Whether you’re a seasoned compliance professional or just starting out, it can be tough to keep up with the latest industry terminology, or sometimes even know the standard ones.
That’s why we have compiled a list of 41 key AML, risk and compliance terms that you should know in 2023.
1. Anti-money laundering (AML)
AML refers to the actions taken by financial and regulated companies to follow the law by keeping an eye out for and reporting any suspicious activities that might suggest someone is trying to hide money obtained through illegal activities or financing terrorism.
An examination of compliance processes and policies, usually by someone independent to the organisation, to evaluate its efficacy and adherence to regulatory requirements. Internal audits may also be carried out separately to official audits as a way of monitoring and evaluating internal controls.
3. Beneficial ownership (BO)
This term describes the individuals or entities that own or control an asset or company. Typically, a beneficial owner is anybody who has shares in and benefits financially from a company’s operations.
Blockchain is a digital ledger that records transactions on a decentralised and secure network. It enables secure and transparent transfer of digital assets without the need for a central authority or intermediary.
5. Client Due Diligence (CDD)
Client Due Diligence (CDD) is when financial and regulated companies gather and review important information about a customer or someone who might become a customer. They do this to make sure they have all the necessary facts to make informed decisions about the customer’s financial situation.
The practice of conforming to regulatory and legal requirements. AML compliance specifically focuses on anti-money laundering procedures with the aim of preventing money laundering and other forms of financial crime.
7. Compliance risk
An organisation’s adverse legal, financial and criminal exposure for not adhering to industry and compliance laws and regulations. Common compliance risks include fraud, theft, bribery, money laundering, terrorism financing and embezzlement.
8. Corporate governance
Corporate governance refers to how a business is run and for what purpose. Usually detailed in articles of association documents, it covers the rules and regulations governing the business, its purpose, how it will operate, its structure, and ownership details.
9. Counter Terrorist Financing (CTF)
Counter Terrorist Financing protocols are a critical stage in seeking to stop the flow of illegal cash to terrorist organisations.
10. Cyber security
An encompassing term used to describe the protection of computer networks and systems from attack by malicious parties that may result in data breaches, theft of sensitive information or financial losses.
11. Enhanced Due Diligence (EDD)
Similar to CDD, EDD describes the additional checks and verification steps undertaken in cases where high-risk clients have been identified such as a PEP or those with links to high-risk countries.
Similar to KYC, eKYC describes the electronic, online screening of customers and potential customers as part of KYC onboarding processes. Customers are typically checked for identity verification, proof of address, and screened against PEP and sanction watchlists, for adverse media, CCJs or credit reference agencies where applicable.
13. Electronic Funds Transfer (EFT)
EFT is a type of electronic payment that allows funds to be transferred from one bank to another. A catch-all term, EFT can be used to describe a variety of electronic payments such as credit or debit card payments and wire transfers.
14. Environmental, social and corporate governance (ESG)
Environmental, social, and corporate governance (ESG) is a framework designed to be used for measuring the sustainability and ethical impact of a company’s operations.
15. Financial Action Task Force (FATF)
The Financial Action Task Force (FATF) is an international organisation that works to stop money laundering and terrorist financing by setting global standards and promoting the implementation of these standards. It issues lists of any jurisdictions with weaknesses in their AML/CFT measures, known as the black and grey lists.
16. Financial Conduct Authority (FCA)
The FCA oversees the behaviour of 50,000 regulated companies in the UK. They make sure financial markets are honest, fair, and competitive.
17. General Data Protection Regulation (GDPR)
The GDPR is a European Union (EU) law that governs the way in which we can use, process, and store personal data (information about an identifiable, living person). It came into effect on 25th May 2018.
18. Governance, risk and compliance (GRC)
Governance, risk and compliance (GRC) refers to a framework that helps organisations manage and align their operations with laws, regulations, and industry standards. It involves implementing policies and procedures to ensure proper oversight, risk management, and adherence to legal and ethical standards.
19. Identity and verification (ID&V)
ID&V describes the process used by firms to confirm that an individual is legitimate and accurate. Checks may be as basic as confirming DOB and address details but robust ID&V systems employ the use of biometric information such as facial recognition and liveness detection.
20. Know Your Business (KYB)
Know Your Business (KYB) is a way for banks, financial institutions, and companies to learn about the businesses they want to work with. It helps them understand the background and practices of these businesses before they start doing business together. KYB checks require detailed information affiliated with the business in question from sources such as government registries, publicly available sources, databases or information provided by the business.
21. Know Your Customer (KYC)
Know Your Customer, also called KYC, is a rule that companies must follow to make sure they know who their customers are before they do business with them. This typically includes verifying individuals are who they say they are, and screening them against PEP registers, for adverse media, CCJs, or credit reference agency data, where applicable.
22. Know Your Employee (KYE)
Know Your Employee (KYE) is a process used by employers to verify the identity and background of their employees. It involves collecting and verifying information such as personal identification, legal right to work, certifications, and criminal history to ensure a safe and secure workplace.
23. Know Your Supplier (KYS)
Know Your Supplier (KYS) is a process used by companies to verify the identity and reliability of their suppliers. It involves collecting and verifying information such as business licences, financial statements, and references to ensure that suppliers meet the company’s standards for quality and ethical practices.
24. Money Laundering Reporting Officer (MLRO)
A Money Laundering Reporting Officer is a critical role in a firm’s AML compliance. Typically, an MLRO oversees a firm’s compliance with anti-money laundering and terrorist financing requirements.
25. Politically Exposed Person (PEP)
A Politically Exposed Person (PEP) is someone who has a higher risk of being involved in bribery and corruption due to their public position or function. They may be government ministers, high court judges, councillors, ambassadors and heads of state, for example.
26. Phishing scams
Phishing is a common type of cyber attack. Criminals use scam emails, text messages or phone calls to trick their victims with the aim of making them visit a website, which may download a virus onto your computer, steal bank details or other personal information.
27. Ponzi scheme
A ponzi scheme is a common method of investment fraud. These schemes lure investors in and use funds from newer investors to pay profits to earlier investors.
28. Persons of Significant Control (PSC)
Persons of Significant Control (PSC) is a legal requirement for UK companies to identify and record individuals or entities that have significant control over the company. This includes individuals who hold more than 25% of the company’s shares or voting rights, or who have the ability to appoint or remove the majority of the board of directors.
29. Regulatory compliance
Regulatory compliance refers to the process by which companies ensure they are following all relevant laws, regulations, and industry standards. This typically involves implementing policies and procedures to monitor and report on compliance, and may include regular audits and assessments to identify and address potential areas of risk.
30. Right to Work
UK Right to Work refers to the legal requirement for employers to verify that their employees are allowed to work in the UK. This involves checking and recording certain documents, such as passports or visa documents, to ensure compliance with immigration laws.
31. Risk assessment
Risk assessment is a process used by organisations to identify potential risks or hazards that may cause harm to the business, its people, property, or the environment. It involves evaluating the likelihood and potential consequences of these risks, and implementing measures to mitigate or manage them.
32. Risk appetite
Risk appetite refers to the level of risk that a business is willing to take on in order to meet its objectives. It involves identifying and defining the organisation’s risk tolerance, and establishing policies and procedures to manage risks within acceptable limits.
Economic sanctions are restrictions imposed by one country or group of countries on another country, in order to influence their behaviour or policies. They can include trade restrictions, financial measures, asset freezes, or other forms of pressure, and are typically used as a tool of foreign policy or international relations.
34. Shell company
A shell company is a business that exists only on paper and has no physical presence or operations. It is often used for illicit purposes such as money laundering or tax evasion, and may be used to obscure the true ownership or control of assets.
35. Social engineering
Social engineering is the use of manipulation or deception to influence people into performing actions or divulging confidential information. It is often used by hackers or other malicious actors to gain access to computer systems or sensitive data.
36. Source of Funds (SoF)
Source of Funds (SoF) refers to the origin and legitimacy of the funds used in a financial transaction. It involves verifying that the funds are not derived from illegal or illicit activities, such as money laundering or terrorist financing.
37. Source of Wealth (SoW)
Source of Wealth (SoW) refers to the origin and legitimacy of a person’s wealth. It involves verifying that the person’s income and assets are derived from legal and legitimate sources, and are not the proceeds of criminal activities such as money laundering or tax evasion.
38. Suspicious Activity Report (SAR)
A Suspicious Activity Report (SAR) is a report that financial institutions are required to file with law enforcement when they suspect that a transaction may be linked to criminal activity. It is used to help identify and prevent money laundering, terrorist financing, and other financial crimes.
39. Ultimate Beneficial Owner (UBO)
Similar to a Beneficial Owner, UBOs is someone who has ultimate control over a company, owning at least 25% or more of the shares – the ultimate beneficiary of a firm’s operations.
40. 5th Anti-Money Laundering Directive (5AMLD)
5AMLD is a set of European Union regulations aimed at preventing money laundering and terrorist financing. It imposes new requirements on financial institutions and expands the scope of existing rules to cover virtual currencies and other non-traditional financial transactions.
41. 6th Anti-Money Laundering Directive (6AMLD)
6AMLD is a set of European Union regulations that strengthens the EU’s anti-money laundering and counter-terrorism financing (AML/CFT) rules. It introduces new criminal offences, enhances the powers of law enforcement agencies, and expands the scope of AML/CFT rules to cover new technologies and virtual assets.