top of page
Screenshot 2023-08-23 at 09.56.10.png

What is financial crime compliance?

New to the concept of financial crime? What is compliance? Why should you care about it? Find out more in this glossary.

build vs buy

This refers to the decision-making process that fintechs, banks and other businesses go through when choosing between developing an in-house compliance solution or purchasing a compliance vendor solution in order to meet regulatory requirements.  An in-house solution will generally be customized to take into account the firm’s unique needs. The build itself will often require dedicated resources, such as experts in the Engineering and Compliance teams. On the other hand, 'buying' a third-party compliance solution that is already developed may save time and effort at first instance. However, there may be need for vendor intervention where errors occur or where alert tuning is required.

blockchain monitoring

Blockchain monitoring refers to the systematic process of surveiling and investigating potentially suspicious activities occurring within a blockchain network. By employing advanced technologies such as blockchain analytics, pattern recognition and machine learning, blockchain monitoring aims to prevent money laundering and terrorist financing, and maintain the transparency and integrity of the blockchain ecosystem. It involves real-time tracking and analysis of transactions, smart contracts, and other blockchain operations to detect anomalies, unauthorized access, or exposure to financial crime entities. Features of a blockchain monitoring solution may include: wallet screening, counterparty monitoring, visualization of wallet address clusters, and the directness of exposure to wallet addresses associated with illicit activities.

controls testing

Control testing refers to the evaluation of an organization's internal controls to ensure they function effectively and comply with regulations. It involves identifying key controls, executing testing procedures, analyzing results, and recommending improvements. Continuous monitoring ensures ongoing compliance and risk mitigation. Control testing aims to identify any weaknesses, deficiencies, or deviations from expected processes.

customer identification program

A Customer Identification Program (CIP) referes to a fintech, crypto or other business’s processes for verifying the identities of their customers. The purpose of having a CIP in place is to prevent money laundering and other illicit activities by ensuring that the identities of onboarded individuals and entities conducting monetary transactions are accurately verified. This generally involves collecting specific information from customers during onboarding, such as name, date of birth, address, and government issued identification documentation. Risk-based assessments may be programmatically performed on the collected information to instantly determine the appropriate level of due diligence required for an onboarding customer.

due diligence

Due diligence refers to the process of investigation and analysis conducted by the Compliance function of a financial institution to assess the risk associated with onboarding an individual or entity. The DD process includes gathering customer information, reviewing documentation relating to individuals and ultimate beneficial owners (UBOs) of entities, financial statements of an entity, conducting background checks, and evaluating the overall viability of a business relationship with the potential customer given associated financial crime risks. There is generally a distinction between customer due diligence (CDD) and enhanced due diligence (EDD). EDD would involve a stricter initial onboarding process and more frequent ongoing reviews on a successful onboarded customer’s transactional activity, and checks on any updates to the customer’s provided details.

financial crime

Financial crime refers to a range of illicit activities that involve fraudulent, deceptive, or illegal actions aimed at gaining financial benefits. These activities include money laundering, fraud, terrorist financing, and market abuse. Fintechs, crypto exchanges, and other companies which operate in the digital space may be especially susceptible to bad actors given the remote nature of their onboarding processes and services. A business may suffer reputational damage, operational disruption, and regulatory consequences from financial crime incidents. To prevent financial crime from occuring, businesses must ensure that adequately designed and effective compliance controls are in place on their platforms.

independent assessment

An independent assessment in compliance refers to a comprehensive and impartial evaluation of an organization's adherence to regulatory requirements and internal policies. The purpose of an independent assessment is to provide an objective analysis of the organization's compliance practices, identifying gaps which will need to be remediated in a timely fashion. This process will often involve documented risk scoring of different areas of controls, and corresponding actionable recommendations for enhancing processes to ensure overall compliance effectiveness. Independent assessments play a critical role in maintaining the integrity of compliance programs and demonstrating a commitment to regulatory standards.

model validation

Model validation refers to a rigorous and systematic process of assessing the accuracy, reliability, and effectiveness of quantitative models and methodologies employed by a business to evaluate and manage specific risks, e.g. in risk scoring the business’s customers for due diligence purposes. Model validation will likely involve: assessing the conceptual soundness of the model, reviewing available data attributes and conducting data quality analyses, and reviewing historical reports. The process may result in recommendations for the implementation of new weightings or controls.

sanctions screening

Sanctions screening involves a name or description review of individuals, entities, transactions against established sanctions lists, which include the names of entities subject to economic and trade restrictions. The most common sanction lists include the OFAC (Office of Foreign Assets Control) SDN (Specially Designated Nationals and Blocked Persons) List, and the EU’s Consolidated List of Sanctions. Generally speaking, there are two parts to sanctions screening within a fintech, crypto, or other business. Firstly, upon customer onboarding, the name of the individual or entity being onboarded will be programmatically run through sanctions lists - this program will normally be a specialized screening solution. Secondly, the recipient name as referenced by a customer in financial transactions will also be programmatically run through the screening solution. Any potential matches in either case will be manually reviewed.

third party risk management

Third-party risk management (TPRM) is the process of managing risks associated with engaging in business and strategic arrangements with external parties (e.g. vendors, technology partners, banking partners, etc.) to perform business activities in support of the business’s own operations or business strategy.

threshold tuning

In the context of financial crime, threshold tuning is often applied to transaction monitoring where alert rules are being tuned so as to provide accurate signalling for potentially illicit activities. Threshold tuning generally refers to the process of adjusting predefined thresholds within a system to optimize its accuracy and efficiency. This practice involves fine-tuning the parameters that trigger alerts for potential fraudulent or money laundering activity through analysis of transaction data.

transaction monitoring

Transaction monitoring is a continuous process used by fintechs, payment services providers, and other applicable entities to oversee and analyze a series of financial transactions for the purpose of identifying and mitigating risks related to money laundering, fraud, terrorist financing, and other illicit activities. This process involves the real-time or retrospective analysis of transactional data to detect patterns, anomalies, or suspicious behaviors that may warrant further investigation or reporting to regulatory authorities. Transaction monitoring helps ensure compliance with anti-money laundering (AML) and counter-terrorism financing (CTF) regulations, maintain the integrity of financial systems, and contribute to overall risk management efforts.

vendor assessment

Vendor assessment refers to the due diligence process that organizations conduct to assess the suitability, reliability, and adherence to regulatory standards of third-party vendors or suppliers with whom they engage in business relationships. This process involves reviewing various aspects, including the vendor's financial stability, operational capabilities, data security practices, compliance with industry regulations, and ethical standards. The goal of vendor assessment is to identify and mitigate potential risks that external parties may introduce, ensure alignment with the organization's own compliance requirements, and safeguard against disruptions, breaches, or reputational damage arising from vendor relationships.

bottom of page