The RegTech Glossary – A Beginner’s Guide to the Industry's Terminology

Do you speak RegTech? Are you an expert or are you a bit confused by all this jargon? RegTech itself is already an abbreviation that not everyone understands (it stands, of course, for Regulatory Technology), but what about all those other terms added by RegTech and frequently used in conversations about it? Well, for starters, here are some the terms you need to know so you don’t to make a fool of yourself, but as RegTech grows so will this glossary, so make sure you check in once in a while.

API: The Application Programming Interface is a set of requirements that dictate how two pieces of software talk to each other. Basically, it enables computer programmes to directly communicate with one another.

Artificial Intelligence: AI refers to the capability of a machine to imitate intelligent human behaviour. It’s a broad term for describing advanced computer intelligence capturing a computer program playing chess to voice recognition systems interpreting and responding to speech to decision-making.
BaaS: Blockchain-as-a-Service refers to the growing landscape of services based around blockchain technology. BaaS platforms allow companies to begin working with blockchain technology without having to first make significant investments in hardware.

Behavioral Analytics: Unlike traditional analytics tools, which look at key metrics, behavioural analytics aims to look and understand of user’s past habits, transactions, localization points and other aspects generating new insights

Big Data: Big Data refers to data sets that are so large or complex that traditional data processing application software is inadequate to deal with them. Tools for big data analytics collect, organize and analyze vast amounts of data to discover patterns and other useful information.
Biometrics: Biometrics are metrics related to human characteristics such as fingerprint, palm veins, face recognition, DNA, palm print, hand geometry, iris recognition, retina and
more. Biometrics authentication can be used as a form of identification and access control.

Blockchain: Blockchain is a distributed database that maintains a continuously growing list of data hardened against tampering and revision. It consists of data structured in blocks that contain a timestamp and are linked. It is the underlying technology for Bitcoin, the cryptocurrency. For more on blockchain and how it works, have a look here.

Cognitive Computing: CC refers to technology platforms that are based on the scientific disciplines of artificial intelligence and signal processing. These platforms use tools such as machine learning, face recognition or natural language processing and more.

Data Aggregation: Data aggregation is the process of compiling of data and information from databases with intent to prepare combined datasets for data processing. Data is searched, gathered and presented in a report-based, summarized format to achieve specific business objectives or processes and/or conduct human analysis.

Data lakes: Data lakes are data storage systems that contain data stored in its ‘native’ format, i.e. the data structure and requirements are not defined until the data is needed.

Deep Learning: Deep Learning is a technique to implement Machine Learning (see below) and one of drivers behind the recent success and popularity of AI as documented in the victory of DeepMind’s AlphaGo program beating a human Go champion in 2016. Deep Learning is a subset of Machine Learning algorithms inspired by the structure and function of the brain called artificial neural networks. It can take vast amounts of data and recognize certain characteristics for text-based searches, fraud detection, handwriting recognition, speech recognition, and more.

Digital Wallet: A Digital Wallet is a system or device that allows an individual to make electronic transactions. It stores a user’s payment information and passwords for numerous payment methods on websites or directly in shops using a smartphone.

DLT: Distributed Ledger Technology is often used synonymous to blockchain technology, but a while all blockchains are DLTs, not all DLTs necessarily are blockchains. Distributed ledgers are a type of database that is spread across multiple sites, countries or institutions, and is typically public. Records are stored one after the other in a continuous ledger, and in a blockchain they are sorted into blocks, while other distributed ledgers like R3’s Corda however do not use this system.

Encryption: Encryption is the process of encoding a message or information in such a way that only authorized parties can access it. It a central piece of DLT and blockchains as certain information is encrypted and can only be accessed by using a public or private key (depending on the nature of the blockchain) to decrypt the information.

False Positives: False Positives refers to test results that wrongly flag incidents that in reality do not violate the respective rules. In Fraud Detection, for example, traditional systems often are not accurate enough and highlight large numbers of events that eventually do not constitute a case of fraud but have to be cleared manually nonetheless.

Gamification: Gamification is the application of game-design elements and game principles in non-game contexts to engage and motivate people to achieve their goals. It can be used effectively, for example, for compliance training or investor education by presenting participants with a game that helps them learn important aspects while completing the challenges of the game.

KBA: Knowledge-Based Authentication is a type of authentication which looks to prove that the person providing identity information truly is that exact person. As the name suggests, KBA requires the knowledge of private information of the individual to prove that the person providing the identity information is the owner of the identity.

KBA is often used as a component in multifactor authentication (MFA) and for self-service password retrieval.

Legacy systems: Legacy Systems refers to out-dated computer systems, programming languages or software. For banks it often means that is a system that cannot be taken out of service, and the cost of designing a new system with a similar availability level is high, for example systems to handle customers’ accounts.

Machine Learning: ML is one subfield of Artificial Intelligence. The machine takes data and “learns” for itself, applying knowledge and training from large data sets for facial recognition, speech recognition, object recognition, translation, and other tasks. Machine Learning enables a system to learn to recognize patterns on its own and make predictions as opposed to a coded software program that contains specific instructions to complete a certain objective.

Machine-readable regulation: Machine-readable regulation refers to information in the form of data that can be accessed directly by software. Regulation that can be read and analyzed directly with out the need for “translation” would allow more automation and could significantly reduce the cost of regulatory change.PCI Compliance: The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. Although the PCI DSS must be implemented by all entities that process, store or transmit cardholder data, formal validation of PCI DSS compliance is not mandatory for all entities.

Regulatory Sandbox: A regulatory sandbox is a safe space for firms to test their services that would normally have to be regulated. It allows innovators to test their products or business models in live environment without following some or all legal requirements, subject to predefined restrictions.

SaaS: Software as a Service is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. It is sometimes referred to as “on-demand software” as it allows the user to pay according to the actual usage rather than outright buying software.

Semantic tech and data point models: Technology that converts regulatory text into a programming language. Machine-readable regulation is an example that would allow more for automation and could significantly reduce the cost of change. It could also help ensure greater consistency between the intentions of a regulation and its implementation.

Shared data ontology: Shared data ontology is the formal naming and definition of the types, properties, and interrelationships of entities. Sharing a common understanding of the structure of regulatory data would improve efficiency, reduce costs, ease interactions and help remove ambiguity.

Smart contracts: Smart contracts are computer protocols that facilitate, verify, or enforce the negotiation or performance of a contract, or that make a contractual clause unnecessary. Smart contracts usually also have a user interface and often emulate the logic of contractual clauses. Proponents of smart contracts claim that many kinds of contractual clauses may thus be made partially or fully self-executing, self-enforcing, or both.

Smart contracts aim to provide security superior to traditional contract law and to reduce other transaction costs associated with contracting.

SSO: Single sign-on is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications.

Tokenization: Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.

The RegTech Glossary is a living document and we will add terms to it over the future, but please help us by letting us know what you think and what we may have missed.

Simply drop us a line at


Lavanya Rathnam

Lavanya Rathnam is an experienced technology, finance, and compliance writer. She combines her keen understanding of regulatory frameworks and industry best practices with exemplary writing skills to communicate complex concepts of Governance, Risk, and Compliance (GRC) in clear and accessible language. Lavanya specializes in creating informative and engaging content that educates and empowers readers to make informed decisions. She also works with different companies in the Web 3.0, blockchain, fintech, and EV industries to assess their products’ compliance with evolving regulations and standards.

Posted in UncategorizedTagged ,

Leave a Reply

Your email address will not be published. Required fields are marked *