KYC & AML Glossary

The practice of searching open-source news and database content for negative information about a client or counterparty. Adverse media findings are one input into the firm's overall risk assessment, alongside sanctions and PEP screening. A clean adverse media screen is not the absence of risk; it is one signal among several.

The framework of laws, regulations, and procedures designed to prevent the financial system being used to launder the proceeds of crime. In the UK, the primary AML regulations are the Money Laundering Regulations 2017, supplemented by the Proceeds of Crime Act 2002 and the Terrorism Act 2000.

An international financial free zone in Abu Dhabi, regulated by the Financial Services Regulatory Authority (FSRA). ADGM operates under common law and has its own regulatory framework, distinct from both the UAE federal regime and the DIFC.

The natural person who ultimately owns or controls a customer, or on whose behalf a transaction is being conducted. Under MLR 2017, firms must identify beneficial owners at onboarding and take reasonable measures to verify their identity. The standard threshold is 25 percent ownership or control, although the firm may need to look beyond this if the structure is designed to obscure beneficial ownership.

The process of identifying a customer, verifying their identity, understanding the purpose of the relationship, and assessing the money laundering risk associated with it. CDD is required under MLR 2017 Regulation 28 for all customers. The depth of CDD applied is proportionate to the assessed risk.

The FCA's principle that requires firms to act to deliver good outcomes for retail customers. Introduced under the Consumer Duty rules in 2023, it has driven substantial remediation work across UK financial services as firms have reassessed historical sales, products, and communications against the new standard.

The firm's documented assessment of money laundering and other financial crime risk associated with each jurisdiction relevant to its business. The matrix typically takes inputs from FATF lists, transparency rankings, and the firm's own experience, and feeds into the customer risk rating.

An international financial free zone in Dubai, regulated by the Dubai Financial Services Authority (DFSA). DIFC operates under common law and has its own regulatory framework, distinct from both the UAE federal regime and the ADGM.

A higher level of customer due diligence applied where the firm has identified factors that elevate the relationship's money laundering risk. Required under MLR 2017 Regulation 33 in defined circumstances, including PEPs, high-risk jurisdictions, and other risk factors. EDD is qualitatively different from CDD, not just more of the same.

UK legislation that strengthened corporate transparency requirements, expanded the powers of Companies House, and introduced new offences related to economic crime. The Act has phased in over 2024 and beyond, with implications for KYB and beneficial ownership work.

The intergovernmental body that sets international standards for anti-money laundering and counter-terrorist financing. FATF Recommendations are the foundation of most national AML regimes. FATF also maintains lists of high-risk jurisdictions, which firms reference in their country risk matrices.

The UK's primary regulator for financial services conduct. The FCA enforces MLR 2017, supervises regulated firms, and takes action against firms that fail to meet its standards. Its 2025 to 2030 strategy places financial crime supervision at the top of the regulatory agenda.

UK legislation that established the Independent Football Regulator and brought football clubs under statutory regulation for the first time. The Act introduced licensing, ownership and directors testing, and financial sustainability requirements that go significantly beyond what football's own bodies had previously imposed.

The statutory regulator created under the Football Governance Act 2025. The IFR has powers including licensing, ownership testing, financial regulation, and supporter and heritage protection. It represents a category change in how football clubs are governed.

The industry body that publishes guidance on AML compliance for the UK financial services sector. The JMLSG Part I Guidance is the practitioner reference that firms organise their AML thinking around, and the FCA refers to it in supervisory exchanges.

The Crown Dependency regulator for financial services in Jersey. JFSC-regulated firms operate under their own AML framework, broadly aligned with FATF and UK practice but with local variations.

The broader practice of understanding who a customer is, their background, and the nature of their relationship with the firm. KYC is the operational expression of CDD obligations. The terms are often used interchangeably, although KYC is the wider concept and CDD is the specific regulatory requirement.

The equivalent of KYC for corporate customers. KYB requires the firm to understand the legal entity, its ownership structure, its beneficial owners, and the purpose of the relationship. KYB has become more prominent following ECCTA and the strengthening of Companies House transparency rules.

The UK's primary AML regulations, replacing the 2007 regulations. MLR 2017 sets out the core obligations for regulated firms including risk assessment (Reg 18), customer due diligence (Reg 28), and enhanced due diligence (Reg 33). The regulations have been amended several times since enactment.

The senior manager appointed under MLR 2017 to oversee the firm's AML compliance, receive internal reports of suspicious activity, and submit suspicious activity reports to the National Crime Agency where appropriate. The MLRO is a Senior Management Function under SM&CR.

The UK's lead agency for serious and organised crime, including the receipt and analysis of Suspicious Activity Reports submitted by regulated firms. The NCA also operates the Financial Intelligence Unit for the UK.

The IFR's process for assessing whether the people who own and run a football club meet the suitability standards required under the Football Governance Act 2025. Distinct from, and more rigorous than, the leagues' previous fit and proper person tests.

The regulatory requirement under MLR 2017 to continue monitoring a customer relationship after onboarding. Ongoing monitoring includes transaction surveillance, periodic CDD refresh, and reassessment of the customer's risk rating when material changes occur. The FCA expects ongoing monitoring to be continuous and risk-sensitive, not periodic batch processing.

A retrospective review of a firm's historical sales, advice, or other business activity, typically conducted in response to a regulatory concern or self-identified compliance issue. PBRs are a common tool in remediation and consumer redress programmes.

An individual entrusted with prominent public functions, their family members, and close associates. MLR 2017 requires firms to apply enhanced due diligence to PEPs and to take reasonable measures to identify them. PEP status persists for a defined period after the individual leaves the relevant role.

UK legislation that criminalises money laundering and creates the framework for asset recovery. POCA contains the principal money laundering offences and underpins the obligation to submit Suspicious Activity Reports.

The principle that AML measures should be proportionate to the assessed risk of money laundering. The risk-based approach is foundational to MLR 2017 and JMLSG Part I. It does not mean doing less work overall; it means focusing work where the risk actually sits.

The central bank and financial regulator of Saudi Arabia. SAMA-regulated firms operate under a framework that incorporates FATF Recommendations and is aligned with broader Gulf regulatory practice while reflecting Saudi-specific requirements.

A report submitted to the National Crime Agency where a firm has knowledge or suspicion of money laundering or terrorist financing. SAR submission is a legal obligation under POCA and the Terrorism Act 2000. The MLRO is responsible for the firm's SAR submissions.

The provision of the Financial Services and Markets Act 2000 that allows the FCA to require a firm to commission a Skilled Person to report on a defined area of concern. Section 166 reviews are a major regulatory tool and are increasingly common in financial crime supervision.

A third party, usually a partner-grade professional services firm, instructed under section 166 to examine a firm's systems, controls, or decisions and report to the FCA. The Skilled Person is independent of both the firm and the regulator, although the firm pays for the review.

The FCA and PRA framework that holds senior managers in regulated firms personally accountable for areas within their responsibility. The MLRO is a Senior Management Function under SM&CR, meaning personal regulatory liability attaches to the role.

The immediate origin of the money used in a particular transaction or relationship. Source of funds is a narrower concept than source of wealth and is concerned with the specific funds at hand rather than the client's overall wealth.

The broader picture of how a client's overall net worth has been accumulated. Source of wealth corroboration requires evidence linking the client's stated wealth to its origin in a way an external reviewer can follow, proportionate to the assessed risk.

The natural person at the top of a corporate ownership chain who ultimately owns or controls the entity. UBO identification is the central work of KYB and is a recurring focus of regulatory attention, particularly where structures cross multiple jurisdictions.

An association of major international banks that publishes standards and guidance on AML, KYC, and financial crime topics. Wolfsberg standards are referenced internationally and inform practice in source of wealth, correspondent banking, and other areas where the regulations leave room for industry interpretation.