The 995-Node
Intelligence Forest
The world's most comprehensive, source-verified resource for autonomous AI agents. Every node is cryptographically signed, RAG-optimized, and gated via L402 settlement protocols.
Neural Discovery Search
bidda.com / authority / sovereign-forest
SHA-256_INTEGRITY_AUDIT_PASSED
AI Model Valuation (IAS 38)
"IAS 38 Intangible Assets, issued by the IASB, governs the recognition, measurement, and disclosure of intangible assets including internally developed AI models, training datasets, and software. An intangible asset must meet strict recognition criteria: identifiability, control, and probable future economic benefit. Development-phase AI expenditure may be capitalized only after technical feasibility is established under all six IAS 38.57 criteria, while research-phase costs must be expensed immediately. Failure to correctly distinguish research from development phases, or to apply impairment testing under IAS 36, results in materially misstated financial statements and potential regulatory action by securities authorities."
Technical ID
accounting-ias-38
AI Model Valuation (IAS 38)
"IAS 38 Intangible Assets, issued by the IASB, governs the recognition, measurement, and disclosure of intangible assets including internally developed AI models, training datasets, and software. An intangible asset must meet strict recognition criteria: identifiability, control, and probable future economic benefit. Development-phase AI expenditure may be capitalized only after technical feasibility is established under all six IAS 38.57 criteria, while research-phase costs must be expensed immediately. Failure to correctly distinguish research from development phases, or to apply impairment testing under IAS 36, results in materially misstated financial statements and potential regulatory action by securities authorities."
Technical ID
accounting-ias-38
Digital Asset Fair Value (IFRS 13)
"IFRS 13 Fair Value Measurement establishes a single framework for measuring fair value across all IFRS standards that require or permit fair value measurement, including digital assets, AI-tokenized instruments, and crypto holdings. Fair value is defined as the exit price in an orderly transaction between market participants at the measurement date. Entities must classify inputs into a three-level hierarchy (Level 1: quoted prices in active markets; Level 2: observable inputs; Level 3: unobservable inputs) and maximize use of observable inputs. Digital and AI-linked assets with limited trading history frequently fall into Level 3, requiring robust valuation models and extensive disclosures; inadequate classification or disclosure triggers audit qualifications and securities regulator scrutiny."
Technical ID
accounting-ifr-13
AI Model Valuation (IAS 38)
"IAS 38 Intangible Assets, issued by the IASB, governs the recognition, measurement, and disclosure of intangible assets including internally developed AI models, training datasets, and software. An intangible asset must meet strict recognition criteria: identifiability, control, and probable future economic benefit. Development-phase AI expenditure may be capitalized only after technical feasibility is established, while research-phase costs must be expensed immediately. Failure to correctly distinguish research from development phases, or to apply the impairment testing requirements under IAS 36, results in materially misstated financial statements and potential regulatory action by securities authorities."
Technical ID
accounting-ias-38
Digital Asset Fair Value (IFRS 13)
"IFRS 13 Fair Value Measurement establishes a single framework for measuring fair value across all IFRS standards that require or permit fair value measurement, including digital assets, AI-tokenized instruments, and crypto holdings. Fair value is defined as the exit price in an orderly transaction between market participants at the measurement date. Entities must classify inputs into a three-level hierarchy (Level 1: quoted prices in active markets; Level 2: observable inputs; Level 3: unobservable inputs) and maximize use of observable inputs. Digital and AI-linked assets with limited trading history frequently fall into Level 3, requiring robust valuation models and extensive disclosures; inadequate classification or disclosure triggers audit qualifications and securities regulator scrutiny."
Technical ID
accounting-ifr-13
Engineers Ethics (ACEC)
"The American Council of Engineering Companies (ACEC) Code of Ethics establishes the binding professional obligations for licensed engineers and consulting firms. Engineers must hold paramount the safety, health, and welfare of the public above all client or employer interests. Core obligations include qualifications-based fee competition (Brooks Act compliance), professional seal authorization, conflict-of-interest disclosure, errors and omissions insurance, and continuing professional education. Violations expose firms to license revocation, civil liability, and federal debarment."
Technical ID
acec-ethics-eng
ADA (Employment Title I)
"The Americans with Disabilities Act Title I (42 U.S.C. §12101–12117), as amended by the ADA Amendments Act of 2008 (ADAAA), is the primary U.S. federal law prohibiting employment discrimination against qualified individuals with disabilities. Covered employers with 15 or more employees must provide reasonable accommodations unless doing so causes undue hardship. Title I restricts all medical inquiries to post-conditional-offer only, mandates initiation of the interactive process upon disclosure of a disabling limitation, and requires accessible employment technology at WCAG 2.1 AA minimum. The EEOC enforces Title I through administrative charges; violations expose employers to back pay, compensatory and punitive damages, and injunctive relief requiring policy and structural changes."
Technical ID
ada-employment-title-1
ADA (Hospitality Accessibility)
"ADA Title III (42 U.S.C. §12181–12189) requires all places of public accommodation — including hotels, motels, restaurants, bars, and food service establishments — to provide equal access to individuals with disabilities. New construction and alterations commenced after January 26, 1992 must fully comply with the 2010 ADA Standards for Accessible Design. Existing facilities must remove architectural barriers where readily achievable. Hotels must provide a regulated percentage of accessible guest rooms, van-accessible parking at prescribed ratios, accessible routes of 36-inch minimum clear width, pool lifts for pools exceeding 300 linear feet of pool wall, and visual communication features for guests with hearing impairments. DOJ enforces Title III through civil investigations and pattern-or-practice suits; private plaintiffs may sue for injunctive relief and attorney fees. Non-compliant operators face structural modification orders and potential damages in states with enhanced state accessibility laws."
Technical ID
ada-hospitality-access
Agent Budgetary Controls & Ceiling Checks
"Agentized financial controls (Action Boundaries) restrict an autonomous agent's spending power per session, task, or API call to prevent catastrophic loss or unbounded consumption. A properly implemented budget cap architecture requires: a durable spend counter initialized at agent boot, pre-call ceiling checks before every API invocation, fleet-level daily aggregation across all sessions, hard stops on breach with no retry path, mandatory human approval gates for high-value actions, full audit logging of every spend event, and MFA-gated emergency override procedures. Absent these controls, autonomous agents can exhaust allocated compute budgets, incur unexpected cloud costs, or trigger runaway API consumption within a single malformed task."
Technical ID
agent-budget-cap
Agent Emergency Stop (Kill-Switch) Design Patterns
"An AI Agent Kill-Switch is a deterministic safety mechanism designed to immediately terminate or throttle an autonomous agent's execution if it exceeds predefined behavioral, financial, or operational boundaries."
Technical ID
agent-kill-switch
Multi-Agent Collision Resolution
"Multi-agent collision logic provides deterministic protocols for resolving conflicts when two or more autonomous AI agents simultaneously attempt to access the same resource, modify the same shared state, execute contradictory actions, or pursue incompatible goal trajectories within a swarm or orchestration framework. Without collision resolution, multi-agent systems produce race conditions, data corruption, deadlocks, and cascading failures that are difficult to audit or remediate. The resolution framework draws from distributed systems theory — consensus algorithms, vector clocks, conflict-free replicated data types (CRDTs), and resource arbitration — as well as emerging agentic safety standards. Properly implemented collision logic ensures predictable, auditable outcomes and maintains system safety invariants even when individual agents operate concurrently and autonomously."
Technical ID
ai-agent-collision-logic
AI-IP: Guidance on Authorship
"The US Copyright Office's AI Policy Statement (February 2023) and subsequent guidance (March 2023) establish that copyright protection requires human authorship — purely AI-generated content without human creative control is not copyrightable in the United States. Works involving AI assistance may receive copyright protection for the human-authored elements, but only if a human author made sufficient creative choices that were expressed in the final output. The EU, UK, and other jurisdictions take varying positions, with the UK's Computer Generated Works doctrine providing limited protection for AI outputs. Misrepresenting AI-generated content as human-authored to obtain copyright registration constitutes fraud; failure to disclose AI involvement in patent applications may similarly invalidate those applications."
Technical ID
ai-ip-copyright
AICPA Code of Ethics
"The AICPA Code of Professional Conduct (ET §0.300) establishes binding ethical standards for Certified Public Accountants in public practice and business. The Code requires CPAs to maintain independence in all attest engagements — any direct or material indirect financial interest in an audit client creates an impairment with no de minimis exception. The Conceptual Framework (ET §1.010.010) mandates evaluation of five threat categories (self-interest, self-review, advocacy, familiarity, and intimidation) and application of safeguards before accepting or continuing any engagement. Key operational requirements include: 40 hours of continuing professional education annually, 7-year documentation retention under PCAOB Rule 4003, engagement quality review by a second partner for all public company audits, prohibition on management functions and bookkeeping for audit clients under SOX §201, and confidentiality breach notification within 24 hours. Violations expose CPAs to AICPA Ethics Division investigation, state board disciplinary action, license revocation, and SEC or PCAOB enforcement proceedings for registered firms."
Technical ID
aicpa-code-ethics
Responsible Alcohol Service
"Responsible alcohol service standards govern the legal and operational obligations of licensed on-premise alcohol retailers — bars, restaurants, hotels, event venues, and stadiums — to prevent service to minors and visibly intoxicated patrons. The National Minimum Drinking Age Act (23 U.S.C. §158) mandates a minimum legal drinking age of 21 in all U.S. states; service to minors exposes licensees to criminal liability, license revocation, and civil dram shop liability. State Dram Shop Acts impose third-party tort liability on servers who provide alcohol to visibly intoxicated persons who subsequently cause injury. Compliance requires: mandatory server certification through programs such as TIPS (Training for Intervention ProcedureS) or ServSafe Alcohol, documented ID verification procedures with a check-for-anyone-appearing-under-30 standard, written protocols for identifying signs of intoxication and executing patron cutoff, incident log maintenance, and manager override authorization for disputed service decisions. Licensees failing to enforce responsible service standards face ABC license suspension, criminal prosecution of servers, and civil judgments in dram shop actions that have exceeded $1 million in multiple U.S. jurisdictions."
Technical ID
alcohol-service-std
Amazon Ads (Policy)
"Compliance with this node ensures adherence to a comprehensive framework governing Amazon advertising, rooted in both platform policy and federal law. All advertising creative must meet stringent content requirements outlined in the Amazon Advertising Guidelines and Acceptance Policies, which mandate a minimum image longest side of 1000 pixels while strictly disallowing text on any main product image. Accompanying custom text fields are constrained to a maximum length of 50 characters. In alignment with guidance from FTC .com Disclosures, a sponsored disclosure is unequivocally required to maintain transparency with consumers. The node prohibits practices that could mislead consumers, reflecting the Lanham Act's general prohibition against false descriptions of fact in commerce. Consequently, deceptive pricing claims are disallowed, and any unsubstantiated claims are similarly forbidden, a rule further supported by the FTC Guides Concerning the Use of Endorsements and Testimonials regarding assertions like 'bestseller.' To protect platform integrity per the Amazon Seller Central Policy, off-platform redirection is not permitted, and a direct landing page ASIN match is mandated for all ad clicks. Intellectual property protections are enforced through mandatory brand registry verification as stipulated by the Amazon Brand Registry Terms of Use, a standard which also underpins the policy to prohibit competitor brand disparagement. Finally, all advertisements must utilize a supported marketplace language and avoid any restricted or prohibited product categories."
Technical ID
amazon-sponsored-ads-policy
Digital Asset Fair Value (IFRS 13)
"IFRS 13 Fair Value Measurement establishes a single framework for measuring fair value across all IFRS standards that require or permit fair value measurement, including digital assets, AI-tokenized instruments, and crypto holdings. The standard defines fair value as the exit price — the price received to sell an asset or paid to transfer a liability in an orderly transaction between market participants at the measurement date. Entities must classify inputs into a three-level hierarchy (Level 1: quoted prices, Level 2: observable inputs, Level 3: unobservable inputs) and maximize the use of observable inputs. Digital and AI-linked assets with limited trading history frequently fall into Level 3, requiring robust valuation models and extensive disclosures; inadequate classification or disclosure triggers audit qualifications and securities regulator scrutiny."
Technical ID
accounting-ifr-13
APRA CPS 230 (Resilience)
"APRA CPS 230 (Operational Risk Management) is the new cross-industry standard for the Australian financial sector. it replaces several legacy standards (CPS 231, CPS 232) with a unified framework for operational risk, service provider management, and business continuity, placing increased accountability on the board for the firm's resilience."
Technical ID
apra-cps-230-resilience
APRA Prudential Standard CPS 234 Information Security
"A mandatory Australian regulatory standard ensuring that APRA-regulated entities maintain robust information security capabilities, with ultimate accountability residing at the Board level."
Technical ID
apra-cps-234
Moving in tandem: bank provisioning in emerging market economies
"This study analyzes the determinants of loan loss provisions and delinquency ratios based on the balance sheets of 554 banks from emerging market economies (EMEs). The results show that provisions in EME banks respond mostly to aggregate variables, and very little to idiosyncratic factors. Specifically, bank-specific credit growth rates, often considered a measure of individual risk-taking, do not explain the level of loan loss provisions. The predominant effect observed is that provisions and actual losses are negatively related to past economic growth and positively related to past aggregate credit growth, indicating that EME banks' provisioning decisions are highly correlated. The findings suggest that EME banks' provisioning behavior is procyclical, as provisions tend to fall when output grows. The paper also estimates the forward and backward-looking components of provisions, finding that provisions respond mainly to past reported losses and do not anticipate future increases in credit losses. This procyclical behavior, possibly driven by the difficulty of assessing economic cycle permanence in EMEs, suggests that macroprudential tools designed to counter this effect could be effective in dampening credit cycles."
Technical ID
bank-provisioning-emerging-market-economies
Moving in tandem: bank provisioning in emerging market economies
"This study analyzes the determinants of loan loss provisions and delinquency ratios using balance sheet data from 554 banks in 18 emerging market economies (EMEs). The results show that provisions in EME banks respond mostly to aggregate variables and very little to idiosyncratic factors. Specifically, bank-specific credit growth rates, often considered a measure of individual risk-taking, do not explain the level of loan loss provisions. The predominant effect observed is that the level of provisions and actual losses is negatively related to past economic growth and positively related to past aggregate credit growth, suggesting that EME banks’ provisioning decisions are highly correlated. The findings indicate that provisioning is mainly backward-looking, responding to past reported losses rather than anticipating future ones. This behavior is procyclical, as provisions tend to fall when output grows. There is also evidence supporting an "income-smoothing" hypothesis, where banks increase provisions when earnings are higher. The paper suggests that since provisioning decisions are highly correlated and procyclical, macroprudential tools based on aggregate variables could be effective in dampening credit cycles and procyclical behavior."
Technical ID
bank-provisioning-emerging-markets
BSA SAR (Suspicious Activity)
"The Bank Secrecy Act (BSA) requires financial institutions to file a Suspicious Activity Report (SAR) for any transaction that is suspicious, appears to involve illegal activity, or has no logical business purpose. it is the primary reporting tool for the U.S. government to identify and combat money laundering, tax evasion, and terrorist financing."
Technical ID
bank-secrecy-act-suspicious
The Basel Committee’s response to the financial crisis: report to the G20
"The Basel Committee on Banking Supervision developed a reform programme, referred to as “Basel III”, to address the lessons of the financial crisis and strengthen the resilience of banks and the global banking system. The reforms seek to improve the banking sector’s ability to absorb shocks arising from financial and economic stress, thus reducing the risk of spillover from the financial sector to the real economy. The reforms strengthen bank-level, or micro prudential, regulation to raise the resilience of individual banking institutions in periods of stress, and also have a macro prudential focus, addressing system wide risks. The core obligations include raising the quality and level of capital to ensure banks are better able to absorb losses, including increasing the minimum common equity requirement from 2% to 4.5% and adding a capital conservation buffer of 2.5% for a total of 7%. The framework increases risk coverage for trading activities, securitisations, and counterparty credit exposures. It introduces an internationally harmonised leverage ratio as a backstop to the risk-based measures, introduces minimum global liquidity standards (a short term liquidity coverage ratio and a longer term net stable funding ratio), and promotes the build-up of capital buffers in good times that can be drawn down in periods of stress."
Technical ID
basel-committee-financial-crisis-response
The Basel Committee’s response to the financial crisis: report to the G20
"In response to the financial crisis, the Basel Committee on Banking Supervision developed a reform programme, collectively referred to as “Basel III”, to address weaknesses in the banking sector such as excessive leverage, inadequate and low-quality capital, and insufficient liquidity buffers. The reforms seek to improve the banking sector’s ability to absorb shocks arising from financial and economic stress, whatever the source, thus reducing the risk of spillover from the financial sector to the real economy. The reforms strengthen bank-level, or micro prudential, regulation to raise the resilience of individual banking institutions in periods of stress, and also have a macro prudential focus, addressing system wide risks which can build up across the banking sector. The key building blocks of Basel III include raising the quality, level, and risk coverage of the capital framework, with a minimum common equity requirement of 4.5% and a capital conservation buffer of 2.5%. It also introduces an internationally harmonised leverage ratio to serve as a backstop to the risk-based capital measure, and minimum global liquidity standards consisting of a short term liquidity coverage ratio and a longer term, structural net stable funding ratio. The reforms also promote the build up of capital buffers in good times that can be drawn down in periods of stress, including a countercyclical buffer. These new global standards apply to banking institutions and are designed to transform the global regulatory framework and promote a more resilient banking sector."
Technical ID
basel-committee-response-financial-crisis
International Convergence of Capital Measurement and Capital Standards A Revised Framework Comprehensive Version
"This framework presents the Basel Committee on Banking Supervision’s revisions to supervisory regulations governing the capital adequacy of internationally active banks. Its fundamental objective is to develop a framework that would further strengthen the soundness and stability of the international banking system while maintaining sufficient consistency that capital adequacy regulation will not be a significant source of competitive inequality among internationally active banks. The framework applies on a consolidated basis to internationally active banks, including any holding company that is the parent entity within a banking group, to ensure it captures the risk of the whole banking group. The revised framework is based on three pillars: minimum capital requirements, supervisory review, and market discipline. It retains key elements of the 1988 capital adequacy framework, including the general requirement for banks to hold total capital equivalent to at least 8% of their risk-weighted assets. A significant innovation is the greater use of assessments of risk provided by banks’ internal systems as inputs to capital calculations. The framework provides a range of options for determining the capital requirements for credit risk and operational risk to allow banks and supervisors to select approaches that are most appropriate for their operations and their financial market infrastructure."
Technical ID
basel-ii-capital-framework
Basel III Capital Requirements
"Basel III's framework, established by the Basel Committee on Banking Supervision's global regulatory framework and implemented through regulations such as the European Union's CRR and the US Federal Reserve's Regulation Q, mandates significantly strengthened capital and liquidity standards to enhance banking sector resilience. Institutions must maintain a minimum Common Equity Tier 1 ratio of at least 4.5 percent, a Tier 1 capital ratio of 6.0 percent or greater, and a Total Capital ratio equal to or exceeding 8.0 percent of risk-weighted assets. Beyond these minimums, a capital conservation buffer of at least 2.5 percent is required, alongside a calculated countercyclical capital buffer designed to protect against periods of excessive credit growth. Furthermore, a G-SIB surcharge is applied where applicable, consistent with the BCBS updated assessment methodology for higher loss absorbency by globally systemically important banks. A non-risk-weighted leverage ratio of 3.0 percent or more serves as a critical backstop. The framework also introduces two vital liquidity standards from dedicated BCBS publications: a Liquidity Coverage Ratio of at least 100 percent to ensure short-term survivability during stress, and a Net Stable Funding Ratio of 100 percent or greater to promote stable long-term funding structures. Compliance further necessitates meeting specific market risk capital requirements and applying the standardized approach for operational risk."
Technical ID
basel-iii-capital
Basel III: A global regulatory framework for more resilient banks and banking systems
"This document presents the Basel Committee’s reforms to strengthen global capital and liquidity rules with the goal of promoting a more resilient banking sector. The objective of the reforms is to improve the banking sector’s ability to absorb shocks arising from financial and economic stress, whatever the source, thus reducing the risk of spillover from the financial sector to the real economy. The reforms address lessons from the financial crisis, where many countries' banking sectors had built up excessive on- and off-balance sheet leverage, accompanied by an erosion of the level and quality of the capital base and insufficient liquidity buffers. The framework strengthens bank-level, or microprudential, regulation and also has a macroprudential focus, addressing system-wide risks. Core elements include raising both the quality and quantity of the regulatory capital base, where the predominant form of Tier 1 capital must be common shares and retained earnings. It enhances the risk coverage for counterparty credit exposures from derivatives, repo, and securities financing activities. The reforms are underpinned by a leverage ratio that serves as a backstop to the risk-based capital measures. The framework also introduces macroprudential elements to help contain systemic risks, including a capital conservation buffer and a countercyclical buffer to protect the banking sector from periods of excess credit growth."
Technical ID
basel-iii-global-regulatory-framework
Basel III Liquidity (LCR)
"The Liquidity Coverage Ratio (LCR) is a core component of the Basel III post-crisis reform. it ensures that banks maintain an adequate level of unencumbered high-quality liquid assets (HQLA) that can be converted into cash easily and immediately in private markets to meet their liquidity needs for a 30-day calendar day liquidity stress scenario."
Technical ID
basel-iii-liquidity-lcr
Basel IV: Capital Floor & Liquidity
"The Basel IV framework (the final Basel III reforms) introduces a standardized output floor to prevent banks from using internal models to underestimate risk. It significantly tightens capital requirements for G-SIBs and harmonizes the calculation of Risk-Weighted Assets (RWA) across the global banking sector."
Technical ID
basel-iv-liquidity
Basel IV Output Floor
"The Basel IV Output Floor is the centerpiece of the 2017 Basel III 'completion' reforms. It limits the reduction in risk-weighted assets (RWA) that can result from a bank's use of internal models by mandating that RWAs calculated using internal models cannot fall below 72.5% of the RWAs calculated using the standardized approach."
Technical ID
basel-iv-output-floor
Principles for the effective management and supervision of climate-related financial risks
"Climate change may result in physical and transition risks that could affect the safety and soundness of individual banking institutions and have broader financial stability implications for the banking system. This document from the Basel Committee on Banking Supervision (BCBS) seeks to promote a principles-based approach to improving risk management and supervisory practices related to these risks. The consultative document includes 18 high-level principles: Principles 1 through 12 provide banks with guidance on effective management of climate-related financial risks, while principles 13 through 18 provide guidance for prudential supervisors. Banks are potentially exposed to climate-related financial risks regardless of their size, complexity or business model. They should therefore consider the potential impacts of climate-related risk drivers on their individual business models and assess the financial materiality of these risks. Banks should manage climate-related financial risks in a manner that is proportionate to the nature, scale and complexity of their activities and the overall level of risk that each bank is willing to accept. The principles are intended to provide a common baseline for internationally active banks and supervisors, while maintaining sufficient flexibility given the degree of heterogeneity and evolving practices in this area. The board of directors and senior management are expected to take a long-term consideration of climate-related financial risks, as their impacts could manifest over varying time horizons."
Technical ID
bcbs-climate-related-financial-risks
Sound Practices: Implications of fintech developments for banks and bank supervisors
"Interest is growing in financial technology, or 'fintech'. In response, the Basel Committee on Banking Supervision (BCBS) has analyzed the implications for supervisors and banks’ business models. As fintech developments remain fluid, the impact on banks is uncertain, but a common theme is that banks will find it increasingly difficult to maintain their current operating models given technological change and customer expectations. The nature and scope of banking risks as traditionally understood may significantly change over time with the growing adoption of fintech, in the form of both new technologies and business models. This Sound Practices paper combines historical research, product analysis, and scenario analysis to provide a forward-looking perspective on fintech's potential impact on the banking industry, identifying key observations and related recommendations. For banks, the key risks associated with the emergence of fintech include strategic risk, operational risk, cyber-risk and compliance risk. The core recommendation is that banks should ensure they have effective governance structures and risk management processes to identify, manage and monitor these risks. This includes robust strategic planning, sound new product approval processes, implementation of operational risk principles, and appropriate due diligence and monitoring for any operations outsourced to third parties, including fintech firms. Ultimately, banks and bank supervisors are encouraged to balance ensuring the safety and soundness of the banking system with minimizing the risk of inadvertently inhibiting beneficial innovation in the financial sector, thereby promoting financial stability and consumer protection."
Technical ID
bcbs-fintech-sound-practices
Supervisory framework for measuring and controlling large exposures
"This framework was developed to limit the maximum loss a bank could face in the event of a sudden counterparty failure to a level that does not endanger the bank’s solvency. It complements the Committee’s risk-based capital standard because the latter is not designed specifically to protect banks from large losses resulting from the sudden default of a single counterparty. The framework is applicable to all internationally active banks and must apply at every tier within a banking group. The core obligation is for banks to measure, aggregate, and control exposures to single counterparties or to groups of connected counterparties. The sum of all exposure values of a bank to a counterparty or to a group of connected counterparties is defined as a large exposure if it is equal to or above 10% of the bank’s eligible Tier 1 capital base. The sum of all exposure values to a single counterparty or group of connected counterparties must not be higher than 25% of the bank’s available eligible capital base at all times. A relatively tighter limit on exposures between global systemically important banks (G-SIBs) is included, set at 15% of the eligible capital base."
Technical ID
bcbs-large-exposures-framework
Principles for Operational Resilience
"The Basel Committee on Banking Supervision promotes a principles-based approach to improving operational resilience, defined as the ability of a bank to deliver critical operations through disruption. This approach builds on the Committee’s Principles for the Sound Management of Operational Risk (PSMOR) and is intended to strengthen banks’ ability to absorb operational risk-related events such as pandemics, cyber incidents, and technology failures. The principles apply on a consolidated basis to banks consistent with the scope of the Basel Framework. The core obligation is for a bank to establish an effective operational resilience approach that enables it to identify and protect itself from threats, respond and adapt to, and recover and learn from disruptive events to minimize their impact. This involves considering its overall risk appetite and tolerance for disruption. The principles are organized across seven categories: governance; operational risk management; business continuity planning and testing; mapping of interconnections and interdependencies of critical operations; third-party dependency management; incident management; and resilient information and communication technology (ICT), including cyber security. An operationally resilient bank is less prone to incur untimely lapses in its operations and losses from disruptions, thus lessening incident impact on critical operations."
Technical ID
bcbs-principles-operational-resilience
Principles for the Sound Management of Operational Risk
"This document details eleven principles of sound operational risk management covering governance, the risk management environment, and the role of disclosure. It replaces the 2003 Sound Practices for the Management and Supervision of Operational Risk, incorporating the evolution of sound practice and enhanced operational risk management practices now in use by the industry. The principles are relevant to all banks, which are expected to take account of the nature, size, complexity, and risk profile of their activities during implementation. Supervisors will evaluate a bank's policies, processes, and systems related to operational risk as part of their assessment of the bank's framework. The core obligation is for banks to develop, implement, and maintain an operational risk management framework that is fully integrated into the bank’s overall risk management processes. This framework should be founded on a strong risk management culture led by the board of directors and senior management. It must be comprehensively documented in board-approved policies and include clear definitions and governance structures. A common industry practice for sound governance relies on three lines of defence: business line management, an independent corporate operational risk management function, and an independent review. The framework must also address business resiliency and continuity to ensure the bank can operate on an ongoing basis and limit losses in the event of severe business disruption."
Technical ID
bcbs-principles-sound-management-operational-risk
Principles for Sound Liquidity Risk Management and Supervision
"Liquidity is the ability of a bank to fund increases in assets and meet obligations as they come due, without incurring unacceptable losses. The fundamental role of banks in the maturity transformation of short-term deposits into long-term loans makes banks inherently vulnerable to liquidity risk. This guidance outlines principles for the sound management of liquidity risk, prompted by market turmoil that re-emphasised the importance of liquidity to the functioning of financial markets and the banking sector. The difficulties highlighted that many banks had failed to take account of a number of basic principles of liquidity risk management, such as having an adequate framework that satisfactorily accounted for the liquidity risks posed by individual products and business lines. Many firms viewed severe and prolonged liquidity disruptions as implausible and did not conduct stress tests that factored in the possibility of market wide strain. This guidance applies to all types of banks, with implementation tailored to the size, nature of business and complexity of a bank’s activities. The core obligation is that a bank is responsible for the sound management of liquidity risk. A bank should establish a robust liquidity risk management framework that ensures it maintains sufficient liquidity, including a cushion of unencumbered, high quality liquid assets, to withstand a range of stress events, including those involving the loss or impairment of both unsecured and secured funding sources. Supervisors should assess the adequacy of both a bank's liquidity risk management framework and its liquidity position and should take prompt action if a bank is deficient in either area."
Technical ID
bcbs-sound-liquidity-risk-management
Principles for sound stress testing practices and supervision
"Stress testing is an important risk management tool used by banks as part of their internal risk management and, through the Basel II capital adequacy framework, is promoted by supervisors. It alerts bank management to adverse unexpected outcomes related to a variety of risks and provides an indication of how much capital might be needed to absorb losses should large shocks occur. Stress testing plays a particularly important role in providing forward-looking assessments of risk, overcoming limitations of models and historical data, supporting communication, feeding into capital and liquidity planning, informing the setting of a bank's risk tolerance, and facilitating the development of risk mitigation plans. Following the financial crisis, which highlighted significant weaknesses in banks' stress testing practices, the Basel Committee developed these sound principles for banks and supervisors. The principles cover the overall objectives, governance, design, and implementation of stress testing programmes. The recommendations are aimed at deepening and strengthening banks’ stress testing practices and apply to banks on a proportionate basis, commensurate with their size, complexity, and risk profile. The core obligation is for a bank's stress testing to form an integral part of its overall governance, with results that are actionable and impact decision-making at the board and senior management levels."
Technical ID
bcbs-sound-stress-testing-practices
Artificial intelligence and machine learning in financial services
"This joint BIS and FSB report outlines key considerations for financial institutions and supervisors regarding the use of AI and ML, emphasizing the need for robust governance, data quality, and model risk management frameworks to ensure operational resilience and financial stability. It highlights the importance of adapting existing risk management practices to address unique AI/ML challenges like explainability, fairness, and third-party dependencies, as detailed in Sections 3 and 4."
Technical ID
bis-ai-financial-services-2023
III. CBDCs: an opportunity for the monetary system
"This chapter examines how central bank digital currencies (CBDCs) can contribute to an open, safe and competitive monetary system that supports innovation and serves the public interest. CBDCs are a form of digital money, denominated in the national unit of account, which is a direct liability of the central bank. They can be designed for use either among financial intermediaries only (wholesale CBDCs), or by the wider economy (retail CBDCs). The overriding criterion when evaluating a change to the monetary system should be whether it serves the public interest, encompassing economic benefits, governance quality, and basic rights such as data privacy. Digital money should be designed with this in mind, and retail CBDCs could ensure open payment platforms and a competitive level playing field conducive to innovation. The ultimate benefits of adopting a new payment technology will depend on the competitive structure of the underlying payment system and data governance arrangements. The same technology that can encourage a virtuous circle of greater access, lower costs and better services might equally induce a vicious circle of data silos, market power and anti-competitive practices. The report argues that CBDCs are best designed as part of a two-tier system, where the central bank provides the foundational infrastructure and private payment service providers (PSPs) use their creativity to serve customers. Design choices regarding digital identification and architecture (hybrid vs. intermediated) are crucial for balancing innovation, financial stability, and user privacy."
Technical ID
bis-cbdcs-monetary-system
BIS Principles (FMI)
"The Principles for Financial Market Infrastructures (PFMI) are the international standards for the infrastructure that facilitates the clearing, settlement, and recording of monetary and other financial transactions. Developed by CPSS (now CPMI) and IOSCO, the 24 principles are designed to ensure the safety, efficiency, and resilience of systemically important payment systems and central counterparties."
Technical ID
bis-principles-fmi-2012
CFTC Part 49 (Swaps)
"Compliance with CFTC Part 49 is predicated on maintaining an active registration as a Swap Data Repository (SDR) pursuant to procedures outlined in 17 CFR § 49.3. A designated Chief Compliance Officer, as mandated by 17 CFR § 49.22, administers the comprehensive compliance program and ensures an annual compliance report is filed. The SDR actively disseminates swap transaction data through real-time public reporting mechanisms consistent with 17 CFR § 49.15, while also providing the Commission with direct electronic access to all SDR data as required under 17 CFR § 49.17. Comprehensive swap data recordkeeping obligations are met per 17 CFR § 49.12; all data is maintained for a minimum of five years following swap termination. Strict privacy and confidentiality protocols are enforced over this information, adhering to requirements of 17 CFR § 49.16. Operational integrity and data security are further upheld through fully compliant system safeguards. These safeguards include the successful execution of an annual penetration test, robust disaster recovery plans targeting a two-hour Recovery Time Objective, and a formal procedure for cyber incident notification to the Commission within 24 hours of discovery, ensuring the protection and availability of critical market data."
Technical ID
cftc-part-49-swap-reporting
CHAPS RTGS (Payments)
"CHAPS (Clearing House Automated Payment System) is the UK's high-value, real-time gross settlement (RTGS) payment system. it is used for critical financial transactions, such as the interbank house purchases and the corporate the trades, ensuring the immediate and the irrevocable settlement of the funds through the Bank of England's the reserve accounts."
Technical ID
chaps-rtgs-high-val-london
GDPR Data Processing Agreement (DPA) Checklist
"A compliant Data Processing Agreement establishes a legally binding contract defining the processor's obligations, consistent with European Data Protection Board Guidelines 07/2020. The processor must act exclusively upon documented controller instructions, a mandate under which `unauthorized_cross_border_transfers_blocked` is enforced. This requirement extends to personnel, for whom `personnel_confidentiality_verified` commitments are mandatory. Pursuant to Article 28(3)(c) and Article 32, security of processing is paramount, with `art_32_security_measures_active` representing a baseline condition. Engaging any sub-processor necessitates prior written authorization, as stipulated by Article 28(2); moreover, all data protection obligations must be flowed down contractually, ensuring `subprocessor_flow_down_liability_active`. The processor’s duty to assist its controller is fundamental. This includes enabling responses to data subject requests through `dsar_assistance_enabled` functionality and supporting Data Protection Impact Assessment consultations. Following a personal data breach, notification to the controller must occur without undue delay, respecting the `breach_notification_max_hours` threshold of 72 hours. Upon termination of services, `post_contract_data_deletion_required` is triggered, permitting a `retention_period_days_post_termination` of zero days to guarantee complete data removal. Finally, `controller_audit_rights_enabled` allows for verification of these ongoing compliance commitments."
Technical ID
compliance-gdpr-dpa
Guidance on cyber resilience for financial market infrastructures
"The purpose of this document is to provide guidance for Financial Market Infrastructures (FMIs) to enhance their cyber resilience. It provides supplemental guidance to the CPMI-IOSCO Principles for Financial Market Infrastructures (PFMI), primarily in the context of governance, risk management, settlement finality, operational risk, and FMI links. This guidance details preparations and measures that FMIs should undertake to enhance their cyber resilience capabilities, with the objective of limiting the escalating risks that cyber threats pose to financial stability. The guidance is directly aimed at FMIs, which are defined as systemically important payment systems, central securities depositories (CSDs), securities settlement systems (SSSs), central counterparties (CCPs), and trade repositories (TRs). The guidance is structured around five primary risk management categories: governance, identification, protection, detection, and response and recovery, along with three overarching components: testing, situational awareness, and learning and evolving. A core expectation is that an FMI should design and test its systems and processes to enable the safe resumption of critical operations within two hours of a disruption and to enable itself to complete settlement by the end of the day of the disruption, even in the case of extreme but plausible scenarios. FMIs are expected to use a risk-based approach and develop concrete plans to meet these objectives within 12 months of the guidance's publication."
Technical ID
cpmi-iosco-cyber-resilience-fmi
OECD CRS (Tax Exchange)
"The Common Reporting Standard (CRS) is the global benchmark for the automatic exchange of financial account information (AEOI) to combat tax evasion. Developed by the OECD, it requires financial institutions in participating jurisdictions to identify and report the account holders who are tax resident in other jurisdictions, ensuring the transparent flow of the tax data across the borders."
Technical ID
crs-oecd-tax-automatic
Volcker Rule (Prop Trading)
"The Volcker Rule (Section 619 of the Dodd-Frank Act) prohibits U.S. banking entities from engaging in proprietary trading or acquiring/sponsoring 'Covered Funds' (Hedge Funds or Private Equity). it is designed to separate commercial banking from high-risk investment activities, ensuring that deposit-taking institutions do not risk taxpayer-insured funds for their own gain."
Technical ID
dodd-frank-volcker-rule
DORA — EU Digital Operational Resilience Act
"Regulation (EU) 2022/2554 (DORA — Digital Operational Resilience Act), published December 27, 2022 and directly applicable (no national transposition required) across all EU member states from January 17, 2025, establishes binding ICT risk management, incident reporting, resilience testing, and third-party risk oversight requirements for 20+ categories of EU financial entities. DORA applies to credit institutions, investment firms, payment institutions, e-money institutions, insurance/reinsurance undertakings, crypto-asset service providers (CASPs), central counterparties (CCPs), trade repositories, AIFMs, UCITS management companies, data reporting services providers, and more. Key obligations: (1) ICT risk management framework with governance, protection, detection, response, and recovery capabilities; (2) ICT-related incident classification and mandatory reporting — initial notification within 4 hours of classification as major incident, intermediate report within 72 hours, final report within 1 month; (3) Digital operational resilience testing including Threat-Led Penetration Testing (TLPT) every 3 years for significant entities; (4) ICT third-party risk management with contractual requirements for Critical ICT Third-Party Providers (CTPPs) who are directly supervised by an EU Lead Overseer (EBA, ESMA, or EIOPA depending on sector). DORA displaces NIS2 obligations for in-scope financial entities (lex specialis principle)."
Technical ID
dora-ict-risk
Digital Operational Resilience Act (DORA) - Chapter II: ICT Risk Management (Articles 5-16)
"Requires EU financial entities to establish and maintain a comprehensive, well-documented ICT risk management framework, as mandated by Article 6. This framework, overseen by the management body (Article 5), must encompass strategies for identification, protection, detection, response, and recovery, including detailed policies for business continuity, disaster recovery, and incident management."
Technical ID
dora-ict-risk-management-articles-5-16
Regulation (EU) 2022/2554 (DORA) — ICT-Related Incident Management and Reporting (Articles 17-23)
"Regulation (EU) 2022/2554 (DORA) requires financial entities to establish a comprehensive ICT-related incident management process, including detection, classification, and response. Per Articles 18 and 19, entities must classify all ICT-related incidents and report those deemed 'major' to their competent authority using a harmonized, multi-stage reporting timeline."
Technical ID
dora-incident-reporting-articles-17-23
Digital Operational Resilience Testing Programme (Articles 24-27) - Regulation (EU) 2022/2554 (DORA)
"This regulation requires EU financial entities to establish and maintain a comprehensive, risk-based digital operational resilience testing programme to assess preparedness, identify vulnerabilities, and validate protective measures. As per Article 26, significant entities must conduct advanced threat-led penetration testing (TLPT) at least every three years."
Technical ID
dora-resilience-testing-articles-24-27
DORA ICT Third-Party Risk Management and Oversight — Articles 28-44 (Regulation 2022/2554)
"This regulation requires EU financial entities to manage risks associated with ICT third-party service providers by maintaining a register of information, conducting due diligence, and ensuring specific contractual provisions are in place (Article 30). It also establishes a Union Oversight Framework for critical ICT third-party service providers, granting Lead Overseers direct powers of investigation and enforcement (Article 31)."
Technical ID
dora-third-party-risk-articles-28-44
EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04)
"These guidelines require EU financial institutions, including credit institutions, investment firms, and payment service providers, to establish a comprehensive and documented ICT and security risk management framework. This framework, as mandated by Title I, Guideline 1, must ensure the management body defines, approves, and oversees the implementation of the institution's ICT strategy and risk management."
Technical ID
eba-guidelines-ict-risk-2019
EBA Outsourcing Guidelines
"The EBA Guidelines on Outsourcing Arrangements (EBA/GL/2019/02) apply a unified framework for the financial sector across the EU. it specifies the governance and the pre-outsourcing due diligence required for all credit institutions and the investment firms, with a specific focus on the 'Critical or Important' functions that affect the firm's the regulatory compliance."
Technical ID
eba-outsourcing-guide
ECB Guide (Internal Models)
"The ECB Guide to Internal Models (EGIM) provides the foundational standard for the supervised banks in the Eurozone to the use of the 'Internal Ratings Based' (IRB) approach for calculating the regulatory capital. it specifies the risk parameter estimation (PD, LGD, EAD) and the validation requirements for the credit risk models."
Technical ID
ecb-guide-internal-models
ECB Guide to Internal Models (TRIM) and SREP Pillar 2 Capital Requirements 2023
"This guide outlines the European Central Bank's supervisory expectations for banks using internal models to calculate risk-weighted assets (RWAs), specifying how model deficiencies identified during the Targeted Review of Internal Models (TRIM) will impact Pillar 2 capital requirements (P2R) as part of the Supervisory Review and Evaluation Process (SREP), as detailed in Chapter 2."
Technical ID
ecb-srep-2023-supervisory-guide
Regulation (EU) 2024/1620 of the European Parliament and of the Council of 31 May 2024 establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism and amending Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010
"This regulation establishes the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA) as the central EU authority for direct and indirect supervision of high-risk obliged entities to prevent the use of the financial system for money laundering and terrorist financing, as mandated by Article 1."
Technical ID
eu-aml-authority-amla-2024
Regulation (EU) 2024/1624 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing
"This regulation establishes a unified, directly applicable Anti-Money Laundering and Counter-Financing of Terrorism (AML/CFT) rulebook for the EU, mandating obliged entities to conduct risk assessments, perform customer due diligence (CDD), and implement robust internal controls. As per Article 1, it harmonises rules across the Union to prevent the misuse of the financial system for ML/TF."
Technical ID
eu-aml-regulation-2024
Regulation (EU) 2024/886 of the European Parliament and of the Council of 13 March 2024 amending Regulations (EU) No 260/2012 and (EU) 2021/1230 and Directives 98/26/EC and (EU) 2015/2366 as regards instant credit transfers in euro
"This regulation mandates that Payment Service Providers (PSPs) in the SEPA area offering standard euro credit transfers must also offer the service of sending and receiving instant credit transfers 24/7/365, at a cost no higher than standard transfers, as stipulated in Article 5a. It also introduces a mandatory service for verifying the payee's name against their IBAN before payment authorization to prevent fraud, per Article 5c."
Technical ID
eu-instant-payments-regulation-2024
Proposal for a Regulation on payment services in the internal market (PSR) and a Directive on payment services and electronic money services in the Internal Market (PSD3)
"This proposal evolves PSD2 to enhance consumer protection, improve open banking competition, and strengthen enforcement by introducing stricter Strong Customer Authentication (SCA) rules, expanding data access for third-party providers (TPPs), and merging the legal frameworks for electronic money and payment services (PSR Article 1, PSD3 Article 1). It applies to all payment service providers (PSPs), including banks, e-money institutions, and payment institutions operating within the EU."
Technical ID
eu-psd3-proposal-2023
FATCA IGA (Tax Compliance)
"The Foreign Account Tax Compliance Act (FATCA) is a U.S. federal law requiring foreign financial institutions (FFIs) to report the assets of U.S. account holders. The legislation is primarily implemented through Intergovernmental Agreements (IGAs) (Model 1 & Model 2), which provide a legal framework for FFIs to report to their national authority or the IRS, ensuring global tax transparency."
Technical ID
fatca-iga-compliance
AI Agent Anti-Money Laundering (AML) Compliance
"Autonomous agents performing financial functions are subject to the same FATF risk-based approach as traditional entities. Compliance requires 'Neural AML' – embedding real-time traceability, KYC verification, and transaction monitoring directly into the agentic workflow."
Technical ID
fatf-aml-agent
UPDATED GUIDANCE FOR A RISK-BASED APPROACH VIRTUAL ASSETS AND VIRTUAL ASSET SERVICE PROVIDERS
"In October 2018, the Financial Action Task Force (FATF) adopted changes to its Recommendations to explicitly clarify that they apply to financial activities involving virtual assets (VAs) and introduced definitions for 'virtual asset' and 'virtual asset service provider' (VASP). The amended FATF Recommendation 15 requires that VASPs be regulated for anti-money laundering and countering the financing of terrorism (AML/CFT) purposes, be licensed or registered, and subject to effective systems for monitoring or supervision. This guidance is intended to help national authorities develop regulatory and supervisory responses to VA activities and VASPs, and to assist private sector entities in understanding and complying with their AML/CFT obligations. The guidance outlines the need for countries and VASPs to understand and mitigate money laundering and terrorist financing (ML/TF) risks associated with VA activities. It details the full range of obligations applicable to VASPs, which are the same full set of obligations as financial institutions, including customer due diligence (CDD), recordkeeping, suspicious transaction reporting (STR), and the implementation of the 'travel rule' (Recommendation 16). The travel rule mandates that VASPs must obtain, hold, and transmit required originator and beneficiary information during VA transfers. The guidance also clarifies the specific requirement for VASPs to conduct customer due diligence for occasional transactions above a USD/EUR 1,000 threshold."
Technical ID
fatf-guidance-virtual-assets-vasp
GUIDANCE ON PROLIFERATION FINANCING RISK ASSESSMENT AND MITIGATION
"This non-binding Guidance from the Financial Action Task Force (FATF) aims to develop a common understanding of the amendments to FATF Recommendation 1, which require countries and private sector entities to identify, assess, understand, and mitigate their proliferation financing (PF) risks. In the context of this Guidance, proliferation financing risk refers strictly and only to the potential breach, non-implementation, or evasion of the targeted financial sanctions (TFS) obligations outlined in Recommendation 7, specifically concerning regimes for the Democratic People’s Republic of Korea (DPRK) and Iran. The document is intended for countries, competent authorities, supervisors, financial institutions, Designated Non-Financial Businesses and Professions (DNFBPs), and Virtual Asset Service Providers (VASPs). The core obligation for private sector entities is to have processes in place to identify, assess, monitor, manage, and mitigate these risks. These processes may be integrated within existing targeted financial sanctions and/or compliance programmes, and entities are not expected to establish duplicative processes. The Guidance recognizes that there is no one-size-fits-all approach and encourages countries and private sector entities to implement measures proportionate to the risks they face, having regard to their specific context, risk profile, and the materiality of different sectors. Full application of targeted financial sanctions as required by Recommendation 7 remains mandatory in all cases."
Technical ID
fatf-pf-risk-assessment-mitigation
FATF Recommendation 16 (Travel Rule)
"FATF Recommendation 16, also known as the 'Travel Rule', is the global AML/CFT standard for virtual assets. It requires Virtual Asset Service Providers (VASPs) to collect and transmit originator and beneficiary information for all virtual asset transfers exceeding $1,000 to prevent money laundering and terrorist financing."
Technical ID
fatf-travel-rule-v2
FATF Virtual Asset Red Flags
"The FATF Virtual Asset Red Flag Indicators (2020) provides a report to assist financial institutions and Virtual Asset Service Providers (VASPs) in identifying potential money laundering and terrorist financing activity. it categorizes indicators into transaction patterns, anonymity, and sender/recipient behavior to enhance risk-based monitoring."
Technical ID
fatf-virtual-asset-redfl
FCA Consumer Duty (2023)
"The FCA Consumer Duty (PS22/9) is a major U.S.-style 'fiduciary' reform for the UK retail financial sector. It introduces a new 'Consumer Principle' (Principle 12), requiring firms to act to deliver good outcomes for retail customers, setting higher and clearer standards of consumer protection across all financial services."
Technical ID
fca-consumer-duty-2023
FDIC Part 370 (Records)
"FDIC Part 370 (Recordkeeping for Timely Deposit Insurance Determination) is a critical compliance standard for large U.S. banks (over 2 million deposit accounts). it requires institutions to maintain the account records in a specific format that allows the FDIC determine the insurance the amount for the account holder within 24 hours of a failure."
Technical ID
fdic-part-370-recordkeep
Cross-Border VAT/GST Calculation Logic
"Cross-border VAT/GST calculation logic for services and intangibles operates strictly under the destination principle for business-to-consumer (B2C) supplies, aligning with Chapter 3 of the OECD International VAT/GST Guidelines and mirrored in national legislation such as Australia's Tax and Superannuation Laws Amendment from 2016 and Singapore's Goods and Services Tax (Amendment) Act 2018. The place of supply determination for these B2C transactions hinges on robust customer location verification. Pursuant to frameworks like EU Council Implementing Regulation No 1042/2013, the system mandates collection of a minimum of two non-contradictory pieces of location evidence; transactions are automatically blocked if conflicting location data is presented. For auditability, both customer IP and billing addresses are stored. Within the European Union, a specific €10,000 annual turnover threshold exists for micro-businesses, below which B2C supplies may remain subject to home country VAT rules. For business-to-business (B2B) transactions, the system enforces the reverse charge mechanism as stipulated by regulations like the EU VAT Directive 2006/112/EC and Section 7A of the UK Value Added Tax Act 1994. This requires mandatory real-time validation of customer VAT numbers through systems like VIES, which the platform will attempt up to a maximum of three retries before failure. The logic disallows any exemptions for digital services, and should a conclusive tax jurisdiction not be determined, a default tax rate fallback of zero percent is applied to prevent erroneous charges."
Technical ID
finance-tax-logic
FINRA Rule 3110 (Supervision)
"FINRA Rule 3110 is the foundational U.S. standard for the supervision of the registered representatives and the offices of broker-dealers. it requires firms to establish and maintain a system of the supervisory procedures (WSPs) to ensure the compliance with the applicable securities laws and the FINRA rules, with a specific focus on the regular inspection and the oversight of the 'Offices of Supervisory Jurisdiction' (OSJ)."
Technical ID
finra-3110-supervision
The Federal Reserve reminds firms of safe and sound practices for counterparty credit risk management in light of the Archegos Capital Management default
"In light of the Archegos Capital Management default, which caused over $10 billion in losses across several large banks, the Federal Reserve is issuing guidance to remind firms of supervisory expectations for counterparty credit risk management. This letter is intended for use by banking organizations with large derivatives portfolios and relationships with investment funds, as well as for supervisors. It is generally not applicable to community banking organizations. The guidance addresses concerns with practices where firms accept incomplete and unverified information from investment funds, particularly regarding strategy, concentrations, and relationships with other market participants. The core obligations emphasize that firms should obtain and verify critical information regarding a fund's size, leverage, and concentrated positions. If a client refuses to provide this information, firms should reconsider the relationship or apply strong compensating measures, such as more stringent contractual terms. The Federal Reserve also reminds firms that poor communication frameworks, inadequate risk management functions, and ineffective governance hamper their ability to identify and address risk. Firms must ensure risk management functions have the experience and stature to control risks, and that margin terms are appropriate, risk-sensitive, and do not prevent the firm from improving its margin position or closing out positions quickly."
Technical ID
frb-sr-21-19-counterparty-credit-risk
FSB Key Attributes (Resolution)
"The FSB Key Attributes of Effective Resolution Regimes for Financial Institutions are the international standards for the orderly resolution of failing systemically important financial institutions (SIFIs). it provides the mandatory powers and tools for national authorities to resolve banks without taxpayer bailouts, ensuring the continuity of the critical functions."
Technical ID
fsb-key-attributes-res
FSB TCFD (Banking)
"The TCFD (Task Force on Climate-related Financial Disclosures) Banking Sector Disclosures provide a specific framework for banks to report on the financial implications of the climate change. it requires detailed transparency on how banks identify, assess, and manage the 'Physical' and 'Transition' risks within their lending and investment portfolios, ensuring the global market stability during the green transition."
Technical ID
fsb-tcfd-banking-disc
Fundamental review of the trading book
"This consultative document presents the initial policy proposals emerging from the Basel Committee’s fundamental review of trading book capital requirements, intended to strengthen capital standards for market risk and contribute to a more resilient banking sector. The review was initiated because the financial crisis exposed material weaknesses in the design of the framework for capitalising trading activities, where the level of capital proved insufficient to absorb losses. The proposals address shortcomings in the overall design of the regime as well as weaknesses in risk measurement under both the internal models-based and standardised approaches. The Committee's key areas of focus include a reassessment of the trading book/banking book boundary, with proposals for a "trading evidence-based" or a "valuation-based" boundary. It intends to move to a capital framework that is calibrated to a period of significant financial stress. A significant proposal is moving from Value-at-Risk (VaR) to Expected Shortfall (ES) to better capture "tail risk". The proposals also seek a comprehensive incorporation of the risk of market illiquidity, using "liquidity horizons" defined as the time required to exit or hedge a risk position in a stressed market. The Committee is also considering the treatment of hedging and diversification, and strengthening the relationship between the standardised and internal models-based approaches, potentially by introducing the standardised approach as a floor."
Technical ID
fundamental-review-of-the-trading-book
Guidance on Model Risk Management
"This supervisory guidance, issued by the Federal Reserve and the Office of the Comptroller of the Currency (OCC), is intended for use by banking organizations and supervisors to assess the management of model risk. It applies to all banking organizations supervised by the Federal Reserve, taking into account each organization’s size, nature, complexity, and the extent of its use of models. The guidance defines a model as a quantitative method, system, or approach that applies statistical, economic, financial, or mathematical theories to process input data into quantitative estimates. The core obligation is for banking organizations to be attentive to the possible adverse consequences of decisions based on models that are incorrect or misused. Organizations must address these consequences through active model risk management, which includes robust model development, implementation, and use; effective validation; and sound governance, policies, and controls. Model risk is the potential for adverse consequences from decisions based on incorrect or misused model outputs, which can lead to financial loss, poor business and strategic decision-making, or damage to a banking organization’s reputation. A guiding principle is the 'effective challenge' of models, which involves critical analysis by objective, informed parties that can identify model limitations and produce appropriate changes."
Technical ID
guidance-on-model-risk-management
HKMA TM-G-1 (Tech Risk)
"HKMA TM-G-1 (General Principles for Technology Risk Management) is a Supervisory Policy Manual (SPM) issued by the Hong Kong Monetary Authority. it provides minimum standards for the management of the technology risks that institutions face, specifically covering the oversight of the e-banking, the logical access controls, and the third-party providers."
Technical ID
hkma-tm-g-1-tech-risk
IFRS 17: Insurance Contracts
"IFRS 17 is the first truly international accounting standard for insurance contracts, replacing IFRS 4. It provides a consistent framework for recognizing profit and measuring insurance liabilities, using a current value approach to improve financial transparency and comparability across the global insurance sector."
Technical ID
ifrs-17-contracts
IFRS 9: Expected Credit Loss (ECL)
"IFRS 9 introduces the Expected Credit Loss (ECL) model for financial instruments, replacing the older 'Incurred Loss' model. It requires organizations to recognize impairments based on forward-looking macroeconomic forecasts and probability-weighted outcomes, reflecting a more realistic and proactive approach to credit risk management."
Technical ID
ifrs-9-impairment
Sustainability (IFRS S1)
"IFRS S1 General Requirements for Disclosure of Sustainability-related Financial Information, issued by the ISSB (International Sustainability Standards Board) in June 2023 and effective for reporting periods beginning January 1, 2024, establishes the foundational framework for sustainability-related financial disclosures that are material to investors in assessing enterprise value. IFRS S1 requires entities to disclose sustainability-related risks and opportunities that could reasonably be expected to affect the entity's cash flows, access to finance, and cost of capital — the financial materiality lens, distinct from GRI's impact materiality approach. The standard requires disclosure across four core areas derived from the TCFD framework: governance, strategy, risk management, and metrics and targets. IFRS S1 is being adopted by over 40 jurisdictions and is foundational for entities listing on capital markets with sustainability disclosure requirements; failure to provide material sustainability disclosures exposes companies to securities law liability."
Technical ID
ifrs-s1-general
Climate Disclosures (IFRS S2)
"Entities must provide comprehensive disclosures concerning significant climate-related risks and opportunities to meet investor information needs under IFRS S2. This mandate requires a detailed exposition of governance processes, controls, and procedures used for monitoring climate issues. The standard necessitates a robust strategy involving the identification and mapping of both physical risks plus transition risks. An entity’s climate resilience assessment must utilize scenario analysis, evaluating its strategy against a maximum temperature alignment scenario of 1.5 degrees Celsius. Quantitative disclosures are central, demanding the measurement of absolute gross Scope 1, Scope 2, and also Scope 3 greenhouse gas emissions, calculated in accordance with the GHG Protocol Corporate Standard. Furthermore, organizations must quantify the current and anticipated financial impacts of identified climate factors on their financial position, performance, and cash flows. These climate-related financial disclosures are to be reported concurrently with an entity’s annual financial statements, permitting a reporting lag of zero days. To ensure relevance, the disclosures must incorporate industry-specific metrics, leveraging the SASB Standards where applicable, thereby providing a complete picture of an enterprise's climate exposure and management approach."
Technical ID
ifrs-s2-climate
Third-Party Relationships: Interagency Guidance on Risk Management
"The Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System, and the Federal Deposit Insurance Corporation issued the "Interagency Guidance on Third-Party Relationships: Risk Management." This guidance applies to all banks with third-party relationships, which collectively refers to national banks, federal savings associations, covered savings associations, and federal branches and agencies of foreign banking organizations. The guidance promotes consistency in the agencies’ supervisory approach and outlines the third-party risk management life cycle, identifying principles applicable to each stage. The core obligation for banks is to develop and implement third-party risk management practices based on sound principles. These practices must be commensurate with the bank’s risk profile and complexity, as well as the criticality of the activity supported by the third party. The guidance clarifies that not all third-party relationships present the same level of risk or criticality, necessitating a risk-based approach. This bulletin, OCC Bulletin 2023-17, formally rescinds OCC Bulletin 2013-29, "Third-Party Relationships: Risk Management Guidance," and OCC Bulletin 2020-10."
Technical ID
interagency-guidance-third-party-risk-management
IOSCO Principles (Benchmarks)
"The IOSCO Principles for Financial Benchmarks (2013) are the global standards for the governance, quality, and integrity of the benchmarks used in financial markets (e.g., LIBOR transition rates, indices). They are designed to prevent the manipulation of market benchmarks and ensure their transparency and reliable methodology."
Technical ID
iosco-bench-interest-rate
ISO 20022 MX Messaging
"ISO 20022 is the universal standard for financial industry messaging. It provides a platform-independent model for financial business processes and is the standard for modern high-value payment systems (HVPS) and cross-border payments, replacing the legacy MT messaging with richer XML-based MX messages to enhance transparent data and compliance."
Technical ID
iso-20022-mx-messaging
AI Quality Management (ISO 9001 Extension)
"ISO 9001:2015 provides the foundational Quality Management System (QMS) framework for organizations. Applying these principles to AI-generated output requires rigorous documentation, performance monitoring, and iterative corrective actions."
Technical ID
iso-9001-ai-quality
Liquidity coverage ratio disclosure standards
"This disclosure framework sets out requirements for the Liquidity Coverage Ratio (LCR) to improve transparency, reinforce the Sound Principles for sound liquidity risk management, enhance market discipline, and reduce market uncertainty. The LCR standard aims to promote the short-term resilience of a bank’s liquidity risk profile by ensuring that it has sufficient high-quality liquid assets (HQLA) to survive a significant stress scenario lasting for 30 days. These standards are an essential component of the reforms introduced by Basel III and will increase banks’ resilience to liquidity shocks and promote a more stable funding profile. The disclosure requirements apply to all internationally active banks on a consolidated basis. The core obligation is for these banks to publish their LCR according to a common template. The LCR will be introduced on 1 January 2015, with a minimum requirement set at 60%, rising in equal annual steps to reach 100% on 1 January 2019. Banks must publish this disclosure at the same frequency as, and concurrently with, their financial statements. The framework requires quantitative information in a common template and sufficient qualitative discussion to facilitate understanding of the results and data provided."
Technical ID
lcr-disclosure-standards
MAS TRM Guidelines (Singapore)
"The Monetary Authority of Singapore (MAS) Technology Risk Management (TRM) Guidelines are the gold standard for financial technology governance in Asia-Pacific. it provides a comprehensive framework for the management of the IT risk, the security of the critical systems, and the oversight of the digital banking infrastructure."
Technical ID
mas-tr-management-sg
MiCA (Stablecoin Reserve)
"MiCA (Markets in Crypto-Assets Regulation, EU 2023/1114) is the first comprehensive framework for the crypto-asset market. it introduces strict reserve requirements for 'Asset-Referenced Tokens' (ARTs) and 'E-Money Tokens' (EMTs), commonly known as stablecoins, requiring issuers to maintain a 1:1 liquid reserve of assets to ensure the redemption and the systemic stability."
Technical ID
mica-stablecoin-reserve
Markets in Financial Instruments Directive II (MiFID II)
"Markets in Financial Instruments Directive II (MiFID II) establishes a comprehensive regulatory framework designed to enhance transparency, investor protection, and market efficiency across European Union financial markets. Compliance requires rigorous adherence to numerous obligations, mandating that investment firms have a defined conflict of interest policy and ensure documented client categorization is consistently applied. For advisory services, a suitability assessment conducted for advice is a critical prerequisite to align recommendations with client profiles. The directive codifies stringent transparency rules, requiring both implemented pre-trade transparency and near real-time post-trade publication of transaction details. A cornerstone of this regime is a published best execution policy, compelling firms to demonstrate they take all sufficient steps for optimal client outcomes. Transactional integrity and surveillance are reinforced through the mandatory use of a Legal Entity Identifier for reporting parties and through active communication taping of relevant correspondence. Reporting obligations are time-sensitive, with a transaction report submission deadline of one business day. Furthermore, the regulation stipulates a minimum record retention period of five years for all pertinent data. Firms must also provide clear cost and charges disclosure to clients upfront. To safeguard market stability, any algorithmic trading system is required to be robustly tested before deployment."
Technical ID
mifid-ii
MiFID II Best Execution
"MiFID II Best Execution (Markets in Financial Instruments Directive II) requires investment firms to take all sufficient steps to obtain the best possible result for their clients when executing orders. it focuses on a multi-factor assessment including price, costs, speed, and likelihood of execution, ensuring transparent and fair market outcomes."
Technical ID
mifid-ii-best-execution
MiFIR Transaction (Reporting)
"MiFIR Transaction Reporting (Markets in Financial Instruments Regulation, Article 26) is the mandatory standard for reporting the details of the financial trades to the EU regulators. it requires the timely disclosure of the 65 data fields (e.g., identity of the buyer/seller, LEIs, time-stamping) within one business day (T+1), ensuring the market monitoring for the market abuse and the systemic risk."
Technical ID
mifir-transaction-report
Comptroller’s Handbook Asset Management
"The Office of the Comptroller of the Currency (OCC) defines asset management as the business of providing financial products or services to a third party for a fee or commission. This guidance applies to the asset management activities of national banks, federal savings associations (FSA), and limited purpose trust banks. It provides an overview of the asset management business, its risks, and sound risk management processes, describing the OCC’s supervisory philosophy and processes. Asset management activities include traditional fiduciary services, retail brokerage, investment company services, and custody and security-holder services, which expose national banks to a broad range of operational, compliance, strategic, and reputation risks. The core obligation for these institutions is to maintain sound risk management processes. National banks must have the ability to effectively identify, measure, control, and monitor risks in their asset management businesses. Because most of these risks arise from off-balance-sheet activities, they are not easily identified using traditional financial reporting. Significant breaches of fiduciary and contractual responsibilities can result in financial losses, damage a bank’s reputation, and impair its ability to achieve its strategic goals. The board of directors and senior management are ultimately responsible for establishing and maintaining effective control functions commensurate with the institution’s goals, risk tolerance, and complexity of operations."
Technical ID
occ-asset-management-handbook
Comptroller’s Handbook Examination Process Bank Supervision Process
"This booklet is the central reference for the Office of the Comptroller of the Currency (OCC)’s bank supervision policy, explains the OCC’s risk-based bank supervision approach, and discusses the general supervisory process for all types of OCC-supervised banks. The OCC's mission is to ensure that national banks, federal savings associations (FSA), and federal branches and agencies of foreign banking organizations operate in a safe and sound manner, provide fair access to financial services, treat customers fairly, and comply with applicable laws and regulations. For supervisory purposes, the OCC designates banks as community, midsize, or large based on asset size and factors that affect risk profile and complexity. High-quality bank supervision is ongoing and dynamic, responds to changing risks at each bank, and uses OCC resources efficiently by allocating the greatest resources to the areas of highest risk. The core process involves a required full-scope, on-site examination every 12 or 18 months, known as the supervisory cycle. A bank may be eligible for an 18-month cycle if it has less than $3 billion in total assets, is well capitalized, received strong management and composite ratings at its most recent examination, and is not subject to a formal enforcement proceeding. The supervisory process includes planning, discovery, correction, monitoring, and communication with the bank's management and board, culminating in a Report of Examination (ROE) and the assignment of regulatory ratings."
Technical ID
occ-bank-supervision-process
OCC 2023-17 (Third-Party)
"OCC Bulletin 2023-17 (Interagency Guidance on Third-Party Relationships: Risk Management) provides a unified U.S. standard for managing the risks of the third-party providers. it specifies a life-cycle approach to the oversight of the vendor, the cloud service, and the any other outside partnership."
Technical ID
occ-bulletin-2023-17-risk
Global Minimum Tax (Pillar Two)
"OECD Pillar Two (Global Anti-Base Erosion Rules — GloBE) establishes a global minimum corporate tax rate of 15% for multinational enterprises (MNEs) with annual revenue exceeding €750 million. Finalized in December 2021 and enacted in over 40 jurisdictions as of 2024 (EU Minimum Tax Directive effective January 1, 2024; UK, Japan, South Korea, Switzerland among first adopters), Pillar Two introduces two interlocking domestic rules: the Income Inclusion Rule (IIR) — the parent entity pays top-up tax on low-taxed subsidiaries; and the Undertaxed Profits Rule (UTPR) — a backstop where other group members can collect the top-up tax if the parent jurisdiction does not apply IIR. Non-compliance results in top-up taxes, transfer pricing adjustments, and potential double taxation in multiple jurisdictions."
Technical ID
oecd-pillar2-minimum
PCI DSS v4.0 — Payment Card Data Security
"PCI DSS v4.0, published March 2022 by the PCI Security Standards Council (PCI SSC), is the mandatory security standard for all entities that store, process, or transmit payment card data (cardholder data / CHD) or sensitive authentication data (SAD). The standard contains 12 requirements organized across 6 core goals. Version 4.0 introduced a Customized Approach allowing organizations to use alternative controls with documented risk analysis, and added 64 new requirements versus v3.2.1. Key additions: MFA for all access to the cardholder data environment (Req. 8.4.2, effective March 2025), 12-character minimum passwords (Req. 8.3.6), and targeted risk analysis for customized controls. PCI v3.2.1 was retired March 31, 2024. Compliance is validated annually via Report on Compliance (ROC) for Level 1 merchants (>6M Visa/Mastercard transactions/year) by a Qualified Security Assessor (QSA), or Self-Assessment Questionnaire (SAQ) for lower levels. Non-compliance penalties include fines of $5,000–$100,000/month from card brands, increased transaction fees, and loss of card acceptance privileges."
Technical ID
pci-dss-v4
Implementation monitoring of PFMI: Assessment report for Switzerland
"In April 2012, the Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO) issued the Principles for financial market infrastructures (PFMI). The Principles set expectations for the design and operation of key financial market infrastructures (FMIs) to enhance their safety and efficiency, limit systemic risk, and foster transparency and financial stability. This report presents the CPMI and IOSCO conclusions from a Level 2 assessment of whether the content of the legal, regulatory and oversight frameworks applied to systemically important payment systems, CSDs/SSSs, CCPs and TRs in Switzerland are complete and consistent with the Principles. The Principles apply to all systemically important payment systems (PSs), central securities depositories (CSDs), securities settlement systems (SSSs), central counterparties (CCPs) and trade repositories (TRs). The authorities responsible for regulation, supervision and oversight of FMIs in Switzerland are the Federal Financial Markets Authority (FINMA) and the Swiss National Bank (SNB). FINMA has responsibility for all CCPs, CSDs/SSSs, TRs and wholesale payment systems (unless operated by or on behalf of the SNB). The SNB has responsibility for all CCPs, CSDs/SSSs and payment systems that it designates systemically important. This assessment reflects the status of Switzerland’s legal, regulatory and oversight framework as of 30 June 2017."
Technical ID
pfmi-assessment-report-switzerland
PRA SS1/21 (Resilience)
"PRA SS1/21 (Operational Resilience: Impact tolerances for important business services) is the UK's cornerstone standard for bank and insurer resilience. it shifts focus from traditional disaster recovery to ensuring that 'Important Business Services' (IBS) remain within set 'Impact Tolerances' during severe but plausible disruptions."
Technical ID
pra-ss1-21-resilience
Principles for effective risk data aggregation and risk reporting
"One of the most significant lessons learned from the global financial crisis that began in 2007 was that banks’ information technology (IT) and data architectures were inadequate to support the broad management of financial risks. Many banks lacked the ability to aggregate risk exposures and identify concentrations quickly and accurately at the bank group level, across business lines and between legal entities. This had severe consequences to the banks themselves and to the stability of the financial system as a whole. In response, the Basel Committee presents a set of principles to strengthen banks’ risk data aggregation capabilities and internal risk reporting practices. Initially addressed to global systemically important banks (G-SIBs), these Principles are expected to support a bank’s efforts to enhance the infrastructure for reporting key information used by the board and senior management, improve the decision-making process, facilitate a comprehensive assessment of risk exposures at the global consolidated level, and reduce the probability and severity of losses. The document covers four closely related topics: Overarching governance and infrastructure, Risk data aggregation capabilities, Risk reporting practices, and Supervisory review. The long-term benefits of improved risk data aggregation capabilities and risk reporting practices are expected to outweigh the investment costs incurred by banks."
Technical ID
principles-effective-risk-data-aggregation
Principles for financial market infrastructures
"These principles establish international standards for financial market infrastructures (FMIs) that facilitate the clearing, settlement, and recording of monetary and other financial transactions. The standards apply to systemically important payment systems (PSs), central securities depositories (CSDs), securities settlement systems (SSSs), central counterparties (CCPs), and trade repositories (TRs). The presumption is that all CSDs, SSSs, CCPs, and TRs are systemically important. If not properly managed, FMIs can be sources of financial shocks, such as liquidity dislocations and credit losses, or a major channel through which these shocks are transmitted across financial markets. The core obligation for FMIs is to enhance safety and efficiency, limit systemic risk, and foster transparency and financial stability. FMIs must have a well-founded, clear, transparent, and enforceable legal basis; clear governance arrangements; and a sound risk-management framework for comprehensively managing legal, credit, liquidity, operational, and other risks. The principles address specific minimum requirements for managing these risks, such as maintaining sufficient financial resources to cover credit exposures from participant defaults under extreme but plausible market conditions. The report outlines 24 principles covering general organization, credit and liquidity risk management, settlement, default management, business and operational risk, access, efficiency, and transparency, which are designed to be applied holistically as a set."
Technical ID
principles-financial-market-infrastructures
Principles for Operational Resilience
"This document promotes a principles-based approach to improving operational resilience for banks, building upon the Basel Committee's Principles for the Sound Management of Operational Risk (PSMOR). It defines operational resilience as the ability of a bank to deliver critical operations through disruption. This ability enables a bank to identify and protect itself from threats and potential failures, respond and adapt to, as well as recover and learn from disruptive events in order to minimise their impact. The principles apply to banks and aim to strengthen their ability to absorb operational risk-related events such as pandemics, cyber incidents, technology failures, and natural disasters, which could cause significant operational failures or wide-scale disruptions. The core obligation is for banks to establish an effective operational resilience approach that assumes disruptions will occur and takes into account the bank's overall risk appetite and tolerance for disruption. A bank's tolerance for disruption is defined as the level of disruption from any type of operational risk a bank is willing to accept given a range of severe but plausible scenarios. The principles are organized across seven categories: governance, operational risk management, business continuity planning and testing, mapping interconnections and interdependencies, third-party dependency management, incident management, and resilient information and communication technology (ICT) including cyber security. These practices are intended to be integral parts of a bank's forward-looking operational resilience approach."
Technical ID
principles-for-operational-resilience
Private Fund Advisers; Documentation of Registered Investment Adviser Compliance Reviews
"The Securities and Exchange Commission is adopting new rules under the Investment Advisers Act of 1940 designed to protect investors who directly or indirectly invest in private funds. The rules aim to increase visibility into practices involving compensation schemes, sales practices, and conflicts of interest through disclosure; establish requirements to address such practices that have the potential to lead to investor harm; and restrict practices that are contrary to the public interest and the protection of investors. These rules apply to private fund advisers, with certain amendments affecting all registered investment advisers, and are intended to prevent fraud, deception, or manipulation. The core obligations include: a Quarterly Statement Rule requiring periodic information about fees, expenses, and performance; a Mandatory Audit Rule requiring an annual audit for each private fund; an Adviser-led Secondaries Rule requiring a fairness or valuation opinion for such transactions; a Restricted Activities Rule that limits certain expense charges and other activities without appropriate disclosure and consent; and a Preferential Treatment Rule that prohibits certain types of preferential terms and requires disclosure of others. The rules also amend the Advisers Act compliance rule to require all registered investment advisers to document their annual compliance reviews in writing."
Technical ID
private-fund-advisers-compliance-reviews
Prudential treatment of cryptoasset exposures
"This consultative document from the Basel Committee on Banking Supervision proposes a prudential framework for banks' exposures to cryptoassets, addressing potential financial stability concerns and increased risks. The framework is guided by the principles of 'same risk, same activity, same treatment,' simplicity, and the establishment of minimum standards for internationally active banks. The core of the proposal is a classification system that divides cryptoassets into two groups. Group 1 cryptoassets, which meet a series of strict classification conditions, include tokenised traditional assets (Group 1a) and cryptoassets with effective stabilisation mechanisms (Group 1b). These are subject to capital requirements at least equivalent to those of traditional assets. Group 2 cryptoassets, such as Bitcoin, fail to meet these conditions and are consequently subject to a new, conservative prudential treatment, notably a 1250% risk weight. The document outlines banks' responsibilities for assessing and monitoring compliance with classification conditions, subject to supervisory review and approval. It also details the application of capital requirements for credit and market risk for both groups, as well as the treatment of cryptoasset exposures under the leverage ratio, large exposures, and liquidity ratio frameworks. It establishes that cryptoassets are not eligible as high-quality liquid assets (HQLA). Finally, it sets out expectations for the supervisory review process, where banks must manage risks not captured by minimum requirements, and supervisors may impose adjustments, including additional capital charges."
Technical ID
prudential-treatment-cryptoasset-exposures
PSD2 SCA (Payments)
"PSD2 Strong Customer Authentication (SCA) (Directive 2015/2366) is the mandatory security standard for electronic payments in Europe. it requires a multifactor authentication process based on 'Knowledge' (something only the user knows), 'Possession' (something only the user has), and 'Inherence' (something the user is), with the specific requirement for the 'Dynamic Linking' to prevent the tampering during the payment initiation."
Technical ID
psd2-sc-authentication
Safeguarding Advisory Client Assets
"The Securities and Exchange Commission (SEC) is proposing a new rule, designated as rule 223-1 under the Investment Advisers Act of 1940, to strengthen how investment advisers safeguard client assets. This proposed safeguarding rule redesignates and amends the current custody rule (rule 206(4)-2) to modernize its scope and enhance investor protections in light of changes in technology, advisory services, and custodial practices. The rule applies to investment advisers registered, or required to be registered, with the Commission that have custody of client assets. The core obligations of the proposal expand the rule's applicability from 'funds and securities' to a broader definition of 'assets,' meaning 'funds, securities, or other positions held in a client’s account,' explicitly including crypto assets and other investment types. It also clarifies that 'custody' includes an adviser's discretionary authority to trade client assets. A central requirement is that advisers must maintain client assets with a 'qualified custodian' under a new, mandatory written agreement that specifies certain protections, such as requiring the custodian to obtain an annual internal control report. The proposal also modifies the exception for privately offered securities to include certain physical assets, but imposes stricter conditions for its use, including notifying an independent public accountant of asset transfers within one business day."
Technical ID
safeguarding-advisory-client-assets
SEC Regulation S-K Item 106 (Cybersecurity)
"Regulation S-K Item 106 mandates a comprehensive framework for cybersecurity disclosure, encompassing both incident reporting and governance oversight. Registrants must report material cybersecurity incidents on Form 8-K Item 1.05 within a maximum of four business days from determining an incident's materiality. This determination process itself must be defined, and it requires that related incidents are aggregated for materiality assessment. While a disclosure delay for national security is allowed under specific circumstances, the core obligation emphasizes timely public awareness. Annually, companies are compelled to provide extensive disclosures via Form 10-K Item 1C regarding their cybersecurity risk management and strategy. This annual filing must detail the processes for identifying and managing material risks from cybersecurity threats and describe how such threats are likely to affect the business, operations, and financial condition. Furthermore, the regulation requires transparent reporting on governance structures. Companies must describe the board's oversight process for cyber risks and also detail management's role in this area. A key component of this governance disclosure is identifying and describing management’s relevant cybersecurity expertise, ensuring investors have a clear view of the leadership's capability to handle these pervasive threats."
Technical ID
sec-reg-s-k-106
Regulation Best Interest: The Broker-Dealer Standard of Conduct
"The Securities and Exchange Commission (SEC) is adopting Regulation Best Interest, a new rule under the Securities Exchange Act of 1934 that establishes a standard of conduct for broker-dealers and their associated persons when they make a recommendation to a retail customer of any securities transaction or investment strategy involving securities. This regulation enhances the broker-dealer standard of conduct beyond existing suitability obligations and aligns the standard with retail customers’ reasonable expectations. The core obligation requires broker-dealers to act in the best interest of the retail customer at the time the recommendation is made, without placing the financial or other interest of the broker-dealer ahead of the interests of the retail customer. The General Obligation is satisfied only if the broker-dealer complies with four specified component obligations: (1) a Disclosure Obligation, requiring written disclosure of material facts about the relationship and recommendation; (2) a Care Obligation, requiring the exercise of reasonable diligence, care, and skill; (3) a Conflict of Interest Obligation, requiring the establishment of policies and procedures to address, and in some cases mitigate or eliminate, conflicts of interest; and (4) a Compliance Obligation, requiring policies and procedures to achieve compliance with the regulation as a whole. The standard of conduct established by Regulation Best Interest cannot be satisfied through disclosure alone and draws from key principles underlying fiduciary obligations."
Technical ID
sec-regulation-best-interest
MAS Technology Risk Management Guidelines 2021
"These guidelines require financial institutions in Singapore to establish a robust technology risk management framework, governance, and oversight to ensure the security and resilience of their IT systems. As per Section 4, the Board of Directors and Senior Management are ultimately responsible for the institution's technology risk management."
Technical ID
sg-mas-trmg-2021
SOC 2 Trust Services Criteria for AI Environments
"SOC 2 (System and Organization Controls) Trust Services Criteria (TSC) for AI environments require rigorous mapping of security, availability, processing integrity, confidentiality, and privacy to the entire Machine Learning lifecycle."
Technical ID
soc2-security-criterion
SOX IT Controls — Sarbanes-Oxley IT Compliance
"The Sarbanes-Oxley Act of 2002 (SOX) — enacted in response to Enron, WorldCom, and other financial scandals — imposes mandatory internal controls over financial reporting (ICFR) requirements on all US public companies (SEC registrants) and foreign private issuers listed on US exchanges. Section 302 requires the CEO and CFO to personally certify in each quarterly and annual filing that they have reviewed the report, it contains no material misstatements, and they have disclosed all significant deficiencies and material weaknesses in internal controls. Section 404(a) requires management's annual assessment of ICFR effectiveness as of fiscal year-end, with disclosure of any material weaknesses. Section 404(b) requires external auditor attestation for accelerated filers (>$75M public float). IT General Controls (ITGCs) are the foundational IT controls that support the reliability of financially significant systems and are subject to SOX testing. The four ITGC domains: (1) Logical Access Controls — who can access financially significant systems; (2) Change Management — how changes to financial systems are authorized and tested; (3) Computer Operations — batch job monitoring, backup, incident management; (4) System Development — SDLC controls for new implementations. The COSO Internal Control — Integrated Framework (2013) and COSO ERM framework are the primary control assessment frameworks referenced by external auditors. Material weaknesses are the highest severity — the auditor must issue an adverse opinion on ICFR effectiveness, severely damaging share price and regulatory standing."
Technical ID
sox-it-controls
Guidance on Model Risk Management
"This supervisory guidance, issued by the Federal Reserve and the Office of the Comptroller of the Currency (OCC), is intended for use by all banking organizations supervised by the Federal Reserve. It should be applied as appropriate, taking into account each organization’s size, nature, complexity, and the extent of its use of models. The guidance mandates that banking organizations should be attentive to the possible adverse consequences of decisions based on models that are incorrect or misused, a concept termed model risk. Model risk is the potential for adverse consequences from decisions based on incorrect or misused model outputs and reports, which can lead to financial loss, poor business decision-making, or reputational damage. The core obligation is for banking organizations to address these consequences through active model risk management. An effective model risk management framework includes robust model development, implementation, and use; effective validation; and sound governance, policies, and controls. A guiding principle is the 'effective challenge' of models through critical analysis by objective, informed parties. Where models and model output have a material impact on business decisions, including risk management and capital planning, a bank’s model risk management framework should be more extensive and rigorous. The framework should address both types of model risk (fundamental errors and incorrect use) for individual models and in the aggregate."
Technical ID
sr-11-7-model-risk-management
SUPERVISORY GUIDANCE ON MODEL RISK MANAGEMENT
"This guidance describes the key aspects of effective model risk management for banks, which rely heavily on quantitative analysis and models in most aspects of financial decision making. It applies to national banks, bank holding companies, state member banks, and all other institutions for which the Office of the Comptroller of the Currency or the Federal Reserve Board is the primary supervisor. The use of models invariably presents model risk, which is the potential for adverse consequences from decisions based on incorrect or misused model outputs and reports. Model risk can lead to financial loss, poor business and strategic decision making, or damage to a bank's reputation. The core obligation is for banks to establish a strong model risk management framework that fits into the broader risk management of the organization. This framework must encompass robust model development, implementation, and use; a sound model validation process; and strong governance, policies, and controls. A guiding principle for managing model risk is 'effective challenge' of models, which is critical analysis by objective, informed parties. The practical application of this guidance should be customized to be commensurate with a bank's risk exposures, its business activities, and the complexity and extent of its model use."
Technical ID
supervisory-guidance-model-risk-management
SWIFT Customer Security Controls Framework v2024 — Mandatory and Advisory Controls for SWIFT Network Participants
"The SWIFT Customer Security Controls Framework (CSCF) mandates that all SWIFT network participants annually attest their compliance with a set of mandatory security controls to secure their local SWIFT environment. This requirement, outlined in the Customer Security Controls Policy (CSCP), aims to protect the integrity and security of the global financial messaging network."
Technical ID
swift-cscf-v2024
SWIFT CSP (Quality)
"The SWIFT Customer Security Programme (CSP) is the mandatory security framework for all SWIFT users. It consists of the Customer Security Controls Framework (CSCF) with 32 controls (25 mandatory, 7 advisory) designed to secure the local infrastructure of SWIFT users and combat cyber-fraud in the global financial messaging community."
Technical ID
swift-csp-quality
UK FCA Discussion Paper DP5/22 — Artificial Intelligence and Machine Learning in Financial Services
"This discussion paper outlines the UK Financial Conduct Authority's (FCA) perspective on applying existing financial regulations to AI/ML, emphasizing that firms remain accountable for governance, risk management, and fairness under frameworks like the Senior Managers and Certification Regime (SMCR) and Consumer Duty (Chapter 3). It seeks industry feedback on the benefits and risks of AI to inform potential future regulatory approaches, rather than introducing new rules."
Technical ID
uk-fca-ai-guidance-2023
Senior Managers and Certification Regime (SMCR)
"The UK's Senior Managers and Certification Regime (SMCR) establishes a framework for individual accountability in regulated financial services firms, requiring firms to clearly allocate responsibilities to Senior Managers (Senior Management Functions - SMFs) and annually certify that other key staff are fit and proper for their roles, as mandated by the Financial Services and Markets Act 2000 (FSMA)."
Technical ID
uk-smcr-senior-manager-certification
US Dodd-Frank Wall Street Reform and Consumer Protection Act 2010 — Titles I, II, VII, X (Key Provisions)
"The Dodd-Frank Act establishes a comprehensive regulatory framework to reduce systemic risk in the U.S. financial system, primarily affecting banks, financial institutions, and market participants. Key provisions under Titles I, II, VII, and X mandate enhanced supervision for systemically important financial institutions (SIFIs), create an orderly liquidation authority for failing firms, regulate the over-the-counter swaps market, and establish the Consumer Financial Protection Bureau (CFPB)."
Technical ID
us-dodd-frank-key-provisions
FFIEC SR 11-7 — Supervisory Guidance on Model Risk Management
"This guidance requires U.S. banking organizations to implement a comprehensive Model Risk Management (MRM) framework covering the entire model lifecycle, from development and implementation to use and validation. As outlined in Section III, the framework must ensure effective challenge, robust documentation, and independent review to manage the risks of adverse consequences from decisions based on incorrect or misused models."
Technical ID
us-ffiec-model-risk-management
OCC Special Purpose National Bank Charter for Fintech Companies — Licensing Framework and Requirements
"The Office of the Comptroller of the Currency (OCC) provides a framework for financial technology (fintech) companies to apply for a special purpose national bank charter, subjecting them to federal banking supervision and the same safety, soundness, and fairness standards as national banks. Applicants must demonstrate a comprehensive business plan, robust risk management, and a commitment to financial inclusion as detailed in the OCC's "Licensing Manual: Charters" booklet."
Technical ID
us-occ-fintech-charter
OCC Model Risk Management Guidance 2021 — Supervisory Guidance on Model Risk Management for National Banks
"This guidance supplements SR 11-7, requiring national banks and federal savings associations to maintain a robust model risk management (MRM) framework, including effective governance, policies, and controls, particularly for models using artificial intelligence and machine learning (AI/ML). As per Section 1, banks must ensure their MRM framework is commensurate with their risk profile and the complexity of their models."
Technical ID
us-occ-model-risk-guidance-2021
Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information (2024 Amendment)
"This amendment to SEC Regulation S-P mandates that broker-dealers, investment companies, and registered investment advisers establish a comprehensive incident response program to address unauthorized access to customer information, including a requirement under Rule 248.30(a)(4) to notify affected individuals within 30 days of discovering a data breach."
Technical ID
us-sec-regulation-sp-2024
Wolfsberg Principles (KYC)
"The Wolfsberg Anti-Money Laundering (AML) Principles for Correspondent Banking (2022) provide a global standard for the risk-based identification and assessment of correspondent banking clients. it is designed to prevent the misuse of the international financial system by ensuring that banks implement robust due diligence on their respondent institutions."
Technical ID
wolfsberg-corresp-bank
Banks Act 94 of 1990
"This Act provides the legal framework for the regulation and supervision of the business of public companies taking deposits from the public in South Africa. It mandates that no person shall conduct the 'business of a bank' unless such person is a public company and is registered as a bank in terms of this Act (Section 11), and it establishes prudential requirements for capital adequacy, liquidity, and risk management."
Technical ID
za-banks-act-1990
Companies Act 71 of 2008
"This Act modernizes and codifies company law in South Africa, governing the incorporation, management, and dissolution of companies, and establishing the duties and liabilities of directors. It applies to all companies registered in South Africa, with Section 76 codifying the standards of directors' conduct, including the duty to act in good faith and for a proper purpose."
Technical ID
za-companies-act-2008
Financial Advisory and Intermediary Services Act, 2002 (Act No. 37 of 2002)
"This South African act regulates the conduct of all financial services providers (FSPs) by requiring them to obtain a license from the Financial Sector Conduct Authority (FSCA) and adhere to a strict code of conduct to protect consumers, as mandated by Section 7(1). It aims to ensure that financial advice and intermediary services are rendered professionally, honestly, and with due care and diligence."
Technical ID
za-fais-2002
Financial Intelligence Centre Act 38 of 2001
"The Financial Intelligence Centre Act (FICA) is South Africa's primary anti-money laundering (AML) and counter-terrorist financing (CTF) legislation, requiring accountable institutions to implement a risk-based approach, conduct customer due diligence (CDD) as per Section 21, maintain records, and report suspicious and unusual transactions to the Financial Intelligence Centre (FIC)."
Technical ID
za-fica-2001
King V Corporate Governance: Autonomous Systems
"Board-level accountability and oversight frameworks for the deployment, ethical monitoring, and risk management of autonomous AI agents within corporate environments."
Technical ID
za-king-v-tech-gov
National Credit Act 34 of 2005
"The National Credit Act (NCA) promotes a fair, transparent, and responsible credit market in South Africa by regulating all credit agreements and requiring credit providers to register with the National Credit Regulator (NCR), conduct comprehensive affordability assessments (Section 81), and prevent the granting of reckless credit (Section 80)."
Technical ID
za-nca-2005
Technical Registry Export
Context: Banking & Global Finance / Total Filtered: 113 Nodes
This utility allows developers and AI architects to instantly extract technical identifiers for the current filtered view. Use these IDs to programmatically call the Bidda Sovereign Forest API. All exports respect the global Triple-Verification Pipeline.