Glossary of key terms

algorithm
software which uses a set of rules to create an automated process whereby outcomes are generated
with little or no human intervention.

AML
anti-money laundering

application programming interface (API)

the underlying computer code behind applications which allow communication between software
programmes or operating systems (for example, to allow information on a website to be displayed on
both mobile devices and desktop browsers).

artificial intelligence (AI)

an area of computer science that emphasises the creation of intelligent machines that work and react
like humans.

asymmetric encryption
also known as public key cryptography, is a form of encryption where keys come in pairs. What one
key encrypts, only the other can decrypt. Users typically create a matching key pair, and make one
public while keeping the other secret (see private key and public key definitions below).

big data
a data set which derives value due to being very large in size, allowing it to be analysed in order to
discover trends that would not be apparent with a smaller data set.

Bitcoin
either a cryptocurrency or reference to the technology – a distributed network that maintains a ledger
of balances of Bitcoin (the cryptocurrency)

blockchain
a type of distributed ledger taking the form of an electronic database that is replicated on numerous
nodes spread across an organisation, a country, multiple countries, or the entire world. Records in a
blockchain are stored sequentially in time in the form of blocks. Each block typically contains a
cryptographic hash of the previous block, a timestamp and transaction data, which makes it inherently
resistant to modification of the data.

chatbot
a computer programme designed to stimulate conversation with human users, especially over the
internet. They are often used for basic customer service and marketing systems, as well as in
operating systems as intelligent virtual assistants, such as Siri and Alexa.

cloud computing
a model for storing data which allows access through the internet using web-based tools, rather than
requiring a direct connection to a particular server.

1
consensus
in blockchain, refers to the act of more than 50% of nodes concluding that a proposed block message
is authenticated and verified, so that the block can be added to the distributed ledger.

consensus protocol
a computer protocol in the form of an algorithm constituting a set of rules for how each participant in
a distributed ledger should process messages and how those participants should accept the processing
done by other participants. The purpose of a consensus protocol is to achieve consensus between
participants as to what a distributed ledger should contain at a given time.

crowdfunding
a method of collecting many small contributions, by means of an online funding platform, to finance
or capitalise a popular enterprise, irrespective of whether that funding leads to a loan agreement, an
equity stake or another transferable security-based stake.

cryptography
science of taking information and transforming it in a manner in which it can be deciphered only by
the intended recipient. It is used primarily to protect sensitive information.

cryptoassets
digital assets recorded on a distributed ledger.

cryptocurrency (often used interchangeably with virtual currency)

a type of cryptoasset, which is a digital representation of value that is neither issued by a central bank
or a public authority nor necessarily attached to a fiat currency, but is used by natural or legal persons
as a means of exchange and can be transferred, stored or traded electronically (European Banking
Authority). There are different types of cryptocurrencies. Bitcoin and Ethereum are among the best
known.

CFT or CTF
countering the financing of terrorism or counter-terrorist financing

cyber-attack
an attack, via cyberspace, targeting an organisation’s use of cyberspace to disrupt, disable, destroy, or
maliciously control a computing environment/infrastructure, destroy the integrity of the data or steal
controlled information. It includes malware, phishing and spear phishing attacks, social engineering
attack, denial-of-service and distributed denial-of-service, and advanced persistent threat.

cyber risk
the risk of financial loss, operational disruption, or damage, from the failure of the digital
technologies employed for informational and/or operational functions introduced to a manufacturing
system via electronic means from the unauthorised access, use, disclosure, disruption, modification or
destruction of the manufacturing system.

cyber risk management

an ongoing process aimed at mitigating the impact of cyber-attacks by identifying the risks and
adopting proper (a) pre-emptive measures to protect the IT infrastructure essential for conducting
business with minimal or no interruption, and (b) remedies and response in case of a cyber-attack.

2
cyber threat
refers to the threat of cyber-attack.

cyber threat actors

the actors responsible for cyber threats, including internal and external actors, varying from accidental
or malicious insiders, hackers, hacktivists, and petty criminals to organised crime and nation states.

cyberwarfare
refers to the most aggressive form of cyber-attack, usually carried out by a nation state, aimed at
damaging another nation’s computers or information networks, disrupting communities or countries
and/or destroying critical infrastructure or industrial facilities in a manner that affects the national
security of a state.

deep learning
a subset of machine learning that is concerned with emulating the learning approach that human
beings use to gain certain types of knowledge. While traditional machine learning algorithms are
linear, deep learning algorithms are stacked in a hierarchy of increasing complexity and abstraction.

denial-of-service attack
a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its
intended users by temporarily or indefinitely disrupting services of a host connected to the internet.

digital currency
a type of currency available only in digital form, which can be fiat currency or cryptocurrency.

digital token
a digital representation of an asset. It typically does not have intrinsic value, but is linked to an
underlying asset, which could be anything of value.

digital wallet
software that allows users to make electronic payments and purchases and store their cryptocurrencies
online.

distributed denial-of-service attack

a type of denial-of-service cyber-attack in which multiple compromised computer systems attack a
target, such as a server, website or other network resource, and cause a denial of service for users of
the targeted resource.

distributed ledger
a collection of records (making up a database), where identical copies of each record are held on
numerous computers across an organisation, a country, multiple countries, or the entire world, either
jointly or partitioned by the parties to which each record relates. A blockchain is a type of distributed
ledger, but not all distributed ledgers are blockchains.

distributed ledger technology (DLT)

software that creates a distributed ledger.

EBA
European Banking Authority

3
encryption
the method by which data is converted from a readable form to an encoded version that can only be
decoded if a party has access to a decryption key.

Ether
a cryptocurrency whose blockchain is generated by the Ethereum platform.

Ethereum
an open software platform based on blockchain technology that enables developers to build and
deploy decentralised applications.

FCA
Financial Conduct Authority in the UK

FinTech
refers to the use of technology in providing financial services that could result in new business
models, applications, processes or products with an associated material effect on financial markets
and institutions and the provision of financial services.

firmware
a software program or set of instructions programmed on a hardware device.

fork/forking
occurs when participants in a blockchain system cannot immediately choose between two (or more)
blocks upon which to continue the chain of blocks, so that two (or more) separate blocks are built on
at the same time, creating a ‘fork’ in the chain.

hash/hashing
the process by which a grouping of digital data is converted into a single number, called a hash. The
number is unique (effectively a ‘digital fingerprint’ of the source data) and the source data cannot be
reverse-engineered and recovered from it.

initial coin offering (ICO)

also referred to as a ‘token sale’, is the method of raising capital by an entity, whereby participants
provide funds (in fiat and/or cryptocurrency) to the entity, in exchange for the issue, or right to future
issue, of cryptoassets.

innovation hub
an institutional arrangement where regulated or unregulated entities engage with the competent
authority to discuss FinTech-related issues (share information, views, etc.) and seek clarification on
the conformity of business models with the regulatory framework or on regulatory/licensing
requirements (i.e., individual guidance to a firm on the interpretation of applicable rules).

Internet of Things (IoT)

A system of interrelated computing devices, mechanical and digital machines, objects, animals or
people that are provided with unique identifiers and the ability to transfer data over a network without
requiring human-to-human or human-to-computer interaction.

4
interoperability
the ability of databases, devices, or systems to talk with each other, exchanging information or
queries. In some cases, interoperable databases or systems may be directly connected, allowing for the
real-time exchange or updating of information; in others, databases or systems may be interoperable
via a trusted third-party exchange layer that facilitates communication across disparate systems.

IP address
unique address that identifies a device on the internet or a local network.

legacy system
refers to computer systems, software, programming language, application programmes or any other
technology that is either out of date, obsolete or might still be in use because its application programs
cannot be upgraded.

LegalTech
refers to the use of technology and software to provide legal services.

machine learning (ML)

a variant of AI which involves creating a programme to mimic learning, by which the programme
adapts its approach based on past experience without the need for further programming to incorporate
this.

malicious software (malware)

simple, opportunistic and very common way to exploit vulnerabilities and flaws in a programme code.
Malware can affect a computer by being downloaded through accessing a malicious webpage or
application, downloading a file from an email or even from a USB memory stick. It includes viruses,
worms, Trojan horses, spyware, and ransomware.

man-in-the-middle cyber-attack
a cyber-attack where the attacker secretly relays and possibly alters the communication between two
parties who believe they are directly communicating with each other.

Merkle tree
a data structure used for efficiently summarising and verifying the integrity of large sets of data. The
root of a Merkle tree is a single hash representing all transactions. If a single detail in any of the
transactions changes, so does the Merkle root.

metadata
a set of data that describes and gives information about other data. For example, information about the
title, subject, author and size of the data file of a document constitute metadata about that document.

miners
individuals or entities that run special software to solve complex algorithms to validate
cryptocurrency transactions. They get rewarded with the cryptocurrency created in the process.

mining
a process by which transactions are verified and added to the distributed ledger, and also the means by
which new cryptocurrencies are released.

5
mining pools
a group of miners who combine their computational resources over a network.

native
refers to assets, instruments or rights which exist only on the distributed ledger (i.e., in digital form).
Cryptocurrencies are an example of a native asset.

natural language processing (NLP)

A field of artificial intelligence that enables computers to analyse and understand human language.

near-field communication
a set of communication protocols that enables two electronic devices, one of which is usually a
portable device such as a smartphone, to establish communication by bringing them within 4 cm (1.6
in) of each other, and is used in contactless payment systems.

node
a single computer involved in processing a message in order to reach consensus. Nodes are connected
to each other via the internet.

open banking
refers to: (i) the use of open APIs that enable third party developers to build applications and services
around the financial institution, (ii) greater financial transparency options for account holders ranging
from open data to private data, and (iii) the use of open source technology to achieve (i) and (ii).

open source software

software with source code that is freely available for anyone to view, use and edit. Open source
software may often be developed in a collaborative, public manner.

oracle
an interface connecting a distributed ledger to a trusted data source or other input.

In the context of blockchain, an oracle is a third-party information source that has the sole function of
supplying data to blockchain, which allows for the creation of smart contracts. For example: Anna and
Bob agree to bet on what the temperature will be on Sunday. Anna bets that the temperature will be
20°C or above, while Bob bets that the temperature will be 19°C or below. They design a smart
contract (to which they will both send funds), which will automatically pay out to the winner
depending on what the temperature is. In order for the smart contract to determine the temperature,
and thus pay out to the winner, it must receive input from a trusted source – i.e., an oracle, and use the
result to execute the smart contract. After receiving input from a local news website for the weather,
the weather on Sunday is 24 °C. The smart contract then executes on its conditions and sends all the
funds to Anna.

permissioned/private distributed ledger

a distributed ledger is permissioned where its participants are pre-selected or subject to gated entry on
satisfaction of certain requirements or on approval by an administrator of the ledger or some other
mechanism. A permissioned ledger may use a consensus protocol for determining what the current
state of facts should be, or it may use an administrator or sub-group of participants to do so.

6
permissionless/public distributed ledger
a distributed ledger is permissionless when anyone is free to submit messages for the purpose of, for
example, processing and/or being involved in the process of reaching consensus. While a
permissionless ledger will typically use a consensus protocol to determine what the current state of the
chain should be, it could equally use some other process (such as using an administrator or subgroup
of participants) to do so.

phishing and spear- phishing attacks

digital scams that start by gaining a victim’s trust; phishing targets numerous people, while spear-
phishing is personalised by targeting specific people with specific information.

pilot
approach to test a new proposition, often in the form of a minimum viable product, with a controlled
subset of live customers to gain insight and feedback on functionality and satisfaction.

private key
an instance of data, privately held, and paired with a public key, used to initiate algorithms for text
encryption and signing. A private key is created as part of a public key cryptography algorithm, and
generates both the private and public key as a pair.

proof of concept
A realisation of a certain method or idea in order to demonstrate its feasibility, or a demonstration in
principle with the aim of verifying that some concept or theory has practical potential.

proof of stake
A type of consensus protocol where, instead of mining, users can validate and make changes to the
blockchain on the basis of their existing share (‘stake’) in the currency. This approach reduces the
complexity of the decentralised verification process and can thus deliver large savings on energy and
operating costs.

proof of work
A type of consensus protocol where each block is verified through a process called ‘mining’ before
information is stored. The data contained in each block is verified using algorithms that attach a
unique hash to each block based on the information stored in it. Users continuously verify the hashes
of transactions through the mining process in order to update the current status of the blockchain
assets. Doing so requires an enormous number of random guesses, making it a costly and energy-
intensive process – one that also faces speed constraints as the network grows.

PSD2
Revised Payment Services Directive

public key
an instance of data, available to anyone, paired with a private key to decrypt or verify text as part of
public key cryptography.

public key infrastructure (PKI)

a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke
digital certificates and manage public-key encryption.

7
ransomware
1. a type of malware designed to block access to a computer system until a sum of money is
paid.

RegTech
also known as regulatory technology, is a commonly recognised term for technologies that can be
used by market participants to follow regulatory and compliance requirements more effectively and
efficiently.

regulatory sandbox
refers to a testing ground for innovative products, services and business models that can be tested
without immediately being subject to all of the regulatory requirements. Sandboxes allow companies
to test innovative products with temporary regulatory authorisation and under the regulator’s
supervision.

robo-advisor
a digital platform that provides automated, algorithm-driven financial advice with little or no human
supervision. This usually involves clients answering a series of questions and providing an outcome
based on their responses.

robotic process automation (RPA)

refers to software that can be easily programmed to do basic tasks across applications just as human
workers do.

scale engagement
moving a solution from a test or pilot state into a fully productionised and supported solution.

screen-scraping
refers to a process of extracting and evaluating data from one application and translating it so that
another application can display it.

SEC
Securities and Exchange Commission

smart contract
automatable and enforceable agreement: automatable by computer, although some parts may require
human input and control; and enforceable either by legal enforcement of rights and obligations or via
tamper-proof execution of computer code. Notably, some define a smart contract as merely a
computer code that can automatically monitor, execute and enforce a legal agreement.

social engineering attacks

explore human weaknesses to gain access to computer systems and networks by impersonating a
friendly co-worker in need of help accessing a website.

SupTech
also known as supervisory technology, is the use of innovative technology by supervisory agencies to
support supervision.

8
Sybil attack
a security threat on an online system where one person tries to take over the network by creating
multiple accounts, nodes or computers.

TechFin
a technology company offering financial services.

tamper-proof technology
typically refers to distributed networks of computers that are unstoppable and in a technological sense
cannot fail regardless of malicious acts, power cuts, network disruption, natural disasters or any other
conceivable event.

transmission control protocol/internet protocol (TCP/IP protocol)

a suite of communication protocols used to interconnect network devices on the internet.