuania portal -
Lithuanian central bank and financial-services supervisor. Publishes the EMI/PI/AISP register with English-language press releases for every authorisation revocation; significant EEA hub for Lithuania-based fintech.
Used on
-
De Nederlandsche Bank
Abbreviation · DNB
DNB portal -
Dutch prudential supervisor for credit institutions, EMIs, PIs and money-exchange firms. Publishes registers of authorised firms and enforcement-measures pages for licence withdrawals.
Used on
-
European Banking Authority
Abbreviation · EBA
EBA portal -
EU banking supervisor. Maintains the EUCLID payment-institutions register, harmonises the EU EMI/PI prudential framework, and acts as lead supervisor for significant ARTs and EMTs under MiCA.
Used on
-
European Insurance and Occupational Pensions Authority
Abbreviation · EIOPA
EIOPA portal -
EU insurance and pensions supervisor. One of the three ESAs; co-author of the joint DORA RTS/ITS and DORA Joint Committee reports.
Used on
-
European Securities and Markets Authority
Abbreviation · ESMA
ESMA portal -
EU securities and markets supervisor. Publishes the interim MiCA register of authorised CASPs and notified Article 60 firms; co-author of MiCA Level 2/3 RTS and ITS.
Used on
-
European Supervisory Authorities
Abbreviation · ESAs
-
Collective term for EBA, ESMA and EIOPA. Coordinate cross-sectoral work via the Joint Committee, including DORA Level 2 RTS/ITS and the consolidated EU oversight of critical ICT third-party service providers.
Used on
-
Financial Action Task Force
Abbreviation · FATF
FATF portal -
Global standard-setter for AML/CTF. Source of Recommendation 16 (the Travel Rule for wire transfers and virtual-asset transfers) and the VASP/virtual-asset guidance that EU and Member-State AML rules are aligned to.
Used on
-
Financial Conduct Authority
Abbreviation · FCA
FCA portal -
UK conduct regulator for financial-services firms. Maintains the Financial Services Register including authorised and small EMIs and PIs; publishes Final Notices for EMI/PI registration cancellations and EMD-revocation status fields.
Used on
-
National Competent Authority
Abbreviation · NCA
-
Member-State authority designated as competent for a particular EU regulatory regime. The same Member State typically designates different NCAs for banking, markets and insurance — DORA in particular preserves this sectoral split rather than imposing a single supervisor.
Used on
-
Swiss Financial Market Supervisory Authority
Abbreviation · FINMA
FINMA portal -
Swiss prudential and conduct supervisor for banks, securities firms, insurers and DLT trading facilities. Authority for FINMASA, BankG, FINIG, FINSA, AMLA Switzerland and the FINMA Circular series.
Used on
/0.5 Functions and technical standards
Functions and technical standards.
Functions, controls and technical standards referenced when describing compliant operating models. These are the building blocks regulations point to.
-
Acknowledgement letter
FCA Handbook CASS 15.3 -
Written confirmation from a credit institution that a specified bank account is held under safeguarding rules, identifying account ownership, segregation status and the safeguarding obligation. CASS 15.3 requires the letter to be in place before relevant funds are deposited; renewal cadence is at the first anniversary and per supervisory expectation thereafter.
Used on
-
CASS 10A (resolution pack)
Abbreviation · CASS 10A
FCA Handbook CASS 10A -
FCA Handbook chapter (effective 2026-05-07) setting out resolution-pack obligations for payment institutions and electronic money institutions: a documented set of records, governance arrangements and funding pathways enabling insolvency practitioners to return safeguarded funds to clients in an orderly fashion.
Used on
-
CASS 15 (operational safeguarding)
Abbreviation · CASS 15
FCA Handbook CASS 15 -
FCA Handbook chapter (effective 2026-05-07) setting out operational safeguarding obligations for payment institutions and electronic money institutions: account designation, segregation, daily reconciliation, intraday integrity, books-and-records-at-any-time-without-delay and group oversight.
Used on
-
Critical ICT third-party provider (CTPP) designation
Abbreviation · CTPP
DORA Article 31(9) -
Designation under DORA Article 31(9), assigned jointly by the ESAs after Register of Information data collection and criticality assessment under Commission Delegated Regulation (EU) 2024/1502. Designated CTPPs become subject to direct EU-level oversight; the first batch of 19 providers was published on 18 November 2025.
Used on
-
Critical or Important Function
Abbreviation · CIF
DORA Article 3(22) -
DORA-defined function whose disruption would materially impair the financial performance of the entity, the soundness or continuity of its services, or compliance with regulatory requirements. CIF identification is the gating decision for which ICT services fall under the DORA Article 28 third-party-policy and subcontracting rules.
Used on
-
Customer Due Diligence
Abbreviation · CDD
AMLR, Chapter III -
AML obligation requiring obliged entities to verify customer identity, identify beneficial owners, understand the purpose of the business relationship, and conduct ongoing monitoring of transactions. Risk-based; enhanced for higher-risk customers (EDD).
Used on
-
ICT third-party policy
Commission Delegated Regulation (EU) 2024/1773 -
DORA Article 28(10) requirement that every financial entity in scope adopt a written policy governing ICT third-party arrangements supporting critical or important functions: management-body adoption, annual review, criticality methodology, named responsibilities, lifecycle governance, exit planning. Detailed by Commission Delegated Regulation (EU) 2024/1773.
Used on
-
ICT third-party service provider
DORA, Article 3(19) -
Under DORA, any undertaking providing ICT services to a financial entity. Distinguishes from outsourcing of regulated functions; the contract perimeter is broader. Critical ICT third-parties (CTPPs) face direct EU oversight.
Used on
-
Implementing Technical Standards
Abbreviation · ITS
-
Level 2 EU legislative instrument setting out the operational implementation of Level 1 regulations. Adopted by the Commission on the basis of ESA drafts; binding and directly applicable.
Used on
-
ISO 20022
ISO 20022 page -
International standard for financial-services messaging. Used across SEPA Instant, SWIFT CBPR+, T2/TARGET2, and modern domestic payment rails. Provides a structured XML/ISO-format superset of legacy MT messages.
Used on
-
ISO/IEC 27001
ISO/IEC 27001 page -
International standard for information-security management systems (ISMS). The de facto baseline for vendor and internal ICT assurance across regulated finance; certification scope and statement of applicability are key procurement signals.
Used on
-
Regulatory Technical Standards
Abbreviation · RTS
-
Level 2 EU legislative instrument setting out detailed substantive requirements that complement Level 1 regulations. Adopted by the Commission on the basis of ESA drafts; binding and directly applicable.
Used on
-
REP027 monthly safeguarding return
Abbreviation · REP027
FCA Handbook SUP 16.14A -
FCA monthly return submitted by payment institutions and electronic money institutions under SUP 16.14A, capturing safeguarded balances, account-designation status, reconciliation discrepancies, exit-plan readiness and management-body sign-off. Effective 2026-05-07.
Used on
-
Resolution pack
FCA Handbook CASS 10A -
Documented set of records, governance arrangements and funding pathways maintained by a payment institution or electronic money institution that enables an insolvency practitioner to return safeguarded funds to clients in an orderly fashion. Required under FCA CASS 10A (effective 2026-05-07); distinct from a Bank of England resolution plan.
Used on
-
Safeguarding
PSD2, Article 10 -
PSD2/EMD2 obligation to protect funds received from payment-service users by either depositing them in a separate account at an authorised credit institution or insuring them with an authorised insurer. Breach is a leading cause of EMI/PI authorisation revocation.
Used on
-
Strong Customer Authentication
Abbreviation · SCA
SCA RTS (EU) 2018/389 -
Multi-factor authentication requirement under PSD2 (and inherited by PSD3/PSR) for electronic payments, account access and high-risk operations. Defined in the SCA RTS (EU) 2018/389 with limited exemptions for low-value, recurring or trusted-beneficiary transactions.
Used on
-
SUP 3A (annual safeguarding audit)
Abbreviation · SUP 3A
FCA Handbook SUP 3A -
FCA Handbook chapter (effective 2026-05-07) requiring payment institutions and electronic money institutions to obtain an annual safeguarding audit from a CASS-qualified audit firm against the CASS 15 and CASS 10A obligations. Audit reports are filed with the FCA; opinion is reasonable assurance for the breach reporting line.
Used on
-
Travel Rule
FATF Recommendation 16 -
FATF Recommendation 16 obligation requiring originator and beneficiary information to accompany wire transfers and virtual-asset transfers. Implemented in the EU by the Transfer of Funds Regulation; technical exchange protocols include IVMS 101 and TRP.
Used on