Arab Regional Fintech Working Group

Financial Technology Glossary

Ayman Saleh-Nouran Youssef

No
159
2020
‫هذه المادة منقولة عبر قروب رجال األعمال‬
Arab Regional Fintech Working Group

Financial Technology Glossary

Ayman Saleh - Nouran Youssef

Arab Monetary Fund

December 2020
 Acknowledgement:

This document was produced within the Arab Regional Fintech Working Group (WG) mandate, which implies the exchange of knowledge and
expertise, strengthening the capacity of the Arab regulators, as well as building a network of peer to peer between Arab and international experts
from the public and private sectors to promote Fintech industry and foster innovation.

The Fintech glossary aims at enhancing the understanding of Fintech terms shedding light on related Fintech activities by defining the term in
English and providing the equivalent terms in both Arabic and French. Then, it has been designed as divided into 14 chapters covering different
Fintech sectors. Moreover, and will be reviewed on a regular basis.

Any queries regarding this glossary should be addressed to:

Nouran Youssef, DBA
Senior Financial Sector Specialist, Arab Monetary Fund
Economic Department, Financial Sector Development Division
Corniche Street, P.O Box 2818, Abu Dhabi, United Arab Emirates
Tel. +971 2617 1454
E-mail: [email protected]; [email protected],
[email protected];
Website: www.amf.org.ae

The work illustrated in this glossary is solely of the authors and does not necessarily reflect the views of the Arab Monetary Fund.

2
2
All rights reserved. ©2020 AMF
Any reproduction, publication and reprint in the form of a different publication, whether printed or produced electronically, in whole or in part, is
permitted only with the explicit written authorization of the AMF.

3
3
 ‫‪Table of Contents‬‬

‫‪General Terms‬‬ ‫‪ ........................................................ 5‬ﻣﺼﻄﻠﺤﺎت ﻋـﺎﻣﺔ‬

‫)‪Artificial Intelligence and Machin learning (AI & ML‬‬ ‫‪ ....................................................... 16‬اﻟﺬﻛﺎء اﻻﺻﻄﻨﺎﻋﻲ وﺗﻌﻠﻢ اﻵﻟﺔ‬
‫‪Blockchain‬‬ ‫‪ ...................................................... 20‬ﺗﻘﻨﯿﺔ ﻗﻮاﻋﺪ اﻟﺒﯿﺎﻧﺎت اﻟﻤﺘﺴﻠﺴﻠﺔ‬
‫‪Cloud Computing‬‬ ‫‪ ...................................................... 27‬اﻟﺤﻮﺳﺒﺔ اﻟﺴﺤﺎﺑﯿﺔ‬
‫‪Cryptography‬‬ ‫‪ ....................................................... 38‬اﻟﺘﺸـﻔﯿﺮ‬
‫‪Cyber Securit‬‬ ‫‪ ....................................................... 42‬أﻣﻦ اﻟﻔﻀﺎء اﻻﻟﻜﺘﺮوﻧﻲ‬
‫‪Data Protectio‬‬ ‫‪ ....................................................... 51‬ﺣﻤـﺎﯾﺔ اﻟﺒﯿـﺎﻧﺎت‬
‫‪Digital ID‬‬ ‫‪ ....................................................... 59‬اﻟﮭﻮﯾﺔ اﻟﺮﻗﻤﯿﺔ‬
‫)‪Distributed Ledger Technology (DLT‬‬ ‫‪ ........................................................ 65‬ﺗﻘﻨﯿﺔ اﻟﺴـﺠﻼت اﻟﻼﻣـﺮﻛﺰﯾـﺔ‬
‫‪InsurTech‬‬ ‫‪ ....................................................... 71‬اﻟﺘﺄﻣﯿﻦ ﺑﺎﺳﺘﺨﺪام اﻟﺘﻘﻨﯿﺎت اﻟﺤﺪﯾﺜﺔ‬
‫‪Open Banking Operations‬‬ ‫‪ ....................................................... 74‬اﻟﻌﻤﻠﯿﺎت اﻟﻤﺼﺮﻓﯿﺔ اﻟﻤﻔﺘﻮح‬
‫‪Payments‬‬ ‫‪ ....................................................... 79‬اﻟﻤـﺪﻓﻮﻋـﺎت‬
‫‪Smart Contracts‬‬ ‫‪ ........................................................ 96‬اﻟﻌﻘﻮد اﻟﺬﻛﯿﺔ‬
‫‪Tokenisation‬‬ ‫‪ ........................................................ 97‬اﻟﺘﺮﻣﯿﺰ‬

‫‪4‬‬
‫‪4‬‬
General Terms ‫ﻣﺼﻄﻠﺤﺎت ﻋـﺎﻣﺔ‬
Terms Definition ‫ اﻟﻤﺼﻄﻠﺤﺎت‬Les Termes
Application Binary Interface An interface between two binary program modules, often one ‫ واﺟﮭﺔ اﻟﺘﻄﺒﯿﻖ اﻟﺜﻨﺎﺋﯿﺔ‬Interface Binaire
(ABI) program is a library and the other is being run by a user. 9 d'Application

AML & AML requirements means anti-money laundering and anti-money laundering ‫ ﻣﺘﻄﻠﺒﺎت ﻣﻜﺎﻓﺤﺔ ﻏﺴﻞ‬Exigences en matière de
requirements respectively based on AML/ CFT laws. 12 ‫ اﻷﻣﻮال وﺗﻤﻮﯾﻞ اﻷرھﺎب‬Lutte contre le
Blanchiment de
Capitaux et le
Financement du
Terrorisme
(LBC/FT)
Attack Surface The sum of an information system’s characteristics in the ‫ اﻟﻤﺴﺎﺣﺔ اﻟﻤﻌﺮﺿﺔ‬Surface d'Attaque
broad categories (software, hardware, network, processes and ‫ﻟﻠﮭﺠﻤﺎت‬
human) which allows an attacker to probe, enter, attack or
maintain a presence in the system and potentially cause
damage to Financial Market Infrastructure. A smaller attack
surface means that the Financial Market Infrastructure is less
exploitable and an attack less likely. However, reducing attack
surfaces does not necessarily reduce the damage an attack can
inflict. 2

Availability The property of being accessible and usable as expected upon ‫ اﻹﺗﺎﺣﺔ‬Disponibilité
demand. 2

Bank-based Model A mobile financial services business model (bank-led or ‫ ﻧﻤﻮذج ﻗﺎﺋﻢ ﻋﻠﻰ اﻟﺒﻨﻚ‬Modèle Bancaire
nonbank-led) in which (i) the customer has a contractual
relationship with the bank and (ii) the bank is licensed or Modèles Basés Sur un
otherwise permitted by the regulator to provide the financial Système Bancaire
service(s). 3

5
5
 Bank-led Model A mobile financial services business model (bank-based or ‫ ﻧﻤﻮذج ﺑﻘﯿﺎدة اﻟﺒﻨﻚ‬Modèle Dirigé par les
nonbank-based) in which the bank is the primary driver of the Banques
product or service, typically taking the lead in marketing,
branding, and managing the customer relationship. 3

Banking beyond branches / The delivery of financial services outside conventional bank ‫اﻟﺨﺪﻣﺎت اﻟﻤﺼﺮﻓﯿﺔ ﺧﺎرج‬ Services bancaires hors
Branchless Banking branches. Banking beyond branches usesagents or other third- ‫اﻟﺨﺪﻣﺎت‬ / ‫اﻟﻔﺮوع‬ Succursales / Services
party intermediaries as the primary point of contact with ‫اﻟﻤﺼﺮﻓﯿﺔ ﺑﺪون ﻓﺮوع‬ Bancaires sans
customers and relies on technologies such as card-reading Succursales
point-of-sale (POS) terminals and mobile phones to transmit
transaction details. 3 Services Bancaires au-
Delà des Succursales /
Banque à Distance

Big Data A generic term that designates the massive volume of data that ‫ اﻟﺒﯿﺎﻧﺎت اﻟﻀﺨﻤﺔ‬MégaDonnées
is generated by the increasing use of digital tools and
information systems. Big data encompasses technologies that Big Data
significantly increase the volume, variety, velocity and
validity of data under management.17

Big Data Analytics Analytical uses of massive volumes of data generated by the ‫ ﺗﺤﻠﯿﻼت اﻟﺒﯿﺎﻧﺎت اﻟﻀﺨﻤﺔ‬Analyse du Big Data
use of digital tools and information systems.47

Big Techs Large, globally active technology firms with a relative ‫ ﺷﺮﻛﺎت اﻟﺘﻘﻨﯿﺎت اﻟﻜﺒﺮى‬Tech Giants
advantage in digital technology.47 Big Techs

Biotechnology Technology based on biology. It harnesses cellular and ‫ اﻟﺘﻜﻨﻮﻟﻮﺟﯿﺎ اﻟﺤﯿﻮﯾﺔ‬Biotechnologique

biomolecular processes to develop technologies and products
that help improve our lives and the health of our planet.40

6
6
Business network card Provides necessary information for a user, entity or node to ‫ ﺑﻄﺎﻗﺔ ﺷﺒﻜﺔ اﻷﻋﻤﺎل‬Carte Réseau
connect a blockchain business network. 9 d'Entreprise

Business process A collection of linked activities that takes one or more kinds ‫ ﻋﻤﻠﯿﺔ ﺗﺠﺎرﯾﺔ‬Processus d'Affaires
of input and creates an output that is of value to a Financial
Market Infrastructure’s stakeholder. A business process may
comprise several assets, including information, ICT resources,
personnel, logistics and organizational structure, which
contribute either directly or indirectly to the added value of
the service. 2

Cash-In Cash exchanged for e-money. 3 ‫ اﻟﺘﺪﻓﻖ اﻟﻨﻘﺪي‬Entrée d'Espèces

Cash-Out E-money exchanged for cash. 3 ‫ اﻟﺴﺤﺐ اﻟﻨﻘﺪي‬Décaissement
Casper Consensus algorithm that combines proof of work and proof ‫ ﻛﺎﺳﺒﺮ‬Casper
of stake. Ethereum is going to use casper as a transition to
proof of stake. 9

Central Bank Digital Digital form of central bank money that is different from ‫ اﻟﻌﻤﻠﺔ اﻟﺮﻗﻤﯿﺔ ﻟﻠﺒﻨﻚ‬Monnaie Digitale de la
Currency (CBDC) balances in traditional reserve or settlement accounts (eg ‫ اﻟﻤﺮﻛﺰي‬Banque Centrale
balances in accounts held by commercial banks at the central
bank). 7

CDN (Content Delivery Allows for a quick transition of assets needed to load internet ‫ ﺷﺒﻜﺔ ﺗﻮﺻﯿﻞ اﻟﻤﺤﺘﻮى‬Réseau de Distribution
Network) content (html, j s, css, etc.) 9 de Contenu

Chain code A program that initializes and manages a ledgers state through ‫ رﻣﺰ اﻟﺴﻠﺴﻠﺔ‬Code de Chaîne
submitted applications. It is the Hyperledger Fabric equal to
Smart Contracts. 9

Coinbase Coinbase is a bitcoin broker that provides a platform for ‫ وﺳﯿﻂ ﻟﺘﺪاول اﻟﺒﯿﺘﻜﻮﯾﻦ‬Coinbase
traders to buy and sell bitcoin with fiat money. In addition to

7
7
 its primary operation as a broker, Coinbase is also a bitcoin
exchange and wallet provider. 10

Collaborative Customer Due Customer due diligence (CDD) on its own comprises ‫ اﻟﻌﻨﺎﯾﺔ اﻟﺘﻌﺎوﻧﯿﺔ اﻟﻮاﺟﺒﺔ‬Devoir Collaborative de
Diligence (CCDD) customer information that enables an organization to assess ‫ ﺗﺠﺎه اﻟﻌﻤﻼء‬Vigilance Relatif de la
the extent to which the customer exposes the organization to Clientèle
a range of risk. Collaborative CDD (CCDD) is a new approach
to CDD that seeks to address the shortcomings of current
CDD processes. Examples include creating a public utility
that FSPs can use to identify clients and verify identities on an
ongoing basis, access to KYC as a service (a centralized
database where banks can share and access KYC information
on corporate clients), and self-sovereign IDs. 38

Collaborative Finance A category of financial transaction that occurs directly ‫ اﻟﺘﻤﻮﯾﻞ اﻟﺘﻌﺎوﻧﻲ‬Finance Participative
between individuals without the intermediation of a
traditional financial institution. This new way to manage
informal financial transactions has been enabled by advances
in social media and peer-to-peer online platforms. 10

Crowdfunding The practice of funding a project or venture by raising ‫ اﻟﺘﻤﻮﯾﻞ اﻟﺠﻤﺎﻋﻲ‬Financement

monetary contributions from a large number of people. It is Participatif
often performed via internet-mediated registries that facilitate
money collection for the borrower (lending) or issuer
(equity).22

Critical Operations Any activity, function, process, or service, the loss of which, ‫ اﻟﻌﻤﻠﯿﺎت اﻟﺘﺠﺎرﯾﺔ اﻟﮭﺎﻣﺔ‬Opérations Essentielles
for even a short period of time, would materially affect the
continued operation of a Financial Market Infrastructure, its
participants, the market it serves, and/or the broader financial
system.2

8
8
Customer Due Diligence Often used synonymously with Know Your Customer (KYC) ‫ اﻟﻌﻨﺎﯾﺔ اﻟﻮاﺟﺒﺔ ﻟﻠﻌﻤﻼء‬Devoir de Vigilance
(CDD) measures, but generally refers more broadly to a financial Relatif à la Clientèle
institution’s policies and procedures for obtaining customer
information and assessing the value of the information for
detecting, monitoring, and reporting suspicious activities. 3

Dashboards Customisable, dynamic interactive reporting tools that ‫ ﻟﻮﺣﺔ اﻟﻘﯿﺎدة‬Tableaux de Bord
automatically fetch and render data in meaningful and
actionable visualisations.17

Data Cubes Granular data storage and transmission solution enabling real- ‫ ﻣﻜﻌﺒﺎت اﻟﺒﯿﺎﻧﺎت‬Cubes de Données
time data collection.17

DDos Attacks A denial-of-service attack is a cyber-attack in which the ‫ﻣﻦ‬ ‫اﻟﺤﺮﻣﺎن‬ ‫ ھﺠﻤﺎت‬Attaques de DDoS
perpetrator seeks to make a machine or network resource ‫اﻟﺨﺪﻣﺔ‬
unavailable to its intended users by temporarily or indefinitely
disrupting services of a host connected to the Internet.9

Devops Represents a change in IT culture, focusing on rapid IT service ‫ ﻣﻨﮭﺠﯿﺔ اﻟﺘﻄﻮﯾﺮ واﻟﺘﺸﻐﯿﻞ‬Devops
delivery through the adoption of agile, lean practices in the
context of a system-oriented approach.28

Digital Financial Services The broad range of financial services accessed and delivered ‫ اﻟﺨﺪﻣﺎت اﻟﻤﺎﻟﯿﺔ اﻟﺮﻗﻤﯿﺔ‬Services Financiers
through digital instruments, including payments, credit, Numériques
savings, remittances, and insurance. 3

Digital Infrastructure Refers to the enabling digital structures, facilities, ecosystem ‫ اﻟﺒﻨﯿﺔ اﻟﺘﺤﺘﯿﺔ اﻟﺮﻗﻤﯿﺔ‬Infrastructure
and capabilities surrounding the provision of FinTech/DFS, Numérique
but can be more widely applicable beyond financial services.
For the purposes of this study, this might typically include
infrastructure related to identity (e.g. digital identity
initiatives), data analytics and sharing, credit information

9
9
 and/or payment systems and risk mitigations. While these may
be directly or indirectly relevant for the regulation and
supervision of FinTech/DFS, not all of these may be under the
remit or influence of financial regulators.46

Digitalisation The use of digital technologies to change a business model, or ‫ اﻟﺮﻗﻤﻨﺔ‬Numérisation

the process of moving to a digital business.28

Digitisation The process of transforming analogue to digital form. 28 ‫ اﻟﺮﻗﻤﻨﺔ‬Numérisation

Ecosystem (in general) The community of interacting firms and the financial services ‫ اﻟﻨﻈﺎم اﻟﺒﯿﺌﻲ‬Écosystème
environment. 26

Fast Fail System Designed to stop normal operation rather than attempt to ‫ ﻧﻈﺎم ﺳﺮﯾﻊ اﻟﻔﺸﻞ‬Système Fast Fail
continue a possibly flawed process. 28

Fiat currency Fiat currency is “legal tender” backed by a central ‫ ﻋﻤﻠﺔ ﻧﻘﺪﯾﺔ‬Monnaie Fiat
government, such as the Federal Reserve, and with its own
banking system, such as fractional reserve banking. It can take Monnaie Fiduciaire
the form of physical cash, or it can be represented
electronically, such as with bank credit. 1

FinTech A technologically enabled innovation in financial services that ‫ اﻟﺘﻘﻨﯿﺎت اﻟﻤﺎﻟﯿﺔ اﻟﺤﺪﯾﺜﺔ‬FinTech
could result in new business models, applications, processes,
or products, with an associated material effect on financial Technologies
markets and institutions and the provision of financial Financières
services.38

Fintech Data Gaps Data gaps emerging as a by-product of fintech. They ‫ ﻓﺠﻮات ﺑﯿﺎﻧﺎت اﻟﺘﻘﻨﯿﺎت‬Lacunes des Données de
encompass measurement problems in the current statistical ‫ اﻟﻤﺎﻟﯿﺔ اﻟﺤﺪﯾﺜﺔ‬la Fintech
infrastructure, and lack of data on new items.47

10
10
Fintech firms / Fintechs Recently incorporated institutions that use technology- ‫ ﺷﺮﻛﺎت اﻟﺘﻘﻨﯿﺎت اﻟﻤﺎﻟﯿﺔ‬Entreprises de la
enabled innovation to provide financial services. As per BIS ‫ اﻟﺤﺪﯾﺜﺔ‬Fintech / Fintechs
survey they are classified as neobanks, and fintech credit
institutions (notably fintech credit platforms), fintech
insurance companies, fintech asset managers, and fintech
providers of payment, settlements and clearing services.

FinTech Market The provision, transaction and facilitation of financial ‫ ﺳﻮق اﻟﺘﻘﻨﯿﺎت اﻟﻤﺎﻟﯿﺔ‬Marché FinTech
activities across emerging verticals including digital lending ‫اﻟﺤﺪﯾﺜﺔ‬
(e.g. P2P lending), digital capital raising (e.g. equity-based
crowdfunding), digital banking, digital savings, digital
payments and remittances, digital custody, InsurTech,
WealthTech, cryptoasset exchanges and the supply of
enterprise technologies, RegTech, alternative data analytics
and other services.46

Fintech Services Financial services provided using technology-enabled ‫ ﺧﺪﻣﺎت اﻟﺘﻘﻨﯿﺎت اﻟﻤﺎﻟﯿﺔ‬Services de la Fintech
innovation. Examples include online lending platforms, which ‫اﻟﺤﺪﯾﺜﺔ‬
can be operated by traditional banks.47

Geographic Information Automated analysis of spatial or geographic data. 17 ‫ ﻧﻈﻢ اﻟﻤﻌﻠﻮﻣﺎت اﻟﺠﻐﺮاﻓﯿﺔ‬Système d'Information
Systems Géographique
Innovation Accelerator A partnership arrangement between FinTech providers and ‫ ﻣﺴﺮع اﻻﺑﺘﻜﺎر‬Accélérateur
central banks/supervisory agencies to ‘accelerate’ growth or d'Innovation
develop use cases which may involve funding support and/or
authorities’ endorsement/approval for future use in central
banking operations or in the conduct of supervisory tasks. 28

Innovation Facilitator Public sector initiatives to engage with the FinTech sector, ‫ ﻣﯿﺴﺮ اﻻﺑﺘﻜﺎر‬Facilitateur de
such as regulatory sandboxes, innovation hubs and innovation l'Innovation
accelerators. 28

11
11
 Innovation Hub Innovation facilitator set up by supervisory agencies that ‫ ﻣﺮﻛﺰ اﻻﺑﺘﻜﺎر‬Centre d'Innovation
provide support, advice or guidance to regulated or Digitale
unregulated institutions in navigating the regulatory
framework or identifying supervisory, policy or legal issues
and concerns.28

Innovation Office A dedicated function within a regulator which engages with ‫ ﻣﻜﺘﺐ اﻻﺑﺘﻜﺎر‬Bureau d'Innovation
and provides regulatory clarification to innovative financial Digitale
services providers. These may also be known as Innovation or
FinTech “Hubs”.46

Internal Fintech Hub Hub set up by central banks to coordinate initiatives ‫ ﻣﺮﻛﺰ داﺧﻠﻲ ﻟﻠﺘﻘﻨﯿﺎت‬Fintech Hub Interne
(Central Bank) concerning fintech across business areas and departments.47 ‫( اﻟﻤﺎﻟﯿﺔ اﻟﺤﺪﯾﺜﺔ )اﻟﺒﻨﻚ‬Banque Centrale)
(‫اﻟﻤﺮﻛﺰي‬

Internet of Things (IoT) Devices with the ability to transfer data over a network (IoT) ‫ إﻧﺘﺮﻧﺖ اﻷﺷﯿﺎء‬Internet des Objets
without requiring human-to-human or human-to-computer
interaction. This includes (but isn't limited to!) cell phones,
coffee makers, washing machines, headphones, lights,
wearable devices, and components of machines (for example
a car engine, or wheel bearing).40

Interoperability (in general) Technical or legal compatibility that enables a system or / ‫ ﻗﺎﺑﻠﯿﺔ اﻟﺘﺸﻐﯿﻞ اﻟﺒﯿﻨﻲ‬Interopérabilité
mechanism to be used in conjunction with other systems or ‫إﻣﻜﺎﻧﯿﺔ اﻟﺘﺸﻐﯿﻞ اﻟﺒﯿﻨﻲ‬
mechanisms. Interoperability allows participants in different
systems to conduct, clear and settle payments or financial
transactions across systems without participating in multiple
systems.7

Issuer Means the PSP (see Payments) providing the stored value ‫ اﻟﻤﺼﺪر‬Émetteur
instrument, enabling Customers to use the instruments at
various merchants. 12

12
12
Know Your Customer A set of due diligence measures undertaken by a financial ‫ أﻋﺮف ﻋﻤﯿﻠﻚ‬Identification de la
(KYC) institution, including policies and procedures, to identify a Clientèle
customer and the motivations behind his or her financial
activities. KYC is a key component of AML/CFT regimes. 3 Connaissez Votre Client

Merkle Tree A tree in which every leaf node is labelled with the hash of a ‫ ﺷﺠﺮة ﻣﯿﺮﻛﻞ‬Arbre de Merkle
data block and every non-leaf node is labelled with the
cryptographic hash of the labels of its child nodes. 9

Neobanks Newly created banks that offer mobile-only banking products ‫ اﻟﺒﻨﻮك اﻟﺠﺪﯾﺪة ﻋﺒﺮ‬Neobanks
and services using smartphone applications that serve as an ‫اﻻﻧﺘﺮﻧﺖ‬
alternative to traditional banking with bricks-and-mortar
branch networks.47

Network Analysis The process of investigating structures through the use of ‫ ﺗﺤﻠﯿﻞ اﻟﺸﺒﻜﺎت‬Analyse du Réseau
networks and graph theory.17

Proof of Concept An implementation of a certain method or idea using specific ‫ إﺛﺒﺎت اﻟﻤﻔﮭﻮم‬Preuve de Concept
technologies — in order to assess and demonstrate its
feasibility and confirm its practical potential. See also
Prototype and MVP.40

Prototype A prototype is a way to test one part of a complicated system ‫ اﻟﻨﻤﻮذج اﻟﻤﺒﺪﺋﻲ‬Prototype
or product. It is an early sample/model built to test a concept
or assumption or to act a a thing to be tested and learned from.
See also MVP and Proof of concept and Mock-up and
Wireframe.40

Regulatory Innovation A broad set of activities carried out by regulators to innovate ‫ ﻣﺒﺎدرات اﻻﺑﺘﻜﺎر اﻟﺘﻨﻈﯿﻤﯿﺔ‬Initiatives d'Innovation
Initiatives regulatory and supervisory functions, processes, organizations Réglementaire

13
13
 and applications, which often but not necessarily involve the
use of technological solutions.46

Regulatory Technology Any range of applications of FinTech for regulatory and ‫ اﻟﺤﻠﻮل اﻟﺘﻨﻈﯿﻤﯿﺔ اﻟﺤﺪﯾﺜﺔ‬RegTech
"RegTech" compliance requirements and reporting by regulated
institutions. 28 Outils pour la
Régulation
Regulatory Sandbox Formal regulatory programmes that allow market participants ‫ اﻟﻤﺨﺘﺒﺮ اﻟﺘﻨﻈﯿﻤﻲ‬Sandbox Réglementaire
to test new financial services or models with live customers,
subject to certain safeguards and oversight.46

Remote Working Remote working / telecommuting is a work arrangement in ‫ اﻟﻌﻤﻞ ﻋﻦ ﺑﻌﺪ‬Le Travail à Distance
which Employees do not commute to a central place of work.
They use the cloud as a method of accessing their work system
and files from anywhere at any time. A person who
telecommutes is known as a “telecommuter”, “teleworker”,
and sometimes as a “home sourced,” or “work-at-home”
employee. 15

Risk-based approach A method for complying with AML/CFT standards set forth ‫ اﻟﻨﮭﺞ اﻟﻘﺎﺋﻢ ﻋﻠﻰ اﻟﻤﺨﺎطﺮ‬Approche Fondée Sur
in FATF Recommendation 1. The risk-based approach is les Risques
based on the general principle that where there are higher
risks, countries should require financial services providers to
take enhanced measures to manage and mitigate those risks.
Where risks are lower (i.e. no suspicion of money laundering
or terrorist financing), simplified measures may be allowed. 3

Robotics The design, construction, operation, and use of robots, as well ‫ ﻋﻠﻢ اﻟﺮوﺑﻮﺗﺎت‬Robotiques
as computer systems for their control, sensory feedback, and
information processing.40

14
14
Text Mining The process of exploring and analysing large amounts of ‫ اﻟﺘﻨﻘﯿﺐ ﻓﻲ اﻟﻨﺼﻮص‬Exploration de Texte
unstructured text data aided by software that can identify
concepts, patterns, topics, keywords and other attributes in the
data.17

Notary services Digitizing, storing, and verifying documents or contracts and ‫ ﺧﺪﻣﺎت اﻟﺘﺼﺪﯾﻖ‬Services de Notaire
proof of ownership or transfer.

Network Analysis The process of investigating structures through the use of ‫ ﺗﺤﻠﯿﻞ اﻟﺸﺒﻜﺎت‬Analyse de Réseau
networks and graph theory.13

Self-Organising Maps A type of artificial neural network that is trained using ‫ ﺧﺮاﺋﻂ ذاﺗﯿﺔ اﻟﺘﻨﻈﯿﻢ‬Cartes Auto-Organisées
unsupervised learning to produce a low-dimensional,
discretised representation of the input space of the training
samples, called a map, and is therefore a method of
performing dimensionality reduction.17

Supervisory Technology Any application of FinTech used by regulatory, supervisory ‫ ﺗﻘﻨﯿﺔ اﻹﺷﺮاف‬Technologie de
"SupTech" and oversight authorities.28 Supervision

(Technologie pour le
Superviseur)

Supply-side Statistics Statistics on use of basic financial services by customers, ‫ إﺣﺼﺎءات ﺟﺎﻧﺐ اﻟﻌﺮض‬Statistiques du Côté de
obtained from financial corporations.47 l'Offre

Web Portal Static file upload via web site with built-in automated ‫ ﺑﻮاﺑﺔ اﻟﻮﯾﺐ‬Portail Web
validation checks.17

Web Scraper Automated capture of web data by programs or “bots”.17 ‫ ﻣﻜﺸﻄﺔ اﻟﻮﯾﺐ‬Grattoir Web
Extraction de sites Web

15
15
 Artificial Intelligence and Machin learning (AI & ML) ‫اﻟﺬﻛﺎء اﻻﺻﻄﻨﺎﻋﻲ وﺗﻌﻠﻢ اﻵﻟﺔ‬
Terms Definition ‫ اﻟﻤﺼﻄﻠﺤﺎت‬Les Termes
Agent Any third party acting on behalf of a bank or other financial ‫ اﻟﻮﻛﯿﻞ – ﻣﺰود اﻟﺨﺪﻣﺔ‬L'agent
services provider (including an e-money issuer or distributor)
to deal directly with customers. The term ‘agent’ is
commonly used even if a principal agent relationship does
not exist under the law of the country in question.3

Artificial Intelligence (AI) Advanced computer systems that can simulate human ‫ اﻟﺬﻛﺎء اﻻﺻﻄﻨﺎﻋﻲ‬Intelligence Artificielle
capabilities, such as analysis, based on a predetermined set
of rules.32

Application Programming A set of rules and specifications followed by software ‫ واﺟﮭﺔ إدارة اﻟﺘﻄﺒﯿﻘﺎت‬Interface
Interface (API) programmes to communicate with each other, and an de Programmation
interface between different software programmes that d'Application
facilitates their interaction; APIs enable direct database-to-
database data transmission enabling granular, real-time (API)
reporting and automated validation.17

Autonomous Robot Robot free from external control or influence and able to ‫ ذاﺗﻲ اﻟﺘﺤﻜﻢ‬1‫ روﺑﻮت‬Robot Autonome
control itself independently.42

Backward Chaining Strategy of working backward for Reason/Cause of a ‫ اﻟﺘﺴﻠﺴﻞ اﻟﻌﻜﺴﻲ‬Chaînage Arrière
problem.42

Blackboard It is the memory inside computer, which is used for ‫ اﻟﻠﻮﺣﺔ اﻟﺴﻮداء‬Tableau noir
communication between the cooperating expert systems.42

.2008 ،English Arabic Technical Computing Dictionary :‫اﻟﻘﺎﻣﻮس اﻟﺘﻘﻨﻲ اﻟﻤﻌﻠﻮﻣﺎﺗﻲ إﻧﺠﻠﯿﺰي – ﻋﺮﺑﻲ‬/ 1

16
16
Bodily-Kinesthetic The ability to use complete or part of the body to solve ‫ اﻟﺬﻛﺎء اﻟﺠﺴﺪي اﻟﺤﺮﻛﻲ‬Intelligence Corporelle-
Intelligence problems or fashion products, control over fine and coarse Kinesthésique
motor skills, and manipulate the objects.43

Chatbot Virtual assistance programmes that interact with users in ‫ ﺧﺪﻣﺔ اﻟﺘﺤﺎور اﻻﻟﻲ‬Chatbot
natural language; chatbots enable automated capture and Agent Conversationnel
interpretation of qualitative data, enabling data collection in
real time. 17

Deep Learning Deep Learning is a technique to implement Machine ‫ اﻟﺘﻌﻠﻢ اﻟﻌﻤﯿﻖ‬Apprentissage Profond
Learning (see below) and one of drivers behind the recent
success and popularity of AI as documented in the victory of
DeepMind’s AlphaGo program beating a human Go
champion in 2016. Deep Learning is a subset of Machine
Learning algorithms inspired by the structure and function of
the brain called artificial neural networks. It can take vast
amounts of data and recognize certain characteristics for text-
based searches, fraud detection, handwriting recognition,
speech recognition, and more.39

Forward Chaining Strategy of working forward for conclusion /solution of a ‫ اﻟﺘﺴﻠﺴﻞ اﻷﻣﺎﻣﻲ‬Chaînage Avant
problem. 42

Heuristics It is the knowledge based on Trial-and-error, evaluations, and ‫ اﻻﺳﺘﺪﻻل‬Heuristique

experimentation. 42

Interpersonal Intelligence The ability to recognize and make distinctions among other ‫ اﻻﺳﺘﺨﺒﺎرات اﻟﺸﺨﺼﯿﺔ‬Intelligence
people’s feelings, beliefs, and intentions.43 Interpersonnelle

Intra-Personal Intelligence The ability to distinguish among one’s own feelings, ‫ اﻟﺬﻛﺎء اﻟﺪاﺧﻠﻲ اﻟﺸﺨﺼﻲ‬Intelligence
intentions, and motivations. 43 Intrapersonnelle

17
17
 Knowledge Engineering Acquiring knowledge from human experts and other ‫ ھﻨﺪﺳﺔ اﻟﻤﻌﺮﻓﺔ‬Ingénierie des
resources. 42 Connaissances

Linguistic intelligence The ability to speak, recognize, and use mechanisms of ‫ اﻟﺬﻛﺎء اﻟﻠﻐﻮي‬Intelligence
phonology (speech sounds), syntax (grammar), and Linguistique.
semantics (meaning). 43

Logical-Mathematical The ability of use and understand relationships in the absence ‫ اﻟﺬﻛﺎء اﻟﻤﻨﻄﻘﻲ اﻟﺮﯾﺎﺿﻲ‬Intelligence Logico-
Intelligence of action or objects. Understanding complex and abstract Mathématique
ideas. 43

Machine learning A method of designing a sequence of actions to solve a ‫ ﺗﻌﻠﻢ اﻵﻟﺔ‬Apprentissage

problem that optimise automatically through experience and Automatique
with limited or no human intervention. 28

Machine-Readable Machine-readable regulation refers to information in the ‫ اﻟﻠﻮاﺋﺢ اﻟﻤﻘﺮوءة آﻟﯿًﺎ‬Règlement Lisible par
Regulation form of data that can be accessed directly by software. Machine
Regulation that can be read and analyzed directly without the
need for “translation” would allow more automation and
could significantly reduce the cost of regulatory change. 39

Musical intelligence The ability to create, communicate with, and understand ‫ ذﻛﺎء اﻟﺘﻌﺮف ﻋﻠﻰ‬Intelligence Musicale.
meanings made of sound, understanding of pitch, rhythm.43 ‫اﻻﺻﻮات‬
Natural Language An interdisciplinary field of computer science, artificial ‫ ﻣﻌﺎﻟﺠﺔ اﻟﻠﻐﺔ اﻟﻄﺒﯿﻌﯿﺔ‬Traitement du Langage
Processing intelligence and computation linguistics that focuses on Naturel
programming computers and algorithms to parse, process and
understand human language.13

Pruning Overriding unnecessary and irrelevant considerations in AI ‫ اﻟﺘﻘﻠﯿﻢ‬Élagage

systems. 17

18
18
Robo-advisors Applications that combine digital interfaces and algorithms, ‫ ﻣﺴﺘﺸﺎرو اﻟﺮوﺑﻮت‬Conseillers-robots
and can also include machine learning, in order to provide
services ranging from automated financial recommendations
to contract brokering to portfolio management to their
clients. Such advisors may be standalone firms and platforms
or can be in-house applications of incumbent financial
institutions.41

Robotic Process Automation Partial or full automation of manual, rule-based and ‫ أﺗﻤﺘﺔ اﻟﻌﻤﻠﯿﺎت اﻟﺮوﺑﻮﺗﯿﺔ‬Automatisation des
repetitive human activities by robotics software or “bots”.17 Processus Robotiques

Rule It is a format of representing knowledge base in Expert ‫ اﻟﻘﺎﻋﺪة‬Règlement

System. It is in the form of IF-THEN-ELSE. 42

Self-Organizing Maps A type of artificial neural network that is trained using ‫ ﺧﺮاﺋﻂ ذاﺗﯿﺔ اﻟﺘﻨﻈﯿﻢ‬Cartes Auto-Adaptative
unsupervised learning to produce a low-dimensional,
discretized representation of the input space of the training
samples, called a map, and is therefore a method of
performing dimensionality reduction.13

Spatial Intelligence The ability to perceive visual or spatial information, change ‫ اﻟﺬﻛﺎء اﻟﻤﻜﺎﻧﻲ‬Intelligence Spatiale
it, and re-create visual images without reference to the
objects, construct 3D images, and to move and rotate them.
43

Supervised Learning The machine learning task of learning a function that maps ‫ اﻟﺘﻌﻠﻢ اﻟﺨﺎﺿﻊ ﻟﻺﺷﺮاف‬Apprentissage
an input to an output based on example input-output pairs.13 Supervisé
Turing Test A test developed by Allan Turing to test the intelligence of a ‫ اﺧﺘﺒﺎر ﺗﻮرﯾﻨﺞ ﻟﻠﻤﺤﺎﻛﺎة‬Test de Turing
machine as compared to human intelligence. 42

19
19
 Blockchain ‫ﺗﻘﻨﯿﺔ ﻗﻮاﻋﺪ اﻟﺒﯿﺎﻧﺎت اﻟﻤﺘﺴﻠﺴﻠﺔ‬
Terms Definition ‫ اﻟﻤﺼﻄﻠﺤﺎت‬Les Termes
Acquirer A company that buys the rights to another company or ‫ اﻟﻤﺴﺘﺤﻮذ‬Acquéreur
business relationship. Acquirers are also financial institutions
which buy rights to a merchant account which allows them
to service and manage the merchant’s bank account.10

Advanced Encryption The Advanced Encryption Standard (AES) is a symmetric- ‫ ﻣﻌﯿﺎر اﻟﺘﺸﻔﯿﺮ اﻟﻤﺘﻘﺪم‬Standard de
Standard (AES) key block cipher algorithm and US government standard for Chiffrement Avancé
secure and classified data encryption and decryption. It was
originally known as Rijndael.10

Altcoin Altcoins are primarily abbreviation of “Bitcoin alternative.” ‫ ﻋﻤﻠﺔ رﻗﻤﯿﺔ ﺑﺪﯾﻠﺔ‬Altcoin
They are considered to be alternative cryptocurrencies that
were launched after the success of Bitcoin. Generally, they
project themselves as better substitutes to Bitcoin.10

Assets Under Management Assets under management (AUM) refers to the total market ‫ اﻷﺻﻮل ﺗﺤﺖ اﻹدارة‬Encours Sous Gestion
(AUM) value of the investments that a person or entity manages on
behalf of clients.10

Automated Clearing House The Automated Clearing House (ACH) Network is an ‫ ﻏﺮﻓﺔ اﻟﻤﻘﺎﺻﺔ اﻵﻟﯿﺔ‬Chambre de
(ACH) electronic funds-transfer system run by NACHA, formerly Compensation
the National Automated Clearing House Association, since Automatique
1974. This payment system deals with payroll, direct deposit,
tax refunds, consumer bills, tax payments, and many more
payment services in the United States.10

Bitcoin Bitcoin is a digital currency that was created in January 2009. ‫ ﻋﻤﻠﺔ اﻟﺒﺘﻜﻮﯾﻦ‬Bitcoin
Also, known as a cryptocurrency, Bitcoins are not backed by
any country's central bank or government. They offer the

20
20
 promise of lower transaction fees than traditional online
payment mechanisms and is operated by a decentralized
authority, unlike government-issued currencies.10

Bitcoin Cash Bitcoin cash is a cryptocurrency that was created in August ‫ ﺑﯿﺘﻜﻮﯾﻦ اﻟﻨﻘﺪﯾﺔ‬L'Argent Bitcoin
2017, arising from a fork of Bitcoin Classic. It is often
considered to be an altcoin version of the popular Bitcoin
cryptocurrency. Bitcoin Cash increases the size of blocks, Trésorerie Bitcoin
allowing more transactions to be processed.10

Bitcoin Gold Bitcoin Gold is a distributed digital currency. It is a hard fork ‫ ﺑﯿﺘﻜﻮﯾﻦ اﻟﺬھﺒﯿﺔ‬Bitcoin l'or
of Bitcoin, the open source cryptocurrency. The stated
purpose of the hard fork is to restore the mining functionality
with common Graphics Processing Units (GPU), in place of
mining with specialized ASIC (customized chipsets), used to
mine Bitcoin.10

Bitcoin Wallet A Bitcoin Wallet is a software program where Bitcoins are ‫ ﺣﺎﻓﻈﺔ اﻟﺒﯿﺘﻜﻮﯾﻦ‬Portefeuille Bitcoin
stored. Technically, Bitcoins are not stored anywhere; there Porte-Monnaie Bitcoin
is a private key (secret number) for every Bitcoin address that
is saved in the Bitcoin wallet of the person who owns the
balance. Bitcoin wallets facilitate sending and receiving
Bitcoins and gives ownership of the Bitcoin balance to the
user. The Bitcoin wallet comes in many forms; desktop,
mobile, web and hardware are the four main types of
wallets.10
Blockchain A form of distributed ledger in which details of transactions ‫ ﻗﻮاﻋﺪ اﻟﺒﯿﺎﻧﺎت اﻟﻤﺘﺴﻠﺴﻠﺔ‬Blockchain
are held in the ledger in the form of blocks of information. A
block of new information is attached into the chain of pre- ‫ ﺳﻠﺴﻠﺔ اﻟﻜﺘﻞ‬Chaîne de Blocs
existing blocks via a computerized process by which
transactions are validated.27

21
21
 Blockchain Indicators Indicators covering on-chain transactions, i.e. those cleared ‫ ﻣﺆﺷﺮات ﻗﻮاﻋﺪ اﻟﺒﯿﺎﻧﺎت‬Indicateurs de la
and settled directly on the respective blockchain. For ‫ اﻟﻤﺘﺴﻠﺴﻠﺔ‬Blockchain
example, for the Bitcoin blockchain include the number of
transactions and addresses used over time, transaction values Indicateurs de la
and transaction fees.47 Chaîne de Blocs

Blockchain operating system An operating system that primarily uses blockchain as a ‫ ﻧﻈﺎم ﺗﺸﻐﯿﻞ ﻗﺎﻋﺪة‬Système d'Exploitation
support in the background. When a blockchain-based OS is ‫ اﻟﺒﯿﺎﻧﺎت اﻟﻤﺘﺴﻠﺴﻠﺔ‬Blockchain
installed on a device captures all commands and transactions
from a user’s device but authenticating, executing, and
recording them occurs on the blockchain.10

Block A package of data containing multiple transactions over a ‫ اﻟﻜﺘﻠﺔ‬Bloc

given period of time. 31

Blockchain-as-a-Service Blockchain-as-a-Service refers to the growing landscape of ‫ ﻗﺎﻋﺪة اﻟﺒﯿﺎﻧﺎت اﻟﻤﺘﺴﻠﺴﻠﺔ‬Blockchain en tant que
(BaaS) services based around blockchain technology. BaaS ‫ ﻛﺨﺪﻣﺔ‬Service
platforms allow companies to begin working with blockchain
technology without having to first make significant
investments in hardware.7

Chain The cryptographic link that keeps blocks together using a ‫ ﺳﻠﺴﺔ‬Chaîne
‘hash’ function. 31

Data lake Scalable storage solution for diverse structured, semi- ‫ ﺑﺤﯿﺮة اﻟﺒﯿﺎﻧﺎت‬Lac de Données
structured, and unstructured data.17

Data mining The process of solving cryptographic problems using ‫ اﻟﺘﻨﻘﯿﺐ ﻋﻦ اﻟﺒﯿﺎﻧﺎت‬Exploration de Données
computer hardware to add newly hashed blocks to a public
blockchain such as bitcoin. In fulfilling this function,
successful data miners keep the blockchain actively

22
22
 recording transactions and, as an incentive, are awarded
newly minted bitcoins for their trouble.31

Data Standard The data standards issued by Open Banking from time to time ‫ ﻣﻌﯿﺎر اﻟﺒﯿﺎﻧﺎت‬Standard de Données
in compliance with the Authority Order.37

Double-spending Strategy that consists of spending in one block and later ‫ ﻣﻀﺎﻋﻔﺔ اﻹﻧﻔﺎق‬Double-dépense
undoing this by releasing a forged blockchain in which the
transactions are erased. In blockchains based on proof-of-
work, this requires short-term access to enough
computational power to overwhelm the rest of a
cryptocurrency’s network of miners. In those based on proof-
of-stake, this requires owning or bribing a majority of the
staked resources. 5

Electronic money (e-money) A type of monetary value electronically recorded and ‫ اﻟﻨﻘﻮد اﻹﻟﻜﺘﺮوﻧﯿﺔ‬Monnaie Electronique
generally understood to have the following attributes: (i)
issued upon receipt of funds in an amount no lesser in value l'argent électronique
than the value of the
e-money issued; (ii) stored on an electronic device (e.g. a
chip, prepaid card, mobile phone, or computer system); (iii)
accepted as a means of payment by parties other than the
issuer; and (iv) convertible into cash. 3

Ethereum A public blockchain system developed as an open-source ‫ اﯾﺜﺮﯾﻮم‬Ethereum

project, its architecture running remotely on the Ethereum
Virtual Machine. It uses ‘ethers’, a cryptocurrency, as its
token and supports the storage and execution of ‘smart
contracts’.31
Hash The result of applying an algorithmic function to data in order ‫ ﻧﺎﺗﺞ ﻋﻤﻠﯿﺔ اﻟﺘﺸﻔﯿﺮ‬Hachis
to convert them into a random string of numbers and letters.
Hashing ‫ اﻟﺘﺸﻔﯿﺮ‬Hachage

23
23
 This acts as a digital fingerprint of that data, allowing it to be
locked in place within the blockchain.31

Hyperledger An umbrella project set up by the Linux Foundation (‫ اﻟﺴﺠﻞ اﻟﮭﺠﯿﻦ )اﻟﻤﺨﺘﻠﻂ‬Hyperledger
comprising various tools and systems for building open
source blockchains.31

Hyperledger Composer Hyperledger Composer is Blockchain Application ‫ ﻣﺆﻟﻒ اﻟﺴﺠﻞ اﻟﮭﺠﯿﻦ‬Compositrice

Development framework which simplify the blockchain (‫ )اﻟﻤﺨﺘﻠﻂ‬Hyperledger
application development on Hyperledger fabric.9

Immutable "unable to be changed" Data stored in a blockchain is unable ‫ اﻟﺒﯿﺎﻧﺎت ﻏﯿﺮ اﻟﻘﺎﺑﻠﺔ‬Inalterable
to be changed. (not even by administrators)9 ‫ﻟﻠﺘﻐﯿﯿﺮ‬
Initial Coin Offering (ICO) The form in which capital is raised to fund new ‫ طﺮح اﻟﻌﻤﻠﺔ اﻷوﻟﻰ‬Initial Coin Offering
cryptocurrency ventures. Modeled after an Initial public (ICO)
offering (IPO). Funders of an ICO receive tokens.9

Miner Class of agents, who update the blockchain via ‫ اﻟﻤﻨﻘﺐ‬Miner

computational work, and in return receive block rewards and
transaction fees when they add batches of valid transactions
to the blockchain. 5

Membership Service A Hyperledger Fabric blockchain network can be governed ‫ ﻣﻘﺪم ﺧﺪﻣﺔ اﻟﻌﻀﻮﯾﺔ‬Appartenance via un
Provider (MSP) by one or more MSPs.9 Fournisseur de Services

Node A copy of the ledger operated by a participant with a ‫ ﻧﻘﻄﺔ اﺗﺼﺎل‬Nœud

blockchain network.31

Nonce A number only used once in a cryptographic communication ‫ أرﻗﺎم اﻟﺘﺸﻔﯿﺮ‬Nonce

(often includes a timestamp) 9

24
24
On-chain governance A system for managing and implementing changes to a ‫ اﻟﺤﻮﻛﻤﺔ ﻋﻠﻰ اﻟﺴﻠﺴﻠﺔ‬Gouvernance de la
cryptocurrency blockchain.9 (‫ )ﻟﻠﻌﻤﻼت اﻟﻤﺸﻔﺮة‬Chaîne
Permissioned ledger A large, distributed network using a native token, with access ‫ اﻟﺴﺠﻞ اﻟﻤﺼﺮح ﺑﮫ‬Registres Permissioned
restricted to those with specific roles.31

Private blockchains A closely controlled network operated by consortia in which ‫ ﻗﻮاﻋﺪ اﻟﺒﯿﺎﻧﺎت اﻟﻤﺘﺴﻠﺴﻠﺔ‬Blockchains Privés
the data is confidential and is accessed only by trusted ‫اﻟﺨﺎﺻﺔ‬
members. Private blockchains do not require a token. 31 ‫ﺳﻼﺳﻞ اﻟﻜﺘﻞ اﻟﺨﺎﺻﺔ‬
Private key A unique string of data that represents proof of identification ‫ ﻣﻔﺘﺎح‬/ ‫ ﻣﻔﺘﺎح ﺳﺮي‬Clé Privée
within the blockchain, including the right to access and own ‫ﺧﺎص‬
that participant’s wallet within a cryptocurrency. It must be
kept secret: it is effectively a personal password.31

Proof of stake A system in which coordination on blockchain updates is ‫اﻟﻨﺴﺒﺔ‬- ‫ إﺛﺒﺎت اﻟﺤﺼﺔ‬Preuve d'enjeu
enforced by ensuring that transaction verifiers pledge their
coin holdings as guarantees that their payment confirmations
are accurate. 5

Proof of work Repeatedly running a hash function, the mechanism by which ‫ دﻟﯿﻞ اﻟﻌﻤﻞ‬Preuve de Travail
data miners win the right to add blocks to a bitcoin-style
blockchain.31

Protocol The coded “laws” of a cryptocurrency. Set of rules that ‫ ﺑﺮﺗﻮﻛﻮل‬Protocole

governs what constitutes a blockchain that is accepted by the ‫)ﻗﻮاﻋﺪ ﺣﻮﻛﻤﺔ ﻗﻮاﻋﺪ‬
network of users. 5 (‫اﻟﺒﯿﺎﻧﺎت اﻟﻤﺘﺴﻠﺴﻠﺔ‬
Public blockchain A large distributed network using a native token (such as ‫ ﺳﻠﺴﻠﺔ اﻟﻜﺘﻞ اﻟﻌﺎﻣﺔ‬Blockchain Publique.
bitcoin), open to everyone to participate and maintain. 31

25
25
 Public key A unique string of data that identifies a participant within the ‫ اﻟﻤﻔﺘﺎح اﻟﻌﺎم‬Clé Publique
blockchain. It can be shared publicly.31
Public key cryptography Public key cryptography Encryption that uses two ‫ ﺗﺸﻔﯿﺮ اﻟﻤﻔﺘﺎح اﻟﻌﺎم‬Cryptographie à Clé
mathematically related keys. A public and private key. It is Publique
impossible to derive the private key based on the public key.9

Unspent Transaction Unspent transaction outputs are used to determine whether a ‫ ﻣﺨﺮﺟﺎت اﻟﻤﻌﺎﻣﻼت ﻏﯿﺮ‬Sortie de Transaction
Outputs (UTXO) transaction is valid.9 ‫ اﻟﻤﻨﻔﻘﺔ‬non Dépensée ( UTXO )
VIPER A programming language created to be a formal introduction (‫ ﻟﻐﺔ اﻟﻔﺎﯾﺒﺮ )ﺑﺮﻣﺠﺔ‬VIPÈRE
to smart contracts.9

Solidity A contract-oriented programming language for writing smart ‫ ﻟﻐﺔ ﺑﺮﻣﺠﺔ ﻟﻜﺘﺎﺑﺔ اﻟﻌﻘﻮد‬Solidité
contracts. It is used for implementing smart contracts on ‫اﻟﺬﻛﯿﺔ‬
various blockchain platforms.9

26
26
Cloud Computing ‫اﻟﺤﻮﺳﺒﺔ اﻟﺴﺤﺎﺑﯿﺔ‬
Terms Definition ‫ اﻟﻤﺼﻄﻠﺤﺎت‬Les Termes
Application as a Service This is solely one or more applications hosted in the cloud, ‫ اﻟﺘﻄﺒﯿﻖ ﻛﺨﺪﻣﺔ‬Applicatif sous la
not in connection with our desktop. Very handy for 3D and Forme d'un Service
graphic heavy software as that’s normally not available in the
cloud.4

Brute Force Attack A trial-and-error method used to obtain information such as ‫ ھﺠﻮم اﻟﻘﻮة اﻟﻐﺎﺷﻤﺔ‬Attaque par Force
a user password or personal identification number (PIN). In Brute
a brute force attack, automated software generates a large ‫"ھﺠﻮم ﻋﺸﻮاﺋﻲ ﻟﻠﺤﺼﻮل‬
number of consecutive guesses in an attempt to determine the
"‫ﻋﻠﻰ اﻟﺒﯿﺎﻧﺎت‬
desired data.15

Cloud Adoption Cloud adoption is a strategic move by organizations of ‫ اﻋﺘﻤﺎد اﻟﺴﺤﺎﺑﺔ‬Adoption du Cloud
reducing cost, mitigating risk and achieving scalability in
applications and services by moving these to the Cloud.
There are varying degrees of Cloud adoption across
organizations. The depth of adoption depends on the maturity
of best practices and enterprise-ready Cloud services
availability.

Organizations that go ahead with the strategic decision of

adopting Cloud-based technologies have to identify potential
security vulnerabilities and controls, required to keep data
and applications in the Cloud secured, hence there is a need
for compliance assessment during Cloud adoption.
16

Cloud Architecture Cloud architecture refers to the components and ‫ اﻟﺒﻨﯿﺔ اﻟﺴﺤﺎﺑﯿﺔ‬L'Architecture Cloud
subcomponents required for Cloud computing. These

27
27
 components typically consist of a front-end platform, back
end platforms, a Cloud-based delivery, and a network. 16

Cloud Computing The process of delivering IT services in which resources ‫ اﻟﺤﻮﺳﺒﺔ اﻟﺴﺤﺎﺑﯿﺔ‬Cloud Computing -
(data, applications) are stored, managed and processed in
remote servers hosted on the Internet, rather than on a local Informatique en Nuage
server or personal computer. Data and software packages are
stored on remote servers in secure data centres. Cloud
computing provides access to this information as long as an
electronic device has access to the web, allowing employees
to work remotely. 4

Cloud Computing – 3 Main Cloud computing is a model for enabling convenient, on- ‫ اﻟﺤﻮﺳﺒﺔ اﻟﺴﺤﺎﺑﯿﺔ‬Informatique en Nuage
Models: demand network access to a shared pool of configurable
computing resources (e.g., networks, servers, storage, :‫ﺛﻼﺛﺔ ﻧﻤﺎذج رﺋﯿﺴﺔ‬ Trois modèl principaux:
1. Infrastructure as a Service applications, and services) that can be rapidly provisioned 1- Infrastructure en
‫ اﻟﺒﻨﯿﺔ اﻟﺘﺤﺘﯿﺔ ﻛﺨﺪﻣﺔ‬-1
(IaaS) and released with minimal management effort or service tant que Service
2. Platform as a Service provider interaction. 16 ‫ اﻟﻤﻨﺼﺔ ﻛﺨﺪﻣﺔ‬-2 2- Plateforme en tant
(PaaS) ‫ اﻟﺒﺮﻣﺠﯿﺎت ﻛﺨﺪﻣﺔ‬-3 que Service
3. Software as a Service 3- Logiciel en tant que
(SaaS) Service

Cloud Infrastructure Encompasses the servers, virtual machines, storage systems, ‫ اﻟﺒﻨﯿﺔ اﻟﺘﺤﺘﯿﺔ اﻟﺴﺤﺎﺑﯿﺔ‬Infrastructure de Cloud
networking, and other components required for cloud
computing and infrastructure as a service. Cloud
infrastructure provides the building blocks, or primitives, for
creating hybrid and private clouds that deliver cloud
computing services.45

Cloud Management Platform A suite of integrated software tools that an enterprise can use ‫ ﻣﻨﺼﺔ إدارة اﻟﺴﺤﺎﺑﺔ‬Plateforme de Gestion
(CMP) to monitor and control Cloud computing resources. Allows (CMP) Cloud

28
28
 administrative control over public, private, hybrid and
multicloud deployments. 16

Cloud Migration The process of moving data, applications or other business ‫ اﻟﮭﺠﺮة اﻟﺴﺤﺎﺑﯿﺔ‬Migration vers le Nuage
elements to a cloud computing environment. One common
model is the transfer of data and applications from a local, Migration dans le Cloud
on-premises data center to the public Cloud. 16

Cloud Native Cloud Native is an approach to building and running ‫ اﻟﺴﺤﺎﺑﺔ اﻷﺻﻠﯿﺔ‬Cloud Native
applications that exploit the advantages of the Cloud
computing delivery model. It is about ‘How’ these
applications are created and deployed, not ‘Where’. Though
it does tend to imply that these applications live in the public
Cloud. 16

Cloud Native Computing An open source project hosted by the Linux Foundation, the ‫ ﻣﺆﺳﺴﺔ اﻟﺤﻮﺳﺒﺔ‬Cloud Native
Foundation "CNCF" CNCF hosts Kubernetes and other key open source projects, ‫ اﻟﺴﺤﺎﺑﯿﺔ اﻷﺻﻠﯿﺔ‬Computing Foundation
including Prometheus, Open Tracing, Fluentd, and linkerd. "CNCF"
VMware is a member of the Linux Foundation and the Cloud
Native Computing Foundation. 45

Cloud Provider A company that provides cloud-based platform, ‫ ﻣﺰود اﻟﺨﺪﻣﺎت اﻟﺴﺤﺎﺑﯿﺔ‬Fournisseur de Cloud
infrastructure, application or storage services to other
organizations and/or individuals. 4 Fournisseur de Services
Infonuagiques
Cloud Services Services provided using cloud computing, that is, a model for ‫ اﻟﺨﺪﻣﺎت اﻟﺴﺤﺎﺑﯿﺔ‬Services de Cloud
enabling ubiquitous, convenient, on demand network access
to a shared pool of configurable computing resources (e.g. Services en Nuage

29
29
 networks, servers, storage, applications and services) that can
be rapidly provisioned and released with minimal
management effort or service provider interaction. 20

Cloud Services Brokerage An IT role and business model in which a company or other ‫ ﺧﺪﻣﺎت اﻟﻮﺳﺎطﺔ اﻟﺴﺤﺎﺑﯿﺔ‬Services de Courtage
(CSB) entity adds value to one or more (public or private) Cloud Infonuagique
services on behalf of one or more consumers of that service
via 3 primary roles; aggregation, integration and
customisation brokerage. A CSB provider offers a
combination of technologies, people and methodologies to
implement and manage Cloud-based projects. 16

Cloud Service CSPs are companies that offer network services, ‫ ﻣﺰود اﻟﺨﺪﻣﺔ اﻟﺴﺤﺎﺑﯿﺔ‬Fournisseurs de
Provider (CSP) infrastructure, or business applications in the Cloud. The (CSP) Services Cloud
large public CSPs are Amazon Web Services (AWS),
Microsoft Azure and Google Cloud Platform. 16 Fournisseurs de
Services Infonuagiques

Cloud Service Provider The ease (or lack thereof) of moving data between providers ‫ ﺗﺄﻣﯿﻦ ﻣﺰود اﻟﺨﺪﻣﺔ‬Verrouillage
(CSP) Lock-in or services. Many cloud platforms and services are (CSP) ‫ اﻟﺴﺤﺎﺑﯿﺔ‬Fournisseurs de
proprietary, making it difficult to migrate to another provider. Services Infonuagiques
15

Cloud Types There are three types of clouds: private, public, and hybrid. ‫ أﻧﻮاع اﻟﺨﺪﻣﺎت اﻟﺴﺤﺎﺑﯿﺔ‬Types de Nuages
See separate entries for definitions. Cloud types should not
be confused with the three types of services offered through
the cloud (IAAS, SAAS or PAAS). 15

Cognitive Computing "CC" Refers to technology platforms that are based on the ‫ اﻟﺤﻮﺳﺒﺔ اﻟﻤﻌﺮﻓﯿﺔ‬Informatique Cognitive
scientific disciplines of artificial intelligence and signal
processing. These platforms use tools such as machine

30
30
 learning, face recognition or natural language processing and
more.7

Consumption Based Pricing A consumption-based pricing model is a service provision ‫ اﻟﺘﺴﻌﯿﺮ ﻋﻠﻰ أﺳﺎس‬Tarification Fondé Sur
and payment scheme in which the customer pays according ‫ اﻻﺳﺘﮭﻼك‬la Consommation
to the resources used. This model is becoming a popular
approach within Cloud Managed Services. 16

Data Center A facility built for the purpose of housing cloud-based ‫ ﻣﺮﻛﺰ اﻟﺒﯿﺎﻧﺎت‬Centre de Données.
resources such as servers and other service-based equipment.
Many companies operate multiple data centers in different
geographic locations to ensure redundancies against data
center failures, thus allowing an always-online service
offering. 4

Disaster Recovery as a In event of disaster, DRAAS means a business has access to ‫ اﻟﺘﻌﺎﻓﻲ ﻣﻦ اﻟﻜﻮارث‬Reprise Après Sinistre
Service (DRAAS) a hosted desktop with Office, Skype for Business and their (DRAAS) ‫ ﻛﺨﺪﻣﺔ‬en Tant que Service
chosen data and apps. This ensures minimum downtime and
maximum business continuity by allowing employees to
keep working without an office, for example. 4

Elasticity in the Cloud In Cloud computing, Elasticity is a term used to reference the ‫ ﻣﺮوﻧﺔ اﻟﺴﺤﺎﺑﺔ‬Élasticité du Cloud
ability of a system to adapt to changing workload demand by
provisioning and de-provisioning pooled resources so that Flexibilité du Nuage
provisioned resources match current demand as well as
possible. 16

Encryption A technology that codes data into an unreadable form so it ‫ اﻟﺘﺸﻔﯿﺮ‬Chiffrement

can only be decoded by a computer that has the correct key.
Encryption prevents unauthorized users from reading data
that is transmitted over a network. 15

31
31
 Fog Computing Fog computing extends cloud computing’s services to the ‫ اﻟﺤﻮﺳﺒﺔ اﻟﻀﺒﺎﺑﯿﺔ‬Informatiques de Fog
edge of the network, in other words closer to the end user.
This provides a better quality of service, reduced latency and
increased mobility.
By better distributing data, fog computing enables the
effective use of Internet of Things applications that demand
real-time service.4

Github A cloud-based service that allows developers to store and ‫ ﺟﯿﺖ ھﺐ‬Github
manage source code (a source code repository), enabling ‫)ﺧﺪﻣﺔ ﻣﻦ اﻟﺤﻮﺳﺒﺔ‬
them to track and control changes to the code using the ‘Git’ (‫اﻟﺴﺤﺎﺑﯿﺔ‬
open-source version control system. 16

Google Cloud Platform a Cloud computing service that runs on the same ‫ ﻣﻨﺼﺔ ﺟﻮﺟﻞ اﻟﺴﺤﺎﺑﯿﺔ‬Google Plateforme
"GCP" infrastructure that Google uses internally for its end-user Cloud
products, such as YouTube. It provides a series of modular
Cloud services including computing, data storage, data
analytics and machine learning. 16

Hybrid Cloud A cloud computing environment that uses a mix of on- ‫ اﻟﺤﻮﺳﺒﺔ اﻟﻤﺨﺘﻠﻄﺔ‬Cloud Hybride
premises private cloud and public cloud services with
orchestration between the two platforms. By allowing
workloads to move between private and public clouds as
computing needs and costs change, a hybrid cloud gives
businesses greater flexibility, and more data deployment
options. 15

Hyper-converged Integrates the same key types of IT components that ‫ اﻟﺒﻨﯿﺔ اﻟﺘﺤﺘﯿﺔ ﻓﺎﺋﻘﺔ‬Infrastructure
Infrastructure converged infrastructure does, but in a scalable rack or ‫ اﻟﺘﻘﺎرب‬Hyperconvergée
appliance that simplifies management, improves
performance, and adds elastic scalability. See converged
infrastructure.45

32
32
Infrastructure Cloud Infrastructure refers to a virtual infrastructure that is ‫ اﻟﺒﻨﯿﺔ اﻟﺘﺤﺘﯿﺔ‬Infrastructure
delivered or accessed via a network or the internet. This
usually refers to the on-demand services or products being
delivered through the model known as Infrastructure as a
Service (IaaS). 16

Infrastructure as Code (IaC) The process of managing and provisioning IT resources ‫ اﻟﺒﻨﯿﺔ اﻟﺘﺤﺘﯿﺔ ﻛﺮﻣﺰ‬Infrastructure en tant
through machine-readable definition files, rather than que Code
physical hardware configuration or interactive configuration
tools. The IT infrastructure managed in this way comprises
both physical equipment such as bare-metal servers as well
as virtual machines and associated configuration resources.
It can use either scripts or declarative definitions, rather than
manual processes. IaC approaches are promoted for Cloud
computing, which is sometimes marketed as infrastructure as
a service (IaaS). IaC supports IaaS but should not be
confused with it. 16

Infrastructure as a Service Cloud infrastructure services, whereby a virtualised ‫ اﻟﺒﻨﯿﺔ اﻟﺘﺤﺘﯿﺔ ﻛﺨﺪﻣﺔ‬Infrastructure en tant
(IAAS) environment is delivered as a service over the internet by the (IAAS) que Service
provider. The infrastructure can include servers, network
equipment, and software. 4

Insider Threat A malicious threat to an organization that comes from people ‫ اﻟﺘﮭﺪﯾﺪ اﻟﺪاﺧﻠﻲ‬Menaces Internes
within the organization, such as employees, former (‫)ﺗﮭﺪﯾﺪ ﻣﻦ اﻟﺪاﺧﻞ‬
employees, contractors, vendors, or business associates who
have inside information concerning the organization’s
security practices, data, and computer systems. 15

Man-in-the-Middle Attack A type of cyberattack where a malicious actor inserts ‫ ھﺠﻮم وﺳﯿﻂ‬Attaque de
(MITM) him/herself into the communication between two parties, l'Intercepteur

33
33
 intercepts online traffic for his own use, and then sends it on
to the recipient. 15 Attaque par Intrusion
Humaine
Metadata Is information that describes various facets of an information ‫ اﻟﻤﯿﺘﺎداﺗﺎ‬Métadonnées
asset to improve its usability throughout its life cycle. 28 ‫اﻟﺒﯿﺎﻧﺎت اﻟﻮﺻﻔﯿﺔ‬
Natural Language An interdisciplinary field of computer science, artificial ‫ ﻣﻌﺎﻟﺠﺔ اﻟﻠﻐﺔ اﻟﻄﺒﯿﻌﯿﺔ‬Traitement du Langage
Processing (NLP) intelligence, and computation linguistics that focuses on Naturel
programming computers and algorithms to parse, process,
and understand human language. NLP can be regarded as a
form of AI. 28

Pay-As-You-Go A cost model for cloud services that encompasses both ‫ اﻟﺪﻓﻊ ﻋﻨﺪ اﻻﺳﺘﺨﺪام‬Prépayé
subscription-based and consumption-based models, in
contrast to traditional IT cost models that requires up-front Pay-As-You-Go
capital expenditures for hardware and software.4

Platform as a Service A cloud computing model that provides a development and (PAAS) ‫ اﻟﻤﻨﺼﺔ ﻛﺨﺪﻣﺔ‬Plateforme en tant que
(PAAS) hosting platform over the internet, simulating the operating Service
system level of a server. In a PAAS model, a cloud provider
delivers hardware and software tools (usually those needed
for application development) to its users as a service,
allowing users to develop applications without the need to
build or maintain the infrastructure of a server. 15

Predictive Analytics The use of data to predict patterns of activity. As applied to ‫ اﻟﺘﺤﻠﯿﻼت اﻟﺘﻨﺒﺆﯾﺔ‬Analyse Prédictive.
SupTech, predictive analytics may for example identify
potential signals such as the unusual use of communications,
fraud, likelihood of default, non-routine patterns of leaving
the office and non-completion of training. Such signals may
predict elevated misconduct risks. Predictive analytics may

34
34
 involve technologies such as machine learning or
visualisation tools. 28

Private Cloud Used to describe a cloud computing platform that is ‫ ﺳﺤﺎﺑﺔ ﺧﺎﺻﺔ‬Cloud Privé
implemented within the corporate firewall, under the control
of the IT department. A private cloud is designed to offer the
same features and benefits of cloud systems but removes a
number of objections to the cloud computing model
including control over enterprise and customer data, worries
about security, and issues connected to regulatory
compliance.4

Public Cloud A type of cloud computing in which a service provider makes ‫ ﺳﺤﺎﺑﺔ ﻋﺎﻣﺔ‬Public Cloud
resources, such as applications and storage, available to the
general public over the internet. Public cloud services may Nuage Public
be free or offered on a pay-per-usage model. 15

Pull Technology Network communication where the initial request for data ‫ ﺗﻘﻨﯿﺔ اﻟﺴﺤﺐ‬Technologie de Pull
originates from the client, and then is responded to by the
server. 28

Push Technology Software that automates the delivery of information to users. ‫ ﺗﻘﻨﯿﺔ اﻟﺪﻓﻊ‬Technologie de Push
28

Serverless Computing Serverless computing is a Cloud-based technology where an ‫ اﻟﺤﻮﺳﺒﺔ ﺑﺪون ﺧﺎدم‬Informatique sans
application runs on-demand. It does not require the customer Serveur
to manage a server to run their code. Pricing is calculated
based on memory usage and execution duration. 16

Session Riding An attack in which a hacker steals a user’s cookie in order to ‫ اﻣﺘﻄﺎء اﻟﺠﻠﺴﺔ‬Séance d'Équitation
use an application in the name of the user. An attacker might
also use a cross-site request forgery attack in order to trick

35
35
 the user into sending authenticated requests to arbitrary
websites in order to achieve various objectives. 15

Software as a Service (SAAS) Provides you with a completed product that is run and ‫ اﻟﺒﺮﻣﺠﯿﺎت ﻛﺨﺪﻣﺔ‬Logiciel en tant que
managed by the service provider. In most cases, people (‫ )ﻧﻤﻮذج ﺣﻮﺳﺒﺔ ﺳﺤﺎﺑﯿﺔ‬Service
referring to SaaS are referring to end-user applications as you
do not have to think about how the service is maintained or
how the underlying infrastructure is managed; you only need
to think about how you will use that particular piece software.
16

Structured Data Information that has a pre-defined data model or is organised ‫ اﻟﺒﯿﺎﻧﺎت اﻟﻤﮭﯿﻜﻠﺔ‬Données Structurées
in a predefined manner. 28

Supply Chain The system of organizations, people, activities, information, ‫ ﺳﻠﺴﻠﺔ اﻟﺘﻮرﯾﺪ‬Chaîne
and resources involved in creating, building, and moving a d'Approvisionnement
product or service from supplier to customer. 15
Chaîne Logistique

Two Factors Authentication Cloud-based strong authentication service that enables ‫ ﺗﻮﺛﯿﻖ ذو ﻋﺎﻣﻠﯿﻦ‬Authentification à Deux
(2FA) enterprises to secure access to networks and applications Facteurs (A2F)
while preventing access by malicious unauthorised attackers.
“Multi-Factor Authentication” requires not only a password
and username but also something that only that user has on
them, i.e. a piece of information only they should know or
have immediately to hand – such as a physical token.4

Unstructured Data Information that either does not have a pre-defined data ‫ ﺑﯿﺎﻧﺎت ﻏﯿﺮ ﻣﮭﯿﻜﻠﺔ‬Données non
model or is not organized in a pre-defined manner. 28 Structurées

Virtual Machine Escape A cloud vulnerability that exploits a hypervisor remotely by ‫ اﻟﮭﺮوب اﻻﻟﻲ اﻻﻓﺘﺮاﺿﻲ‬Évasion de Machine
using a vulnerability present in the hypervisor itself. Such Virtuelle

36
36
 vulnerabilities are quite rare, but they do exist. Additionally,
a virtual machine can escape from the virtualized sandbox
environment and gain access to the hypervisor, and
consequentially all the virtual machines running on it. 15

Virtual Private Cloud (VPC) A Virtual Private Cloud (VPC) is an on-demand configurable ‫ اﻟﺴﺤﺎﺑﺔ اﻻﻓﺘﺮاﺿﯿﺔ‬Nuage Privé Virtuel
pool of shared computing resources allocated within a public (VPC) ‫اﻟﺨﺎﺻﺔ‬
Cloud environment, providing for a level of isolation
between the different organizations using the resources. This
network separation allows for the protection of applications
and data using software defined networks, firewalls, load
balancers, etc. 16

37
37
 Cryptography ‫اﻟﺘﺸـﻔﯿﺮ‬
Terms Definition ‫ اﻟﻤﺼﻄﻠﺤﺎت‬Les Termes
Advanced Encryption The Advanced Encryption Standard or AES is a symmetric ‫ ﻣﻌﯿﺎر اﻟﺘﺸﻔﯿﺮ اﻟﻤﺘﻘﺪم‬Standard d'Encryptage
Standard "AES" block cipher used by the U.S. government to protect Avancé
classified information and is implemented in software and
hardware throughout the world to encrypt sensitive data.21 Standard de
Chiffrement Avancé

Asset-Backed Token A digital representation of an actual asset or revenue stream. ‫ رﻣﺰ ﻣﺪﻋﻮم ﺑﺎﻷﺻﻮل‬Jeton Adossés à des
14
Actifs

Asymmetric cryptography Asymmetric cryptography or public-key cryptography is ‫ اﻟﺘﺸﻔﯿﺮ ﻏﯿﺮ اﻟﻤﺘﻤﺎﺛﻞ‬Cryptographie

cryptography in which a pair of keys is used to encrypt and Asymétrique
decrypt a message so that it arrives securely. Initially, a
network user receives a public and private key pair from a
certificate authority. Any other user who wants to send an
encrypted message can get the intended recipient’s public
key from a public directory. They use this key to encrypt the
message, and they send it to the recipient. When the recipient
gets the message, they decrypt it with their private key, which
no one else should have access to. 21

Back Door A back door is a means of access to a computer program that ‫ اﻟﺒﺎب اﻟﺨﻠﻔﻲ‬Porte Arrière
bypasses security mechanisms. A programmer may
sometimes install a back door so that the program can be Porte Dérobée
accessed for troubleshooting or other purposes. However,
attackers often use back doors that they detect or install
themselves, as part of an exploit. In some cases, a worm is
designed to take advantage of a back door created by an
earlier attack. For example, Nimda gained entrance through
a back door left by Code Red.21

38
38
Black Hat Black hat is used to describe a hacker (or, if you prefer, ‫ اﻟﻘﺒﻌﺔ اﻟﺴﻮداء‬Chapeau Noir
cracker), who breaks into a computer system or network with
malicious intent. Unlike a white hat hacker, the black hat
hacker takes advantage of the break-in, perhaps destroying
files or stealing data for some future purpose. The black hat
hacker may also make the exploit known to other hackers
and/or the public without notifying the victim. This gives
others the opportunity to exploit the vulnerability before the
organization is able to secure it. 21

Certificate Authority (CA) A certificate authority (CA) is an authority in a network that ‫ اﻟﻤﺮﺟﻊ اﻟﻤﺼﺪق‬Autorité de
issues and manages security credentials and public keys for (‫ )ﺳﻠﻄﺔ اﻟﺘﺼﺪﯾﻖ‬Certification
message encryption. As part of a public key infrastructure
(PKI), a CA checks with a registration authority (RA) to
verify information provided by the requestor of a digital
certificate. If the RA verifies the requestor’s information, the
CA can then issue a certificate. 21

Crypto-Assets A type of private digital asset that depends primarily on ‫ اﻷﺻﻮل اﻟ ُﻤﺸﻔﺮة‬Crypto-Actifs
cryptography and distributed ledger or similar technology as
part of their perceived or inherent value. 5

Crypto-asset trading Any trading platform where Crypto-Assets can be bought and ‫ ﻣﻨﺼﺔ ﺗﺪاول اﻷﺻﻮل‬Plateforme de Trading
platform sold, regardless of legal status. 27 ‫ اﻟﻤﺸﻔﺮة‬de Crypto-Actifs
Platesforme de
Négociation de Crypto-
Actifs

Crypto-Asset Coin Versus The difference between a coin and token is that a coin is ‫ ﻋﻤﻠﺔ اﻷﺻﻮل اﻟﻤﺸﻔﺮة‬Monnaie de Crypto-
Token issued on the crypto-asset developer’s platform (e.g. Bitcoin, ‫ ﻣﻘﺎﺑﻞ اﻟﺮﻣﺰ‬Actif contre Jeton
Ethereum) whereas a token can be issued on other platform.23

39
39
 Crypto-Currencies A crypto asset used exclusively/primarily for payments. ‫ اﻟﻌﻤﻼت اﻟ ُﻤﺸﻔﺮة‬Cryptomonnaies
Crypto-Monnaies
CryptoAsset Custody Refers to the secure storage of cryptographic keys that are ‫ ﺣﻔﻆ اﻷﺻﻮل اﻟﻤﺸﻔﺮة‬Dépositaires des
required to unlock and move funds.8 Crypto-Actifs
Cryptocurrency Exchange A cryptocurrency exchange is any system that operates on the ‫ ﺗﺒﺎدل اﻟﻌﻤﻼت اﻟﻤﺸﻔﺮة‬Échange de Crypto-
basis of trading cryptocurrencies with other assets. Like a monnaie
traditional financial exchange, the cryptocurrency exchange's
core operation is to allow for the buying and selling of these
digital assets, as well as others. A cryptocurrency exchange
is also known as a digital currency exchange (DCE). 10

Cryptography the conversion of data into private code using encryption ‫ اﻟﺘﺸﻔﯿﺮ‬Cryptographie
algorithms, typically for transmission over a public network.
5
Chiffrement
Cryptographic Hash A function that returns a unique fixed-length string. The ‫ وظﯿﻔﺔ ﺗﺠﺰﺋﺔ اﻟﺘﺸﻔﯿﺮ‬Fonction de Hachage
Function returned string is unique for every unique input. Used to Cryptographique
create a "digital ID" or "digital thumbprint" of an input string.
9

Crypto-token Crypto-tokens represent a particular fungible and tradable ‫ رﻣﺰ اﻟﺘﺸﻔﯿﺮ‬Jeton Cryptographique
asset or a utility that is often found on a blockchain. 10

Digital Token Any digital representation of an interest, which may be of ‫ رﻣﺰ رﻗﻤﻲ‬Jeton Numérique
value, a right to receive a benefit or perform specified
functions or may not have a specified purpose or use.14

Digital Wallet Provider A firm that offers storage services to investors in crypto- ‫ ﻣﺰود اﻟﺤﺎﻓﻈﺔ اﻟﺮﻗﻤﯿﺔ‬Fournisseur de
assets. These may be connected online (‘hot’ storage) or kept Portefeuille Numérique
offline (‘cold’ storage). 14

40
40
Cryptoasset Exchanges Venues enabling users to buy and sell cryptoassets for other ‫ ﺗﺒﺎدل اﻷﺻﻮل اﻟﻤﺸﻔﺮة‬Echanges de Crypto-
assets. They serve as the on-off ramps to the cryptoasset Actifs
8
ecosystem.
Fungible Token These tokens are divisible and uniform, because they don’t ‫ رﻣﺰ ﻗﺎﺑﻞ ﻟﻼﺳﺘﺒﺪال أو‬Jeton Interchangeable
have any specific information associated to them that would ‫اﻟﺘﺒﺎدل‬
make them unique. All fungible tokens from the same
blockchain are interchangeable.30

Non-Fungible Token These tokens are not interchangeable within the same ‫ رﻣﺰ ﻗﺎﺑﻞ ﻟﻼﺳﺘﺒﺪال أو‬Jeton Non-
blockchain. They are unique and non-divisible, which ‫ اﻟﺘﺒﺎدل‬Interchangeable
30
enables the transfer of information and value.

Public Key Infrastructure A public key infrastructure (PKI) supports the distribution ‫ اﻟﺒﻨﯿﺔ اﻟﺘﺤﺘﯿﺔ ﻟﻠﻤﻔﺘﺎح اﻟﻌﺎم‬Infrastructure à Clé
(PKI) and identification of public encryption keys, enabling users Publique (ICP)
and computers to both securely exchange data over networks
such as the Internet and verify the identity of the other party.
Without PKI, sensitive information can still be encrypted
(ensuring confidentiality) and exchanged, but there would be
no assurance of the identity (authentication) of the other
party.21

Session Key A session key is an encryption and decryption key that is ‫ ﻣﻔﺘﺎح اﻟﺠﻠﺴﺔ‬Clé de Session
randomly generated to ensure the security of a
communication session between a user and another computer
or between two computers. 21

Stablecoin Cryptoassets designed to maintain price stability, either in ‫ ﻋﻤﻠﺔ ﻣﺴﺘﻘﺮة‬Stablecoin

relation to a pegged asset or a basket of goods (“purchasing
power”).8

41
41
 Cyber Security ‫أﻣﻦ اﻟﻔﻀﺎء اﻻﻟﻜﺘﺮوﻧﻲ‬
Terms Definition ‫ اﻟﻤﺼﻄﻠﺤﺎت‬Les Termes
Actionable intelligence Information that can be acted upon to address, prevent or ‫ اﻟﺬﻛﺎء اﻟﻌﻤﻠﻲ‬Intelligence Exploitable
mitigate a cyber threat. 2

Cyber Refers to the interconnected information infrastructure of ‫ اﻟﻔﻀﺎء اﻹﻟﻜﺘﺮوﻧﻲ‬Cyber

interactions among persons, processes, data, and
information and communications technologies, along with
the environment and conditions that influence those
interactions. 2

Cyber Attack The use of an exploit by an adversary to take advantage of a ‫ ھﺠﻮم إﻟﻜﺘﺮوﻧﻲ‬Cyberattaque
weakness(es) with the intent of achieving an adverse effect
on the ICT environment. 2

Cyber Event An observable occurrence in an information system or ‫ ﺣﺪث إﻟﻜﺘﺮوﻧﻲ‬Événement de Cyber

network. 2
Cyber Evénement
Cyber Governance Arrangements an organisation puts in place to establish, ‫ ﺣﻮﻛﻤﺔ اﻟﻔﻀﺎء اﻻﻟﻜﺘﺮوﻧﻲ‬Cybergouvernance
implement and review its approach to managing cyber risks.
cyber maturity model A mechanism to have cyber resilience
controls, methods and processes assessed according to
management best practice, against a clear set of external
benchmarks. 2

Cyber Maturity Model A mechanism to have cyber resilience controls, methods and ‫ ﻧﻤﻮذج ﻧﻀﺞ اﻟﻔﻀﺎء‬Modèle de Cyber
processes assessed according to management best practice, ‫ اﻻﻟﻜﺘﺮوﻧﻲ‬Maturité
against a clear set of external benchmarks. 2

Cyber Resilience A Financial Market Infrastructure’s ability to anticipate, ‫ ﻣﺘﺎﻧﺔ اﻷﻣﻦ اﻻﻟﻜﺘﺮوﻧﻲ‬Cyberrésilience
withstand, contain and rapidly recover from a cyber-attack. 2

42
42
 Cyber-résilience
Cyber Resilience Framework Consists of the policies, procedures and controls a Financial ‫ إطﺎر ﻣﺘﺎﻧﺔ اﻷﻣﻦ‬Cadre de
Market Infrastructure has established to identify, protect, ‫ اﻻﻟﻜﺘﺮوﻧﻲ‬Cyberrésilience
detect, respond to and recover from the plausible sources of
cyber risks it faces. 2

Cyber Resilience Strategy A Financial Market Infrastructure’s high-level principles and ‫ اﺳﺘﺮاﺗﯿﺠﯿﺔ ﻣﺘﺎﻧﺔ اﻷﻣﻦ‬Stratégie de
medium-term plans to achieve its objective of managing ‫ اﻻﻟﻜﺘﺮوﻧﻲ‬Cyberrésilience
cyber risks. 2

Cyber Risk The combination of the probability of an event occurring ‫ ﻣﺨﺎطﺮ اﻷﻣﻦ اﻻﻟﻜﺘﺮوﻧﻲ‬Cyberrisques
within the realm of an organization's information assets,
computer and communication resources and the
consequences of that event for an organisation. 2 Cyber-risques

Cyber Risk Management The process used by a Financial Market Infrastructure to ‫ إدارة ﻣﺨﺎطﺮ اﻷﻣﻦ‬Gestion des
establish an enterprise-wide framework to manage the ‫ اﻻﻟﻜﺘﺮوﻧﻲ‬Cyberrisques
likelihood of a cyber-attack and develop strategies to
mitigate, respond to, learn from and coordinate its response
to the impact of a cyber-attack.
The management of a Financial Market Infrastructure's cyber
risk should support the business processes and be integrated
in the Financial Market Infrastructure’s overall risk
management framework. 2

Cyber risk profile The cyber risk actually assumed, measured at a given point ‫ ﺑﯿﺎن ﻣﺨﺎطﺮ اﻷﻣﻦ‬Profil de Cyberrisques
in time. 2 ‫اﻻﻟﻜﺘﺮوﻧﻲ‬
Cyber risk tolerance The propensity to incur cyber risk, being the level of cyber ‫ ﺗﺤﻤﻞ ﻣﺨﺎطﺮ اﻷﻣﻦ‬Tolérance au Cyber-
risk that Financial Market Infrastructure intends to assume in ‫ اﻻﻟﻜﺘﺮوﻧﻲ‬risque
pursuing its strategic objectives. 2

43
43
 Cyber Security The protection of information assets by addressing threats to ‫ أﻣﻦ اﻟﻔﻀﺎء اﻻﻟﻜﺘﺮوﻧﻲ‬Cybersécurité
information processed, stored, and transported by
internetworked information systems.33

Cybersecurity architecture Describes the structure, components and topology ‫ ھﻨﺪﺳﺔ أﻣﻦ اﻟﻔﻀﺎء‬Architecture de
(connections and layout) of security controls within an ‫ اﻹﻟﻜﺘﺮوﻧﻲ‬cybersécurité
enterprise's IT infrastructure Scope Note: The security
architecture shows how defense-in-depth is implemented
and how layers of control are linked and is essential to
designing and implementing security controls in any
complex environment.32

Cyber Security Incident An occurrence or activity of a system, service or network ‫ ﺣﺪث اﻷﻣﻦ اﻻﻟﻜﺘﺮوﻧﻲ‬Un Incident de
state indicating a possible breach of protective security Cybersécurité
policy or failure of safeguards, or a previously unknown
situation that may be security relevant. Examples include:
• Receiving suspicious or seemingly targeted emails with
attachments or links.
• Any compromise or corruption of information.
• Unauthorised access or intrusion into an identity service.
• Data spill.
• Intentional or accidental introduction of viruses to a
network.
• Denial of service attacks.
• Suspicious or unauthorised network activity.18

Cyber threat A circumstance or event with the potential to intentionally or ‫ ﺗﮭﺪﯾﺪ اﻟﻜﺘﺮوﻧﻲ‬Cybermenaces
unintentionally exploit one or more vulnerabilities in
Financial Markets Infrastructures' systems, resulting in a loss Menace Cybernétique
of confidentiality, integrity or availability. 2

44
44
Cyber Threat Intelligence Information that provides relevant and sufficient ‫ اﻟﻤﻌﻠﻮﻣﺎت اﻟﻤﺘﻌﻠﻘﺔ‬Renseignements sur les
understanding for mitigating the impact of a potentially ‫ ﺑﺎﻟﺘﮭﺪﯾﺪات اﻹﻟﻜﺘﺮوﻧﯿﺔ‬Menaces
harmful event (may also be referred to as “cyber threat
information”). 2

Data Breach An unauthorized access and retrieval of sensitive information ‫ ﺧﺮق اﻟﺒﯿﺎﻧﺎت‬Violation de Données
by an individual, group, or software system. It is a
cybersecurity mishap which happens when data,
intentionally or unintentionally, falls into the wrong hands
without the knowledge of the user or owner. 10

Defence in Depth The security controls deployed throughout the various layers ‫ اﻟﺪﻓﺎع ﻓﻲ اﻟﻌﻤﻖ‬Défense en Profondeur
of the network to provide for resiliency in the event of the
failure or the exploitation of a vulnerability of another control
(may also be referred to as “layered protection”). 2

Detection Development and implementation of the appropriate ‫ اﻛﺘﺸﺎف اﻟﺘﮭﺪﯾﺪ‬Détection de

activities in order to identify the occurrence of a cyber event. Cyberattaques
2

Disruption A disruption is an event affecting an organization's ability to ‫ إﺧﻼل ﺑﺎﻷﻣﻦ اﻻﻟﻜﺘﺮوﻧﻲ‬Perturbation

perform its critical operations. 2

Distributed Denial-of-Service A distributed denial-of-service (DDoS) attack is one in which ‫ ھﺠﻮم رﻓﺾ اﻟﺨﺪﻣﺔ‬Attaque de Déni de
(DDoS) a multitude of compromised systems attack a single target, ‫ اﻟﻤﻮزع‬Service Distribuée
thereby causing denial of service for users of the targeted
system. The flood of incoming messages to the target system
essentially forces it to shut down, thereby denying service to
the system to legitimate users. 21

Ecosystem A system or group of interconnected elements formed ‫ اﻟﻨﻈﺎم اﻟﺒﯿﺌﻲ‬Écosystème

linkages and dependencies. For a Financial Market

45
45
 Infrastructure, this may include participants, linked Financial
Market Infrastructure, service providers, vendors and vendor
products. 2

Financial Market A multilateral system among participating institutions, ‫ اﻟﺒﻨﯿﺔ اﻟﺘﺤﺘﯿﺔ ﻟﻸﺳﻮاق‬Infrastructure des
Infrastructure (FMI) including the operator of the system, used for the purposes of ‫ اﻟﻤﺎﻟﯿﺔ‬Marchés Financiers
clearing, settling or recording payments, securities,
derivatives or other financial transactions. 2

Forensic Investigation The application of investigative and analytical techniques to ‫ ﺗﺤﻘﯿﻖ اﻷﻣﻦ اﻻﻟﻜﺘﺮوﻧﻲ‬Enquête judiciaire
gather and preserve evidence from a digital device impacted
by a cyber-attack. 2

Forensic Readiness The ability of a Financial Market Infrastructure to maximise ‫ اﺳﺘﻌﺪاد اﻷﻣﻦ اﻻﻟﻜﺘﺮوﻧﻲ‬Préparation
the use of digital evidence to identify the nature of a cyber
attack. 2

Gray Hat Gray hat describes a cracker (or, if you prefer, hacker) who ‫ اﻟﻘﺒﻌﺔ رﻣﺎدﯾﺔ‬Chapeau Gris
exploits a security weakness in a computer system or product
in order to bring the weakness to the attention of the owners.
Unlike a black hat, a gray hat acts without malicious intent.
The goal of a gray hat is to improve system and network
security. However, by publicizing a vulnerability, the gray
hat may give other crackers the opportunity to exploit it. This
differs from the white hat who alerts system owners and
vendors of a vulnerability without actually exploiting it in
public.21

Identification To develop the organizational understanding required to ‫ اﻟﮭﻮﯾﺔ‬Identification

manage cyber risk to systems, assets, data and capabilities. 2

46
46
Information Asset Any piece of data, device or other component of the ‫ أﺻﻮل اﻟﻤﻌﻠﻮﻣﺎت‬Actif d'Informations
environment that supports information-related activities.
Information assets include data, hardware and software.
Information assets are not limited to those that are owned by
the entity. They also include those that are rented or leased,
and those that are used by service providers to deliver their
services. 2

Integrity With reference to information, an information system or a ‫ ﺳﻼﻣﺔ اﻟﻤﻌﻠﻮﻣﺎت‬Intégrité

component of a system, the property of not having been
modified or destroyed in an unauthorized manner. 2

Layered protection As relying on any single defence against a cyber threat may ‫ طﺒﻘﺎت اﻟﺤﻤﺎﯾﺔ‬Protection Multicouche
be inadequate, a Financial Market Infrastructure can use a
series of different defences to cover the gaps in and reinforce
other protective measures. For example, the use of firewalls,
intrusion detection systems, malware scanners, integrity
auditing procedures and local storage encryption tools can
serve to protect information assets in a complementary and
mutually reinforcing manner. May also be referred to as
“defence in depth”. 2

Malware Malicious software used to disrupt the normal operation of ‫ اﻟﺒﺮﻣﺠﯿﺎت اﻟﺨﺒﯿﺜﺔ‬Logiciel Malveillant
an information system in a manner that adversely impacts its
confidentiality, availability or integrity. 2 Malware

Operational Resilience The ability of a Financial Market Infrastructure to: (i) ‫ اﻟﻤﺘﺎﻧﺔ اﻟﺘﺸﻐﯿﻠﯿﺔ‬Résilience
maintain essential operational capabilities under adverse Opérationnelle
conditions or stress, even if in a degraded or debilitated state;
and (ii) recover to effective operational capability in a time
frame consistent with the provision of critical economic
services. 2

47
47
 Protection Development and implementation of appropriate safeguards, ‫ اﻟﺤﻤﺎﯾﺔ‬La Protection
controls and measures to enable reliable delivery of critical
infrastructure services. 2

Recover To restore any capabilities or services that have been ‫ اﻻﺳﺘﻌﺎدة‬Récupérer

impaired due to a cyber event. 2

Red Team An independent group that challenges the cyber resilience of ‫ اﻟﻔﺮﯾﻖ اﻷﺣﻤﺮ‬Équipe Rouge
an organisation to test its defences and improve its ‫)ﻓﺮﯾﻖ اﺧﺘﺒﺎر ﻣﺘﺎﻧﺔ اﻷﻣﻦ‬
effectiveness. A red team views the cyber resilience of a (‫اﻷﻟﻜﺘﺮوﻧﻲ‬
Financial Market Infrastructure from an adversary’s
perspective. 2

Resilience by design The embedding of security in technology and system ‫ ﻣﺘﺎﻧﺔ اﻷﻣﻦ اﻹﻟﻜﺘﺮوﻧﻲ ﻣﻦ‬Cyberrésilience par
development from the earliest stages of conceptualization ‫ ﺧﻼل اﻟﺘﺼﻤﯿﻢ‬Design
2
and design.

Respond Of Financial Market Infrastructure, to develop and ‫ اﻻﺳﺘﺠﺎﺑﺔ‬Répondre

implement appropriate activities to be able to take action
when it detects a cyber event. 2

Resume To recommence functions following a cyber incident. ‫ اﺳﺘﺌﻨﺎف اﻟﺨﺪﻣﺎت اﻟﺤﯿﻮﯾﺔ‬Résumé

Financial Market Infrastructure should resume critical ‫اﻻﻟﻜﺘﺮوﻧﯿﺔ‬
services as soon as it is safe and practicable to do so without
causing unnecessary risk to the wider sector or further
detriment to financial stability. The plan of action should
incorporate the use of a secondary site and be designed to
ensure that critical ICT systems can resume operations within
two hours following a disruptive event. 2

48
48
Security Operations Centre A function or service responsible for monitoring, detecting ‫ ﻣﺮﻛﺰ اﻟﻌﻤﻠﯿﺎت اﻷﻣﻨﯿﺔ‬Centre des Opérations
and isolating incidents. 2 de Sécurité
Secure Sockets Layer (SSL) Uses a combination of public-key and symmetric-key ‫ طﺒﻘﺔ اﻟﻮﺻﻼت اﻵﻣﻨﺔ‬Protocole Sécurisé de
encryption to secure a connection between two machines, Cryptage
typically a Web or mail server and a client machine,
communicating over the Internet or an internal network. 21 Secure Sockets Layer

Situational Awareness The ability to identify, process and comprehend the critical ‫ اﻟﻮﻋﻲ ﺑﺎﻟﺤﺎﻟﺔ‬Conscience de la
elements of information through a cyber threat intelligence Situation
process that provides a level of understanding that is relevant
to act upon to mitigate the impact of a potentially harmful
event. 2

Threat A circumstance or event that has or indicates the potential to ‫ اﻟﺘﮭﺪﯾﺪات اﻹﻟﻜﺘﺮوﻧﯿﺔ‬Menace
exploit vulnerabilities and to adversely impact (create
adverse consequences for) organizational operations,
organizational assets (including information and information
systems), individuals, other organizations or society in
general. 2

Threat Intelligence Threat intelligence is evidence-based knowledge, including ‫ ﻣﻌﻠﻮﻣﺎت اﻟﺘﮭﺪﯾﺪات‬Renseignements sur les
context, mechanisms, indicators, implications and actionable ‫ اﻻﻟﻜﺘﺮوﻧﯿﺔ‬Menaces
advice, about an existing or emerging menace or hazard to
assets that can be used to inform decisions regarding the
subject's response to that menace or hazard. 2

Vulnerability A weakness, susceptibility or flaw in a system that an ‫ ﻧﻘﺎط اﻟﻀﻌﻒ‬Vulnérabilité

attacker can access and exploit to compromise system
security. Vulnerability arises from the confluence of three
elements: the presence of a susceptibility or flaw in a system;
an attacker’s access to that flaw; and an attacker’s capability
to exploit the flaw. 2

49
49
 Vulnerability Assessment Systematic examination of an information system and its ‫ ﺗﻘﯿﯿﻢ ﻧﻘﺎط اﻟﻀﻌﻒ‬Évaluation de la
controls and processes, to determine the adequacy of security Vulnérabilité
measures, identify security deficiencies, provide data from
which to predict the effectiveness of proposed security
measures and confirm the adequacy of such measures after
implementation. Source: Adapted from NIST/FSB Cyber
Lexicon. 2

50
50
Data Protection ‫ﺣﻤـﺎﯾﺔ اﻟﺒﯿـﺎﻧﺎت‬
Terms Definition ‫ اﻟﻤﺼﻄﻠﺤﺎت‬Les Termes
Accountability There’s a great deal of responsibility that Data Controllers ‫ اﻟﻤﺴﺆوﻟﯿﺔ‬Responsabilité
have to bear in the GDPR Era but one of them tops it all –
ensuring compliance. Controllers must be able to
demonstrate the steps they take to abide by GDPR before
taking up any business.29

Age Verification The age requirement at which data subjects can lawfully give ‫ اﻟﺘﺤﻘﻖ ﻣﻦ اﻟﻌﻤﺮ‬Vérification de l'âge
consent introduces a need to verify children’s ages. Rules for
the language used in consent requests which are targeted at
children, and the way online services obtain children’s
consent, is regulated. Under the GDPR changes, the default
age at which a person is no longer considered a child is 16.
However, member states can adjust that limit between 13 and
16.
Data controllers need to know the age of consent in every
member state and cannot seek consent from anyone under
that age. Consent must be obtained from a person holding
“parental responsibility”. Reasonable efforts are required to
verify that the person providing that consent is indeed a
parental figure. See Parental Consent.34

Anonymous Data Data from which no individuals can be identified, and which ‫ ﺑﯿﺎﻧﺎت ﻣﺠﮭﻮﻟﺔ اﻟﻤﺼﺪر‬Données Anonymes
is therefore outside the scope of GDPR. 34

Automated Data Information processed by any type of computer or other ‫ اﻟﺒﯿﺎﻧﺎت اﻵﻟﯿﺔ‬Données Automatisée
equipment that operates automatically. 24

51
51
 Binding Corporate Rules A set of binding rules designed to allow multinational ‫ ﻗﻮاﻋﺪ ﻣﻠﺰﻣﺔ ﻟﻠﺸﺮﻛﺎت‬Règles d'Entreprise
(BCRS) companies and organisations to transfer personal data from Contraignantes
the EU to the organization's affiliates based outside the EU
but within the organization. BCRs must demonstrate
adequate safeguards and be authorized by the appropriate
lead authority in the EU to vouch for data protection
compliance. 34

Biometric Data Any data created during a biometric process. This includes ‫ اﻟﺒﯿﺎﻧﺎت اﻟﺤﯿﻮﯾﺔ‬Données Biométriques
physical samples, fingerprints as well as verification and
identification data. 34

Breach A breach of security leading to the accidental or unlawful ‫ ﺧﺮق أﻣﻨﻲ‬La Violation
loss, destruction, unauthorized disclosure of, or access to, the
personal data. 34

Breach Notification Organisations are required to report data breaches to the ICO ‫ إﺷﻌﺎر ﺑﺎﻟﺨﺮق اﻷﻣﻨﻲ‬Notification des
within 72 hours of the breach and/or the organization Violations
becoming aware of the breach. In the case of Data Subjects
being caused potential harm by the breach, they must also be Notification des
notified. 34 Atteintes

Consent Freely given, specific, informed and unambiguous consent ‫ اﻟﻤﻮاﻓﻘﺔ اﻟﻤﺴﺒﻘﺔ‬Consentement
given by the data subject either by statement or clear
affirmative action which signifies agreement to the subject’s
personal data being processed. 34

Cross-Border Processing The processing of data by a Controller or Processor who ‫ ﻣﻌﺎﻟﺠﺔ اﻟﺒﯿﺎﻧﺎت ﻋﺒﺮ‬Traitement
operates in more than one EU member state, or the ‫ اﻟﺤﺪود‬Transfrontalier
processing of data in one EU member state of subjects
resident in one or more member state. 34

52
52
Data Controller Any person or organization (the legal entity or individual) ‫ ﻣﺘﺤﻜﻢ ﺑﯿﺎﻧﺎت‬Responsable du
that determines the purposes, conditions and methodology Traitement
for the processing of personal data. 34

Data Erasure Also known as the Right to be Forgotten. The right to have ‫ ﻣﺤﻮ اﻟﺒﯿﺎﻧﺎت‬Effacement de Données
the Data Controller erase the personal data, stop publishing
the data and cease processing the data. 34

Data Portability The right to allow individuals to obtain and reuse their ‫ ﻗﺎﺑﻠﯿﺔ ﻧﻘﻞ اﻟﺒﯿﺎﻧﺎت‬Portabilité des Données
personal data for their own purposes across different services
so they can move, copy or transfer the data easily in a safe
and secure way. 34

Data Privacy Impact A methodology or tool used to identify and reduce the ‫ ﺗﻘﯿﯿﻢ ﺗﺄﺛﯿﺮ ﺧﺼﻮﺻﯿﺔ‬Évaluation de l'Impact
Assessment (DPIA) privacy risks of individuals when planning projects or (DPIA) ‫ اﻟﺒﯿﺎﻧﺎت‬de la Confidentialité des
policies to protect the data. 34 Données.

Data Processor Any person or organization [the entity or individual] that ‫ ﻣﻌﺎﻟﺞ اﻟﺒﯿﺎﻧﺎت‬Traitement de Données
processes data on behalf of the Data Controller. Processing is
defined very widely and includes collection, storage, use,
recording, disclosure or manipulation of data whether or not
by automated means. 34

Data Protection The tools and techniques used to ensure data is not lost or ‫ ﺣﻤﺎﯾﺔ اﻟﺒﯿﺎﻧﺎت‬Protection des Données
corrupted. When selecting a cloud service provider (CSP),
consider their services or protocols for backup, recovery,
business continuity, and disaster recovery. 15

Data Protection Act (DPA) The Data Protection Act 2018 was introduced in the UK to ‫ ﻗﺎﻧﻮن ﺣﻤﺎﯾﺔ اﻟﺒﯿﺎﻧﺎت‬Loi sur la Protection
give effect to GDPR. 34 (DPA) des Données

53
53
 Data Protection Authority The national authority in every EU member state that ‫ ﺳﻠﻄﺔ ﺣﻤﺎﯾﺔ اﻟﺒﯿﺎﻧﺎت‬Autorité de Protection
enforces data protection in that member state. 34 des Données

Data Protection Officer The role in an organization which has responsibility for ‫ ﻣﺴﺆول ﺣﻤﺎﯾﺔ اﻟﺒﯿﺎﻧﺎت‬Responsable de la
(DPO) ensuring that individual’s personal data is protected under (DPO) Protection des Données
data protection legislation and that the organization is
compliant with the legislation. 34

Data Sovereignty The concept that information which has been converted and ‫ ﺳﯿﺎدة اﻟﺒﯿﺎﻧﺎت‬Souveraineté des
stored in binary digital form is subject to the laws of the Données
country in which it is located. 34

Encrypted Data Data that is secure as protected by translating the data into ‫ اﻟﺒﯿﺎﻧﺎت اﻟﻤﺸﻔﺮة‬Données Chiffrées
another form that can only be read by those with authorized
access through a key or password. 34 Données Cryptées

Enforcement Notice A Notice served by the Information Commissioner requiring ‫ إﺷﻌﺎر اﻹﻧﻔﺎذ‬Avis d'Exécution
us to take (or refrain from taking) specific action regarding
our data processing activities, in order to comply with the
Act. 24

General Data Protection It came into force on 25th May 2018. The GDPR further ‫ اﻟﻼﺋﺤﺔ اﻟﻌﺎﻣﺔ ﻟﺤﻤﺎﯾﺔ‬Règlement Général sur
Regulation (GDPR) harmonizes data protection rules across EU member states. It ‫ اﻻﺗﺤﺎد اﻷورﺑﻲ‬/ ‫ اﻟﺒﯿﺎﻧﺎت‬la Protection des
applies to data processing carried out by individuals and Données (RGPD) -
organisations operating within the EU, but also applies to Union Européenne
organisations outside the EU that offer goods and services to
EU citizens. The GDPR significantly enhances the rights of
data subjects in the processing of their personal data. 34

Data Protection Officer An appointment of a Data Protection Officer is obligatory if: ‫ ﻣﺴﺆول ﺣﻤﺎﯾﺔ اﻟﺒﯿﺎﻧﺎت‬Le Délégué à la
DPO (1) processing is carried out by a public authority; or (2) the DPO Protection des Données
“core activities” of a data controller / data processor either (DPD)

54
54
 require “the regular and systematic monitoring of data
subjects on a large scale,” or consist of processing of special
categories of data or data about criminal convictions “on a
large scale.” 19

Fair Processing Notice (FPN) Fair processing notices are the "small print" that appear on ‫ إﺷﻌﺎر اﻟﻤﻌﺎﻟﺠﺔ اﻟﻌﺎدﻟﺔ‬Traitement Loyal des
forms, which are sometimes called privacy statements or (FPN) Données
collection texts. They are used to inform the person from
whom personal data are being collected, the data subject,
how their data will be processed.44

Genetic Data Data that is unique concerning the characteristics of an ‫ اﻟﺒﯿﺎﻧﺎت اﻟﻮراﺛﯿﺔ‬Données Génétiques
individual which are inherited or acquired. See Biometric
Data. 34

Grounds for Processing An organization's lawful basis for processing personal data – ‫ أﺳﺒﺎب اﻟﻤﻌﺎﻟﺠﺔ‬Motif de Traitement
consent; contractual; legal basis; vital interests; public
interest; legitimate interests. 34

Information Commissioners The UK’s independent authority set up to uphold information ‫ ﻣﻜﺘﺐ ﻣﻔﻮﺿﻲ اﻟﻤﻌﻠﻮﻣﺎت‬Bureau du
Office (ICO) rights in the public interest, promoting openness by public (ICO) Commissariat à
bodies and data privacy for individuals. 34 l'Information

Lawful Basis of Data It is the need to have a valid lawful reason to process personal ‫ اﻷﺳﺎس اﻟﻘﺎﻧﻮﻧﻲ ﻟﻤﻌﺎﻟﺠﺔ‬Base Légale du
Processing data. This could be consent, a legitimate interest or ‫ اﻟﺒﯿﺎﻧﺎت‬Traitement des Données
contractual necessity. 29

Legitimate Interest It is a valid alternative to consent as lawful basis for ‫ اﻟﻤﺼﻠﺤﺔ اﻟﻤﺸﺮوﻋﺔ‬Intérêt Légitime
processing— but not for special categories of data. It will not
be valid if it harms the rights, interests or freedoms of the
individual. Records of your legitimate interest should be
documented. 29

55
55
 Parental Consent Consent from a person holding parental authority over ‫ ﻣﻮاﻓﻘﺔ وﻟﻲ اﻷﻣﺮ‬Consentement Parental
children under 16 (age varies across member states). It is the
responsibility of the Data Controller to set up the verification
procedures that guarantee the age of the child and the
authenticity of the Parental Consent. See Age Verification. 34

Personal Data Breach A breach of security leading to the accidental or unlawful ‫ ﺧﺮق اﻟﺒﯿﺎﻧﺎت اﻟﺸﺨﺼﯿﺔ‬Violation de Données
destruction, loss, disclosure or access to, personal data. See Personnelles
Breach. 34

Privacy By Design The principle of the inclusion of data protection from the ‫ اﻟﺨﺼﻮﺻﯿﺔ ﺣﺴﺐ‬Protection des données
onset of the designing and planning of systems, rather than ‫ اﻟﺘﺼﻤﯿﻢ‬dès la Conception
as a later addition (also Privacy by Default). 34 (Privacy by Design)

Privacy Impact Assessment The GDPR imposes a new obligation on data controllers and ‫ ﺗﻘﯿﯿﻢ ﺗﺄﺛﯿﺮ اﻟﺨﺼﻮﺻﯿﺔ‬Évaluation de l'Impact
(PIA) data processors to conduct a Data Protection Impact (PIA) de la Confidentialité
Assessment (also known as a privacy impact assessment, or
PIA) before undertaking any processing that presents a
specific privacy risk by virtue of its nature, scope, or
purposes.19

Privacy Notice A notice informing Data Subjects how their personal ‫ إﺷﻌﺎر اﻟﺨﺼﻮﺻﯿﺔ‬Déclaration de
information is going to be used and their rights when their Confidentialité
data is provided, collected and processed. 34
Politique de
Confidentialité

Avis de Confidentialité
A process undertaken to ensure that no personal data can be
Pseudonymisation attributed to an individual data subject without the use of
additional information. A procedure by which the most ‫ اﻟﺘﺴﻤﯿﮫ اﻟﻤﺴﺘﻌﺎرة‬Pseudonymisation
identifying fields within a data record/ database are replaced

56
56
 by one or more artificial identifiers, or pseudonyms. GDPR
explicitly encourages organizations to consider
pseudonymization as a security measure provided the “key”
that enables re-identification is kept separate and secure. 34

Recipient Person to whom the personal data are disclosed in the course ‫ اﻟﻤﺘﻠﻘﻲ‬Destinataire
of processing. 34

Rectification The right for Data Subjects to have inaccurate personal ‫ اﻟﺘﺼﺤﯿﺢ‬Rectification
information corrected. 34

Relevant Filing System Any set of information relating to individuals which is ‫ ﻧﻈﺎم اﻟﻤﻠﻔﺎت ذات اﻟﺼﻠﺔ‬Système de Fichiers
structured either by reference to individuals or by reference Associé
to criteria relating to individuals in such a way that specific
information relating to a particular individual is readily
accessible even where processing does not take place
automatically. This would include any paper files relating to
an individual student or member of staff. 24

Right To Be Forgotten See Data Erasure. 34 ‫ اﻟﺤﻖ ﻓﻲ اﻟﻨﺴﯿﺎن‬Droit à l'Oubli

Right To Access See Subject Access Right. ‫ اﻟﺤﻖ ﻓﻲ اﻟﻮﺻﻮل‬Droit d'Accéder
Droit d'Avoir Accès

Safe Harbour A Safe harbour is a list of countries that have an adequate ‫ اﻟﻤﻼذ اﻵﻣﻦ‬Sphère de Sécurité
level of security standards in terms of processing and La Zone Sûre
handling personal information and acceptable to the
European Union. The term originated during an agreement
between EU and US department of commerce to maintain
adequate level of data security. 29

57
57
 Standard Contractual The SCCs or “model clauses” are standardized contract ‫ اﻟﺒﻨﻮد اﻟﺘﻌﺎﻗﺪﯾﺔ اﻟﻤﻌﯿﺎرﯾﺔ‬Clauses Contractuelles
Clauses language (approved by the European Commission) and one Standard
method of permission for controllers/processors to send
personal data to third countries.42

Sensitive Personal Data Personal Data that is of a private nature and includes racial ‫ ﺑﯿﺎﻧﺎت ﺷﺨﺼﯿﺔ ﺣﺴﺎﺳﺔ‬Données Personnelles
origin, sexual life, political or religious views and Sensibles
affiliations, and physical or mental health. 34
Données Personnelles
Confidentielles
Subject Access Request A written or electronic request by an individual to an ‫ طﻠﺐ اﻟﻮﺻﻮل اﻟﻤﻮﺿﻮع‬Demande d'Accès aux
organization asking for access to information about the Données
individual held by the organization. 34

Subject Access Right Also known as the Right to Access, it entitles the Data ‫ ﺣﻖ اﻟﻮﺻﻮل إﻟﻰ‬Droit d'Accès au Sujet
Subject to have access to and information about the personal ‫اﻟﻤﻮﺿﻮع‬
data that a Controller holds. Application is by a Subject
Access Request that is free of charge. 34

Supervisory Authority The lead authority in the EU member state that manages data ‫ اﻟﺴﻠﻄﺔ اﻹﺷﺮاﻓﯿﺔ‬L'Autorité de Contrôle
protection compliance. 34

Third Party Any person other than the Data Subject, Data Controller or ‫ اﻟﻄﺮف اﻟﺜﺎﻟﺚ‬Tiers
Data Processor. 34

User Managed Access A standard protocol adopted in 2015 and designed to give an ‫ اﻟﻮﺻﻮل اﻟﺬي ﯾﺪﯾﺮه‬Accès Géré par
(UMA) individual data subject, a unified control point for authorizing (UMA) ‫ اﻟﻤﺴﺘﺨﺪم‬l'Utilisateur
access to their personal data, content, and services, no matter
where that data is stored. 34

58
58
Digital ID ‫اﻟﮭﻮﯾﺔ اﻟﺮﻗﻤﯿﺔ‬
Terms Definition ‫ اﻟﻤﺼﻄﻠﺤﺎت‬Les Termes
Authentication Establishes that the claimant who asserts his or her identity is ‫ اﻟﻤﺼﺎدﻗﺔ‬Authentification
the same person whose identity was obtained, verified, and
credentialed during on-boarding. 25

Authenticator Something the claimant possess and controls that is used to ‫ اﻟﻤﺼﺪق‬Authentificateur
authenticate (confirm) that the claimant is the individual to
whom a credential was issued, and therefore (depending on
the strength of the authentication component of the digital ID
system) is (to varying degrees of likelihood, specified by the
authentication assurance level) the actual subscriber and
account holder. 25

Claimant A person who seeks to prove his/her identity and obtain the ‫ اﻟﻤﺪﻋﻲ‬Demandeur
rights associated with that identity (e.g., to open or access a
financial account). A Claimant can also be described as a
Subscriber who asserts ownership of an identity to a Relying
Party (RP) and seeks to have it verified, using authentication
protocols. 25

Continuous Authentication A dynamic form of authentication. It can leverage ‫ اﻟﻤﺼﺎدﻗﺔ اﻟﻤﺴﺘﻤﺮة‬Authentification

biomechanical biometrics, behavioural biometric patterns, Continue
and/or dynamic Transaction Risk Analysis to focus on
ensuring that certain data points collected throughout the
course of an online interaction with an individual (such as
geolocation, MAC and IP addresses, typing cadence and
mobile device angle) match “what should be expected”
during the entire session. 25

59
59
 Credential Service Provider Entity that issues and/or registers authenticators and ‫ ﻣﻘﺪم ﺧﺪﻣﺔ اﻋﺘﻤﺎد اﻟﮭﻮﯾﺔ‬Fournisseur de Services
(CSP) corresponding electronic credentials (binding the Justificatifs d'Identité
authenticators to the verified identity) to subscribers. The
CSP is responsible for maintaining the subscriber’s identity
credential and all associated enrolment data throughout the
credential’s lifecycle and for providing information on the
credential’s status to verifiers. 25

Digital Identity A set of the attributes about a person that uniquely describes ‫ اﻟﮭﻮﯾﺔ اﻟﺮﻗﻤﯿﺔ‬Identité Numérique
the person engaged in an online transaction under the Trust
Framework identity eco-system. 18

De-duplication The process of resolving identity evidence and attributes to a ‫ إزاﻟﺔ اﻻزدواﺟﯿﺔ‬Déduplication
single unique identity within a given population or
context(s). 25

Digital ID systems For the purposes of this Guidance, are systems that cover the ‫ أﻧﻈﻤﺔ اﻟﮭﻮﯾﺔ اﻟﺮﻗﻤﯿﺔ‬Systèmes d'Identités
process of identity proofing/enrolment and authentication. Numériques
Identity proofing and enrolment can be either digital or
physical (documentary), or a combination, but binding,
credentialing, authentication, and portability/federation must
be digital. 25

Digital ID Assurance A set of open sources, consensus-driven assurance ‫ أطﺮ ﺿﻤﺎن اﻟﮭﻮﯾﺔ اﻟﺮﻗﻤﯿﺔ‬Cadres d’Assurance de
Frameworks and Technical frameworks and technical standards for digital ID systems ‫ واﻟﻤﻌﺎﯾﯿﺮ اﻟﻔﻨﯿﺔ‬l’Identité Numérique et
Standards that have been developed in several jurisdictions and also by Normes Techniques
international organizations and industry bodies See
Appendix D: Digital ID assurance framework and technical
standard setting bodies. See for example NIST standards and
eIDAS Regulation at Appendix E: Overview of US and EU
digital ID assurance frameworks and technical standards. 25

60
60
eIDAS Regulation (EU) N°910/2014 on electronic identification and trust ‫ اﻟﻼﺋﺤﺔ اﻟﺘﻨﻈﯿﻤﯿﺔ ﻟﻼﺗﺤﺎد‬Règlement eIDAS
services for electronic transactions in the internal market. 25 ‫اﻷوروﺑﻲ ﻟﺘﺤﺪﯾﺪ اﻟﮭﻮﯾﺔ‬
‫اﻹﻟﻜﺘﺮوﻧﯿﺔ وﺧﺪﻣﺎت اﻟﺜﻘﺔ‬
‫ﻟﻠﻤﻌﺎﻣﻼت اﻹﻟﻜﺘﺮوﻧﯿﺔ‬
Electronic Identity The use of public and private databases to quickly confirm ‫ اﻟﺘﺤﻘﻖ ﻣﻦ اﻟﮭﻮﯾﺔ‬Validation électronique
Verification (eIDV) whether an individual is who they claim to be. eIDV uses ‫ اﻹﻟﻜﺘﺮوﻧﯿﺔ‬de l'identité
personal information such as name, date of birth, Social
Security number and address. The result of trying to confirm
an individual’s identity could be a match, non-match, or
partial match. 10

Enrolment The process by which an IDSP registers (enrolls) an identity- ‫ اﻟﺘﺴﺠﯿﻞ‬Inscription

proofed applicant as a ‘subscriber’ and establishes their
identity account. This process authoritatively binds the
subscriber’s unique verified identity (i.e., the subscriber’s
attributes/identifiers) to one or more authenticators possessed
and controlled by the subscriber, using an appropriate
binding protocol. The process of binding the subscriber’s
identity to authenticator(s) is also referred to as
‘credentialing’. 25

General-Purpose Identity Typically provide documentary and/or digital credentials that ‫أﻧﻈﻤﺔ اﻟﮭﻮﯾﺔ ذات‬ Systèmes d’Identité à
Systems (or Foundational are widely recognized and accepted by government agencies ‫اﻷﻏﺮاض اﻟﻌﺎﻣﺔ‬ Usage Général
Identity Systems) and private sector service providers as proof of official ‫)أو أﻧﻈﻤﺔ اﻟﮭﻮﯾﺔ‬ ou
identity for a variety of purposes (for example, national ID Systèmes d’Identité
(‫اﻟﺘﺄﺳﯿﺴﯿﺔ‬
systems and civil registration). 25 Fondamentaux

Identity lifecycle Management refers to the actions that should be taken in ‫ دورة ﺣﯿﺎة اﻟﮭﻮﯾﺔ‬Cycle de Vie d’Identité
response to events that can occur over the identity lifecycle
and affect the use, security and trustworthiness of
authenticators, for example, loss, theft, unauthorized

61
61
 duplication, expiration, and revocation of authenticators
and/or credentials. 25

Identity Proofing Answers the question, “Who are you?” and refers to the ‫ إﺛﺒﺎت اﻟﮭﻮﯾﺔ‬Preuve d'Identité
process by which an identity service provider (IDSP)
collects, validates and verifies information about a person
and resolves it to a unique individual within a given
population or context. It involves three actions: (1)
collection/resolution, (2) validation, and (3) verification. 25

Identity Service Provider Generic umbrella term that refers to all of the various types ‫ ﻣﻘﺪم ﺧﺪﻣﺔ اﻟﮭﻮﯾﺔ‬Fournisseur de Service
(IDSP) of entities involved in providing and operating the processes (IDSP) d'Identité
and components of a digital ID system or solution. IDSPs
provide digital ID solutions to users and relying parties. A
single entity can undertake the functional roles of one or
more IDSPs – see Appendix A: Description of a Basic Digital
Identity System and its Participants for a summary of all the
relevant entities including – identity provider, credential
service provider (CSP), registration authority (RA) (or
identity manager), verifier, user/Individual, applicant,
subscriber, claimant, relying party and Trust Framework
Provider / Trust Authority. 25

Official Identity For the purposes of this Guidance, is the specification of a ‫ اﻟﮭﻮﯾﺔ اﻟﺮﺳﻤﯿﺔ‬Identité Officielle
unique natural person that (1) is based on characteristics
(identifiers or attributes) of the person that establish a
person’s uniqueness in the population or particular
context(s), and (2) is recognized by the state for regulatory
and other official purposes. 25

Phishing A fraudulent attempt to gather credentials from unknowing ‫ اﻟﺘﺼﯿﺪ اﻻﺣﺘﯿﺎﻟﻲ‬Hameçonnage

victims using deceptive emails and websites. For example, a ou Phishing

62
62
(also referred to as man-in- criminal attempt to trick its victim into supplying names,
the-middle or credential passwords, government ID numbers or credentials to a (Aussi Appelé
interception) seemingly trustworthy source. 25 Interception de
l’Homme au Milieu ou
des Titres de
Compétences)

Portability / Interoperability Portable identity means that an individual’s digital ID ‫ اﻟﺘﺸﻐﯿﻞ‬/ ‫ ﻗﺎﺑﻠﯿﺔ اﻟﻨﻘﻞ‬Interopérabilité /
credentials can be used to prove official identity for new ‫ اﻟﺒﯿﻨﻲ‬Portabilité
customer relationships at unrelated private sector or
government entities, without their having to obtain and verify
personally identifiable information (PII) and conduct
customer identification/verification each time. Portability
requires developing interoperable digital identification
products, systems, and processes. Portability/interoperability
can be supported by different digital ID architecture and
protocols. 25

Progressive Identity Official identity that can change over time as the identified ‫ اﻟﮭﻮﯾﺔ اﻟﺘﻘﺪﻣﯿﺔ‬Identité progressive
individual develops a progressively more robust digital
footprint that provides an increasing number of attributes
and/or authenticators that can be verified against an
increasing number and range of sources. 25

Public-key encryption Where a pair of keys are generated for an entity—a person, ‫ﺗﺸﻔﯿﺮ اﻟﻤﻔﺘﺎح اﻟﻌﺎم‬ Chiffrement à Clé
system, or device—and that entity holds the private key Publique
(Used in Public Key securely, while freely distributing the public key to other ‫)اﻟﻤﺴﺘﺨﺪم ﻓﻲ ﺷﮭﺎدات‬
Infrastructure (PKI) entities. Anyone with the public key can then use it to encrypt (Utilisé dans les
‫اﻟﺒﻨﯿﺔ اﻟﺘﺤﺘﯿﺔ ﻟﻠﻤﻔﺘﺎح اﻟﻌﺎم‬
Certificates) a message to send to the private key holder, knowing that Certificats
only they will be able to open it. 25 (PKI) d’Infrastructure à Clé
Publique)

63
63
 Synthetic Identities Developed by criminals by combining real (usually stolen) ‫ اﻟﮭﻮﯾﺎت اﻟﺘﺮﻛﯿﺒﯿﺔ‬Identités Synthétiques
and fake information to create a new (synthetic) identity,
which can be used to open fraudulent accounts and make ‫اﻟﮭﻮﯾﺎت اﻻﺻﻄﻨﺎﻋﯿﺔ‬
fraudulent purchases. Unlike impersonation, the criminal is
pretending to be someone who does not exist in the real world
rather than impersonating an existing identity. 25

Validation (identity) Part of identity proofing and involves determining that the ‫ اﻟﻤﺼﺎدﻗﺔ‬Validation
evidence is genuine (not counterfeit or misappropriated) and
the information the evidence contains is accurate by checking
the identity information/evidence against an acceptable
(authoritative/reliable) source to establish that the
information matches reliable, independent source
data/records. 25

Verification Part of identity proofing and involves confirming that the ‫ اﻟﺘﺤﻘﻖ‬Vérification
validated identity relates to the individual (applicant) being
identity proofed.25

64
64
Distributed Ledger Technology (DLT) ‫ﺗﻘﻨﯿﺔ اﻟﺴـﺠﻼت اﻟﻼﻣـﺮﻛﺰﯾـﺔ‬
Terms Definition ‫ اﻟﻤﺼﻄﻠﺤﺎت‬Les Termes
Administrator Actors that controls access to the core codebase repository ‫ اﻟﻤﺪﯾﺮ )ﻧﻈﺎم ﺗﻘﻨﯿﺔ‬Administrateur
and can decide to add, remove and amend code to change (‫اﻟﺴﺠﻼت اﻟﻼﻣﺮﻛﺰﯾﺔ‬
system rules. An administrator is often considerably involved
in the governance process.11

Alt-coin Any cryptocurrency that exists as an alternative to bitcoin. 9 ‫ اﻟﻌﻤﻠﺔ اﻟﺒﺪﯾﻠﺔ‬Alt-coin

Asset-Backed Token A DLT-based digital representation of an actual real asset or ‫ رﻣﺰ ﻣﺪﻋﻮم ﺑﺎﻷﺻﻮل‬Jeton Adossé à des
revenue stream. 5 Actifs

Candidate Record A record that has not yet been propagated to the network and ‫ ﺳﺠﻞ اﻟﻤﺮﺷﺢ‬Dossier du Candidat
thus not been subject to network consensus. 11

Censorship Resistance Inability of a single party or cartel to unilaterally perform any ‫ اﻟﻤﻘﺎوﻣﺔ اﻟﺮﻗﺎﺑﯿﺔ‬Résistance à la Censure
of the following: 1) change rules of the system; 2) block or
censor transactions; and 3) seize accounts and/or freeze
balances. 11

Crowdfunding This is the practice of funding a project or venture by raising ‫ اﻟﺘﻤﻮﯾﻞ اﻟﺠﻤﺎﻋﻲ‬Financement
monetary contributions from a large number of people. It is Participatif
often performed via internet mediated registries that facilitate
money collection for the borrower (lending) or issuer Crowdfunding
(equity).6

Consensus Algorithm A set of rules and processes used by the network to reach ‫ اﻟﺨﻮارزﻣﯿﺔ اﻟﻤﺘﻮاﻓﻘﺔ‬Algorithme de
agreement and validate records. 11 Consensus

65
65
 DASH A peer-to-peer cryptocurrency that was forked out of Bitcoin ‫ ﻋﻤﻠﺔ ﻣﺸﻔﺮة‬DASH
to offer faster and more private transactions to users. It is also
considered to be one of the first digital currency with a
decentralized blockchain governance system. Dash is a blend
word for Digital Cash and its currency symbol in the markets
is DASH. 10

Digital Asset Any text or media that is formatted into binary source. 9 ‫ اﻷﺻﻮل اﻟﺮﻗﻤﯿﺔ‬Actifs Numériques
Digital signature A mathematical scheme used for presenting the authenticity ‫ اﻟﺘﻮﻗﯿﻊ اﻻﻟﻜﺘﺮوﻧﻲ‬Signature Numérique
of digital assets. 9

Disaster-Recovery-as-a- A cloud computing and backup service model that uses cloud ‫ اﻟﺘﻌﺎﻓﻲ ﻣﻦ اﻟﻜﻮارث‬Récupération après
Service resources to protect applications and data from disruption ‫ ﻛﺨﺪﻣﺔ‬Sinistre en tant que
caused by disaster. It gives an organization a total system Service
backup that allows for business continuity in the event of
system failure. DRaaS is often offered in conjunction with a
disaster recovery plan (DRP) or business continuity plan Reprise après Sinistre
(BCP). The other name for DRaaS is business continuity as a en Tant que Service
service (BCaaS). 10

Distributed Ledger A means of recording information through a distributed ‫ ﺗﻘﻨﯿﺔ اﻟﺴﺠﻼت اﻟﻼﻣﺮﻛﺰﯾﺔ‬Technologie des
Technology (DLT) ledger, i.e. a repeated digital copy of data at multiple Registres Distribués
locations, as in blockchain. These technologies enable nodes (TRD)
in a network to securely propose, validate, and record a full
history, state changes (or updates) to a synchronised ledger
that is distributed across the network’s nodes.28

DLT System A system of electronic records that (i) enables a network of ‫ ﻧﻈﺎم ﺗﻘﻨﯿﺔ اﻟﺴﺠﻼت‬Système des Registres
independent participants to establish a consensus around (ii) ‫ اﻟﻼﻣﺮﻛﺰﯾﺔ‬Distribués
the authoritative ordering of cryptographically validated
(‘signed’) transactions. These records are made (iii)

66
66
 persistent by replicating the data across multiple nodes, and Système de Technologie
(iv) tamper-evident by linking them by cryptographic hashes. du Grand Livre
(v) The shared result of the reconciliation/ consensus process Distribué
- the ‘ledger’ - serves as the authoritative version for these
records. 11

Dogecoin A peer-to-peer open source cryptocurrency and falls under ‫ ﻋﻤﻠﺔ ﻣﺸﻔﺮة‬Dogecoin
the category of altcoins. Launched in December 2013 with a
Shibu Inus (Japanese dog) as its logo, Dogecoin looked
casual in its approach but is gaining wide acceptance for
online transactions. It is a decentralized virtual currency and
uses peer-to-peer technology to carry out its operations.
Dogecoin is script based (i.e. based on a password key) and
enables fast payments to anyone, anywhere across the globe.
10

Endogenous reference Data which can be created and transferred solely through the ‫ اﻟﻤﺮﺟﻌﯿﺔ اﻟﺬاﺗﯿﺔ‬Référence Endogènes
means of the system and has meaning within the system.
Enforcement is automatically performed by the system. 11

Exogenous reference Data that makes reference to some real-world condition and ‫ اﻟﻤﺮﺟﻌﯿﺔ اﻟﺨﺎرﺟﯿﺔ‬Référence Exogène
needs to be incorporated from the outside. This generally
requires a gateway to make the connection to the external
system and enforce decisions outside the DLT system. 11

Fork The event of a DLT system splitting into two or more ‫ ﺗﺸﻌﺐ أو ﺗﻔﺮﯾﻊ‬Fourche
networks. A fork can occur when two or more record
producers publish a valid set of records at roughly the same Bifurcation
time, as a part of an attack (e.g. 51% attack) or when a DLT
system protocol change is attempted (such a fork is ‘hard’ if
all users are required to upgrade, otherwise it is ‘soft’). 11

67
67
 Hard Fork Alters the blockchain data in a public blockchain. Require s ‫ اﻟﺘﺸﻌﺐ اﻟﺼﻠﺐ‬Fourche dur
all nodes in a network to upgrade and agree on the new
version. 9

Gateway Actor that provides interfaces to the system by acting as a ‫ اﻟﺒﻮاﺑﺔ‬- ‫ اﻟﻤﺪﺧﻞ‬Passerelle
bridge between the system and the external world. 11

Hierarchical DL Distributed ledger where each node has a full copy of the ‫ اﻟﺘﺴﻠﺴﻞ اﻟﮭﺮﻣﻲ ﻟﻠﺴﺠﻼت‬DL Hiérarchique
ledger but some details are hidden using cryptography. Only ‫اﻟﻼﻣﺮﻛﺰﯾﺔ‬
one or more trusted third parties have a full view of the
ledger. 7

Hybrid reference Data that shares both endogenous and exogenous ‫ ﻣﺮﺟﻊ ﻣﺨﺘﻠﻂ‬Référence Hybride
characteristics. Enforcement is dependent to some extent on
gateways. 11

Independent validation Ability of the system to enable each participant to ‫ اﻟﻤﺼﺎدﻗﺔ اﻟﻤﺴﺘﻘﻠﺔ‬Validation
independently verify the state of their transactions and Indépendante
integrity of the system. 11

Ledger The authoritative set of records collectively held by a ‫ اﻟﺴﺠﻞ‬Registre

substantial proportion of network participants at any point in
time, such that records are unlikely to be erased or amended Grand livre
(i.e. ‘final’). 11
Log An unordered set of valid transactions held by a node, which ‫ اﻟﺴﺠﻞ‬Log
have not yet been incorporated into a formal record subject
to network consensus rules (i.e. ‘unconfirmed’ transactions).
Also called mempool. 11

Multi-party consensus Ability of the system to enable independent parties to come ‫ ﺗﻮاﻓﻖ ﻣﺘﻌﺪد اﻷطﺮاف‬Consensus Multipartite
to agreement on a shared set of records without requiring a
central authority. 11 ‫إﺟﻤﺎع ﻣﺘﻌﺪد اﻷطﺮاف‬

68
68
Native Asset The primary digital asset(s), if any, specified in the protocol ‫ اﻷﺻﻮل اﻟﻤﺤﻠﯿﺔ‬Actif Natif
that are typically used to regulate record production, pay
transaction fees on the network, conduct ‘monetary policy’,
or align incentives. 11

Oracle A gateway that bridges the gap between the DLT system and ‫ أوراﻛﻞ ﻛﻮﺳﯿﻂ‬Oracle
external systems by serving as a source of information. 11

Peer-to-peer (P2P) The direct sharing of data between nodes on a network, as ‫ اﻟﻤﺸﺎرﻛﺔ اﻟﻤﺒﺎﺷﺮة‬Pair à Pair
opposed to via a central server.31 ‫ﻟﻠﺒﯿﺎﻧﺎت‬
Programmatically - Executed A computer script that, when triggered by a particular ً ‫ اﻟﻤﻌﺎﻣﻼت اﻟﻤﻨﻔﺬة ﺑﺮﻣﺠﯿﺎ‬Par Programme -
Transaction message, is executed by the system. When the code is capable ‫ )ﺗﻨﻔﯿﺬ اﻟﻤﻌﺎﻣﻼت‬Transaction Exécutée
of operating as all parties intend, the deterministic nature of (‫اﻟﻤﺒﺮﻣﺠﺔ‬
the execution reduces the level of trust required for individual
participants to interact with each other. They are commonly
referred to as smart contracts due to the scripts’ ability to
replace certain fiduciary relationships, such as custody and
escrow, with code. However, they are not autonomous or
adaptive (‘smart’), nor contracts in a legal sense - rather, they
can be the technological means of implementing a contract
or agreement. 11

Record Reorganisation A node discovers that a new ledger version has been formed ‫ إﻋﺎدة ﺗﻨﻈﯿﻢ اﻟﺴﺠﻞ‬Réorganisation des
which excludes one or more records that the node previously Enregistrements
thought were part of the ledger. These excluded records then
become ‘orphaned’. 11

Shared Recordkeeping The ability of the system to enable multiple parties to ‫ ﺣﻔﻆ اﻟﺴﺠﻼت اﻟﻤﺸﺘﺮﻛﺔ‬Archivage Partagé
collectively create, maintain, and update a shared set of
records. 11

69
69
 Tamper resistance The ability to make it hard for a single party to unilaterally ‫ ﻣﻘﺎوﻣﺔ اﻟﻌﺒﺚ‬Inviolabilité
change past records (i.e. transaction history). 11

Transaction Any proposed change to the ledger; despite the connotation, (‫ ﻣﻌﺎﻣﻠﺔ )ﻋﻤﻠﯿﺔ ﺗﺠﺎرﯾﺔ‬Transaction
a transaction need not be economic (value-transferring) in
nature. Transactions can be unconfirmed (not included in the
ledger) or confirmed (part of the ledger). 11

Transaction finality Determines when a confirmed record can be considered ‫ اﻟﻤﻌﺎﻣﻠﺔ اﻟﻨﮭﺎﺋﯿﺔ‬Transaction de Finalité
‘final’ (i.e. not reversible). Finality can be probabilistic (e.g.
Pow-based systems that are computationally impractical to
revert) or explicit (e.g. systems that incorporate
‘checkpoints’ that must appear in every transaction history).
Finalised records are considered permanently settled,
whereas records that have been produced but which are
feasible to revert are referred to as provisionally settled. 11

Transaction processing The set of processes that specifies the mechanism of updating ‫ ﻣﻌﺎﻟﺠﺔ اﻟﻤﻌﺎﻣﻼت‬Traitement des
the ledger: (i) which participants have the right to update the Transactions
shared set of authoritative records (permission less vs.
permissioned) and (ii) how participants reach agreement over
implementing these updates. Also called mining. 11

Validation (ledger) The set of processes required to ensure that actors (‫ اﻟﻤﺼﺎدﻗﺔ )اﻟﺴﺠﻞ‬Validation (registre)
independently arrive at the same conclusion with regard to
the state of the ledger. This includes verifying the validity of
unconfirmed transactions, verifying record proposals, and
auditing the state of the system. 11
Wallet A software program capable of storing and managing public ‫ ﺣﺎﻓﻈﺔ ﻧﻘﻮد‬Le Portefeuille
and private key pairs used to store and transfer digital assets.
11

70
70
InsurTech ‫اﻟﺘﺄﻣﯿﻦ ﺑﺎﺳﺘﺨﺪام اﻟﺘﻘﻨﯿﺎت اﻟﺤﺪﯾﺜﺔ‬
Terms Definition ‫ اﻟﻤﺼﻄﻠﺤﺎت‬Les Termes
Adjuster A person appointed by an insurance company to investigate ‫ اﻟﻀﺎﺑﻂ‬Ajusteur
claims and recommend settlement amounts. 36

Asset Vault Enables consumers to catalogue all of their assets in a secure ‫ اﻷﺻﻮل اﻟﻤﺪﻓﻮﻧﺔ‬Voûte d'actifs
online register and better understand their total value. The
firm also works with insurance providers to protect the
consumer and their assets with appropriate insurance
products. 35

Binder An authority given by an insurer to an intermediary to accept ‫ اﻟﻤﻮﺛﻖ‬Liant

risks or settle claims. A person who acts under a binder is
said to have a binding authority. 36

Blink An insurance product with an automated claims process that ‫ ﻣﻨﺘﺞ ﺗﺄﻣﯿﻦ آﻟﻲ اﻟﻤﻄﺎﻟﺒﺔ‬Cligner
allows travelers to instantly book a new ticket on their mobile
device in the event of a flight cancellation. 35

Bordereau A summary of underwriting information or claims data. ‫ ﺣﺪود اﻟﺘﺄﻣﯿﻦ‬Bordereau

Bordereaux may be exchanged between an insurer and a
reinsurer or between an intermediary and an insurer. 36

Dispute resolution process A system to resolve Complaints All AFSL holders are ‫ ﻋﻤﻠﯿﺔ ﺣﻞ اﻟﻨﺰاﻋﺎت‬Processus de Règlement
required to have a dispute resolution process.36 des Différends

Distribution Agreement / A contract regulating the sale and promotion of insurance ‫ اﺗﻔﺎﻗﯿﺔ‬/ ‫ اﺗﻔﺎﻗﯿﺔ اﻟﺘﻮزﯾﻊ‬Entente de Distribution/
Authorized Representative products. A distribution agreement may also include an ‫اﻟﻤﻤﺜﻞ اﻟﻤﻌﺘﻤﺪ‬
Agreement appointment of the distributor as an Insurance Distributor or Entente de
Authorized Representative.36 Représentant Autorisé

71
71
 Endorsement A document which varies the terms of a policy.36 ‫ اﻟﺘﺄﯾﯿﺪ‬Endorsement/
Approbation
Etherisc Uses smart contracts on a blockchain to provide fully ‫ اﺛﯿﺮﺳﻚ‬Etherisc
automated decentralized flight insurance. 35

External dispute resolution A third-party dispute resolution provider, usually the ‫ ﺣﻞ اﻟﻨﺰاﻋﺎت اﻟﺨﺎرﺟﯿﺔ‬Externe de Résolution
Australian Financial Complaints Authority. Disputes that des Différends
cannot be resolved through internal dispute resolution can be
referred to external dispute resolution. 36

FloodFlash Provides event-based flood insurance, even in high-risk ‫ اﻟﺘﺄﻣﯿﻦ ﺿﺪ اﻟﻔﯿﻀﺎﻧﺎت‬Flash d'Inondation
areas. Customers receive a pre-agreed settlement as soon as
the company’s sensor detects that flood waters have
exceeded a certain depth. 35

Meet Mia Chatbot on Facebook Messenger that allows customers to ‫ اﻟﻤﺤﺎور اﻟﺮﻗﻤﻲ‬Rencontre Mia
buy and manage travel insurance. Policies are written in plain "‫"ﻗﺎﺑﻞ ﻣﺎﯾﺎ‬
English and customers can ask the chatbot what they are
covered for. Group discounts and automated claims handling
will also be available. 35

Misrepresentation Incorrect information given to an insurer if fraudulent, an ‫ اﻟﺘﺰﯾﯿﻒ‬Fausse Déclaration

insurer may be able to treat the policy as if it never existed.
36

Proposal form A form prepared by an insurer which asks questions of the ‫ ﻧﻤﻮذج طﻠﺐ اﻟﺘﻤﻮﯾﻞ‬Formulaire de
insured to determine whether cover can be offered. 36 Proposition

Sherpa Management Insurance solution where members set up one account to ‫ ﺧﺪﻣﺎت إدارة ﺷﯿﺮﺑﺎ‬Services de gestion
Services manage multiple insurance risks. Offers dynamic products Sherpa

72
72
 which provide the ability to increase and decrease the sum
assured as needs change. 35
Stablecoin Crypto asset that seeks to stabilise its price by linking its ‫ ﻋﻤﻠﺔ ﻣﺴﺘﻘﺮة‬Stablecoin
value to that of an asset or pool of assets. 7

Third Party Administrator Used when an insurer appoints a third party to manage and ‫ اﺗﻔﺎﻗﯿﺔ ﻣﺴﺆول اﻟﻄﺮف‬Entente avec un Tiers
Agreement settle claims. 36 ‫ اﻟﺜﺎﻟﺚ‬Administrateur
Universal Tokens Service that leverages blockchain technology in the ‫ اﻟﺮﻣﻮز اﻟﻌﺎﻟﻤﯿﺔ‬Jeton Universel
distribution of insurance products to increase trust and
improve user experience. 35

Wrisk Usage-based contents insurance product with innovative ‫ ﻣﻨﺘﺞ ﺗﺄﻣﯿﻦ ﻋﻠﻰ‬Wrisk
risk-scoring method. 35 ‫اﻟﻤﺤﺘﻮﯾﺎت‬
YouToggle An app that uses mobile phone telematics to monitor a user’s ‫ ﺗﻄﺒﯿﻖ اﻟﺘﺄﻣﯿﻦ‬YouToggle
driving and create an individual score that can then be shared
with a car insurer to obtain a discount. Driving information
captured by the app could also be used as evidence in the
event of motor accident.35

73
73
 Open Banking Operations ‫اﻟﻌﻤﻠﯿﺎت اﻟﻤﺼﺮﻓﯿﺔ اﻟﻤﻔﺘﻮﺣﺔ‬
Terms Definition ‫ اﻟﻤﺼﻄﻠﺤﺎت‬Les Termes
Account aggregator A category of nonbanking financial company created by the ‫ ﻣﺠﻤﻊ اﻟﺤﺴﺎﺑﺎت‬Agrégateurs de
Reserve Bank of India in 2016. Account aggregators securely Comptes
transfer financial data from data holders to data users based
on customer consent. 38

Account Information Service A third-party AISP provides customers with consolidated ‫ ﻣﺰود ﺧﺪﻣﺔ ﻣﻌﻠﻮﻣﺎت‬Prestataire de Services
Provider (AISP) online information about their financial accounts with other ‫ اﻟﺤﺴﺎب‬d'Information sur les
payment service providers. 38 Comptes

Account Servicing Payment Account Servicing Payment Service Providers provide and ‫ ﻣﺰود ﺧﺪﻣﺎت اﻟﺪﻓﻊ ﻟﺨﺪﻣﺔ‬Prestataire de services
Service Provider - ASPSP maintain a payment account for a payer as defined by the ‫ اﻟﺤﺴﺎب‬de Paiement
Payment Services Regulations (PSRs) and, in the context of Gestionnaire du
the Open Banking Ecosystem are entities that publish Compte
Read/Write APIs to permit, with customer consent, payments
initiated by third party providers and/or make their
customers’ account transaction data available to third party
providers via their API end points.37

Account Servicing Payment An ASPSP brand is any registered or unregistered trademark ‫ اﻟﻌﻼﻣﺔ اﻟﺘﺠﺎرﯾﺔ ﻟﻤﻘﺪم‬Marque du Prestataire
Service Provider Brand- or other Intellectual Property Right provided by an ASPSP. ‫ ﺧﺪﻣﺔ اﻟﺪﻓﻊ ﻟﺨﺪﻣﺔ‬de Services de Paiement
37
ASPSP ‫ اﻟﺤﺴﺎب‬Gestionnaire du
Compte

Aggregated Data Data concerning financial services, such as service quality ‫ اﻟﺒﯿﺎﻧﺎت اﻟﻤﺠﻤﻌﺔ‬Données Agrégées
and customer use, that are collected on an aggregate basis. 38

Application Programming A set of routines, protocols, and tools for building software ‫ واﺟﮭﺔ إدارة اﻟﺘﻄﺒﯿﻘﺎت‬L'Interface de
Interface (API) applications. APIs are the conduit for data transmission Programmation
between two parties.37 d'Application

74
74
API User An API User is any person or organization who develops web ‫ ﻣﺴﺘﺨﺪم واﺟﮭﺔ إدارة‬Utilisateur API
or mobile apps which access data from an API Provider. 37 ‫اﻟﺘﻄﺒﯿﻘﺎت‬
Application Programming Utilisateur d’Interface
Interface User de Programmation
d’Application

API Provider An API Provider is a service provider implementing an Open ‫ ﻣﺰود واﺟﮭﺔ إدارة‬Fournisseur API
Data API. An API Provider provides Open Data via an API ‫اﻟﺘﻄﺒﯿﻘﺎت‬
Application Programming gateway.37 Fournisseur
Interface Provider d'Interfaces de
Programmation
d'Application

Competent Authority A Competent Authority, in the context of the Open Banking ‫ اﻟﺴﻠﻄﺔ اﻟﻤﺨﺘﺼﺔ‬Autorité Compétente
Ecosystem, is a governmental body or regulatory or
supervisory authority having responsibility for the regulation
or supervision of the subject matter of Participants. 37

Consumer Data Right (CDR) Under Australian law, the right of a consumer to access his ‫ ﺣﻖ ﺑﯿﺎﻧﺎت اﻟﻤﺴﺘﮭﻠﻚ‬Droit d'Accès des
or her own data or to share it with an accredited data recipient (CDR) Données de
to whom the consumer has given permission to access. 38 Consommateurs

Customer Acquisition Services, including customer referrals and loyalty programs, ‫ ﺧﺪﻣﺎت اﻛﺘﺴﺎب اﻟﻌﻤﻼء‬Service d'Acquisition de
Services provided by third parties that help the principal obtain new Clients
clients. 38

Customer Data Personally identifiable customer information that can be used ‫ ﺑﯿﺎﻧﺎت اﻟﻌﻤﯿﻞ‬Données de Client
for data on account opening and use, including registration,
KYC, and CDD data. 38

Customer Transaction Data Data from a customer’s bank or payment account(s) that ‫ ﺑﯿﺎﻧﺎت ﻣﻌﺎﻣﻼت اﻟﻌﻤﻼء‬Données de
show the customer’s transaction history. 38 Transactions de Clients

75
75
 Data Holders Entities that hold or possess customer data. 38 ‫ أﺻﺤﺎب اﻟﺒﯿﺎﻧﺎت‬Les Détenteurs des
Données
Data portability The ability of data subjects to download a full set of their data ‫ ﻗﺎﺑﻠﯿﺔ ﻧﻘﻞ اﻟﺒﯿﺎﻧﺎت‬Portabilité des Données
and “port” or share it with whomever they choose. 38
Data Sharing Regime Another term for open banking. 38 ‫ ﻧﻈﺎم ﻣﺸﺎرﻛﺔ اﻟﺒﯿﺎﻧﺎت‬Régime de Partage des
Données
Data subject An individual or company that creates data. 38 ‫ ﻣﻮﺿﻮع اﻟﺒﯿﺎﻧﺎت‬Sujet des Données
Data User An entity that uses the data belonging to data subjects to ‫ ﻣﺴﺘﺨﺪم اﻟﺒﯿﺎﻧﺎت‬Utilisateur de Données
propose a service. 38

Directory Sandbox The Open Banking Directory Sandbox is a test instance of ‫ دﻟﯿﻞ اﻟﺒﯿﺌﺔ اﻟﺘﺠﺮﯾﺒﯿﺔ‬Annuaire de Sandbox
the Directory. The Directory Sandbox may be used to support
testing applications with test API endpoints and testing Répertoire de Sandbox
integration with the Open Banking Directory. 37

Financial Services Provider An entity that provides financial services to consumers and ‫ ﻣﺰود اﻟﺨﺪﻣﺎت اﻟﻤﺎﻟﯿﺔ‬Fournisseur de Services
(FSP) other businesses. 38 (FSP) Financiers
Open Application An open API (also referred to as a public API) is a publicly ‫ واﺟﮭﺔ إدارة اﻟﺘﻄﺒﯿﻘﺎت‬API Ouverte
Programming Interface available application programming interface (API) that ‫اﻟﻤﻔﺘﻮﺣﺔ‬
" Open API" provides developers with programmatic access to a Interface Ouverte de
proprietary software application or web service. 38 Programmation
d'Applications
Open Banking Open banking is a system that provides a user with a network ‫ اﻟﻨﻈﺎم اﻟﻤﺼﺮﻓﻲ اﻟﻤﻔﺘﻮح‬Données Bancaire
of financial institutions’ data through the use of application Ouvertes
programming interfaces (APIs). The Open Banking Standard
defines how financial data should be created, shared and
accessed. By relying on networks instead of centralization,
open banking helps financial services customers to securely
share their financial data with other financial institutions.
Benefits include more easily transferring funds and

76
76
 comparing product offerings to create a banking experience
that best meets each user’s needs in the most cost-effective
way. Open banking is also known as "open bank data."10
Open Banking Ecosystem The Open Banking Ecosystem refers to all the elements that ‫ ﺑﯿﺌﺔ اﻟﻨﻈﺎم اﻟﻤﺼﺮﻓﻲ‬Ecosystème Bancaire
facilitate the operation of Open Banking. This includes the ‫ اﻟﻤﻔﺘﻮح‬Ouvert
API Standards, the governance, systems, processes, security
and procedures used to support participants. 37

Open Banking The Open Banking Implementation Entity is the delivery ‫ ﻛﯿﺎن ﺗﻨﻔﯿﺬ اﻟﺨﺪﻣﺎت‬Entité de Mise en
Implementation Entity organization working with the CMA9 and other stakeholders ‫ اﻟﻤﺼﺮﻓﯿﺔ اﻟﻤﻔﺘﻮﺣﺔ‬Oeuvre des Services
(OBIE) to define and develop the required APIs, security and Bancaires Ouverts
messaging standards that underpin Open Banking. Otherwise
known as Open Banking Limited. 37

Open Banking Services The open banking services to be provided by Open Banking ‫ اﻟﺨﺪﻣﺎت اﻟﻤﺼﺮﻓﯿﺔ‬Système Bancaire
to Participants, including but not limited to, the provision and ‫ اﻟﻤﻔﺘﻮﺣﺔ‬Ouvert
maintenance of the Standards and the Directory. 37

Open Data Information on ATM and Branch locations, and product ‫ اﻟﺒﯿﺎﻧﺎت اﻟﻤﻔﺘﻮﺣﺔ‬Données Ouvertes
information for Personal Current Accounts, Business Current
Accounts (for SMEs), and SME Unsecured Lending,
including Commercial Credit Cards. 37

Open Data Regime A public sector-driven framework for data sharing that goes ‫ ﻧﻈﺎم اﻟﺒﯿﺎﻧﺎت اﻟﻤﻔﺘﻮﺣﺔ‬Régime de Données
beyond financial services to include the sharing of telecoms, Ouvertes.
utilities, health, social media, and/ or other types of data. 38

PSD2 The Payment Services Directive 2015/2366, as amended or ‫ اﻟﺘﻮﺟﯿﮫ اﻟﻤﻨﻘﺢ ﻟﺨﺪﻣﺎت‬Directive sur les
updated from time to time and including the associated ‫ اﻟﺪﻓﻊ‬Services de Paiement
(Revised Payment Services Regulatory Technical Standards developed by the European Révisée
Directive) Banking Association (EBA) and agreed by the European

77
77
 Commission and as implemented by the PSR and including
any formal guidance issued by a Competent Authority. 37

Participant An API Provider, API User, ASPSP, or TPP that currently ‫ ﻣﺸﺎرك ﺑﻮاﺳﻄﺔ ﻧﻈﻢ اﻟﺪﻓﻊ‬Le Participant
participates in the Open Banking Ecosystem. 37

Primary Business Contact A Primary Business Contact is an individual nominated by ‫ ﺟﮭﺔ اﺗﺼﺎل اﻟﻌﻤﻞ‬Contact d'Entreprise
(PBC) an entity to have access to the Directory and will be able to ‫ اﻷﺳﺎﺳﯿﺔ‬Principal
nominate other Directory business users. This should be a
formal business point of contact and a senior member of staff
responsible for systems and controls related to Open
Banking. 37
Screen Scraping The action of using a computer program to copy data from a ‫ ﺷﺎﺷﺔ ﻧﺴﺦ اﻟﺒﯿﺎﻧﺎت ﻣﻦ‬Grattage Écran
website. 38 ‫اﻟﻮﯾﺐ‬
Services Data Data concerning specific financial services and products, ‫ ﺑﯿﺎﻧﺎت اﻟﺨﺪﻣﺎت‬Données sur les Services
including pricing and product description. 38

Third-party provider (TPP) Third Party Providers are organizations or natural persons ‫ ﻣﺰود اﻟﻄﺮف اﻟﺜﺎﻟﺚ‬Tiers Prestataire
that use APIs developed to Standards to access customer’s
accounts, in order to provide account information services Fournisseur Tiers
and/or to initiate payments. 37

Voluntary Account Servicing Voluntary ASPSPs are those entities who, although not ‫ اﻟﻌﻼﻣﺔ اﻟﺘﺠﺎرﯾﺔ ﻟﻤﻘﺪم‬Marque Volontaire du
Payment Service Provider obliged to enrol with Open Banking, have elected to do so in ‫ ﺧﺪﻣﺔ اﻟﺪﻓﻊ ﻟﺨﺪﻣﺔ‬Fournisseur de services
Brand (Voluntary ASPSP) order to utilise the Standards to develop their own APIs, to ‫ اﻟﺤﺴﺎب اﻟﺘﻄﻮﻋﻲ‬de Paiement du service
enrol onto the Open Banking Directory, and to use the de Compte
associated operational support services. 37
X2A Also known as “Access to Account,” X2A is another term for ‫ اﻟﻮﺻﻮل إﻟﻰ اﻟﺤﺴﺎب‬Accès au Compte
the data-sharing component of PSD2. 38
X2A

78
78
Payments ‫اﻟﻤـﺪﻓﻮﻋـﺎت‬
Terms Definition ‫ اﻟﻤﺼﻄﻠﺤﺎت‬Les Termes
Atomic settlement The use of a smart contract to link two assets to ensure that ‫ اﻟﺘﺴﻮﯾﺔ اﻵﻟﯿﺔ‬Règlement Atomique
the transfer of one asset occurs if and only if the transfer of
the other asset also occurs (e.g. to achieve delivery versus
payment in a securities transaction or payment versus
payment in a foreign exchange transaction). 7

Automated Clearing House Multilateral arrangement that facilitates the exchange of ‫ ﻏﺮﻓﺔ اﻟﻤﻘﺎﺻﺔ اﻵﻟﯿﺔ‬Chambre de
(ACH) payment instructions between payment service providers. 7 Compensation
Automatisée

Bearer Security Security issued as a paper certificate where the bearer is ‫ ﺣﺎﻣﻞ ﺷﮭﺎدة اﻷﻣﻦ‬Titres au Porteur
presumed to be the owner. 7 "‫"اﻟﻤﺎﻟﻚ‬
Beneficial Owner Means the legal person(s) who ultimately own(s) or ‫ اﻟﻤﺎﻟﻚ اﻟﻤﻨﺘﻔﻊ‬Bénéficiaire Effectif
control(s) a PSP. 12

Business-to-Business (B2B) Payment where both the payer and the payee are businesses ‫ دﻓﻊ اﻷﻋﻤﺎل ﻣﻦ اﻷﻋﻤﺎل‬Paiement
payment (eg payment for raw materials). 7 Interentreprises

Card Based Payment A Card Based Payment Instrument Issuer is a payment ‫ ﻣﺼﺪر وﺳﯿﻠﺔ اﻟﺪﻓﻊ‬Émetteur d’Instrument
Instrument Issuer - CBPII services provider that issues card-based payment instruments ‫ ﺑﺎﻟﺒﻄﺎﻗﺔ‬de Paiement Fondé sur
that can be used to initiate a payment transaction from a la Carte
payment account held with another payment service
provider. 37
Card-not-Present Fraud Card-not-present fraud is a type of credit card scam in which ‫ اﺣﺘﯿﺎل اﻟﺒﻄﺎﻗﺔ ﻏﯿﺮ‬Fraude par Carte non
the customer does not physically present the card to the ‫ اﻟﻤﻮﺟﻮدة‬Présente
merchant during the fraudulent transaction. Card-not-present
fraud can occur with transactions that are conducted online
or over the phone. It is theoretically harder to prevent than

79
79
 card-present fraud because the merchant cannot personally
examine the credit card for signs of possible fraud, such as a
missing hologram or altered account number. 10

Cash Services Means –(a)cash-in services and;(b) cash-out services. 12 ‫ اﻟﺨﺪﻣﺎت اﻟﻨﻘﺪﯾﺔ‬Services en Espèces
Cash-in Services Means the exchange of cash for digital money deposited in a ‫ ﺧﺪﻣﺎت إﯾﺪاع اﻟﻨﻘﻮد‬Services d'Encaissement
payment account. 12

Cash-out Services Means the exchange of digital money for cash, withdrawn ‫ ﺧﺪﻣﺎت اﻟﺴﺤﺐ اﻟﻨﻘﺪي‬Services de Cash-out
from a payment account. 12

Central Counterparty (CCP) Entity that interposes itself between counterparties to ‫ اﻟﻄﺮف اﻟﻤﻘﺎﺑﻞ اﻟﻤﺮﻛﺰي‬Contrepartie Centrale
contracts traded in one or more financial markets, becoming
the buyer to every seller and the seller to every buyer and
thereby ensuring the performance of open contracts.7

Central Securities Depository Entity that provides securities accounts, central safekeeping ‫ اﻹﯾﺪاع اﻟﻤﺮﻛﺰي ﻟﻸوراق‬Dépositaire Central de
(CSD) services and asset services, which may include the ‫ اﻟﻤﺎﻟﯿﺔ‬Titres (CSDs)
administration of corporate actions and redemptions, and
plays an important role in helping to ensure the integrity of
securities issues (that is, ensure that securities are not
accidentally or fraudulently created or destroyed or their
details changed). 7

Clearing Process of transmitting, reconciling and, in some cases, ‫ اﻟﻤﻘﺎﺻﺔ‬Compensation

confirming transactions prior to settlement. If obligations are
settled on a net basis, clearing can also involve the
calculation of net positions for settlement. 7

80
80
Closed Loop Payment system that provides services directly to both payers ‫ ﺣﻠﻘﺔ اﻟﺪﻓﻊ اﻟﻤﻐﻠﻘﺔ‬Boucle Fermée
and payees. Sometimes known as an in-house or intragroup
transfer system. 7
Contactless Payments Transmission of payment information from a physical ‫ اﻟﻤﺪﻓﻮﻋﺎت ﺑﺪون ﺗﻼﻣﺲ‬Paiements sans Contact
device to the terminals at the point of sale or ATM without
the need for physical contact between the physical device
and the terminal.47

CORE Banking A centralized system established by a bank which allows its ‫ اﻟﺨﺪﻣﺎت اﻟﻤﺼﺮﻓﯿﺔ‬Solution Bancaire
customers to conduct their business irrespective of the bank’s ‫ اﻷﺳﺎﺳﯿﺔ‬CORE
"Centralized Online Real- branch. Thus, it removes the impediments of geo-specific
time Exchange" Banking transactions. In fact, CORE is an acronym for "Centralized " Solution Bancaires en
Online Real-time Exchange", thus the bank’s branches can Ligne Centralisés en
access applications from centralized data centers. Other than Temps Réel "
retail banking customers, core banking is now also being
extended to address the requirements of corporate clients and
provide for a comprehensive banking solution. 10

Correspondent Banking Arrangement whereby one bank (correspondent) holds ‫ اﻟﺒﻨﻮك اﻟﻤﺮاﺳﻠﺔ‬Banque
deposits owned by other banks (respondents) and provides Correspondante
those banks with payment and other services. 7

Credit risk Risk that a counterparty, whether a participant or other entity, ‫ ﻣﺨﺎطﺮ اﻻﺋﺘﻤﺎن‬Risque de Crédit
will be unable to meet fully its financial obligations when
due, or at any time in the future. 7

Cross-border Payment Payment where the payer and the payee are located in ‫ اﻟﺪﻓﻊ ﻋﺒﺮ اﻟﺤﺪود‬Paiement
different jurisdictions. Many cross-border payments are also Transfrontalier
cross currency payments. 7

Cross-Currency Payment Payment where the amount debited to the payer is in a ‫ اﻟﺪﻓﻊ ﻣﺘﻌﺪد اﻟﻌﻤﻼت‬Paiement en Devises
different currency than the amount credited to the payee, ie Croisées

81
81
 the payment involves a currency conversion along its route
from payer to payee. 7
Deferred Net Settlement Net settlement mechanism which settles on a net basis at the ‫ ﺻﺎﻓﻲ اﻟﺘﺴﻮﯾﺔ اﻟﻤﺆﺟﻠﺔ‬Règlement Net Différé
end of a predefined settlement cycle. 7

Delivery leg One of two legs of a securities trade: the transferring of ‫ طﺮف اﻟﺘﺴﻠﯿﻢ‬Jambe de Livraison
ownership of the securities from the seller to the buyer. See
also “payment leg”. 7
Delivery Versus Payment Securities settlement mechanism that links a ‫ اﻟﺘﺴﻠﯿﻢ ﻣﻘﺎﺑﻞ اﻟﺪﻓﻊ‬Livraison Contre
(DVP) securities transfer and a funds transfer in such a way as to Paiement
ensure that delivery occurs
if and only if the corresponding payment occurs. 7

Demand-side statistics Statistics on use of basic financial services obtained from ‫ إﺣﺼﺎءات ﺟﺎﻧﺐ اﻟﻄﻠﺐ‬Statistiques de la
customers of financial services.47 Demande

Designated Payment System Means a payment system designated by the Central Bank as ‫ ﻧﻈﺎم اﻟﺪﻓﻊ اﻟﻤﻌﯿﻦ‬Systems de Paiements
systemically important. 12 Désignés

Digital Payments A form of digital financial service where the financial service ‫ اﻟﻤﺪﻓﻮﻋﺎت اﻟﺮﻗﻤﯿﺔ‬Paiement Numérique
is a payment. this includes payments where either the payer
or the payee uses a digital instrument but does not include
payments that are initiated and collected in cash (e.g., cash to
cash services), even where the agent transacts electronically.1

Direct Holding System Arrangement for registering ownership of securities (or ‫ ﻧﻈﺎم اﻟﻘﺎﺑﺾ اﻟﻤﺒﺎﺷﺮ‬Système de Maintien
similar interests) whereby each and every final investor in the ‫ ﻧﻈﺎم اﻻﺣﺘﺠﺎز اﻟﻤﺒﺎﺷﺮ‬Direct
securities is registered with a single entity (for example, the
issuer itself, a CSD or a registry). In some countries, the use Régime de la Détention
of a direct holding system is required by law. 7 Directe

82
82
Domestic Payment Payment involving a payee and a payer that reside within the ‫ اﻟﺪﻓﻊ اﻟﻤﺤﻠﻲ‬Paiement Domestique
same jurisdiction and use the same currency. 7

DVP model 1 DVP model where securities and funds are settled on a gross ‫ ﻟﻠﺘﺴﻠﯿﻢ ﻣﻘﺎﺑﻞ‬1 ‫ ﻧﻤﻮذج‬Livraison Contre
and obligation-by-obligation basis, with final (irrevocable ‫ اﻟﺪﻓﻊ‬Paiement
Delivery Versus Payment and unconditional) transfer of securities from the seller to the Modèle 1
Model 1 buyer (delivery) if and only if final transfer of funds from the
buyer to the seller (payment) occurs.7

DVP model 2 DVP model where securities are settled on a gross basis, with ‫ ﻟﻠﺘﺴﻠﯿﻢ ﻣﻘﺎﺑﻞ‬2 ‫ ﻧﻤﻮذج‬Livraison Contre
final transfer of securities from the seller to the buyer ‫ اﻟﺪﻓﻊ‬Paiement
occurring throughout the processing cycle, but funds are Modèle 2
settled on a net basis, with final transfer of funds from the
buyer to the seller occurring at the end of the processing
cycle. 7

DVP model 3 DVP model where both securities and funds are settled on a ‫ ﻟﻠﺘﺴﻠﯿﻢ ﻣﻘﺎﺑﻞ‬3 ‫ ﻧﻤﻮذج‬Livraison Contre
net basis, with final transfers of both securities and funds ‫ اﻟﺪﻓﻊ‬Paiement
occurring at the end of the processing cycle. 7 Modèle 3

e-Check A form of payment made via the Internet, or another data ‫ اﻟﺸﯿﻚ اﻹﻟﻜﺘﺮوﻧﻲ‬Chèque électronique
network, designed to perform the same function as a
conventional paper check. Since the check is in an electronic
format, it can be processed in fewer steps. Additionally, it has
more security features than standard paper checks including
authentication, public key cryptography, digital signatures,
and encryption, among others. 10

Electronic payment Any payment made with an electronic funds transfer. 3 ‫ اﻟﺪﻓﻊ اﻹﻟﻜﺘﺮوﻧﻲ‬Paiement Électronique
(e-payment)

83
83
 Electronic Payment Service A term used by Japan’s Financial Services Agency to identify ‫ ﻣﺰود ﺧﺪﻣﺔ اﻟﺪﻓﻊ‬Fournisseurs de
Provider (EPSP) which entities can access customer data under its open (EPSP) ‫ اﻹﻟﻜﺘﺮوﻧﻲ‬Services de Paiements
banking regime. EPSPs include payment initiation service Électroniques.
providers (PISPs) and account information service providers
(AISPs). 38

E-money account An e-money holder’s account that is held with the e-money ‫ ﺣﺴﺎب اﻟﻨﻘﻮد اﻹﻟﻜﺘﺮوﻧﯿﺔ‬Compte de Monnaie
issuer. In some jurisdictions, e-money accounts may Électronique
resemble conventional bank accounts, but are treated
differently under the regulatory framework because they are
used for different purposes. 3

E-money issuer The entity that initially issues e-money against receipt of ‫ ٌﻣﺼﺪر اﻟﻨﻘﻮد اﻹﻟﻜﺘﺮوﻧﯿﺔ‬Émetteur de Monnaie
funds. Some countries only permit banks to issue e-money Électronique
whereas other countries permit nonbanks to issue e-money. 1 ‫ﺟﮭﺔ إﺻﺪار اﻟﻨﻘﻮد‬
‫اﻹﻟﻜﺘﺮوﻧﯿﺔ‬
Fast-Payment System (FPS) Retail payment system in which the payment message is ‫ ﻧﻈﺎم اﻟﺪﻓﻊ اﻟﺴﺮﯾﻊ‬Système de Paiement
transmitted, and the final funds are made available to the Rapide
payee in real time or near real time on as near to a 24/7 basis
as possible. 7

Final Settlement Legally defined moment when funds (or other assets) have ‫ اﻟﺘﺴﻮﯾﺔ اﻟﻨﮭﺎﺋﯿﺔ‬Règlement Final
been irrevocably and unconditionally transferred. 7

Free of Payment (FOP) Transfer of securities without a corresponding transfer of ‫ ﺧﺎﻟﯿﺔ ﻣﻦ اﻟﺪﻓﻊ‬Sans Paiement
funds. 7 Exonéré du Paiement
Global Payment Innovation An initiative by SWIFT that aims to streamline and increase ‫ اﺑﺘﻜﺎر اﻟﺪﻓﻊ اﻟﻌﺎﻟﻤﻲ‬Innovation Mondiale de
(GPI) transparency of cross-border payments. The initiative Paiement
introduces a multilateral service level agreement across
banks to create a common standard for processing cross-
border payments, which in turn will transform correspondent

84
84
 banking. Through the first of these service level agreements,
corporate treasurers will gain same-day use of funds, have
access to rich payment information which is transferred
between parties to a transaction, and have greater
transparency and predictability of fees, including FX costs. 10

Government Digital Payment Means any payment involving the transfer of funds from a ‫ ﺧﺪﻣﺎت اﻟﺪﻓﻊ اﻻﻟﻜﺘﺮوﻧﯿﺔ‬Services
Services User of a PSP to a:(a) Ministry or Federal Authority; or (b) ‫ اﻟﺤﻜﻮﻣﯿﺔ‬Gouvernementaux de
local Government Authority of an Emirate or a local Paiement Numérique
Government Authority. 12

Hash Timelock Contract Type of smart contract that combines a hashlock function ً ‫ ﻋﻘﻮد ﺗﺸﻔﯿﺮ ﻣﺤﺪدة زﻣﻨﯿﺎ‬Contrat Hash Time lock
(HTLC) with a timelock function to facilitate two-leg transfers across
unconnected ledgers. 7 (HTLC)

Hybrid Settlement System System that combines the characteristics of RTGS and ‫ ﻧﻈﺎم اﻟﺘﺴﻮﯾﺔ اﻟﻤﺨﺘﻠﻂ‬Système de Règlement
deferred net settlement systems. 7 Hybride

Indirect Holding System Multi-tiered arrangement for the custody and transfer of ‫ ﻧﻈﺎم اﻟﺤﺠﺰ ﻏﯿﺮ اﻟﻤﺒﺎﺷﺮ‬Système de Détention
ownership of securities (or the transfer of similar interests Indirecte
therein) in which holders are identified only at the level of
their custodian or intermediary. 7

Infrastructure Model Back-end arrangement for cross-border payments involving ‫ ﻧﻤﻮذج اﻟﺒﻨﯿﺔ اﻟﺘﺤﺘﯿﺔ ﻟﻨﻈﻢ‬Modèl d'Infrastructure
a payment system or linked payment systems operating ‫ﻟﻠﻤﺪﻓﻮﻋﺎت‬
across borders. 7
Licensing Manual Means the Central Bank’s REGULATION Licensing ‫ دﻟﯿﻞ اﻟﺘﺮﺧﯿﺺ‬Modèle d'Infrastructure
Manual. 12

Liquidity Risk Risk that a counterparty, whether a participant or other entity, ‫ ﻣﺨﺎطﺮ اﻟﺴﯿﻮﻟﺔ‬Risque de Liquidité
will have insufficient funds to meet its financial obligations

85
85
 as and when expected, although it may be able to do so in the
future. 7

Liquidity Saving Mechanism Mechanism that seeks to save liquidity, including through ‫ آﻟﯿﺔ ﺗﻮﻓﯿﺮ اﻟﺴﯿﻮﻟﺔ‬Mécanisme de
(LSM) frequent netting or offsetting of transactions (payments Fourniture de
and/or securities) in the course of the operating day. A typical Liquidités
approach is to hold transactions in a central queue and to net
or offset those transactions on a bilateral or multilateral basis
at frequent intervals. 7

Load limit Means the maximum amount of digital money that can be ‫ ﺣﺪ اﻟﺘﺤﻤﯿﻞ ﻟﻠﻨﻘﻮد‬Limite de Charge
transferred into a Payment Account held by a User of a ‫اﻻﻟﻜﺘﺮوﻧﯿﺔ‬
Payment Instrument as per regulation. 12

Mandatory Account Mandatory ASPSPs are entities that are required by the CMA ‫ ﻣﺰود ﺧﺪﻣﺔ اﻟﺪﻓﻊ‬Fournisseur de Services
Servicing Payment Service Order to enrol with Open Banking. 37 ‫ اﻹﻟﺰاﻣﻲ ﻟﺨﺪﻣﺔ اﻟﺤﺴﺎب‬de Paiement du Service
Provider (or Mandatory de Compte Obligatoire
ASPSP)

Mobile Banking (m-banking) The use of a mobile phone to access banking services and ‫ اﻟﺨﺪﻣﺎت اﻟﻤﺼﺮﻓﯿﺔ ﻋﺒﺮ‬Services Bancaires
execute financial transactions. This covers both transactional ‫ اﻟﮭﺎﺗﻒ اﻟﻤﺤﻤﻮل‬Mobiles
and non-transactional services, such as viewing financial
information on a bank customer’s mobile phone. 3

Mobile Financial Services The use of a mobile phone to access financial services and ‫ اﻟﺨﺪﻣﺎت اﻟﻤﺎﻟﯿﺔ ﻋﺒﺮ‬Services Financiers
(MFS) execute financial transactions. This includes both ‫ اﻟﮭﺎﺗﻒ اﻟﻤﺤﻤﻮل‬Mobiles
transactional and non-transactional services, such as viewing
financial information on a user’s mobile phone. 3

Mobile Money A mobile-based transactional service that can be transferred ‫ اﻟﻤﻌﺎﻣﻼت اﻟﻤﺎﻟﯿﺔ ﻋﺒﺮ‬Argent Mobile
electronically using mobile networks. A mobile money issuer ‫اﻟﮭﺎﺗﻒ‬
may, depending on local law and the business model, be an

86
86
 MNO or a third party such as a bank. Often used
synonymously with ‘mobile financial services. 3

Mobile Payment A form of mobile financial services in which payments are ‫ اﻟﺪﻓﻊ ﻋﺒﺮ اﻟﮭﺎﺗﻒ‬Paiement Mobile
initiated through a mobile phone (both smartphones and ‫اﻟﻤﺤﻤﻮل‬
digital feature phones). 3

Mobile Payment Services Terminology specific to Jordanian case. An MPSP is an e- ‫ ﻣﻘﺪﻣﻮ ﺧﺪﻣﺎت اﻟﺪﻓﻊ ﻋﺒﺮ‬Fournisseurs de
Providers (MPSP) money issuer licensed by the Central Bank of Jordan to issue ‫ اﻟﮭﺎﺗﻒ اﻟﻤﺤﻤﻮل‬Services de Paiement
e-money and connect to the JoMoPay national payment Mobile
switch. Also referred to as a payment services provider. 3

Mobile Wallet A type of e-wallet which is accessed through a mobile phone. ‫ ﺣﺎﻓﻈﺔ اﻟﻨﻘﻮد اﻟﮭﺎﺗﻔﯿﺔ‬Portefeuille Mobile
Often used synonymously with mobile money account. 3

Money Transfer Operator Non-deposit-taking payment service provider where the ‫ ﻣﺸﻐﻞ ﺗﺤﻮﯾﻞ اﻷﻣﻮال‬Opérateur de Transfert
(MTO) service involves payment per transfer (or possibly payment d'Argent
for a set or series of transfers) by the sender to the payment
service provider (for example, by cash or bank transfer) – ie
as opposed to a situation where the payment service provider
debits an account held by the sender at the payment service
provider. 7

Multilateral Netting Offsetting of obligations between or among multiple ‫ اﻟﻤﻌﺎوﺿﺔ ﻣﺘﻌﺪدة اﻷطﺮاف‬Netting Multilatéral
participants to result in a single net position per participant. 7

Nonbank-based model A mobile financial services business model (bank led or ‫ ﻧﻤﻮذج أﻋﻤﺎل ﻟﻠﺨﺪﻣﺎت‬Modèle non Bancaire
nonbank-led) in which (i) the customer has a contractual ‫اﻟﻤﺎﻟﯿﺔ ﻏﯿﺮ ﻣﺼﺮﻓﻲ‬
relationship with a nonbank financial service provider and
(ii) the nonbank is licensed or otherwise permitted by the
regulator to provide the financial service(s). 3

87
87
 Nonbank-led model A mobile financial services business model (bank based or ‫ ﻧﻤﻮذج أﻋﻤﺎل ﻟﻠﺨﺪﻣﺎت‬Modèle non Bancaire
nonbank-based) in which the nonbank is the primary driver ‫اﻟﻤﺎﻟﯿﺔ ﻏﯿﺮ ﻣﺼﺮﻓﻲ‬
of the product or service, typically taking the lead in
marketing, branding, and managing the customer
relationship. 3

Offshore System Financial market infrastructure for the processing of ‫ اﻟﻨﻈﺎم اﻟﺨﺎرﺟﻲ‬Système Offshore
payments or securities denominated in a currency different Système Outre Mer
from the one of the jurisdiction in which the Financial Market
Infrastructure is located. It could also cover a CCP. 7

Overlay System System that provides innovative customer interfaces to ‫ واﺟﮭﺔ ﺑﺪء اﻟﻤﺪﻓﻮﻋﺎت‬Système de
initiate payments (i.e. front ends). 7 Superposition

Participant Means an entity recognized by a Payment System and is ‫ ﻣﺸﺎرك ﺑﻮاﺳﻄﺔ ﻧﻈﻢ اﻟﺪﻓﻊ‬Participant
allowed, either directly/ indirectly, to send and receive
payment instructions to and from that payment system. 12

Payment Card Industry The Payment Card Industry Data Security Standard (PCI ‫ اﻻﻣﺘﺜﺎل ﻟﺼﻨﺎﻋﺔ ﺑﻄﺎﻗﺎت‬Conformité à
Compliance DSS) is a set of security standards designed to ensure that all ‫ اﻟﺪﻓﻊ‬l’Industrie des Cartes
companies that accept, process, store or transmit credit card de Paiement
" PCI Compliance " information maintain a secure environment. Although the
PCI DSS must be implemented by all entities that process,
store or transmit cardholder data, formal validation of PCI
DSS compliance is not mandatory for all entities.7

Payment Gateway The front-end technology that reads payment cards and sends ‫ ﺑﻮاﺑﺔ اﻟﺪﻓﻊ‬Passerelle de Paiement
customer information to the merchant acquiring bank for
processing. 10

Payment Initiation Services A Payment Initiation Services Provider provides an online ‫ ﻣﺰود ﺧﺪﻣﺎت ﺑﺪء اﻟﺪﻓﻊ‬Fournisseur de Services
Provider (PISP) service to initiate a payment order at the request of the d’Initiation de Paiement

88
88
 payment service user with respect to a payment account held
at another payment service provider. 37

Payment Instruction Means an instruction initiated by a User to his / her respective ‫ ﺗﻌﻠﯿﻤﺎت اﻟﺪﻓﻊ‬Instructions de
PSP requesting the execution of a payment transaction. 12 Paiement

Payments Instrument The product (service) used by the consumer at the point of ‫ أداة اﻟﻤﺪﻓﻮﻋﺎت‬Instruments de
payment (e.g., cash, debit card, mobile wallet). Often used Paiements
interchangeably with payment product and payment channel.
3
Moyens de paiement

Payment Leg One of two legs of a securities trade: the transferring of cash ‫ طﺮف اﻟﺪﻓﻊ‬Jambe de paiement
corresponding to the securities’ price from the buyer to the
seller. See also “delivery leg”. 7 Étape de paiement

Payments Processors Third-party services providers that handle the details of ‫ ﻣﻌﺎﻟﺠﺎت اﻟﻤﺪﻓﻮﻋﺎت‬Processeurs de
processing card transactions between merchants, issuing Paiements
banks, and the merchants’ bank (also called acquiring bank).
3

Second Payment Services Europe's revised payments services directive has opened a ‫ ﺗﻮﺟﯿﮫ ﺧﺪﻣﺎت اﻟﺪﻓﻊ‬Deuxième Directive sur
Directive (PSD2) wealth of opportunity for fintech's in establishing ‫ اﻟﺜﺎﻧﻲ‬les Services de Paiement
relationships with banks, and wholly changed the payments
landscape. The directive was established to create
competition from non-banks in the payments sector, as well
as focusing on consumer protection, and creating a
harmonization rule set for payments providers. 10

Payment Service Provider Entity that provides payment services, including remittances. ‫ ﻣﺰود ﺧﺪﻣﺔ اﻟﺪﻓﻊ‬Prestataire de Services
(PSP) Payment service providers include banks and other deposit- de Paiement
taking institutions, as well as specialised entities such as
money transfer operators and e-money issuers. 7

89
89
 Payment Services The Payment Services Regulations 2017, the UK's ‫ ﻟﻮاﺋﺢ ﺧﺪﻣﺎت اﻟﺪﻓﻊ‬Règlement des Services
Regulations (PSR) implementation of PSD2, as amended or updated from time de Paiement
to time and including the associated Regulatory Technical
Standards as developed by the EBA. 37

Payment Services User (PSU) A Payment Services User is a natural or legal person making ‫ ﻣﺴﺘﺨﺪم ﺧﺪﻣﺎت اﻟﺪﻓﻊ‬Utilisateur des Services
use of a payment service as a payee, payer or both. 37 de Paiement

Payment System Set of instruments, procedures and rules for the transfer of ‫ ﻧﻈﺎم اﻟﺪﻓﻊ‬Système de Paiement
funds between or among participants. The system
encompasses both the participants and the entity operating
the arrangement. 7

Payment Versus Payment Settlement mechanism that ensures that the final transfer of ‫ اﻟﺪﻓﻊ ﻣﻘﺎﺑﻞ اﻟﺪﻓﻊ‬Paiement contre
(PVP) a payment in one currency occurs if and only if the final Paiement
transfer of a payment in another currency or currencies takes
place. PVP transfers can occur within a jurisdiction or across
borders. 7

Peer-to-Peer Arrangement Arrangement that cuts out the financial intermediary ‫ ﺗﺮﺗﯿﺐ اﻟﻨﺪ ﻟﻠﻨﺪ‬Arrangement entre
payment service providers between the payer and payee. 7 Pairs

Entente entre Pairs

Permissioned DL Distributed ledger that allows only trusted third parties to be ‫ اﻟﺴﺠﻼت اﻟﻼﻣﺮﻛﺰﯾﺔ‬Registres Distribués
involved in the updating process. Because validators are ‫ اﻟﻤﺴﻤﻮح ﺑﮭﺎ‬Autorisés
trusted, less computationally intensive mechanisms can be
used to validate transactions. 7

Person-to-Business (P2B) Payment where the payer is an individual and the payee is a ‫ اﻟﺪﻓﻊ ﻣﻦ ﺷﺨﺺ ﻟﻠﺸﺮﻛﺔ‬Paiement de Personne à
Payment business (eg bill payments). The reverse transaction is known Entreprise

90
90
 as a business-to-person (B2P) payment (eg salary payments).
7

Person-to-Government Payment where the payer is an individual and the payee is a ‫ اﻟﺪﻓﻊ ﻣﻦ ﺷﺨﺺ ﻟﻠﺤﻜﻮﻣﺔ‬Paiement de Personne à
(P2G) Payment government (eg payment of taxes). The reverse transaction is Gouvernement
known as a government-to-person (G2P) payment (eg
welfare payments). 7

Person-to-Person (P2P) Payment where both the payer and the payee ‫ اﻟﺪﻓﻊ ﻣﻦ ﺷﺨﺺ ﻟﻠﺸﺨﺺ‬Paiement de Personne à
Payment are individuals (eg remittances). Also known as a peer-to- Personne
7
peer payment.

Prepaid Card A payment card in which money can be preloaded and ‫ ﺑﻄﺎﻗﺔ ﻣﺴﺒﻘﺔ اﻟﺪﻓﻊ‬Carte Prépayée
Stored. 3

Primary Technical Contact A Primary Technical Contact is an individual nominated by ‫ ﺟﮭﺔ اﻻﺗﺼﺎل اﻟﻔﻨﯿﺔ‬Contact technique
(PTC) the entity to have access to the Directory and will be able to ‫ اﻷﺳﺎﺳﯿﺔ‬principal
nominate other Directory technical users. This should be a
main point of contact on technical configuration and a senior
member of staff with responsibility for the management of
the Open Banking digital identity. 37

Principles for Financial Means the ‘Principles for Financial Market Infrastructure ‫ ﻣﺒﺎدئ اﻟﺒﻨﻰ اﻟﺘﺤﺘﯿﺔ‬Principes pour les
Market Infrastructures standards report by the Bank for International Settlements ‫ ﻟﻸﺳﻮاق اﻟﻤﺎﻟﯿﺔ‬Infrastructures des
(PFMI) (‘BIS’). 12 Marchés Financiers

Principal Risk Risk that a counterparty will lose the full value involved in a ‫ اﻟﻤﺨﺎطﺮ اﻟﺮﺋﯿﺴﯿﺔ‬Risque Principal
transaction – for example, the risk that a seller of a financial
asset will irrevocably deliver the asset but not receive
payment. 7

91
91
 Private DL Distributed ledger that restricts who can initiate transactions. ‫ اﻟﺴﺠﻼت اﻟﻤﺮﻛﺰﯾﺔ‬Privé de Registre
This is similar to an account-based system, where users must ‫ اﻟﺨﺎﺻﺔ‬Distribué
apply to open an account before they can use the system (or
at least open an account at an intermediary that has access). 7

Real-Time Gross Settlement The continuous settlement of interbank payments on a real- ‫ اﻟﺘﺴﻮﯾﺔ اﻹﺟﻤﺎﻟﯿﺔ ﻓﻲ‬Règlement Brut en
(RTGS) time (instant) basis. Usually through accounts held in central ‫ اﻟﻮﻗﺖ اﻟﻔﻌﻠﻲ‬Temps Réel
banks and used for large-value interbank funds transfers. 3
Remittances A person-to-person international payment of relatively low ‫ اﻟﺤﻮاﻻت‬Virements
Value. 3

Replacement Cost Risk Risk of a trade failing to settle and having to be replaced at ‫ ﻣﺨﺎطﺮ ﺗﻜﻠﻔﺔ اﻻﺳﺘﺒﺪال‬Risque de Coût de
an unfavorable price. 7 Remplacement

Remittance Service Provider An entity, operating as a business, that provides a remittance ‫ ﻣﻘﺪم ﺧﺪﻣﺔ اﻟﺘﺤﻮﯾﻼت‬Fournisseur de Services
(RSP) service for a price to end users, either directly or through de Virements
agents. 3

Retail Payment Payment associated with the purchase of goods and services ‫ دﻓﻊ اﻟﺘﺠﺰﺋﺔ‬Paiement de Détail
by consumers and businesses. Each such payment tends to be
for a relatively low value, but the volumes are large. 7

Risk Monitoring Technology Technology that allows an always-on, noninvasive ‫ ﺗﻜﻨﻮﻟﻮﺟﯿﺎ ﻣﺮاﻗﺒﺔ‬Technologie de
surveillance of transactions, behaviour and communications ‫ اﻟﻤﺨﺎطﺮ‬Surveillance du Risque
in financial services firms. 26
Scheme (or Payment A body that sets the rules and technical standards for the ‫ ﻧﻈﺎم اﻟﺪﻓﻊ‬Régime de Paiement
Scheme) execution of payment transactions using the underlying
payment infrastructure. 3

Securities Settlement Transfer of ownership of securities in accordance with the ‫ ﺗﺴﻮﯾﺔ اﻷوراق اﻟﻤﺎﻟﯿﺔ‬Règlement des Titres
terms of an underlying agreement. 7

92
92
Securities Settlement System Entity that enables securities to be transferred and settled by ‫ ﻧﻈﺎم ﺗﺴﻮﯾﺔ اﻷوراق‬Système de Règlement
(SSS) book entry according to a set of predetermined multilateral ‫ اﻟﻤﺎﻟﯿﺔ‬des Titres
rules. Such a system allows transfers of securities either free
of payment or against payment. 7 Système de règlement-
livraison
Settlement Discharge of an obligation in accordance with the terms of ‫ اﻟﺘﺴﻮﯾﺔ‬Règlement
the underlying contract. 7

Settlement Institution Means an institution that provides facilities for Participants ‫ ﻣﺆﺳﺴﺔ اﻟﺘﺴﻮﯾﺔ‬Institution de
of a Payment System to hold funds and/ or for settlement of Règlement
payment transactions between the Participants. 12

Smart Loan Repayment A debt repayment plan that accounts for fluctuations in a ‫ ﺳﺪاد اﻟﻘﺮض اﻟﺬﻛﻲ‬Remboursement
customer’s income during the repayment period, allowing d'Intelligent prêt
the customer to pay more (or less) based on their available
liquidity—without triggering default provisions.38

Society for the Worldwide A messaging service for financial messages, such as letters ‫ﺟﻤﻌﯿﺔ اﻻﺗﺼﺎﻻت اﻟﻤﺎﻟﯿﺔ‬ Société Mondiale des
Interbank Financial of credit, payments, and securities transactions, between ‫اﻟﻌﺎﻟﻤﯿﺔ ﺑﯿﻦ اﻟﺒﻨﻮك‬ Télécommunications
Telecommunication member banks worldwide. SWIFT remains the primary (‫)ﺳﻮﯾﻔﺖ‬ Financières
(SWIFT) means for interbank communications cross-border. Note that Interbancaires
SWIFT does not provide settlement and clearing for bank
transfers. 3

Stored Value Facility Means a non-cash facility, (in electronic or magnetic form), ‫ ﺗﺴﮭﯿﻞ اﻟﻘﯿﻤﺔ اﻟﻤﺨﺰﻧﺔ‬Facilité de Valeur
purchased by a user (and used) to make payment for goods Stockée
and services. 12

Strong Customer Strong Customer Authentication as defined by EBA ‫ اﻟﻤﺼﺎدﻗﺔ اﻟﻘﻮﯾﺔ ﻟﻠﻌﻤﯿﻞ‬Authentification Forte
Authentication (SCA) Regulatory Technical Standards is an authentication based du Client
on the use of two or more elements categorized as knowledge
(something only the user knows [for example, a password]),

93
93
 possession (something only the user possesses [for example,
a particular cell phone and number]) and inherence
(something the user is [or has, for example, a finger print or
iris pattern]) that are independent, [so] the breach of one does
not compromise the others, and is designed in such a way as
to protect the confidentiality of the authentication data. 37

Unified Payment Interface A smartphone application which allows users to transfer ‫ واﺟﮭﺔ اﻟﺪﻓﻊ اﻟﻤﻮﺣﺪة‬Interface de Paiement
(UPI) money between bank accounts. It is a single-window mobile Unifiée
payment system developed by the National Payments
Corporation of India (NPCI). It eliminates the need to enter
bank details or other sensitive information each time a
customer initiates a transaction. 10

Transaction account Account (including e-money and prepaid accounts) held with ‫ ﺣﺴﺎب اﻟﻤﻌﺎﻣﻼت‬Compte de Transaction
a bank or other authorised payment service provider, which
can be used to make and receive payments and to store value.
7

Technical Service Providers Means entities facilitating the provision of payment services ‫ ﻣﻘﺪﻣﻮ اﻟﺨﺪﻣﺎت اﻟﻔﻨﯿﺔ‬Fournisseurs de
to PSPs, whilst excluded at all times from possession of funds Services Techniques
(and transference thereof). Services offered include
processing /storage of data, trust and privacy protection
services, data and entity authentication, information
technology (IT) and communication network provision,
provision and maintenance of terminals and devices used for
payment services. 12

Wholesale Banking Banking services between merchant banks and other ‫ اﻟﺨﺪﻣﺎت اﻟﻤﺼﺮﻓﯿﺔ‬Services Bancaires de
financial institutions. This type of banking deals with larger ‫ اﻟﺘﺠﺎرﯾﺔ‬Gros
clients, such as large corporations and other banks, whereas
retail banking focuses more on the individual or small

94
94
 business. Wholesale banking services include currency
conversion, working capital financing, large trade
transactions and other types of services. 10

Wholesale Payment Payment between financial institutions – for example, ‫ دﻓﻊ ﺑﺎﻟﺠﻤﻠﺔ )ﻣﺠﻤﻞ‬Services de Paiement
payment to settle securities and foreign exchange trades, (‫ اﻟﺪﻓﻊ‬en Gros
payment to and from central counterparties, and other
interbank funding transactions. These are typically large
value payments that often need to settle on a particular day
and sometimes by a particular time.7

Unsupervised Learning A type of machine learning method that helps find previously / ‫ ﺗﻌﻠﻢ اﻵﻟﺔ ﺑﺪون إﺷﺮاف‬Apprentissage non
unknown patterns in a data set without pre-existing labels.13 ‫ اﻟﺘﻌﻠﻢ اﻟﻐﯿﺮ ﻣﺮاﻗﺐ‬Surveillée
User Funds Means the net value of unutilized funds held on account of ‫ ﺻﻨﺎدﯾﻖ اﻟﻤﺴﺘﺨﺪم‬Fonds de l'Utilisateur
the customer by the Payment Service Provider. 12 ‫أﻣﻮال اﻟﻤﺴﺘﺨﺪم‬

95
95
 Smart Contracts ‫اﻟﻌﻘﻮد اﻟﺬﻛﯿﺔ‬
Terms Definition ‫ اﻟﻤﺼﻄﻠﺤﺎت‬Les Termes
Decentralized Autonomous An entity in a digital system facilitated by smart contracts. ‫ اﻟﻤﻨﻈﻤﺔ اﻟﻼﻣﺮﻛﺰﯾﺔ‬Organisation Autonome
Organization (DAO) Smart contracts involve digital tools and protocols that help (DAO) ‫ اﻟﻤﺴﺘﻘﻠﺔ‬Décentralisée
support specific transactions or other contract elements. The
decentralized autonomous organization works with popular
cryptocurrency and digital ledger operations that many world
governments and businesses are moving toward for more
transparency and for evolving anti-corruption innovations. 10

Smart contracts Custom software logic that executes automated events when ‫ اﻟﻌﻘﻮد اﻟﺬﻛﯿﺔ‬Contrats Intelligents
data is written to the blockchain according to rules specified
in the contract.31

96
96
Tokenisation ‫اﻟﺘﺮﻣﯿﺰ‬
Terms Definition ‫ اﻟﻤﺼﻄﻠﺤﺎت‬Les Termes
Digital token Digital representation of value that is not recorded in an ‫ اﻟﺮﻣﺰ اﻟﺮﻗﻤﻲ‬Jeton Numérique
account.7

Initial Coin Offering (ICO) An operation through which companies, entrepreneurs, ‫ طﺮح اﻟﻌﻤﻠﺔ اﻷوﻟﻲ‬Offre Initiale de Pièces
developers or other promoters raise capital for their projects
in exchange for digital tokens (or ‘coins’), that they create.17 Initial Coin Offering

Investment Tokens Provide rights (e.g. in the form of ownership rights and/or ‫ رﻣﻮز اﻻﺳﺘﺜﻤﺎر‬Jetons d'Investissement
entitlements similar to dividends). For example, in the
context of capital raising, asset tokens may be issued in the
context of an ICO which allows businesses to raise capital
for their projects by issuing digital tokens in exchange for fiat
money or other crypto assets.

Token The means of exchange to give value to a transaction, ‫ اﻟﺮﻣﺰ‬Jeton

typically a native cryptocurrency. Some non-currency
blockchain architectures can be tokenless.31

Tokenisation Process of converting assets into digital tokens.7 ‫ اﻟﺘﺮﻣﯿﺰ‬Tokénisation

Utility Tokens Enable access to a specific product or service often provided ‫ رﻣﻮز اﻟﻤﻨﻔﻌﺔ‬Jetons Utilitaires
using a DLT platform but are not accepted as a means of
payment for other products or services. For example, in the
context of cloud services, a token may be issued to facilitate
access.

Virtual Currencies Means any type of digital unit used as a medium of exchange, ‫ اﻟﻌﻤﻼت اﻻﻓﺘﺮاﺿﯿﺔ‬Monnaies Virtuelles
a unit of account, or a form of stored value. Virtual Currency
(s) is not recognised by this REGULATION. Exceptions are Devises Virtuelles

97

97
 made to a digital unit that: a) can be redeemed for goods,
services, and discounts as part of a user loyalty or rewards
program with the Issuer and; b) cannot be converted into a
fiat /virtual currency. 12
XBRL A type of XML (extensible mark-up language) used for ‫ ﻟﻐﺔ ﺗﺮﻣﯿﺰ ﻣﻮﺳﻌﺔ‬XBRL
organizing and defining data. It uses tags to identify each (‫)ﻟﺘﻨﻈﯿﻢ اﻟﺒﯿﺎﻧﺎت اﻟﻤﺎﻟﯿﺔ‬
piece of financial data.26

98
98
List of References:

1- Alexandria. (2020). Crypto glossary. https://coinmarketcap.com/alexandria/glossary

2- AMF. (2020a). Cyber Resilience Oversight Guidelines for the Arab Countries, Concerning Financial Market Infrastructures. AMF. Arab
Regional Fintech Working Group.

3- AMF. (2020b). Financial Inclusion in the technology-led globalization age. AMF.

4- Atlas Cloud Glossary of Terms. (2017). https://www.atlascloud.co.uk/wp-content/uploads/2017/07/Glossary-of-terms.pdf

5- Auer, R. (2019). Embedded supervision: how to build regulation into blockchain finance: Vol. BIS Working Papers. No 811. BIS.

6- Basel Committee on Banking Supervision. (2018). Sound Practices Implications of fintech developments for banks and bank supervisors.
BIS.

7- BIS. (2020a). BIS Quarterly Review: International banking and financial market developments. BIS.

8- Blandin, etc., A. (2020). GLOBAL CRYPTOASSET REGULATORY LANDSCAPE STUDY. Cambridge Centre for Alternative
Finance. https://www.jbs.cam.ac.uk/wp-content/uploads/2020/08/2019-04-ccaf-global-cryptoasset-regulatory-landscape-study.pdf

9- Blockchain Training Alliance. (2020). Glossary of Blockchain Terms. Blockchain Training Alliance.
https://cdn.shopify.com/s/files/1/2137/1081/files/Blockchain_Training_Alliance_Glossay_of_Terms.pdf?7565294325545489676

99
 10- Bobs guide (2019). Connecting buyers and sellers of financial technology globally. Fintech glossary of terms.
https://www.bobsguide.com/guide/news/2019/Jun/26/fintech-glossary-of-terms/

11- Cambridge University. (2018). Ledger Distributed Technology Systems: A Conceptual Framework. https://www.jbs.cam.ac.uk/wp-
content/uploads/2020/08/2018-10-26-conceptualising-dlt-systems.pdf

12- Central Bank of UAE (2017). Regulatory Framework for Stored Values and Electronic Payment Systems. Central Bank of UAE.

13- Coelho, R., Simoni, M. D., & Prenio, J. (2019). Suptech applications for anti-money laundering: Vol. FSI Insights on policy
implementation No 18. BIS.

14- Crypto-asset markets Potential channels for future financial stability implications. (2018). FSB.

15- Cyber Explore GLOSSARY. (2020). https://www.dni.gov/ncsc/e-Learning_CyberAware/pdf/Cyber_Explore_Glossary.pdf

16- Deloitte. (2020). Are you Cloud fluent? Helping you thrive in a digital world Glossary. Deloitte.
https://www2.deloitte.com/content/dam/Deloitte/uk/Documents/digital-hub/deloitte-cloud-glossary-of-terms.pdf

17- di Castri, S. C., Hohl, S., Kulenkampff, A., & Prenio, J. (2019, October). The Suptech generations: Vol. FSI Insights on policy
implementation No 19. BIS.

18- Digital Transformation Agency. (2019). Overview and Glossary: Trusted Digital Identity Framework: Vol. version 1.5. Digital
Transformation Agency.

100
100
19- Dubrovskaya, S. (2018). EU GDPR Glossary of Terms. EU GDPR Academy. https://advisera.com/eugdpracademy/knowledgebase/eu-
gdpr-glossary/

20- EBA. (2018). Recommendations on outsourcing to cloud service providers: Vol. EBA/REC/2017/03. European Banking Association.

21- Equilibrium Cyber Security. (n.d.). Network Security Glossary of Terms. https://www.equilibrium-security.co.uk/wp-
content/uploads/2015/02/Equilibrium_Cyber_Security_Knowledge_Hub_Glossary.pdf

22- European Banking Authority. (n.d.). Glossary of Financial Innovations. European Banking Authority.
https://eba.europa.eu/sites/default/documents/files/documents/10180/2270404/72036f35-beac-4d44-acf1-
2875c12b709e/Glossary%20for%20Financial%20Innovation.pdf

23- European Financial Reporting Advisory Group. (2019). Crypto-Assets : Holders -Supplemental Issues Paper. European Financial
Reporting Advisory Group.

24- Falmouth University. (n.d.). Data Protection Glossary.

https://www.falmouth.ac.uk/sites/default/files/download/data_protection_glossary.pdf

25- FATF. (2020). Digital Identity. FATF. https://www.fatf-gafi.org/media/fatf/documents/recommendations/pdfs/Guidance-on-Digital-

Identity-report.pdf

26- Financial Conduct Authority. (2016). Call for input on supporting the development and adopters of RegTech: Vol. Feedback Statement
FS16/4. Financial Conduct Authority.

27- FSB. (2019). Crypto-assets Work underway, regulatory approaches and potential gaps. FSB, 31 May 2019.

101
101
 28- FSB. (2020). The Use of Supervisory and Regulatory Technology by Authorities and Regulated Institutions: Market developments and
financial stability implications. FSB.

29- GDPR Glossary : A Quality Glossary to GDPR. (n.d.). QX. https://www.qxltd.com/pdf/gdpr-glossary.pdf

30- General Global Regulatory Standards. (n.d.). Global Digital Finance Code of Conduct Taxonomy for Cryptographic Assets.
https://www.gdf.io/wp-content/uploads/2019/02/0010_GDF_Taxonomy-for-Cryptographic-Assets_Proof-V2-260719.pdf

31- Grant Thornton. (2017). Blockchain glossary. Grant Thornton. https://www.grantthornton.global/globalassets/1.-member-

firms/global/insights/blockchain-hub/blockchain-glossary.pdf

32- ISACA. (2015). Glossary of Terms: English-French (3rd. ed). ISACA.

33- ISACA. (2020). Glossary. https://www.isaca.org/resources/glossary

34- Keywords Functionality QA The Trust Bridge. (2019). GDPR: A Glossary of Terms.
https://www.keywordsstudios.com/content/uploads/2019/11/GDPR-Glossary-of-Terms.pdf

35- Mueller, J. (2018). InsurTech Rising: A Profile of the InsurTech Landscape. Milken Institute.

36- Norton Rose Fulbright. (2020). InsurTech 101: Glossary of common insurance terms in Australia. Norton Rose Fulbright.

37- Open Banking Limited. (2020). Open Banking : Website Glossary. Https://Www.Openbanking.Org.Uk/about-Us/Glossary/.
https://www.openbanking.org.uk/about-us/glossary/

102
102
38- Plaitakis, A., & Staschen, S. (2020). Open Banking: How to Design for Financial Inclusion. CGAP.

39- PlanetCompliance. (2017). The RegTech Glossary : A Beginner’s Guide to the Industry’s Terminology [E-book]. PlanetCompliance.
https://www.planetcompliance.com/2017/03/16/the-regtech-glossary-a-beginners-guide-to-the-industrys-terminology/

40- S.I.L. (n.d.). General Glossary. Service Innovation Lab. https://serviceinnovationlab.github.io/general-glossary/

41- Thomson Reuters. (2017, August). FinTech and RegTech. Thomson Reuters.

42- Tutorials Point. (2020). Artificial Intelligence: Intelligent Systems. Tutorials Point.

43- Tutorials Point. (2020). Artificial Intelligence: Intelligent Systems [E-book]. Tutorials Point.
https://www.tutorialspoint.com/artificial_intelligence/artificial_intelligence_tutorial.pdf

44- University of Reading. (n.d.). Data Protection Glossary. https://www.reading.ac.uk/internal/imps/DataProtection/imps-d-p-glossary.aspx

45- VMware. (2018). Glossary of Cloud Native Terms. VMware.

https://assets.contentstack.io/v3/assets/blt58b49a8a0e43b5ff/bltf89c1b057efb0e1c/5c708d21205569d260b08523/glossary-of-cloud-
native-terms.pdf

46- World Bank Group, The University of Cambridge. (2020). The Global Covid-19 FinTech Regulatory Rapid Assessment Study. World
Bank Group, The University of Cambridge. https://www.jbs.cam.ac.uk/wp-content/uploads/2020/10/2020-ccaf-report-fintech-regulatory-
rapid-assessment.pdf

47- BIS. (2020b). Central banks and fintech data issues: 2020 Survey conducted by the Irving Fisher Committee on Central Bank Statistics
(IFC): Vol. IFC Report No 10. BIS. https://www.bis.org/ifc/publ/ifc_report_fintech_2002.pdf

103
103
 104
104
http://www.amf.org.ae