Compliance Glossaries

4MLD/4AMLD/AMLD4

The EU's Fourth Money Laundering Directive.

5MLD/5AMLD/AMLD5

The EU's Fifth Money Laundering Directive (2018) aimed to implement amendments to the EU Commission’s Action Plan of 2016 that tackles the use of the financial system for funding criminal and terrorist activities as well as large-scale obfuscation of funds.

6MLD/6AMLD/AMLD6

The EU's Sixth Money Laundering Directive. An EU directive that focuses on tackling crimes enabled by money laundering (including trafficking, bribery, etc).

Accountability

In the context of financial crime/AML, accountability relates to the fact that senior management must appoint an individual to implement an AML/CTF programme, but that the ultimate accountability for the effectiveness of the programme remains with senior management.

Account Freezing Order

An order preventing the disposal of assets by the respondent.

Account Monitoring Order

An order issued by a government authority requiring a financial institution to provide transaction information on a suspect account for a specified time period.

Accuracy Principle

The notion that data controllers should keep personal data up to date and accurate, taking reasonable steps to ensure that inaccurate data is corrected.

Acquired Gender

The EU's Sixth Money Laundering Directive. An EU directive that focuses on tackling crimes enabled by money laundering (including trafficking, bribery, etc).

Active Bystander

A bystander is someone who witnesses an incident or event - for example, sexual harassment, prejudice or discrimination. An active bystander is someone who decides to act, intervene or call it out. See also Passive Bystander.

Adjustments

Advance Fee Fraud

This is a type of fraud whereby individuals are persuaded to give their money to the criminal on the premise that they will receive a larger sum of money in return for this. It’s typically characterised as paying a 'fee'. However, the bigger sum of money does not even exist.

Advisory & Conciliation and Arbitration Service (ACAS)

A public body in the UK which works with employers and employees to build better employment relations, solve problems and improve performance. ACAS plays an important role in arbitrating in disputes without the need to refer cases to an Employment Tribunal. Companies are also required to demonstrate that they comply with ACAS guidelines when managing grievances, disciplinary action and redundancy. See also Employment Tribunal.

Affidavit

A written statement that is given under oath before an officer of the court, notary public, or another authorized person. It is commonly used as the factual basis for an application for a search, arrest or seizure warrant.

Affinity Bias

Affinity bias (also known as Similarity Bias) is a form of unconscious bias. It's our tendency to gravitate towards people who are just like us, who look and talk like us, are from the same social background, share the same interests, etc. We may actively avoid or even dislike people who aren’t the same.

Age

This is one of the protected characteristics under the Equality Act 2010. It is against the law to discriminate against someone on the grounds of their age. This includes the person's age (eg 30-year-olds), or specific age groups (eg over 60s, 18-30s).

Ageism

Discrimination, prejudice or treating someone less favourably on the grounds of age. Younger and older individuals are especially affected by ageism.

AIFMD

Alternative Investment Fund Managers Directive (AIFMD) provides a regulatory framework for those who manage alternative investment funds, such as hedge funds, private equity firms and investment trusts.

Alternative Remittance System (ARS)

Informal banking system often associated with ethnic groups from the Middle East, Africa or Asia, and commonly involves the transfer of values among countries outside of the formal banking system. Examples are Hawala, Hundi and Chiti banking.

AML

Anti-Money laundering refers to the policies, laws, and regulations to implement in order to prevent financial crimes. See 4MLD/5MLD/6MLD & MLRO.

AML/CTF Programme

A series of anti-money laundering measures that must be implemented by organisations within the scope of the money laundering regulations mitigating the risks of money laundering and terrorism financing.

An AML CTF programme must include as a minimum:

• A risk assessment;
• Written internal policies, procedures, and controls (covering customer due diligence, transaction monitoring, reporting)
• A designated AML compliance officer;
• Ongoing AML employee training; and
• Independent review to test the program.

AMLID

The Anti-Money Laundering International Database (AMLID) is a secure, multilingual database of anti-money laundering laws and regulations, also containing information on national contacts and authorities. AMLID is an important reference tool for law enforcement officers involved in cross-jurisdictional work and is published by IMOLIN (See International Money Laundering Network).

Anonymous Data

Data that cannot be traced back to an identifiable individual, and hence falls outside the scope of the GDPR.

Anti-Money Laundering International Database (AMLID)

A secure, multilingual database of anti-money laundering laws and regulations, also containing information on national contacts and authorities. AMLID is an important reference tool for law enforcement officers involved in cross-jurisdictional work and is published by IMOLIN (See International Money Laundering Network)

Antisemitism

Article 29 Working Party

A non-regulatory EU-level data protection body that provided advice on how to comply with data protection law to the Member States before the introduction of GDPR. The organisation comprised members of national data protection authorities at the EDPS. It is now the EDPB under GDPR.

Asia/Pacific Group on Money Laundering (APG)

A Financial Action Task Force (FATF)-style regional body consisting of jurisdictions in the Asia/Pacific Region.

Asset Freezing Order

See Account Freezing Order

Asset Recovery

The efforts by law enforcement and CPS to recover the Proceeds of Crime as set out in the Asset Recovery Action Plan.

Asylum Seeker

An asylum seeker is someone who leaves their country of birth and seeks refuge in another country, having claimed asylum under the United Nations Convention on the Status of Refugees 1951 on the grounds that they will face persecution on the grounds of race, religion, nationality, political belief, or membership of a particular social group if they are returned to their home country. The person remains an asylum seeker while their application is pending. See also Refugee.

Attribution Bias

Attribution bias is a form of unconscious bias. It's where we interpret events and behaviours based on our past experiences, observations or interactions. Generally, we attribute things that we've done well to our personality or own merit while blaming things that have gone badly on external events beyond our control. With other people, we tend to assume the opposite. If they've done well, we may claim that they got lucky, but, if things go wrong, we blame them personally.

Bank Secrecy Act (BSA)

The primary U.S. anti-money laundering law, amended by the USA Patriot Act in 2001. Among other measures, it imposes money laundering controls on financial institutions and many other businesses, including the requirement to report and to keep records of various financial transactions.

Barrier

This is something that creates a disadvantage or difficulty for an individual or group with one or more protected characteristics.

Bearer Shares

Negotiable instruments that accord ownership in a corporation to the person who is in physical possession of the bearer share certificate, a certificate made out to "Bearer" and not in the name of an individual or organisation. This makes it a very high-risk instrument in relation to money laundering and is therefore outlawed in many jurisdictions.

Beneficial Owner

This is the person who naturally controls or owns the customer. The percentage ownership for becoming a beneficial owner is often set at 25%, although this may vary for different jurisdictions. There may be more than one beneficial owner at an entity.

Bias

This is a tendency to show favour or prejudice towards or against an individual, group or belief. Bias may be unconscious (implicit) or conscious (explicit). Our biases may be positive or negative. It's important to be aware of any biases you have. If they are left unchecked, this can lead to unintentional bias (promoting people who are only 'like you') or, in extreme cases, outright discrimination. To find out about your own biases, you can take an Implicit Association Test (IAT). See also Unconscious Bias.

Biometrics

Biometrics are body measurements and calculations related to human characteristics. Biometrics authentication is used to identify individuals during the account opening process, making the process more efficient and much quicker for the customer.

Binary Identity

The belief that there are only two genders, which are opposites (male and female), and people belong to one of these two genders.
See also Non-binary Identity and Gender Identity.

Binding Corporate Rules

Legally enforceable rules that enable a multinational company or organisation to transfer personal data from its entities in the EU to its entities (subsidiaries and affiliates but not third parties) in countries outside the EEA.

Biometric Data

Biometric data refers to any data derived from a data subject's biology or physical body. These data could include information regarding the physiological, behavioural or physical characteristics of a natural person, including iris scans, fingerprints, and facial images.

Biphobia

Prejudice towards someone's actual or perceived bisexual orientation.

Bisexual

Bisexual is an umbrella term to describe a romantic and/or sexual orientation towards more than one gender.

Bisexual people may describe themselves using one or more of a wide variety of terms, including, but not limited to, bisexual, pan, queer, and some other non-monosexual and non-monoromantic identities.

Black, Asian & Minority Ethnic (BAME)

This is a term used to refer to collective ethnic minority (i.e. non-white) populations in the UK. Note: critics argue the term excludes other ethnic minorities and implies that Black and Asian people are separate from other ethnic minorities. See also Black Minority Ethnic (BME).

Black Lives Matter (BLM) Movement

This is a social justice movement which aims "to bring about justice, healing and freedom to Black people across the globe". The movement started in July 2013 with the social media hashtag #BlackLivesMatter following the acquittal of George Zimmerman for the shooting of Trayvon Martin, a black teenager. It gained international attention following the death of George Floyd by a Minneapolis police officer, where an estimated 15-26 million people participated in BLM protests across the United States. See also #MeToo Movement.

Black Minority Ethnic (BME)

This is a term used to describe collective ethnic minority (i.e. non-white) populations in the UK. Note: critics argue the term excludes other ethnic minorities and implies that Black people are separate from other ethnic minorities.
See also Black, Asian and Minority Ethnic (BAME).

'Blind' Application

This refers to the process of anonymising - i.e. removing all distinguishing or identifying characteristics from - a job candidate's application in order to remove bias and ensure a fairer selection process for all. It includes removing names, gender, age, etc and can also include arranging for third parties to conduct interviews to encourage objectivity.

BSA

The Bank Secrecy Act (primary US anti-money laundering law, amended by the USA Patriot Act in 2001). Among other measures, it imposes money laundering controls on financial institutions and many other businesses, including the requirement to report and to keep records of various financial transactions.

Boom

Beneficial owner, officer or manager in the accounting sector. All of these must be approved by their regulatory body, including passing a basic DBS check.

Bribery

This is the acceptance or offering of an advantage that is made in exchange for the improper performance of an activity or function. The Bribery Act 2010 sets out the statutory offences for this. Bribery is a predicate offence to money laundering.

Bribery Act 2010

The Bribery Act 2010 is a UK Act of Parliament that outlaws both receiving and offering bribes, whether in the UK or another country. It also created a corporate offence of failure when bribery has not been prevented.

Breach

A security failure that leads to the accidental or unlawful access, disclosure, loss or destruction of personal data.

Breach Notification

The requirement for organisations to report data breach to the supervisory authority (ICO in the UK) within 72 hours of becoming aware of the breach. The individual data subjects impacted in the breach may also need to be notified in case of a risk to their rights or freedoms.

Bullying

Bullying is not defined in employment law. However, ACAS defines it as, "offensive, intimidating, malicious or insulting behaviour, an abuse or misuse of power through means that undermine, humiliate, denigrate or injure the person being bullied". The Health and Safety Executive says bullying "involves negative behaviour being targeted at an individual, or individuals, repeatedly and persistently over time" rather than a one-off incident.

Bystander

A bystander is someone who witnesses an incident or event - for example, sexual harassment, prejudice or bias. See Bystander Intervention and Active/Passive Bystander.

Bystander Intervention

A bystander is someone who witnesses an incident or event - for example, sexual harassment, prejudice or bias. Bystander intervention refers to whether and how exactly they responded. See Active Bystander and Passive Bystander.

Data Controller

The controller (organisation or individual) the main decision-makers in relation to personal data. They exercise overall control over the purposes and means of the processing of personal data. Employers are data controllers of their employees' data. Joint controllers are two or more controllers that jointly determine the purposes and means of the processing of the same personal data.

Data Portability

Data portability is a scheme that makes it easier for individuals to transfer their data from one controller to another. GPDR gives data subjects the right to receive their data in electronic format and then pass it on to another controller (for example, if they want to change service provider).

Data Privacy Impact Assessment (DPIA)

A DPIA is a process that is used to help identify and minimise the data protection breach risks that come with processing any personal information. When it comes to processing, there are certain types that require a DPIA. This is usually the case when any type of processing is considered to be high risk in terms of security leaks.

• Describes the data processing in place and purpose for doing it
• Assesses whether the processing is necessary
• Identifies and assesses the risk to data subjects
• Determines any measures that can be put in place to mitigate risk and help to protect data from breaches.

Data Processing

In the context of data protection, processing covers a wide range of manual or automated operations performed on personal data, including the collection, recording, structuring, storage, adaptation or alteration, archival, retrieval, consultation, use, disclosure by transmission, dissemination or publishing, combination, restriction, and erasure or destruction of personal data.

Data Processing Agreement (DPA)

A legally binding contract (required under GDPR Article 28 Section 3) that states the rights and obligations of the data processor and data controller concerning the protection of personal data.

Data Processor

Any individual or organisation with authorisation to edit, modify, delete, transfer, use or change a data subject's personal data. A data controller can be the data processors too, or may outsource processing to a third party (which then is the data processor).

Data Protection Act (DPA)

The Data Protection Act 2018 sets out the data protection framework in the UK, alongside the GDPR.

Data Protection Authority

Each member state of the EU has a data protection authority or supervisory authority. The job of the national DPA is to ensure that member states of the EU enforce data protection law. Many DPAs have extensive enforcement powers, allowing them to impose fines on organisations and individuals who do not comply. The authority in the UK with these powers is the ICO.

Data Protection Officer (DPO)

A data protection officer is a person who works in an organisation to ensure that the business complies with data protection laws. Not all organisations have DPOs, but some have to by law, especially those who process special categories of data. The DPO is responsible for monitoring data protection compliance, keeping you informed about our data protection obligations, and providing any necessary advice for remaining compliant at all times.

Data Protection Principles

Seven key principles set out by the GDPR that should lie at the heart of any approach to processing personal data: Lawfulness, fairness and transparency, Purpose limitation, Data minimisation, Accuracy, Storage limitation, Integrity and confidentiality (security), Accountability.

Data Security

Data security is the term used for how digital data is protected from the unwanted actions of unauthorized users, including cyber-attacks and data breaches.

Data Subject

A data subject is any person to whom data can be attributed and, thus, falls under the jurisdiction of existing data protection laws. Subjects could include a customer, employee, a third-party contact or any individual with whom a data controller interacts.

DBA

A database administrator (DBA) makes sure an organization's databases and related applications operate functionally and efficiently.

DBS

The UK disclosure and barring service is a government body that helps to prevent unsuitable people from working with vulnerable groups, including children.

DCM

Designated contract market.

Defence against Money Laundering

A firm can request a ‘Defence Against Money Laundering (DAML)’ from the NCA (National Crime Agency) when they suspect that property they intend to deal with has a criminal connection and that they risk committing a principal money laundering offence as per the Proceeds of Crime Act 2002 (POCA) if they deal with the property in question. If ‘appropriate consent’ is received from the NCA, an individual will not be deemed to have committed one of those offences.

DEI

Diversity, Equity, and Inclusion.

Delivery Risk

Money laundering risks associated with the type of contact between for example a bank and a customer. A client that is not ever seen face to face represents a higher risk than a client who has been met face to face.

Designated Non-Financial Businesses & Professions

FATF recommends AML standards apply to non-financial businesses and professions, including specifically:

• Casinos (including Internet casinos).
• Real estate agents.
• Dealers in precious metals and precious stones.
• Lawyers, notaries, other independent legal professionals and accountants. (Note that this refers to those who prepare or carry out certain duties on behalf of clients).
• Trust and company service providers who prepare or carry out certain duties on behalf of their clients.

Direct Discrimination

Direct discrimination occurs when an individual is treated unfairly or less favourably than another because of a protected characteristic they possess. Examples include failing to shortlist someone because of their race or failing to recruit or promote a person with a disability that will not impact on their ability to perform the job. See also Indirect Discrimination.

Disability

This is one of the protected characteristics under the Equality Act 2010. It is against the law to discriminate against someone on the grounds of their disability. Disabilities are any physical or mental impairments that have a substantial and long-term adverse effect on a person's ability to carry out their normal day-to-day activities.

Disadvantaged

Disadvantaged means being treated less favourably than another, being held back, experiencing harm or bias. It can apply to individuals or groups relating to the protected characteristics.

Discrimination

The act of treating somebody less favourably based solely on a protected characteristic (or in circumstances when a person is assumed to have a protected characteristic). For instance, an employer discriminates if they refuse to hire a candidate based on their race or gender. Discrimination can also include setting a policy or criteria which, even if applied equally, disadvantages certain individuals or groups with protected characteristics. For example, setting a minimum height requirement may discriminate against women or people of specific ethnic origin. See also Direct Discrimination and Indirect Discrimination.

Discrimination by Association

Discrimination by association occurs when an individual is treated less favourably than another because of their association with someone who possesses a protected characteristic. For example, being refused entry to a nightclub because of your association with a friend who has a learning disability.

Discrimination by Perception

The EU's Sixth Money Laundering Directive. An EU directive that focuses on tackling crimes enabled by money laundering (including trafficking, bribery, etc).

Discriminatory Advertising

Any form of advertising that could be viewed as discrimination against individuals or groups with particular protected characteristics. The Equality Act 2010 makes publishers, like newspapers, legally liable for any discriminatory advertisements that they disseminate. Both publishers and advertisers can potentially be held liable for discriminatory adverts, including job adverts.

Disciplinary Action

Disciplinary action may be taken if difficulties arise during the course of your employment. Companies have disciplinary procedures which set out what is expected of workers in respect of performance and conduct - as well as the consequences of failing to meet these standards. They provide a course of action to improve performance (e.g. training) and provide contact points and timescales for resolving concerns and issues internally. Disciplinary procedures can also demonstrate to an Employment Tribunal that the correct procedures have been followed if someone is dismissed. See also Grievance and Employment Tribunal.

Disclosure Order

An order authorising a request for information with which the recipient is obliged to comply, which is usually backed up by penal sanctions for non-compliance.

Disgorgement

Disgorgement occurs when courts or regulatory bodies force companies to pay back funds obtained illegally. Sometimes with interest and an associated fine.

Dual Discrimination

This is where a person is discriminated against in respect of two protected characteristics. For instance, if a company discriminates against somebody because of both their race and age, it is dual discrimination. They may make separate claims for each protected characteristic.

Diversity

Diversity is about recognising people's differences in terms of age, gender, culture, ethnicity, religion, disability, sexual orientation, education, skills, personalities, political and ideological backgrounds, and so on. It includes but is not limited to protected characteristics. Companies should be representative of their customers and the communities they serve. It's also important to acknowledge the value of different perspectives in decision making. See also Inclusion.

DPA 2018

DPO

A Data Protection Officer (DPO) is responsible for training, monitoring and reporting relating to data protection. They also undertake Data Protection Impact Assessments (DPIA) and are the main point of contact for regulatory authorities. 

Dual Criminality

Under the dual-criminality test introduced in 2009, the conduct giving rise to the proceeds would generally need to be:

1. a crime at the relevant time both in the overseas jurisdiction where it took place and in the UK, or
2. not a crime in that overseas jurisdiction, but a crime in the UK which is punishable by more than one year in prison.

Dual Discrimination

This is where a person is discriminated against in respect of two protected characteristics. For instance, if a company discriminates against somebody because of both their race and age, it is dual discrimination. They may make separate claims for each protected characteristic.

Dual Heritage

This is a term increasingly used to describe people with parents from different ethnic or religious backgrounds. Biracial and multiracial may also be used, rather than mixed-race (previously included in the 2011 census).

Due Regard

Having 'due regard' means that a public sector organisation consciously considers the need to fulfil its duties set out under the equality duty - namely to eliminate discrimination, harassment, victimisation and other conduct prohibited under the Equality Act, to promote equality of opportunity and to foster good relations between people who share protected characteristics and those who do not.
See also Public Sector Equality Duty.

Economic Sanctions

Economic sanctions are the commercial and financial penalties applied by one or more countries against specific self-governing states, groups, or individuals.

Egmont Group of Financial Intelligence Units

The Egmont Group is constituted of a number of national Financial Intelligence Units (FIUs) that meet regularly to find ways to promote the development of FIUs and to cooperate, especially in the area of information exchange, training and the sharing of expertise.

EDD

Enhanced Due Diligence is additional, 'enhanced' customer due diligence measures which need to be applied by businesses and organisations in higher-risk situations, as per regulations 33-35 of the Money Laundering Regulations.

EDPS

The EDPS or European Data Protection supervisor is an EU-level public body that ensures that institutions within the EU respect EU citizen's right to privacy and data protection while processing their data. The body is made up of representatives from member state national data protection institutions.

EDI

Equality, Diversity and Inclusion.

EHS

Environment, Health and Safety.

ELD

Employee Learning & Development.

E-money

E-money has been defined by the Electronic Money Regulations 2011 (SI 2011/99) as the monetary value that is electronically stored, including magnetically stored, represented by a claim on the issuer that is issued on receipt of funds for the aim of making payment transactions, and which a person accepts as opposed to an electronic funds issuer. Who is able to issue e-money is specified by the E-Money regulations. This includes e-money institutions and credit institutions.

Employment Tribunal

An independent tribunal which is responsible for hearing claims and making decisions in cases where people believe they have received unlawfully. Claims may be brought for unfair dismissal, discrimination, unfair deductions from pay, and so on. See also Advisory and Conciliation and Arbitration Service (ACAS).

Encryption

Encryption is a mathematical operation to encodes data in such a way that it can only be accessed by authorised users. Article 32 of the GDPR includes encryption as an example of an appropriate technical measure.

Enhanced Due Diligence (EDD)

Additional, ‘enhanced’ customer due diligence measures need to be applied by businesses and organisations in higher-risk situations, as per the Regulations 33-35 of the Money Laundering Regulations.

Equal Pay Audit

A review usually carried out by employers or auditors to determine whether pay and benefits with the organisation result in unequal pay (pay gaps) between men and women. In the past, these audits have focused on gender pay gaps but increasingly the Equality and Human Rights Commission (EHRC) is encouraging companies to focus on differences in pay in respect of all the protected characteristics (eg race, disability, etc). See also Equality and Human Rights Commission (EHRC) and Gender Pay Gap.

Equal Pay

This arose as a result of historic inequalities between the pay of men and women (notably at Ford Dagenham). Under the Equality Act 2010, it is unlawful for employers to discriminate between men and women in respect of pay and conditions for the same or similar work, equivalent work or work of equal value.

Equal Pay Audits

Equal Pay Audits may be carried out to identify whether there is unequal pay in companies. Differences between the pay of people with protected characteristics and those who do not share those characteristics may constitute direct or indirect discrimination. See also Equal Pay Audit, Like Work, Equivalent Work and Work of Equal Value.

Equality Act 2010

The Equality Act was introduced by the UK Government in 2010 - superseding the earlier patchwork of discrimination laws related to age, sex, race, equal pay, religion and disability - to provide consistent protection against discrimination on the grounds of the nine protected characteristics. It strengthened existing provisions, extended others to include age discrimination and also introduced the Equality Duty.

Equality & Human Rights Commission (EHRC)

This is the UK's statutory body which was established to "promote and uphold equality and human rights ideals and laws across England, Scotland and Wales". The non-statutory body was established in 2006 and operates independently of government. Scotland has a separate Scottish Human Rights Commission operating alongside the EHRC.

Equality Duty

Sometimes also referred to as Public Sector Equality Duty, this is a list of duties that public sector organisations must undertake to comply with the Equality Act 2010. Organisations must, for instance, eliminate discrimination and other conduct prohibited under the Equality Act, make decisions that advance equality of opportunity, and foster good relations between people with protected characteristics and those who do not share them.

Equality Impact Assessment

This is a formal audit of new or existing policies, practices, services, etc to assess their impact on individuals or groups with a shared protected characteristic. These impacts may be positive or negative, but where adverse impacts are noted, action should be taken to eliminate or reduce this.

Equality Of Opportunity

The fundamental belief that every person should have the same opportunity as everybody else to succeed or achieve their goals. Specifically, individuals should be free from artificial barriers, such as race and gender discrimination. Opportunities should be available to all, through free and fair competition, and awarded based on merit.

Equivalent Work

This is one of the principles used to describe equal work with reference to equal pay. The others are Like Work and Work of Equal Value.
This refers to work that has been rated under a job evaluation scheme to be of equal value in respect of how demanding it is, the effort, skill, decision making and responsibility involved. For example, an occupational health role may be rated as equivalent to a production supervisor when assessing the elements of the job. See also Like Work and Work of Equal Value.

ERM

Enterprise risk management (ERM) describes the methods used to manage business risks and seize opportunities.

ESG

Environmental, Social, and Corporate Governance (ESG) relate to the sustainability and the societal impact of investing in a business. See also CSR.

Ethnic Origin

An element of a person's identity that can include their skin colour, nationality, race, religion or cultural heritage, or a group of people who share a common history. Examples of people with a shared ethnic origin include Black American, Rastafarians, Chinese, White British, Sikhs, Jews, Pakistani, Irish Travellers, Romani Gypsies, and more. Ethnic origin is not the same as national origin.

EU Money Laundering Directives

One of the pillars of the European Union's legislation to combat money laundering and terrorist financing are the ML Directives. According to these directives, banks and other gatekeepers are required to apply enhanced vigilance in business relationships and transactions involving high-risk third countries.

EU Sanctions Lists

Fairness Principle

A principle which states that a data controller should put in place facilities that enable the data subject to exercise rights pertaining to their data. Under the fairness principle, data controllers could include facilities that provide access, rectification and erasure of the data as well as those that allow the subject to place restrictions on processing or transfer the data from one controller to another.

FATF

The Financial Action Task Force is an intergovernmental body that is responsible for developing and promoting anti-money laundering and counter-terrorist financing standards across the world.

FCA

The Financial Conduct Authority has a number of statutory objectives. This includes enhancing and protecting the UK financial system's integrity, ensuring it isn't being utilised for a purpose that is associated with any financial crime.

Female-to-male

Also know by the acronym FtM, referring to a person who was assigned female sex at birth but has a male gender identity and transitions to living as a man. See also Male-to-female.

Fifth Money Laundering Directive (5MLD/5AMLD/AMLD5)

An EU directive responding to a series of terrorist attacks in Europe, large data leaks (including the Panama Papers), the rise in cryptocurrency usage and the ongoing intent by the EU to fully implement the FATF Recommendations by all its member states. The transposition deadline was 10th January 2020.

Financial Action Task Force (FATF)

This an intergovernmental body that is responsible for developing and promoting anti-money laundering and counter-terrorist financing standards across the world.

Financial Conduct Authority (FCA)

The Financial Conduct Authority has a number of statutory objectives. This includes enhancing and protecting the UK financial system’s integrity. The UK financial system’s integrity includes it not being utilised for a purpose that is associated with any sort of financial crime.

Financial Crime

Describes a variety of white-collar crimes. The Financial Services and Markets Act 2000, defines financial crime as any offences that involve dishonest or fraud, misconduct with regards to the use of information relating to the financial market, or handling the proceeds of crime.

Financial Intelligence Unit (FIU)

The FIU is a central national agency that is responsible for getting, evaluating, and transmitting disclosures regarding suspicious transactions to the relevant, competent authorities. In the UK, this is the NCA.

FIT

Fit and Proper Test (FIT) refers to an employee who is regarded as suitable to hold a particular position. FIT can also refer to a person who is considered honest and trustworthy.

FIU

The Financial Intelligence Unit is a central national agency that is responsible for getting, evaluating and transmitting disclosures regarding suspicious transactions to the relevant, competent authorities. In the UK, this is the NCA.

Flexible Working

Working practices and patterns that offer a better work-life balance. This may include job sharing, homeworking, part-time, flexitime or staggered hours. Workers are entitled to request flexible working after 26 weeks' consecutive service and employers need to consider their request.

Fourth Money Laundering Directive (4MLD/4AMLD/AMLD4)

An EU directive that introduced more detailed provisions in relation to the risk-based approach, beneficial owners and Politically Exposed Persons,

FSMA

The UK Financial Services and Markets Act (2000) created the Financial Services Authority (FSA) as a regulator for insurance, investment and banking, and the Financial Ombudsman Service to resolve disputes as a free alternative to the courts. It also created the Prudential Regulation Authority to supervise banks, building societies, credit unions, insurers and major investment firms.

FtM

An acronym that stands for Female-to-male, referring to a person who was assigned female sex at birth but has a male gender identity and transitions to living as a man. See also MtF.

Foreign Corrupt Practices Act (FCPA)

The Foreign Corrupt Practices Act (1977) is a US statute prohibiting US citizens and organisations from paying bribes to foreign officials to further business deals. It is enforced by both the Securities and Exchange Commission (SEC) and the Department of Justice (DOJ). In 1998 the act was amended to cover those outside the country facilitating corrupt payments in the US.

Fostering Good Relations

This is part of the Public Sector Equality Duty. It refers to an approach that attempts to tackle prejudices and destructive beliefs in order to produce a more cohesive and productive society. Fostering good relations often involves developing more understanding between people or groups that share protected characteristics and those who do not.

Fraud

Fraud is a term that is used to describe a number of different scenarios. There are many different ways that businesses and their consumers can be impacted by fraud. Some examples are as follows:

• A consumer is defrauded, with a business executing payments connected to this fraud on the instruction on the consumer, i.e. when a consumer asks his or her bank to transfer funds into what turns out to be a share sale scam.
• A business’ consumers are defrauded by a third party because of the actions of the firm, for example, the business loses sensitive personal data, which enables the identity of their customer to be stolen.
• A third party misleads a business, which causes the consumers of the business to be defrauded, for example, criminals evade the security measures to get access to a consumer’s account.
• Contractors, employees or any other type of 'insider' defrauds a business, for instance, a worker steals from his employer and covers up the theft by amending the records.
• Customers defraud a company, for example, mortgage fraud.

Fraud Act

Fraud Act 2006 is an Act of UK Parliament that sets out a number of different fraud offences, for example, fraud by abuse of position, fraud through failure to disclose information and fraud due to false representation.

Gay

This refers to a man or woman who is sexually attracted to someone of the same gender. Note: some people find this term offensive due to its legal and/or prejudicial uses in the past.

GDPR

The General Data Protection Regulations (GDPR) is an EU law that concerns the privacy and data protection of all citizens in the EU and the European Economic Area (EEA).

Gender

This is a legal definition in law that states that a person is either male or female. The terms 'gender' and 'sex' are sometimes used to mean the same thing. However, sex normally refers to physical or biological characteristics that make someone male or female at birth, whereas gender identity can be more 'fluid' and describes the experience or behaviour associated with being male or female.

Gender Balance

According to the European Institute for Gender Equality, this refers to "human resources and [the] equal participation of women and men in all areas of work, projects or programmes".

Gender Dysphoria

This is a recognised medical condition. It refers to the sense of unease that a person experiences because of a mismatch between their biological (birth) sex and gender identity. It can range from feelings of discomfort to intense and severe anxiety or depression. See also Gender Identity.

Gender Equality

According to the European Institute for Gender Equality, gender equality refers to "equal rights, responsibilities and opportunities of women and men and girls and boys".

Gender Expression

The way someone publicly expresses their gender. It includes dress, hair, mannerisms, body language, voice, as well as their chosen name and pronoun. See also Gender Identity.

Gender Identity

A person's subjective experience of their gender or the gender with which they associate. For instance, a person classified as a woman at birth may identify as a woman, a man or somewhere in-between these identities. Gender is increasingly recognised as a spectrum, so a person may identify as non-binary - meaning they do not identify as strictly male or female. Individuals may choose to identify as both male and female, or neither (agender). See also Binary and Non-binary Identity.

Gender Pay Gap

Since 2017, companies with more than 250 employees are required to publish figures about their gender pay gap. The gender pay gap is the difference between the average hourly earnings of men and women, expressed as a percentage relative to men's earnings. Companies must publish the data on their website and report this data to the government online. See also Equal Pay and Equal Pay Audit.

Gender Reassignment

This is one of the protected characteristics under the Equality Act 2010. It is against the law to discriminate against someone on the grounds of gender reassignment. Gender reassignment is the process of transitioning from one gender to another.

Gender Reassignment Discrimination

Discrimination, prejudice or treating someone less favourably on the grounds of gender reassignment, whether they have had surgery or not.

Gender Recognition Act 2004

This Act gives people with gender dysphoria legal recognition of their acquired sex, allowing them to obtain a new birth certificate for all legal purposes, including marriage. Evidence must be presented to a Gender Recognition Panel, which grants a Gender Recognition Certificate (GRC). It is unlawful to disclose that someone has a GRC without their consent.

Gender Stereotyping

Ascribing particular traits, attributes or determining roles to people based on their gender. This is often as a result of societal norms, prejudices or ingrained attitudes. Examples include - but are not limited to - "Women are graceful and men are muscular", "All girls like dolls and all boys like trains", "All women are empathetic and make good caregivers" and "All men are aggressive" or "All men excel at STEM subjects". See Prejudice and Stereotyping.

Genetic Data

Any data that describes the biological characteristics of a subject at the level of DNA. Genetic information, for instance, could include a person's entire genome, their genetic markers, DNA information that can identify them, or information related to their characteristics or disease status.

Geographical Risk

Identifying geographic locations that may pose a higher risk is a core component of any risk assessment and the business division, unit or business line will seek to understand and evaluate the specific risks associated with doing business in, opening and servicing accounts, offering products and services and/or facilitating transactions involving certain geographic locations.

GESI

Gender Equality and Social Inclusion (GESI) relates to the two areas. Gender equality involves ensuring that opportunities are available equally to individuals regardless of gender. Social inclusion has a similar aim for those in traditionally disadvantaged groups, for example, those from low-income backgrounds.

GFC

Global Financial Crisis of 2008.

Grievance

A grievance is a complaint or problem arising in the course of your employment. It may relate to a dispute, a problem you're experiencing, unfair treatment relating to protected characteristics, a performance issue, or something else. Companies have grievance procedures which are designed to provide a course of action if matters cannot be resolved informally and to provide contact points and timescales for resolving concerns and issues internally. See also Disciplinary Action.

Halo Effect

The Halo Effect is a form of unconscious bias. This is where you make positive assumptions about people, which may or may not be accurate, without really knowing them. For example, once you learn something positive or impressive about them (eg they went to a particular university), you may automatically hold them in high regard and be 'blind' to others' skills. See also Horns Effect.

Harassment

The Equality Act 2010 in the UK defines harassment as unwanted conduct of a sexual nature (or related to gender reassignment, sex or another protected characteristic) that:

• Violates someone's dignity, or
• Creates an intimidating, hostile, degrading, humiliating or offensive environment

Such conduct is not limited to physical acts, e.g. assault, stalking, touching, hugging, groping, massaging, kissing, or indecent exposure, but also covers a wide range of behaviour.

Hawala banking

See Alternative Remittance Systems.

HCM

Human Capital Management

Heterosexual

Someone who is sexually attracted to people of the opposite gender.

Heterosexism

The assumption that all individuals are heterosexual or that the group of people who are not is so small as not to merit equal consideration. Heterosexists assert that this belief arises from the law, culture, and family.

HMRC

Her Majesty's Revenue & Customs (HMRC) is the supervisory authority for money service businesses not supervised by the Financial Conduct Authority (FCA), high-value dealers, trust or company service providers not supervised by the FCA or a professional body.

HMT

Her Majesty's Treasury is the UK government's economic and finance ministry, maintaining control over public spending, setting the direction of the UK's economic policy and working to achieve strong and sustainable economic growth.

HMT Sanctions

HMT sanctions list is a list of individuals and entities subjected to certain financial restrictions as part of the UK government domestic counter-terrorism regime policy. It also includes those individuals prohibited by the United Nations and/or European Union. A part of Her Majesty's Treasury is the Office of Financial Sanctions Implementation (OFSI) that enforces sanctions and ensures that they are carried out correctly.

Homophobia

Prejudice or discrimination based on someone's perceived or actual sexual orientation. This can range from taunts, jokes and graffiti, to discrimination, threats and physical violence. See also Homophobic Bullying.

Homophobic Bullying

A category of bullying characterised by hostility to a person based on their perceived or actual sexual orientation. Homophobic bullying may include verbal abuse, physical threats, unwanted physical contact or displays of offensive materials designed to intimidate. See also Homophobia.

Horns Effect

The horns effect is a form of unconscious bias. It is the opposite of the Halo effect. This is where you make negative assumptions about people, which may or may not be accurate without really knowing them. For example, once you learn something negative or unpleasant about them (eg they have a mannerism you find annoying or worked for a rival company in the past), you may struggle to judge them impartiality (on merit) or move beyond that. See also Halo Effect.

HSEQ

Health, Safety, Environment and Quality.

HSSE

Health, Safety, Security & Environmental.

Hundi

See Alternative Remittance Systems.

ID&V

Identification & Verification. The process to determine that a customer is who they say they are and live where they say they live.

Impairment

The specific nature or grounds on which a person is classified as disabled. For instance, a person might have a hearing, motor or speech impairment. Impairments may be physical or mental. They may be permanent and long term, or temporary.

IMOLIN

IMoLIN is the International Money Laundering Information Network, an Internet-based network assisting governments, organizations and individuals in the fight against money laundering. It was developed with the cooperation of the world's leading anti-money laundering organisations

Inclusion

Inclusion is about respecting and valuing people's differences and their contributions so they are able to reach their full potential. To do that, you need to create a supportive, collaborative environment which has everyone's full participation and confidence. You can foster a more inclusive workplace by being open to differences in beliefs and values and taking proactive steps to make people feel welcome. See also Diversity.

Indirect Discrimination

Indirect discrimination occurs when a policy, provision, criterion or requirement, even if applied equally to all, is particularly disadvantageous for people with a protected characteristic unless such a requirement is a proportionate means of achieving a legitimate aim (known as objective justification).

Examples include:

• Unnecessarily establishing a rule of minimum height that may exclude people of certain ethnic origins or women
• Requiring a fluent English speaker for a post that does not require this skill
• Not recognising overseas qualifications that are comparable with domestic qualifications

See also Direct Discrimination.

Information Commissioner's Office (ICO)

The Information Commissioner's Office is the supervisory authority under the data protection laws in the UK. It is non-departmental body that reports directly to the UK parliament. Data controllers and data processors in the UK need to register with the ICO and need to notify data breaches to the ICO.

Inequality

This refers to a lack of equality. For example, certain individuals or groups with protected characteristics may be treating less favourably, have fewer opportunities or experience less favourable outcomes than those that do not share those characteristics.

Insider Dealing

Also known as Insider Trading, it is the illegal practice of trading on the stock exchange to one's own advantage through having access to confidential information.

Insider Fraud

This is a term that is used to describe fraud that is committed against a business and the perpetrator is an employee or a group of workers. This could be anyone from a director to senior management to junior staff. Insiders that are looking to defraud the person that they work for may collude with people outside of the business or they may operate alone.

Institutional Racism

Coined by the MacPherson Report after the murder of Stephen Lawrence and the subsequent enquiry, institutional racism is where the policies, procedures and structures of an organisation discriminate against people on the grounds of race, ethnicity or national origin. Amendments were subsequently made to legislation making institutional racism unlawful. A public sector duty was also introduced requiring public sector organisations to eliminate discrimination, harassment, victimisation and other conduct prohibited under the Equality Act, and to promote equality of opportunity and good relations between people who share protected characteristics and those who do not.

Intersectional Discrimination (Intersectionality)

Also known as Combined Discrimination. This is where someone is discriminated against due to a combination of two or more protected characteristics. For example, a policy that prevented workers wearing headscarves specifically discriminates against Muslim women. Since this would not impact Muslim men or other women, it cannot be seen as purely sex or religious discrimination. Rather, it is the specific combination of being both Muslim and female.

Investment Fraud

Investors in the United Kingdom lose money every year due to share sale frauds and other scams that include, but are not limited to, rogue carbon credit schemes, Ponzi schemes, and land-banking frauds.

Islamophobia

Prejudice, harassment, abuse, discrimination, hatred, fear or bias towards those who follow Islam, of Muslims generally or towards people of Arabian or Asian origin, sometimes including those who do not follow Islam. See also Racism.

IOSH

The IOSH is the Chartered body and membership organisation for safety and health professionals.

JMLIT

The Joint Money Laundering Intelligence Taskforce (JMLIT) is a partnership between law enforcement and the financial sector to exchange and analyse information relating to money laundering and wider economic threats.

JMLSG

The Joint Money Laundering Steering Group (JMLSG) produces helpful guidance for the financial services industry on interpreting the MLR and setting out good practice in countering money laundering.

Justification

Companies may be required to demonstrate that their discriminatory actions or policies are lawful. A range of exceptions or justifications for discrimination is set out in the Equality Act 2010. See also Lawful Discrimination and Objective Justification.

KYC

Know Your Customer - ie having sufficient information as to the reasoning why a customer behaves in a certain way.

KYCC

Know Your Customer’s Customers.

KYCB

Know Your Correspondent Bank.

KYE

Know Your Employee.

Lawful Discrimination

The Equality Act sets out exceptions and specific circumstances in which organisations or public bodies may lawfully discriminate against individuals or groups with protected characteristics. For example, a women’s refuge may seek women only to support worker roles in this environment, or similarly, a male minister of religion may be appointed, such as a Catholic priest. See also Objective Justification.

Legality Principle

A legal paradigm that states that organisations should only use personal data on the grounds specified by GDPR. The legitimate use of data includes situations in which an individual gives their consent, there is a contract with the individual, or using data allows the organisation to comply with an existing legal obligation.

Like Work

This is one of the principles used to describe equal work with reference to equal pay. The others are Equivalent Work and Work of Equal Value. 'Like work' refers to work that is broadly similar or the same. Generally, it refers to work with similar tasks that require similar knowledge or skills. Any differences are not considered important. For example, women and men who work at a supermarket performing similar tasks with similar skill levels. See also Equivalent Work and Work of Equal Value.

LGBTQ

An acronym that stands for Lesbian, Gay, Bisexual, Transgender, and Queer. Variations may include LGTBQQIAAP, with the additional letters standing for Questioning, Intersex, Asexual, Ally and Pansexual. Most often, the abbreviation LGBT or LGBTQ+ is used to refer to individuals or groups with protected characteristics based on their sex and sexual orientation.

Market Abuse Regulation (MAR)

The Market Abuse Regulation (MAR) replaced the previous Market Abuse Directive and established a strengthened and expanded civil market abuse regime across the EU. MAR extended the market abuse regime so that it applies to more venues, more instruments, and more behaviours.

Market Manipulation

Market manipulation is a type of market abuse where there is a deliberate attempt to interfere with the free and fair operation of the market and create artificial, false or misleading appearances with respect to the price of, or market for, a product, security, commodity or currency.

Mansplaining

A pejorative term used to describe a man explaining something to a woman in an oversimplified, condescending or overconfident way, sometimes inaccurately.

MAR

The Market Abuse Regulation (MAR) replaced the previous Market Abuse Directive and established a strengthened and expanded civil market abuse regime across the EU. MAR extended the market abuse regime so that it applies to more venues, more instruments, and more behaviours.

Marriage & Civil Partnership

These are protected characteristics under the Equality Act 2010. It is against the law to discriminate against someone because of their marriage or civil partnership. Marriage is a union between a man and a woman, or between a same-sex couple. Same-sex couples can have their relationship legally recognised as a 'civil partnership'. Civil partners must not be treated less favourably than married couples unless this is allowed under the Equality Act (e.g. the purpose of employment is an organised religion, such as a Catholic priest).

Mass-Marketing Fraud

Member States

Countries that are part of the European Economic Area (or European Union) and subject to GDPR.

Meritocracy

The opportunity to be recognised and advance on merit, based on your talent, accomplishments, skills and ability.

#MeToo Movement

This is a movement against sexual harassment and sexual abuse which aims to empower (mostly) women to speak out about their experiences of sexual harassment at work, providing solidarity to others. The #MeToo hashtag was first used in 2006 on social media by Tarana Burke, an activist and sexual harassment survivor herself, who also founded the movement. It gained widespread international attention in October 2017 following the Harvey Weinstein case, which resulted in high-profile posts by celebrities, sparking outrage and dismissals. See also Black Lives Matter (BLM) Movement.

Minimisation Principle

Data processors should keep as little information on data subjects as possible and only collect data that they require for their processing. They should not seek out additional data that is not necessary for them to carry out their objectives.

MLRO

A Money Laundering Reporting Officer is responsible for making certain that measures for combating money laundering within the business are effective. Under the Proceeds of Crime Act (POCA), an MLRO is also typically the nominated officer.

Money Laundering

Money laundering is the process by which criminals conceal the origin of their proceeds of crime and integrate them into the formal economy.

Money Laundering Reporting Officer (MLRO)

A designated officer responsible for making certain that measures for combating money laundering within the business are effective. Under the Proceeds of Crime Act (POCA), an MLRO is also typically the nominated officer.

Money Laundering Regulations

Regulations that transpose the requirements of an EU Directive into UK law. The latest updated Money Laundering Regulations followed the 5th EU Money Laundering Directive with an update expected following the 6th EU ML Directive.

Moneyval

The Committee of Experts on the Evaluation of Anti-Money Laundering Measures and the Financing of Terrorism. A Council of Europe body that assesses compliance with AML/CFT standards.

Monitoring

MtF

An acronym that stands for Male-to-Female, referring to a person who was assigned male sex at birth but has a female gender identity and transitions to living as a woman. See also FtM.

National Crime Agency (NCA)

The organisation that leads the United Kingdom in fighting against organised and serious crime. It replaced the Serious Organised Crime Agency in October 2013.

National Origin

The country in which a person was born or the nation from which they originate: for example, Wales, India or China. Importantly, national origin is not the same as ethnic origin. A British citizen may have a national origin of England, Wales, Scotland, Jersey, and so on, depending on where they come from.

Nationality

The legal status of an individual stating that they are the citizen of a country and subject to its laws, especially while within its territories. Nationality is often stated on a person's passport. For example, someone who emigrates to Australia from the UK who applies for naturalisation and passes the citizenship test may have Australian nationality.

Natural Person

A natural person refers to an entity under the law classified as a human being. A non-natural person under the law could refer to an organisation, public or private, sometimes called a legal person.

NCA

The National Crime Agency is an organisation that leads the United Kingdom's fight against organised and serious crime. It replaced the Serious Organised Crime Agency in October 2013.

Non-binary Identity

The belief that a person may identify as somewhere in-between (or beyond) the two binary categories of man or woman. A person who is non-binary may not identify as strictly male or female, may switch between male and female, or may choose to identify as both or neither (agender). Gender is increasingly recognised as a spectrum. See also Binary Identity and Gender Identity.

Objective Justification

This is an exception or defence for applying a policy, rule, criterion or practise that would otherwise be unlawful. For example, advertising vacancies to include women-only or appointing only men to a specific role - such as a support worker in a women's refuge or a male attendant in an all-male changing room. Organisations must be able to demonstrate that the requirement is a proportionate means of achieving a legitimate aim. See also Lawful Discrimination.

OFAC

The Office of Foreign Assets Control (OFAC) of the US Department of the Treasury administers and enforces economic and trade sanctions based on US foreign policy and national security goals.

OFSI

The Office of Financial Sanctions Implementation (OFSI) helps to ensure that financial sanctions are properly understood, implemented and enforced in the United Kingdom. OFSI is part of HM Treasury.

OHS

Occupational health and safety (also OSH)

One-Stop-Shop

Many businesses have locations across a number of EU Member States. The One-Stop-Shop concept allows companies to deal with the lead GDPR regulator in their home country, not all regulators in all countries in which they operate.

OPBAS

The Office for Professional Body Anti-Money Laundering Supervision (OPBAS) is a regulator set up by the UK government to strengthen the UK's anti-money laundering (AML) supervisory regime and ensure the professional body AML supervisors provide consistently high standards of AML supervision.

Parental Consent

In the UK, only children aged 13 or over are able provide their own consent for processing their personal data. Under this age, it is necessary to obtain consent from whoever holds parental responsibility for them.

Parental Leave

This is leave that is granted to either parent to take care of a child. Typically, though not always, it follows a period of maternity leave.

Passive Bystander

A bystander is someone who witnesses an incident or event - for example, sexual harassment, prejudice or bias. A passive bystander is someone who decides not to act and ignores it. See also Active Bystander.

PEP

In financial regulation, a Politically Exposed Person (PEP) is one who has been entrusted with a prominent public function. A PEP generally presents a higher risk for potential involvement in bribery and corruption by virtue of their position and the influence that they may hold.

Perceptive Discrimination

A situation in which a person is discriminated against based on a protected characteristic they are thought to possess. For instance, an employer may deny someone a promotion because he perceives them to be transsexual, whether they are or not.

Personal Data

Personal data includes any data that a third-party could use to verify the identity of the data subject - the person to whom the data refers. It could consist of bank details, phone, numbers, addresses, names, photos or data gleaned from social networks.

Personal Data Breach

An event in which a subject's data is somehow lost, stored, disclosed or transmitted in a way that contravenes the GDPR. Personal data breaches can be either accidental or deliberate.

Politically Exposed Person (PEP)

In financial regulation, a politically exposed person is one who has been entrusted with a prominent public function. A PEP generally presents a higher risk for potential involvement in bribery and corruption by virtue of their position and the influence that they may hold.

Positive Action or Advantage

This refers to lawful action that may be taken by a company to remove barriers, redress imbalances or overcome disadvantages that people with protected characteristics (eg gender, race, disability) may face. For example, it could include positive steps to encourage under-represented individuals or groups to apply for a job or study at an educational establishment (such as targeted advertising at different groups). You need to ensure that any planned steps, interventions or initiatives are lawful. See also Positive Discrimination.

Positive Discrimination

Positive discrimination is the act of automatically favouring, without consideration of merit, individuals or groups with protected characteristics over others, whether in recruitment, education, or when accessing services. Examples include setting an arbitrary quota to appoint 10 BAME job candidates a month or excluding people who do not have the protected characteristic. Positive discrimination is unlawful under the Equality Act in the UK. See also Positive Advantage.

Pregnancy & Maternity

This is one of the protected characteristics under the Equality Act 2010. It is against the law to discriminate against someone on the grounds of pregnancy and maternity. Pregnancy is the condition of being pregnant or expecting a baby, while maternity is the period after the birth of a baby that is linked to maternity leave. Women are protected from discrimination up to 26 weeks after giving birth and are protected from less favourable treatment due to breastfeeding.

Prejudice

This refers to the act of judging someone or making (often negative) assumptions about them based on how they look or the group they belong to (e.g. all people with tattoos are poorly educated). See also Stereotypes, Bias and Unconscious Bias.

Predicate Offence

The Proceeds of Crime Act 2002 created a single set of money laundering offences applicable throughout the UK to the proceeds of all crimes. This is often known as a predicate offence. No conviction for the predicate offence is necessary for a person to be prosecuted for a money laundering offence.

Principles of Data Protection

A set of basic statements describing the spirit and purpose of the GDPR. The principles also set out the main objectives of the regulations and the mission of the public bodies that will enforce them across the EU.

Privacy by Design

A concept whereby organisations build privacy into their processes from the outset, reducing the likelihood of a data breach in the future. Privacy by design, for instance, could involve the development of technical systems that better protect subject data compared to existing protocols ahead of time, rather than waiting for a data breach to make changes.

Privacy Impact Statement

GDPR rules state that data controllers must create a privacy impact statement (also called a Data Protection Impact Assessment) whenever processing data that might present a privacy risk. Data processing could be a privacy risk because of its purposes, scope or nature.

Privacy Notice

A privacy notice is a document in which a data controller tells people what they'll be doing with their personal data and whom they'll share it with, etc.

Privacy Shield

The EU-US Privacy Shield is a scheme that is deemed by the European Commission to provides adequate protection to allow personal data to be transferred to entities in the United States that are registered under this scheme.

Visit the privacy shield website to verify if an organisation is registered.

Proceeds of Crime Act (POCA)

POCA sets out the legislative scheme for the recovery of criminal assets with criminal confiscation being the most commonly used power. Confiscation occurs after a conviction has taken place.

Processing

Production Order

Financial investigators are allowed to use production orders under the Proceeds of Crime Act 2002. These are used for the purpose of gathering information from financial companies about a person’s financial affairs.

Product Risk

Money laundering risk associated with a product or service. Banks must assess the money laundering risks for various products, ensuring that the control measures for different products are appropriate and that existing risks are brought under control.

Profiling

Profiling is a tool that attempts to use patterns in data to discern secondary information about a subject. Companies often use profiling to analyse employee behaviour, preferences or capacity to perform reliably at work.

Pronoun

The words used to describe someone's gender - for instance, "she/her" or "he/his". Increasingly, people are using gender-neutral language instead - such as "they/their" or "ze/zir". See Gender Expression.

Proportionate Means

The term 'Proportionate means of achieving a legitimate aim' is used as justification for discrimination in indirect discrimination or discrimination relating to disability. It describes the least harmful or least disruptive means to meet a lawful and valid aim. See Objective Justification.

Protected Characteristics

The Equality Act 2010 sets out nine protected characteristics: age, disability, gender reassignment, marriage or civil partnership, pregnancy and maternity, race, religion or belief (including non-belief), sex and sexual orientation. It is unlawful to discriminate against anyone on the grounds of the protected characteristics, or because of their association with someone in relation to the protected characteristics. See Direct Discrimination and Indirect Discrimination.

Pseudonymisation

A process that permits the processing of data such that the contents can no longer be traced back to the original data subject without the use of additional information. Organisations and data controllers who use pseudonymisation often keep identifiable and non-identifiable data separately.

Public Sector Equality Duty

A legal duty which requires public sector organisations, including hospitals, councils and local public service providers, to eliminate discrimination, harassment, victimisation and other conduct prohibited under the Equality Act, to promote equality of opportunity and to foster good relations between people who share protected characteristics and those who do not. Public sector organisations must consider how their decisions and policies might affect individuals and groups with protected characteristics. For instance, a public sector service should provide disability access to its premises. See also Equality Duty.

Purpose Limitation Principle

Data processors should only collect data for explicit, legitimate reasons and not use it in further ways that are not compatible with the initial purpose.

Pyramid & Ponzi Schemes

Fraudulent schemes promising unrealistically high returns or dividends that are not typically available through conventional investments. When the unsustainable supply of new investors naturally dries up, these schemes will collapse.

QARA

Quality Assurance and Regulatory Affairs.

QHSE

Quality, Health, Safety and Environment.

QMS

Quality Management System.

Quota

A pre-defined target or measure usually introduced to address gender inequality. Examples include a quota ensuring that 50% of a Parliament is made up of women or the '1 by 21' target outlined in the Parker Review requiring FTSE100 companies to appoint at least one board-level director from an ethnic minority background by 2021. See also Positive Action and Positive Discrimination.

Race

This is one of the protected characteristics under the Equality Act 2010. It is against the law to discriminate against someone on the grounds of race. This includes a person's race, colour, nationality (including citizenship), ethnic or national origins.

Racism

Discrimination, prejudice or treating someone less favourably on the grounds of their race, ethnicity or national origin. See also Institutional Racism.

Reasonable Adjustments

These are changes or adaptations that may be made to practices, criteria, provisions or a workplace for people with disabilities, pregnant workers or those undergoing gender reassignment to assist them at work or in relation to the use of services where they may otherwise be at a disadvantage. Companies and service providers have a duty to make reasonable adjustments. Examples include the provision of auxiliary aids, changes or adaptations to building access, providing leaflets in different formats (e.g. Braille, large print), or extending the time allowed to complete a written examination.

Record Keeping

The EU Money Laundering Directive and the money laundering regulations require accountants in practice to retain records of specific information for a period of 5 years from the end of a business relationship or the completion of an occasional transaction.

Rectification

Refugee

This is a person whose application for asylum under the United Nations Convention on the Status of Refugees 1951 has been granted. Refugees in the UK are initially granted five years' leave to remain and must apply for further leave after this time. See also Asylum Seeker.

Regulation (EU) 2016/679

The official regulation code for the EU General Data Protection Regulation (GDPR) approved by the European Parliament and Council on April 27, 2016. GDPR applies to member states without the need for national legislation implementation.

Religion or Belief

This is one of the protected characteristics under the Equality Act 2010. It is against the law to discriminate against someone on the grounds of their religion or beliefs. This refers to a person's religious and philosophical beliefs, including lack of belief - i.e. atheism. To be covered by the act, such belief should affect the way you live or your life choices.

Respect

This means taking other views and needs into account in the way you treat other people.

Restricted Transfers

GDPR puts in place restrictions for any organisation wanting to transfer data outside of the EEA. The rules define transfer as both the physical transportation of data outside of the EEA, but also remote viewing of EU data subjects' data by international third parties, eg by digital means.

Restriction on Processing

The act of marking stored data to prevent the further use or processing of that data in the future. A data controller, for instance, might restrict processing, if he or she believes that further use of the data might put the privacy of the owner at risk.

Right to Access

Data subjects have the right to access all the data that we hold on them. Such a request is called a Subject Access Request (SAR). It can be given to us verbally or in writing on paper or any online channel.

Right to be Forgotten

See Right to Erasure.

Right to be Informed

Data subjects have the right to be informed about the purpose for which we are holding and processing their personal data. This is typically done with a privacy notice.

Right to Data Portability

Right to Erasure

Data subjects have the right to the erasure of their data (also known as the right to be forgotten) unless we have a legitimate interest to hold the data.

Right to Object

If the data subject doesn't want their data to be used for a certain purpose - e.g. profiling - they have the right to object.

Right to Rectification

Right to Restrict Processing

In addition to the right to erasure, data subjects also have the right to restrict processing, whereby we may store the data but have to refrain from processing it.

Rights on Automated Decision Making & Profiling

Risk Assessment

A money laundering risk assessment is an analytical process applied to a business to measure the likelihood or probability that the business will unwittingly engage in money laundering or financing of terrorism.

RSPO

Roundtable on sustainable palm oil.

RIDDOR

The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations were enacted in 1995.

Sanctions and Anti Money Laundering Act

The Sanctions and Anti-Money Laundering Act 2018 (SAMLA 2018) is enabling legislation to allow the UK to impose economic and other sanctions, and money laundering and terrorist financing regulations, after the departure from the EU.

Sanctions Lists

See OFAC, EU Sanctions, HMT Sanctions

SAR

Suspicious Activity Reports are made to the NCA about suspicions of terrorist financing or money laundering.

SEF

Sensitive Personal Data

Any form of personal data that the GDPR consider uniquely special or sensitive. These data include information relating to religious affiliation, sexual orientation, ethnic and racial origins, trade union membership, and biometric/DNA data that could identify a person.

Sex

This is one of the protected characteristics under the Equality Act 2010. It is against the law to discriminate against someone on the grounds of their sex (gender). So, for example, a company cannot treat women less favourably than men, or vice versa (such as offering women free entry to a club but making men pay). It is also unlawful to restrict employment to one gender unless an exception applies under the Equality Act 2010 - e.g. appointing a woman in a domestic violence refuge, an attendant in a female changing room, or a male rabbi in an orthodox synagogue. (This is known as an objective justification).

Sexism

Discrimination, prejudice or treating someone less favourably on the grounds of their sex (gender). Historically, women have faced discrimination and limited opportunities on the grounds of their gender in relation to employment, pay, voting rights, etc. However, men can also be affected.

Sexual Harassment

This is where someone with a protected characteristic is subjected to unwanted behaviour and is of a sexual nature which:

• Violates their dignity
• Creates an intimidating, hostile, degrading, humiliating or offensive environment
• It can include verbal, non-verbal or physical conduct.

While the person's perception of the conduct is key, consideration must also be given to whether it is reasonable for the conduct to have that effect.

Sexual Orientation

This is one of the protected characteristics under the Equality Act 2010. It is against the law to discriminate against someone on the grounds of sexual orientation. This refers to whether a person is sexually attracted towards their own sex, the opposite sex or both sexes.

Share Sale Fraud

Share scams tend to be run from what is known as 'boiler rooms'. Here, fraud criminals will cold-call investors offering them shares that are overpriced, worthless, or do not even exist.

SHEQ

Similarity Bias

Similarity bias (also known as Affinity Bias) is a form of unconscious bias. It's our tendency to gravitate towards people who are just like us, who look and talk like us, are from the same social background, share the same interests, etc. We may actively avoid or even dislike people who aren’t the same.

Sixth Money Laundering Directive (6MLD/6AMLD/AMLD6)

An EU directive that looks beyond the mechanics of compliance and instead focuses on tackling the heinous crimes enabled by money laundering (including trafficking, bribery, and so on). It empowers firms to implement AML systems that truly protect the innocent. Its transposition deadline was 3rd December 2020.

Social Model Of Disability

A broader definition of disability than the one included in the Equality Act 2010. The Social Model of Disability encourages making adjustments to all aspects of society and the environment to accommodate people with disabilities. This contrasts with the Medical Model of Disability which generally focuses on impairment and what people with disabilities cannot do.

Special Category Data

See Sensitive Personal Data.

SQE

Stereotype

This is a fixed, often negative impression that all people who belong to a certain group are the same. Large groups of people (sometimes with the same protected characteristics) are assumed to have the same traits or characteristics. Stereotypes may be positive (e.g. “All people who wear glasses are smart”) but are often negative (e.g. “All people with tattoos are poorly educated”, “All young people who wear hoodies are thugs”, etc.). See also Prejudice.

STOR Regime

The Suspicious Transaction & Order Reports (STOR) regime requires that regulated entities detect and report any suspicious behaviour or activity which is in the scope of MAR, specifically market abuse and insider trading.

Storage Limitation Principle

The storage limitation principle states that data controllers must only retain information for as long as they need it for processing purposes. Data controllers should not keep personal data for longer than is necessary. Long-term storage is only permitted for public interest archiving or statistical research purposes.

STR

Subject Access

GDPR rules state that subjects have the right to access their personal data held by a data controller. A subject can request a data controller to give them access to any personal data that they hold.

Subject Access Request (SAR)

A subject access request is a request for access made by the data subject. The GDPR does not specify how to make a valid request. Therefore, it could be verbal or in writing. It can be made to any part of the organisation - it does not have to be to a specific person or contact point. It doesn't even need to formally say 'subject access request'. As long as it is clear that the individual is asking for their own personal data, the organisation needs to recognise it as a SAR and respond to it within one month. Unless the request is manifestly unfounded or excessive or repetitive, the organisation cannot charge a fee.

Supervisory Authority

Suspicious Activity Report (SAR)

A report that is made to the NCA about suspicions of terrorist financing or money laundering. This is commonly known as SAR.

Territorial Scope

The term territorial scope refers to the geographic region over which the EU GDPR rules apply. Currently, GDPR encompasses the European Economic Area (EEA), which includes all current 28 EU member states. It also covers additional territories, including Norway, Lichtenstein and Iceland. It does not include Switzerland.

Terrorism Act

The Terrorism Act 2000 was designed as a consolidating provision, drawing together previous anti-terror laws into a single code that would not require renewal or re-enactment. The Act criminalises the financing of terrorism and requires organisations to actively prevent terrorist sponsors from using their operations for funnelling money to terrorist cells.

Terrorist Finance

The provision of funds or other assets for supporting terrorist ideology, individual operations, or a terrorist infrastructure. This is applicable to both international and national terrorism.

Thematic Review

An approach by the FCA to assess a current or emerging risk relating to an issue or product across a number of firms within a sector or market.

Third Party

In the context of GDPR, a third party is any person who legitimately interacts with protected data and is neither a data subject nor a data controller. Third parties receive authorisation to process or view data from either the data controller or the data subject.

Third-Party Harassment

This is where a third party - such as an employee or service user - is a victim of harassment by someone who is not a member of the organisation or company with whom they have their primary relationship. A worker, for example, could face third-party harassment from one of our customers or suppliers.

Tipping Off

The Proceeds of Crime Act creates the offence of making a disclosure likely to prejudice a money-laundering investigation being undertaken by law enforcement authorities.

Trade Surveillance

Trade surveillance encompasses process and technology that detect trading rule violations.

Transaction Monitoring

Transaction monitoring refers to the monitoring of customer transactions, including assessing historical/current customer information and interactions to provide a complete picture of customer activity.

Transparency International (TI)

Transparency International is a non-governmental organization whose non-profit purpose is to take action to combat global corruption with civil societal anti-corruption measures and to prevent criminal activities arising from corruption.

Transparency Principle

The notion that data controllers should give data subjects data on request that is accessible, understandable, intelligible and provided in written form. Thus, data subjects should be able to understand the data the organisations or data controllers have about them and be able to make requests based on those data.

Trans

An umbrella term to describe people whose gender is not the same as, or does not sit comfortably with, the sex they were assigned at birth.

Trans people may describe themselves using one or more of a wide variety of terms, including (but not limited to) transgender, transsexual, gender-queer (GQ), gender-fluid, non-binary, gender-variant, crossdresser, genderless, agender, nongender, third gender, bi-gender, trans man, trans woman, trans masculine, trans feminine and neutrois.

See also Gender Identity, Non-binary Identity, MtF and FtM, Gender Dysphoria and Gender Recognition Act.

Transphobia

Prejudice or discrimination based on someone's perceived or actual gender identity or gender expression.

UBO

UWO

Ultimate Beneficial Owner (UBO)

The person or entity that is the ultimate beneficiary of the company. Certain financial and other organisations, including banks, currency exchange offices and insurers, are subject to mandatory disclosure of the UBO if doing business with any party.

Unconscious Bias

Unconscious bias (also known as Implicit Bias or Hidden Bias) is a form of subconscious prejudice or belief which may relate to the protected characteristics. We all have the tendency to make 'snap' decisions, assumptions or judgments about people or events subconsciously, based on our past experiences and background. This can sometimes lead to stereotyping or certain individuals or groups being disadvantaged. It is important to be aware of your own unconscious (hidden) biases. You can do this by taking an Implicit Association Test (IAT). See also Bias.

Unexplained Wealth Order (UWO)

An unexplained wealth order (UWO) is a type of court order issued by a British court to compel the target to reveal the sources of their unexplained wealth.

Vicarious Liability

This is a legal stipulation that makes employers also liable for breaches of the Equality Act by their employees unless the organisation can prove that it took all reasonable measures to prevent discrimination and harassment. Companies must prove that the person who broke the law was acting under their own volition. See also Third-Party Harassment.

Victimisation

Victimisation occurs when a person is treated less favourably because they have made or supported a complaint or grievance under the Equality Act, or are suspected of doing so.

Examples include:

• An employee's promotion is blocked after they supported a colleague's race discrimination case
• A retailer refuses to serve a former employee who previously complained about sexual harassment
• An employee is treated less favourably because they have given evidence at a disciplinary hearing or tribunal case
• A worker who made a successful claim for age discrimination is turned down for a job because a second employer thinks she may "cause trouble" there too

Verification

A term used to describe the process of making certain that a beneficial owner or customer is whom they claim they are. The Money Laundering Regulations demand the verification of a person’s identity as per Regulation 28. This must be done with information or documents that are obtained from a reliable source that is independent of the individual whose identity is subject to verification. This includes documents that are made available or issued by an official body even if they are made available or provided by a company or on behalf of the consumer. This also refers to making certain that the beneficial owner is checked in a manner that the company is satisfied that they know exactly who the beneficial owner is.

Vulnerable Customers

Customers who are more vulnerable than others, for example, due to their state of mental capacity, or having been diagnosed with a terminal illness. The category and level of data that a firm could now hold on a customer, could far exceed their original expectations and be far more reaching into the personal life of the customer than they initially had established data storage and retention controls for.

Whistleblowing

Whistle-blowing is the act of telling the authorities or the public that the organization you are working for is doing something immoral or illegal. It is compulsory for companies in many sectors to have a whistleblowing policy and protective measures for a whistleblower.

WHS

Workplace Health & Safety.

Wire Transfers

Electronic transmission of funds among financial institutions on behalf of themselves or their customers. Wire transfers are financial vehicles covered by the regulatory requirements of many countries in the anti-money laundering effort.

Wolfsberg Group

Named after the castle in Switzerland where its first working session was held, the Wolfsberg Group is an association of global financial institutions, including Banco Santander, Bank of America, Bank of Tokyo-Mitsubishi UFJ, Barclays, Citigroup, Credit Suisse Group, Deutsche Bank, Goldman Sachs, HSBC, J.P. Morgan Chase, Société Générale, Standard Chartered Bank and UBS. In 2000, along with Transparency International and experts worldwide, the institutions developed global anti-money laundering guidelines for international private banks