Glossary

compliance_akten.jpg

Agentic Commerce

An AI agent independently carries out research, comparison and, where applicable, purchasing

AML

Anti-Money Laundering – combating money laundering and preventing terrorist financing, as regulated, for example, in the Money Laundering Act or in the Anti-Money Laundering Regulation (EU) 2024/1624

BaFin

The German Federal Financial Supervisory Authority

BaFin guidance notes

In these, BaFin has described its administrative practice and interpretation of the law on specific issues; since November 2025, the term has no longer been used by BaFin

BaFin circulars

BaFin publishes its administrative practice or interpretation of standards and legislation on specific issues or a range of topics or areas of application in a circular

BRUBEG

The Banking Directive Implementation and Bureaucracy Relief Act– Implementation of Directive (EU) 2024/1619

CASPs

Crypto Asset Service Providers are companies or organisations that offer services relating to the trading, custody and management of crypto-assets.

CRD-VI

Fifth revision of the Capital Requirements Directive (CRD) through Directive (EU) 2024/1619

Credit score

A measure of a person’s creditworthiness

CRR credit institution

An undertaking whose activities comply with the requirements of Article 4(1)(1) of CRR (EU) 2013/575

CRR III

Second revision of the Capital Requirements Regulation (CRR) by Regulation (EU) 2024/1623

CSRBB

Credit Spread Risk in the Banking Book – the credit spread risk in a bank’s banking book refers to the risk of losses arising from changes in credit and liquidity margins.

DORA

Digital Operational Resilience Act – Regulation (EU) 2022/2554 aims to enhance digital operational resilience in the financial sector

EBA

European Banking Authority – part of the ESAs

EBA Guidelines

To ensure the uniform and consistent application of Union law, the EBA issues guidelines for competent authorities and financial institutions

E-money institution

An undertaking that issues and manages electronic money (e-money)

ESAs

European Supervisory Authorities – European financial supervisory authorities, comprising the EBA, ESMA and EIOPA

ESG criteria

Environmental, Social and Corporate Governance – a framework for addressing environmental, sustainability and social issues within corporate governance

ESMA

European Securities and Markets Authority – The European Securities and Markets Authority, part of the ESA

ECB

The European Central Bank

Fit and Proper Test

Assessment of suitability and reliability, for example of management bodies

Human-in-the-loop

AI does not operate in isolation, but is supplemented by human intervention

ICAAP

Internal Capital Adequacy Assessment Process – an internal process to ensure an institution is adequately capitalised

ICO

Initial Coin Offering – a method of raising capital in the crypto and blockchain sector, whereby a company or project issues digital tokens and sells them in exchange for established cryptocurrencies or fiat money.

ILAAP

Internal Liquidity Adequacy Assessment Process – an internal process to ensure adequate liquidity provision

ICT

Information and Communication Technologies, referring to all technologies, processes and services for the collection, processing, storage and transmission of information

IRB institutions

Institutions that use a risk-sensitive approach based on their own ratings to determine the regulatory capital requirements for credit risks

ITS

Implementing Technical Standard – a technical implementing act (Level 2) designed to ensure the uniform application of certain provisions in the underlying legislative act

AI Regulation

Regulation (EU) 2024/1689 lays down harmonised rules on artificial intelligence

SMEs

Small and medium-sized enterprises – comprises enterprises with up to 249 employees and an annual turnover not exceeding 50 million euros or a balance sheet total not exceeding 43 million euros.

Crypto-assets

Assets that are represented in a ‘decentralised’ manner via blockchains. Banking Act German Banking Act

Management body

The body or bodies appointed in accordance with national law and authorised to determine the strategy, objectives and general policy of the undertaking, to control and supervise the decisions of the management, and comprising the persons who actually manage the business of the undertaking in accordance with Article 4(1)(36) of Directive (EU) 2014/65

MaRisk

Minimum Requirements for Risk Management – BaFin circular on the organisation of risk management at German credit institutions and financial services institutions

MiCAR

Markets in Crypto-Assets Regulation – Regulation (EU) 2023/1114 on services and activities related to crypto-assets

OECD

Organisation for Economic Co-operation and Development

Output floor

Mandatory lower limit for risk weighting in the banking sector under the CRR III Regulation

PSD3

Payment Services Directive 3 – second amendment to the Payment Services Directive (PSD)

PSP

Payment Service Provider – payment service providers provide merchants with the technical and organisational infrastructure to accept payments online or at the point of sale; also used to refer to regulated payment service providers

RMF

Risk management framework – a framework for the systematic identification, assessment, management and monitoring of risks

RTS

Regulatory Technical Standard – the Regulatory Technical Standard is a (Level 2) EU legal act that clarifies and specifies technical details of existing EU legislation

RTS RMF

RTS as Delegated Regulation (EU) 2024/1772 laying down the tools, methods, processes and guidelines for ICT risk management and the simplified ICT risk management framework

SCA

Strong Customer Authentication – Strong Customer Authentication, defined in Section 1(24) of the ZAG

SEPA

Single Euro Payments Area – refers to the Single Euro Payments Area

SLA and security agreements

Service Level Agreement – a contractually agreed service commitment between a service provider (e.g. PSP) and its customer (e.g. merchant) that defines specific quality and availability targets

SREP procedure

Supervisory Review and Evaluation Process – is the structured process by which supervisory authorities regularly review and evaluate banks and payment service providers

SSM Regulation

Single Supervisory Mechanism – Regulation (EU) No 468/2014 forms the legal basis for the Single Supervisory Mechanism (SSM) Tokenised credit cards Encryption of card data during payment and replacement of the card number with a digital token

ZAG

German Payment Services Supervision Act

Payment institution

Undertakings that provide payment services on a commercial basis or on a scale requiring a business organisation established on a commercial basis, without being payment service providers within the meaning of Section 1(1)(2) to (5) of the ZAG