| Term | Definition |
| Application Programming Interface (API) | A set of rules and specifications for software programs to communicate with each other that forms an interface between different programs to facilitate their interaction. There are various types of APIs which include: - •Private APIs: used within an organisation to provide interoperability between internal applications in order to help automation and provide flexibility.
- •Partner APIs: used to integrate software between a company and its partner, often for a very specific purpose such as providing a product or service.
- •Open APIs: Designed to be easily accessible by the wider population, regardless of whether a business relationship has been established or not. This term does not have the same meaning as “Open Banking”.
- •Composite APIs: Designed to batch API requests sequentially into a single API call combining different data and service APIs with the aim to improve efficiency.
|
| API Lifecycle | Refers to the phases of:- •Conception: the formulation and design of an API;
- •Production: the development and testing of an API;
- •Publishing: the steps taken to make an API available for use;
- •Consumption: the use of an API; and
- •Retirement: the withdrawal of an API from use.
|
| API Provider | An organisation that makes APIs available for use by organisations or persons, including by the organisation itself. |
| Application | Refers to the use of an Enabling Technology in any capacity by an Institution, including where the Institution outsources part or all of the use of that Enabling Technology. |
| Artificial Intelligence (AI) | Refers to the theory and development of computer systems able to perform tasks that traditionally use human intelligence. |
| Big Data Analytics | Using advanced analytics techniques in relation to a large volume of Data, generated by any means and stored in a digital format. |
| Biometrics | Automated recognition of individuals based on their biological and behavioral characteristics. It covers a variety of technologies in which unique, identifiable attributes of people are used for identification and authentication. These include, but are not limited to, a person’s fingerprint, iris print, hand, face, voice, gait or signature, which can be used to validate the identity of individuals. Biometric attributes are based on an individual’s personal biometric characteristics and typically include the use of one of the following: - •Biophysical: Biometric attributes, such as fingerprints, iris print, voiceprints, and facial recognition;
- •Biomechanical: Biometric attributes that are the product of unique interactions of an individual’s muscles, skeletal system and nervous system, such as keystroke mechanics; or
- •Behavioral: Biometric attributes that consist of an individual’s various patterns of movement and usage, such as an individual’s email or text message patterns, mobile phone usage, geolocation patterns, file access log etc.
Biometrics can be used for the following activities, amongst others: - •Facilitating Customer identification and verification at on-boarding and for ongoing Customer authentication;
- •Supporting ongoing due diligence and scrutiny of transactions throughout the course of the business relationship;
- •Providing better and focused Customer services, e.g. identifying regular Customers at the point of entrance and authenticating transactions; and
- •Aiding transaction monitoring for the purposes of detecting and reporting suspicious transactions, as well as, general risk management and anti-fraud efforts.
|
| Cloud Computing | Use of a network (“cloud”) of hosting processors to increase the scale and flexibility of computing capacity. Such a network could be built by an Institution or made available by a service provider. This model enables on-demand network access to a shared pool of configurable computing resources (for example, networks, servers, storage facilities, applications and services). |
| Customer | Customer includes:- •In respect of the CBUAE: A person who is using, or who is or may be contemplating using, any of the services provided by an Institution.
- •In respect of the SCA: A natural or legal person.
- •In respect of the DFSA: A Retail Client, Professional Client or Market Counterparty.
- •In respect of the FSRA - A “Customer”.
|
| Credential Service Provider | An organisation that issues and/or registers authenticators and corresponding electronic credentials (binding the authenticators to the verified identity) to subscribers. Credential Service Provider’s maintain a subscriber’s identity credential and all associated enrolment Data throughout the credential’s lifecycle and provide information on the credential’s status to verifiers. |
| Data | A collection of organised information, facts, concepts, instructions, observations or measurements, in the form of numbers, alphabets, symbols, images or any other form, that are collected, produced, or processed by Institutions. |
| Digital Channels | The internet, mobile phones, Automated Teller Machines (ATMs), Point of Sale (POS) terminals, Digital Personal Assistants (DPAs), mobile applications, or other similar means for Institutions to contact other organisations or persons. |
| Distributed Ledger Technology (DLT) | Processes and related technologies that enable Nodes in a network (or arrangement) to securely propose, validate, agree and record state changes (or updates) to a synchronised ledger that is distributed across the network’s Nodes.
Blockchain is a type of DLT which stores and transmits Data in packages called “blocks” that are connected to each other in a digital ‘chain’. |
| Enabling Technology | One of the following types of technologies:- •APIs;
- •Cloud Computing;
- •Biometrics;
- •Big Data Analytics;
- •AI; and
- •DLT.
|
| Fee | Any fees, charges, penalties and commissions incurred on a product and/or service. |
| Guidelines | Refers to these Guidelines. |
| Governing Body | Governing Body means an Institution’s Board of Directors, partners, committee of management, or any other form of the governing body of a body corporate or partnership. |
| Identity Lifecycle | Refers to the phases of:- •Enrolment: collecting and proofing identity data;
- •Issuance: issuing one or more credentials;
- •Use: checking identity at the point of transactions;
- •Management: maintaining identities and credentials; and
- •Retirement: removing the identity record.
|
| Innovative Activities | Technologically enabled provision of financial services which can take various forms and encompass the different sectors of the financial industry (e.g., crowdfunding, payment services). |
| Institution | An Institution includes:- •In respect of the CBUAE: Any licensed and supervised Financial Institution. All references to Institutions include any Outsourcing Service Providers acting on behalf of the Institution.
- •In respect of the SCA: Any entity that has obtained a license or approval to engage in a financial activity and / or provide a specific financial service.
- •In respect of the DFSA: Any licensed and supervised “Authorised Person”. All references to Institutions include any Outsourcing Service Providers acting on behalf of the Authorised Person.
- •In respect of the FSRA: Any “Authorised Person” or “Recognised Body”.
|
| IT Assets | Any form of information technology, including software, hardware and Data. |
| Machine Learning | Machine Learning is a sub-category of AI that is a method of designing a sequence of actions for the design and generation or development of AI models to solve a problem through learning and experience and with limited or no human intervention. |
| Multi-Factor Authentication | Combines use of two (2) or more of the following authentication factors to verify a user’s identity:- •knowledge factor - “something an individual knows”;
- •possession factor - “something an individual has”; and/or
- •biometric factor - “something that is a biological and behavioral characteristic of an individual".
|
| Nodes | Network participants in a DLT network. |
| Outsourcing | An agreement with another party either within or outside the UAE, including a party related to an Institution, to perform an activity, process or service on a continuing basis which currently is, or could be, undertaken by the Institution itself. The activity, process or service should be integral to the provision of a financial service or should be provided to the market by the Outsourcing Service Provider on behalf of and in the name of the Institution. |
| Outsourcing Service Provider (OSP) | A third-party entity that is undertaking an outsourced activity, process or service or parts thereof, under an outsourcing arrangement. The Institution using an Outsourcing Service Provider always remains responsible and accountable for the actions of that OSP under an outsourcing arrangement and to ensure that its outsourcing arrangements comply with the principles set out in these Guidelines. |
| Permissioned DLT | A distributed ledger which can be updated or validated only by authorised users within set governance rules i.e. special permissions are necessary to read, access or write information on them. |
| Permissionless DLT | A distributed ledger which can be read or updated by anyone, such as an open-access blockchain used for some cryptocurrencies. |
| Personal Data | Personal Data is any information relating to an identified natural person or identifiable natural person. "Identifiable natural person" is defined as a natural person who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to their biological, physical, Biometric, physiological, mental, economic, cultural or social identity. |
| Senior Management | Senior Management includes:- •In respect of the CBUAE: The executive management of the Institution responsible and accountable to the Board/Governing Body for the sound and prudent day-to-day management of the Institution, generally including, but not limited to, the chief executive officer, chief financial officer, chief risk officer and heads of the compliance and internal audit functions.
- •In respect of the SCA: A director or group of executives who assume the tasks of planning the daily administrative and supervisory operations of the company's business to achieve its goals and is appointed by the company's Board/Governing Body.
- •In respect of the DFSA: Includes any senior management and Governing Body within an Authorised Person who take responsibility for that Authorised Person’s arrangements and operations.
- •In respect of the FSRA: - “Senior Management”.
|
| Staff | One or more employee(s) of the Institution acting in any capacity for or on behalf of the Institution. |
| Subscriber | A person whose identity has been verified and bound to authenticators (credentialed) by a Credential Service Provider. |
| Supervisory Authorities | Refers to the following UAE authorities:- •The Central Bank of the UAE (CBUAE);
- •The Securities and Commodities Authority (SCA);
- •The Dubai Financial Services Authority (DFSA) of the Dubai International Financial Centre; and
- •The Financial Services Regulatory Authority (FSRA) of the Abu Dhabi Global Market.
|
| Third Party | Any person, group of persons or organisation external to and not a related party to an Institution. |