Glossary
Technical and regulatory entities for banking and insurance
Canonical definitions we use in our projects with tier 1 banking and insurance clients. Each entry covers scope of application, relevant regulatory or technical milestones and how it translates into decisions on architecture, risk and compliance.
European regulation · 6 entries
-
ISO/IEC 42001
International standard for the AI management system (AIMS). Governance framework covering risk, model lifecycle and accountability. Adopted by European banking to get ahead of the AI Act.
Read entry →
-
DORA · Article 28
EU Regulation 2022/2554 — Article 28 governs critical ICT third-party providers for financial entities: registry, assessment, contracting, exit strategy and ongoing supervision. Applicable since January 2025.
Read entry →
-
EU AI Act (banking)
EU Regulation 2024/1689 on artificial intelligence. In banking and insurance, credit scoring and actuarial pricing systems fall as high-risk. Phased enforcement 2025-2027.
Read entry →
-
BCBS 239 (RDARR)
BCBS 239 is the set of 14 principles published by the Basel Committee on Banking Supervision (2013) for effective risk data aggregation and risk reporting (RDARR). It applies to global systemically important banks (G-SIBs) and has been extended by supervisors to domestic systemically important banks (D-SIBs).
Read entry →
-
Basel III / IV
Basel III/IV is the Basel Committee on Banking Supervision's prudential framework for banks' capital, liquidity and leverage requirements. In the European Union it is transposed through the Capital Requirements Regulation (CRR) and Directive (CRD); the final phase (CRR III, applicable from January 2025) introduces the output floor.
Read entry →
-
CSRD / ESRS
The CSRD (Corporate Sustainability Reporting Directive, Directive (EU) 2022/2464) requires large companies and financial institutions in the EU to publish audited sustainability information in line with the ESRS standards (European Sustainability Reporting Standards). It introduces the principle of double materiality and a tagged digital format.
Read entry →
LATAM regulation · 11 entries
-
Fintech Law (Chile · Law 21,521)
Law 21,521 (Ley Fintec, 2023) creates the regulatory framework for technology-based financial services in Chile, under the supervision of the Comisión para el Mercado Financiero (CMF, Chile's financial market regulator). It regulates platforms such as collective financing and advice, custody and order routing, and establishes the Sistema de Finanzas Abiertas (Open Finance System).
Read entry →
-
CNSF / LISF (insurance · Mexico)
The CNSF (Comisión Nacional de Seguros y Fianzas, Mexico's insurance and surety regulator) supervises the country's insurance and surety sector. The LISF (Ley de Instituciones de Seguros y de Fianzas, Mexico's insurance and surety institutions law, 2013) introduced a risk-based solvency regime —inspired by Solvency II— with a solvency capital requirement (RCS), technical provisions, corporate governance and regulatory reporting.
Read entry →
-
CUB — Circular Única de Bancos (banking · Mexico)
The CUB (Circular Única de Bancos) is the body of general provisions applicable to credit institutions issued by the Comisión Nacional Bancaria y de Valores (CNBV) of Mexico. It consolidates the banking prudential framework: capital requirements, integral risk management, accounting and disclosure criteria and regulatory reporting to the CNBV.
Read entry →
-
CUSF — Circular Única de Seguros y Fianzas (insurance · Mexico)
The CUSF (Circular Única de Seguros y Fianzas) is the body of general provisions issued by the Comisión Nacional de Seguros y Fianzas (CNSF) of Mexico to develop the LISF (Ley de Instituciones de Seguros y de Fianzas). It details the operational regime of the insurance and surety sector: solvency capital requirement (RCS), technical provisions, corporate governance and regulatory reporting.
Read entry →
-
LFPDPPP — Ley Federal de Protección de Datos Personales en Posesión de los Particulares (data protection · Mexico)
The LFPDPPP is the Mexican law governing the processing of personal data carried out by private parties (companies and natural persons engaged in private activity). It establishes processing principles, the ARCO rights of data subjects and the privacy notice obligation. It is the applicable framework for the private sector in Mexico and must not be confused with the European GDPR.
Read entry →
-
IFRS 9 / CNBV B-6 accounting criteria (banking · Mexico)
The CNBV accounting criteria govern the recording and valuation of the loan portfolio and its preventive allowances in Mexican multiple banking institutions, in convergence with IFRS 9. They replace the incurred loss approach with an expected credit loss (ECL) model, which recognises impairment in advance throughout the life of the credit.
Read entry →
-
RAN — Recopilación Actualizada de Normas (banking · Chile)
The Recopilación Actualizada de Normas (RAN) is the regulatory compendium that brings together, organised by chapters, the standards that the Comisión para el Mercado Financiero (CMF) applies to banks in Chile. It functions as the reference regulatory body for banking activity, covering governance and management, prudential requirements, risk management and reporting obligations.
Read entry →
-
CMF regulation on information security, cybersecurity and operational continuity (banking · Chile)
Set of requirements from the Comisión para el Mercado Financiero (CMF) of Chile on information security management, cybersecurity and operational continuity applicable to banks. In the sector the chapter RAN 20-10 of the Recopilación Actualizada de Normas is commonly cited as a reference. Its purpose is for entities to manage operational and technological risks, protect information and maintain the continuity of their operations and services.
Read entry →
-
Risk-Based Solvency (insurance · Chile)
Risk-Based Solvency (SBR) is the solvency model for Chilean insurance companies promoted by the Comisión para el Mercado Financiero (CMF). It replaces a fixed-margin approach with risk-sensitive capital requirements, so that the capital required of the insurer reflects the risks it actually assumes (technical, market, credit and operational).
Read entry →
-
IFRS 17 / IAS 17 (insurance · Chile · CMF)
IFRS 17 is the international accounting standard for insurance contracts issued by the IASB of the IFRS Foundation. In Chile, the Comisión para el Mercado Financiero (CMF) incorporates it into the framework applicable to supervised insurers, changing the way insurance liabilities are measured: by groups of contracts, with discounted cash flows, risk adjustment and contractual service margin (CSM). In practice it is a data quality and intensive actuarial calculation problem.
Read entry →
-
Law No. 21,000 (financial market · Chile)
Law No. 21,000 is the Chilean law that creates the Comisión para el Mercado Financiero (CMF) and defines its mandate: integrated supervision of the financial market. It establishes the CMF as a technical body with a collegiate council, endowing it with powers of regulation, oversight and sanction over the entities it supervises, replacing the previous system of superintendencies.
Read entry →
Technical / sector · 10 entries
-
IBM Spectrum Symphony
IBM's grid computing platform for high-concurrency distributed workloads. Dominant in investment banking for Monte Carlo, FRTB, XVA, VaR. Vermont operates +1,200 licenses and publishes the Add-on for regulatory evidence.
Read entry →
-
FRTB IMA
Fundamental Review of the Trading Book · Internal Models Approach. BCBS d457 framework for market risk in investment banking. Requires HPC infrastructure capable of computing Expected Shortfall per desk with liquidity scenarios.
Read entry →
-
Oracle Forms
Oracle's client/server tool for database applications. Still supported in 12c, but its thick-client model, WebLogic dependency and Java presentation channel —plus a shrinking talent pool— push migration to web. The hard part: logic locked in PL/SQL triggers.
Read entry →
-
PL/SQL
Oracle's procedural language: procedures, functions, packages and triggers. Concentrating business logic in the database creates lock-in and technical debt. Migration to PostgreSQL (PL/pgSQL) or extraction to a service layer in regulated banking under DORA.
Read entry →
-
Cloud for regulated banking
Cloud adoption under DORA: exit strategy, reversibility and concentration risk over critical ICT providers. Sovereign cloud, hybrid cloud, HPC cloud burst and Kubernetes as a portability layer.
Read entry →
-
Technical debt
The implicit, accumulated cost of decisions that prioritised fast delivery over sustainability. In banking: COBOL, Oracle Forms, PL/SQL and batch. How its interest is measured, its impact under DORA, and how it is reduced (strangler fig vs big bang).
Read entry →
-
XVA
XVA is the set of valuation adjustments applied to the price of OTC derivatives to reflect risks and costs not captured in the risk-free price: counterparty credit risk (CVA), own credit risk (DVA), funding cost (FVA), capital cost (KVA) and collateral cost (MVA).
Read entry →
-
COBOL
COBOL (Common Business-Oriented Language) is a 1959 business-oriented programming language, still dominant in the transactional core of banking and insurance (overnight batch, accounts, policies, settlements). The volume of accumulated logic and the talent shortage make it critical technical debt.
Read entry →
-
Model Risk Management (SR 11-7)
Model Risk Management (MRM) is the discipline for identifying, measuring and mitigating model risk: the risk of losses from incorrect or improperly used models (risk, pricing, scoring or AI). Its canonical references are the US Federal Reserve's SR 11-7 guidance and, in Europe, the ECB's expectations (TRIM).
Read entry →
-
Batch processes and the close window
Batch processing of end-of-day operations —settlement, interest, actuarial calculation, reporting— that must complete within a time window with strict deadlines.
Read entry →
Critical cloud · 7 entries
-
Cloud bursting
Hybrid deployment pattern that keeps the base compute load on owned infrastructure and offloads only demand spikes to the public cloud.
Read entry →
-
Kubernetes in regulated banking
Container orchestration platform that standardizes workload deployment and provides a layer of portability and reversibility between owned infrastructure and different cloud providers.
Read entry →
-
Sovereign cloud
Cloud offering designed to guarantee that data, keys and operations remain under a specific jurisdiction, isolated from foreign access, with local governance and operation.
Read entry →
-
Hybrid cloud
Deployment model that combines owned infrastructure for the core and sensitive data with elastic public cloud capacity for variable or peak workloads.
Read entry →
-
Cloud concentration risk (DORA)
Risk that dependence on a small number of critical cloud providers —the hyperscalers— becomes a single point of failure with potential systemic impact on the financial sector.
Read entry →
-
Infrastructure as code (IaC)
Practice of defining and provisioning infrastructure through declarative, versioned configuration files instead of manual operations, to achieve reproducibility and change control.
Read entry →
-
Service mesh
Infrastructure layer that manages communication between microservices, providing mutual encryption, observability and traffic control transparently to the applications.
Read entry →
Cybersecurity · 7 entries
-
SAST and DAST
SAST analyses source code without running it; DAST examines the running application from the outside. They are complementary software security testing techniques.
Read entry →
-
Zero Trust
Zero Trust is a security model that grants no implicit trust based on network location: every access is verified continuously according to identity and context.
Read entry →
-
SBOM (Software Bill of Materials)
An SBOM is a formal, structured inventory of all the components, libraries and dependencies that make up a piece of software, including their versions.
Read entry →
-
SIEM and SOC
SIEM is the platform that collects and correlates security events; SOC is the team that operates it continuously to detect and respond to incidents.
Read entry →
-
Secrets management
Secrets management is the practice of storing, rotating and controlling access to credentials, keys and tokens in a centralised, audited way and outside the code.
Read entry →
-
Software supply chain security
A set of practices that protect the integrity of dependencies, build processes and software artefacts against tampering, from source code through to deployment.
Read entry →
-
IAM / PAM
IAM manages users' identities and their access to systems; PAM applies reinforced controls to privileged accounts that hold elevated permissions.
Read entry →
IT talent · 6 entries
-
FRTB Engineer
Technical role that implements, optimizes and operates the calculation engine for the internal model approach (IMA) of FRTB on grid or HPC infrastructure.
Read entry →
-
Quant / Risk modeler
Role that develops, calibrates and validates quantitative risk models —market, credit and valuation— under a model governance framework.
Read entry →
-
HPC / Grid Engineer
Role that designs, deploys and operates high-performance computing clusters and distributed compute grids at large scale.
Read entry →
-
SRE for critical banking
Engineering discipline that applies software methods to operations to ensure the reliability of critical systems through service level objectives and automation.
Read entry →
-
Nearshore IT Spain–LATAM
Delivery model for technology services with teams located in time zones and linguistic environments close to the client, between Spain and Latin America.
Read entry →
-
Oracle DBA for critical core
Role that administers Oracle and SQL Server databases on mission-critical systems, with a focus on performance, high availability and continuity.
Read entry →
Glossary in continuous development. The English version covers the entries with a published translation; the rest are available in Spanish.