{ "file_id": "01_vertical_banking_financial_services", "version": "2026.03.16", "schema_version": "2.2", "status": "Production Authority", "last_authoritative_sync": "2026-03-16", "description": "Comprehensive enumeration library for the Banking and Financial Services vertical. Covers every subdomain where agentic AI is actively deployed as of March 2026: payments, lending, fraud and financial crime, treasury and capital markets, customer lifecycle, model risk, regulatory capital, and digital assets. Designed for use as OTel span attributes in an agentic AI SDK and as policy vocabulary in an OPA Rego GRC portal.", "vertical_metadata": { "vertical_key": "banking_financial_services", "industry": "Banking & Financial Services", "primary_standards": [ "BIAN v13 / v14 (Banking Industry Architecture Network)", "ISO 20022 — Universal financial industry message scheme", "Basel III / Basel III Endgame (BCBS 2017 finalisation, US phase-in through 2028)", "EU DORA — Digital Operational Resilience Act (2022/2554, effective Jan 2025)", "Federal Reserve SR 11-7 — Supervisory Guidance on Model Risk Management (2011)", "FATF Recommendations — AML/CFT (updated 2023)", "EU 6AMLD — Sixth Anti-Money Laundering Directive", "FinCEN / BSA — Bank Secrecy Act SAR requirements", "PCI DSS v4.0 — Payment Card Industry Data Security Standard", "SWIFT CBPR+ — Cross-Border Payments and Reporting Plus (coexistence ended Nov 2025)", "FedNow — Federal Reserve real-time payment service ISO 20022 profile", "SEPA — Single Euro Payments Area rulebooks" ], "primary_source_urls": [ "https://bian.org/deliverables/bian-standards/", "https://www.iso20022.org/iso-20022-message-definitions", "https://www.bis.org/bcbs/publ/d424_hlsummary.pdf", "https://www.eba.europa.eu/regulation-and-policy/operational-resilience/digital-operational-resilience-act-dora", "https://www.federalreserve.gov/supervisionreg/srletters/sr1107.htm", "https://explore.fednow.org/resources/readiness-guide-iso-20022.pdf", "https://www.swift.com/standards/iso-20022/iso-20022-financial-institutions-focus-payments-instructions" ], "otel_namespace": "banking", "opa_namespace": "data.banking", "agentic_ai_deployment_context": "As of March 2026, agentic AI in banking is deployed across: real-time payment fraud scoring, autonomous AML alert triage, AI-assisted loan underwriting, autonomous treasury liquidity management, customer onboarding KYC/KYB automation, AI-driven trade surveillance, autonomous regulatory report generation (DORA, Basel, HMDA), and AI-assisted credit risk model validation. Each subdomain carries distinct regulatory obligations that must be traceable through OTel spans to OPA policy decisions." }, "subdomains": [ { "subdomain": "Payments & Funds Transfer", "bian_service_domains": [ "Payment Execution", "Payment Order", "Payment Initiation", "Correspondent Bank", "Payment Network", "Card Terminal Operation" ], "iso20022_message_families": [ "pacs", "pain", "camt" ], "categories": [ { "enum_name": "PaymentStatusISO20022", "label": "Payment Status (ISO 20022)", "otel_attribute": "banking.payment.iso20022_status", "opa_policy_path": "data.banking.payment.iso20022_status", "rego_input_key": "banking_payment_iso20022_status", "stability": "stable", "description": "Official ISO 20022 four-letter machine-readable payment status codes from pain.002 CustomerPaymentStatusReport and pacs.002 FIToFIPaymentStatusReport. Use these exact codes when interfacing with clearing systems. Do NOT substitute descriptive strings.", "permitted_values": [ "ACTC", "ACCP", "ACSP", "ACSC", "ACWC", "ACWP", "RCVD", "PDNG", "PART", "RJCT", "CANC" ], "value_labels": { "ACTC": "Accepted Technical Validation", "ACCP": "Accepted Customer Profile", "ACSP": "Accepted Settlement in Process", "ACSC": "Accepted Settlement Completed", "ACWC": "Accepted with Change", "ACWP": "Accepted Without Posting", "RCVD": "Received", "PDNG": "Pending", "PART": "Partially Accepted", "RJCT": "Rejected", "CANC": "Cancelled" }, "code_definitions": { "ACTC": "AcceptedTechnicalValidation — Authentication and syntactic validation successful", "ACCP": "AcceptedCustomerProfile — Preceding check of technical validation successful, customer profile check successful", "ACSP": "AcceptedSettlementInProcess — All preceding checks successful, settlement in process", "ACSC": "AcceptedSettlementCompleted — Settlement completed", "ACWC": "AcceptedWithChange — Instruction accepted with a change, e.g. date or remittance not sent", "ACWP": "AcceptedWithoutPosting — Payment instruction included in credit transfer, not yet posted to debtor account", "RCVD": "Received — Payment initiation received by the institution", "PDNG": "Pending — Payment instruction is pending; further checks and settlement are taking place", "PART": "PartiallyAccepted — Only a certain number of the transactions have been accepted", "RJCT": "Rejected — Payment instruction rejected", "CANC": "Cancelled — Payment instruction has been cancelled" }, "source": "ISO 20022 pain.002.001.10 CustomerPaymentStatusReport; pacs.002.001.14 FIToFIPaymentStatusReport", "source_url": "https://www.iso20022.org/iso-20022-message-definitions", "notes": "CBPR+ coexistence period ended November 22, 2025. All SWIFT cross-border payment status messages must now use ISO 20022 MX format. FedNow uses pacs.002 for status reporting. ACTC is mandatory in CBPR+ flows and was missing from prior versions of this library." }, { "enum_name": "PaymentMessageType", "label": "Payment Message Type (ISO 20022)", "otel_attribute": "banking.payment.message_type", "opa_policy_path": "data.banking.payment.message_type", "rego_input_key": "banking_payment_message_type", "stability": "stable", "description": "ISO 20022 message type identifiers for payment-related messages. Tag agent spans with the specific message type being processed to enable per-message-type compliance policy enforcement.", "permitted_values": [ "pain.001", "pain.002", "pain.008", "pain.013", "pain.014", "pacs.002", "pacs.003", "pacs.004", "pacs.007", "pacs.008", "pacs.009", "pacs.010", "pacs.028", "camt.025", "camt.029", "camt.052", "camt.053", "camt.054", "camt.055", "camt.056", "camt.060" ], "value_labels": { "pain.001": "Customer Credit Transfer Initiation", "pain.002": "Customer Payment Status Report", "pain.008": "Customer Direct Debit Initiation", "pain.013": "Creditor Payment Activation Request", "pain.014": "Creditor Payment Activation Request Status Report", "pacs.002": "FI to FI Payment Status Report", "pacs.003": "FI to FI Customer Direct Debit", "pacs.004": "Payment Return", "pacs.007": "FI to FI Payment Reversal", "pacs.008": "FI to FI Customer Credit Transfer", "pacs.009": "Financial Institution Credit Transfer", "pacs.010": "Financial Institution Direct Debit", "pacs.028": "FI to FI Payment Status Request", "camt.025": "Receipt", "camt.029": "Resolution of Investigation", "camt.052": "Bank to Customer Account Report", "camt.053": "Bank to Customer Statement", "camt.054": "Bank to Customer Debit Credit Notification", "camt.055": "Customer Payment Cancellation Request", "camt.056": "FI to FI Payment Cancellation Request", "camt.060": "Account Reporting Request" }, "code_definitions": { "pain.001": "CustomerCreditTransferInitiation — Customer initiates credit transfer", "pain.002": "CustomerPaymentStatusReport — Status of customer-initiated payment", "pain.008": "CustomerDirectDebitInitiation — Customer initiates direct debit collection", "pain.013": "CreditorPaymentActivationRequest — Request for Payment (RFP)", "pain.014": "CreditorPaymentActivationRequestStatusReport — RFP status", "pacs.002": "FIToFIPaymentStatusReport — Interbank payment status", "pacs.003": "FIToFICustomerDirectDebit — Interbank direct debit", "pacs.004": "PaymentReturn — Return of a previous credit transfer", "pacs.007": "FIToFIPaymentReversal — Reversal of a previous payment", "pacs.008": "FIToFICustomerCreditTransfer — Interbank customer credit transfer (replaces MT103)", "pacs.009": "FinancialInstitutionCreditTransfer — Interbank FI credit transfer (replaces MT202)", "pacs.010": "FinancialInstitutionDirectDebit — Interbank FI direct debit", "pacs.028": "FIToFIPaymentStatusRequest — Request for payment status update", "camt.025": "Receipt — Acknowledgement of receipt", "camt.029": "ResolutionOfInvestigation — Response to investigation / cancellation", "camt.052": "BankToCustomerAccountReport — Intraday account report (replaces MT942)", "camt.053": "BankToCustomerStatement — End-of-day account statement (replaces MT940/MT950)", "camt.054": "BankToCustomerDebitCreditNotification — Credit/debit advice (replaces MT900/MT910)", "camt.055": "CustomerPaymentCancellationRequest — Request to cancel a payment", "camt.056": "FIToFIPaymentCancellationRequest — Interbank cancellation request", "camt.060": "AccountReportingRequest — Request for intraday or end-of-day report" }, "source": "ISO 20022 message catalogue; SWIFT CBPR+ guidelines; FedNow ISO 20022 Readiness Guide", "source_url": "https://explore.fednow.org/resources/readiness-guide-iso-20022.pdf" }, { "enum_name": "PaymentRailType", "label": "Payment Rail Type", "otel_attribute": "banking.payment.rail", "opa_policy_path": "data.banking.payment.rail", "rego_input_key": "banking_payment_rail", "stability": "stable", "description": "The payment clearing and settlement network used for a transaction. Different rails carry different compliance obligations and SLA requirements for autonomous agent processing.", "permitted_values": [ "fednow", "ach_credit", "ach_debit", "same_day_ach", "chaps", "fedwire", "chips", "swift_cbpr_plus", "sepa_credit_transfer", "sepa_instant", "sepa_direct_debit", "rtp_tcf", "card_visa", "card_mastercard", "card_amex", "crypto_onchain", "internal_book_transfer" ], "value_labels": { "fednow": "Fednow", "ach_credit": "Ach Credit", "ach_debit": "Ach Debit", "same_day_ach": "Same Day Ach", "chaps": "Chaps", "fedwire": "Fedwire", "chips": "Chips", "swift_cbpr_plus": "Swift Cbpr Plus", "sepa_credit_transfer": "Sepa Credit Transfer", "sepa_instant": "Sepa Instant", "sepa_direct_debit": "Sepa Direct Debit", "rtp_tcf": "Rtp Tcf", "card_visa": "Card Visa", "card_mastercard": "Card Mastercard", "card_amex": "Card Amex", "crypto_onchain": "Crypto Onchain", "internal_book_transfer": "Internal Book Transfer" }, "regulatory_mappings": { "fednow": "Federal Reserve FedNow Service Operating Procedures", "sepa_credit_transfer": "EPC SEPA Credit Transfer Rulebook v1.1", "sepa_instant": "EPC SEPA Instant Credit Transfer Rulebook (SCT Inst)", "swift_cbpr_plus": "SWIFT CBPR+ Usage Guidelines SR2025" }, "use_case": "OPA rule: require enhanced OFAC/sanctions screening for swift_cbpr_plus, sepa_credit_transfer, and sepa_instant rails. Require 24/7 HITL coverage for fednow and rtp_tcf rails above configurable threshold.", "source": "Federal Reserve FedNow Operating Procedures; EPC SEPA Rulebooks; SWIFT CBPR+ SR2025" }, { "enum_name": "PaymentPurposeCode", "label": "Payment Purpose Code (ISO 20022)", "otel_attribute": "banking.payment.purpose_code", "opa_policy_path": "data.banking.payment.purpose_code", "rego_input_key": "banking_payment_purpose_code", "stability": "stable", "description": "ISO 20022 ExternalPurpose1Code — structured purpose codes mandatory for CHAPS FI-to-FI payments from May 2025 and recommended for all cross-border payments. Agentic payment initiation agents must select the correct code for straight-through processing.", "permitted_values": [ "BEXP", "CASH", "CBLK", "CCRD", "CDBL", "CORT", "DCRD", "DIVI", "DVPM", "EPAY", "FCOL", "GOVT", "HEDG", "ICCP", "INTC", "INTP", "IVPT", "LOAN", "LOAR", "PENS", "POPE", "PRME", "SALA", "SECU", "SLRY", "SSBE", "SUPP", "TAXS", "TRAD", "TREA", "VATX", "WHLD" ], "value_labels": { "BEXP": "Bexp", "CASH": "Cash", "CBLK": "Cblk", "CCRD": "Ccrd", "CDBL": "Cdbl", "CORT": "Cort", "DCRD": "Dcrd", "DIVI": "Divi", "DVPM": "Dvp", "EPAY": "Epay", "FCOL": "Fcol", "GOVT": "Govt", "HEDG": "Hedg", "ICCP": "Iccp", "INTC": "Intc", "INTP": "Intp", "IVPT": "Ivpt", "LOAN": "Loan", "LOAR": "Loar", "PENS": "Pens", "POPE": "Pope", "PRME": "Prme", "SALA": "Sala", "SECU": "Secu", "SLRY": "Salary Payment", "SSBE": "Ssbe", "SUPP": "Supp", "TAXS": "Taxs", "TRAD": "Trad", "TREA": "Trea", "VATX": "Vatx", "WHLD": "Whld" }, "code_definitions": { "BEXP": "BusinessExpenses", "CASH": "CashManagementTransfer", "CBLK": "CardBulkClearing", "CCRD": "CreditCardPayment", "CDBL": "CreditCardBill", "CORT": "TradeSettlementPayment", "DCRD": "DebitCardPayment", "DIVI": "Dividends", "DVPM": "DVP — Delivery versus Payment (securities settlement)", "EPAY": "EPayment", "FCOL": "FeeCollection", "GOVT": "GovernmentPayment", "HEDG": "Hedging", "ICCP": "IntraCompanyPayment", "INTC": "IntraCompanyPayment (cross-border)", "INTP": "InterestPayment", "IVPT": "InvoicePayment", "LOAN": "LoanPayment", "LOAR": "LoanRepayment", "PENS": "PensionPayment", "POPE": "PropertyPurchase", "PRME": "PreciousMetalPurchase", "SALA": "SalaryPayment", "SECU": "SecuritiesPurchase", "SLRY": "SalaryPayment — Structured", "SSBE": "SocialSecurityBenefit", "SUPP": "SupplierPayment", "TAXS": "TaxPayment", "TRAD": "TradeFinanceTransaction", "TREA": "TreasuryPayment", "VATX": "VATPayment", "WHLD": "WithholdingTax" }, "source": "ISO 20022 ExternalPurpose1Code code set; Bank of England CHAPS Purpose Code mandate (May 2025)", "source_url": "https://www.bankofengland.co.uk/payment-and-settlement/rtgs-renewal-programme/iso-20022-handbook", "notes": "Bank of England mandated Purpose Codes for FI-to-FI pacs.009 payments and property transactions from May 2025. POPE is required for all UK property settlement payments." }, { "enum_name": "PaymentAgentActionType", "label": "Payment Agent Action Type", "otel_attribute": "banking.payment.agent_action", "opa_policy_path": "data.banking.payment.agent_action", "rego_input_key": "banking_payment_agent_action", "stability": "proposed", "description": "The specific action an autonomous payment agent is executing. Used to gate actions behind appropriate controls — autonomous payment initiation is irreversible and requires HITL for amounts above threshold.", "permitted_values": [ "initiate_credit_transfer", "initiate_direct_debit", "request_payment_cancellation", "request_return", "request_reversal", "request_status_update", "apply_payment_preference", "route_payment", "apply_sanctions_screen", "apply_fraud_score", "apply_aml_screen", "generate_statement_report", "reconcile_account", "manage_liquidity_position", "apply_fx_conversion" ], "value_labels": { "initiate_credit_transfer": "Initiate Credit Transfer", "initiate_direct_debit": "Initiate Direct Debit", "request_payment_cancellation": "Request Payment Cancellation", "request_return": "Request Return", "request_reversal": "Request Reversal", "request_status_update": "Request Status Update", "apply_payment_preference": "Apply Payment Preference", "route_payment": "Route Payment", "apply_sanctions_screen": "Apply Sanctions Screen", "apply_fraud_score": "Apply Fraud Score", "apply_aml_screen": "Apply AML Screen", "generate_statement_report": "Generate Statement Report", "reconcile_account": "Reconcile Account", "manage_liquidity_position": "Manage Liquidity Position", "apply_fx_conversion": "Apply Fx Conversion" }, "regulatory_mappings": { "psd2": "PSD2 Article 64 — Liability for unauthorized payment transactions", "nacha": "NACHA Operating Rules — Originator obligations", "eu_dora": "DORA Article 30 — Operational risk in payment systems" }, "use_case": "OPA rule: classify initiate_credit_transfer, initiate_direct_debit, and apply_fx_conversion as irreversible_high_impact, requiring HITL approval above configurable amount threshold.", "source": "PSD2; NACHA Operating Rules; BIAN Payment Execution Service Domain" }, { "enum_name": "SanctionsScreeningOutcome", "label": "Sanctions Screening Outcome", "otel_attribute": "banking.sanctions.screening_outcome", "opa_policy_path": "data.banking.sanctions.screening_outcome", "rego_input_key": "banking_sanctions_screening_outcome", "stability": "stable", "description": "Outcome of OFAC/sanctions list screening for payment parties or account holders. Agentic payment agents must never proceed past a hit or potential_hit without human review.", "permitted_values": [ "clear", "potential_hit", "confirmed_hit", "false_positive_cleared", "deferred_for_review", "blocked", "escalated_to_compliance" ], "value_labels": { "clear": "Clear", "potential_hit": "Potential Hit", "confirmed_hit": "Confirmed Hit", "false_positive_cleared": "False Positive Cleared", "deferred_for_review": "Deferred for Review", "blocked": "Blocked", "escalated_to_compliance": "Escalated to Compliance" }, "regulatory_mappings": { "ofac": "OFAC 31 CFR Part 501 — Reporting and procedures for blocked transactions", "eu_sanctions": "EU Council Regulation 833/2014 (Russia sanctions) and related regulations", "un_security_council": "UN Security Council consolidated sanctions list", "fatf": "FATF Recommendation 6 — Targeted financial sanctions" }, "use_case": "OPA rule: deny any payment agent tool call for payment rail execution when sanctions_screening_outcome is potential_hit or confirmed_hit; require HITL escalation.", "source": "OFAC SDN list screening requirements; BIAN Financial Crime Domain; FATF Recommendation 6" } ] }, { "subdomain": "Fraud Detection & Financial Crime", "bian_service_domains": [ "Fraud Detection", "Fraud Resolution", "Transaction Fraud Detection", "Card Case Management", "Customer Fraud Behavior Insights", "Financial Crime Investigation", "Suspicious Transaction Analysis" ], "categories": [ { "enum_name": "FraudDetectionModelType", "label": "Fraud Detection Model Type", "otel_attribute": "banking.fraud.model_type", "opa_policy_path": "data.banking.fraud.model_type", "rego_input_key": "banking_fraud_model_type", "stability": "proposed", "description": "The type of fraud detection model whose inference result is being applied by the agentic system.", "permitted_values": [ "rules_based_engine", "ml_supervised_classifier", "ml_unsupervised_anomaly", "graph_network_analysis", "behavioral_biometrics", "device_fingerprinting", "llm_narrative_analysis", "ensemble_hybrid", "real_time_streaming_score", "batch_retrospective_score" ], "value_labels": { "rules_based_engine": "Rules Based Engine", "ml_supervised_classifier": "Ml Supervised Classifier", "ml_unsupervised_anomaly": "Ml Unsupervised Anomaly", "graph_network_analysis": "Graph Network Analysis", "behavioral_biometrics": "Behavioral Biometrics", "device_fingerprinting": "Device Fingerprinting", "llm_narrative_analysis": "Llm Narrative Analysis", "ensemble_hybrid": "Ensemble Hybrid", "real_time_streaming_score": "Real Time Streaming Score", "batch_retrospective_score": "Batch Retrospective Score" }, "regulatory_mappings": { "fed_sr_11_7": "SR 11-7 — All models including fraud scoring models subject to model risk management", "cfpb_circular_2022_3": "CFPB Circular 2022-3 — Adverse action reason codes for algorithmic models" }, "source": "BIAN Fraud Detection Service Domain; Fed SR 11-7 model inventory requirements" }, { "enum_name": "FraudAlertDisposition", "label": "Fraud Alert Disposition", "otel_attribute": "banking.fraud.alert_disposition", "opa_policy_path": "data.banking.fraud.alert_disposition", "rego_input_key": "banking_fraud_alert_disposition", "stability": "stable", "description": "The analyst or agent disposition of a fraud alert after review. Must be logged immutably for SR 11-7 model performance monitoring and CFPB adverse action requirements.", "permitted_values": [ "true_positive_fraud_confirmed", "false_positive_cleared", "suspected_fraud_monitoring", "transaction_blocked", "transaction_reversed", "customer_contacted", "account_restricted", "account_closed", "law_enforcement_referral", "escalated_to_senior_analyst", "awaiting_customer_confirmation", "resolved_no_action" ], "value_labels": { "true_positive_fraud_confirmed": "True Positive Fraud Confirmed", "false_positive_cleared": "False Positive Cleared", "suspected_fraud_monitoring": "Suspected Fraud Monitoring", "transaction_blocked": "Transaction Blocked", "transaction_reversed": "Transaction Reversed", "customer_contacted": "Customer Contacted", "account_restricted": "Account Restricted", "account_closed": "Account Closed", "law_enforcement_referral": "Law Enforcement Referral", "escalated_to_senior_analyst": "Escalated to Senior Analyst", "awaiting_customer_confirmation": "Awaiting Customer Confirmation", "resolved_no_action": "Resolved No Action" }, "source": "BIAN Fraud Resolution Service Domain; NICB fraud management protocols" }, { "enum_name": "FraudCaseResolutionState", "label": "Fraud Case Resolution State", "otel_attribute": "banking.fraud.case_resolution_state", "opa_policy_path": "data.banking.fraud.case_resolution_state", "rego_input_key": "banking_fraud_case_resolution_state", "stability": "stable", "description": "Defines the allowed values for Fraud Case Resolution State in the Banking & Financial Services catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to BIAN Fraud Resolution Service Domain.", "permitted_values": [ "initiated", "documentation_requested", "investigation_in_progress", "customer_liability_assessed", "bank_liability_assessed", "reversal_processed", "chargeback_filed", "arbitration_requested", "closed_no_loss", "closed_with_loss", "referred_to_law_enforcement" ], "value_labels": { "initiated": "Initiated", "documentation_requested": "Documentation Requested", "investigation_in_progress": "Investigation in Progress", "customer_liability_assessed": "Customer Liability Assessed", "bank_liability_assessed": "Bank Liability Assessed", "reversal_processed": "Reversal Processed", "chargeback_filed": "Chargeback Filed", "arbitration_requested": "Arbitration Requested", "closed_no_loss": "Closed No Loss", "closed_with_loss": "Closed with Loss", "referred_to_law_enforcement": "Referred to Law Enforcement" }, "regulatory_mappings": { "regulation_e": "Reg E 12 CFR Part 1005 — Error resolution for electronic fund transfers", "regulation_z": "Reg Z 12 CFR Part 1026 — Billing error rights for credit cards", "visa_mastercard_chargeback": "Card network dispute resolution rules" }, "source": "BIAN Fraud Resolution Service Domain", "source_url": "https://bian.org/servicelandscape-12-0-0/object_22.html?object=44725" }, { "enum_name": "AMLAlertStatus", "label": "AML Alert Status", "otel_attribute": "banking.aml.alert_status", "opa_policy_path": "data.banking.aml.alert_status", "rego_input_key": "banking_aml_alert_status", "stability": "stable", "description": "Defines the allowed values for AML Alert Status in the Banking & Financial Services catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to FinCEN SAR filing requirements; BIAN Suspicious Transaction Analysis Service Domain; 6AMLD.", "permitted_values": [ "system_generated", "under_review", "escalated_to_l2_analyst", "escalated_to_compliance_officer", "sar_decision_pending", "sar_filed", "sar_declined_documented", "closed_false_positive", "closed_low_risk_documented", "closed_confirmed_suspicious", "referred_to_law_enforcement", "blocked_and_frozen" ], "value_labels": { "system_generated": "System Generated", "under_review": "Under Review", "escalated_to_l2_analyst": "Escalated to L2 Analyst", "escalated_to_compliance_officer": "Escalated to Compliance Officer", "sar_decision_pending": "SAR Decision Pending", "sar_filed": "SAR Filed", "sar_declined_documented": "SAR Declined Documented", "closed_false_positive": "Closed False Positive", "closed_low_risk_documented": "Closed Low Risk Documented", "closed_confirmed_suspicious": "Closed Confirmed Suspicious", "referred_to_law_enforcement": "Referred to Law Enforcement", "blocked_and_frozen": "Blocked and Frozen" }, "regulatory_mappings": { "bsa_31_usc_5318": "BSA 31 USC 5318(g) — Suspicious Activity Report filing obligation", "fincen_sar_2012": "FinCEN SAR Instructions (2012, updated 2021)", "eu_amld6_art33": "6AMLD Article 33 — Reporting obligation to FIU" }, "use_case": "OPA rule: require HITL with compliance_officer role for sar_decision_pending state. Block automated sar_filed or sar_declined_documented transitions — these must be human-authorised.", "source": "FinCEN SAR filing requirements; BIAN Suspicious Transaction Analysis Service Domain; 6AMLD" }, { "enum_name": "AMLTypologyCode", "label": "AML Typology Code", "otel_attribute": "banking.aml.typology", "opa_policy_path": "data.banking.aml.typology", "rego_input_key": "banking_aml_typology", "stability": "stable", "description": "FATF and FinCEN recognised money laundering and terrorist financing typologies. Agent-generated AML alerts should be tagged with the suspected typology to route to the correct specialist.", "permitted_values": [ "structuring_smurfing", "layering_wire_transfers", "trade_based_money_laundering", "real_estate_placement", "shell_company_layering", "crypto_mixing_tumbling", "hawala_informal_value_transfer", "loan_back", "cash_intensive_business", "human_trafficking_proceeds", "tax_evasion", "sanctions_evasion", "proliferation_financing", "cyber_crime_proceeds", "business_email_compromise" ], "value_labels": { "structuring_smurfing": "Structuring Smurfing", "layering_wire_transfers": "Layering Wire Transfers", "trade_based_money_laundering": "Trade Based Money Laundering", "real_estate_placement": "Real Estate Placement", "shell_company_layering": "Shell Company Layering", "crypto_mixing_tumbling": "Crypto Mixing Tumbling", "hawala_informal_value_transfer": "Hawala Informal Value Transfer", "loan_back": "Loan Back", "cash_intensive_business": "Cash Intensive Business", "human_trafficking_proceeds": "Human Trafficking Proceeds", "tax_evasion": "Tax Evasion", "sanctions_evasion": "Sanctions Evasion", "proliferation_financing": "Proliferation Financing", "cyber_crime_proceeds": "Cyber Crime Proceeds", "business_email_compromise": "Business Email Compromise" }, "source": "FATF Typologies Report; FinCEN Financial Trend Analysis; ACAMS typology classification", "source_url": "https://www.fatf-gafi.org/en/publications/Methodsandtrends.html" }, { "enum_name": "KYCVerificationStatus", "label": "KYC Verification Status", "otel_attribute": "banking.kyc.status", "opa_policy_path": "data.banking.kyc.status", "rego_input_key": "banking_kyc_status", "stability": "stable", "description": "Defines the allowed values for KYC Verification Status in the Banking & Financial Services catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to BIAN Party Lifecycle Management Service Domain; FATF Recommendations.", "permitted_values": [ "unverified", "pending_documentation", "identity_check_in_progress", "document_verification_in_progress", "biometric_check_in_progress", "verified_standard", "verified_enhanced_due_diligence", "rejected", "expired_requires_refresh", "pep_identified_monitoring", "adverse_media_flagged", "sanctions_match_blocked", "derisked_offboarded" ], "value_labels": { "unverified": "Unverified", "pending_documentation": "Pending Documentation", "identity_check_in_progress": "Identity Check in Progress", "document_verification_in_progress": "Document Verification in Progress", "biometric_check_in_progress": "Biometric Check in Progress", "verified_standard": "Verified Standard", "verified_enhanced_due_diligence": "Verified Enhanced Due Diligence", "rejected": "Rejected", "expired_requires_refresh": "Expired Requires Refresh", "pep_identified_monitoring": "Pep Identified Monitoring", "adverse_media_flagged": "Adverse Media Flagged", "sanctions_match_blocked": "Sanctions Match Blocked", "derisked_offboarded": "Derisked Offboarded" }, "regulatory_mappings": { "bsa_cdd_rule": "BSA Customer Due Diligence Rule 31 CFR 1020.210", "fatf_recommendation_10": "FATF Recommendation 10 — Customer due diligence", "eu_amld5_art13": "5AMLD Article 13 — Enhanced due diligence", "finra_4512": "FINRA Rule 4512 — Customer account information" }, "source": "BIAN Party Lifecycle Management Service Domain; FATF Recommendations", "source_url": "https://bian.org/servicelandscape-9-0/object_14.html?object=28137" }, { "enum_name": "KYBVerificationStatus", "label": "KYB Verification Status", "otel_attribute": "banking.kyb.status", "opa_policy_path": "data.banking.kyb.status", "rego_input_key": "banking_kyb_status", "stability": "stable", "description": "Know Your Business verification status for legal entity customers. Distinct from KYC (individual) due to beneficial ownership and corporate structure requirements.", "permitted_values": [ "unverified", "pending_documentation", "beneficial_ownership_verification_in_progress", "ubo_identified_verified", "corporate_structure_verified", "verified", "rejected_high_risk_jurisdiction", "rejected_shell_company_suspected", "expired", "enhanced_due_diligence_required", "pep_ubo_identified_monitoring", "sanctions_match_blocked" ], "value_labels": { "unverified": "Unverified", "pending_documentation": "Pending Documentation", "beneficial_ownership_verification_in_progress": "Beneficial Ownership Verification in Progress", "ubo_identified_verified": "Ubo Identified Verified", "corporate_structure_verified": "Corporate Structure Verified", "verified": "Verified", "rejected_high_risk_jurisdiction": "Rejected High Risk Jurisdiction", "rejected_shell_company_suspected": "Rejected Shell Company Suspected", "expired": "Expired", "enhanced_due_diligence_required": "Enhanced Due Diligence Required", "pep_ubo_identified_monitoring": "Pep Ubo Identified Monitoring", "sanctions_match_blocked": "Sanctions Match Blocked" }, "regulatory_mappings": { "fincen_beneficial_ownership_rule": "FinCEN Beneficial Ownership Information Rule (effective Jan 2024)", "eu_amld5_art30": "5AMLD Article 30 — Beneficial ownership registers", "bsa_cdd_rule_beneficial_ownership": "BSA CDD Rule 31 CFR 1010.230 — Beneficial ownership" }, "source": "FinCEN Beneficial Ownership Information reporting rule; FATF Recommendation 24; BIAN Party Lifecycle Management" } ] }, { "subdomain": "Lending & Credit", "bian_service_domains": [ "Consumer Loan", "Corporate Loan", "Mortgage Loan", "Credit Facility", "Loan", "Collateral Asset Administration", "Credit Risk Operations", "Customer Credit Rating" ], "categories": [ { "enum_name": "LoanApplicationStatus", "label": "Loan Application Status", "otel_attribute": "banking.loan.application_status", "opa_policy_path": "data.banking.loan.application_status", "rego_input_key": "banking_loan_application_status", "stability": "stable", "description": "Defines the allowed values for Loan Application Status in the Banking & Financial Services catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to BIAN Lending Service Domain Fulfillment Pattern; CFPB Reg B adverse action requirements.", "permitted_values": [ "initiated", "application_incomplete", "documentation_requested", "identity_verification_pending", "credit_bureau_pull_in_progress", "credit_assessment_complete", "underwriting_in_progress", "conditional_approval", "approved", "counter_offer_made", "declined", "withdrawn_by_applicant", "expired", "funded", "cancelled_post_approval" ], "value_labels": { "initiated": "Initiated", "application_incomplete": "Application Incomplete", "documentation_requested": "Documentation Requested", "identity_verification_pending": "Identity Verification Pending", "credit_bureau_pull_in_progress": "Credit Bureau Pull in Progress", "credit_assessment_complete": "Credit Assessment Complete", "underwriting_in_progress": "Underwriting in Progress", "conditional_approval": "Conditional Approval", "approved": "Approved", "counter_offer_made": "Counter Offer Made", "declined": "Declined", "withdrawn_by_applicant": "Withdrawn by Applicant", "expired": "Expired", "funded": "Funded", "cancelled_post_approval": "Cancelled Post Approval" }, "regulatory_mappings": { "ecoa_reg_b": "ECOA / Reg B — Adverse action notification within 30 days", "fcra": "FCRA 15 USC 1681 — Credit report adverse action notice", "hmda": "HMDA 12 CFR 1003 — Reportable action taken codes" }, "source": "BIAN Lending Service Domain Fulfillment Pattern; CFPB Reg B adverse action requirements" }, { "enum_name": "CreditDecisionType", "label": "Credit Decision Type", "otel_attribute": "banking.credit.decision_type", "opa_policy_path": "data.banking.credit.decision_type", "rego_input_key": "banking_credit_decision_type", "stability": "proposed", "description": "The type of credit decision being made or supported by an AI agent. All automated credit decisions affecting a consumer are subject to ECOA adverse action notice requirements.", "permitted_values": [ "origination_approval", "origination_denial", "credit_limit_increase", "credit_limit_decrease", "account_suspension", "account_closure", "rate_change_adverse", "rate_change_favorable", "collections_strategy_assignment", "charge_off_recommendation", "restructuring_offer", "forbearance_approval", "forbearance_denial" ], "value_labels": { "origination_approval": "Origination Approval", "origination_denial": "Origination Denial", "credit_limit_increase": "Credit Limit Increase", "credit_limit_decrease": "Credit Limit Decrease", "account_suspension": "Account Suspension", "account_closure": "Account Closure", "rate_change_adverse": "Rate Change Adverse", "rate_change_favorable": "Rate Change Favorable", "collections_strategy_assignment": "Collections Strategy Assignment", "charge_off_recommendation": "Charge Off Recommendation", "restructuring_offer": "Restructuring Offer", "forbearance_approval": "Forbearance Approval", "forbearance_denial": "Forbearance Denial" }, "regulatory_mappings": { "ecoa_reg_b": "ECOA Reg B 12 CFR 1002 — Adverse action notice for all adverse credit decisions", "cfpb_circular_2022_3": "CFPB Circular 2022-3 — Adverse action reason codes for complex models", "eu_ai_act_annex3": "EU AI Act Annex III 5(b) — AI in creditworthiness assessment: high-risk" }, "use_case": "OPA rule: require explainability_method output and adverse_action_reason_codes for all origination_denial, credit_limit_decrease, account_suspension, and account_closure decisions. EU AI Act high-risk classification applies.", "source": "ECOA Reg B; CFPB Circular 2022-3; EU AI Act Annex III" }, { "enum_name": "AdverseActionReasonCode", "label": "Adverse Action Reason Code", "otel_attribute": "banking.credit.adverse_action_reason", "opa_policy_path": "data.banking.credit.adverse_action_reason", "rego_input_key": "banking_credit_adverse_action_reason", "stability": "stable", "description": "Standardised adverse action reason codes required by ECOA Reg B and FCRA. AI agents generating credit decisions must produce at least the principal reasons for denial. CFPB Circular 2022-3 clarifies these codes are required even for complex algorithmic models.", "permitted_values": [ "credit_application_incomplete", "insufficient_credit_file", "no_credit_file", "delinquent_past_present_credit_obligations", "too_many_accounts_or_inquiries", "too_many_accounts_with_balances", "too_many_revolving_accounts", "too_few_accounts_currently_paid_as_agreed", "income_insufficient_for_amount_requested", "excessive_debt_obligations", "length_of_employment", "temporary_or_irregular_employment", "unable_to_verify_employment", "unable_to_verify_income", "unable_to_verify_residence", "collateral_insufficient", "mortgage_insurance_denied", "value_or_type_of_collateral_unacceptable", "age_of_collateral", "unacceptable_property", "bankruptcy_discharge", "collection_or_charge_off_within_period", "foreclosure_or_repossession", "garnishment_or_attachment", "credit_score_below_required", "government_loan_program_ineligible" ], "value_labels": { "credit_application_incomplete": "Credit Application Incomplete", "insufficient_credit_file": "Insufficient Credit File", "no_credit_file": "No Credit File", "delinquent_past_present_credit_obligations": "Delinquent Past Present Credit Obligations", "too_many_accounts_or_inquiries": "Too Many Accounts or Inquiries", "too_many_accounts_with_balances": "Too Many Accounts with Balances", "too_many_revolving_accounts": "Too Many Revolving Accounts", "too_few_accounts_currently_paid_as_agreed": "Too Few Accounts Currently Paid As Agreed", "income_insufficient_for_amount_requested": "Income Insufficient for Amount Requested", "excessive_debt_obligations": "Excessive Debt Obligations", "length_of_employment": "Length of Employment", "temporary_or_irregular_employment": "Temporary or Irregular Employment", "unable_to_verify_employment": "Unable to Verify Employment", "unable_to_verify_income": "Unable to Verify Income", "unable_to_verify_residence": "Unable to Verify Residence", "collateral_insufficient": "Collateral Insufficient", "mortgage_insurance_denied": "Mortgage Insurance Denied", "value_or_type_of_collateral_unacceptable": "Value or Type of Collateral Unacceptable", "age_of_collateral": "Age of Collateral", "unacceptable_property": "Unacceptable Property", "bankruptcy_discharge": "Bankruptcy Discharge", "collection_or_charge_off_within_period": "Collection or Charge Off Within Period", "foreclosure_or_repossession": "Foreclosure or Repossession", "garnishment_or_attachment": "Garnishment or Attachment", "credit_score_below_required": "Credit Score Below Required", "government_loan_program_ineligible": "Government Loan Program Ineligible" }, "regulatory_mappings": { "ecoa_reg_b": "Reg B 12 CFR 1002.9 — Statement of specific reasons for adverse action", "fcra_615a": "FCRA Section 615(a) — Adverse action notice using consumer report", "cfpb_circular_2022_3": "CFPB Circular 2022-3 — Complex model adverse action reason requirement" }, "source": "Federal Reserve Regulation B sample adverse action notice; CFPB ECOA guidance", "source_url": "https://www.consumerfinance.gov/rules-policy/regulations/1002/" }, { "enum_name": "CreditRiskRating", "label": "Credit Risk Rating", "otel_attribute": "banking.credit.risk_rating", "opa_policy_path": "data.banking.credit.risk_rating", "rego_input_key": "banking_credit_risk_rating", "stability": "stable", "description": "Composite credit risk rating using the major agency scale. Internal ratings must map to this external scale for Basel III risk-weight assignment.", "permitted_values": [ "aaa", "aa_plus", "aa", "aa_minus", "a_plus", "a", "a_minus", "bbb_plus", "bbb", "bbb_minus", "bb_plus", "bb", "bb_minus", "b_plus", "b", "b_minus", "ccc_plus", "ccc", "ccc_minus", "cc", "c", "d_default", "nr_not_rated", "wr_withdrawn" ], "value_labels": { "aaa": "Investment Grade", "aa_plus": "AA+", "aa": "Aa", "aa_minus": "AA-", "a_plus": "A+", "a": "A", "a_minus": "A-", "bbb_plus": "BBB+", "bbb": "Bbb", "bbb_minus": "Investment Grade", "bb_plus": "Speculative Grade", "bb": "Bb", "bb_minus": "BB-", "b_plus": "B+", "b": "B", "b_minus": "B-", "ccc_plus": "CCC+", "ccc": "Ccc", "ccc_minus": "CCC-", "cc": "Cc", "c": "C", "d_default": "D (Default)", "nr_not_rated": "NR (Not Rated)", "wr_withdrawn": "WR (Withdrawn)" }, "code_definitions": { "aaa": "Investment grade — Prime. Highest quality.", "bbb_minus": "Investment grade — Lowest investment grade. BBB- is the threshold for inclusion in most investment-grade indices.", "bb_plus": "Speculative grade — Highest speculative grade. Below BB+ is 'junk' / high yield.", "d_default": "Default. Obligor has failed to make a scheduled payment." }, "regulatory_mappings": { "basel_iii_standardised_approach": "BCBS Basel III standardised approach — external credit assessment institution (ECAI) ratings drive risk weights", "iosco_cra": "IOSCO CRA Code of Conduct — Rating agency governance" }, "source": "S&P Global Ratings; Moody's; Fitch Ratings — composite notch scale; BCBS Basel III Standardised Approach for Credit Risk", "source_url": "https://www.bis.org/bcbs/publ/d424_hlsummary.pdf" }, { "enum_name": "InternalLoanGrade", "label": "Internal Loan Grade", "otel_attribute": "banking.loan.internal_grade", "opa_policy_path": "data.banking.loan.internal_grade", "rego_input_key": "banking_loan_internal_grade", "stability": "proposed", "description": "OCC / Fed regulatory loan classification grades used in internal credit risk rating systems. Agents performing portfolio analysis or generating regulatory reports must use these classifications.", "permitted_values": [ "pass_1_exceptional", "pass_2_good", "pass_3_satisfactory", "pass_4_acceptable", "pass_5_watch", "special_mention_6", "substandard_7", "doubtful_8", "loss_9" ], "value_labels": { "pass_1_exceptional": "Pass 1 Exceptional", "pass_2_good": "Pass 2 Good", "pass_3_satisfactory": "Pass 3 Satisfactory", "pass_4_acceptable": "Pass 4 Acceptable", "pass_5_watch": "Pass 5 Watch", "special_mention_6": "Special Mention 6", "substandard_7": "Substandard 7", "doubtful_8": "Doubtful 8", "loss_9": "Loss 9" }, "ordered": true, "value_ordinals": { "pass_1_exceptional": 1, "pass_2_good": 2, "pass_3_satisfactory": 3, "pass_4_acceptable": 4, "pass_5_watch": 5, "special_mention_6": 6, "substandard_7": 7, "doubtful_8": 8, "loss_9": 9 }, "regulatory_mappings": { "occ_handbook_loan_classification": "OCC Handbook — Loan Classification definitions", "fed_examination_manual": "Federal Reserve Commercial Bank Examination Manual — loan classifications", "fdic_risk_management_manual": "FDIC Risk Management Manual — classified assets" }, "use_case": "OPA rule: require senior credit officer review for any agent action on loans classified special_mention_6 or below (adversely classified assets). Flag for DFAST stress test inclusion.", "source": "OCC Comptroller's Handbook — Rating Credit Risk; Federal Reserve Examination Manual" }, { "enum_name": "CollateralType", "label": "Collateral Type", "otel_attribute": "banking.collateral.type", "opa_policy_path": "data.banking.collateral.type", "rego_input_key": "banking_collateral_type", "stability": "stable", "description": "Defines the allowed values for Collateral Type in the Banking & Financial Services catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to BIAN Collateral Asset Administration Service Domain; Basel III credit risk mitigation framework.", "permitted_values": [ "cash_deposit", "us_treasury_securities", "agency_mbs", "investment_grade_corporate_bond", "equity_listed", "commercial_real_estate", "residential_real_estate_first_lien", "residential_real_estate_second_lien", "auto_vehicle", "equipment", "accounts_receivable", "inventory", "intellectual_property", "personal_guarantee", "corporate_guarantee", "letter_of_credit", "crypto_asset", "other_financial_instrument" ], "value_labels": { "cash_deposit": "Cash Deposit", "us_treasury_securities": "Us Treasury Securities", "agency_mbs": "Agency Mbs", "investment_grade_corporate_bond": "Investment Grade Corporate Bond", "equity_listed": "Equity Listed", "commercial_real_estate": "Commercial Real Estate", "residential_real_estate_first_lien": "Residential Real Estate First Lien", "residential_real_estate_second_lien": "Residential Real Estate Second Lien", "auto_vehicle": "Auto Vehicle", "equipment": "Equipment", "accounts_receivable": "Accounts Receivable", "inventory": "Inventory", "intellectual_property": "Intellectual Property", "personal_guarantee": "Personal Guarantee", "corporate_guarantee": "Corporate Guarantee", "letter_of_credit": "Letter of Credit", "crypto_asset": "Crypto Asset", "other_financial_instrument": "Other Financial Instrument" }, "regulatory_mappings": { "basel_iii_cre": "BCBS Basel III — Eligible collateral for credit risk mitigation", "ucc_article_9": "UCC Article 9 — Secured transactions in personal property" }, "source": "BIAN Collateral Asset Administration Service Domain; Basel III credit risk mitigation framework" } ] }, { "subdomain": "Treasury, Capital Markets & Liquidity", "bian_service_domains": [ "Treasury Management", "Liquidity Risk Management", "Asset Securitisation", "Collateral Allocation Management", "Securities Position Keeping", "Market Risk Management", "Counterparty Risk Management", "Fixed Income Transaction Processing" ], "categories": [ { "enum_name": "LiquidityManagementAction", "label": "Liquidity Management Action", "otel_attribute": "banking.treasury.liquidity_action", "opa_policy_path": "data.banking.treasury.liquidity_action", "rego_input_key": "banking_treasury_liquidity_action", "stability": "proposed", "description": "Actions taken by autonomous treasury agents to manage intraday or overnight liquidity positions.", "permitted_values": [ "repo_agreement_initiate", "repo_agreement_unwind", "securities_lending_initiate", "securities_lending_recall", "fed_funds_purchase", "fed_funds_sale", "fhlb_advance_draw", "fhlb_advance_repay", "cd_issuance", "commercial_paper_issuance", "contingency_facility_draw", "collateral_pledge", "collateral_substitute", "nostro_account_funding", "concentration_account_sweep" ], "value_labels": { "repo_agreement_initiate": "Repo Agreement Initiate", "repo_agreement_unwind": "Repo Agreement Unwind", "securities_lending_initiate": "Securities Lending Initiate", "securities_lending_recall": "Securities Lending Recall", "fed_funds_purchase": "Fed Funds Purchase", "fed_funds_sale": "Fed Funds Sale", "fhlb_advance_draw": "Fhlb Advance Draw", "fhlb_advance_repay": "Fhlb Advance Repay", "cd_issuance": "Cd Issuance", "commercial_paper_issuance": "Commercial Paper Issuance", "contingency_facility_draw": "Contingency Facility Draw", "collateral_pledge": "Collateral Pledge", "collateral_substitute": "Collateral Substitute", "nostro_account_funding": "Nostro Account Funding", "concentration_account_sweep": "Concentration Account Sweep" }, "regulatory_mappings": { "lcr": "Basel III Liquidity Coverage Ratio (LCR) — 30-day stress period", "nsfr": "Basel III Net Stable Funding Ratio (NSFR)", "reg_w": "Federal Reserve Regulation W — Section 23A/23B affiliate transactions" }, "use_case": "OPA rule: classify all liquidity actions as irreversible_high_impact. Require pre-execution HITL for amounts above LCR buffer threshold. Block repo_agreement_initiate with non-investment-grade counterparties.", "source": "BIAN Treasury Management Service Domain; Basel III LCR / NSFR requirements" }, { "enum_name": "BaselCapitalRatioType", "label": "Basel Capital Ratio Type", "otel_attribute": "banking.capital.ratio_type", "opa_policy_path": "data.banking.capital.ratio_type", "rego_input_key": "banking_capital_ratio_type", "stability": "stable", "description": "Basel III capital ratio types. Autonomous regulatory reporting agents must correctly classify and tag capital ratio calculations for supervisory reporting.", "permitted_values": [ "cet1_common_equity_tier1", "tier1_capital_ratio", "total_capital_ratio", "leverage_ratio_tier1", "lcr_liquidity_coverage", "nsfr_net_stable_funding", "capital_conservation_buffer", "countercyclical_capital_buffer", "gsib_surcharge", "stress_capital_buffer", "output_floor_rwa" ], "value_labels": { "cet1_common_equity_tier1": "CET1 (Common Equity Tier 1)", "tier1_capital_ratio": "Tier 1 Capital Ratio", "total_capital_ratio": "Total Capital Ratio", "leverage_ratio_tier1": "Leverage Ratio Tier 1", "lcr_liquidity_coverage": "LCR (Liquidity Coverage Ratio)", "nsfr_net_stable_funding": "NSFR (Net Stable Funding Ratio)", "capital_conservation_buffer": "Capital Conservation Buffer", "countercyclical_capital_buffer": "Countercyclical Capital Buffer", "gsib_surcharge": "G-SIB Surcharge", "stress_capital_buffer": "Stress Capital Buffer", "output_floor_rwa": "Output Floor (RWA)" }, "regulatory_mappings": { "cet1": "BCBS Basel III — Minimum CET1 ratio 4.5% + conservation buffer 2.5% = 7.0% effective minimum", "lcr": "BCBS LCR minimum 100%", "nsfr": "BCBS NSFR minimum 100%", "gsib_surcharge": "BCBS GSIB framework — additional loss absorbency surcharge 1.0%-3.5%", "output_floor": "Basel III Endgame — 72.5% floor on IRB RWA vs Standardised Approach, phased in through 2028" }, "source": "BCBS Basel III framework; Basel III Endgame (BCBS 2017 finalisation); Federal Reserve US implementation", "source_url": "https://www.bis.org/bcbs/publ/d424_hlsummary.pdf" }, { "enum_name": "RWAApproachType", "label": "RWA Approach Type", "otel_attribute": "banking.capital.rwa_approach", "opa_policy_path": "data.banking.capital.rwa_approach", "rego_input_key": "banking_capital_rwa_approach", "stability": "stable", "description": "The risk-weighted assets calculation approach being used. Basel III Endgame replaces Advanced Approaches with the Expanded Risk-Based Approach for large US banks.", "permitted_values": [ "standardised_approach_credit", "foundation_irb_credit", "advanced_irb_credit", "expanded_risk_based_approach", "standardised_approach_market_risk", "internal_models_approach_frtb", "standardised_approach_cva", "basic_approach_cva", "standardised_measurement_approach_operational" ], "value_labels": { "standardised_approach_credit": "Standardised Approach - Credit", "foundation_irb_credit": "Foundation IRB - Credit", "advanced_irb_credit": "Advanced IRB - Credit", "expanded_risk_based_approach": "Expanded Risk-Based Approach", "standardised_approach_market_risk": "Standardised Approach - Market Risk", "internal_models_approach_frtb": "Internal Models Approach (FRTB)", "standardised_approach_cva": "Standardised Approach - CVA", "basic_approach_cva": "Basic Approach - CVA", "standardised_measurement_approach_operational": "Standardised Measurement Approach - Operational Risk" }, "regulatory_mappings": { "bcbs_d424": "BCBS Basel III finalisation — revised Standardised and IRB approaches", "us_basel3_endgame": "US Basel III Endgame NPR — Expanded Risk-Based Approach replaces Advanced Approaches", "frtb": "BCBS Fundamental Review of the Trading Book — IMA / SA for market risk" }, "source": "BCBS Basel III High-Level Summary; PwC Basel III Endgame Analysis", "source_url": "https://www.bis.org/bcbs/publ/d424_hlsummary.pdf" }, { "enum_name": "TradeSurveillanceAlertType", "label": "Trade Surveillance Alert Type", "otel_attribute": "banking.trade_surveillance.alert_type", "opa_policy_path": "data.banking.trade_surveillance.alert_type", "rego_input_key": "banking_trade_surveillance_alert_type", "stability": "stable", "description": "Market abuse typologies detected by AI trade surveillance agents. All confirmed alerts require mandatory reporting to regulators under MAR (EU) and SEC/FINRA rules.", "permitted_values": [ "front_running", "insider_trading_suspected", "layering_spoofing", "wash_trading", "marking_the_close", "ramping_advancing", "painting_the_tape", "pump_and_dump", "bear_raid", "momentum_ignition", "cross_asset_manipulation", "benchmark_manipulation_libor", "excessive_position_limit", "short_sale_violation", "best_execution_breach" ], "value_labels": { "front_running": "Front Running", "insider_trading_suspected": "Insider Trading Suspected", "layering_spoofing": "Layering Spoofing", "wash_trading": "Wash Trading", "marking_the_close": "Marking the Close", "ramping_advancing": "Ramping Advancing", "painting_the_tape": "Painting the Tape", "pump_and_dump": "Pump and Dump", "bear_raid": "Bear Raid", "momentum_ignition": "Momentum Ignition", "cross_asset_manipulation": "Cross Asset Manipulation", "benchmark_manipulation_libor": "Benchmark Manipulation Libor", "excessive_position_limit": "Excessive Position Limit", "short_sale_violation": "Short Sale Violation", "best_execution_breach": "Best Execution Breach" }, "regulatory_mappings": { "eu_mar": "EU Market Abuse Regulation 596/2014 — Mandatory reporting of suspected market abuse", "sec_rule_10b5": "SEC Rule 10b-5 — Anti-fraud in securities trading", "finra_rule_6140": "FINRA Rule 6140 — Supervision of trading activity", "dodd_frank_title_vii": "Dodd-Frank Title VII — Swap market surveillance" }, "use_case": "OPA rule: block automated trade execution when an active insider_trading_suspected or layering_spoofing alert exists on the same instrument. Require compliance_officer HITL decision.", "source": "ESMA MAR Q&A; FINRA Trade Surveillance guidance; IOSCO market manipulation typologies" }, { "enum_name": "StressTestScenarioType", "label": "Stress Test Scenario Type", "otel_attribute": "banking.stress_test.scenario_type", "opa_policy_path": "data.banking.stress_test.scenario_type", "rego_input_key": "banking_stress_test_scenario_type", "stability": "stable", "description": "The type of stress test scenario being run by an AI agent generating capital projections or risk reports.", "permitted_values": [ "dfast_severely_adverse", "dfast_adverse", "dfast_baseline", "fed_stress_test_scenario", "eba_adverse_scenario", "eba_baseline_scenario", "icaap_internal_scenario", "reverse_stress_test", "climate_transition_risk", "climate_physical_risk", "liquidity_stress_idiosyncratic", "liquidity_stress_market_wide", "cyber_operational_shock" ], "value_labels": { "dfast_severely_adverse": "Dfast Severely Adverse", "dfast_adverse": "Dfast Adverse", "dfast_baseline": "Dfast Baseline", "fed_stress_test_scenario": "Fed Stress Test Scenario", "eba_adverse_scenario": "Eba Adverse Scenario", "eba_baseline_scenario": "Eba Baseline Scenario", "icaap_internal_scenario": "Icaap Internal Scenario", "reverse_stress_test": "Reverse Stress Test", "climate_transition_risk": "Climate Transition Risk", "climate_physical_risk": "Climate Physical Risk", "liquidity_stress_idiosyncratic": "Liquidity Stress Idiosyncratic", "liquidity_stress_market_wide": "Liquidity Stress Market Wide", "cyber_operational_shock": "Cyber Operational Shock" }, "regulatory_mappings": { "dfast": "Dodd-Frank Act Stress Test — 12 USC 5365(i)", "fed_sr_18_8": "Federal Reserve SR 18-8 — Supervisory guidance on stress testing", "eba_guidelines_2018": "EBA Guidelines on institutions' stress testing" }, "source": "Federal Reserve DFAST documentation; EBA stress test methodology" } ] }, { "subdomain": "Customer Lifecycle & Onboarding", "bian_service_domains": [ "Customer Relationship Management", "Party Life Cycle Management", "Customer Profile", "Customer Agreement", "Prospect Campaign Management", "Customer Behavioral Insights", "Party Authentication" ], "categories": [ { "enum_name": "CustomerOnboardingStage", "label": "Customer Onboarding Stage", "otel_attribute": "banking.onboarding.stage", "opa_policy_path": "data.banking.onboarding.stage", "rego_input_key": "banking_onboarding_stage", "stability": "stable", "description": "Defines the allowed values for Customer Onboarding Stage in the Banking & Financial Services catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to BIAN Party Life Cycle Management; FinCEN CIP/CDD requirements.", "permitted_values": [ "prospect_identified", "application_started", "identity_document_capture", "liveness_check", "biometric_verification", "kyc_kyb_screening", "credit_check", "risk_assessment", "product_selection", "terms_acceptance", "account_provisioned", "welcome_completed", "rejected", "abandoned" ], "value_labels": { "prospect_identified": "Prospect Identified", "application_started": "Application Started", "identity_document_capture": "Identity Document Capture", "liveness_check": "Liveness Check", "biometric_verification": "Biometric Verification", "kyc_kyb_screening": "KYC KYB Screening", "credit_check": "Credit Check", "risk_assessment": "Risk Assessment", "product_selection": "Product Selection", "terms_acceptance": "Terms Acceptance", "account_provisioned": "Account Provisioned", "welcome_completed": "Welcome Completed", "rejected": "Rejected", "abandoned": "Abandoned" }, "regulatory_mappings": { "bsa_cip": "BSA Customer Identification Program (CIP) — 31 CFR 1020.220", "cdd_rule": "FinCEN CDD Rule — beneficial ownership and customer risk rating", "psd2_sca": "PSD2 Strong Customer Authentication for EU digital onboarding" }, "source": "BIAN Party Life Cycle Management; FinCEN CIP/CDD requirements" }, { "enum_name": "CustomerRiskCategory", "label": "Customer Risk Category", "otel_attribute": "banking.customer.risk_category", "opa_policy_path": "data.banking.customer.risk_category", "rego_input_key": "banking_customer_risk_category", "stability": "stable", "description": "Risk-based customer categorisation for AML/CDD purposes. Drives the level of due diligence applied.", "permitted_values": [ "low_risk_simplified_due_diligence", "standard_risk_standard_due_diligence", "high_risk_enhanced_due_diligence", "pep_domestic", "pep_foreign", "pep_international_organisation", "sanctioned_entity", "high_risk_jurisdiction", "cash_intensive_business", "virtual_asset_service_provider", "correspondent_bank", "derisked_declined" ], "value_labels": { "low_risk_simplified_due_diligence": "Low Risk Simplified Due Diligence", "standard_risk_standard_due_diligence": "Standard Risk Standard Due Diligence", "high_risk_enhanced_due_diligence": "High Risk Enhanced Due Diligence", "pep_domestic": "Pep Domestic", "pep_foreign": "Pep Foreign", "pep_international_organisation": "Pep International Organisation", "sanctioned_entity": "Sanctioned Entity", "high_risk_jurisdiction": "High Risk Jurisdiction", "cash_intensive_business": "Cash Intensive Business", "virtual_asset_service_provider": "Virtual Asset Service Provider", "correspondent_bank": "Correspondent Bank", "derisked_declined": "Derisked Declined" }, "regulatory_mappings": { "fatf_recommendation_1": "FATF Rec 1 — Risk-based approach to AML/CFT", "eu_amld5": "5AMLD — Enhanced due diligence for high-risk third countries", "bsa_cdd_rule": "FinCEN CDD Rule — customer risk rating requirement" }, "source": "FATF Risk-Based Approach Guidance; FinCEN CDD Rule; BIAN Customer Profile" }, { "enum_name": "ConsentType", "label": "Consent Type", "otel_attribute": "banking.customer.consent_type", "opa_policy_path": "data.banking.customer.consent_type", "rego_input_key": "banking_customer_consent_type", "stability": "stable", "description": "Types of customer consent relevant to banking AI agents processing customer data.", "permitted_values": [ "account_opening_terms", "credit_bureau_pull_hard", "credit_bureau_pull_soft", "electronic_communications", "marketing_opt_in", "marketing_opt_out", "data_sharing_open_banking", "data_sharing_third_party", "ai_decision_making_opt_in", "ai_decision_making_opt_out", "biometric_data_collection", "gdpr_processing_consent", "ccpa_do_not_sell" ], "value_labels": { "account_opening_terms": "Account Opening Terms", "credit_bureau_pull_hard": "Credit Bureau Pull Hard", "credit_bureau_pull_soft": "Credit Bureau Pull Soft", "electronic_communications": "Electronic Communications", "marketing_opt_in": "Marketing Opt in", "marketing_opt_out": "Marketing Opt Out", "data_sharing_open_banking": "Data Sharing Open Banking", "data_sharing_third_party": "Data Sharing Third Party", "ai_decision_making_opt_in": "AI Decision Making Opt in", "ai_decision_making_opt_out": "AI Decision Making Opt Out", "biometric_data_collection": "Biometric Data Collection", "gdpr_processing_consent": "Gdpr Processing Consent", "ccpa_do_not_sell": "CCPA Do not Sell" }, "regulatory_mappings": { "fcra": "FCRA — Written authorization for hard credit pull", "glba": "GLBA — Opt-out for non-affiliates data sharing", "gdpr_art7": "GDPR Article 7 — Conditions for valid consent", "eu_ai_act_art22": "EU AI Act — Right not to be subject to solely automated decisions", "ccpa": "CCPA Section 1798.120 — Right to opt-out of sale of personal information" }, "source": "FCRA; GLBA Privacy Rule; GDPR Article 7; CCPA; EU AI Act" } ] }, { "subdomain": "Model Risk Management", "bian_service_domains": [ "Model Risk" ], "categories": [ { "enum_name": "ModelRiskValidationStatus", "label": "Model Risk Validation Status", "otel_attribute": "banking.model_risk.validation_status", "opa_policy_path": "data.banking.model_risk.validation_status", "rego_input_key": "banking_model_risk_validation_status", "stability": "stable", "description": "Defines the allowed values for Model Risk Validation Status in the Banking & Financial Services catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to Federal Reserve SR 11-7.", "permitted_values": [ "in_development", "pending_initial_validation", "validation_in_progress", "validated_approved", "conditionally_approved_restrictions_apply", "rejected_requires_remediation", "in_production_monitoring_active", "under_periodic_review", "material_change_pending_revalidation", "retired_decommissioned" ], "value_labels": { "in_development": "In Development", "pending_initial_validation": "Pending Initial Validation", "validation_in_progress": "Validation in Progress", "validated_approved": "Validated Approved", "conditionally_approved_restrictions_apply": "Conditionally Approved Restrictions Apply", "rejected_requires_remediation": "Rejected Requires Remediation", "in_production_monitoring_active": "In Production Monitoring Active", "under_periodic_review": "Under Periodic Review", "material_change_pending_revalidation": "Material Change Pending Revalidation", "retired_decommissioned": "Retired Decommissioned" }, "regulatory_mappings": { "fed_sr_11_7": "Federal Reserve SR 11-7 — Model validation lifecycle requirements", "occ_2011_12": "OCC Bulletin 2011-12 — Sound practices for model risk management", "eu_ecb_trim": "ECB TRIM Guide — Targeted Review of Internal Models" }, "use_case": "OPA rule: deny any agentic execution that depends on a model whose validation_status is not in {validated_approved, conditionally_approved_restrictions_apply, in_production_monitoring_active}.", "source": "Federal Reserve SR 11-7", "source_url": "https://www.federalreserve.gov/supervisionreg/srletters/sr1107.htm" }, { "enum_name": "ModelChangeType", "label": "Model Change Type", "otel_attribute": "banking.model_risk.change_type", "opa_policy_path": "data.banking.model_risk.change_type", "rego_input_key": "banking_model_risk_change_type", "stability": "proposed", "description": "Classification of changes to a model in production. Material changes trigger mandatory re-validation under SR 11-7. Agentic AI models should tag all change events with this enum.", "permitted_values": [ "no_change_ongoing_monitoring", "minor_parameter_tuning", "data_refresh_retrain", "feature_engineering_change", "model_architecture_change", "training_data_expansion", "training_data_cutoff_change", "prompt_update_llm", "rag_index_refresh", "tool_addition", "tool_removal", "threshold_recalibration", "material_change_requires_full_revalidation", "emergency_patch" ], "value_labels": { "no_change_ongoing_monitoring": "No Change Ongoing Monitoring", "minor_parameter_tuning": "Minor Parameter Tuning", "data_refresh_retrain": "Data Refresh Retrain", "feature_engineering_change": "Feature Engineering Change", "model_architecture_change": "Model Architecture Change", "training_data_expansion": "Training Data Expansion", "training_data_cutoff_change": "Training Data Cutoff Change", "prompt_update_llm": "Prompt Update (LLM)", "rag_index_refresh": "RAG Index Refresh", "tool_addition": "Tool Addition", "tool_removal": "Tool Removal", "threshold_recalibration": "Threshold Recalibration", "material_change_requires_full_revalidation": "Material Change Requires Full Revalidation", "emergency_patch": "Emergency Patch" }, "regulatory_mappings": { "fed_sr_11_7": "SR 11-7 Section IV — Materiality assessment for model changes", "eu_ai_act_art15": "EU AI Act Article 15 — Accuracy, robustness, and cybersecurity of AI systems" }, "source": "Federal Reserve SR 11-7; EU AI Act Article 15" }, { "enum_name": "ModelInventoryStatus", "label": "Model Inventory Status", "otel_attribute": "banking.model_risk.inventory_status", "opa_policy_path": "data.banking.model_risk.inventory_status", "rego_input_key": "banking_model_risk_inventory_status", "stability": "proposed", "description": "Governance status of a model within the institution's model inventory. SR 11-7 requires all models to be in inventory.", "permitted_values": [ "registered_pre_development", "registered_in_development", "registered_in_production", "registered_in_production_high_risk", "registered_under_review", "registered_retired", "shadow_model_not_yet_registered", "vendor_model_pending_registration" ], "value_labels": { "registered_pre_development": "Registered Pre Development", "registered_in_development": "Registered in Development", "registered_in_production": "Registered in Production", "registered_in_production_high_risk": "Registered in Production High Risk", "registered_under_review": "Registered Under Review", "registered_retired": "Registered Retired", "shadow_model_not_yet_registered": "Shadow Model not Yet Registered", "vendor_model_pending_registration": "Vendor Model Pending Registration" }, "use_case": "OPA rule: deny agentic system deployment where any dependent model has status shadow_model_not_yet_registered or vendor_model_pending_registration.", "source": "Federal Reserve SR 11-7 model inventory requirements; OCC Bulletin 2011-12" } ] }, { "subdomain": "Regulatory Reporting & Compliance", "bian_service_domains": [ "Regulatory Compliance", "Regulatory Reporting", "Financial Accounting", "Central Bank Operations" ], "categories": [ { "enum_name": "RegulatoryReportType", "label": "Regulatory Report Type", "otel_attribute": "banking.regulatory_report.type", "opa_policy_path": "data.banking.regulatory_report.type", "rego_input_key": "banking_regulatory_report_type", "stability": "stable", "description": "Standard regulatory reports that agentic AI systems may autonomously generate, assemble, or validate. Each report type carries distinct submission deadlines and supervisory authority.", "permitted_values": [ "call_report_ffiec031_032_041", "fr_y9c_bhc_consolidated", "dfast_company_run", "dfast_supervisory", "sar_fincen", "ctr_fincen_cash_transaction", "hmda_lar", "cra_performance_evaluation_data", "fr_2052a_liquidity_monitoring", "fr_y14a_capital_plan", "cecl_allowance_calculation", "dora_major_ict_incident", "basel_pillar3_disclosure", "emir_trade_repository", "mifid2_transaction_report", "ccar_submission", "tlac_total_loss_absorbing", "aifmd_annex_iv" ], "value_labels": { "call_report_ffiec031_032_041": "Call Report Ffiec031 032 041", "fr_y9c_bhc_consolidated": "Fr Y9c Bhc Consolidated", "dfast_company_run": "Dfast Company Run", "dfast_supervisory": "Dfast Supervisory", "sar_fincen": "SAR Fincen", "ctr_fincen_cash_transaction": "Ctr Fincen Cash Transaction", "hmda_lar": "HMDA Lar", "cra_performance_evaluation_data": "Cra Performance Evaluation Data", "fr_2052a_liquidity_monitoring": "Fr 2052a Liquidity Monitoring", "fr_y14a_capital_plan": "Fr Y14a Capital Plan", "cecl_allowance_calculation": "Cecl Allowance Calculation", "dora_major_ict_incident": "DORA Major Ict Incident", "basel_pillar3_disclosure": "Basel Pillar3 Disclosure", "emir_trade_repository": "Emir Trade Repository", "mifid2_transaction_report": "Mifid2 Transaction Report", "ccar_submission": "Ccar Submission", "tlac_total_loss_absorbing": "Tlac Total Loss Absorbing", "aifmd_annex_iv": "Aifmd Annex Iv" }, "regulatory_mappings": { "call_report": "FFIEC 031/032/041 — Quarterly bank financial condition report", "dfast": "Dodd-Frank Stress Test — Annual submission", "sar": "BSA 31 USC 5318(g) — Suspicious Activity Report to FinCEN", "hmda_lar": "HMDA 12 CFR 1003 — Annual Loan Application Register to CFPB", "dora": "DORA Article 19-20 — Major ICT incident report to competent authority", "fr_y14a": "Federal Reserve FR Y-14A — Capital plan and stress test" }, "use_case": "OPA rule: require HITL sign-off with compliance_officer and legal roles before any autonomous agent submits or attests to sar_fincen, dfast_company_run, or dora_major_ict_incident reports.", "source": "FFIEC; Federal Reserve; FinCEN; CFPB reporting requirements; EU DORA" }, { "enum_name": "RegulatoryReportingStatus", "label": "Regulatory Reporting Status", "otel_attribute": "banking.regulatory_report.status", "opa_policy_path": "data.banking.regulatory_report.status", "rego_input_key": "banking_regulatory_report_status", "stability": "stable", "description": "Defines the allowed values for Regulatory Reporting Status in the Banking & Financial Services catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to Federal Reserve EDGAR and FDIC reporting workflows; DORA incident reporting workflow.", "permitted_values": [ "data_collection_in_progress", "data_validation_in_progress", "quality_assurance_review", "pending_sign_off", "signed_off_ready_to_submit", "submitted_awaiting_acknowledgement", "accepted_by_regulator", "rejected_requires_amendment", "amended_and_resubmitted", "late_submission_explanation_required", "archived" ], "value_labels": { "data_collection_in_progress": "Data Collection in Progress", "data_validation_in_progress": "Data Validation in Progress", "quality_assurance_review": "Quality Assurance Review", "pending_sign_off": "Pending Sign Off", "signed_off_ready_to_submit": "Signed Off Ready to Submit", "submitted_awaiting_acknowledgement": "Submitted Awaiting Acknowledgement", "accepted_by_regulator": "Accepted by Regulator", "rejected_requires_amendment": "Rejected Requires Amendment", "amended_and_resubmitted": "Amended and Resubmitted", "late_submission_explanation_required": "Late Submission Explanation Required", "archived": "Archived" }, "source": "Federal Reserve EDGAR and FDIC reporting workflows; DORA incident reporting workflow" }, { "enum_name": "DORAICTIncidentClassification", "label": "DORA ICT Incident Classification", "otel_attribute": "banking.dora.incident_classification", "opa_policy_path": "data.banking.dora.incident_classification", "rego_input_key": "banking_dora_incident_classification", "stability": "stable", "description": "DORA reporting classification for an ICT-related incident or significant cyber threat. These values align to the staged notification flow in Articles 19, 20, and 26 and determine whether the event is regulator-reportable.", "permitted_values": [ "major_ict_incident_initial_notification", "major_ict_incident_intermediate_report", "major_ict_incident_final_report", "significant_cyber_threat_notification", "operational_risk_event_internal_only", "third_party_ict_service_provider_incident", "not_reportable_below_threshold" ], "value_labels": { "major_ict_incident_initial_notification": "Major ICT Incident Initial Notification", "major_ict_incident_intermediate_report": "Major ICT Incident Intermediate Report", "major_ict_incident_final_report": "Major ICT Incident Final Report", "significant_cyber_threat_notification": "Significant Cyber Threat Notification", "operational_risk_event_internal_only": "Operational Risk Event Internal Only", "third_party_ict_service_provider_incident": "Third-Party ICT Service Provider Incident", "not_reportable_below_threshold": "Not Reportable Below Threshold" }, "regulatory_mappings": { "eu_dora_art19": "DORA Article 19 — Classification of ICT-related incidents", "eu_dora_art20": "DORA Article 20 — Reporting of major ICT-related incidents — initial (4h), intermediate (72h), final (1 month)", "eu_dora_art26": "DORA Article 26 — Voluntary notification of significant cyber threats" }, "source": "EU Digital Operational Resilience Act (DORA) 2022/2554", "source_url": "https://www.eba.europa.eu/regulation-and-policy/operational-resilience/digital-operational-resilience-act-dora", "notes": "DORA Article 20 reporting timelines are strict: initial notification within 4 hours of classification as major, intermediate within 72 hours, final within 1 month. Agentic classification errors have direct regulatory consequence." }, { "enum_name": "FinancialFactType", "label": "Financial Fact Type", "otel_attribute": "banking.financial_fact.type", "opa_policy_path": "data.banking.financial_fact.type", "rego_input_key": "banking_financial_fact_type", "stability": "stable", "description": "Defines the allowed values for Financial Fact Type in the Banking & Financial Services catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to BIAN Financial Accounting Service Domain.", "permitted_values": [ "account_opening", "account_closure", "collateral_pledge", "collateral_revaluation", "collateral_release", "position_open", "position_change", "position_close", "payment_settlement", "interval_booking", "accrual_posting", "charge_off", "provision_posting", "cecl_reserve_adjustment", "dividend_declaration", "capital_distribution" ], "value_labels": { "account_opening": "Account Opening", "account_closure": "Account Closure", "collateral_pledge": "Collateral Pledge", "collateral_revaluation": "Collateral Revaluation", "collateral_release": "Collateral Release", "position_open": "Position Open", "position_change": "Position Change", "position_close": "Position Close", "payment_settlement": "Payment Settlement", "interval_booking": "Interval Booking", "accrual_posting": "Accrual Posting", "charge_off": "Charge Off", "provision_posting": "Provision Posting", "cecl_reserve_adjustment": "Cecl Reserve Adjustment", "dividend_declaration": "Dividend Declaration", "capital_distribution": "Capital Distribution" }, "source": "BIAN Financial Accounting Service Domain" } ] }, { "subdomain": "Digital Assets & Crypto", "bian_service_domains": [ "Digital Asset Management", "Cryptocurrency Exchange", "Digital Wallet" ], "categories": [ { "enum_name": "DigitalAssetType", "label": "Digital Asset Type", "otel_attribute": "banking.digital_asset.type", "opa_policy_path": "data.banking.digital_asset.type", "rego_input_key": "banking_digital_asset_type", "stability": "proposed", "description": "Defines the allowed values for Digital Asset Type in the Banking & Financial Services catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to EU MiCA; FATF VASP Guidance; OCC crypto letters; FSB crypto framework.", "permitted_values": [ "bitcoin_btc", "ether_eth", "stablecoin_fiat_backed", "stablecoin_algorithmic", "cbdc_retail", "cbdc_wholesale", "tokenised_security", "tokenised_real_world_asset", "nft_non_fungible", "defi_protocol_token", "utility_token", "payment_token", "privacy_coin" ], "value_labels": { "bitcoin_btc": "Bitcoin Btc", "ether_eth": "Ether Eth", "stablecoin_fiat_backed": "Stablecoin Fiat Backed", "stablecoin_algorithmic": "Stablecoin Algorithmic", "cbdc_retail": "Cbdc Retail", "cbdc_wholesale": "Cbdc Wholesale", "tokenised_security": "Tokenised Security", "tokenised_real_world_asset": "Tokenised Real World Asset", "nft_non_fungible": "Nft Non Fungible", "defi_protocol_token": "Defi Protocol Token", "utility_token": "Utility Token", "payment_token": "Payment Token", "privacy_coin": "Privacy Coin" }, "regulatory_mappings": { "eu_mica": "EU Markets in Crypto-Assets Regulation (MiCA) 2023/1114 — in force June 2024 (stablecoins), Dec 2024 (full)", "fsoc_2023": "FSOC Digital Asset Report — classification of crypto assets", "fatf_vasp": "FATF Guidance for Virtual Asset Service Providers", "occ_interpretation_letter": "OCC Interpretive Letters 1170/1172/1174 — national bank crypto custody authority" }, "source": "EU MiCA; FATF VASP Guidance; OCC crypto letters; FSB crypto framework" }, { "enum_name": "VASPComplianceStatus", "label": "VASP Compliance Status", "otel_attribute": "banking.vasp.compliance_status", "opa_policy_path": "data.banking.vasp.compliance_status", "rego_input_key": "banking_vasp_compliance_status", "stability": "proposed", "description": "Compliance status of a Virtual Asset Service Provider counterparty. Banks must assess VASP compliance before providing banking services.", "permitted_values": [ "mica_licensed_eu", "mica_pending_registration", "state_licensed_us_msa", "bitlicense_ny", "unregistered_high_risk", "fatf_grey_list_jurisdiction", "derisked_no_service", "under_regulatory_review" ], "value_labels": { "mica_licensed_eu": "Mica Licensed EU", "mica_pending_registration": "Mica Pending Registration", "state_licensed_us_msa": "State Licensed Us Msa", "bitlicense_ny": "Bitlicense Ny", "unregistered_high_risk": "Unregistered High Risk", "fatf_grey_list_jurisdiction": "Fatf Grey List Jurisdiction", "derisked_no_service": "Derisked No Service", "under_regulatory_review": "Under Regulatory Review" }, "regulatory_mappings": { "eu_mica": "EU MiCA Articles 59-76 — CASP authorisation requirements", "fatf_vasp_recommendation_15": "FATF Recommendation 15 — New Technologies", "ny_bitlicense": "NYDFS BitLicense Regulations (23 NYCRR 200)" }, "source": "EU MiCA; FATF VASP Guidance; NYDFS BitLicense" } ] } ], "opa_rego_policy_patterns": { "description": "Banking-specific OPA Rego policy patterns. These reference enum values from this file and from 00_core_sdk_and_governance.json. Patterns are illustrative, not production policies.", "patterns": [ { "pattern_id": "banking.block_payment_on_sanctions_hit", "pattern_name": "block_payment_on_sanctions_hit", "enforcement_effect": "deny", "description": "Block any autonomous payment agent from executing a payment rail tool call when the sanctions screening result is a hit or potential hit. Escalate to compliance immediately.", "applicable_enums": [ "SanctionsScreeningOutcome", "PaymentAgentActionType", "PaymentRailType" ], "regulatory_basis": "OFAC 31 CFR Part 501; FATF Recommendation 6; PSD2 Article 64", "rego_sketch": "package banking.payments\n\nblocking_sanctions_outcomes := {\"potential_hit\", \"confirmed_hit\", \"escalated_to_compliance\"}\n\ndeny[msg] {\n input.banking_payment_agent_action in {\n \"initiate_credit_transfer\",\n \"initiate_direct_debit\",\n \"apply_fx_conversion\"\n }\n input.banking_sanctions_screening_outcome in blocking_sanctions_outcomes\n msg := sprintf(\"Payment blocked: sanctions screening outcome '%v' requires compliance officer review before execution\", [input.banking_sanctions_screening_outcome])\n}" }, { "pattern_id": "banking.require_hitl_for_sar_filing_decision", "pattern_name": "require_hitl_for_sar_filing_decision", "enforcement_effect": "require_hitl_approval", "description": "Ensure that SAR filing or SAR declination decisions are never made autonomously by an AI agent without a compliance officer review and sign-off.", "applicable_enums": [ "AMLAlertStatus", "HumanOversightDecision" ], "regulatory_basis": "BSA 31 USC 5318(g); FinCEN SAR Instructions; 6AMLD Article 33", "rego_sketch": "package banking.aml\n\nreserved_aml_decisions := {\"sar_filed\", \"sar_declined_documented\", \"blocked_and_frozen\"}\n\ndeny[msg] {\n input.banking_aml_alert_status in reserved_aml_decisions\n input.gen_ai_agent_autonomy_level in {\"supervised_autonomous\", \"fully_autonomous\"}\n input.gen_ai_hitl_decision != \"approved\"\n msg := \"SAR filing and SAR declination decisions require documented compliance officer approval per BSA 31 USC 5318(g)\"\n}" }, { "pattern_id": "banking.block_agentic_model_in_production_without_sr117_validation", "pattern_name": "block_agentic_model_in_production_without_sr117_validation", "enforcement_effect": "deny", "description": "Prevent deployment of any agentic AI model that makes credit, fraud, or AML decisions unless it has passed SR 11-7 validation and is registered in the model inventory.", "applicable_enums": [ "ModelRiskValidationStatus", "ModelInventoryStatus", "CreditDecisionType" ], "regulatory_basis": "Federal Reserve SR 11-7; OCC Bulletin 2011-12", "rego_sketch": "package banking.model_risk\n\napproved_validation_statuses := {\n \"validated_approved\",\n \"conditionally_approved_restrictions_apply\",\n \"in_production_monitoring_active\"\n}\n\napproved_inventory_statuses := {\n \"registered_in_production\",\n \"registered_in_production_high_risk\"\n}\n\ndeny[msg] {\n not input.banking_model_risk_validation_status in approved_validation_statuses\n msg := sprintf(\"SR 11-7 violation: model validation status '%v' does not permit production use for regulated decisions\", [input.banking_model_risk_validation_status])\n}\n\ndeny[msg] {\n not input.banking_model_risk_inventory_status in approved_inventory_statuses\n msg := \"SR 11-7 violation: model not in approved production inventory status\"\n}" }, { "pattern_id": "banking.require_adverse_action_reason_codes_for_credit_denial", "pattern_name": "require_adverse_action_reason_codes_for_credit_denial", "enforcement_effect": "deny", "description": "Ensure that any automated credit denial produces documented adverse action reason codes as required by ECOA Reg B and CFPB Circular 2022-3.", "applicable_enums": [ "CreditDecisionType", "AdverseActionReasonCode" ], "regulatory_basis": "ECOA Reg B 12 CFR 1002.9; FCRA Section 615(a); CFPB Circular 2022-3", "rego_sketch": "package banking.credit\n\nadverse_decision_types := {\n \"origination_denial\",\n \"credit_limit_decrease\",\n \"account_suspension\",\n \"account_closure\",\n \"rate_change_adverse\"\n}\n\ndeny[msg] {\n input.banking_credit_decision_type in adverse_decision_types\n count(input.banking_credit_adverse_action_reasons) < 1\n msg := \"ECOA Reg B violation: adverse credit decisions require at least one documented adverse action reason code per 12 CFR 1002.9\"\n}\n\ndeny[msg] {\n input.banking_credit_decision_type in adverse_decision_types\n count(input.banking_credit_adverse_action_reasons) > 4\n msg := \"Adverse action notice must not list more than four reason codes — review CFPB model notice\"\n}" }, { "pattern_id": "banking.dora_ict_incident_escalation_timeline_gate", "pattern_name": "dora_ict_incident_escalation_timeline_gate", "enforcement_effect": "deny", "description": "Enforce DORA Article 20 reporting timelines. Block automated incident closure of a DORA major ICT incident until all required notifications have been filed.", "applicable_enums": [ "DORAICTIncidentClassification", "RegulatoryReportingStatus" ], "regulatory_basis": "DORA Article 19-20 — Major ICT incident classification and reporting timelines", "rego_sketch": "package banking.dora\n\nmajor_incident_types := {\n \"major_ict_incident_initial_notification\",\n \"major_ict_incident_intermediate_report\",\n \"major_ict_incident_final_report\"\n}\n\ndeny[msg] {\n input.banking_dora_incident_classification in major_incident_types\n input.gen_ai_agent_autonomy_level in {\"supervised_autonomous\", \"fully_autonomous\"}\n input.banking_regulatory_report_status != \"accepted_by_regulator\"\n msg := \"DORA Article 20: Major ICT incident cannot be autonomously closed until all required regulatory notifications are accepted\"\n}" } ] }, "agent_registry_fields": { "description": "Recommended fields for registering a banking-domain agentic AI system in the GRC portal. These supplement the core agent identity schema from 00_core_sdk_and_governance.json with banking-specific attributes.", "fields": [ { "field": "sr117_model_id", "type": "string", "description": "The institution's internal SR 11-7 model inventory identifier. Required for all AI models making regulated decisions.", "required_when": "Any agent making credit, fraud, AML, or liquidity decisions" }, { "field": "sr117_validation_status", "type": "enum", "enum_ref": "ModelRiskValidationStatus", "description": "Current SR 11-7 validation status from the model risk management system." }, { "field": "eu_ai_act_risk_level", "type": "enum", "enum_ref": "EUAIActRiskLevel", "description": "EU AI Act risk classification. AI in creditworthiness assessment (Annex III 5b) and employment (Annex III 4a) are high-risk by default." }, { "field": "dora_ict_asset_registered", "type": "boolean", "description": "Indicates whether this AI system is registered as an ICT asset in the institution's DORA ICT asset inventory per Article 8.", "required_when": "All EU-regulated financial entities" }, { "field": "third_party_model_provider", "type": "string", "description": "Name of the foundation model or AI infrastructure vendor. Required for DORA third-party ICT service provider risk assessment per Article 28." }, { "field": "third_party_dora_risk_tier", "type": "enum", "enum_ref": "ThirdPartyAIRiskTier", "description": "DORA critical third-party ICT service provider tier assessment." }, { "field": "cfpb_adverse_action_capable", "type": "boolean", "description": "True if this agent makes or influences credit decisions that trigger ECOA adverse action notice requirements." }, { "field": "ofac_screening_required", "type": "boolean", "description": "True if any payment or customer action taken by this agent requires OFAC sanctions screening before execution." } ] } }