- Money laundering
- The process of disguising the illegal origin of criminal proceeds so they appear to come from a legitimate source.
- Three stages of money laundering
- Placement, layering, and integration.
- Placement
- The first stage of money laundering: introducing illicit cash into the financial system (e.g., bank deposits, currency exchange, buying assets).
- Layering
- The second stage: moving funds through complex layers of transactions to obscure their origin and break the audit trail.
- Integration
- The third stage: reintroducing laundered funds into the legitimate economy as apparently clean money (e.g., real estate, businesses).
- Terrorist financing (TF)
- Providing or collecting funds to carry out terrorist acts; funds may come from legitimate or illicit sources, and amounts are often small.
- Money laundering vs. terrorist financing
- Money laundering disguises the illegal SOURCE of funds; terrorist financing disguises the illegal USE or DESTINATION of funds, which may be legitimately sourced.
- Predicate offense
- The underlying criminal activity (e.g., drug trafficking, fraud, corruption) that generates the proceeds being laundered.
- Structuring
- Breaking a large transaction into smaller amounts to evade reporting or recordkeeping thresholds; a federal crime in the U.S.
- Smurfing
- A form of structuring using multiple people (smurfs) to make many small deposits below the reporting threshold.
- Trade-based money laundering (TBML)
- Disguising proceeds and moving value through trade transactions using techniques like over- or under-invoicing, multiple invoicing, or misrepresenting goods.
- Over-invoicing
- Stating a price higher than the true value of goods to transfer extra value to the exporter; a TBML technique.
- Under-invoicing
- Stating a price lower than the true value of goods to transfer value to the importer; a TBML technique.
- Hawala
- An informal value transfer system that moves money based on trust and a network of brokers (hawaladars), often outside the formal banking system.
- Informal value transfer system (IVTS)
- A money-transfer network that operates outside or parallel to regulated financial institutions (e.g., hawala, hundi, fei ch'ien).
- Shell company
- A company with no significant operations or assets, often used to hide beneficial ownership and obscure the flow of funds.
- Shelf company
- A pre-registered company that has been 'on the shelf' for a period and is then sold to give an appearance of longevity and legitimacy.
- Front company
- A business with legitimate operations that is used to launder illicit funds by commingling them with real revenue.
- Bust-out
- A fraud scheme in which credit is built up and maxed out with no intent to repay, common with credit cards and trade credit.
- Round-tripping
- Moving funds out of a country and bringing them back disguised as foreign investment to legitimize the money.
- Money mule
- A person who transfers illegally acquired money on behalf of others, often recruited unwittingly, to launder proceeds.
- Cuckoo smurfing
- A laundering method that exploits legitimate remittance transfers by depositing illicit funds into the account of an unwitting recipient.
- Layering through wire transfers
- Rapidly moving funds among accounts and jurisdictions, often through correspondent banks, to obscure the source.
- Bulk cash smuggling
- Physically transporting large quantities of currency across borders to place illicit proceeds outside reporting systems.
- Black Market Peso Exchange (BMPE)
- A trade-based laundering scheme that uses peso brokers to convert drug dollars into pesos through legitimate trade purchases.
- Real estate laundering
- Using property purchases (often with cash, shell companies, or third parties) to integrate illicit funds into the legitimate economy.
- Casinos and gaming risk
- Casinos can be used to launder cash by buying chips, gambling minimally, and cashing out as 'winnings' (chip walking, minimal play).
- Virtual asset / cryptocurrency risk
- Cryptocurrencies can enable pseudonymous, cross-border value transfer; risks include mixers, tumblers, and unhosted wallets.
- Mixers / tumblers
- Services that pool and redistribute cryptocurrency to obscure the link between sending and receiving addresses.
- New payment methods (NPM)
- Prepaid cards, e-money, mobile and internet payments that can pose AML risk through anonymity, speed, and limited oversight.
- Proliferation financing
- Providing funds or services for the manufacture, acquisition, or transfer of weapons of mass destruction in breach of international obligations.
- Human trafficking and ML
- Proceeds of human trafficking and migrant smuggling are laundered through cash businesses, money services, and front companies.
- Corruption / kleptocracy
- Misuse of public office for private gain; corrupt officials launder proceeds via shell companies, real estate, and offshore accounts.
- Tax evasion as predicate
- Illegally avoiding taxes; under many regimes (and FATF) tax crimes are designated predicate offenses for money laundering.
- Insurance laundering
- Using policies (e.g., single-premium products, early surrender for a refund) to launder funds through the insurance sector.
- Securities laundering
- Using brokerage accounts, securities trades, and wash trading to layer and integrate illicit funds.
- Concentration accounts risk
- Internal omnibus accounts that commingle funds and can obscure the identity of the underlying customers if not properly tracked.
- Funnel account
- An account in one location that receives many cash deposits, often below the threshold, then quickly withdrawn elsewhere.
- Red flag
- An unusual or suspicious indicator in customer behavior or transactions that may signal money laundering or terrorist financing.
- Red flag: structuring
- Multiple cash transactions just below the reporting threshold, especially across branches or days.
- Red flag: rapid movement
- Funds deposited and quickly wired out with no apparent business purpose ('pass-through' activity).
- Red flag: reluctance to provide information
- A customer who avoids identification, gives inconsistent details, or resists due-diligence requests.
- Red flag: third-party activity
- Transactions inconsistent with the customer's profile, or accounts used by unrelated third parties.
- Red flag: high-risk geography
- Transactions involving jurisdictions known for weak AML controls, secrecy, or sanctions exposure.
- Vulnerability vs. threat
- A threat is the criminal actor or activity; a vulnerability is a weakness (e.g., a product, channel, or control gap) that the threat can exploit.
- Inherent risk
- The level of risk before controls are applied — driven by customer, product, geography, and channel factors.
- Residual risk
- The level of risk that remains after mitigating controls are applied.
- FATF
- The Financial Action Task Force — the global standard-setter for AML, CFT, and counter-proliferation financing; issues the 40 Recommendations.
- FATF 40 Recommendations
- FATF's comprehensive framework of measures countries should implement to combat money laundering, terrorist financing, and proliferation financing.
- FATF mutual evaluation
- A peer review assessing a country's technical compliance with the FATF standards and the effectiveness of its AML/CFT system.
- FATF grey list
- FATF's list of jurisdictions under increased monitoring that have strategic AML/CFT deficiencies and have committed to address them.
- FATF black list
- FATF's list of high-risk jurisdictions (call for action) with serious deficiencies; members apply enhanced due diligence or countermeasures.
- Risk-based approach (RBA)
- FATF's core principle: identify, assess, and apply AML/CFT resources and controls in proportion to the risks present.
- FATF-style regional bodies (FSRBs)
- Regional organizations (e.g., APG, MONEYVAL, GAFILAT) that promote and assess FATF standards within their regions.
- Basel Committee (BCBS)
- The Basel Committee on Banking Supervision; issues 'Sound management of risks related to money laundering and financing of terrorism' guidance for banks.
- Wolfsberg Group
- An association of global banks that publishes AML/CFT best-practice guidance, including the correspondent banking and CBDDQ standards.
- Wolfsberg CBDDQ
- The Correspondent Banking Due Diligence Questionnaire — a standardized form for assessing correspondent banking relationships.
- Egmont Group
- The global network of Financial Intelligence Units (FIUs) that facilitates secure information sharing on money laundering and terrorist financing.
- Financial Intelligence Unit (FIU)
- A national agency that receives, analyzes, and disseminates suspicious activity reports and other financial intelligence (in the U.S., FinCEN).
- Bank Secrecy Act (BSA)
- The 1970 U.S. law (the Currency and Foreign Transactions Reporting Act) requiring recordkeeping and reporting to detect and prevent money laundering.
- FinCEN
- The Financial Crimes Enforcement Network — the U.S. FIU and BSA administrator within the Department of the Treasury.
- USA PATRIOT Act
- 2001 U.S. law that strengthened AML rules, including customer identification (Section 326), correspondent account controls, and Section 311/312/313.
- PATRIOT Act Section 311
- Allows the U.S. Treasury to designate a jurisdiction, institution, or transaction type as a 'primary money laundering concern' and impose special measures.
- PATRIOT Act Section 312
- Requires enhanced due diligence for correspondent accounts of foreign banks and for private banking accounts of non-U.S. persons.
- PATRIOT Act Section 313
- Prohibits U.S. banks from maintaining correspondent accounts for foreign shell banks.
- Section 314(a)
- A FinCEN information-sharing process letting law enforcement request, via FinCEN, that institutions search records for named subjects.
- Section 314(b)
- A voluntary safe harbor allowing financial institutions to share information with each other to identify and report ML/TF.
- OFAC
- The U.S. Office of Foreign Assets Control — administers and enforces economic and trade sanctions based on U.S. foreign policy.
- SDN List
- OFAC's Specially Designated Nationals and Blocked Persons List — parties whose assets are blocked and with whom U.S. persons are generally prohibited from dealing.
- Sanctions
- Restrictive measures (asset freezes, trade bans, travel bans) imposed by governments or bodies to influence behavior or punish conduct.
- Comprehensive vs. targeted sanctions
- Comprehensive sanctions broadly restrict dealings with a whole country; targeted (smart) sanctions focus on specific persons, entities, or sectors.
- 50 Percent Rule (OFAC)
- An entity owned 50% or more, directly or indirectly, by one or more blocked persons is itself treated as blocked, even if not separately listed.
- Sectoral sanctions
- Sanctions targeting specific sectors of an economy (e.g., finance, energy) rather than a whole country or individual.
- EU Anti-Money Laundering Directives
- A series of EU directives (notably the 4th, 5th, and 6th) harmonizing AML/CFT requirements across member states.
- 4AMLD
- The EU's Fourth AML Directive — introduced a risk-based approach, beneficial ownership registers, and expanded PEP requirements.
- 5AMLD
- The Fifth AML Directive — extended AML rules to virtual asset service providers and prepaid cards and enhanced beneficial-ownership transparency.
- 6AMLD
- The Sixth AML Directive — harmonized the definition of money laundering, listed 22 predicate offenses, and extended liability to legal persons.
- UK Proceeds of Crime Act (POCA)
- The UK's principal money-laundering law, creating the SAR regime and offenses for concealing, arranging, and acquiring criminal property.
- UN conventions (Vienna / Palermo)
- The 1988 Vienna Convention (drug trafficking) and 2000 Palermo Convention (transnational organized crime) underpin international AML obligations.
- Mutual legal assistance treaty (MLAT)
- A formal agreement between countries to gather and exchange evidence for criminal investigations and prosecutions.
- Corporate Transparency Act (CTA)
- U.S. law requiring many companies to report beneficial ownership information to FinCEN to combat the misuse of anonymous shell companies.
- Designated non-financial businesses and professions (DNFBPs)
- Non-bank sectors with AML obligations: casinos, real estate agents, dealers in precious metals/stones, lawyers, notaries, and accountants.
- Money services business (MSB)
- A business that transmits or converts money (money transmitters, currency dealers, check cashers, prepaid issuers); subject to BSA registration.
- Regulator vs. FIU
- A regulator supervises institutions for AML compliance; the FIU receives and analyzes suspicious activity reports and financial intelligence.
- Travel Rule
- A FATF/BSA requirement that institutions pass originator and beneficiary information along with qualifying funds and virtual asset transfers.
- Recordkeeping requirement
- BSA rules requiring institutions to retain CDD, transaction, and reporting records (generally five years) for examination and investigation.
- Equivalent jurisdiction
- A country deemed to have AML/CFT standards comparable to one's own, which can affect the level of due diligence applied.
- Secrecy / haven jurisdiction
- A jurisdiction offering strong financial secrecy and minimal transparency, posing elevated AML risk.
- Counter-proliferation financing (CPF)
- Measures to prevent financing of the proliferation of weapons of mass destruction; part of the FATF mandate.
- Group-wide AML program
- An enterprise-wide program ensuring consistent AML/CFT standards and information sharing across all branches and subsidiaries of a group.
- Pillars of an AML program
- The BSA framework: (1) internal controls/policies, (2) a designated compliance officer, (3) ongoing training, (4) independent testing/audit, and (5) risk-based CDD.
- BSA/AML Compliance Officer
- The designated individual responsible for day-to-day oversight of the AML program; must have authority, resources, and independence.
- Internal controls
- The policies, procedures, and processes designed to limit and control risks and to ensure compliance with AML/CFT laws.
- Independent testing / audit
- A periodic, objective review of the AML program's adequacy and effectiveness, performed by qualified parties not involved in its operation.
- AML training
- Ongoing, role-appropriate training so staff can recognize red flags and understand their reporting and compliance obligations.
- Customer due diligence (CDD)
- The process of identifying and verifying customers, understanding the nature of the relationship, and conducting ongoing monitoring.
- Know Your Customer (KYC)
- Policies and procedures to verify a customer's identity and assess risk; a foundation of CDD.
- Customer Identification Program (CIP)
- The BSA requirement (PATRIOT Act 326) to collect and verify identifying information (name, DOB, address, ID number) before opening an account.
- Enhanced due diligence (EDD)
- Additional scrutiny applied to higher-risk customers, products, or geographies, such as PEPs and correspondent banking relationships.
- Simplified due diligence (SDD)
- Reduced measures permitted for lower-risk customers or products where the ML/TF risk is demonstrably low.
- Beneficial owner
- The natural person who ultimately owns or controls a customer or on whose behalf a transaction is conducted.
- Ultimate beneficial owner (UBO)
- The natural person at the top of an ownership chain who ultimately owns or controls a legal entity (FinCEN: 25%+ ownership and a control prong).
- CDD Rule beneficial ownership
- FinCEN's rule requiring covered institutions to identify beneficial owners of legal entity customers: each 25%+ owner plus one control person.
- Politically exposed person (PEP)
- An individual entrusted with a prominent public function, who poses higher corruption/bribery risk and warrants enhanced due diligence.
- Domestic vs. foreign PEP
- FATF distinguishes foreign PEPs (always higher risk, requiring EDD) from domestic PEPs and international-organization PEPs (risk-based EDD).
- Source of funds vs. source of wealth
- Source of funds is the origin of the specific money in a transaction; source of wealth is how the customer's total assets were accumulated.
- Risk assessment
- A documented analysis of an institution's ML/TF risks across customers, products, services, geographies, and channels to drive controls.
- Risk rating / scoring
- Assigning customers and relationships a risk level (e.g., low/medium/high) to determine the intensity of due diligence and monitoring.
- Ongoing monitoring
- Continuously reviewing transactions and updating customer information to ensure activity is consistent with the known profile.
- Suspicious activity report (SAR)
- A report filed with the FIU/FinCEN when an institution knows, suspects, or has reason to suspect activity involves illegal funds or ML/TF.
- Suspicious transaction report (STR)
- The international term equivalent to a SAR — a report of suspicious activity filed with the national FIU.
- SAR filing deadline (U.S.)
- Generally 30 calendar days after detecting facts that constitute a basis for filing (60 days if no suspect is identified).
- Tipping off
- Unlawfully disclosing to a customer (or a third party) that a SAR/STR has been or will be filed; prohibited in most regimes.
- SAR confidentiality
- The requirement to keep the existence and content of a SAR confidential, sharing only as permitted by law (the SAR safe harbor protects filers).
- Currency Transaction Report (CTR)
- A BSA report filed for cash transactions exceeding USD 10,000 in a single business day, by or on behalf of one person.
- CTR aggregation
- Combining multiple same-day cash transactions by or for the same person to determine whether the USD 10,000 CTR threshold is met.
- Report of Foreign Bank and Financial Accounts (FBAR)
- A FinCEN report required of U.S. persons with foreign financial accounts exceeding USD 10,000 in aggregate during the year.
- Monetary instrument log
- A BSA record of cash sales of monetary instruments (e.g., money orders, cashier's checks) between USD 3,000 and USD 10,000.
- Form 8300
- A report (filed with the IRS/FinCEN) for cash received over USD 10,000 in a trade or business.
- Onboarding / account opening controls
- CIP, beneficial ownership identification, sanctions/PEP screening, and risk rating performed before or at account opening.
- Periodic review
- Scheduled refresh of customer due diligence based on risk (e.g., high-risk annually) to keep information current.
- Trigger event review
- A CDD refresh prompted by a change such as new ownership, a large or unusual transaction, or adverse news.
- Adverse media screening
- Reviewing negative news sources for information linking a customer to financial crime, corruption, or sanctions exposure.
- De-risking
- Terminating or restricting relationships with customers or categories deemed high-risk to avoid managing the risk, rather than mitigating it.
- Three lines of defense
- A governance model: (1) the business owns and manages risk, (2) compliance/risk oversees it, and (3) internal audit independently assures it.
- Board and senior management oversight
- Leadership's responsibility to set the AML culture, approve the program and risk appetite, and ensure adequate resources.
- Culture of compliance
- An organizational environment where leadership and staff prioritize ethical conduct and AML obligations across the institution.
- Compliance program independence
- The compliance function's ability to act without undue influence from the business lines it oversees.
- Whistleblower / escalation
- Channels allowing employees to report concerns; many regimes (e.g., AMLA) provide whistleblower protections and rewards.
- Politically exposed person tiers
- Categories of PEPs (foreign, domestic, international organization) plus close associates and family members, each with risk-based scrutiny.
- Correspondent banking
- Where one bank (correspondent) provides services to another (respondent); higher-risk because the correspondent relies on the respondent's KYC.
- Nested / downstream correspondent
- When a respondent bank gives its own customers access to a correspondent account, obscuring the underlying parties (heightened risk).
- Payable-through account (PTA)
- A correspondent account a foreign bank's customers can use directly to transact; high-risk and subject to enhanced due diligence.
- Shell bank
- A bank with no physical presence and no affiliation with a regulated financial group; U.S. institutions are prohibited from dealing with them.
- Private banking
- High-touch services for wealthy clients; higher AML risk requiring EDD, including source-of-wealth verification (PATRIOT Act 312).
- Regulatory examination
- A supervisory review verifying that an institution's AML program meets legal requirements and operates effectively.
- Look-back review
- A retrospective review of past activity (often regulator-mandated) to identify unreported suspicious activity after a program failure.
- Civil money penalty (CMP)
- A monetary fine imposed by regulators (e.g., FinCEN, OFAC) for AML or sanctions violations.
- Consent order
- A formal settlement between a regulator and an institution requiring corrective actions and often penalties for compliance failures.
- Transaction monitoring
- Automated and manual review of transactions against rules, thresholds, and behavioral patterns to detect suspicious activity.
- Transaction monitoring scenarios
- Predefined rules or models (e.g., structuring, rapid movement, high-risk geography) that generate alerts for review.
- Rules-based monitoring
- Detection using fixed thresholds and logic (e.g., cash > USD 9,500); simple and transparent but can produce many false positives.
- Behavioral / anomaly detection
- Models that flag activity deviating from a customer's established baseline or peer group.
- Alert
- An automated flag generated when activity meets a monitoring scenario's criteria, requiring analyst review and disposition.
- Alert disposition
- The investigator's decision to close an alert as a false positive or escalate it for further investigation or a SAR.
- False positive
- An alert that, after review, turns out not to indicate suspicious activity; a major operational cost in AML monitoring.
- Case management system
- Software that consolidates alerts, customer data, and investigation notes to support analysts and document decisions.
- Sanctions screening
- Comparing customers and transactions against sanctions lists (e.g., OFAC SDN, UN, EU) to prevent prohibited dealings.
- Watchlist screening
- Screening parties against sanctions, PEP, and adverse-media lists at onboarding and on an ongoing basis.
- Fuzzy matching
- A screening technique that detects approximate matches to account for spelling variations, transliteration, and aliases.
- Name screening vs. transaction screening
- Name screening checks parties against lists; transaction (payment) screening checks payment messages in real time before processing.
- True match vs. false hit
- A true match correctly identifies a listed party; a false hit (false positive) is a non-match flagged due to similar data.
- List management
- Keeping sanctions and watchlists current and configuring screening thresholds to balance detection and false positives.
- KYC / CDD technology
- Tools for identity verification, document checks, beneficial ownership mapping, and risk scoring during onboarding.
- Identity verification (IDV)
- Confirming a customer is who they claim to be using documents, databases, biometrics, or electronic verification.
- eKYC
- Electronic KYC — digital identity verification using data sources, document scanning, and biometrics, common in remote onboarding.
- Biometric verification
- Using fingerprints, facial recognition, or other physical traits to verify identity and reduce impersonation fraud.
- Liveness detection
- Technology confirming a real, live person is present during remote onboarding to defeat photos, masks, or deepfakes.
- Artificial intelligence in AML
- Machine learning used to improve detection, reduce false positives, segment customers, and prioritize alerts; requires explainability and governance.
- Machine learning model
- An algorithm trained on data to detect patterns; in AML, used for risk scoring, anomaly detection, and alert triage.
- Model risk management
- Governance ensuring analytics and monitoring models are validated, documented, tuned, and free of bias or error.
- Model validation
- Independent testing to confirm a monitoring or screening model performs as intended and detects the intended risks.
- Threshold tuning / optimization
- Adjusting monitoring rule thresholds (often via above- and below-the-line testing) to balance detection against false positives.
- Above-the-line / below-the-line testing
- Sampling alerts at and just below thresholds to confirm thresholds capture suspicious activity without excessive noise.
- Data quality
- Accurate, complete, and timely data; poor data quality is a leading cause of monitoring and screening failures.
- Data lineage
- The documented flow of data from source to system, essential for reliable monitoring, reporting, and audits.
- Robotic process automation (RPA)
- Software bots that automate repetitive AML tasks such as data gathering, alert enrichment, and report population.
- Network / link analysis
- Visualizing relationships among accounts, entities, and transactions to uncover hidden connections and complex schemes.
- Entity resolution
- Linking records that refer to the same person or entity across systems to build a single, accurate customer view.
- Blockchain analytics
- Tools that trace cryptocurrency flows across the blockchain, attribute addresses, and flag exposure to illicit wallets or mixers.
- RegTech
- Technology that helps institutions comply with regulations more efficiently (e.g., automated reporting, screening, monitoring).
- SupTech
- Technology used by supervisors and regulators to collect and analyze data and oversee compliance.
- SAR e-filing
- Electronic submission of SARs/CTRs to the FIU (in the U.S., via the FinCEN BSA E-Filing System).
- GoAML
- A UNODC software platform many FIUs use to collect, manage, and analyze STRs and other reports.
- Investigation
- A structured review that gathers facts, analyzes transactions and KYC, and determines whether to file a SAR or take other action.
- Investigation workflow
- Alert triage, information gathering, transaction and relationship analysis, conclusion, and documentation/escalation.
- Subpoena / law enforcement request
- A legal demand for records that institutions must handle while preserving confidentiality and the integrity of any investigation.
- Information sharing (314(b))
- Technology-enabled, voluntary sharing among institutions under a safe harbor to better detect and report ML/TF.
- Continuous activity review (CAR)
- Ongoing, automated review of customer activity to keep risk ratings and monitoring aligned with current behavior.
- Audit trail / documentation
- A complete, retrievable record of decisions and actions, essential to defend dispositions and demonstrate compliance to examiners.
- Quality assurance (QA) in AML
- Reviewing a sample of alert and SAR decisions to confirm consistency, accuracy, and adherence to procedures.
- Management information / metrics
- Reporting (alert volumes, SAR counts, aging, false-positive rates) that lets leadership oversee program effectiveness.
- Sanctions list update / delta
- The process of ingesting changes to sanctions lists and rescreening affected customers and pending payments.
- Payment screening hold
- Pausing a payment that hits a sanctions or watchlist alert until an analyst clears or blocks it.
- Blocking vs. rejecting (OFAC)
- Blocking freezes prohibited funds in a segregated account; rejecting refuses a transaction without freezing; both must be reported to OFAC.
- Currency exchange / casa de cambio risk
- Money exchangers can be used to convert illicit cash into other currencies or instruments, layering proceeds with limited oversight.
- Wire stripping
- Removing or altering originator/beneficiary information in a payment message to evade sanctions screening; an illegal layering technique.
- Commingling
- Mixing illicit funds with legitimate business revenue to disguise their criminal origin, common in cash-intensive front companies.
- Cash-intensive business
- A business with high legitimate cash flow (restaurants, car washes, parking) that is attractive for commingling illicit cash.
- Loan-back scheme
- Laundering in which a launderer 'lends' themselves their own illicit funds (often through an offshore entity) to create an appearance of legitimacy.
- Gatekeeper
- A professional (lawyer, accountant, trust/company service provider) whose services can be abused to launder funds or hide ownership.
- Trust and company service provider (TCSP)
- A provider that forms companies, supplies directors, or administers trusts; a DNFBP that can be exploited to obscure beneficial ownership.
- Bearer shares
- Shares owned by whoever physically holds the certificate, with no register of ownership; a high-risk vehicle for hiding beneficial owners.
- Nominee director / shareholder
- A person who acts as a front for the true owner of a company, concealing the real beneficial owner.
- Offshore financial center
- A low-tax, high-secrecy jurisdiction used (legitimately or abusively) to hold assets and obscure ownership.
- Identity theft / synthetic identity
- Using stolen or fabricated identities to open accounts and move illicit funds while evading KYC.
- Elder financial exploitation
- Fraud targeting older adults; proceeds are laundered and institutions are expected to detect and report it.
- Ransomware and ML
- Extortion payments (often in cryptocurrency) are laundered through mixers and exchanges; subject to OFAC advisories.
- Wildlife / environmental crime
- Illegal trade in protected species and resources generates proceeds laundered through trade and shell companies; a growing FATF focus.
- Charity / NPO abuse
- Non-profit organizations can be misused to raise, move, or disguise funds for terrorist financing (FATF Recommendation 8).
- Foreign terrorist fighter financing
- Small-value funding (self-funding, social media solicitation, money remitters) to support individuals traveling to conflict zones.
- Micro-structuring
- Breaking transactions into very small amounts across many channels or instruments to stay under monitoring thresholds.
- FATF Recommendation 10
- Requires financial institutions to undertake customer due diligence and prohibits anonymous accounts.
- FATF Recommendation 16 (Travel Rule)
- Requires originator and beneficiary information to accompany wire and virtual-asset transfers.
- FATF Recommendation 8
- Addresses the terrorist-financing risk to non-profit organizations, calling for a risk-based, proportionate response.
- Virtual asset service provider (VASP)
- An entity that exchanges, transfers, or safeguards virtual assets; subject to FATF AML/CFT obligations including the Travel Rule.
- Anti-Money Laundering Act of 2020 (AMLA)
- Major U.S. reform that created the beneficial ownership registry, expanded whistleblower rewards, and modernized the BSA.
- FFIEC BSA/AML Examination Manual
- The U.S. interagency manual that guides examiners and institutions on BSA/AML compliance expectations.
- OFAC General License
- An authorization permitting an otherwise-prohibited category of transactions without a specific application.
- OFAC Specific License
- A case-by-case written authorization from OFAC permitting a particular transaction that would otherwise be prohibited.
- Secondary sanctions
- Sanctions targeting non-U.S. persons who engage with sanctioned parties, extending reach beyond U.S. jurisdiction.
- Consolidated Sanctions List
- OFAC's list of parties subject to non-SDN sanctions programs, screened alongside the SDN List.
- UN Security Council sanctions
- Binding sanctions (e.g., asset freezes, arms embargoes) adopted by the UNSC that member states must implement.
- EU consolidated sanctions list
- The European Union's list of persons and entities subject to EU restrictive measures.
- HM Treasury / OFSI
- The UK's Office of Financial Sanctions Implementation, which administers and enforces UK financial sanctions.
- Money Laundering Regulations (UK MLRs)
- UK regulations implementing AML/CFT obligations for regulated firms, including CDD and risk assessment.
- FinCEN advisory
- A FinCEN notice alerting institutions to emerging threats, typologies, or jurisdictions, often with related red flags.
- Geographic Targeting Order (GTO)
- A FinCEN order imposing additional recordkeeping/reporting on transactions in a specific area or sector (e.g., high-value real estate).
- Special measures (Section 311)
- Five graduated measures Treasury can impose on a primary money-laundering concern, up to barring correspondent accounts.
- Equivalent / comparable jurisdiction
- A country with AML/CFT controls deemed comparable, which can permit reliance on its institutions' CDD.
- Cross-border declaration
- A requirement to declare currency or bearer instruments above a threshold when crossing borders (FATF Recommendation 32).
- Financial Action Task Force typologies
- FATF reports describing methods and trends in ML/TF used to inform risk assessments and red flags.
- Risk appetite
- The amount and type of ML/TF risk an institution is willing to accept, set by the board to guide the program.
- Customer risk rating factors
- Inputs such as customer type, occupation, products used, geography, and transaction behavior used to assign a risk level.
- Higher-risk customers
- Categories warranting EDD: PEPs, cash-intensive businesses, MSBs, NPOs, non-resident customers, and complex ownership structures.
- New customer vs. existing customer CDD
- CDD is performed at onboarding and refreshed through ongoing monitoring and periodic/trigger reviews thereafter.
- Beneficial ownership 25% threshold
- FinCEN's CDD Rule requires identifying each natural person owning 25% or more of a legal entity customer, plus a control person.
- Control prong
- The CDD Rule requirement to identify one individual with significant managerial control over a legal entity customer.
- Reliance on third parties
- Permitting another regulated party to perform elements of CDD, while the relying institution remains ultimately responsible.
- Politically exposed person screening
- Identifying PEPs, their family members, and close associates to apply enhanced due diligence and senior-management approval.
- Senior management approval
- Required to onboard or continue higher-risk relationships such as foreign PEPs and certain correspondent accounts.
- Sanctions compliance program
- A risk-based program with management commitment, risk assessment, internal controls, testing/audit, and training (per OFAC's framework).
- OFAC five pillars
- OFAC's framework for a sanctions compliance program: management commitment, risk assessment, internal controls, testing/auditing, and training.
- Voluntary self-disclosure
- Proactively reporting an apparent sanctions or BSA violation to regulators, which can mitigate penalties.
- Apparent violation (OFAC)
- Conduct that may constitute a sanctions violation, evaluated against OFAC's Economic Sanctions Enforcement Guidelines.
- Egregious vs. non-egregious case
- OFAC's classification of a violation's seriousness, which (with self-disclosure) drives the base penalty calculation.
- AML program approval
- The board of directors must approve the AML program and ensure it is implemented with adequate resources.
- Designated compliance officer authority
- The BSA officer needs sufficient seniority, independence, resources, and direct access to the board.
- Suspicious activity escalation
- The internal process for raising a potential SAR from frontline staff to investigators to the decision-maker.
- SAR decision committee
- A body that reviews investigations and decides whether to file a SAR, documenting the rationale either way.
- Continuing activity SAR
- A follow-up SAR filed (often every 90 days in the U.S.) when previously reported suspicious activity continues.
- No-SAR decision documentation
- Recording the rationale when an alert or investigation does not result in a SAR, to defend the decision to examiners.
- Politically exposed person ongoing review
- Periodic re-screening and source-of-wealth review of PEP relationships throughout their lifecycle.
- Customer acceptance policy
- A policy defining which customers the institution will and will not onboard based on risk.
- Exit / off-boarding policy
- Procedures for terminating relationships that exceed risk appetite, ideally targeted rather than wholesale de-risking.
- Training frequency and tailoring
- AML training should be at least annual, role-specific, and refreshed when laws, typologies, or systems change.
- Independent testing scope
- Audit should cover the risk assessment, CDD/EDD, monitoring, screening, reporting, training, and prior-finding remediation.
- Investigation prioritization
- Triaging alerts and cases by risk so the most serious potential ML/TF is investigated first.
- Suspicious activity narrative
- The 'who, what, when, where, why, and how' written in a SAR so the FIU and law enforcement can act on it.
- SAR quality
- A useful SAR has a clear, complete narrative, correct subject and transaction data, and supporting documentation retained.
- Subject vs. activity in a SAR
- A SAR identifies the subject(s) where known and describes the suspicious activity even when no subject is identified.
- Source documentation
- Account records, transaction logs, KYC files, and correspondence gathered to support an investigation's conclusion.
- Open-source intelligence (OSINT)
- Publicly available information (corporate records, news, social media) used to enrich and corroborate investigations.
- Negative news / adverse media
- Reports linking a subject to crime, sanctions, or corruption, reviewed during EDD and investigations.
- Law enforcement liaison
- Cooperation with authorities on requests, joint investigations, and feedback, while maintaining SAR confidentiality.
- Production order / summons
- A legal instrument compelling an institution to produce records relevant to an investigation.
- Account freezing / seizure
- Restraining funds pursuant to a court order, regulatory action, or sanctions designation pending investigation.
- Asset forfeiture
- The legal process by which authorities permanently confiscate proceeds and instruments of crime.
- Transaction reconstruction
- Rebuilding the flow of funds across accounts and entities to establish the source and movement of value.
- Funds flow analysis
- Tracing how money moved among parties and accounts to identify the origin, layering, and destination of funds.
- Alert backlog management
- Controlling the volume of unworked alerts so suspicious activity is reviewed within required timeframes.
- Sanctions alert investigation
- Reviewing a screening hit to confirm a true match, then blocking/rejecting and reporting to OFAC as required.
- Politically exposed person hit review
- Confirming whether a PEP screening alert is a true match and applying the appropriate enhanced measures.
- Segregation of duties
- Separating who detects, investigates, and approves SAR filings to reduce error and conflicts of interest.
- Tuning feedback loop
- Using SAR outcomes and investigation results to refine monitoring scenarios and thresholds over time.
- Scenario coverage assessment
- Mapping monitoring scenarios to the institution's risks to confirm all key typologies are detectable.
- Data enrichment
- Adding context (KYC, prior alerts, related parties) to an alert so investigators can decide efficiently.
- Continuous transaction screening
- Ongoing screening of customers and payments as lists and customer data change, not just at onboarding.
- Sanctions list false-positive reduction
- Using better matching logic, good-guy lists, and tuning to cut non-genuine hits without missing true matches.
- Investigation documentation standard
- Recording the evidence, analysis, and conclusion for every case so decisions are defensible and auditable.
- Feedback to first line
- Sharing investigation outcomes with frontline and onboarding teams to improve future detection and CDD.