# Glossary — Finray Intelligence

Canonical glossary of 52 regulated-finance terms used across Finray Intelligence: firm categories (10), regulatory regimes (12), supervisory perimeter (12), and functions and technical standards (18). Each definition cites the primary source where the term is formally defined.

- Source: https://finray.tech/intelligence/glossary/
- Last updated: 2026-05-03
- Editorial principle: definitions lead with the substantive rule; parentheticals carry parties, scope or sunset dates
- Publisher: Finray Technologies Ltd, Cyprus Companies Registry HE 445903
- Correspondence and corrections: legal@finray.tech

---

## Firm categories (10)

Authorisation classes that determine which regulatory regime applies. The licence type — not the marketing label — is what governs prudential, conduct and AML obligations.

### Account Information Service Provider (AISP)

PSD2 service category for firms that consolidate account information across a customer's payment accounts held at other institutions, typically through API-mediated access. AISPs require registration but face a lighter prudential regime than full Payment Institutions.

- Primary source: PSD2, Article 4(19) — https://eur-lex.europa.eu/eli/dir/2015/2366/oj/eng
- Used on: [EMI / PI licensing-success forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-licensing-success/); [EMI / PI authorisation-withdrawal forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-authorisation-withdrawals/); [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/)
- Anchor: https://finray.tech/intelligence/glossary/#term-aisp

### Article 60 notification (MiCA)

MiCA fast-track route by which an EU-authorised credit institution, investment firm, EMI, UCITS management company, AIFM or market operator can begin providing CASP services on the basis of a notification (rather than a full Article 59 authorisation) within 18 months of MiCA application.

- Primary source: MiCA, Article 60 — https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng
- Used on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/); [MiCA CASP licensing-success forensic analysis](https://finray.tech/intelligence/mica-casp-licensing-success/); [MiCA CASP authorisation-withdrawal forensic register](https://finray.tech/intelligence/mica-casp-authorisation-withdrawals/)
- Anchor: https://finray.tech/intelligence/glossary/#term-article-60-notification-mica

### Asset-Referenced Token issuer (ART issuer)

Issuer of a crypto-asset that purports to maintain a stable value by referencing another value, right, or a combination of those, including one or more official currencies. Authorised under MiCA Title III with EBA as lead supervisor for significant ARTs.

- Primary source: MiCA, Title III — https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng
- Used on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/)
- Anchor: https://finray.tech/intelligence/glossary/#term-art-issuer

### Crypto-Asset Service Provider (CASP)

Legal person authorised under MiCA Title V to provide one or more of the ten enumerated crypto-asset services (custody, exchange, execution, placing, reception/transmission, advice, portfolio management, transfer, operation of a trading platform, exchange of crypto-assets for fiat or other crypto-assets) on a professional basis.

- Primary source: MiCA, Article 3(1)(15) — https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng
- Used on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/); [MiCA CASP licensing-success forensic analysis](https://finray.tech/intelligence/mica-casp-licensing-success/); [MiCA CASP authorisation-withdrawal forensic register](https://finray.tech/intelligence/mica-casp-authorisation-withdrawals/); [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/); [The Travel Rule is not a compliance bolt-on. It is an identity routing problem.](https://finray.tech/intelligence/travel-rule-identity-routing-problem/)
- Anchor: https://finray.tech/intelligence/glossary/#term-casp

### Digital Asset Service Provider (DASP)

French pre-MiCA national regime for digital-asset firms registered with the AMF and ACPR (formerly PSAN — Prestataire de Services sur Actifs Numériques). DASPs must transition to MiCA CASP authorisation by 1 July 2026 in most Member States or exit the French market.

- Primary source: AMF DASP register — https://www.amf-france.org/en/professionals/fintech/my-relations-amf/become-digital-asset-service-provider-dasp
- Used on: [MiCA CASP authorisation-withdrawal forensic register](https://finray.tech/intelligence/mica-casp-authorisation-withdrawals/)
- Anchor: https://finray.tech/intelligence/glossary/#term-dasp

### E-Money Token issuer (EMT issuer)

Issuer of a crypto-asset that purports to maintain a stable value by referencing the value of one official currency. Authorised under MiCA Title IV; EMT issuance is restricted to credit institutions and EMIs.

- Primary source: MiCA, Title IV — https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng
- Used on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/)
- Anchor: https://finray.tech/intelligence/glossary/#term-emt-issuer

### Electronic Money Institution (EMI)

Legal person authorised under EMD2 to issue electronic money — a monetary value stored electronically on receipt of funds, accepted by a person other than the issuer. EMIs may also provide payment services within their authorisation.

- Primary source: EMD2, Article 2(1) — https://eur-lex.europa.eu/eli/dir/2009/110/oj/eng
- Used on: [EMI / PI licensing-success forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-licensing-success/); [EMI / PI authorisation-withdrawal forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-authorisation-withdrawals/); [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/); [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/); [Core banking deployment topology and regulatory alignment — multi-tenant SaaS vs single-tenant in customer cloud account](https://finray.tech/intelligence/deployment-topology-regulatory-alignment/); [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/); [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/); [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/)
- Anchor: https://finray.tech/intelligence/glossary/#term-emi

### Money Service Business (MSB)

Non-bank financial institution providing one or more of currency dealing, money transmission, cheque cashing, or payment instrument issuance — supervised under jurisdiction-specific AML/CTF regimes (FinCEN in the US, FINTRAC in Canada, HMRC in the UK).

- Anchor: https://finray.tech/intelligence/glossary/#term-msb

### Payment Initiation Service Provider (PISP)

PSD2 service category for firms that initiate payments at the request of a payment-service user from an account held at another institution, typically through API-mediated access. PISPs require full PI authorisation, not just registration.

- Primary source: PSD2, Article 4(18) — https://eur-lex.europa.eu/eli/dir/2015/2366/oj/eng
- Used on: [EMI / PI licensing-success forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-licensing-success/); [EMI / PI authorisation-withdrawal forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-authorisation-withdrawals/); [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/); [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/); [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/)
- Anchor: https://finray.tech/intelligence/glossary/#term-pisp

### Payment Institution (PI)

Legal person authorised under PSD2 to provide payment services across the eight Annex I categories. Subject to safeguarding, conduct, AML and outsourcing rules; capital requirements scale with service scope.

- Primary source: PSD2, Article 4(4) — https://eur-lex.europa.eu/eli/dir/2015/2366/oj/eng
- Used on: [EMI / PI licensing-success forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-licensing-success/); [EMI / PI authorisation-withdrawal forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-authorisation-withdrawals/); [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/); [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/); [Core banking deployment topology and regulatory alignment — multi-tenant SaaS vs single-tenant in customer cloud account](https://finray.tech/intelligence/deployment-topology-regulatory-alignment/); [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/); [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/); [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/); [The Travel Rule is not a compliance bolt-on. It is an identity routing problem.](https://finray.tech/intelligence/travel-rule-identity-routing-problem/)
- Anchor: https://finray.tech/intelligence/glossary/#term-pi

## Regulatory regimes (12)

Statutes, directives and regulations whose substantive provisions are referenced across the Intelligence body. Definitions point to the official journal text.

### Anti-Money Laundering Authority Regulation (AMLA Regulation)

EU regulation establishing the Anti-Money Laundering Authority (AMLA) as the new direct-supervision and coordination authority for the AML rulebook. Applies from July 2025 with direct supervision of selected obliged entities from 2028.

- Primary source: Regulation (EU) 2024/1620 — https://eur-lex.europa.eu/eli/reg/2024/1620/oj/eng
- Used on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/); [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/); [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/)
- Anchor: https://finray.tech/intelligence/glossary/#term-amla-regulation

### Anti-Money Laundering Directive 6 (AMLD6)

Member-State implementing directive that sits alongside the AMLR. Covers FIU powers, beneficial-ownership registers, and Member-State institutional infrastructure for AML/CTF supervision; transposition deadline July 2027.

- Primary source: Directive (EU) 2024/1640 — https://eur-lex.europa.eu/eli/dir/2024/1640/oj/eng
- Used on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/); [EMI / PI authorisation-withdrawal forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-authorisation-withdrawals/); [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/); [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/)
- Anchor: https://finray.tech/intelligence/glossary/#term-amld6

### Anti-Money Laundering Regulation (AMLR)

Single AML rulebook applicable directly across the EU, replacing fragmented Member-State transpositions of AMLD4/5. Covers CDD, beneficial ownership, sanctions screening and reporting; extends to CASPs from July 2027.

- Primary source: Regulation (EU) 2024/1624 — https://eur-lex.europa.eu/eli/reg/2024/1624/oj/eng
- Used on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/); [EMI / PI authorisation-withdrawal forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-authorisation-withdrawals/); [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/); [MiCA CASP authorisation-withdrawal forensic register](https://finray.tech/intelligence/mica-casp-authorisation-withdrawals/); [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/)
- Anchor: https://finray.tech/intelligence/glossary/#term-amlr

### Digital Operational Resilience Act (DORA)

EU regulation harmonising ICT risk management and operational-resilience requirements across the financial sector. Five pillars: ICT risk management, incident reporting, digital operational-resilience testing, third-party risk and information sharing. Applies from January 2025.

- Primary source: Regulation (EU) 2022/2554 — https://eur-lex.europa.eu/eli/reg/2022/2554/oj/eng
- Used on: [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/); [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/); [Core banking deployment topology and regulatory alignment — multi-tenant SaaS vs single-tenant in customer cloud account](https://finray.tech/intelligence/deployment-topology-regulatory-alignment/); [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/); [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/); [EMI / PI authorisation-withdrawal forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-authorisation-withdrawals/); [EMI / PI licensing-success forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-licensing-success/); [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/); [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/); [MiCA CASP authorisation-withdrawal forensic register](https://finray.tech/intelligence/mica-casp-authorisation-withdrawals/); [MiCA CASP licensing-success forensic analysis](https://finray.tech/intelligence/mica-casp-licensing-success/); [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/); [Swiss FINMA GRC and ICS software](https://finray.tech/intelligence/swiss-finma-grc-ics/); [The Travel Rule is not a compliance bolt-on. It is an identity routing problem.](https://finray.tech/intelligence/travel-rule-identity-routing-problem/)
- Anchor: https://finray.tech/intelligence/glossary/#term-dora

### DORA Article 28 Register of Information (RoI)

Standardised register of all contractual arrangements with ICT third-party service providers that DORA-scope financial entities must maintain and submit annually to their NCA. Schema fixed by ITS (EU) 2024/2956; first submission window opened Q1 2025.

- Primary source: ITS (EU) 2024/2956 — https://eur-lex.europa.eu/eli/reg_impl/2024/2956/oj/eng
- Used on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/); [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/); [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/)
- Anchor: https://finray.tech/intelligence/glossary/#term-roi

### Electronic Money Directive 2 (EMD2)

EU directive establishing the prudential regime for Electronic Money Institutions, including the issuance of e-money, safeguarding, and capital requirements. National transpositions provide each Member State's authorisation framework.

- Primary source: Directive 2009/110/EC — https://eur-lex.europa.eu/eli/dir/2009/110/oj/eng
- Used on: [EMI / PI licensing-success forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-licensing-success/); [EMI / PI authorisation-withdrawal forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-authorisation-withdrawals/); [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/); [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/); [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/)
- Anchor: https://finray.tech/intelligence/glossary/#term-emd2

### FCA PS25/12 — Supplementary Safeguarding Regime (PS25/12)

FCA policy statement (May 2025) introducing the Supplementary Safeguarding Regime — additional CASS 15 (operational), CASS 10A (resolution pack), SUP 3A (annual audit) and SUP 16.14A (monthly REP027 return) obligations for payment institutions and electronic money institutions. Effective 2026-05-07; runs in parallel to PSD2 Article 10 / EMD2 Article 7 until PSD3 / PSR transposition.

- Primary source: FCA PS25/12 — https://www.fca.org.uk/publication/policy/ps25-12.pdf
- Used on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/); [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/)
- Anchor: https://finray.tech/intelligence/glossary/#term-ps25-12

### FINMA Circular 23/01 — Operational risks and resilience

FINMA circular consolidating expectations on operational-risk management and ICT/cyber resilience for Swiss banks and securities firms. Replaces the former FINMA Circ. 08/21 and embeds Basel principles for sound operational-risk management.

- Primary source: FINMA Circulars — https://www.finma.ch/en/documentation/circulars/
- Used on: [Swiss FINMA GRC and ICS software](https://finray.tech/intelligence/swiss-finma-grc-ics/)
- Anchor: https://finray.tech/intelligence/glossary/#term-finma-circular-23-01-operational-risks-and-resilience

### Markets in Crypto-Assets Regulation (MiCA)

EU regulation harmonising the prudential and conduct regime for crypto-asset issuers and CASPs. Title III governs ARTs, Title IV governs EMTs, Title V governs CASPs. Title V application: 30 December 2024; Member-State transitional period for pre-MiCA national-regime entities runs to 1 July 2026.

- Primary source: Regulation (EU) 2023/1114 — https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng
- Used on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/); [MiCA CASP licensing-success forensic analysis](https://finray.tech/intelligence/mica-casp-licensing-success/); [MiCA CASP authorisation-withdrawal forensic register](https://finray.tech/intelligence/mica-casp-authorisation-withdrawals/); [The Travel Rule is not a compliance bolt-on. It is an identity routing problem.](https://finray.tech/intelligence/travel-rule-identity-routing-problem/)
- Anchor: https://finray.tech/intelligence/glossary/#term-mica

### Payment Services Directive 2 (PSD2)

EU directive establishing the prudential and conduct regime for Payment Institutions and the eight Annex I payment services. Introduced strong customer authentication (SCA) and access-to-account (XS2A) for AISPs and PISPs.

- Primary source: Directive (EU) 2015/2366 — https://eur-lex.europa.eu/eli/dir/2015/2366/oj/eng
- Used on: [EMI / PI licensing-success forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-licensing-success/); [EMI / PI authorisation-withdrawal forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-authorisation-withdrawals/); [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/); [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/); [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/)
- Anchor: https://finray.tech/intelligence/glossary/#term-psd2

### Payment Services Regulation (PSD3 package) (PSR)

Directly-applicable regulation in the PSD3 package replacing the PSD2 conduct provisions with harmonised EU rules on fraud, dispute resolution and consumer protection. Companion to the PSD3 directive (which keeps prudential rules at directive level).

- Primary source: Council ST 8221/2026 (final compromise) — https://data.consilium.europa.eu/doc/document/ST-8221-2026-INIT/en/pdf
- Used on: [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/); [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/); [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/)
- Anchor: https://finray.tech/intelligence/glossary/#term-psr

### Transfer of Funds Regulation (ToFR)

EU regulation extending the FATF Travel Rule to crypto-asset transfers. CASPs must collect and transmit originator and beneficiary information for every transfer, regardless of value. Applies from 30 December 2024.

- Primary source: Regulation (EU) 2023/1113 — https://eur-lex.europa.eu/eli/reg/2023/1113/oj/eng
- Used on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/); [MiCA CASP authorisation-withdrawal forensic register](https://finray.tech/intelligence/mica-casp-authorisation-withdrawals/); [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/); [The Travel Rule is not a compliance bolt-on. It is an identity routing problem.](https://finray.tech/intelligence/travel-rule-identity-routing-problem/)
- Anchor: https://finray.tech/intelligence/glossary/#term-tofr

## Supervisory perimeter (12)

European Supervisory Authorities, national competent authorities and international standard-setters whose published positions, registers or decisions Finray Intelligence cites as primary sources.

### Anti-Money Laundering Authority (AMLA)

EU authority established under Regulation (EU) 2024/1620 to coordinate AML/CTF supervision across Member States and directly supervise selected obliged entities. Headquartered in Frankfurt; operational from 2025, direct supervision from 2028.

- Primary source: AMLA portal — https://www.amla.europa.eu/index_en
- Used on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/); [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/); [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/)
- Anchor: https://finray.tech/intelligence/glossary/#term-amla

### Autorité des Marchés Financiers (AMF)

French Financial Markets Authority. Co-supervises crypto-asset firms with ACPR and publishes per-entity délibération PDFs for every PSAN/DASP/CASP delisting and revocation since 2020 — the cleanest historical trail in the EEA.

- Primary source: AMF portal — https://www.amf-france.org/
- Used on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/); [MiCA CASP authorisation-withdrawal forensic register](https://finray.tech/intelligence/mica-casp-authorisation-withdrawals/)
- Anchor: https://finray.tech/intelligence/glossary/#term-amf

### Bank of Lithuania (BoL)

Lithuanian central bank and financial-services supervisor. Publishes the EMI/PI/AISP register with English-language press releases for every authorisation revocation; significant EEA hub for Lithuania-based fintech.

- Primary source: Bank of Lithuania portal — https://www.lb.lt/
- Used on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/); [EMI / PI licensing-success forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-licensing-success/); [EMI / PI authorisation-withdrawal forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-authorisation-withdrawals/); [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/)
- Anchor: https://finray.tech/intelligence/glossary/#term-bol

### De Nederlandsche Bank (DNB)

Dutch prudential supervisor for credit institutions, EMIs, PIs and money-exchange firms. Publishes registers of authorised firms and enforcement-measures pages for licence withdrawals.

- Primary source: DNB portal — https://www.dnb.nl/
- Used on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/); [EMI / PI licensing-success forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-licensing-success/); [EMI / PI authorisation-withdrawal forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-authorisation-withdrawals/)
- Anchor: https://finray.tech/intelligence/glossary/#term-dnb

### European Banking Authority (EBA)

EU banking supervisor. Maintains the EUCLID payment-institutions register, harmonises the EU EMI/PI prudential framework, and acts as lead supervisor for significant ARTs and EMTs under MiCA.

- Primary source: EBA portal — https://www.eba.europa.eu/
- Used on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/); [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/); [EMI / PI licensing-success forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-licensing-success/); [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/); [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/); [Core banking deployment topology and regulatory alignment — multi-tenant SaaS vs single-tenant in customer cloud account](https://finray.tech/intelligence/deployment-topology-regulatory-alignment/); [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/); [The Travel Rule is not a compliance bolt-on. It is an identity routing problem.](https://finray.tech/intelligence/travel-rule-identity-routing-problem/)
- Anchor: https://finray.tech/intelligence/glossary/#term-eba

### European Insurance and Occupational Pensions Authority (EIOPA)

EU insurance and pensions supervisor. One of the three ESAs; co-author of the joint DORA RTS/ITS and DORA Joint Committee reports.

- Primary source: EIOPA portal — https://www.eiopa.europa.eu/
- Used on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/); [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/)
- Anchor: https://finray.tech/intelligence/glossary/#term-eiopa

### European Securities and Markets Authority (ESMA)

EU securities and markets supervisor. Publishes the interim MiCA register of authorised CASPs and notified Article 60 firms; co-author of MiCA Level 2/3 RTS and ITS.

- Primary source: ESMA portal — https://www.esma.europa.eu/
- Used on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/); [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/); [MiCA CASP licensing-success forensic analysis](https://finray.tech/intelligence/mica-casp-licensing-success/); [MiCA CASP authorisation-withdrawal forensic register](https://finray.tech/intelligence/mica-casp-authorisation-withdrawals/); [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/)
- Anchor: https://finray.tech/intelligence/glossary/#term-esma

### European Supervisory Authorities (ESAs)

Collective term for EBA, ESMA and EIOPA. Coordinate cross-sectoral work via the Joint Committee, including DORA Level 2 RTS/ITS and the consolidated EU oversight of critical ICT third-party service providers.

- Used on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/); [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/); [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/)
- Anchor: https://finray.tech/intelligence/glossary/#term-esas

### Financial Action Task Force (FATF)

Global standard-setter for AML/CTF. Source of Recommendation 16 (the Travel Rule for wire transfers and virtual-asset transfers) and the VASP/virtual-asset guidance that EU and Member-State AML rules are aligned to.

- Primary source: FATF portal — https://www.fatf-gafi.org/
- Used on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/); [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/); [The Travel Rule is not a compliance bolt-on. It is an identity routing problem.](https://finray.tech/intelligence/travel-rule-identity-routing-problem/)
- Anchor: https://finray.tech/intelligence/glossary/#term-fatf

### Financial Conduct Authority (FCA)

UK conduct regulator for financial-services firms. Maintains the Financial Services Register including authorised and small EMIs and PIs; publishes Final Notices for EMI/PI registration cancellations and EMD-revocation status fields.

- Primary source: FCA portal — https://www.fca.org.uk/
- Used on: [EMI / PI licensing-success forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-licensing-success/); [EMI / PI authorisation-withdrawal forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-authorisation-withdrawals/); [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/); [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/); [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/)
- Anchor: https://finray.tech/intelligence/glossary/#term-fca

### National Competent Authority (NCA)

Member-State authority designated as competent for a particular EU regulatory regime. The same Member State typically designates different NCAs for banking, markets and insurance — DORA in particular preserves this sectoral split rather than imposing a single supervisor.

- Used on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/); [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/); [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/); [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/)
- Anchor: https://finray.tech/intelligence/glossary/#term-nca

### Swiss Financial Market Supervisory Authority (FINMA)

Swiss prudential and conduct supervisor for banks, securities firms, insurers and DLT trading facilities. Authority for FINMASA, BankG, FINIG, FINSA, AMLA Switzerland and the FINMA Circular series.

- Primary source: FINMA portal — https://www.finma.ch/
- Used on: [Swiss FINMA GRC and ICS software](https://finray.tech/intelligence/swiss-finma-grc-ics/); [Core banking deployment topology and regulatory alignment — multi-tenant SaaS vs single-tenant in customer cloud account](https://finray.tech/intelligence/deployment-topology-regulatory-alignment/)
- Anchor: https://finray.tech/intelligence/glossary/#term-finma

## Functions and technical standards (18)

Functions, controls and technical standards referenced when describing compliant operating models. These are the building blocks regulations point to.

### Acknowledgement letter

Written confirmation from a credit institution that a specified bank account is held under safeguarding rules, identifying account ownership, segregation status and the safeguarding obligation. CASS 15.3 requires the letter to be in place before relevant funds are deposited; renewal cadence is at the first anniversary and per supervisory expectation thereafter.

- Primary source: FCA Handbook CASS 15.3 — https://www.handbook.fca.org.uk/handbook/CASS/15/3.html?date=2026-05-07
- Used on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/); [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/)
- Anchor: https://finray.tech/intelligence/glossary/#term-acknowledgement-letter

### CASS 10A (resolution pack) (CASS 10A)

FCA Handbook chapter (effective 2026-05-07) setting out resolution-pack obligations for payment institutions and electronic money institutions: a documented set of records, governance arrangements and funding pathways enabling insolvency practitioners to return safeguarded funds to clients in an orderly fashion.

- Primary source: FCA Handbook CASS 10A — https://www.handbook.fca.org.uk/handbook/CASS/10A/?date=2026-05-07
- Used on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/); [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/)
- Anchor: https://finray.tech/intelligence/glossary/#term-cass-10a

### CASS 15 (operational safeguarding) (CASS 15)

FCA Handbook chapter (effective 2026-05-07) setting out operational safeguarding obligations for payment institutions and electronic money institutions: account designation, segregation, daily reconciliation, intraday integrity, books-and-records-at-any-time-without-delay and group oversight.

- Primary source: FCA Handbook CASS 15 — https://www.handbook.fca.org.uk/handbook/CASS/15/?date=2026-05-07
- Used on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/); [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/)
- Anchor: https://finray.tech/intelligence/glossary/#term-cass-15

### Critical ICT third-party provider (CTPP) designation (CTPP)

Designation under DORA Article 31(9), assigned jointly by the ESAs after Register of Information data collection and criticality assessment under Commission Delegated Regulation (EU) 2024/1502. Designated CTPPs become subject to direct EU-level oversight; the first batch of 19 providers was published on 18 November 2025.

- Primary source: DORA Article 31(9) — https://eur-lex.europa.eu/eli/reg/2022/2554/oj
- Used on: [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/)
- Anchor: https://finray.tech/intelligence/glossary/#term-ctpp

### Critical or Important Function (CIF)

DORA-defined function whose disruption would materially impair the financial performance of the entity, the soundness or continuity of its services, or compliance with regulatory requirements. CIF identification is the gating decision for which ICT services fall under the DORA Article 28 third-party-policy and subcontracting rules.

- Primary source: DORA Article 3(22) — https://eur-lex.europa.eu/eli/reg/2022/2554/oj
- Used on: [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/); [Core banking deployment topology and regulatory alignment — multi-tenant SaaS vs single-tenant in customer cloud account](https://finray.tech/intelligence/deployment-topology-regulatory-alignment/)
- Anchor: https://finray.tech/intelligence/glossary/#term-cif

### Customer Due Diligence (CDD)

AML obligation requiring obliged entities to verify customer identity, identify beneficial owners, understand the purpose of the business relationship, and conduct ongoing monitoring of transactions. Risk-based; enhanced for higher-risk customers (EDD).

- Primary source: AMLR, Chapter III — https://eur-lex.europa.eu/eli/reg/2024/1624/oj/eng
- Used on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/); [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/); [The Travel Rule is not a compliance bolt-on. It is an identity routing problem.](https://finray.tech/intelligence/travel-rule-identity-routing-problem/)
- Anchor: https://finray.tech/intelligence/glossary/#term-cdd

### ICT third-party policy

DORA Article 28(10) requirement that every financial entity in scope adopt a written policy governing ICT third-party arrangements supporting critical or important functions: management-body adoption, annual review, criticality methodology, named responsibilities, lifecycle governance, exit planning. Detailed by Commission Delegated Regulation (EU) 2024/1773.

- Primary source: Commission Delegated Regulation (EU) 2024/1773 — https://eur-lex.europa.eu/eli/reg_del/2024/1773/oj
- Used on: [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/); [Core banking deployment topology and regulatory alignment — multi-tenant SaaS vs single-tenant in customer cloud account](https://finray.tech/intelligence/deployment-topology-regulatory-alignment/)
- Anchor: https://finray.tech/intelligence/glossary/#term-ict-third-party-policy

### ICT third-party service provider

Under DORA, any undertaking providing ICT services to a financial entity. Distinguishes from outsourcing of regulated functions; the contract perimeter is broader. Critical ICT third-parties (CTPPs) face direct EU oversight.

- Primary source: DORA, Article 3(19) — https://eur-lex.europa.eu/eli/reg/2022/2554/oj/eng
- Used on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/); [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/); [Core banking deployment topology and regulatory alignment — multi-tenant SaaS vs single-tenant in customer cloud account](https://finray.tech/intelligence/deployment-topology-regulatory-alignment/); [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/)
- Anchor: https://finray.tech/intelligence/glossary/#term-ict-third-party-service-provider

### Implementing Technical Standards (ITS)

Level 2 EU legislative instrument setting out the operational implementation of Level 1 regulations. Adopted by the Commission on the basis of ESA drafts; binding and directly applicable.

- Used on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/); [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/); [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/)
- Anchor: https://finray.tech/intelligence/glossary/#term-its

### ISO 20022

International standard for financial-services messaging. Used across SEPA Instant, SWIFT CBPR+, T2/TARGET2, and modern domestic payment rails. Provides a structured XML/ISO-format superset of legacy MT messages.

- Primary source: ISO 20022 page — https://www.iso.org/standard/20022-1
- Used on: [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/); [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/)
- Anchor: https://finray.tech/intelligence/glossary/#term-iso-20022

### ISO/IEC 27001

International standard for information-security management systems (ISMS). The de facto baseline for vendor and internal ICT assurance across regulated finance; certification scope and statement of applicability are key procurement signals.

- Primary source: ISO/IEC 27001 page — https://www.iso.org/standard/27001
- Used on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/); [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/); [Swiss FINMA GRC and ICS software](https://finray.tech/intelligence/swiss-finma-grc-ics/); [Core banking deployment topology and regulatory alignment — multi-tenant SaaS vs single-tenant in customer cloud account](https://finray.tech/intelligence/deployment-topology-regulatory-alignment/)
- Anchor: https://finray.tech/intelligence/glossary/#term-iso-iec-27001

### Regulatory Technical Standards (RTS)

Level 2 EU legislative instrument setting out detailed substantive requirements that complement Level 1 regulations. Adopted by the Commission on the basis of ESA drafts; binding and directly applicable.

- Used on: [DORA Article 28 ICT third-party Register of Information tracker](https://finray.tech/intelligence/dora-article-28-roi-tracker/); [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/); [DORA Article 28 RTS/ITS Pack — entity-level RoI, third-party-policy and subcontracting controls](https://finray.tech/intelligence/dora-rts-its-pack/)
- Anchor: https://finray.tech/intelligence/glossary/#term-rts

### REP027 monthly safeguarding return (REP027)

FCA monthly return submitted by payment institutions and electronic money institutions under SUP 16.14A, capturing safeguarded balances, account-designation status, reconciliation discrepancies, exit-plan readiness and management-body sign-off. Effective 2026-05-07.

- Primary source: FCA Handbook SUP 16.14A — https://www.handbook.fca.org.uk/handbook/SUP/16/14A.html?date=2026-05-07
- Used on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/)
- Anchor: https://finray.tech/intelligence/glossary/#term-rep027

### Resolution pack

Documented set of records, governance arrangements and funding pathways maintained by a payment institution or electronic money institution that enables an insolvency practitioner to return safeguarded funds to clients in an orderly fashion. Required under FCA CASS 10A (effective 2026-05-07); distinct from a Bank of England resolution plan.

- Primary source: FCA Handbook CASS 10A — https://www.handbook.fca.org.uk/handbook/CASS/10A/?date=2026-05-07
- Used on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/); [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/)
- Anchor: https://finray.tech/intelligence/glossary/#term-resolution-pack

### Safeguarding

PSD2/EMD2 obligation to protect funds received from payment-service users by either depositing them in a separate account at an authorised credit institution or insuring them with an authorised insurer. Breach is a leading cause of EMI/PI authorisation revocation.

- Primary source: PSD2, Article 10 — https://eur-lex.europa.eu/eli/dir/2015/2366/oj/eng
- Used on: [EMI / PI authorisation-withdrawal forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-authorisation-withdrawals/); [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/); [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/); [Safeguarding reconciliation is a solvency discipline](https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/)
- Anchor: https://finray.tech/intelligence/glossary/#term-safeguarding

### Strong Customer Authentication (SCA)

Multi-factor authentication requirement under PSD2 (and inherited by PSD3/PSR) for electronic payments, account access and high-risk operations. Defined in the SCA RTS (EU) 2018/389 with limited exemptions for low-value, recurring or trusted-beneficiary transactions.

- Primary source: SCA RTS (EU) 2018/389 — https://eur-lex.europa.eu/eli/reg_del/2018/389/oj/eng
- Used on: [EMI / PI licensing-success forensic register (EEA + UK)](https://finray.tech/intelligence/emi-pi-licensing-success/); [EU/UK PI/EMI core banking selection](https://finray.tech/intelligence/eu-uk-pi-emi-core-banking/)
- Anchor: https://finray.tech/intelligence/glossary/#term-sca

### SUP 3A (annual safeguarding audit) (SUP 3A)

FCA Handbook chapter (effective 2026-05-07) requiring payment institutions and electronic money institutions to obtain an annual safeguarding audit from a CASS-qualified audit firm against the CASS 15 and CASS 10A obligations. Audit reports are filed with the FCA; opinion is reasonable assurance for the breach reporting line.

- Primary source: FCA Handbook SUP 3A — https://www.handbook.fca.org.uk/handbook/SUP/3A/?date=2026-05-07
- Used on: [FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta](https://finray.tech/intelligence/fca-supplementary-safeguarding-regime/)
- Anchor: https://finray.tech/intelligence/glossary/#term-sup-3a

### Travel Rule

FATF Recommendation 16 obligation requiring originator and beneficiary information to accompany wire transfers and virtual-asset transfers. Implemented in the EU by the Transfer of Funds Regulation; technical exchange protocols include IVMS 101 and TRP.

- Primary source: FATF Recommendation 16 — https://www.fatf-gafi.org/en/publications/Fatfrecommendations/update-Recommendation-16-payment-transparency-june-2025.html
- Used on: [CASP MiCA compliance operating model](https://finray.tech/intelligence/casp-mica-compliance/); [AMLR / AMLD6 / AMLA implementation pathway tracker](https://finray.tech/intelligence/amlr-amla-implementation-tracker/); [The Travel Rule is not a compliance bolt-on. It is an identity routing problem.](https://finray.tech/intelligence/travel-rule-identity-routing-problem/)
- Anchor: https://finray.tech/intelligence/glossary/#term-travel-rule