Compliance Glossary

An Anonymous Account is one for which the financial institution holds no records concerning the identity of the account holder. Most jurisdictions now prohibit the use of anonymous accounts with firms required to identify and verify the person or organisation setting up the account to prevent money laundering.

The systems and controls that firms put in place in order to prevent, detect and report bribery and corruption.

The systems and controls that regulated firms are required to put in place in order to prevent, detect and report money laundering.

Negotiable instruments that provide ownership in a company to the person who possesses the bearer share certificate. Issuers of bearer shares have no register of shareholders and the certificate is the only evidence of ownership.

The natural person(s) who ultimately owns or controls an asset, or on whose behalf a transaction is being conducted. On occasions, particularly with offshore entities, the identity of the beneficial owner may not be disclosed in the public domain.

In the context of trusts, the beneficiary is the person(s) entitled to the benefit of the trust arrangement. A beneficiary can be a natural or legal person.

Bribery is a form of corruption which refers to an individual giving, offering, promising or accepting anything of value with the intention of influencing the action of another person to discharge their duties in a way that gains some form of advantage, such as winning a contract.

An abbreviation for the UK Financial Conduct Authority’s Client Assets Sourcebook which contains rules that apply whenever a firm holds or controls client money or safe custody assets as part of its business.

Under the UK Financial Conduct Authority’s Senior Managers and Certification Regime, a certified function is broadly an employee who is not a senior manager and whose role means it's possible for them to cause significant harm to the firm, its customers or the market more generally.

Under the UK Financial Conduct Authority’s Senior Managers and Certification Regime, a certified person is an employee of an authorised firm who has been certified fit and proper to fulfil a Certified Function.

Firms have to certify on an annual basis that those occupying certification functions remain fit and proper (sometimes abbreviated to F&P) to perform their role.

Money which a firm holds or receives for or on behalf of a client. The definition of client money is set out in CASS.

An abbreviation for the UK Financial Conduct Authority’s Code of Conduct Sourcebook which contains the conduct rules that individuals within financial services are required to adhere to.

A Code of Conduct is a central guide or policy within an organisation that outlines the firm’s expectations of behaviour for its workforce. The UK Financial Conduct Authority’s Code of Conduct Sourcebook includes the conduct expectations for individuals within financial services.

A firm’s Code of Ethics sets out the behavioural expectations for employees. A Code of Ethics is similar to a Code of Conduct, but typically embraces deeper coverage of ethical issues such as health & safety, harassment and discrimination.

A Compliance Framework is a set of guidelines that outlines how a firm ensures it is acting in accordance with policies, enforcements, laws and regulations, and consists of a range of documents including policies, controls, mission statements and regulatory mandates.

Compliance Monitoring refers to the quality assurance tests that firms use to assess whether its business operations meet regulatory requirements and internal obligations.

Compliance Risk is a firm’s exposure to legal or regulatory sanctions, material financial loss or reputational damage when the firm, its employees or associated persons fail to comply with internal or external policies, laws and regulations.

A Conflict of Interest occurs when competing obligations, interests, motivations or actions may damage the interests of a client, investor or other stakeholder.

Corporate Governance is the system by which companies are directed and controlled. Boards of directors are responsible for the governance of their companies. The shareholders' role in governance is to appoint the directors and the auditors and to satisfy themselves that an appropriate governance structure is in place.

Corporate Social Responsibility is the obligation of firms around their impact on society, the environment and the economy. Corporate Social Responsibility can include giving back through donations to charities, employee volunteering, and more.

The provision of banking services, such as international wire transfers, cheque clearing, payable-through accounts and foreign exchange services, by one bank (the correspondent bank) to another bank (the respondent bank).

The term corruption is used to broadly describe bribery, fraud, extortion, money laundering, deception and collusion.

The systems and controls that regulated firms are required to put in place in order to prevent, detect and report the financing of terrorism. Alternatively referred to as Countering the Financing of Terrorism (CFT).

The systems and controls that regulated firms are required to put in place in order to prevent, detect and report the financing of terrorism. Alternatively referred to as Countering Terrorist Financing (CTF).

A counterparty is the opposite party in a financial transaction or contract.

The process by which a firm gathers sufficient information regarding a customer to enable it to adequately assess the potential AML & CFT risks the customer poses. It is often referred to within the industry as know your customer/client (KYC), although CDD tends to relate specifically to AML, whereas the term KYC may also be used where the firm is required to gather information regarding a client prior to providing a service (such as investment advice) to the client.

Customer Risk Assessments are used to evaluate the potential risks associated with a customer. In the context of money laundering customer risk assessments, various risk factors are usually considered, including those related to customers, geography, products and services, transactions, and delivery channels.

Cyber security refers to the systems and controls that are used to protect individuals and organisations from the risk of cyber-attack. These controls include technology-based controls as well as training staff to understand, recognise and avoid attempted cyber attacks.

In the context of data protection legislation, ‘data processing’ is defined very widely and includes any operation performed on personal data, either manually or electronically such as sorting, organising and analysing the data.

In the UK, the collection, use, storage and disposal of personal data by organisations is controlled by The Data Protection Act 2018, under the UK General Data Protection Regulation (UK GDPR). This sets out a number of principles, rights and obligation that apply to the processing of personal data.

An enhanced form of customer due diligence (CDD) that must be adopted when the firm has ascertained that the customer poses a higher risk of money laundering. It typically requires the collection of additional documentation, or further verification checks.

Environmental, Social & Governance are non-financial factors that are increasingly used to evaluate corporate behaviour and sustainability.

These performance indicators can include a diverse range of factors including: waste, pollution, energy efficiency, employee relations, diversity, health & safety, corruption and bribery. Investments made after careful consideration of ESG factors are often referred to as responsible or sustainable investments.

An inter-governmental organisation founded by the G7 in 1989 to develop a global set of standards to combat money laundering. FATF is based in Paris, France. The FATF Recommendations are the internationally endorsed global standards against money laundering and terrorist financing that increase transparency and enable countries to successfully take action against illicit use of their financial systems.

In addition to setting standards, FATF issue papers related to Anti-Money Laundering, Countering Terrorist Financing and various typologies. On a ten-year cycle, FATF carries out Mutual Evaluation Reviews in individual countries in order to evaluate the country’s compliance with the recommendations and to assess the effectiveness of that compliance.

The Financial Conduct Authority (FCA) is the conduct regulator for around 51,000 financial services firms and financial markets in the UK. It was established on 1 April 2013, taking over responsibility for conduct and relevant prudential regulation from the Financial Services Authority (FSA). It works alongside the Prudential Regulation Authority (PRA), the prudential regulator of around 1,500 banks, building societies, credit unions, insurers and major investment firms.

The Financial Action Task Force recommends that each country should establish a Financial Intelligence Unit (FIU) – a national central authority to receive, analyse and act upon suspicious activity reports and deal with AML matters.

Financial promotions are essentially advertisements and other communications that offer financial services and products. Financial promotions can take a variety of forms such as websites, social media posts, tweets, etc. They must be fair, clear and not misleading, so that consumers can make informed decisions.

A shell company or subsidiary may be intended to shield the owners from liability or scrutiny. Such a company may be used for organised crime or other illegal activities.

The General Data Protection Regulation (GDPR) allows individuals to have more control over their personal data. The legal framework applies to UK and EU businesses and includes regulations on how businesses store, use and process personal data.

Information Security Awareness is when a firm raises awareness of the potential growing and evolving risks around information that allow individuals and businesses to put measures in place to protect data and prevent or reduce its misuse or cause damage to an individual or business, whether accidentally or deliberately.

The third and final part of the money laundering process. Following the placement and layering stages, at the integration stage the funds that were the proceeds of crime are fully integrated into the financial system and are now perceived as ‘clean’. Such funds can be used without suspicion, since it is difficult (if not impossible) to link them back to the original criminal activity.

A Kickback is a term used for negotiated bribery in exchange for preferential treatment. It is an illegal payment of compensation or payment of receiving improper services.

The activities that financial institutions must perform to ascertain relevant information about their clients for the purpose of doing business with them. In the context of AML, the term is often used interchangeably with customer due diligence (CDD) but KYC also applies in the context of the provision of certain services. For example, firms are typically required to gather certain information from a client prior to providing investment advice.

Understanding your customers business is a part of Customer Due Diligence and is a requirement under Money Laundering Regulations. The term Know Your Customers’ Business goes beyond Know Your Customer and refers to understanding a customers’ business to help detect the risk of money laundering or other illegal activity.

The due diligence activities (such as pre-employment checks) performed by a firm on its employees.

The second stage of the three stages of the standard laundering process model. The proceeds of crime which have been introduced into the financial system (possibly via the placement stage) are disguised by the use of multiple transactions, or by other techniques, which are intended to make it increasingly difficult to link the funds to the original criminal activity.

This may involve, for example, the transfer of funds between different accounts and currencies, the use of trade finance, or buying/selling assets such as shares or bonds.

Once the link to the original criminal activity has been removed, the money laundering has reached the integration stage.

In the context of compliance, management information (MI) is data that firms should gather and use to monitor customer treatment, expectations and outcomes.

MI can come in many different forms (such as compliance reports, customer feedback, file reviews, register of business won or lost, and training and competence records) and it should enable firms to analyse trends, helping to forecast the future and solve any identified problems.

Market Abuse is a broad term that includes a variety of financial crimes such as insider dealing and market manipulation. In the UK, the FCA requires firms to have safeguards in place to identify and reduce the risk of market abuse and the FCA has powers and responsibilities for preventing and detecting market abuse.

Money Laundering is the process by which criminals attempt to hide and/or disguise the origins of the proceeds of crime.

A bank account which has a number, rather than the name of the account holder, as its title. As a result, the account owner will not be identified in account documentation. The account is not anonymous, since banking regulations typically require the bank to know the identity of the client (in line with normal Customer Due Diligence).

A bank that is domiciled in an offshore financial centre and conducts business with non-residents of that jurisdiction. In some cases, they have no physical presence in the jurisdiction and are subject to limited regulation. Such banks are often perceived as a vehicle for money laundering, although there are many legitimate offshore banks.

The processes and procedures that need to be performed before a client can trade or buy services from a financial institution. For example, the completion of CDD/KYC and agreement on terms of businesses.

Personal data is data in relation to an identifiable individual. It is common for businesses and other organisations to hold data about individuals such as names and addresses, emails, phone numbers, bank account and credit card details, and health information. Data protection law and regulations aim to safeguard this data to prevent it from being misused, keeping it private.

This is the initial stage of the standard money laundering process model: the model assumes that the proceeds of crime are introduced at this stage into the financial system.

This is typically achieved by disguising the funds as legitimate – for example, as the proceeds of business activities.

The next two stages of a successful money laundering operation are layering and integration.

However, it is worth noting that successful money laundering may also involve the use of legally acquired money, which is already in the financial system, but which is then used to commit a crime. In such a situation the placement stage does not form part of the money laundering process.

An individual who holds senior public office or other prominent function, or who has a close association with such a person. By virtue of their position PEPs are arguably more susceptible to bribery, corruption and the misuse of state funds and therefore pose a higher risk of money laundering. As a result, additional obligations (such as enhanced due diligence) typically apply when a firm has dealings with a PEP.

In simple terms Prudential Regulation is about setting rules that make it unlikely that a financial services firm, such as a bank, will collapse unable to repay its debts. So, prudential rules require financial firms to hold sufficient capital and have adequate risk controls in place to reduce this likelihood to acceptable levels.

The Prudential Regulation Authority (PRA) is part of the Bank of England and, alongside the FCA, is one of two financial services regulators in the UK. The PRA supervises around 1,500 financial institutions including banks and insurance companies.

Risk Assessment refers to a firms’ best practices and procedures that are in place to identify and analyse potential threats or loss to customers and the business. This then helps put measures in place to minimise or remove the level of risk as necessary. A Risk Assessment is step one of creating a Risk Assessment Framework.

A Risk Assessment Framework is key for firms who want to protect their business against losses and risk. It is a structured process that helps to identify, measure, manage and report the impact of risks.

The evaluation of a firm’s vulnerability and the potential future loss a firm can face as a result of specific activity or an event is known as Risk Exposure. It is the measure of assessing possible future losses that might arise from various sources like property loss or damage, changes in consumer demand, unexpected employee turnover etc.

A risk-based approach is considered by the Financial Action Task Force (FATF) to be the basis for effective implementation of AML controls. Under such an approach countries, competent authorities and reporting entities (including financial institutions) are expected to identify, assess and understand the money laundering/terrorist financing risks they are exposed to so that they can develop the appropriate measures to mitigate these risks.

Sanctions are restrictive measures applied by one country to other countries, entities or individuals. There are three types of sanctions that are more commonly used; economic sanctions, diplomatic sanctions and military sanctions.

• Economic sanctions: Commercial and financial penalties such as, asset freezing, levying import duties on goods, restricting exports, restricting trade or refusing to trade with a state, banning investments and targeting companies from a state.

• Diplomatic sanctions: political measures that aim to demonstrate displeasure with or disapproval of certain actions, stopping short of taking economic or military steps, such as reducing or removing diplomatic ties by, for example, closing a state’s embassy.

• Military sanctions: military interventions, ranging from arms embargoes to air strikes and full-scale attacks.

Under the UK Financial Conduct Authority’s Senior Managers and Certification Regime (SMCR), the most senior people at a firm are the senior managers that perform key roles known as Senior Management Functions. Senior managers need regulatory approval before starting their roles, and every senior manager will need to have a 'Statement of Responsibilities' that clearly says what they are responsible and accountable for.

The SMCR is the approach taken in the UK to encourage good conduct and individual accountability in the financial services industry. It aims to:

• encourage a culture of staff at all levels taking personal responsibility for their actions

• make sure firms and staff clearly understand and can demonstrate where responsibility lies

According to the FCA, “the aim of the SMCR is to reduce harm to consumers and strengthen market integrity by creating a system that enables firms and regulators to hold individuals to account”.

A Shell Company exists only on paper and does not have an office, assets or active business. Shell companies can often be regarded negatively as they can be used for illegal objectives, like money laundering. However, they can be used legally by businesses and individuals to raise capital and reduce tax liabilities.

A simplified form of customer due diligence (CDD) that may be adopted when the firm has ascertained that the customer poses a low risk of money laundering.

A technique used in the placement of funds that are being laundered, whereby the funds are divided into smaller amounts so that such amounts will fall below the threshold at which the relevant financial institution (or other body) is required to file a suspicious transaction report.

Suspicious activity report (SAR) is a generic term for the report(s) submitted by financial institutions and other bodies subject to AML regulations to the Financial Intelligence Unit (FIU) of the country when money laundering activity is known or suspected.

Different terminology may be used in different jurisdictions for these reports. For example, in the United States, there are SARs for financial institutions, SARC (Suspicious activity report for casinos) and SAR-S (Suspicious activity report for securities brokers and dealers).

The term given, in some jurisdictions, to a suspicious activity report (SAR). Note that in the UK a suspicious transaction report (STR) relates to suspicions of market abuse rather than money laundering.

Financing terrorist acts and the activities of terrorists and terrorist organisations.

An international non-governmental organisation that monitors and publishes reports on corporate and public sector corruption. Its annual Corruption Perception Index is a common tool used by firms to assess the risks of doing business in foreign jurisdictions.

Treating Customers Fairly is a key principle of the UK’s FCA and refers to firms treating their customers in a fair and even-handed manner – the way we would expect to be treated. Regulated firms must show that their customers’ interests and fair treatment are at the core of their business model.

A legal arrangement whereby a person (a trustee) holds property as nominal owner on behalf of one or more beneficiaries. Each trust is established by a legal document known as the “trust deed”.

The legal document that creates a trust. The trust deed specifies the requirements of the trustee(s) in relation to property placed in trust and details the beneficiaries.

An individual person (or member of a board) that is given control or powers of administration over property placed in trust. The trustee has a legal obligation to administer the property solely for the purposes specified in the trust deed.

In the context of a company, the Ultimate Beneficial Owner is a natural person that ultimately owns or controls that company.

Ownership is most commonly defined by a person owning, directly or indirectly, 25% or more of the shares or the voting rights in the company.

Control relates to anything, formal or informal, which gives an individual the ability to have a significant influence on the company.

Examples might be the ability to appoint or retire half or more of the Board of Directors; supplying a material loan to the company; or in any way having a veto over strategic actions of the company.

Whistleblowing is when an employee has a concern about suspected or actual wrongdoing in the workplace, by an employer or another employee, and reports this information internally, in accordance with their firm’s reporting procedures, or externally, in accordance with the relevant whistleblowing law, (e.g. to a Prescribed Person, such as a regulator).