FFIEC Information Technology Examination Handbook Glossary

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

 

 

Acceptance Criteria
Pre-established standards or requirements a product or project must meet.

Account Aggregation
A service that gathers information from many websites, presents that information to the customer in a consolidated format, and, in some cases, may allow the customer to initiate activity on the aggregated accounts.
Aggregation services typically involve three different entities: (1) The aggregator that offers the aggregation service and maintains information on the customer's relationships/accounts with other on-line providers. (2) The aggregation target or website/entity from which the information is gathered or extracted by means of direct data feeds or screen scraping. (3) The aggregation customer who subscribes to aggregation services and provides customer IDs and passwords for the account relationships to be aggregated.

Account Balancing Monitoring System (ABMS)
The Federal Reserve’s computing system providing reserve account information to the Federal Reserve Banks and depository institutions (DI) on an intraday basis.  ABMS serves both as an informational source and a monitoring tool.  This information includes opening balances, funds and security transfers, accounting activity, and DI cap and collateral limits.

Account Management
Activities such as balance inquiry, statement balancing, transfers between the customer’s accounts at the same financial institution, maintenance of personal information, etc.

ACL
Acronym for access control list

Acquirer Fee
Fee paid to the acquirer of the merchant sales draft.  The acquirer of the sales draft collects a merchant discount fee (or processing fee) from the merchant for the costs associated with processing the transaction.

Acquiring Bank and Acquirer
See Merchant acquirer.

Address Verification Service (AVS)
Bankcard association service that verifies the customer provided billing address matches the billing address on their credit card account. The bankcard associations will not support merchants that opt not to use AVS if those transactions are disputed and will charge the merchant an additional 1.25 percent on those sales.

Administrative Access
Individuals or terminals authorized to perform network administrator or system administrator functions.

Agent Bank
A member of a bankcard association that agrees to participate in an acquirer’s merchant processing program. The agent may or may not be liable for losses incurred on its merchant accounts. An agent is usually a small community financial institution that wants to offer merchant processing services as a customer service. Agent banks that only refer merchants to an acquiring financial institution’s program are known as referral banks.

Aggregate Short Position
The sum of a Settlement Member’s short positions, each such short position expressed in its base currency equivalent and adjusted by the applicable haircut.

Aggregate Short Position Limit
In respect of a Settlement Member, the maximum aggregate short position that such Settlement Member is permitted to incur at any time.

Aggregation
See Account aggregation.

Alternate Site Test /Exercise
A business continuity testing activity that tests the capability of staff, systems, and facilities, located at sites other than those generally designated for primary processing and business functions, to effectively support production processing and workloads. During the exercise, business line staff located at recovery site(s) participate in testing business functions and the supporting systems by performing typical production activities, including accessing applications and completing pending transactions. Staff members participate in testing alternate site facilities through the use of PCs, phones, and other equipment needed to perform testing of business activities.

Antivirus Software
Computer programs that offer protection from viruses by making additional checks of the integrity of the operating system and electronic files. Also known as virus protection software

Applet
A small program that typically is transmitted with a Web page.

Application
1) A software program designed for use by end users. 2) Software that performs automated functions for a user. Examples include home banking, word processing, and payroll. Distinguished from operating system or utility software.

Application Controls
Controls related to transactions and data within application systems. Application controls ensure the completeness and accuracy of the records and the validity of the entries made resulting from both programmed processing and manual data entry. Examples of application controls include data input validation, agreement of batch totals and encryption of data transmitted

Application System
An integrated set of computer programs designed to serve a well-defined function and having specific input, processing, and output activities (e.g., general ledger, manufacturing resource planning, human resource management).

Asynchronous Data Replication A process for copying data from one source to another while the application processing continues; an acknowledgement of the receipt of data at the copy location is not required for processing to continue. Consequently, the content of databases stored in alternate facilities may differ from those at the original storage site, and copies of data may not contain current information at the time of a disruption in processing as a result of the time (in fractions of a second) required to transmit the data over a communications network to the alternate facility. This technology is typically used to transfer data over greater distances than that allowed with synchronous data replication.

ATM
Asynchronous transfer mode. The method of transmitting bits of data one after another with a start bit and a stop bit to mark the beginning and end of each data unit. Can also mean automated teller machine.

Audit Charter
A document approved by the board of directors that defines the IT audit function's responsibility, authority to review records, and accountability.

Audit Plan
A description and schedule of audits to be performed in a certain period of time (ordinarily a year). It includes the areas to be audited, the type of work planned, the high-level objectives and scope of the work and includes other items such as budget, resource allocation, schedule dates, and type of report issued.

Audit Program
The audit policies, procedures, and strategies that govern the audit function, including IT audit.

AUP
An acceptable use policy. It documents permitted system uses and activities for a specific user, and the consequences of noncompliance.

Authentication
1) The process of verifying the claimed identity of an individual user, machine, software component, or any other entity.  2) The verification of identity by a system based on the presentation of unique credentials to that system.

Authorization
The process of giving access to parts of a system, typically based on the business needs and the role of the individual within the business.

Authorization for ACH
A written or oral agreement between the originator and a receiver that allows payments processed through the ACH Network to be deposited in or withdrawn from the receiver’s account at a financial institution.

Automated Clearing House (ACH)
1) An electronic clearing system in which a data processing center handles payment orders that are exchanged among financial institutions, primarily through telecommunications networks. ACH systems process large volumes of individual payments electronically. Typical ACH payments include salaries, consumer and corporate bill payments, interest and dividend payments, and Social Security payments. 2) An electronic clearing system in which a data processing center handles payment orders that are exchanged among financial institutions, primarily via telecommunications networks. ACH systems process large volumes of individual payments electronically. Typical ACH payments include salaries, consumer and corporate bill payments, interest and dividend payments, and Social Security payments.

Automated Cclearing house (ACH) Operator
A central clearing facility that depository financial institutions use to transmit and receive ACH entries. ACH operators are typically a Federal Reserve Bank or a private-sector organization that operates on behalf of a depository financial institution (DFI).

Automated Controls
Software routines designed into programs to ensure the validity, accuracy, completeness, and availability of input, processed, and stored data.

Automated Teller Machine (ATM)
An electronic funds transfer (EFT) terminal that allows customers using a PIN-based debit (ATM) card to initiate transactions (e.g., deposits, withdrawals, account balance inquiries).

Automatic Log-on
A feature offered by some aggregation services allowing customers to log on by clicking on a hyperlink and thereby causing the usernames and passwords stored at the aggregator to be used to log onto other websites.

Back-up Generations
A tape rotation methodology that creates three sets of back-up tapes: daily incremental sets or “sons,” weekly full sets or “fathers,” and end-of-month tapes or “grandfathers.” This back-up methodology is frequently used to refer to master files for financial applications.

Bandwidth
Terminology used to indicate the transmission or processing capacity of a system or of a specific location in a system (usually a network system) for information (text, images, video, sound). Bandwidth is usually defined in bits per second (bps) but also is usually described as either large or small. Where a full page of English text is about 16,000 bits, a fast modem can move approx. 15,000 bps. Full-motion, full-screen video requires about 10,000,000 bps, depending on compression.

Bank Identification Number/Interbank Card Association (BIN/ICA)
A series of assigned numbers used to identify the settling financial institution for both acquiring and issuing bankcard transactions.

Bankcard
A general-purpose credit card, issued by a financial institution under agreement with the bankcard associations (Visa and MasterCard) that customers can use to purchase goods and services and to obtain cash against a line of credit established by the bankcard issuer.

Bankcard Associations
Visa U.S.A. and MasterCard International Inc. are bankcard associations established as bank service companies. Financial institutions must be members of an association in order to offer their credit card services. The associations have established membership rights and obligations and membership is limited to financial institutions.

Baseline
A documented version of a hardware component, software program, configuration, standard, procedure, or project management plan. Baseline versions are placed under formal change controls and should not be modified unless the changes are approved and documented.

Batch Processing
The transmission or processing of a group of related payment instructions.

Bilateral Key Security
A multi-level data encryption system, based on the exchange of Bilateral Keys, allowing users of SWIFT to create, send, and receive SWIFT messages. Bilateral Keys are unique authenticator keys possessed by only the two parties (either the provider or recipient of a message) involved and provide confirmation in both directions of the legitimacy of a message sent via SWIFT.

Bill Payment
An e-banking application whereby customers direct the financial institution to transfer funds to the account of another person or business. Payment is typically made by ACH credit or by the institution (or bill payment servicer) sending a paper check on the customer's behalf.

Bill Presentment
An e-banking service whereby a business submits an electronic bill or invoice directly to the customer's financial institution. The customer can view the bill/invoice on-line and, if desired, pay the bill through an electronic payment.

Biometrics
The method of verifying a person's identity by analyzing a unique physical attribute of the individual (e.g., fingerprint, retinal scanning).

BPS
Bits per second. A measurement of how fast data moves from one place to another. A 28.8 modem can move 28,800 bits per second.

Business Continuity Plan (BCP)
A comprehensive written plan to maintain or resume business in the event of a disruption. BCP includes both the technology recovery capability (often referred to as disaster recovery) and the business unit(s) recovery capability.

Business Continuity Strategy
Comprehensive strategies to recover, resume, and maintain all critical business functions.

Business Continuity Test
A test of an institution’s disaster recovery plan or BCP.

Business Impact Analysis (BIA)
The process of identifying the potential impact of uncontrolled, non-specific events on an institution's business processes.

Business Recovery Test/Exercise
An activity that tests an institution’s BCP.

Call Tree
A documented list of employees and external entities that should be contacted in the event of an emergency declaration.

Capacity Testing
Activities structured to determine whether resources (human and IT) can support required processing volumes in recovery environments.

CAR
Courtesy amount recognition. The numeric amount of a check.

Card Issuer
A financial institution that issues general-purpose credit cards carrying one of the two bankcard association logos. The issuing financial institution establishes the credit relationship with the consumer.

Card Verification Value (CVV2)
Three-digit security number that is printed on the back of most Visa credit cards. CVV2 reduces credit card fraud and chargeback instances significantly when used in conjunction with AVS. See Address verification service (AVS).

Cash Letter
A group of checks accompanied by a paper listing sent to a clearinghouse, the Federal Reserve, or another financial institution. A cash letter contains a number of negotiable items, usually checks, accompanied by a letter listing the amounts and instructions for transmittal to another financial institution (may also be called a transmittal letter).
An incoming cash letter is received by a financial institution from a clearinghouse, Federal Reserve, or another financial institution and contains checks written on accounts at the institution that were cashed elsewhere.
An outgoing cash letter is sent to a clearinghouse, Federal Reserve, or another financial institution and contains checks deposited at the institution, which are written on accounts at other institutions.

Cellular Telephone
A wireless telephone that communicates using radio wave antenna towers, each serving a particular “cell” of a city or other geographical area. Areas where cellular phones do not work are referred to as “dead zones.”

Certificate Authority (CA)
The entity or organization that attests using a digital certificate that a particular electronic message comes from a specific individual or system.

Change Management
(1) Change management refers to the broad processes for managing organizational change. Change management encompasses planning, oversight or governance, project management, testing, and implementation. (2) The process of ensuring that changes to the IT environment are planned, documented, and authorized. The impact of changes on business continuity and disaster recovery processes should be factored into an institution’s change management processes.

Chargeback
A transaction generated when a cardholder disputes a transaction or when the merchant does not follow bankcard association procedures. The issuer and acquirer research the facts to determine which party is responsible for the transaction. The acquirer will have to cover the chargeback if the merchant is unable to pay.

Check
A written order from one party (payer) to another (payee) requiring the payer’s financial institution to pay a specified sum on demand to the payee or to a third party specified by the payee.

Check 21 Act
Formally known as the Check Clearing for the 21st Century Act. Creates a new document, the IRD (image replacement document or substitute check) that is the legal equivalent of the original check and should be accepted as such. The act does not require institutions to accept electronic images instead of checks or IRDs, but does require the acceptance of IRDs instead of paper checks. The exchange of electronic images is optional and will be done by agreements between individual institutions, groups of institutions, or clearinghouses.

Check Clearing
The movement of a check from the depository institution at which it was deposited back to the institution on which it was written. The funds move in the opposite direction, with a corresponding credit and debit to the involved accounts.

Check Digits
A digit in an account number that is calculated from the other digits in the account number and is used to check the account number’s correctness/validity.

Check truncation
The practice of holding a check at the institution at which it was deposited (or at an intermediary institution) and electronically forwarding the essential information on the check to the institution on which it was written. A truncated check is not returned to the writer.

Checklist Review
A preliminary procedure to testing that employs information checklists to guide staff activities. For example, checklists can be used to verify staff procedures, hardware and software configurations, or alternate communication mechanisms.

Clearance
The process of transmitting, reconciling, and in some cases, confirming payment orders or financial instrument transfer instructions prior to settlement.

Clearing Corporation
A central processing mechanism whereby members agree to net, clear, and settle transactions involving financial instruments. Clearing corporations fulfill one or all of the following functions:
— Nets many trades so that the number and the amount of payments that have to be made are minimized,
— Determines money obligations among traders, and
— Guarantees that trades will go through by legally assuming the risk of payments not made or securities not delivered.
This latter function is what is implied when it is stated that the clearing corporation becomes the “counter-party” to all trades entered into its system. Also known as a clearinghouse or clearinghouse association.

Clearinghouse Associations
Voluntary associations, formed by financial institutions that establish an exchange for checks drawn on those institutions. Typically, institutions participating in check clearinghouses use the Federal Reserve’s national settlement service for the checks exchanged each business day.

Clearinghouse for Inter-Bank Payment Systems (CHIPS)
A “real time”, multilateral final payments system for large dollar value business-to-business payment transactions between domestic or foreign institutions that have offices located in the United States. CHIPS is run by CHIP Co. L.L.C., a subsidiary of the Clearing House.

Clustering
Connecting two or more computers together in such a way that enables them to act as a single computer. Clustering is used for parallel processing, load balancing, and fault tolerance.

Code
Software program instructions.

Commercially Reasonable
Hardware and software made available by a reputable firm for use in a commercial environment. Practices and procedures in widespread use in the business community generally considered to represent prudent and reasonable business methods.

Compared and Noncompared Transaction
See Matching.

Component
An element or part of a business process.

Component Test/Exercise
A testing activity designed to validate the continuity of individual systems, processes, or functions, in isolation. For example, component tests may focus on recovering specific network devices, application restoration procedures, off-site tape storage, or proving the validity of data for a particular business line.

Concentrator
In data transmission, a concentrator is a functional unit that permits a common path to handle more data sources than there are channels currently available within the path. A device that connects a number of circuits, which are not all used at once, to a smaller group of circuits for economy.

Connectivity Testing
A testing activity designed to validate the continuity of network communications.

Consumer
Usually refers to an individual engaged in noncommercial transactions.

Consumer Account
A deposit account held by a participating DFI and established by a natural person primarily for personal, family, or household use and not for commercial purposes.

Cookie
A message given by a Web server to a Web browser, stored by the Web browser, and returned to the Web server when requested.

Core Firm
Core clearing and settlement organization that serves critical financial markets.

Correspondent Bank
An institution, acting on behalf of other institutions, that can settle the checks they collect for other institutions (respondents) by using accounts on their books or by sending a wire transfer. Generally, a provider of banking and payment services to other financial institutions.

COTS
Commercial off-the-shelf. COTS products include software and hardware products that are ready-made and available for sale to the general public. COTS products are typically installed in existing systems and do not require customization. Also known as “shrink-wrap” applications.

Credit card
A card indicating the holder has been granted a line of credit. It enables the holder to make purchases or withdraw cash up to a prearranged ceiling. The credit granted can be settled in full by the end of a specified period or can be settled in part, with the balance taken as extended credit. Interest is charged based on the terms of the credit card agreement and the holder is sometimes charged an annual fee.

Credit Entry
An entry to the record of an account to represent the transfer or placement of funds into the account.

Crisis Management
The process of managing an institution’s operations in response to an emergency situation or event which threatens business continuity. An institution’s ability to communicate with employees, customers, and the media, using various communications devices and methods, is a key component of crisis management.

Crisis Management Test/Exercise
A testing exercise that validates the capabilities of crisis management teams to respond to specific events. Crisis management exercises typically test the call tree notification process with employees, vendors, and key clients. Escalation procedures and disaster declaration criteria may also be validated.

Critical financial Markets
Financial markets whose operations are critical to the economy. Critical financial markets provide the means for financial institutions to adjust their cash and securities positions and those of their customers in order to manage liquidity, market, and other risks to their organizations. Critical financial markets also provide support for the provision of a wide range of financial services to businesses and consumers in the United States and support the implementation of monetary policy. Examples of “critical financial markets” include:
— Federal funds,
— foreign exchange,
— and commercial paper; U.S. Government and agency securities; and Corporate debt and equity securities.

Critical Market Participants
Participants in the financial markets that perform critical operations or provide critical services. Their inability to perform these operations or services could result in major disruptions in the financial system.

Critical Path
The critical path represents the business processes or systems that must receive the highest priority during the recovery phase.

Cross-Market Tests
Cross-market tests are also called market-wide tests or “street tests” that are sponsored by the Securities Industry Association, Bond Market Association, and Futures Industry Association. These tests validate the connectivity from alternate sites and include transaction, settlement, and payment processes, to the extent practical.

Currency Balance
As at the time calculated, the current amount (positive or negative) of a particular eligible currency included in an account, as indicated on the books and records of CLS Bank. A currency balance is not a separate account.

Custom Redirect Service
This service enables control over the location of incoming calls or the redirection of calls to various locations or pre-established phone numbers to ensure customer service continuity.

 

 

 

 

Home

IT Booklets

Glossary

Presentations

Resources