Glossary

RegTech & FinTech Glossary

47 articles, grouped into six clusters: AML & KYC, money-laundering patterns, market abuse, regulations & frameworks, crypto & Web3, and RegTech & reporting. Use the sidebar or filter (Ctrl+K) to jump straight to a term.

AML & KYC

Anti-Money Laundering (AML)

The body of laws, controls and procedures financial institutions must implement to detect and prevent the conversion of criminal proceeds into apparently legitimate funds.

Customer Due Diligence (CDD)

The baseline level of customer scrutiny required for any new business relationship - identification, purpose-of-relationship understanding and ongoing monitoring.

Enhanced Due Diligence (EDD)

An elevated set of due-diligence measures applied when the customer, jurisdiction or transaction is assessed as high-risk under the risk-based approach.

Know Your Business (KYB)

KYC applied to a legal entity - verifying the company itself, its directors, its authorised signatories and, critically, its ultimate beneficial owners.

Know Your Customer (KYC)

The process of identifying and verifying the identity of a customer at onboarding and over the lifecycle of the relationship - the entry point to any AML programme.

Politically Exposed Person (PEP)

An individual entrusted with prominent public functions - and their family and close associates - who must be treated as higher-risk by default.

Sanctions Screening

Comparing customer, counterparty and transaction data against official sanctions lists to prevent business with designated persons, entities or jurisdictions.

Ultimate Beneficial Owner (UBO)

The natural person who ultimately owns or controls a legal entity - directly, indirectly or through chains of ownership - and on whose behalf transactions are conducted.

Money Laundering Patterns

The final stage of laundering: re-introducing now-obscured funds into the legitimate economy through assets, businesses or investments.

The second stage of the classic money-laundering model - moving funds through a maze of transactions, jurisdictions and instruments to obscure their origin.

Real bank or crypto accounts opened in the name of a third party - knowingly or under deception - and used to receive and forward criminal proceeds.

The first stage of money laundering: moving criminal proceeds into the regulated financial system - typically the riskiest moment for the launderer.

A legal entity with no significant operations, employees or assets - used legitimately for holding structures, and abusively to obscure beneficial ownership.

A laundering technique where a large sum is broken into many smaller deposits - each below reporting thresholds - and channelled through multiple individuals or accounts.

Designing transactions specifically to fall below regulatory reporting or due-diligence thresholds - a criminal offence in its own right under most major regimes.

Trade-Based Money Laundering (TBML)

Laundering value through international trade - manipulating invoice prices, quantities or descriptions to move funds across borders under the cover of legitimate commerce.

Market Abuse

Executing one's own trade ahead of a known incoming order - exploiting privileged knowledge of order flow at the expense of the disadvantaged participant.

Insider Trading

Trading a financial instrument on the basis of material, non-public information - or unlawfully disclosing such information to a third party.

Market Manipulation

Any conduct that artificially affects the price, supply or volume of a financial instrument away from its fair, market-driven level.

A market-manipulation scheme that artificially inflates the price of an asset through false hype, then sells holdings at the elevated price to retail buyers.

Submitting and immediately cancelling huge volumes of orders to slow other participants' systems, mask intent or create noise that benefits the issuer.

Placing large orders with no intention to execute, to mislead other participants about supply or demand, then cancelling before they fill.

Suspicious Transaction & Order Report (STOR)

The mandatory regulatory filing made by investment firms, venues and crypto-asset service providers when they identify activity that may amount to market abuse.

Buying and selling the same instrument with no change in beneficial ownership, creating misleading appearance of activity, volume or price.

Regulations & Frameworks

The international regulatory framework for bank capital, leverage and liquidity - the post-2008 reform that shapes how every modern bank operates.

DORA - Digital Operational Resilience Act

The EU regulation imposing ICT risk management, incident reporting, resilience testing and third-party oversight requirements on financial entities - applicable since 17 January 2025.

The EU General Data Protection Regulation - the global benchmark for personal-data protection, materially shaping how AML, KYC and surveillance systems handle data.

Market Abuse Regulation (MAR)

The EU regulation prohibiting insider dealing, unlawful disclosure of inside information and market manipulation - applicable to financial instruments and, via MiCA, to crypto-assets.

MiCA - Markets in Crypto-Assets

The EU's comprehensive framework regulating crypto-asset issuers and service providers - stablecoins, utility tokens and the CASP licensing regime - fully applicable since 30 December 2024.

The EU framework governing investment firms, trading venues and the secondary market for financial instruments - the regulatory bedrock under which much of modern European finance operates.

PSD2 (and PSD3)

The EU's payment-services framework - governing payment institutions, strong customer authentication and open banking access - currently being updated to PSD3 / PSR.

Travel Rule (FATF R.16)

The FATF requirement that originator and beneficiary information "travels" with every cross-border transfer above thresholds - extended to crypto under EU Regulation 2023/1113.

Crypto & Web3

The compound risk - exploit, custody, sanctions, AML - associated with cross-chain bridges that move value between independent blockchains.

CASP - Crypto-Asset Service Provider

The EU's MiCA-licensed counterpart to the FATF VASP - a single-passport regime covering exchange, custody, execution, advice, transfer, placement and portfolio management of crypto-assets.

MEV - Maximal Extractable Value

The value that can be extracted by reordering, inserting or censoring transactions within a block - a structural feature of public blockchains with major market-abuse implications.

Mixers & Tumblers

Services that obscure the on-chain link between source and destination of cryptocurrency - heavily used in laundering, ransomware and sanctions evasion.

On-Chain Forensics

The discipline of investigating and attributing cryptocurrency transactions - clustering addresses, tracing flows and producing evidentiary outputs for regulators, courts and counterparties.

An exit scam in which the developers of a crypto project drain liquidity, sell their pre-mine or disable the contract, leaving holders with worthless tokens.

Stablecoin (ART & EMT)

A crypto-asset designed to maintain stable value relative to a fiat currency, basket or other reference - split under MiCA into asset-referenced tokens (ART) and e-money tokens (EMT).

VASP - Virtual Asset Service Provider

The FATF term for any business providing virtual-asset services - exchange, transfer, custody, issuance, financial services around an ICO - and the foundation of global crypto-AML regulation.

RegTech & Reporting

Currency Transaction Report (CTR)

A threshold-based currency-transaction filing required when a single or aggregated cash transaction exceeds a regulatory cap - the US benchmark is $10,000.

FATF - Financial Action Task Force

The intergovernmental body that sets the global standard for AML, CFT and counter-proliferation-financing - its 40 Recommendations underpin almost every national AML framework.

MLRO - Money Laundering Reporting Officer

The named individual responsible for the AML programme of an obligated entity - receiver of internal disclosures, signer of SARs, and the regulator's first port of call.

Technology used by regulated entities to meet regulatory obligations more efficiently - the supply-side counterpart to SupTech, which is technology used by regulators.

Risk-Based Approach (RBA)

The foundational AML/CFT principle: institutions allocate compliance effort proportionate to the assessed risk of each customer, product, channel and geography.

Suspicious Activity Report (SAR)

The mandatory report filed with a Financial Intelligence Unit when an obligated entity has knowledge, suspicion or reasonable grounds to suspect that funds are linked to criminal activity.

Transaction Monitoring

The continuous, rule- and analytics-driven surveillance of customer transactions to detect patterns consistent with money laundering, terrorist financing or fraud.