nrs glossary of frequently used financial industry acronyms · pdf filenrs glossary of...
TRANSCRIPT
NRS Glossary of Frequently Used Financial Industry Acronyms ACRONYM INTERPRETATION
AAA American Arbitration Association
ABS Asset-Backed Securities
ACATS Automated Customer Account Transfer Service
ACM Annual Compliance Meeting
ADF Alternative Display Facility
ADR American Depository Receipt
AG Agent (used on the CRD system instead of RR)
AICPA American Institute of Certified Public Accountants
AIF Alternative Investment Fund
AIFMD Alternative Investment Fund Managers Directive
AIMR Association for Investment Management and Research
ALJ Administrative Law Judge
AMEX American Stock Exchange
AML Anti-Money Laundering
APs Associated Persons (CFTC/NFA)
AREF Advertising Regulation Electronic Files
ARS Auction Rate Securities
ATS Alternative Trading System
AUM Assets Under Management (as of 1/1/2012 replaced by RAUM, see below)
BCP Business Continuity Plan
BD Broker-Dealer
BHC Bank Holding Company
BR Uniform Branch Office Registration Form (aka Form BR)
BSA Bank Secrecy Act
BSE Boston Stock Exchange, Inc.
CAES Computer Assisted Execution System
CBOE Chicago Board Options Exchange, Inc.
CBOT Chicago Board of Trade
CCO Chief Compliance Officer
CD Certificate of Deposit
CDO Collateralized Debt Obligation
CDS Credit Default Swap
CDSC Contingent Deferred Sales Charge
NRS Glossary of Frequently Used Financial Industry Acronyms CE Continuing Education
CEA Commodity Exchange Act
CFA® Chartered Financial Analyst
CFC Controlled Foreign Corporation
CFP® Chartered Financial Planner
CFPB Consumer Financial Protection Bureau
CFR Code of Federal Regulations
CFTC Commodity Futures Trading Commission
ChFC Chartered Financial Consultant
CHX Chicago Stock Exchange, Inc.
CIC Chartered Investment Counselor
CICI CFTC Interim Compliant Identifier
CIK Central Index Key (Unique Firm-Specific EDGAR Identifier)
CIP Customer Identification Program
CMIR Currency and Monetary Instrument Transportation Reports
CMO Collateralized Mortgage Obligation
CO Compliance Officer
COBRADesk Corporate Offerings Business Regulatory Analysis system
CPO Commodity Pool Operator
CQOC Consolidated Quote Operating Committee
CQS Consolidated Quotation System
CRD Central Registration Depository (aka Web CRD)
CTA Commodity Trading Advisor
CTA Consolidated Tape Association
CTCI Computer-to-Computer Interface
CTR Currency Transaction Report (AML)
CSE Cincinnati Stock Exchange, Inc.
CSP Covered Service Provider (ERISA)
CUSIP Committee on Uniform Securities Identification Procedures
DBCC District Business Conduct Committee
DCM Designated Contract Market
DCO Derivatives Clearing Organization(s)
DERA SEC's Division of Economic and Risk Analysis (formerly RSFI)
DFMUs Designated Financial Market Utilities
NRS Glossary of Frequently Used Financial Industry Acronyms DIA Designated Investment Alternative (ERISA)
DJIA Dow Jones Industrial Average
DOJ Department of Justice
DOL Department of Labor
DPP Direct Participation Program
DRAO Disclosure Review and Accounting Office (SEC)
DRP Disclosure Reporting Page (filed on the CRD and IARD systems)
DSIO Division of Swap Dealer and Intermediary Oversight (CFTC)
DTC Depository Trust Company
DTCC Depository Trust & Clearing Corporation
DVP Delivery versus Payment
EBITDA Earnings Before Interest, Taxes, Depreciation and Amortization
EBS Electronic Blue Sheets
EBSA Employee Benefits Security Administration
e-CFR Electronic Code of Federal Regulations
ECN Electronic Communications Network (e.g., Instinet, Archipelago, Island, etc.)
ECP Eligible Contract Participant (Commodities Exchange Act)
EDGAR Electronic Data Gathering, Analysis and Retrieval System
EFT Electronic File Transfer (aka Web EFT)
EGC Emerging Growth Company
EIA Equity Indexed Annuity
EMIR European Market Infrastructure Regulation
ENC Excess Net Capital
ERAs Exempt Reporting Advisers
ERISA Employee Retirement Income Security Act of 1974
ERM Enterprise Risk Management
ESMA European Securities and Markets Authority
ETF Exchange-Traded Fund
ETP Exchange-Traded Product
ETMF Exchange-Traded Managed Fund
ETS Electronically Traded Securities
FACTA Fair and Accurate Credit Transactions Act of 2003
FASB Financial Accounting Standards Board
FATCA Foreign Account Tax Compliance Act
NRS Glossary of Frequently Used Financial Industry Acronyms FBAR Foreign Bank and Financial Accounts Report
FCA Federally-Covered Adviser (i.e., SEC registered)
FCM Futures Commission Merchant
FCPA U.S. Foreign Corrupt Practices Act
FCS FINRA Contact System
FDIC Federal Deposit Insurance Corporation
FFMIA Federal Financial Management Improvement Act
FinCEN Financial Crimes Enforcement Network
FINOP Financial and Operations Principal
FINRA Financial Industry Regulatory Authority (formerly NASD)
FIPS Fixed Income Pricing System
FISMA Federal Information Security Management Act
FMUs Financial Market Utilities
FOCUS Financial and Operational Combined Uniform Single Report (The FOCUS Report is also called Form X-17A-5)
FOIA Freedom of Information Act
FPA Financial Planning Association
FRB Federal Reserve Board (aka the Fed)
FSA Financial Services Act (UK)
FSA Financial Services Authority (UK)
FSOC Financial Stability Oversight Council
FTC Federal Trade Commission
FX Foreign Exchange
GAAP Generally Accepted Accounting Principles
GAO Government Accountability Office (formerly General Accounting Office)
GIIN Global Intermediary Identification Number
GIPS® Global Investment Performance Standards
IA Investment Adviser
IAA Investment Adviser Association (formerly ICAA)
IACCP® Investment Adviser Certified Compliance Professional
IAPD Investment Adviser Public Disclosure (public access website for viewing electronic Form ADV filings and limited IAR background information)
IAR Investment Adviser Representative (also see RA)
IARD Investment Adviser Registration Depository
NRS Glossary of Frequently Used Financial Industry Acronyms IASB International Accounting Standards Board
ICAA Investment Counsel Association of America, Inc. (now IAA)
ICI Investment Company Institute
ICSD International Councils of Securities Dealers
IFRS International Financial Reporting Standards
IM Interpretive Material
IM SEC's Division of Investment Management
IMA Investment Management Agreement
IOSCO International Organization of Securities Commission
IPO Initial Public Offering
IRS Interest Rate Swap
ISDA International Swaps and Derivatives Association, Inc.
ISE International Securities Exchange
ISG Intermarket Surveillance Group
ISIS Industry Support Information Services
ISO Intermarket Sweep Order
IT Information Technology
ITS Intermarket Trading System
ITSFEA Insider Trading and Securities Fraud Enforcement Act of 1988
ITSOC Intermarket Trading System Operation Committee
LEI Legal Entity Identifier
LLC Limited Liability Company
LOI Letter of Intent
LP Limited Partnership
LTID Large Trader Identification Number (assigned by the SEC)
LTRS Large Trader Reporting System
M&A Mergers and Acquisitions
MAP Material Associated Persons
MBARS Municipal Bond Acceptance and Reconciliation Service
MBS Mortgage-Backed Securities
MER Management Expense Ratio
MF Mutual Fund
MFA Managed Funds Association
MIDAS Market Information Data Access System
NRS Glossary of Frequently Used Financial Industry Acronyms MiFID Markets in Financial Instruments Directive
MMF Money Market Fund
MNPI Material Non-Public Information
MPID Market Participant Identification
MRVP Minor Rule Violation Plan
MSFS Masters of Science in Financial Services
MSP Major Swap Participant
MSRB Municipal Securities Rulemaking Board
NAC National Adjudicatory Council
NAIBD National Association of Independent Broker-Dealers
NASAA North American Securities Administrators Association, Inc.
NASD National Association of Securities Dealers (now FINRA)
NASDAQ National Association of Securities Dealers Automated Quotation System
NAV Net Asset Value
NBBO National Best Bid or Offer
NCCUSL National Conference of Commissioners on Uniform State Laws
NCI Non-Conventional Investments
NCUA National Credit Union Administration
NCUSIF National Credit Union Share Insurance Fund
NEAT National Exam Analytics Tool (SEC)
NEP National Examination Program (SEC)
NEPS National Examination Program Surveillance (FINRA)
NFA National Futures Association
NMA New Member Application (FINRA)
NMS National Market System
NPI Non-public Personal Information
NQ No Quote
NQDS NASDAQ Quotation Dissemination Service
NSMIA National Securities Markets Improvement Act of 1996
NSCC National Securities Clearing Corporation
NTDS NASDAQ Trade Dissemination Service
NTM Notice to Members (FINRA)
NYSE New York Stock Exchange, Inc.
OATS Optimized Adaptive Trading System
NRS Glossary of Frequently Used Financial Industry Acronyms OATS Order Audit Trail System (FINRA)
OBA Outside Business Activity
OCC Office of the Comptroller of the Currency
OCC Options Clearing Corporation
OCIE SEC's Office of Compliance Inspections and Examinations
OFAC Office of Foreign Assets Control
OFM Office of Financial Management
OFR Office of Financial Research (U.S. Department of the Treasury)
OIG Office of the Inspector General
OM Offering Memorandum (also see POM and PPM)
OMB Office of Management and Budget
OMI SEC's Office of Market Intelligence
OPRA Options Prices Reporting Authority
ORAS SEC's Office of Risk Assessment & Surveillance
ORS Online Registration System (NFA)
OSJ Office of Supervisory Jurisdiction
OTC Over the Counter
OTCBB OTC Bulletin Board Service
OTS Office of Thrift Supervision (US Dept. of the Treasury)
PAIB Proprietary Account of Introducing Broker-Dealers
PCAOB Public Company Accounting Oversight Board
PFID Private Fund Identification Number
PFRD Private Fund Reporting Depository (Form PF electronic filing system)
PFS Personal Financial Specialist
PIA Personal Investment Account (Outside Brokerage Account)
POM Private Offering Memorandum (also see OM and PPM)
PM Portfolio Manager
PPA Pension Protection Act of 2006
PPM Private Placement Memorandum (also see OM and POM)
PCX Pacific Exchange, Inc.
PEPs Politically Exposed Persons (see FCPA)
PHLX Philadelphia Stock Exchange, Inc.
PROCTOR Professional Certification Testing Organization
PST Private Securities Transaction
NRS Glossary of Frequently Used Financial Industry Acronyms PWG President's Working Group on Financial Markets
QDIA Qualified Default Investment Alternative (ERISA)
QDS Quote Dissemination System
QEPs Qualified Eligible Persons (CFTC)
QIB Qualified Institutional Buyer (ERISA)
QPAM Qualified Professional Asset Manager (ERISA)
RA Registered Agent (used on the CRD system instead of IAR)
RAUM Regulatory Assets Under Management (formerly AUM)
REG Risk and Examinations Group (SEC - Division of Investment Management)
REIT Real Estate Investment Trust
REO SEC's Risk and Examinations Office
RIA Registered Investment Adviser (the firm, unless it is a sole proprietorship)
RIC Registered Investment Company
ROA Rights of Accumulation
ROSFP Registered Options and Security Futures Principal
RPF Responsible Plan Fiduciary (ERISA)
RR Registered Representative (also see AG)
RSFI SEC's Division of Risk, Strategy, and Financial Innovation (now DERA)
RTRS Real-Time Transaction Reporting System (MSRB's reporting platform)
RVP Receipt versus Payment
SA Subscription Agreement
SAC Securities Industry Automation Corporation
SAR Suspicious Activity Report (an AML report – Financial Institutions file a Form SAR-SF)
SD Swap Dealer
SDN Specially Designated Nationals and Blocked Persons
SDR Swap Data Repository
SEC U. S. Securities and Exchange Commission
SEF Swap Execution Facility
SEPs Simplified Employee Pension Plans (ERISA)
SFAB Small Firms Advisory Board
SIA Securities Industry Association
SIAC Securities Industry Automation Corporation
SIFIs Systemically Important Financial Institutions
SIFMA Securities Industry and Financial Markets Association
NRS Glossary of Frequently Used Financial Industry Acronyms SIPA Securities Investor Protection Act of 1970
SIPC Securities Investor Protection Corporation
SMA Separately Managed Account
SMART Securities Market Automated Regulated Trading Architecture
SOE State-Owned Enterprise (FCPA)
SOES Small Order Execution System
SPE Special Purpose Entity
SRO Self-Regulatory Organization
T+3 Settlement Date
TAOE Total Annual Operating Expenses (ERISA)
TARP Troubled Asset Relief Program
TARS Trade Acceptance and Reconciliation Service
TCR SEC's Tips, Complaints and Referrals System
TIC Treasury International Capital System
TM SEC's Division of Trading and Markets
TMTR Third Market Trade Reporting
TRACE Trade Reporting and Compliance Engine (FINRA system reporting)
TRENDS SEC’s Tracking and Reporting Exam National Documentation System
TRS Total Return Swap
UIT Unit Investment Trust
U4 Uniform application for security industry registration or transfer (aka Form U4)
U5 Uniform termination notice for security industry registration (aka Form U5)
UPC Uniform Practice Code
UPIA Uniform Prudent Investor Act
UTMA Uniform Transfers to Minors Act
VA Variable Annuity
VWAP Volume Weighted Average Price
WORM Write Once Read Many
WSP Written Supervisory Procedures © 2012-2015 National Regulatory Services. All rights reserved. Ver. IA012015
Cybersecurity / IT Acronyms & Glossary
© 2014. National Regulatory Services. All rights reserved. Version. IA062014
API Application Programming Interface
APT Advanced Persistent Threat
AV Anti-virus software
BYOD Bring Your Own Device
C2 Command & Control Traffic
CISO Chief Information Security Officer
CnC Command-and-Control
COPPA U.S. Children's Online Privacy Protection Act
CTO Chief Technology Officer
DDoS Distributed Denial-of-Service
DEP Data Execution Prevention
DLP Data Loss Prevention
DMARC Domain-based Message Authentication Reporting & Conformance
DSS Data Security Standard
FFIEC Federal Financial Institutions Examination Council
GUI Graphical User Interface
HTTP HyperText Transfer Protocol
IDS Intrusion Detection System
IE Internet Explorer
IM Instant Messaging
IMAP Internet Message Access Protocol
IP Internet Protocol
IPS Intrusion Prevention System
IPT Intellectual Property Theft
IR Incident Response
IRT Incident Response Team
ISO International Organization for Standardization
ITO Information Technology Officer
MDM Mobile Device Management
MFA Multi-Factor Authentication
MITB Man-in-the Browser
MITM Man-in-the Middle
NGTP Next-Generation Threat Protection
NIST National Institute of Standards and Technology
NPI Nonpublic Personal Information
OTP One-Time Password
PCIDDS Payment Card Industry Data Security Standard
PDA Personal Digital Assistant
PII Personally Identifiable Information
Cybersecurity / IT Acronyms & Glossary
© 2014. National Regulatory Services. All rights reserved. Version. IA062014
PIM Personal Information Management
PIN Personal Identification Number
POP Post Office Protocol
RAM Random Access Memory
RAT Remote Administration Tool
ROM Read Only Memory
ROP Return-Oriented Programming
SaaS Software as a Service
SD Secure Digital
SIM Subscriber Identity Module
SMS Short Message Service
SOC Security Operations Center
SSL Secure Sockets Layer (web security protocol)
TCP Transmission Control Protocol (with IP, the main protocol of the Internet)
TLDs Top-Level Domains
TTPs Techniques, Tactics & Procedures
URL Uniform Resource Locator
USB Universal Serial Bus
VDI Virtual Desktop Infrastructure
VM Virtual Machine
VMM Virtual Machine Manager
VPN Virtual Private Network
WAP Wireless Application Protocol
WiFi Wireless Fidelity
WISP Written Information Security Program
Cybersecurity / IT Acronyms & Glossary
© 2014. National Regulatory Services. All rights reserved. Version. IA062014
Advanced Persistent Threat (APT). A cyber-attack that employs advanced stealth techniques to remain undetected for extended periods of time.
Advanced Targeted Attack (ATA). Another name for advanced persistent threat.
Authentication mechanism. Hardware or software-based mechanisms that force users to prove their identity before accessing data on a device.
Baiting. A social engineering attack in which physical media (e.g., a USB flash drive) containing malware is deliberately left in proximity to a targeted organization.
Bot. An infected computer (or endpoint) centrally controlled by a command-and-control (CnC) server.
CnC (command-and-control) server. A server operated by a cybercriminal to provide instructions to bots.
Cryptolocker. A form of ransomware that made the headlines in September 2013; has variants that can encrypt local files, external hard drives, network file shares.
Cyberterrorism. The use of Internet-based attacks in terrorist activities, including acts of deliberate, large-scale disruption of computer networks.
Data Leakage Prevention (DLP). A system designed to detect potential data loss based on patterns (such as social security numbers) in a timely manner.
Defense-in-depth strategy. Installing a series of cybersecurity defenses so that a threat missed by one layer of security may be caught by another.
Distributed Denial-of-Service (DDoS) attack. A cyber-attack intended to disrupt or disable a targeted host by flooding it with benign communication requests from a single host.
Egress traffic. Computer network traffic flowing from inside the network to hosts outside the network.
Encryption. Any procedures used in cryptography to convert plain text into cipher text to prevent anyone but the intended recipient from reading that data.
Fail open. The ability of copper interfaces on a network appliance to maintain connectivity to prevent network disruption upon appliance power loss or disruption.
False negative. Misclassifying a file containing malware as benign.
False positive. Misclassifying a benign file as containing malware.
Hacktivism. The use of computers and computer networks as a means to protest and/or promote political ends.
Hacktivists. Individuals of varying levels of technical proficiency that utilize technology in order to advance their political views and/or agendas.
Cybersecurity / IT Acronyms & Glossary
© 2014. National Regulatory Services. All rights reserved. Version. IA062014
Hashing. The process of using a mathematical algorithm against data to produce a numeric value that is representative of that data.
HyperText Transfer Protocol (HTTP). A standard method for communication between clients and Web servers.
Ingress traffic. Computer network traffic flowing from outside the network to hosts within the network.
Instant Messaging (IM). A facility for exchanging messages in real-time with other people over the Internet and tracking the progress of a given conversation.
Intrusion Detection System (IDS). An out-of-band signature-based security device that monitors network traffic and alerts upon detecting known cyber-attacks.
Keylogger. An application that records keystrokes on a computer usually unbeknownst to the user.
Malware. Encompasses a variety of data security threats including viruses, worms, Trojan horses and spyware, among others.
Malware Analysis System (MAS). Appliance equipped with virtual execution engine that enables users to manually inspect objects suspected of containing malware.
Malware Protection System (MPS). A rackmount appliance responsible for detecting suspicious network objects and forwarding them to the virtual execution engine (which it also hosts) for signature-less analysis.
Multi-staged. A cyber-attack incorporating multiple types of malware designed to be launched at different stages of an advanced cyber-attack.
Next-Generation Threat. New breed of cyber-attacks not easily detected by signature-based security defenses (e.g., polymorphic malware, zero-day threats, and APTs).
Next-Generation Threat Protection (NGTP). Software installed on purpose-built, rackmount appliances that is designed to detect and block new breed of cyber-attacks.
Personal Information Management (PIM) Application. A core set of applications that provide the electronic equivalents of such items as an agenda, address book, notepad, and reminder list.
Personal Information Management (PIM) data. The set of data types such as contacts, calendar entries, phonebook entries, notes, memos, and reminders maintained on a device which may be synchronized with a personal computer.
Phishing. Attempting to obtain private information such as credit card and Social Security numbers and/or user names and passwords by masquerading as a known or trustworthy entity in an electronic communication.
Polymorphic threat. Malware that changes its signature (binary pattern) every time it replicates in order to evade detection by a security device or application.
Cybersecurity / IT Acronyms & Glossary
© 2014. National Regulatory Services. All rights reserved. Version. IA062014
Post Office Protocol (POP). A standard protocol used to receive electronic mail from a server.
Privileged User. A user that is authorized (and, therefore, trusted) to perform security-relevant functions that ordinary users are not authorized to perform.
Ransomware. A class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Some forms of ransomware encrypt files on the system's hard drive (cryptoviral extortion), while some may simply lock the system and display messages intended to coax the user into paying.
Remote Administration Tool (RAT). Software that provides a hacker with a backdoor into the infected system to snoop or take control of the host.
Short Message Service (SMS). A cellular network facility that allows users to send and receive text messages of up to 160 alphanumeric characters in their handsets.
Smishing. A form of social engineering that exploits SMS, or text, messages. Text messages can contain links to such things as webpages, email addresses or phone numbers that when clicked may automatically open a browser window or email message or dial a number. This integration of email, voice, text message, and web browser functionality increases the likelihood that users will fall victim to engineered malicious activity.
Social engineering. Manipulating people into performing actions or divulging confidential information by electronic fraud.
Spam. The electronic version of "junk mail." The term spam refers to unsolicited, often unwanted, email messages. Spam does not necessarily contain viruses—valid messages from legitimate sources could fall into this category.
Spear Phishing. More targeted form of phishing utilizing research obtained on individuals' profiles and accounts, including anything posted on a public form, forum or blog. Primary goal is the same as phishing – to gain entry to a target organization's network and obtain confidential information; however, focus is on higher-ranking targets (e.g., refer to the target by name, rank or position rather than using generic titles) who may be reasonably aware of security best practices to avoid ordinary phishing emails or may not have the time to read generic sounding emails. Accordingly, significantly raises the chances that the target will read a message that allows the attacker to compromise the target's network. reasonable to assume a higher success rate due to more refined communications
Spyware. A type of malware that collects information about users, with or without their knowledge.
SQL injection attack. A form of attack on a database-driven Web application in which the attacker executes unauthorized SQL commands to exploit insecure code.
Trojan. Malware that masquerades as a legitimate file or helpful application with the ultimate purpose of granting a hacker unauthorized access to a computer.
Cybersecurity / IT Acronyms & Glossary
© 2014. National Regulatory Services. All rights reserved. Version. IA062014
Universal Serial Bus (USB). A hardware interface for low-speed peripherals such as the keyboard, mouse, joystick, scanner, printer and telephone devices.
Virtual Private Network (VPN). A private network configured within a public network such as the Internet or a carrier's network. Using data encryption to maintain privacy, VPNs also allow mobile users access to the company LAN.
Vishing. A social engineering approach that leverages voice communication. This technique can be combined with other forms of social engineering that entice a victim to call a certain number and divulge sensitive information. Advanced vishing attacks can take place completely over voice communications by exploiting Voice over Internet Protocol (VoIP) solutions and broadcasting services.
Whaling. A cyber-attack directed specifically at senior executives and other high-profile targets within businesses.
Worm. A form of malware that exploits network vulnerabilities to propagate itself to other computers.
Zero-Day threat. A cyber-attack against an unknown (or unreported) operating system or application vulnerability.