The AML/KYC due diligence world is filled by its own unique ecosystem of terms and acronyms, and for those new to the industry—and even seasoned professionals—may get stumped from time to time about what exactly all the lingo means. It’s not like terms like “pass-through sanctions” and “circular ownership” are everyday terms, and it can be difficult to always remember at the top of your head what acronyms like OFSI, 6AMLD and KYV mean. In this glossary, we cover hundreds of key terms often used by due diligence professionals.
This is negative news coverage of an individual or entity. Searches of adverse media databases is important as this kind of information can give you important information about your target’s level of risk.
Standing for “also known as,” your target might go by several different names. When doing a name search, it’s also important to search for all the different name variations so you don’t miss important information.
Sometimes called a “risk alert” or a “red flag,” this is a warning that there may be a risk associated with your target. For example, he or she may be sanctioned.
Alternative Remittance System | ARS
This is a way to move money that falls outside of the traditional financial institutions and involves moving money from one location to another with little or no documentation. These systems sometimes go by names specific to a group, for example, hawala. As an example, Person A in one location takes money to an alternative remittance provider, then Person B in another location goes to an alternative remittance provider to pick up what Person A dropped off minus any fees.
Anti-Bribery and Corruption | ABAC
These are laws, regulations and policies that work to prevent bribery and corruption. Companies must take steps to comply with the relevant rules and mitigate the risk associated with failure to comply.
Anti-Corruption Due Diligence
This investigative work involves uncovering and reporting on any potential unethical business practises of a company and its leaders. It can involve ascertaining any business or political ties to government, specific government departments, or other businesses.
Anti-Money Laundering | AML
The collection of laws, regulations, policies and other steps taken to prevent money laundering is generally called AML. Companies must take steps to comply with the relevant rules and mitigate the risk associated with failure to comply. A large company may have AML teams running AML checks — this basically means they are checking to make sure an individual or entity isn’t involved in money laundering. Even small companies need to do AML checks. Complytron can help with this.
AML International Database | AMLID
Maintained by the UN Office on Drugs and Crime (UNODC) and the International Money-Laundering Information Network (IMoLIN), this database is defined as a compendium of analyses of anti-money laundering laws and regulations, including two general classes of money laundering control measures (domestic laws and international cooperation) as well as information about national contacts and authorities. Access [https://www.imolin.org/] is reserved for government and law enforcement officials.
Anti-Money Laundering Council (Philippines)
An agency [http://www.amlc.gov.ph/] of the government of the Republic of the Philippines that fights money laundering.
Anti-Money Laundering Directive | AMLD
The European Union Anti-Money Laundering Directive aims to prevent money laundering and terrorist financing while establishing a consistent regulatory environment across the bloc. Each iteration of the directive is denoted by a number and we are currently on the sixth anti-money laundering directive which was preceded by the fifth and the fourth iterations.
This is the fourth anti-money laundering directive of the European Union. It builds on AMLD3 and member states were required to adopt it in 2017. This directive expanded on requirements relating to UBOs, PEPs and CDD, among other things.
This is the fifth anti-money laundering directive of the European Union. It builds on AMLD4 and member states are required to adopt it in 2020. This directive focussed on enhancing transparency between Europe’s various Financial Intelligence Units as a way to help prevent the bloc’s financial systems being used for money laundering and the financing of terrorism. It also brought in measures to deal with virtual currencies.
This is the sixth anti-money laundering directive of the European Union. It builds on AMLD5 and individuals and businesses of member states are required to adopt it by June 2021. Among the changes, it expands criminal liability to individuals for a lack of supervision or control and it increases jail time for offences to up to four years. It also expands on its definition of money laundering to include things like money laundering through real estate, for example.
This could be the next directive that builds on AMLD6, however, there is no official news on it yet.
A series of steps, guidelines and rules that aim to detect and prevent “dirty” money made from illegal activities from being introduced into the legitimate financial system. The policy should ensure that the company remains compliant with the relevant anti-money laundering rules and regulations.
AML Compliance Program
A series of procedures to ensure that a financial institution or other company complies with all the relevant anti-money laundering rules and regulations. The Program may be underpinned by an AML Policy.
These are corporations that try to hide the beneficial owner from law enforcement and the public. They do this by obscuring the name of the true owner by using the name of a lawyer, incorporation agent, nominee shareholder or someone else on business registry filings. Anonymous companies are sometimes referred to as “phantom firms.” Anonymous companies are sometimes used for illicit purposes like money laundering.
Application Program Interface
It enables applications to exchange information easily and securely so that, for example, a third-party software can integrate with and communicate with an in-house product. In due diligence, APIs can help you connect several different tools from different providers into the one interface your analysts are familiar with. See Complytron’s easy-to-use API documentation.
Artificial Intelligence | AI
The intelligence (and learning ability) of machines. In terms of due diligence, in some cases AI may be able to help with more accurate and faster identification of relevant information with less human resources in the research process.
Asia-Pacific Group on Money Laundering | APG
The APG is a FATF-style regional body (FSRB) operating in the Asia Pacific region. Find out more here. [http://www.apgml.org/]
Asset Protection Trust | APT
A vehicle to protect assets from creditors.
An associate is someone who is the family member of a politically exposed person (PEP) or who has a close friendship or business relationship with them. Who exactly would be classified as an associate can be hard to pin down as it can be dependent on various social, economic and cultural factors. Associates are sometimes referred to as “PEPs by association.”
Association of Certified Financial Crime Specialists | ACFCS
A leading provider of training and information for financial crime specialists. They offer the Certified Financial Crime Specialist (CFCS) certification for professionals who qualify. Read more here. https://www.acfcs.org/
When an independent, official body does a thorough investigation of your accounts, processes etc. In terms of due diligence, it’s often referred to as a “compliance audit,” which is an investigation of whether your company complies with the relevant regulatory requirements.
An audit trail is documentary evidence of the chronological, step-by-step actions taken, processes followed and transactions made. This detailed documentation is used to verify and track that certain steps have been completed. Accurate record-keeping is important in case of a compliance audit.
Authorised payment institution
In addition to banks, these institutions are permitted to give payment solutions.
Automated clearing house
An electronic funds-transfer system.
Automated screening tool
This is a software or application that can check your target at onboarding or at regular intervals throughout the relationship lifecycle without the need for manual searches. Potential issues are flagged by the tool, so that analysts only need to investigate flagged issues, not waste time on researching everyone.
Sanctions that are implemented by a country unilaterally. Autonomous sanctions are different to unilateral sanctions, which are implemented by larger groups of countries like the UN or the EU.
Bank Secrecy Act | BSA
This is a US legislation that aims to prevent financial institutions being used for money laundering. To meet the requirements of this Act all financial institutions need to have a robust AML compliance program, which include:
The BSA is sometimes also called the Currency and Foreign Transactions Reporting Act.
Bank Secrecy Act Compliance Program
This is a set of rules and guidelines that certain financial service providers (including banks) must set up in order to ensure they meet the requirements of the Bank Secrecy Act (see above). The program should include things like when and how to file a Suspicious Activity Report and other procedures that are reasonably designed to assure and monitor that the requirements of the Bank Secrecy Act are being implemented.
Basel Committee on Banking Supervision | BCBS
The top tier standard setter for the prudential regulation of banks. It provides a forum for banks to convene and discuss supervisory issues. It’s goal is to increase financial stability. They issue the Core Principles for Effective Banking Supervision, for example. The BCBS is hosted by the Bank for International Settlements, located in Basel, Switzerland.
In our context, batch processing is the processing of name searches in one group without the need for user intervention or time consuming one-by-one searches. With batch processing, a series of names are input with only potential red flags flagged for user action. In other contexts, batch processing can also happen for things like transactions, for example.
Similar to batch processing, in our context batch screening involves the automatic screening of large groups of names, for example, checking all clients on the client list periodically or on a daily basis. This kind of screening requires no user intervention, and runs in the background with only potential red flags flagged for user action. Batch screening is unlike manual screening, which involves the analyst searching names one-by-one and making a risk assessment based on each and every result.
This is the individual or individuals who are the final financial beneficiaries of a company. In some cases this is clear cut. For example, company X is owned by individual Y and individual Y is clearly the beneficial owner. However, in some cases a company is owned by another company, or various trusts or holding companies. In these cases, identifying the beneficial owner involves finding out who is the person (or persons) who in the end benefit from these intermediaries. Keep in mind, in some cases there may be a string of companies/intermediaries between your target company and the beneficial owner(s).
Note: Beneficial owner should not be confused with the “ultimate beneficial owner” or UBO. There can be many beneficial owners of a company (think shareholders, for example), however, an UBO has the most to gain and has ultimate control over the company.
The natural person who gains (something like a payout) from something like a trust, will, or life insurance policy.
Black Market Peso Exchange
A money laundering scheme that aims to, among other things, convert drug money into a Latin American currency. The money often doesn’t cross borders and doesn’t enter traditional financial institutions, making it difficult to control.
The Financial Action Taskforce (FATF) publishes a list of countries that have significant strategic deficiencies in their regimes to counter money laundering, terrorist financing and financing of proliferation. This is referred to colloquially as the blacklist although its official name is High-Risk Jurisdictions subject to a Call for Action. The list is published to highlight the risks involved in doing business with these countries, and FATF recommends doing enhanced due diligence for individuals or entities emanating from these jurisdictions. See the blacklist here: https://www.fatf-gafi.org/publications/high-risk-and-other-monitored-jurisdictions/documents/call-for-action-february-2020.html
A blockade is a physical barrier for certain countries sending out or receiving certain goods like food, supplies, weapons and communications. A blockade is different to an embargo or a sanction in that the latter two are legal barriers where a blockade is a physical barrier
The act of giving someone illegal or unethical gifts (a bribe) to influence their conduct.
Bribery Act 2010
The Bribery Act 2010 is an Act of the Parliament of the United Kingdom that covers the criminal law relating to bribery.
Caribbean Financial Action Task Force | CFATF
An organisation of states and territories of the Caribbean, which have agreed to implement common counter-measures against money laundering and terrorism financing. Read more about the CFATF.
Sometimes called missing trader fraud, carousel transactions involve avoiding paying EU VAT by exploiting the VAT-free movement of goods between EU states.
A company that handles a lot of its purchases in small-money transactions. Examples include cafes, massage parlours, small fast-food restaurants, nail salons etc. Cash-intensive businesses are sometimes used as a front for money laundering money gained from criminal activity.
Certified Anti-Money Laundering Specialist | CAMS
A professional accreditation offered by the Association of Certified Anti-Money Laundering Specialists (ACAMS). CAMS is recognised as the gold standard in AML certifications by institutions, governments and regulators worldwide. Read more here: https://www.acams.org/en/certifications/cams-certification#overview-e1131add
Certified Financial Crime Specialist | CFCS
A professional accreditation offered by the Association of Certified Financial Crime Specialists (ACFCS). The certification allows banking and corporate compliance officers, law enforcement investigators, regulators, auditors and others to skilfully detect and prevent the broad array of risks that is the new reality of financial crime. Read more here: https://www.acfcs.org/certification/
Certified Fraud Examiner | CFE
A professional accreditation offered by the Association of Certified Fraud Examiners, empowering anti-fraud professionals with cutting-edge training, resources and professional certification. Read more here: https://www.acfe.com/cfe-credential/how-to-earn-your-cfe-credential
Certified Cyber Intelligence Investigator | CCII
Offered by the McAfee Institute, this certification helps the professional learn how to identify a person of interest, conduct cyber investigations, and undertake mobile and digital forensics. Read more here: https://www.mcafeeinstitute.com/products/certified-cyber-intelligence-investigator-ccii
CREST Practitioner Threat Intelligence Analyst | CPTIA
The CPTIA examination is an entry-level qualification aimed at individuals who are seeking to establish themselves within the Threat Intelligence industry. There is no requirement for a candidate to have a specified amount of previous experience working in the Threat Intelligence industry. Read more here: https://www.crest-approved.org/examination/crest-practitioner-threat-intelligence-analyst/index.html
This is when two or more entities part own each other. This ownership structure is illegal in some jurisdictions. When it comes to due diligence, circular ownership structures can sometimes be used to obscure the true beneficial owner(s). It can also be important in relation to the sanctions 50% rule because circular ownership may be used to hide that the 50% threshold has been met, thereby not triggering a red flag.
This is your entire database of customers. Your group of customers is sometimes called a “list” because you may upload your customers in a list format for screening purposes, for example.
A database is an organised collection of structured information, or data. This is a term you will often hear in relation to sanctions databases and PEP databases, for example. With Complytron, you can search our databases using our own interface, or your IT expert can link our databases to your existing search tools so that you can use the interfaces you’re already familiar with.
Date of birth | DOB
The exact day, month and year when an individual was born. You will often see the acronym “DOB” on certain official documents, like IDs etc.
De-risking is when financial institutions terminate or restrict doing business with clients or categories of clients to avoid risk altogether. In the context of money laundering regulations, de-risking means cutting ties with individuals/entities that carry a high risk of money laundering, and thereby increase the company’s risk of falling foul of AML regulations.
A decision tree is a kind of flowchart that maps out certain risk characteristics and whether a target meets those risk characteristics or not. It can help analysts decide whether and how much of a risk a target poses.
The removal of an individual, entity, country or other grouping from a specific list. As an example, in terms of our industry, delisting can mean removing a country from a blacklist, removing an individual from a sanctions list, or removing a customer from a high-risk list that you have in-house.
Denied Persons List | DPL
The Denied Persons List is created and published by the U.S. Department of Commerce, Bureau of Industry and Security (BIS). It lists individuals and entities who are not allowed to participate in export transactions. You can search the list here: https://www.bis.doc.gov/index.php/policy-guidance/lists-of-parties-of-concern/denied-persons-list
Department of Foreign Affairs and Trade | DFAT (Australia)
The Department of Foreign Affairs and Trade (most commonly known as DFAT), promotes and protects Australia’s international interests to support its security and prosperity. When it comes to our industry, DFAT publishes Australia’s sanctions list so you will often hear “DFAT sanctions” as a term. Also under DFAT is the Australian Sanctions Office (ASO) which is the Australian government’s sanctions regulator. You can check DFAT sanctions–and all other key global sanctions lists–with Complytron.
Designated Non-Financial Businesses and Professions | DNFBP
Designated Non-Financial Businesses and Professions (DNFBP) is a classification by the Financial Action Task Force (FATF) denoting non-financial sector businesses that may pose a risk of money laundering. These sectors include auditors, tax advisors, casinos, high-value goods dealers, lawyers, notaries and real estate agents.
A digital fingerprint is an identifier in the backend of a website. Complytron uses digital fingerprints to see if there is a connection between your target’s URL and our proprietary high-risk URLs database. By comparing the code and feature similarities of any two websites, we can provide a probability that they (and the entities/people behind them) are linked.
Dilution of sanctioned ownership
Dilution refers to the act of reducing the percentage of a sanctioned owner’s shares in a company so that it falls below the 50% rule threshold, which requires that not more than 50% of a company’s ownership is by a sanctioned individual or entity. Dilution helps the entity avoid the restrictions sanctions create.
See Four Eyes.
In the AML/KYC space, due diligence is an investigation into an individual or entity before a business relationship is entered to uncover or confirm details about them. Due diligence may include things like confirming company registry filings, ID information, adverse media, whether they are sanctioned, whether there are any litigation proceedings, source of wealth, company ownership structure and more. It is sometimes referred to as customer/client due diligence (CDD). A more detailed version of customer due diligence is called enhanced due diligence (EDD). What a company considers to be CDD versus EDD depends on their own in-house policies and processes.
Economic sanctions are commercial and financial penalties applied by one or more countries against a country, group, company or individual. Economic sanctions are just one of many different types of sanctions, including diplomatic sanctions, sporting sanctions, or sanctions on individuals that may include things like freeing assets.
Egmont Group of Financial Intelligence Units
A global organisation that facilitates the flow of information, knowledge, and cooperation amongst Financial Intelligence Units. Learn more here: https://egmontgroup.org/
Electronic (E-) Money Institution
A financial entity that is authorised to provide services related to electronic money, like credit cards, and payments related to it.
Electronic Know Your Customer | EKYC
This is a way of verifying your customer’s identity and other identifiers (like address) using digital means only.
Similar to Electronic Know Your Customer, this is a way of checking your customer’s identity and personal identification information by checking the provided information (like date of birth, social security number, address etc.) against publicly available information and other databases.
Embargoes are an official ban on trade or other commercial activity with a particular country. Embargoes are sometimes paired with sanctions. For example, as a way to punish a specific country, another country may impose an embargo on the oil and gas exports to deprive that country of profits from any sale.
Enhanced Due Diligence | EDD
Due diligence itself is an investigation into the background of an individual or entity to try to uncover information as well as any potential risk factors associated with entering a business relationship with said individual or entity. Enhanced Due Diligence is a deeper dive into the background of the individual or entity. What constitutes an “enhanced” due diligence varies based on the company and context.
In our context, an entity is typically a company, organisation, or group.
A technique used during the investigations and rectifications process to identify records in a single data source or across multiple different data sources that refer to the same entity, and then linking the records together.
When using a monitoring tool like Complytron, a false negative is a result that mistakenly indicates a name does not have a match on a database that was searched. You might get a false negative because of a mistake made in the name that was searched or because other data like date of birth or country of origin do not match what is in the source data. False negatives can be troubling because it means that they are not flagged as a potential risk.
When using a monitoring tool like Complytron, a false positive is a result that indicates that a name you searched matches one in the source data, however, your target and the matching one on the database are not one and the same, despite the matching names and other data. False positives can be a burden for teams doing AML/KYC due diligence because false positives require further investigation to get to the bottom of whether it is a true match or simply a false positive.
Federal Financial Institutions Examination Council Bank | FFIEC
A United States government interagency body composed of five banking regulators that is empowered to prescribe uniform principles, standards, and report forms to promote uniformity in the supervision of financial institutions. Read more here: https://www.ffiec.gov/
The Federal Financial Supervisory Authority | BaFin
The financial regulatory authority of Germany. Better known as BaFin.
50 Percent Rule
This is an OFAC and EU rule that sanctions also apply to companies that are owned in at least 50 percent (directly or indirectly) by sanctioned individuals or entities. It could be one or more sanctioned individuals/entities that make up the 50 percent threshold. For example, if two blocked individuals have a 26 percent stake each in Company A then that company is sanctioned according to this rule. OFAC also recommends being careful if the sanctioned individual/entity ownership nears 50 percent but doesn’t quite make the cutoff. Read our explainer on the 50 percent rule.
Financial Action Task Force | FATF
The Financial Action Task Force (FATF) is an intergovernmental organisation that is mandated to develop policies to combat money laundering and the financing of terrorism by setting standards and promoting effective implementation of legal, regulatory and operational measures.
Financial Action Task Force-Style Regional Body | FSRB
Sometimes referred to as a FATF-Style Regional Body (see above for what FATF is). These bodies set up systems for combating money laundering and the financing of terrorism in their respective geographic locations. The overarching goal is to implement the international standards set up by FATF at a more local level. Currently there are eight FSRBs:
Financial Conduct Authority | FCA
The Financial Conduct Authority is a financial regulatory body in the United Kingdom.
A financial crime refers to crimes that involve taking money or other property that belongs to someone else, to obtain a financial gain. Financial crimes include crimes like money laundering, terrorism financing, fraud, and tax evasion.
Financial Crimes Enforcement Network | FinCEN
The Financial Crimes Enforcement Network is a bureau of the United States Department of the Treasury that collects and analyzes information about financial transactions in order to combat money laundering, terrorist financing and other financial crimes.
Financial Intelligence Unit | FIU
Financial Intelligence Units receive, analyse and pass on reports of suspicions identified and filed by the private sector. FIUs function as an intermediary between private entities that are subject to AML/CFT regulations, and law enforcement agencies. Most countries have their own FIU and gather suspicious activity reports related to criminal financial activity and conduct investigations based on this information. The Egmont Group supports more than 150 FIUs from around the globe. See Egmont Group for more information.
Financially exposed person
These are people who have access to corporate wealth due to their positions within a company.
FinCrime is short for financial crime. See financial crime for more.
FinTech is an emerging industry that sits at the crossroads of finance and technology. FinTech uses technology to support or enable banking and financial services.
First line of defence
In the context of AML/KYC, the first line of defence is the frontline staff who handle customer onboarding, identification, and due diligence. They play an important role in spotting potential risks. The second line of defence are those staff who develop policies and procedures, devise customer questionnaires (used at onboarding) and requirements, and maintain the technologies used in KYC/AML processes. They also divide customers into risk categories and monitor ongoing SARs.The third line is the internal auditing staff. These multiple levels and types of checks help achieve a robust AML/KYC process.
First name/last name
When searching an individual on a database you will often be asked to input a first name and a last name. The first name is the personal name given to someone at birth. The last name is typically the family name. Keep in mind, in different countries middle names, additional names or differing name orders may be commonly in use.
Stands for “frequently known as” found on some sanctions lists, like OFAC. These are name variations or nicknames of sanctioned individuals.
When an individual or entity runs a money laundering scheme or wishes to obscure the ownership of a company, they often need the help of certain professional service providers. These people may either knowingly or unknowingly assist in the scheme. Because of their role, the can play a potential role in spotting and stopping money laundering, the financing or terrorism and so forth. This diverse grouping of professionals are referred to as ‘gatekeepers.’ Gatekeepers can include people like accountants, art advisers, bankers, corporate service providers, lawyers, luxury goods dealers, notaries, private wealth managers and real estate agents.
Global Program Against Money Laundering, Proceeds of Crime and the Financing of Terrorism
This is a UN programme giving in-depth assistance to countries to build and strengthen their anti-money laundering and countering financing of terrorism capacity.
Global Ultimate Owner | GUO
This is the individual or entity at the top of the ownership of an entity, even if they are located outside of the borders of the given jurisdiction. Sometimes there is a local Domestic Ultimate Owner’, which is different to the Global Ultimate Owner.
Governance, Risk and Compliance | GRC
This is a framework that helps organisations act with integrity and according to the law. It means the right people get the right information at the right time, and that the right actions and controls are in place so that it is clear what has to happen in a range of circumstances.
Government- or State-Owned Body
Unlike a privately held company, a state-owned body is an entity created by a government to run commercial activities on behalf of the government.
This is the Financial Action Task Force’s list of countries that are not as strong as they could be in their AML/CFT controls, but are taking steps to remedy the situation. Financial institutions should be aware of greylist countries when deciding if and how to do business with and in the said country.
Groupe d’Action Financière sur le Blanchiment de Capitaux
An alternative name for the FATF. See FATF.
Heads of International Organisations
An international organisation can be classified as anything from FIFA (the football federation) to the World Bank. International organisations are typically the governing bodies in the sporting, financial, political or economic spheres, however, they may also fall outside of these parameters, for example, the International Committee of the Red Cross or the International Criminal Court. The heads of international organisations (or others in positions of power within these organisations) are important to note during your investigations because of their power to influence things like decision-making and how money is spent.
Her Majesty’s Revenue and Customs | HMRC
HMRC is a law enforcement agency which is responsible for investigating serious organised financial crime in the UK. It also administers anti-money laundering registrations for money service businesses, which are businesses that convert or transmit money.
Her Majesty’s Treasury | HMT
Sometimes referred to as HM Treasury. HMT is the UK’s government department responsible for economic and fiscal policy. HMT’s Office for Financial Sanctions Implementation is responsible for publishing the UK Sanctions List (often referred to as HMT Sanctions). It’s important to check this sanctions list as part of your sanctions monitoring and using a tool like Complytron can help you do this with ease.
This is a person whose wealth exceeds a given amount, typically considered to be around USD$1 million in liquid assets (these are assets that can be quickly converted into cash while retaining its market value; the best example of a liquid asset is the money in a bank account).
A hit is a matching result. You may need to do further research to ascertain whether it is a true match or a false positive.
A piece of data or information about an individual or entity that helps you confirm that it is the person/entity you had in mind. For example, if you run a search for a target’s name on a sanctions database and you get a hit, you may like to confirm that it’s a positive match by checking identifiers like date of birth, aliases, address, or company ID.
A set of rules and guidelines that layout how, when and by whom certain things must be done. When it comes to our industry, in-house policies might include when to do sanctions check, to whom to report any red flagged results, how to store evidence of your searches, and whether to escalate PEPs or watchlisted results.
A legal person. With Complytron you can search both individuals and entities (companies, organisations etc.).
Inherent risk is a natural risk level associated with a situation where not everything can be controlled or not all variables are known. In terms of auditing or investigations, inherent risk is higher when there are complex ownership structures etc.
This is when a company’s own staff commit or assist in sanctions evasion, which is when business or transactions are done with a banned sanctioned entity.
International Criminal Police Organisation | INTERPOL
An organisation that facilitates worldwide crime prevention and control by bringing together the different police forces of the world.
A formal and systematic research of a specific person, company or action. For example, those who work in due diligence investigate their targets whether it be individuals or entities day by day.
Joint Comprehensive Plan of Action | JCPOA
Often referred to colloquially as the Iran Nuclear Deal is a 2015 agreement on Iran’s nuclear program between Iran and several other countries. Why it may be relevant to those working in the KYC space, is that as part of the deal some countries agreed to lift certain sanctions against Iran.
Joint Money Laundering Intelligence Taskforce | JMLIT
Part of the UK’s National Economic Crime Centre (NECC), JMLIT aims to facilitate the exchange of information between law enforcement and the private sector relating to money laundering and other financial crimes.
Joint Money Laundering Steering Group | JMLSG
A private sector body that is made up of the leading UK Trade Associations in the financial services industry. It provides guidance to help those in the financial industry to comply with their UK anti money laundering and counter terrorist financing obligations. Learn more here: jmlsg.org.uk
Although it is a legal term, colloquially “jurisdiction” refers to a geographical area and the governance and legal system that applies to that place. When it comes to AML/KYC, certain jurisdictions are considered high risk, so if your target is based in such a jurisdiction, they may require enhanced due diligence. Check the latest publications by FATF for more information on what is considered a high-risk jurisdiction based on deficiencies in countering money laundering and terrorist financing.
Jurisdiction of citizenship
The country or countries of which the target is a citizen. Keep in mind, this may be different to the jurisdiction of residence.
Jurisdiction of residence
The place of permanent or primary residence. I.e. Where the target lives. Keep in mind, this may be different to the jurisdiction of citizenship. In the case of “jurisdiction of residence for tax purposes,” this refers to where the individual is required to pay taxes based on where they spend most of their time living and working.
A leader who enriches him- or herself by stealing from national resources.
Know Your Business | KYB
This is a variation of the more commonly used term KYC (know your customer) and it involves doing the relevant due diligence on businesses you are considering entering a business relationship with to reduce your risk. KYB processes may include uncovering who the ultimate beneficial owners are, getting the business registration details, running checks like sanctions monitoring and more.
Know Your Correspondent Bank | KYCB
This is a variation of the more commonly known term KYC (Know Your Customer) and it involves doing the relevant due diligence on financial institutions that provide financial services to another financial service provider. Sometimes, KYCB stands for Know Your Customer Better. This term does not have a broadly accepted definition but may involve enhanced due diligence and other investigative techniques as part of a KYC process.
Know Your Customer (Client) | KYC
This is the process of verifying the identity and background of your customer/client (a process sometimes called “due diligence”). This verification typically takes place before the commencement of a business relationship, and may continue periodically or on an ongoing basis throughout the course of the relationship. During the KYC screening process, the person(s) responsible must ascertain the identity, background, suitability and risks associated with the individual/entity that is a potential or actual customer/client. The basic goal of KYC is to screen out individuals/entities involved in money laundering, and can also help manage risk. The KYC process typically includes sanctions screening, PEP checks, the identification of the ultimate beneficial owner of an entity, checking for legal issues and adverse media, and others.
Know Your Customer’s Customer | KYCC
Similar to KYC, however, it involves the identification and associated risk of the activities and nature of the customers of your customer. It is needed because of the potential risk hiding in second-tier business relationships (i.e. that of your customer’s customer).
Know Your Employee | KYE
Similar to KYC in that it involves due diligence on a potential recruit or a current employee to help reduce the risk of things like corporate fraud, corruption, bribery or other forms of corporate losses.
Know Your Third Party | KY3P
Know Your Third Party is similar to KYC in that it involves due diligence on an individual/entity, however, KY3P focuses on background research on suppliers, vendors and other business partners–not on customers. KY3P is increasingly important for those companies that outsource critical business processes and activities because organisations must know and trust these supplies, and because organisations themselves can be held responsible for the actions of those that they entrust to complete key functions. KY3P is sometimes referred to as Know Your Vendor.
Know Your Vendor | KYV
See Know Your Third Party (above).
Know Your Vessel | KYV
For companies involved in chartering or engaging with shipping businesses, Know Your Vessel processes may need to be in place. KYV is somewhat similar to Know Your Customer in that it involves due diligence on the shipping company you are entering into a business relationship with.
Layering is the process of hiding the origins of money for the purposes of money laundering. By passing the proceeds of criminal activities through layers of legitimate financial transactions, it becomes harder and harder to uncover the original source of the funds. Tools used when layering include: moving funds between banks or accounts, investing in real estate or a business, converting cash into something that stores value like artwork or pre-paid cards. Layering follows Placement.
Licensed activity under a sanction
A licensed activity under a sanction is when a special permission has been granted to an individual or entity to proceed with business with a sanctioned individual or entity without breaching the sanctions. Permission needs to be obtained in advance by the body that has issued the sanction.
Limited Liability Company | LLC
This is a business structure that you will often hear about when it comes to hidden beneficial ownership. While many LLCs are organised for legitimate purposes, LLCs are also an often used vehicle to obscure the true ownership structure of the company. The term LLC is most commonly used in the US, but many other jurisdictions have their own terms for a similar kind of business structure, for example BV, GmbH, or SRL.
A look-back review is when a financial provider’s past transactions and/or monitoring processes over a given time period are reviewed by a regulator.
This is a form of artificial intelligence whereby algorithms can improve automatically based on experience and data. Complytron’s tools also use machine learning to improve our results over time.
Often used in financial institutions as a form of authorisations. It involves requiring at least two people to approve a transaction. The “maker” is the person who generates the request while the “checker” is the person who double-checks and approves the request.
Mandatory sanctions lists
There is no official guidance on what constitutes a “mandatory sanctions list”, however, your internal policies may stipulate which sanctions lists must be checked and how often. We recommend at least checking the main global sanctions lists including OFAC, UN, EU, HMT and DFAT, although others may also be pertinent based on your jurisdiction. For example, if you’re operating in Canada, you will likely be required to check Canadian sanctions as well.
Markets in Financial Instruments Directive (II) | MiFID 2
MiFID 2 is a European Union regulation that is enforced for the countries in the European Economic Area. It aims to increase transparency in financial markets and standardise disclosure requirements for financial institutions including banks and investment firms.
A “match” is when a result is found in a database as a result of a search query that is the same or similar to the target that was searched. For example, if you search a name and then the same name (possibly along with other matching identifiers) is found within a database.
Match found is the term used to indicate that a result has been found in a database that is the same or similar to the search query. For example, if you search a name and then the same name (possibly along with other matching identifiers) is found within a database.
Middle East and North Africa Financial Action Task Force | MENAFATF
Member countries work jointly to implement FATF and UN recommendations and resolutions, work on regional issues together, work together to increase the compliance standards of the grouping, and work together to combat money laundering and terrorist financing.
One way for money laundering to occur is when a seemingly legitimate business is opened and operated to disguise the illegal money-making activities running behind it. This is why AML due diligence on companies you work with is so important — it gives you the chance to uncover whether the business is fully legitimate or may actually be involved in financial crime.
Money Laundering Reporting Officer | MLRO
This person is hired to oversee a company’s anti-money launder and KYC systems, processes and policies, and is responsible for answering in-house questions relating to any issues that come up during the due diligence process. It is a role with a lot of responsibility as the MLRO may be liable for fines and even jail time should the AML processes be insufficient to prevent money laundering. The MLRO is responsible for implementing solutions to reduce the company’s exposure to risk associated with money laundering.
The systematic surveillance of something (in our industry this is typically individuals and entities) to ensure that nothing of importance has changed, or to recognize if something meaningful has happened. For example, a client may be checked at onboarding, but ongoing customer monitoring may occur throughout the entire customer lifecycle to ensure that nothing has changed in their status, for example that they have not been added to a sanctions list.
Multilateral sanctions are when multiple countries act together to sanction an individual, country etc. An example of a multilateral sanction are those imposed by the UN or the EU because these are member states working together to impose a sanction. Unilateral sanctions are when one country goes out on its own to impose sanctions against an individual, country etc.
This is when the target you are searching on a database finds a “hit” or a match. Note: You may need to do additional investigation or look at corroborating data to confirm it is a true match not a false positive.
Sometimes referred to as “name monitoring” this is when you search a name against a specific database to discover if there is a name match or not. Name screening is typically part of a broader AML/KYC or other due diligence process.
A naming convention is the typical way a name is configured in a given jurisdiction. For example, it may be first name – middle name – last name, or sometimes last name – first name – middle name, or other times given name – father’s first surname – mother’s first surname. These are just some examples, and there are many many other naming structures. It’s important to know what naming convention your target may fall under, especially if it’s a jurisdiction you are not familiar with so that you can complete thorough and accurate name searches. It may be most foolproof to search many different name variations to ensure you do not miss a relevant result.
Narrative sanctions are those that apply to individuals/entities not listed on a sanctions list as a result of “the 50 percent rule.” These individuals/entities are covered under the narrative statement that is issued for a sanctions regime.
National Crime Agency (UK) | NCA
In the UK, the NCA combats organised crime including money laundering, illicit finance, sanctions evasion and fraud.
National Economic Crime Centre (UK) | NECC
In the UK, the NECC draws together law enforcement and justice agencies, government departments, regulatory bodies and the private sector to disrupt serious organised economic crime and safeguard the UK as a financial centre.
Those with power and influence favouring friends and relatives in the form of giving them jobs.
Office for Professional Body Money Laundering Supervision | OPBAS
OPBAS is housed within the FCA (the Financial Conduct Authority of the United Kingdom) and aims to reduce money laundering and terrorist financing by working to ensure consistently high standards of supervision by the professional body AML supervisors (PBSs) overseeing the legal and accountancy sectors.
Office of Financial Sanctions Implementation | OFSI
The Office of Financial Sanctions Implementation (OFSI) helps ensure that financial sanctions are properly understood, implemented and enforced in the United Kingdom.
Office of Foreign Assets Control | OFAC
The Office of Foreign Assets Control (OFAC) under the umbrella of the US Department of the Treasury administers and enforces the United States’ economic and trade sanctions against targeted foreign countries, individuals and entities.
Office of the Inspector General | OIG
The Office of Inspector General (OIG) seeks to improve the efficiency and effectiveness of the US Department of Commerce’s programs and operations, and endeavours to detect and deter waste, fraud and abuse of its programs.
An offshore company is a company that is incorporated in a jurisdiction that is other than where the beneficial owner(s) reside. Companies incorporated in tax haven countries like the British Virgin Islands and Bermuda are often called “offshore companies.” The “company” part of the phrase is used loosely as it can also include LLC, partnerships, offshore trusts etc.
Offshore financial centre | OFC
An offshore financial centre (OFC) is a country or jurisdiction that provides financial services to nonresidents on a scale that is not commensurate with the size and the financing of its domestic economy. The largest number of users of the OFC are non-residents. the Financial Stability Forum–International Monetary Fund has released a list of countries/jurisdictions it considers to be OFCs and these include Macau, Luxembourg and the Isle of Man.
See Offshore financial centre (above).
One of a small group of powerful people who control a country or an industry and use this power for corrupt purposes. An oligarch is often used in relation to Russian oligarchs but oligarchs are not exclusively Russian.
In our industry, the term onboarding is typically used in the context of customer onboarding. In this context, onboarding means the process that new users go through to get set up before starting to use a product. During this onboarding process, due diligence on the prospective customer typically takes place to limit the company’s exposure to risk relating to this new business relationship.
Open Source Intelligence | OSINT
Intelligence gathered from publicly available sources then analysed to assist a specific investigation.
Organisation for Security and Co-operation in Europe | OSCE
A regional security-oriented intergovernmental organisation whose mandate includes economic, politico-military, human and other elements. The politico-military mandate includes combating corruption and money laundering.
When it comes to screening tools like ours, then unlike a “full match” or a “match”, a partial match indicates that certain elements of a result found in the database match your search query but others do not. For example, the name may match but the date of birth or mother’s maiden name may not. A partial match typically requires further investigation to ascertain whether the result is indeed your target. Partial matches can happen because information on individuals or entities can sometimes be patchy, out of date, incomplete or incorrect in the source data or in the information on which you are basing your search.
Pass-through sanctions risks
Pass-through sanctions is a form of sanctions breach that can happen even if your customer or supplier is not sanctioned but does business relating to your business with a sanctioned country/entity/individual. The rule implies that you do bear some responsibility if your customers or suppliers are found to be doing business with a sanctioned entity. As a result, it’s safest from a compliance point of view to have processes in place to be aware of the entire sales or supplier chain.
The best way to understand pass-through sanctions is by reading the following examples:
A pass-through sanctions risk is therefore a danger associated with failing to do due diligence on your customer’s customer or your supplier’s supplier.
In our industry, pass/fail typically refers to whether a target has passed or failed various checks like sanctions screening and PEP checks.
Payment screening is when banks and other financial institutions check incoming and outgoing transactions to stop suspicious transactions and ensure there is no breach of compliance regulations.
A PEP check is searching databases of Politically Exposed Persons (PEPs), to see if your target is listed as a PEP. Keep in mind, definitions of who may be included as a PEP may vary and can also depend on your company’s risk appetite, therefore, your judgement may be required on who counts as a PEP and whether their PEP status classifies as a risk factor in the context of your research.
Personal Identification Number
This is a unique series of numbers that is issued by a government agency and assigned to a natural person. An individual may have a few different personal identification numbers for different purposes, for example, a passport number and an ID card number. Different countries have different documentation types in use. It is usually printed on all of the identification documents like ID card, passport, driver’s licence, residence permit etc.
Disambiguation: Not to be confused with PIN (personal identification number) which is the passcode used to withdraw money from an ATM or make a payment using a bank card in a store etc.
Person with Significant Control
Someone who can exercise significant influence or control over a company. Some examples, of who may be considered as a person with significant control: holds more than 25% of shares or voting rights in a company or has the right to appoint or remove the majority of the board of directors, or otherwise exercises significant influence or control.
Placement is used by people involved in money laundering to “place” the money gained by illicit means into the legitimate financial system. It could be done by funnelling cash through cash-intensive businesses or depositing smaller amounts that don’t trigger AML thresholds into bank accounts, for example. Placement removes the money one step away from the criminal source. See Layering for more information on what may happen next.
Politically exposed person | PEP
A PEP is someone who is in a position of political power or influence, and may therefore be more susceptible to bribery or corruption. PEPs often require special oversight because they may be able to influence government contracts, impact government oversight, obscure sources of wealth and more. Members of the legislative, judicial and executive branches of government are considered PEPs, as may be diplomats and current or former senior executives of state-owned companies. Close family and business associates can sometimes also be considered to be a PEP because they can also influence a person in a position of power. How PEPs are handled during a due diligence investigation depends on the risk appetite and policies of the company doing the due diligence as well as any relevant governmental rules and regulations. Learn more on our explainer on PEPs. [https://complytron.com/blog/explainer-politically-exposed-persons-peps/]
A predicate crime is an offence that is a part of a more serious crime. It it often used in the context of money laundering and terrorist financing. In this example, gaining funds through illicit means is the primary offence while money laundering is the predicate crime. Sometimes also called predicate offence.
A direct form of evidence from the original source of information. For example, a legal filing or corporate registry filing would be considered as a primary source, whereas a news report on the legal filing or corporate registry information would be considered a secondary source.
A warning of potential risk. In AML/KYC, a red flag is used to describe a potentially worrying factor that requires additional investigation or a decision on how to proceed that includes a calculation of this risk. The term red flag may also be used during the screening process (for example, sanctions screening) to indicate that a result has come back as a hit. I.e. your target has been found on a sanctions list – this result is a red flag.
Registry is a broad term used to describe different kinds of lists and datasets that are stored with an official body after an official document has been registered. For example, a company registry filing is the document a company submits to record their company with an official body. In some jurisdictions, you can search such registry filings as part of your due diligence to confirm things like company registration number, address, owners and more.
Stands for regulatory technology. RegTech falls under the umbrella of FinTech but these focus moreso on technologies that help facilitate regulatory compliance more efficiently and effectively.
Sometimes referred to as a regulator body, regulatory agencies are independent governmental bodies that set standards in a specific field and then enforce those standards. Examples include the Financial Conduct Authority and the Office of Foreign Assets Control.
Relatives and Close Associates | RCA
An RCA is a category of politically exposed person (PEP) that is a close friend, relative or even business associate of a PEP. RCAs are sometimes referred to as “PEP by association.”
A term used in Australia in reference to financial institutions, or other persons, who provide designated services and therefore must meet stringent anti-money laundering requirements of the AML/CFT Act. A reporting entity must carry out a procedure to verify a customer’s identity before providing a designated service to the customer. Reporting entities generally provide financial, gambling, bullion or digital currency exchange services.
This is the set of both regulatory and in-house obligations regarding when, how, and who to report suspicious activity to.
The damage that can occur to a company when it fails to meet the expectations of its stakeholders and customers and therefore is negatively perceived. When it comes to AML/KYC, it is a reputational risk to accidentally do business with a sanctioned entity, for example, because it indicates that the AML processes are not robust enough. This can reduce the firm’s standing and reputation.
Reputationally Exposed Person | REP
Individuals or entities that have questionable reputations and therefore entering into a business relationship with them may reflect badly on the company choosing to do business with them. REP status can be checked by screening adverse media and doing a sentiment analysis on top of the typical due diligence steps.
These are restrictions placed on people, companies, industries, or even countries. They can be applied by one country unilaterally, or by multiple countries multilaterally. Sanctions are usually applied as a form of pressure or penalty.
Sanctioned by extension
An entity may not be listed on a sanctions list, but may still be sanctioned by extension or association if an explicitly sanctioned person or entity owns a large stake in it, either directly or indirectly. This is important because such a “sanctioned by extension” entity may not appear as a red flag during your sanctions screening because the entity itself may not appear on any sanctions lists.
These are the processes your company may be obliged to have in place to ensure you meet your obligations with regard to flagging sanctioned individuals and entities and then assessing whether you are able to continue a business relationship with them under the sanctions rules that apply based on your jurisdiction and industry.
Sanctions Compliance Officer
This is the person(s) at your company who are responsible for implementing a sanctions compliance program. If you become aware that someone your company is considering entering a business relationship with may be sanctioned, it is this person you should flag them with. This job title may have many other names, including Money Laundering Reporting Officer, OFAC Sanctions Compliance Officer, and others.
Sanctions compliance program
A set of in-house policies and procedures as well as auditing and monitoring processes that help ensure that a company has a rigorous due diligence programme in place that meets its sanctions compliance obligations.
Sanctions due diligence
To ensure compliance with sanctions, companies may need to undertake due diligence on clients, third pirates and others it may enter a business relationship with to ensure they are not on the global sanctions lists. Typically, tools like Complytron are used to scan names against all the major sanctions lists with ease.
The country or multilateral body that issued the sanctions is responsible for enforcing it and punishing those who violate it. For example, in the US the Department of Treasury’s Office of Foreign Assets Control is responsible for enforcing sanctions, for example, punishing violators with fines.
These are steps taken to circumvent sanctions. For example, disguising that a client is a sanctioned entity, or hiding transactions on sanctioned goods.
These are the lists of sanctioned individuals and entities that are published by the country (remember a country can autonomously impose sanctions) or multilateral body that has imposed sanctions. These lists are updated on a regular basis. These lists are searchable individually, but it’s much easier to use a tool, like Complytron, that can search the latest versions of all the main global sanctions lists with one quick search. The main global sanctions lists include: UN, EU, HMT (UK), DFAT (Australia), OFAC (US).
This is a term used to describe the suite of sanctions imposed on a particular industry or country. This collection of measures might include things like export or import restrictions, limits on commercial activities, and travel bans. What’s included in the sanctions regime can change based on what the goal is of the sanctions.
This is the rigorous and methodological process of checking whether your client or third party are on any of the main global sanctions lists. You can do this easily using a tool like Complytron. A thorough sanctions screening protocol should include clear information on when sanctions screening must take place, how the evidence of the steps taken during sanctions screening will be saved and stored, and how red flagged names will be handled and reported.
The individual or entity who is the subject of your investigation.
If there is a name match with the person or entity who is the subject of your investigation. Further investigation may be required to ensure that the match is accurate (a true match), for example, by cross-checking other identifying information like date of birth (in the case of an individual), or tax ID or company registration number (in the case of an entity).
Task Force on Money Laundering in Central Africa | GABAC
The Groupe d’Action contre le blanchiment d’Argent en Afrique Centrale (GABAC) was established in 2000 to counter money laundering and combat terrorist financing. Its members include: Cameroon, Central African Republic, Chad, Republic of the Congo, Democratic Republic of the Congo (DRC), Equatorial Guinea and Gabon.
Jurisdictions with low or no corporate tax that allow foreign investors to easily set up businesses. Tax havens are used by the wealthy and well-connected to avoid paying taxes in their home countries.
Tax Identification Number
Sometimes called a taxpayer identification number or TIN for short, this is a unique number used to identify an individual taxpayer and administer their taxes. Each jurisdiction’s tax identification number system (i.e. the number of numbers and letters used) may vary.
Ultimate Beneficial Owner | UBO
Basically, the ultimate beneficial owner is the person who gains from a business, even if there is a complicated ownership structure, it’s the person who at the end of the day gains financially or otherwise from that business existing. What constitutes an UBO can vary from jurisdiction to jurisdiction. But, as an example, it may include the individual or individuals who holds 25% or more of share capital, exercises 25% or more of the voting rights or is a beneficiary of 25% or more of the legal entity’s capital. Sometimes the use of a ‘nominee director,’ ‘corporate director’ or other mechanism is used to obscure the identity of the UBO. Knowing who the UBO is is important for risk analysts because it can give you information on an individual’s interests, can reveal hidden links between entities and
These are sanctions that are imposed by a single country, as opposed to a bloc of countries coming together to impose sanctions against a given target.
As a multilateral body, the UN sometimes imposes sanctions as a way to “maintain peace and security” – including the political settlement of conflicts, nuclear non-proliferation, and counter-terrorism. There are currently 14 sanctions regimes in place.
UN Convention Against Corruption
Adopted by the UN in 2003 and implemented in 2005, it covers five main areas of anti-corruption: preventive measures, criminalization and law enforcement, international cooperation, asset recovery, and technical assistance and information exchange.
UN Security Council sanctions
See UN sanctions.
In our context, a URL search is a search of a company’s website (URL) on our database of high-risk URLs. Our high-risk URLs are those URLs linked to sanctioned or watchlisted entities.
US Department of Justice | DOJ
The department is tasked with federal law enforcement and administration in the United States.
US Patriot Act
Sometimes called simply “the Patriot Act” it aims to deter and punish terrorist attacks through enhanced law enforcement and anti-money laundering.
A digital symbol of value for the community that uses a specific virtual currency that can be digitally traded and is a medium of exchange or store of value. Virtual currency is not the same as a fiat currency (sometimes called “real currency,” “real money,” or “national currency”) and it is also distinct from e-money, which is a digital representation of fiat currency used to electronically transfer fiat currency value.
This is a list of potentially high risk individuals or entities. There may be different warning lists that are relevant for you that are issued by or relevant for different departments, jurisdictions or industries, however, one commonly known one is the FCA warning list in the UK. (Search the Financial Conduct Authority warning list.) Warnings lists aren’t necessarily as prohibitive as sanctions lists but they do give you additional information to go on when making a risk assessment. Warning listed targets should typically be red flagged for additional investigation.
In our context, a watchlist is a list of individuals or entities that require additional monitoring as they may represent a higher risk. Different countries or organizations may create different watchlists of things like suspected terrorists or potentional money launderers, scammers, fraudsters, and even PEPs. If you find a target on a watchlist, they should be flagged for additional investigation.
This is a common name or nickname, which can cause confusion as your target may share it with many others and therefore can result in false positives. Weak aliases are sometimes called weak AKAs.
An association of thirteen banks, which aim to create industry standards and best practices for fighting financial crime. It sets out policies for anti-money laundering, know your customer and counter terrorist financing. Read more about the Wolfsberg Group.
This content is for general informational purposes only and does not substitute personalised professional advice. Although we aim to be both up-to-date and accurate, errors can occur. In addition, certain pieces of content, like interviews, podcasts and webinars, may contain opinions that do not necessarily reflect the position of our company. If you have noticed an error, omission or bug, please contact us at email@example.com