Industry Glossary

Anti-Money Laundering (AML) 

A branch of compliance work focused on the prevention of money laundering. AML professionals are tasked with making sure that criminals are not able to use the financial system to turn “dirty money” (proceeds from criminal activity) into “clean money” (money which appears to come from legitimate sources).


(Note: this entry describes a regulatory, rather than financial, audit.) In compliance circles, an audit is a formal review of how well a financial institution adheres to regulatory standards. There is no “one size fits all” type of audit, as compliance programs are developed at the company level, meaning each institution will be judged based both on the strength of its policy, and how well that policy is adhered to. Generally speaking, there are two forms of regulatory audit: internal and external. Some financial institutions will use an external third-party to conduct their audit, while others (usually larger banks) will have their own dedicated audit group at the company itself. It’s important to note, however, that in both cases the auditors function independently from the department they are reviewing. Even internal audit teams will report directly to the board in order to avoid conflict of interest. The result of an audit is either a clean bill of health, or (in the case of a poor result) a list of recommendations and requirements paired with a timeline for fixing them. 

Bank Secrecy Act (BSA)

Passed by Congress in 1970, the Bank Secrecy Act established the first anti-money laundering laws in the United States. It set the standard for many foundational AML practices, including the “criminal referral form” (now known as the Suspicious Activity Report (SAR), currency transaction report (CTR), foreign bank account report (FBAR), and more. It has been amended over the years, most notably by the U.S. PATRIOT ACT of 2001, which required financial institutions to create a formal anti-money laundering program internally, and to subject that program and its policies to regular review by auditors. 


A business practice area tasked with making sure a company adheres to external rules (set by the government) and internal policies (set by the company). There are many different types of compliance, but within the world of finance, this means creating a program designed to reduce systemic risk, protect customers, and help prevent financial crime. 

Countering the Financing of Terrorism (CFT)

The other side of the coin to anti-money laundering laws created to fight crime-for-profit, countering the financing of terrorism (a.k.a. “combating the financing of terrorism”) refers to anti-money laundering (AML) efforts as applied to the prevention of terrorist financing. From a compliance perspective, these two fields have a lot in common. The tactics and desired end result (stopping the flow of funds to criminal or terrorist groups) are the same, even if the stated mission is slightly different. 

Currency Transaction Report (CTR)

A report, designed to aid in anti-money laundering (AML) efforts, that must be filled out for any transaction greater than $10,000. The form takes down certain customer information and is required regardless of whether or the person is a customer of the bank. Unless a customer asks, financial institutions aren’t required to say that such a report is being filed. What’s more, if the customer learns a CTR is required and then backs out of the transaction, that action triggers the need for a Suspicious Activity Report (SAR) to be filed. Similarly, if multiple transactions are made by a customer that total more than $10,000 in a single day, or if transactions appear to be structured to avoid reaching the $10,000 limit, a SAR (rather than a CTR) must be filed.

Customer Due Diligence (CDD)

Normal, everyday work done by a financial institution to establish the identity of a potential account holder and to gauge the amount of risk that this person (or business entity) represents.  

Economic Sanction

A foreign policy tool that stops short of military action, economic sanctions cover a wide range of foreign policy decisions. These could include trade embargoes, asset seizure, no-travel rules, and more. The ultimate design of these actions is (for sanctioning countries) the achievement of policy goals through economic restriction and isolation from the global economy. 

Enhanced Due Diligence (EDD)

If Customer Due Diligence (CDD) is a tall black coffee, Enhanced Due Diligence (EDD) is a venti frappuccino. Just as the name implies, Enhanced Due Diligence (EDD) represents extra, “above and beyond” work on the part of the bank to verify a customer’s identifying information. This is done as part of a general risk-mitigation strategy, though most often EDD audits are done for customers who represent an atypical customer profile. 

Financial Action Task Force (FATF)

What the Financial Crimes Enforcement Network (FinCEN) is to the United States, the Financial Action Task Force (FATF) is to the world. Established in 1989, the Financial Action Task Force (FATF) is an international body working to establish effective anti-money laundering and counter-terrorist financing practices worldwide. A leader in anti-money laundering (AML) and Countering the Financing of Terror (CFT) practices, FATF’s strategic recommendations are the international standard for organized financial crime fighting efforts.

Financial Crimes Enforcement Network (FinCEN)

A bureau of the U.S. Treasury, the stated goal of the Financial Crimes Enforcement Network (FinCEN) is to protect the financial system from harm, most notably by preventing money laundering. The bureau accomplishes this by – amongst other things – being the “central hub” for collecting data (especially SARs) from financial institutions and distributing them to law enforcement. FinCEN also represents the U.S. in helping coordinate financial crime fighting around the globe. 

Financial Intelligence Unit (FIU)

A general term for a centralized group, organized at the national level, that handles the gathering and analysis of financial crime data, as well as distributing that information to relevant governmental agencies. The International Monetary Fund has described the differences between what it sees as the four main types of FIUs (pages 9-17 of this report). One extra wrinkle to consider: Financial Intelligence Unit is also often the name given by many financial institutions to their anti-financial crime division. So, yeah. Same name, different entities. 


Fraud is the act of being deceptive in order to get something in an unlawful manner. In compliance circles, however, fraud (or “fraud prevention”) refers to a specific practice area dedicated to investigating attempts by criminals to defraud financial institutions or related businesses. Some of the most common types of financial fraud include credit card fraud, insurance fraud, tax fraud, embezzlement, identity theft, mortgage fraud, as well as fake charity creation or robo-calling scams. 

Know Your Customer (KYC)

A set of standards and practices used by banks and other financial institutions to collect customers’ identifying information and set a baseline for their normal financial behaviors. This KYC information is then used by compliance teams to effectively highlight and investigate any activity or relationships that may be deemed “out of the ordinary.” 


The last step in the three-part structure of money laundering, integration is the use of laundered criminal proceeds for legitimate purchases.


The second step in the three-part structure of money laundering, layering is the act of moving money through a series of different accounts or intermediaries in order to disguise its criminal origins. 

Money Laundering

The act of transforming the profits of crime into funds that appears to have a legitimate source, provenance, and rightful owner. 

Money Services Business (MSB)

A term used for any business that handles, transacts, converts, or otherwise exchanges money. Also a term used for any individual who engages in these activities to such a degree that (per regulatory statutes) they are legally equivalent to a financial institution – and so are required to register with FinCEN and subject themselves to anti-money laundering requirements. 

Office of Foreign Assets Control (OFAC)

The department of the U.S. Treasury that enforces economic and trade sanctions made as a part of U.S. foreign policy. The reason for sanctioning another country may vary, but is usually based on threats to national security, the stockpiling of weapons of mass destruction, or other hostile actions. 

Office of the Comptroller of the Currency (OCC)

For banks operating in the United States, the Office of the Comptroller of the Currency (OCC) is there to make sure you play by the rules. The OCC describes its mission as ensuring “banks and federal savings associations operate in a safe and sound manner, provide fair access to financial services, treat customers fairly, and comply with applicable laws and regulations.” Given that a.) the OCC has real power, including the ability to grant (and revoke) bank charters, and b.) the banks – not Congress – fund the OCC, it’s not an agency any financial institution wants to be on the wrong side of.  


The first step in the three-step process of money laundering, placement involves finding a way to insert criminal proceeds into the financial system. Historically, many large criminal enterprises (cartels, organized crime, etc.) have taken in large amounts of cash. In order to give that money a “legitimate” appearance, then, they would find a cash-heavy business to use as a front. (Notorious gangster Al Capone favored laundromats for this purpose, which is why it’s called “money laundering” and not “money dry-cleaning.”) In the modern day, more sophisticated means of placing criminal funds into the financial system have emerged. The motive and basic premise of placement, however, remains the same. 

Politically Exposed Person (PEP)

Anyone with a prominent position in politics is automatically a Politically Exposed Person, and thus subject to higher scrutiny from an AML perspective. This isn’t because that person is, by themselves, more likely to commit financial crime. Rather, it’s because their position within political office puts them at higher risk for bribery and corruption. 

Predicate Crime

A crime that precedes, and contributes to, crimes such as money laundering. An easy way to think about predicate crimes is this: if a criminal is ready to launder money, the predicate crime is how they got hold of the money they’re looking to launder in the first place. Predicate crimes can vary depending on the country, but a generally accepted list can be found in the latest version of FATF’s “40 Recommendations”


A regulator works on behalf of governmental agencies and departments tasked with overseeing different aspects of the financial industry. This means that different regulators will have different things they’re looking for, they generally have the same set of objectives: examine and take stock of a financial institution’s operations with an eye towards ensuring that financial law and policy is being followed.  

Risk Assessment

Banking is a risky business. Any institution that makes money can also lose money. Fortunately, financial institutions understand this, and develop plans to make sure that they only take on an acceptable, comfortable level of risk – one that won’t get them into trouble later on. The name given to such a plan is risk assessment. A risk assessment contains a full breakdown of the bank’s unique characteristics (such as size, holdings, geography, and other factors) as well as its main areas of business (who it’s dealing with, where its structural partnerships lie). These things are all analyzed with an eye towards understanding how much systemic risk they place on the bank – an important metric to have on-hand when you’re making business decisions. A proper risk assessment is the first step of any good compliance program, as it helps set the baseline for anti-money laundering (AML) and countering the financing of terror (CFT) work.  


Note: also known as structuring.


Structuring involves breaking up a large sum of money into smaller chunks before depositing it into the banking system. This is done to try and avoid triggering a Currency Transaction Report (CTR). Financial Institutions are required to file a CTR for transactions over $10,000, meaning that a criminal attempting to launder $90,000 might break this lump sum into nine separate deposits of $9,000 in order to evade scrutiny. 

Note: also known as smurfing.

Suspicious Activity Report (SAR)

The main communications channel between a financial institution’s compliance department and law enforcement, the Suspicious Activity Report (SAR) has been around – in one form or another – since the Bank Secrecy Act of 1970. SARs provide a detailed summary of suspicious financial activity. They are used by law enforcement to help “follow the money” in criminal investigations. 

Suspicious Transaction Report (STR)

If a suspicious activity report (SAR) were a meal ordered at a sit-down restaurant, a suspicious transaction report (STR) would be your drive-thru to-go order. Though specifics vary by country, a SAR will typically cover a longer range of transactions and activity than its STR counterpart. STRs might only cover a single transaction (or small batch of transactions) and can, as happens in the UK, be passed on to their respective financial intelligence unit (FIU) on a more accelerated schedule. 

SWIFT System 

The same way you wouldn’t (or, at least, we hope you wouldn’t) discuss your bank account numbers at a crowded restaurant or on Twitter, banks don’t want to discuss money transfers or other financial transactions on anything but a secure line. SWIFT (short for “Society for Worldwide Interbank Financial Telecommunications”) is that communication channel. SWIFT uses unique ID code structures to simplify communication, a major improvement over its predecessor, Telex. Because SWIFT has become the de facto means of communication for global finance, it’s also a powerful sanctions tool. Lack of access to SWIFT is a serious hindrance to any international financial institution.  

Transaction Monitoring 

Financial institutions hold and move money according to the desires of their customers. This means that – from an AML and fraud standpoint – financial institutions will want to keep an eye on these transactions. There are far too many to make human review of every transfer or deposit feasible, so instead a transaction monitoring system is put in place. A program designed to act as part filter, part watchdog, transaction monitoring systems use computer algorithms to comb through huge numbers of financial transactions, flagging those that appear unusual and passing them along to the compliance team for review. 


Passed by Congress in the immediate aftermath of September 11, 2001, the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT) did two things: 1.) it demonstrated Congress’s intense love of acronyms, and 2.) it provided a set of sweeping national security policy changes. Title III of the act, “Anti-Money Laundering to Prevent Terrorism” expanded on the Bank Secrecy Act and other AML laws, creating more stringent reporting requirements for financial institutions and giving the Treasury and other governmental agencies more power to impose and enforce regulatory action. 

United States Treasury

A government is not a business, but it still needs a bookkeeper. First instituted in 1789 with founding father – and Broadway source-material superstar – Alexander Hamilton as its first secretary, the United States Treasury is responsible for issuing bonds, printing money, running the Internal Revenue Service, and (in conjunction with the Federal Reserve) supervising the U.S. banking system.