The ABC’s of AML: Glossary of compliance terms

If you’re at an early-stage fintech company with a leadership team that doesn’t have a regulatory background, wrapping your head around requirements can be one of the biggest and most important challenges you first face. The financial services industry — and the tight regulations that come along with it — are new territory but, with the threat of fraud and significant fines for not complying with AML regulations, it’s something you’ll need to learn quickly.

You may not know your KYB from your KBA just yet, but don’t worry; we have your back. Here’s Alloy’s cheat sheet of common terms you’ll hear when focusing on AML compliance:

Adverse action notice
The notice you are obligated to provide to someone if you deny their application based on their credit information. More info on adverse action notice here

Adverse media / Negative news
Information gleaned from public and private sources that may include information about the professional reputation of the applicant, allegations of criminal activity, and other types of negative press.

Alerts
This refers to the results of boolean statements in the workflows that can be used to drive subsequent actions in the workflow or as containers of business logic that the evaluation triggered (commonly used to indicate which rules got triggered).

Anti-money laundering (AML)
The concept that refers to the laws or practices to prevent or identify individuals performing money-laundering activities.

AML Compliance Officer
Individuals responsible for the creation and maintenance of an AML compliance program.

Alternative remittance system (ARS)
Services typically operating outside the regulated financial spaces that are responsible for moving money from one geographical location to another.

Application programming interface (API)
Any mechanism that allows computer systems to talk to each other. Alloy, for example, has an "evaluation" API, which third-party engineers can make requests to.

Audit
An investigation by a third party to ensure a financial institution is abiding by AML/compliance laws.

Batch processing
The processing of account activity data in groups, rather than individually in real-time.

Beneficiary
The party that is on the receiving end of a transaction, who is ultimately benefiting from the transaction.

Beneficial ownership
The person or persons who ultimately own a legal entity or arrangement.

Case management system
The technology that helps fraud, risk, and compliance teams review applications, investigate suspicious activity, collaborate with team members, and complete regulatory filings (if needed).

Cash-intensive business
Any business that primarily deals in physical cash when performing transactions, such as coin-operated machines.

Check/cheque kiting
A form of check/cheque fraud that takes advantage of the float to use the non-existing funds in a bank account.

Controller
The Controller, also known as a Principal, is defined as an individual or individuals with significant responsibility to control, manage, or direct a legal entity or account. Controllers may include a director, corporate officer, or trustee.

Counterparty
The party that is on the sending side of a transaction, which could be the customer or a merchant depending on the flow of funds. Learn more about counterparties and how to stay compliant here

Counter-terrorism financing (CTF)
Set of government laws and regulations seeking to prevent funding of activities that the government designates as terrorists.

Currency smuggling
The illegal movement of large quantities of cash across geographical borders.

Customer Due Diligence (CDD)
The processes designed to perform the necessary checks on any customer to ensure the legitimacy and understand risks associated with retaining the customer.

Customer Identification Document (CID)
Documentation confirming an applicant's identity (i.e., passport, driver’s license, government-issued I.D.).

Customer Identification Program (CIP)
A requirement by certain governments that financial institutions need to verify the identity of individuals wishing to conduct financial transactions with them. CIP is more generally known as KYC. The CIP must be incorporated into the bank's AML compliance program.

Delisting
The removal of a target from a sanctions list after the appropriate sanctions have been lifted.

Document verification (Doc-V)
A process utilized during identity verification to confirm whether official documents — such as a driver’s license, passport, bank statement, etc. — are authentic or not.

Electronic Identity Verification (eIDV)
eIDV is a way of confirming an individual’s identity online, usually through a combination of public information and private databases.

Embezzlement
The misuse of funds placed in an individual’s trust or that belong to their employer.

Enhanced Due Diligence (EDD)
A process that calls for additional measures above CDD aimed at identifying and mitigating the risk posed by higher-risk customers.

Financial Action Task Force-Style Regional Body (FRSB)
Chartered by a group of nations to form an affiliated global network in combating money laundering and terrorist financing.

FRAML
A growing trend in financial institutions to view the approaches to managing fraud and anti-money laundering holistically in order to better mitigate financial risk within the organization.

Investigation
The process of performing due diligence in response to an alert raised for a customer by obtaining, evaluating, and storing any information, docs, or other research; this may also lead to escalation for enhanced due diligence (EDD).

Identity verification (IDV)
Mechanism to ensure that the customers a business is interacting with are who they say they are.

Informal value transfer system (IVTS)
A network that receives money for the purpose of making those funds available to a third party in a different geographical location.

Know Your Business (KYB)
An AML regulation that requires financial institutions to verify the identity of the ultimate business owner of a company. Learn more about KYB here

Know Your Customer (KYC)
An AML regulation that requires financial institutions to verify the identity of their customers. Learn more about KYC here

Know Your Transaction (KYT)
The process of monitoring every customer transaction to make sure it is not fraudulent.

Knowledge-based authentication (KBA)
A method of authentication that asks the user to answer at least one question to verify their identity (e.g., “what street did you grow up on?). Learn why you should *not* rely on KBA to prevent fraud here

Money Laundering Reporting Officers (MLRO)
An employee who oversees a firm's compliance with the regulations on money laundering.

Money laundering
Concealing the source, movement, or usage of funds that are derived from illicit sources in an effort to make them appear legitimate.

Money mule
A person who moves money that was illegally acquired.

Money services business (MSB)
Any person or business doing cash-related activities such as currency exchange, issuing traveler’s/cashier’s checks/cheques, money transmission.

Ongoing fraud monitoring
The process of observing ongoing financial and account activity to detect and prevent fraudulent activity. Learn more about ongoing fraud monitoring here

Organized criminal groups (OCGs)
Often responsible for money laundering, including cash-based money laundering.

Perpetual KYC
The process of automating recurring KYC, KYB, and sanctions checks based on specific rules or “triggers” instead of at periodic intervals. Also known as continuous KYC, ongoing KYC, or simply “pKYC.” Learn more about perpetual KYC here

Personally identifiable information (PII)
Any data that could potentially identify a specific individual. E.g., social security number, government-issued identification, birth date, birthplace, address, etc.

Politically Exposed Person (PEP)
A PEP is an individual who has been entrusted with prominent public functions in a foreign country, such as a head of state, senior politician, senior government official, judicial or military official, senior executive of a state-owned corporation or important political party official, as well as their families and close associates.

Potential Suspicious Activity Report (PSAR)
A PSAR (which are primarily applicable for fintechs with a backing bank) is a filing the fintech company’s compliance manager provides to their backing banks to advise the bank to file a SAR (without doing it themselves).

Relative and close associates (RCAs)
A person that is considered to be a politically exposed person (PEP) because of their close proximity to another person on a PEP list.

Reporting entity
Any entity on which individuals rely on for financial services and which is obligated to report on a specific activity, such as MSBs, insurance companies, and securities dealers.

Risk-based approach (RBA)
An approach to compliance and fraud risk management where a bank or fintech continuously monitors a customer’s evolving risk level to inform which additional layers of compliance and fraud checks to impose on them.

Sanctions
Ways to restrict or control organizational behavior due to societal, economic, or political issues.

Sanctions compliance officer (SCO)
Member of the organization who is responsible for overseeing the sanctions compliance program.

Sanctions compliance program (SCP)
A mechanism to assist financial institutions in their sanctions screening and managing the associated risk.

Sanctions screening
An AML control that banks and fintechs are obligated to perform to ensure they are not doing business with any individuals or corporations on sanctions watchlists. Learn more about how to stay compliant with sanctions screening obligations here

Smurfing
A money laundering technique by using multiple transactions or individuals to conceal the movement of funds that would exceed reporting thresholds.

Source of Funds (SOF)
Describes the origin of a customer’s funds that are being transferred into a given account, i.e., the name of the institution from which funds are expected and the type ACH, wire transfer, etc.

Special interest entity (SIE)
Organizations that are deemed high-risk and either are or suspected of being involved in criminal activity.

Special interest person (SIP)
Similar to PEP, sanctioned individuals that present a higher risk of money laundering.

Step-up verification
An additional identity verification step that you only present to high-risk customers if they trigger certain risk thresholds during onboarding or ongoing monitoring.

Structuring
Distribution of funds into smaller amounts to bypass reporting requirements (smurfing is a method to structure funds).

Suspicious Activity Report (SAR)
Government filing required by FIs whenever they identify suspicious activity, often done after performing an investigation into the transactions/activity that alerted.

Trade-based money laundering (TBML)
Using trade activity to disguise proceeds originally obtained from crime or other illegal activity.

Transaction monitoring
The process of looking at financial account activity — including customer transactions, money transfers, ATM withdrawals, etc. — against a set of rules to determine if the event or transaction should be approved, further investigated, reported, or denied. Transaction monitoring helps banks and fintechs prevent money laundering, fraud, terrorist financing, identity theft, drug trafficking, and other illegal activity. Learn more about transaction monitoring here

Ultimate Beneficial Owner (UBO)
The UBO is the person or persons who have significant ownership of an account through which the transaction is happening. Learn more about beneficial owners here

Watchlists
Watchlists are lists of sanctioned entities — including people and businesses — suspected of being money launderers, terrorists, fraudsters, human/drug/arms traffickers, or politically exposed persons (PEPs).

US AML Regulations, Associations, and Regulatory Bodies

ACAMS - Association of Certified Anti-Money Laundering Specialists
International membership organization comprising of public and private sectors dedicated to the identification and prevention of money-laundering activities. Learn more about ACAMS

Anti-Money Laundering Act of 2020 (AMLA)
Legislation passed by Congress with sweeping legislative changes to the Bank Secrecy Act (BSA). Learn more about AMLA

Bank Secrecy Act (BSA)
The main U.S. anti-money laundering regulatory act (Title 31, U.S. Code Sections 5311- 5355) that was enacted in 1970 and set standards for money laundering reporting and record-keeping for financial institutions. For a full KYC/AML compliance timeline over the years, click here.

Currency transaction report (CTR)
A report that all FIs are required to file with FinCEN for any transaction that exceeds $10,000.

Denied persons list (DPL)
A list of individuals and organizations whose export privileges have been restricted by the US Department of Commerce.

Egmont Group of Financial Intelligence Units
International organization facilitating the secure exchange of financial intelligence. Learn more about Egmont Group

Establishing New Authorities for Businesses Laundering and Enabling Risks to Security (ENABLERS) Act
A law that was introduced in 2021 to close gaps in the BSA and Patriot Act by extending AML requirements to professional service providers involved in financial transactions — most notably third-party payment service providers and including some fintechs.

FATF - Financial Action Task Force
Intergovernmental association developed by the G7 countries to develop strategies to combat money laundering. Learn more about FATF

Financial Action Task Force (FATF) 2018 Mutual Evaluation Report

The Financial Action Task Force is an intergovernmental watchdog responsible for producing international standards to combat money laundering, terrorism financing, and more. Their Mutual Evaluation Report is a review of the effectiveness of the country's AML/CFT system. Learn more about FATF’s Mutual Evaluation Report here

FinCEN - Financial Crimes Enforcement Network
A part of the United States Department of Treasury focused on analyzing financial information to combat money laundering and terrorist financing. Learn more about FinCEN

Foreign Bank and Financial Accounts Report (FBAR)
FinCEN form 114 that must be filed if the individual’s foreign financial accounts’ values exceed $10,000.

OCC - Office of the Comptroller of the Currency
A part of the United States Department of Treasury, ensuring the proper and safe access to financial services by banks and other financial institutions. Learn more about OCC

Office of Foreign Assets Control (OFAC)
The Office of Foreign Assets Control is a financial intelligence and enforcement agency of the U.S. Treasury Department. It administers and enforces economic and trade sanctions in support of U.S. national security and foreign policy objectives.

Patriot Act
The Patriot Act was passed in 2001 in response to the 9/11 terrorist attacks and required banks to establish more robust AML programs and perform customer due diligence, including KYC and KYB checks, to prevent financial crimes such as terrorist financing, human trafficking, and money laundering. For a full KYC/AML compliance timeline over the years, click here

Specially Designated Nationals (SDNs)
The Specially Designated Nationals and Blocked Persons List, also known as the SDN List, is a United States government sanctions/embargo measure targeting U.S.-designated terrorists, officials and beneficiaries of specific authoritarian regimes, and international criminals (e.g., drug traffickers).

Wolfsberg Group
A group of 12 international banks to develop industry standards for global anti-money laundering activities. Learn more about Wolfsberg Group

UK/EU AML Regulations, Associations, and Regulatory Bodies

European Banking Authority (EBA)
The European Banking Authority (EBA) is an independent EU Authority that works to ensure effective and consistent prudential regulation and supervision across the European banking sector. Learn more about EBA

European Financial and Economic Crime Center (EFECC)
The EFECC provides support to Europol partners and Member States to prevent and combat financial and economic crime, including money laundering, corruption, and fraud that target consumers as well as businesses and countries. Learn more about EFECC

Fifth EU Anti-Money Laundering Directive (5AMLD)
A directive to improve the European Union’s (EU) legal framework to prevent money laundering and terrorist financing. Although the UK is no longer part of the EU, the UK agreed to pursue this directive. Learn more about 5AMLD

FATF - Financial Action Task Force
Intergovernmental association developed by the G7 countries to develop strategies to combat money laundering. Learn more about FATF

Financial Action Task Force (FATF) 2018 Mutual Evaluation Report
The Financial Action Task Force is an intergovernmental watchdog responsible for producing international standards to combat money laundering, terrorism financing, and more. Their Mutual Evaluation Report is a review of the effectiveness of the country's AML/CFT system. Learn more about FATF’s Mutual Evaluation Report here

Financial Conduct Authority (FCA)
Regulates the UK financial services industry and is responsible for anti-money laundering regulations. Learn more about the FCA

Her Majesty's Revenue & Customs (HMRC) Money Laundering Regulations
Regulations for anti-money laundering that apply to certain institutions, particularly those not supervised by The Financial Conduct Authority (FCA) or another supervisory authority. Learn more about HMRC Money Laundering Regulations

Her Majesty's Treasury (HMT)
HMT includes the Office of Financial Sanctions, which is responsible for imposing sanctions, maintaining the HMT Financial Sanctions List, and examining organizations' AML compliance. The Office of Financial Sanctions Implementation (OFSI) is also part of HMT and is responsible for enforcing financial sanctions. Learn more about HMT

MONEYVAL
MONEYVAL is the shortened name for The Committee of Experts on the Evaluation of Anti-Money Laundering Measures and the Financing of Terrorism. This is a monitoring body of the Council of Europe, responsible for assessing compliance with international standards to counter money laundering. Learn more about MONEYVAL

National Crime Agency (NCA)
The leading UK agency against organized crime, including fraud, money laundering, illicit finance, bribery, corruption, sanctions evasion, drug trafficking, cybercrime, and more. Learn more about NCA

(The Revised) Payment Services Directive (PSD2)
European regulation for electronic payment services. Updated guidance from the original Payment Services Directive (PSD), in particular, to account for the increase in online payment fraud and the growth of APIs. Learn more about PSD2

Proceeds of Crime Act (POCA)
POCA is UK law that allows for the confiscation or recovery of the proceeds from crime and contains the principal money laundering legislation in the UK. Learn more about POCA

Sixth Anti-Money Laundering Directive (6AMLD)
The most recent update to the EU’s anti-money laundering (AML) and counter-terrorism financing (CTF) regulations. The update includes the extension of criminal liability for money laundering to cover corporate persons. Learn more about 6AMLD

UK’s Anti-Money Laundering and Countering the Finance of Terrorism (AML/CFT) Supervision Report
An annual report on AML and CTF supervision, outlining supervisory and enforcement data on both the statutory and Professional Body Supervisors. It highlights any notable changes in supervisory activity and any fines that supervisors have issued. Learn more about the UK’s AML & CFT Supervision 2019-2020 report

UK’s National Risk Assessment (NRA)
An annual process to identify all the major national threats that may significantly impact the UK for the next five years. Learn more about NRA