5AMLD is the successor to the EU's Fourth Anti-Money Laundering Directive ("4AMLD") which has been operative since June 26, 2017. 5AMLD is perceived as being the EU's reaction to the terrorist attacks which occurred across Europe in 2016. 


Anti-Money Laundering (AML) rules refer to the process of detecting and reporting suspicious activity related to offenses of money laundering and terrorist financing (i.e. securities fraud and market manipulation). All financial firms must comply with the Bank Secrecy Act and its Anti-Money Laundering rules. 


Created in 1974, the Commodity Futures Trading Commission (CFTC) is an independent agency of the U.S. government responsible for regulating the U.S. derivatives markets including futures, swaps, and options.


Compliance refers to the process of being in accordance with established guidelines or legal specifications based upon where your business operates.

compliance audit

A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines. Independent auditors evaluate the overall strength and thoroughness of compliance preparedness and execution, reviewing security policies, user access controls, and risk management procedures, amongst others. 

compliance burden

Compliance burden, also called regulatory burden, is the administrative cost of a regulation in terms of dollars, time and complexity.

compliance framework

A compliance framework is a structured set of guidelines that details an organization's processes for maintaining accordance with established regulations, specifications or legislation.

compliance risk

Compliance risk is exposure to legal penalties, financial forfeiture, and material loss an organization faces should it fail to act in accordance with industry laws, regulations, internal policies or prescribed best practices.

corporate governance

Corporate governance is a term that refers broadly to the rules, processes or laws by which businesses are operated, regulated and controlled. The term can refer to internal factors defined by the officers, stockholders or constitution of a corporation, as well as to external forces such as consumer groups, clients and government regulations.


The financing of terrorism involves providing direct finances, or financial support, to individual terrorists or non-state actors. Some countries maintain a list of terrorist organizations and have money laundering laws, which are also used to combat providing finance for those organizations. This dynamic process is referred to as Counter Terrorism Financing (CTF).

Dodd-Frank Act

The Dodd-Frank Act (officially known as the Dodd-Frank Wall Street Reform and Consumer Protection Act) is a U.S. federal law that places regulation of the financial industry in the hands of the government. The legislation, enacted in July 2010, aims to prevent another significant financial crisis by creating new financial regulatory processes that enforce transparency and accountability while implementing rules for consumer protection.


Founded in 1989 by the G7, the Financial Action Task Force (FATF) is an intergovernmental organization responsible for developing policies to combat money laundering. 


The Foreign Corrupt Practices Act (FCPA) is a federal law enacted in 1977 to prohibit companies from paying bribes to foreign government officials and political figures for the purpose of obtaining business.


The Financial Crimes Enforcement Network (FinCEN) is a bureau of the U.S. Department of the Treasury that collects and analyzes information about financial transactions in order to combat domestic and international money laundering, terrorist financing, and other financial crimes.

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a legal framework that sets new guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR lays out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based. The GDPR applies to all organizations that deal with EU citizen data, making it a critical regulation for corporate compliance officers at banks, insurers, and other financial organizations. 


HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996.

HHS initiated 5 rules to enforce Administrative Simplification: (1) Privacy Rule, (2) Transactions and Code Sets Rule, (3) Security Rule, (4) Unique Identifiers Rule, and (5) Enforcement Rule. The HIPAA Privacy Rule regulates the use and disclosure of protected health information (PHI) by "covered entities."


Know Your Customer (KYC) is the process of a business verifying the identity of its clients and assessing their suitability, along with the potential risks of illegal intentions towards the business relationship.


Open-source intelligence (OSINT) is data collected from publicly available sources to be used in an intelligence context. In the intelligence community, the term "open" refers to overt, publicly available sources (as opposed to covert or clandestine sources).


The Office of Foreign Assets Control (OFAC) is a financial intelligence and enforcement agency of the U.S. Treasury Department. It administers and enforces economic and trade sanctions in support of U.S. national security and foreign policy objectives.

regulatory compliance

Regulatory compliance is an organization's adherence to laws, regulations, guidelines and specifications relevant to its business. Violations of compliance regulations often result in legal punishment, including federal fines.

Sarbanes-Oxley Act (SOX)

The Sarbanes-Oxley Act of 2002 (S)X) is legislation passed by the U.S. Congress to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise, as well as improve the accuracy of corporate disclosures. The U.S. Securities and Exchange Commission (SEC) administers the act, which sets deadlines for compliance and publishes rules on requirements.

Suspicious Activity Report (SAR)

A Suspicious Activity Report (SAR) is a tool provided under the Bank Secrecy Act (BSA) for monitoring suspicious activities that would not ordinarily be flagged under other reports (such as the currency transaction report). The SAR is the standard form to report suspicious activity.

An activity may be included in the SAR if the activity gives rise to a suspicion that the account holder is attempting to hide something or make an illegal transaction.

travel rule 

A Bank Secrecy Act (BSA) rule [31 CFR 103.33(g)]—often called the “Travel” rule—requires all financial institutions to pass on certain information to the next financial institution, in certain funds transmittals involving more than one financial institution.


Virtual Asset Service Provider (VASP) 

FATF defines a Virtual Asset Service Provider (VASP) as any natural or legal person who is not covered elsewhere under the Recommendations, and as a business conducts one or more of the following activities or operations for or on behalf of another natural or legal person: 

  • exchange between virtual assets and fiat currencies; 

  • exchange between one or more forms of virtual assets; 

  • transfer of virtual assets; 

  • safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets;

  •  and participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.