🌍 AML Custodians Global Compliance & FinCrime Dictionary
A
Account Takeover (ATO): Unauthorized access to a legitimate customer’s account to move or launder money. Example: Fraudsters hack a user’s e-banking login and transfer funds to mule accounts.
Adverse Media Screening: Checking negative news about customers to detect reputational or financial-crime risk. Example: Screening reveals a client director linked to corruption allegations.
Alert Triage: The process of prioritising compliance alerts for investigation. Example: A sanctions match alert is reviewed first because it poses the highest risk.
AML (CFT): Anti-Money Laundering / Countering Financing of Terrorism; frameworks to prevent illicit funds. Example: A bank’s AML policy requires transaction monitoring and SAR filing.
AML Risk Assessment: Evaluating exposure to money-laundering threats by product, geography, customer, channel. Example: Cross-border remittance rated as high risk due to cash inflows.
Appeals Process (Regulatory): Formal route to contest a regulator’s decision. Example: A fintech appeals an administrative penalty for late STR filing.
Audit Trail: Complete record of actions for compliance verification. Example: Every KYC update is logged with user ID and timestamp.
Automated Transaction Monitoring: System that scans transactions to detect anomalies. Example: AI flags rapid transfers just under the reporting threshold.
B
Bank Secrecy Act (BSA): U.S. law forming the foundation of AML obligations. Example: Requires filing Currency Transaction Reports above $10,000.
Beneficial Ownership: Real natural person(s) who ultimately own/control a legal entity. Example: Company A owned by Trust B → Mr X (trust beneficiary) is the UBO.
Blacklist / Sanctions List: Names/entities prohibited from financial dealings. Example: OFAC SDN List match triggers account freeze.
Bribery & Corruption (ABC): Giving/receiving value to influence decisions. Example: Procurement manager accepts kickbacks for contracts.
Bulk Cash Smuggling: Physically moving cash across borders to avoid detection. Example: Couriers carry undeclared cash to launder abroad.
C
CDD (Customer Due Diligence): Collecting and verifying customer identity, purpose, and risk. Example: Bank obtains passport, address proof, and source-of-funds statement.
Chain of Ownership: Successive entities between a company and its UBO. Example: Company X → Holding Y → Trust Z → Mr A (UBO).
Compliance Culture: Values and behaviours ensuring adherence to laws. Example: CEO publicly supports whistle-blower programme.
Compliance Monitoring: Regular review of controls to ensure effectiveness. Example: Quarterly sampling of KYC files for accuracy.
Compliance Risk: Probability of regulatory breach or sanction. Example: Incomplete sanctions screening causes OFAC penalty.
Correspondent Banking: Relationship allowing one bank to access another’s services. Example: U.S. bank clears USD payments for foreign respondent.
CTR (Currency Transaction Report): Report for large cash transactions (varies by jurisdiction). Example: ₹1 million cash deposit triggers CTR filing under PMLA India.
Customer Lifecycle Management (CLM): Managing KYC from onboarding to exit. Example: Automated alerts for periodic review every 12 months.
Cyber-enabled Crime: Offences executed through digital systems. Example: Ransomware demands paid in cryptocurrency.
D
Data Protection Impact Assessment (DPIA): Evaluation of privacy risks in AML data processing. Example: EU fintech assesses GDPR impact before launching e-KYC app.
De-risking: Terminating relationships with high-risk clients/jurisdictions. Example: Global bank exits correspondent ties in sanctioned country.
Designated Non-Financial Businesses and Professions (DNFBPs): Sectors subject to AML duties (lawyers, casinos, dealers). Example: A realtor files STR for suspicious property purchase.
Detection Scenario: Pre-defined rule triggering AML alert. Example: Multiple wire transfers to high-risk country in 24 hours.
Digital Identity Verification (eIDV): Electronic authentication of customers using data and biometrics. Example: Customer selfie matched to ID document for e-KYC.
Document Forgery: Creating or altering identity papers for illicit purposes. Example: Fake passport used during corporate account onboarding.
Due Diligence Review: Comprehensive assessment of client risk before or during relationship. Example: Annual review of PEP accounts.
E
EDD (Enhanced Due Diligence): Additional checks for high-risk customers or transactions. Example: Detailed review of PEP’s source of wealth and business interests.
Embezzlement: Misappropriation of entrusted funds. Example: Accountant diverts client money to personal account.
Emerging Risk: Newly developing threat requiring control updates. Example: Deep-fake IDs in online onboarding.
Enforcement Action: Regulator-imposed penalty for non-compliance. Example: Central Bank fines fintech ₹5 crore for weak AML controls.
Enterprise-wide Risk Assessment (EWRA): Holistic view of AML/CFT risk across all business lines. Example: Annual EWRA shows remittance service as highest exposure.
Escalation Procedure: Steps to raise and resolve compliance issues. Example: Analyst escalates high-value sanction hit to MLRO.
EU AMLD (5th / 6th Anti-Money Laundering Directive): EU laws setting AML minimum standards. Example: 6AMLD introduced criminal liability for corporates.
F
FATF (Financial Action Task Force): Global standard-setter for AML/CFT. Example: Issues 40 Recommendations adopted by Malta and India.
False Positive: System alert that appears risky but isn’t. Example: Sanctions screen matches “John Smith” who isn’t the listed person.
FinCEN (Financial Crimes Enforcement Network): U.S. authority enforcing AML laws. Example: Receives SARs from U.S. banks.
Financial Crime: Any illegal act generating illicit gain or value transfer. Example: Fraud, money laundering, sanctions evasion.
FIU (Financial Intelligence Unit): National body receiving and analysing STRs. Example: FIU-IND collects suspicious reports from Indian banks.
Front Company: Legitimate-looking firm used to hide illicit activities. Example: Import export business concealing drug proceeds.
Fraud Typology: Pattern or scheme used to commit fraud. Example: Loan-stacking where same ID used for multiple instant loans.
Freezing Order: Legal directive preventing asset movement. Example: Court order freezes PEP’s account pending investigation.
G
Gap Analysis: Comparison between current compliance framework and regulatory expectations. Example: Bank identifies missing screening control during EU 6AMLD implementation.
Gatekeeper Risk: Exposure through lawyers, accountants, or agents facilitating illicit finance. Example: Company-service provider incorporates shell firms for criminals.
Geo-Risk: Country-based exposure linked to weak AML regimes or sanctions. Example: Transactions routed via high-risk jurisdiction trigger EDD.
Governance Framework: Structure defining roles, oversight, and accountability. Example: Compliance reports quarterly to the Board’s Risk Committee.
Grey-List (FATF): Jurisdictions under increased monitoring for AML weaknesses. Example: FATF places Country X on its Grey-list → correspondent banks tighten controls.
Gross Negligence (Compliance): Severe failure to apply reasonable care. Example: MLRO ignores repeated internal alerts.
H
High-Risk Customer: Client category requiring enhanced controls. Example: Offshore trust with complex ownership.
High-Risk Jurisdiction: Country with strategic AML/CFT deficiencies. Example: Payments to sanctioned state reviewed manually.
Human Trafficking (Predicate Crime): Exploitation of people generating illicit proceeds. Example: Suspicious wire pattern indicates trafficking ring remitting funds abroad.
Hybrid Threat: Combination of physical, cyber, and financial-crime vectors. Example: Ransomware group launders crypto proceeds via mules.
I
Identification & Verification (ID&V): Core KYC step confirming customer’s identity. Example: Photo ID + biometric match completed during onboarding.
Illicit Financial Flows (IFFs): Cross-border movement of illegally earned or transferred money. Example: Over-invoicing exports to shift profits offshore.
Impact Assessment: Evaluation of how regulatory or operational change affects compliance risk. Example: New crypto-product triggers AML impact study.
Independent Audit: Objective review of AML controls by non-operational unit. Example: Internal audit tests SAR escalation process.
Information Sharing (Egmont Principles): Cooperation between FIUs across borders. Example: FIU-IND shares typology data with FIU-Malta.
Integration (Money Laundering Stage): Final phase where laundered funds enter legitimate economy. Example: Proceeds invested in real estate.
Insider Trading: Using non-public information to trade securities illegally. Example: Employee buys shares before takeover announcement.
J
Joint Money Laundering Steering Group (JMLSG): UK body issuing AML guidance. Example: Firms rely on JMLSG to interpret FCA expectations.
Jurisdiction Risk Matrix: Tool mapping countries by AML strength, corruption, and sanctions exposure. Example: India – Medium; Malta – Low; Country X – High.
Justified Exception: Approved deviation from standard KYC due to valid reason. Example: Senior management waives in-person verification for diplomatic client, documenting rationale.
K
KPI (Key Performance Indicator): Metric to measure compliance effectiveness. Example: Average STR filing time = 48 hours.
KRI (Key Risk Indicator): Early-warning metric for rising risk. Example: Surge in false positives signals tuning issue.
KYB (Know Your Business): Verification of corporate clients’ structure and ownership. Example: Bank confirms shareholder register and UBOs.
KYC Refresh / Periodic Review: Scheduled update of customer information. Example: High-risk clients reviewed every 12 months.
KYT (Know Your Transaction): Continuous monitoring of transaction purpose and counterparties. Example: Detects round-tripping between related accounts.
L
Layering: Stage of laundering using multiple complex transactions to hide origin. Example: Funds moved through layered offshore transfers.
Legal Entity Identifier (LEI): 20-character ID for entities in financial transactions. Example: LEI 1234… identifies corporate counterparty.
Licence Revocation: Regulator’s withdrawal of authorisation due to serious breach. Example: Exchange loses licence after AML inspection failure.
Limited Due Diligence (LDD): Simplified KYC for low-risk customers. Example: Salary-only account with small balance.
Liquidity Risk: Inability to meet short-term obligations; can arise from frozen assets post-sanctions. Example: Bank’s funds blocked under sanctions order.
Look-Back Review: Historical transaction analysis after discovering issue. Example: Re-screening 5 years of payments post-sanctions list update.
M
Market Abuse: Manipulation or misleading actions in securities markets. Example: Pump-and-dump crypto token scheme.
Material Breach: Compliance failure with potential regulatory consequence. Example: Missed STR filing reported to regulator.
Monitoring Rules: Pre-set parameters for AML detection. Example: > INR 10 lakh cash deposit triggers rule 101.
Money Mule: Person who transfers criminal funds for fee. Example: Student recruited online to receive illicit payments.
Money-Laundering Reporting Officer (MLRO): Senior officer responsible for AML oversight. Example: Approves SARs before submission to FIU.
Mutual Evaluation Report (MER): FATF assessment of national AML regime. Example: Malta rated “largely compliant” on 38 recommendations.
N
Negative News: Adverse information about a client from public sources. Example: Media links director to tax fraud → flagged in screening.
Nested Account: Account used by one financial institution through another’s infrastructure without transparency. Example: Unknown foreign bank routes traffic via correspondent account.
Nominee Shareholder: Individual holding shares on behalf of true owner. Example: Offshore nominee conceals PEP’s control.
Non-Face-to-Face Customer: Onboarded without physical meeting, requiring extra verification. Example: Mobile-app account creation with video KYC.
O
Obliged Entity: Institution legally required to implement AML controls. Example: Banks, VASPs, casinos under PMLA.
Offboarding: Termination of customer relationship, often for risk reasons. Example: Bank closes account after repeated STRs.
Operational Risk: Loss from failed processes, systems, or people. Example: Manual entry error causes sanction breach.
Outsourcing Risk: Third-party exposure from delegated tasks. Example: Vendor fails to screen payments adequately.
Ongoing Monitoring: Continuous oversight of transactions and behaviour. Example: Daily system scanning for unusual activity.
P
PEP (Politically Exposed Person): Individual holding or having held a prominent public role. Example: Minister’s relative subject to EDD.
Perpetual KYC (pKYC): Real-time update of customer profiles via data triggers. Example: Change of address auto-initiates review.
Placement (Stage): Introducing illicit cash into system. Example: Depositing small cash amounts into multiple branches.
Predicate Offence: Underlying crime generating laundered funds. Example: Drug trafficking proceeds fed into accounts.
Proliferation Financing: Funding WMD-related goods or technology. Example: Exporter ships dual-use items to embargoed region.
Public Register of UBOs: Government database listing beneficial owners. Example: Malta’s Registry holds corporate ownership records.
Q
Qualitative Risk Assessment: Descriptive analysis using expert judgement. Example: Committee rates new crypto product as “high-risk”.
Quantitative Risk Assessment: Data-driven numerical scoring of risk. Example: System calculates AML score = 8.7/10 → EDD.
Query Management Log: Record of investigator questions and responses. Example: SAR reviewers document all clarifications.
R
Red Flag: Indicator suggesting possible suspicious activity. Example: Dormant account suddenly receives large overseas wires.
RegTech: Technology enabling regulatory compliance automation. Example: AI platform performing real-time KYC checks.
Regulatory Breach: Non-compliance with law or directive. Example: Late STR filing violates local AML rules.
Remediation Plan: Corrective actions addressing compliance deficiencies. Example: Bank implements new TMS after audit finding.
Residual Risk: Remaining risk after controls. Example: Even post-EDD, small laundering risk persists.
Risk-Based Approach (RBA): Applying controls proportionate to risk. Example: Simplified KYC for low-risk, EDD for PEPs.
Risk Appetite Statement: Document outlining tolerance levels. Example: Institution accepts “low-medium” sanctions risk only.
Risk Taxonomy: Hierarchical classification of risks. Example: Operational > Compliance > AML > Sanctions.
Round-Tripping: Moving funds abroad and returning them disguised as investment. Example: Company routes money via offshore SPV.
S
Sanctions Evasion: Attempt to bypass international restrictions. Example: Ship changes flag to avoid export ban.
SAR / STR (Suspicious Activity / Transaction Report): Report filed on suspected money-laundering activity. Example: Multiple small transfers to shell firm trigger SAR.
Shell Company: Entity with no genuine business purpose. Example: Paper company moves illicit capital.
Simplified Due Diligence (SDD): Reduced checks for low-risk clients. Example: Small pension account.
Smurfing (Structuring): Breaking large sums into smaller ones to evade thresholds. Example: Ten deposits < ₹ 5 lakh each.
Source of Funds / Wealth: Origin of money and how it was accumulated. Example: Client provides tax returns proving salary income.
Suspense Account Monitoring: Oversight of temporary holding accounts for unusual entries. Example: Unclaimed remittance flagged for review.
System Tuning: Adjusting AML parameters to optimise false-positive ratio. Example: Threshold raised to reduce noise from micro-payments.
T
Terrorist Financing: Collecting or using funds to support terrorism. Example: Donations funnelled through fake charity.
Third-Party Risk Management (TPRM): Oversight of vendors, agents, and partners. Example: Annual review of KYC-outsourcing vendor.
Trade-Based Money Laundering (TBML): Laundering through trade mis-pricing or false invoicing. Example: Exporter over-invoices goods to shift value.
Transaction Monitoring System (TMS): Tool detecting unusual activity in real-time. Example: AI-driven alerts for rapid fund movements.
Trust & Company Service Provider (TCSP): Entity forming or managing companies/trusts. Example: Required to identify and report UBOs.
Tipping-Off: Illegal disclosure of a filed or intended SAR. Example: Employee warns customer of ongoing investigation.
U
UBO (Ultimate Beneficial Owner): Natural person owning or controlling entity. Example: Person X owns 80 % via two holding layers.
Unexplained Wealth Order (UWO): Legal tool forcing disclosure of asset source. Example: Court demands explanation for luxury property purchase.
Unusual Activity Report (UAR): Internal escalation prior to STR filing. Example: Analyst raises UAR for cash-intensive NGO.
Upstream Risk: Indirect exposure via parent or supplier relationship. Example: Correspondent bank’s poor AML controls affect respondent.
V
Vendor Due Diligence: Assessment of suppliers’ compliance robustness. Example: Review of KYC vendor’s data-security policy.
Virtual Asset (VA): Digital representation of value, tradable electronically. Example: Bitcoin, stablecoin, or utility token.
Virtual Asset Service Provider (VASP): Entity exchanging, transferring, or safekeeping virtual assets. Example: Crypto-exchange licensed under Malta VFA Act.
Voluntary Disclosure: Self-reporting of compliance breach to regulator. Example: Fintech reports late SAR proactively to FIU.
W
Whistle-Blower: Person reporting internal misconduct. Example: Staff alerts compliance about bribery scheme.
Wire Transfer Rule (Travel Rule): Obligation to include sender/beneficiary data in transfers. Example: Crypto-exchange attaches originator info per FATF Rec 16.
Workplace Fraud: Internal deception for personal gain. Example: Employee falsifies expenses.
Write-Off Fraud: Manipulating bad-debt accounts to conceal theft. Example: Loan officer erases repayments to mask diversion.
X
XML Reporting Format: Standard for automated regulatory submissions. Example: Bank sends STRs to FIU via XML schema.
Y
Yield Fraud: Misrepresenting investment returns to attract funds. Example: Ponzi promoter promises 15 % monthly ROI.
Youth Account Risk: Special AML consideration for minor-linked accounts. Example: Parent uses child’s account to hide deposits.
Z
Zero-Tolerance Policy: Organizational stance refusing non-compliance. Example: Institution terminates any staff proven to tip-off.
Zoning Risk (Financial): Local regulatory or tax-zone variations affecting compliance. Example: Free-zone entity in Dubai reviewed for regulatory arbitrage risk.
1. Risk
Definition & context
Risk in a financial and regulatory setting refers to the possibility of an event or action causing harm (financial loss, regulatory penalty, reputational damage) to an organisation due to uncertain future outcomes.
This domain includes many sub-types of risk: operational, credit, market, conduct, compliance, strategic, reputational, etc.
Practical example: A bank’s process for onboarding clients is weak → the bank exposes itself to money-laundering risk (a type of operational risk) → potential regulatory fines and reputation damage.
Core terms
Operational Risk: the risk of loss resulting from inadequate or failed internal processes, people, systems or external events.
Wikipedia
+1
Example: A system outage prevents detection of suspicious transactions, causing a regulatory breach.
Compliance Risk: the risk of failing to comply with laws, regulations, prescribed practices resulting in fines, contract voids or reputational damage.
NICE Systems
+1
Example: A payments firm doesn't implement screening of high-risk jurisdictions and is fined for sanctions breaches.
Reputational Risk: the risk of loss arising from damage to an organisation’s name, brand, trustworthiness, due to adverse events.
Example: A news story reveals a bank inadvertently handled terrorist-financing proceeds → customers withdraw funds → reputational damage.
Inherent Risk: the level of risk present before controls/mitigations.
Example: A crypto-asset wallet service has high inherent risk because of anonymity and rapid flows.
Residual Risk: the risk that remains after controls/mitigations are applied.
Example: Even after KYC & transaction-monitoring, some laundering risk remains due to new techniques.
Risk Appetite: the amount and type of risk an organisation is willing to accept in pursuit of its objectives.
Example: A global bank may have low risk appetite for sanctions risk, so it imposes strict country blocking-lists.
Risk Assessment: the process of identifying, analysing and evaluating risk.
+1
Example: A FinTech evaluates the risk from new product (buy-now-pay-later) and identifies high credit & fraud risk, so sets stronger controls.
Why this matters
For your training & consulting business, understanding risk terminology helps your clients set up effective frameworks: knowing what risk, how much, how to assess, and how to mitigate.
2. Compliance
Definition & context
Compliance refers to adhering to applicable laws, regulations, standards, internal policies and codes of conduct. In the financial crime space, it’s the discipline ensuring a firm follows AML/CFT, KYC, sanctions, regulatory-reporting rules.
Practical example: A bank must comply with the Financial Action Task Force (FATF) “40 Recommendations” and local laws — failure can lead to penalties and licence loss.
Core terms
Regulatory Compliance: Adherence to laws/regulations set by authorities (e.g., anti-money laundering laws, sanctions laws).
Example: In India, banks must comply with the Prevention of Money‑Laundering Act, 2002 (PMLA) and associated rules.
Compliance Programme / Compliance Framework: The documented set of policies, procedures, controls and governance structures that enable compliance.
+1
Example: A payments issuer establishes an AML policy, appoints a Compliance Officer, conducts training, monitors transactions.
Compliance Monitoring / Testing: Ongoing review to check that controls are working and the firm is complying.
Example: Internal audit reviews whether customer onboarding checks were done correctly in the last quarter.
Regulatory Reporting: The requirement to report to regulators specific activities (e.g., Suspicious Transaction Reports, STRs).
Example: A bank files an STR when a client attempts to transfer large sums to high-risk jurisdictions.
Regulatory Change Management: Processes to monitor and implement evolving laws/regulations and update internal processes accordingly.
Example: When the EU passes a new AML directive, a bank must update its policies, systems and training to reflect the change.
Audit Trail: The documented history of actions, decisions, controls — essential for regulators to see the firm’s compliance efforts.
Example: The KYC system records when identity was verified, by whom, when, what documents were used.
Practical example
Suppose a fintech in Malta launches crypto-wallet services. They must ensure they have a compliance programme covering KYC/EDD, sanctions screening, ongoing monitoring, record retention — if they fail and a sanction list match is missed, they may face regulatory action and reputational damage.
3. Anti-Money Laundering (AML)
Definition & context
AML refers to the set of procedures, laws and regulations designed to prevent criminals from disguising the proceeds of crime as legitimate funds, and to prevent the financing of terrorism (CFT).
Wikipedia
+1
Practical example: A bank identifies a suspicious deposit from a shell company in a high-risk jurisdiction, triggers investigation and reports suspicion to the relevant authority.
Core terms
Money Laundering: The process by which criminals attempt to disguise the proceeds of crime as legitimate funds.
Wikipedia
+1
Example: Drug-traffickers transfer cash via multiple layered transactions to make it appear clean.
Predicate Crime: A crime whose proceeds are laundered (e.g., drug trafficking, fraud, corruption).
NICE Systems
Example: Embezzlement of company funds → injecting into financial system → money laundering.
Transaction Monitoring: Systems and processes to monitor customer transactions to identify suspicious behaviour.
Example: Monitoring for large cash deposits, multiple transfers under thresholds (“structuring”), transfers to/from high-risk countries.
Structuring (Smurfing): Breaking up large transactions into smaller ones to avoid detection/reporting.
Wikipedia
Example: A client deposits INR 4.9 lakh multiple times each just below INR 5 lakh threshold to avoid reporting.
Suspicious Activity Report (SAR) / Suspicious Transaction Report (STR): A report filed when a firm suspects money-laundering or terrorist financing activity.
Example: A bank files an STR when a customer with no business reason suddenly receives and transfers large funds through multiple accounts.
Pillar of AML programme: Internal controls; independent audit; compliance officer; training; customer due diligence.
Example: A bank appoints an AML Compliance Officer, maintains written AML policy, provides annual training to staff.
Sanctions Screening: Checking customers/transactions against sanctions lists (e.g., Office of Foreign Assets Control OFAC, UN lists).
Example: A payments firm screens each incoming beneficiary against global sanctions lists before execution.
Enhanced Due Diligence (EDD): More extensive investigation of higher risk customers/transactions (e.g., PEPs, high-risk jurisdictions).
Example: A bank onboard a Politically Exposed Person (PEP) from a high-risk country; it obtains additional documentation, monitors transaction patterns more closely.
Practical example
A corporate customer opens an account in India, provides minimal information, and soon transfers money abroad through multiple shell entities. The bank’s AML system triggers alerts (structuring, unusual flow). The bank investigates, discovers the ultimate beneficial owner is a sanctioned individual, and files an STR. The AML programme worked. If it had failed, the bank could face regulatory sanctions and reputational damage.
4. KYC / KYB (Know Your Customer / Know Your Business)
Definition & context
This domain covers the processes by which financial institutions (and other regulated entities) verify the identity of their customers (individuals and legal entities), assess risk, and gather necessary information and documentation. For businesses, the equivalent is KYB (Know Your Business).
Practical example: Before opening an account, the bank requests documents from the individual (passport, address proof) and for the company (registration certificate, shareholder structure) to understand ownership and control.
Core terms
Know Your Customer (KYC): The process of verifying the identity of individuals, understanding the nature of the customer’s activities, and assessing risk.
Alloy
+1
Example: A bank collects passport copy, utility bill, obtains source of funds declaration from a new personal client.
Know Your Business (KYB): The business equivalent — verifying legal entity, structure, beneficial owners, nature of business, verifying control.
NorthRow
+1
Example: A payments company clients onboard a corporate; they check its country-of-incorporation, registration number, list of shareholders owning > 25 %, verifying beneficial owner through corporate registry.
Customer Due Diligence (CDD): The process of gathering information and verifying identity, assessing customer risk at onboarding and ongoing.
First AML
Example: Standard CDD might involve collecting ID, validating address, assessing risk profile; enhanced due diligence if high risk.
Enhanced Due Diligence (EDD): Deeper investigations for high-risk clients (e.g., PEPs, high-risk jurisdictions, complex ownership).
Example: A crypto exchange onboarding a high-net-worth PEP from a sanctioned country must get extra details, monitor transactions closely.
Ultimate Beneficial Owner (UBO) / Beneficial Ownership: The person(s) who ultimately own/control a legal entity or arrangement.
First AML
+1
Example: A company register shows Director A owns 10 %, B owns 10 % — but a trust holds 80 % for Person X. Person X is the UBO and must be identified.
Politically Exposed Person (PEP): An individual who is or has been entrusted with prominent public functions, and their close associates and family, who may pose higher money-laundering risk.
Example: A bank identifies a new customer who is a senior government official in a foreign country → applies EDD measures.
Adverse Media / Negative News Screening: Checking customers or businesses for negative press, allegations of criminal activity, sanctions, etc.
Alloy
+1
Example: A firm checks media databases, finds a founder of a corporate client was previously linked to fraud → flags for further review.
Source of Funds / Source of Wealth: Evidence of where the funds come from (funds) and how the person acquired their overall wealth (wealth).
Example: A high-net-worth individual opens an account; the bank requests tax return, proof of business sale to verify valid source of wealth.
Practical example
A start-up registers in Malta and approaches your consultancy (AML Custodians) for onboarding as a client bank. The bank performs KYB: obtains company registration, checks shareholders, identifies UBOs, screens against sanctions lists and adverse media. They find one shareholder is a PEP in a high-risk jurisdiction — the bank applies EDD, sets transaction monitoring triggers, and retains documentation for 5 years.
5. Financial Crime (FinCrime)
Definition & context
Financial Crime refers to a broad range of criminal activities that affect the financial system: money-laundering, terrorist financing, fraud, bribery & corruption, insider trading, market abuse, sanctions evasion. The objective is to detect, prevent, investigate and report these crimes to safeguard financial integrity.
NICE Systems
+1
Practical example: A criminal network uses trade-based money-laundering (over-invoicing import/exports) and moves illicit proceeds through shell companies in multiple jurisdictions.
Core terms
Terrorist Financing (TF / CFT): The provision or collection of funds with the intention that they be used to carry out terrorist acts.
Example: A payment processor notices multiple transfers to a known charity in a sanctioned country; further review reveals funds diverted to a terror group.
Bribery & Corruption (ABC): Offering, giving, receiving or soliciting of something of value to influence an official or business outcome.
Example: A procurement officer in a public entity receives kickbacks; company’s funds are disguised via third-party invoices.
Fraud: Intentional deception to secure unfair or unlawful financial gain.
Example: Identity theft used to obtain a loan, which is then diverted overseas.
Trade-Based Money Laundering (TBML): Use of international trade to disguise proceeds of crime through mis-invoicing, over-or-under-shipment, multiple invoicing.
Example: An export company invoices at higher price than actual and uses the excess to move illicit funds from Country A to Country B.
Sanctions Evasion: Activities intended to avoid or circumvent economic sanctions imposed by governments/organisations (e.g., UN, EU, US OFAC).
Example: A firm uses intermediary companies outside sanction-list to import goods from a sanctioned country, disguising ultimate origin.
Insider Trading / Market Abuse: Use of confidential information or manipulation of markets to gain illicit advantage.
Example: A senior banker uses non-public information about an upcoming merger to trade ahead of time.
Predicate Offence: A crime that generates illicit proceeds which may then be laundered.
Example: Drug trafficking proceeds are a predicate offence to the money-laundering process.
Typologies: Recognised patterns of how financial crime is committed (e.g., layering, trade mis-invoicing, shell companies).
Example: A bank note multiple small deposits in different branches (structuring) as a typology of money-laundering.
Practical example
A wealth-management firm in India engages your consultancy to strengthen its FinCrime framework. Your team maps key typologies: fraud (loan stacking), TBML (client imports goods at inflated value), PEP corruption (client connected to public office). They implement controls: transaction monitoring rules, sanctions screening, whistle-blowing hotline, training for staff on FinCrime risks.
6. Legal & Regulations
Definition & context
This domain concerns the legal frameworks, legislation, regulatory bodies and international standards that govern risk, compliance, AML, KYC/KYB, and financial crime across jurisdictions. Understanding these is critical for compliance professionals, consultants and clients operating globally.
Practical example: An entity operating in Malta and India must understand local AML laws (Malta’s Financial Crime Act, India’s PMLA) and international standards (FATF, EU AMLDs).
Core terms
Regulation / Directive / Act / Law: Legal instruments enacted by jurisdictions that regulate behaviour.
Example: The Fifth Anti‑Money Laundering Directive (5AMLD) in the EU sets minimum AML requirements for member states.
+1
Regulator / Supervisory Authority: Government or statutory body that enforces laws, monitors compliance, conducts inspections, levies penalties.
Example: In the UK, the Financial Conduct Authority (FCA) supervises AML compliance in financial firms.
International Standard-Setting Body: Organisations that set global standards for AML/FinCrime, e.g., the Financial Action Task Force (FATF).
Example: FATF issues its “40 Recommendations” which countries adopt into their national laws.
Sanctions Regime: Legal restrictions imposed on countries, entities or individuals (assets freeze, trade embargoes) by governments/international bodies.
Example: US OFAC sanctions on certain individuals/countries mean banks must block transactions with those names.
Beneficial Ownership Register / UBO Register: A governmental or corporate register listing ultimate beneficial owners of legal entities, to enhance transparency.
Example: Many EU countries now require companies to file beneficial-ownership information to a central public register.
Legal Person / Legal Entity: A corporation, partnership, trust or other entity that is recognised by law as having rights and responsibilities.
Example: A limited liability company incorporated in Malta is a legal entity; the bank must identify the UBOs behind it.
Penalties / Sanctions / Enforcement Action: Consequences for non-compliance with laws/regulations (fines, business restrictions, criminal charges).
Example: A major global bank was fined hundreds of millions of dollars for AML failures.
Jurisdiction Risk / High-Risk Jurisdiction: A country or territory assessed to have weak AML/CFT regime, high corruption, inadequate regulation.
Example: A bank treats a client from a high-risk jurisdiction with enhanced monitoring measures and may impose restrictions.
Record Retention / Statute of Limitations: Legal requirements for how long a firm must keep records and documentation.
Example: In many jurisdictions, banks must keep customer records, transaction logs for at least five years after account closure.
Practical example
Your client is establishing an EU-based fintech in Malta. You advise them on Malta’s AML legislation (Financial Crime Act), the EU’s AML directives, the need to register and report beneficial ownership, implement sanctions-screening per EU/UN lists, and ensure their cross-border business (with India) accounts for the Indian PMLA regime.
7. Additional/Supporting Terms (Cross-domain)
Here are a few important terms that span multiple domains and are worth including in your umbrella glossary:
KYTC (Know Your Transaction/Customer): Monitoring and understanding the nature and purpose of transactions, ongoing due diligence.
CDD (Customer Due Diligence): Covered earlier, reduces risk exposure by verifying and assessing customers.
EDD (Enhanced Due Diligence): Also covered above.
Sanctions List / Watch-List: Lists maintained by governments/international bodies of individuals/entities subject to restrictions.
Shell Company: A legal entity with no active business operations or significant assets, often used to obscure beneficial ownership or launder funds.
Example: A shell company incorporated in a secrecy jurisdiction invoices another company for phantom services to move illicit money.
High Risk Customer / High Risk Jurisdiction: Customer segment or country with elevated risk of money-laundering/terrorist financing.
PEP (Politically Exposed Person): Covered earlier.
Transaction Laundering: When illicit funds are processed through legitimate transactions (e-commerce, merchant accounts) to obfuscate the origin.
Vendor/Supplier Due Diligence: Check of third-party suppliers/vendors to ensure they don’t introduce risk (e.g., bribery, sanctions, etc.).
Example: A bank onboarding a service provider ensures the vendor is not on sanctions list and has no adverse media.
Audit Trail / Forensic Audit: Covered earlier; important for compliance verification and investigations.
Governance: Structures and processes for decision-making, risk oversight, accountability in firms.
Example: The board reviews AML-risk reports quarterly, ensures independence