You manage obligations that entail your liability and shape your internal controls, and govern your KYC reviews and determine your ability to justify your decisions to regulators. We have designed this financial compliance glossary to help you clarify the concepts ofAML, KYC and AML-CFT, to standardize internal practices, and to link each term to a specific operational action. French authorities expect formalized formalized, documented and proportionate to the risk. The DORA has been in effect since January 17, 2025 to the financial entities concerned.
At AP Solutions IO, we know that an imprecise term has immediate consequences: a poorly classified client file, a misprioritized alert, an incomplete due diligence review, or an inadequately documented sanctions control system. Under these circumstances, dialogue with theaudit or ongoing monitoring becomes more difficult. We have therefore structured this page as a go-to editorial resource, designed for immediate operational use. It helps you address your AML-CFT compliance, KYC, KYB, KYT, sanction detection, transaction monitoring andauditability within a consistent and actionable framework.
We apply the same approach to our solutions: Augmented Intelligence, Glass Box, decision traceability, 100% hosting in France, interoperable SaaS architecture via API, with over 90 configurable criteria and reduction in false positives of up to 98% depending on the use case. This glossary helps you establish a common language. Our suite then helps you translate that into methodology, evidence, and operational management.
A-D: ACPR, AML, risk-based approach, auditability, beneficial owner, Black Box, money laundering, risk mapping, compliance, COSI, UNSC, suspicious activity report, DORA, due diligence
ACPR
ThePrudential Supervision and Resolution Authority oversees, in particular, the banking and insurance sectors. It supervises institutions within its scope and may impose sanctions for violations, including those related to AML-CFT. Its role, its sanctioning power, and its compliance expectations have a direct impact on the organization of regulated institutions.
AML
Anti-Money Laundering refers to the the fight against money laundering. In everyday usage, this term refers to all measures for detection and monitoring designed to manage financial and reputational risks. Within the French and European regulatory framework, this approach directly aligns with the obligations set forth by the AML-CFT.
Risk-based approach
This method involves tailoring due diligence measures based on the customer’s profile, the nature of the transaction, the geographic location, the channel through which the relationship was established, and the detected indicators. It structures the prioritization of controls and determines the frequency of reviews. In practice, it only achieves its full potential through rigorously designed and managed AML-CFT risk mapping that is rigorously constructed and managed.
Auditability
In terms of compliance, theAuditability refers to the ability to demonstrate, with supporting documentation, why a decision was made, based on what criteria, and following what approval process. At AP Solutions IO, this aspect plays a central role in our Glass Boxapproach. Its importance grows even further when documentation, transparency and system oversight are being strengthened.
Beneficial owner
The beneficial owner is the natural person who ultimately owns or controls an entity or transaction. Incomplete identification weakens the AML, disrupts risk analysis, and weakens justifications in the event of an audit. This concept becomes central when it comes to document the identification, control, and actual structure of a company.
Black Box
A logic Black Box produces results that are difficult to explain. Yet your teams need to be able to understand the origin of a score, a filter, or an alert. This lack of transparency quickly becomes a weak point for theaudit, internal control , and governance compliance tools, particularly when it is necessary to clearly distinguish between a Glass Box from a non-explainable model.
Money laundering
Money money laundering aims to conceal the illicit origin of funds or assets to make them appear legitimate. This concept underpins all due diligence, monitoring of transactions and reporting to TRACFIN. It can also be understood through its mechanisms, stages, and red flags that should trigger a more in-depth analysis.
Risk mapping
The Risk mapping formalizes your organization’s exposures by customer type, product, country, channel, transaction, and circumvention scenario. It forms the foundation of the vigilance policy, scoring , and ongoing monitoring. Any serious approach to AML-CFT relies on this structured formalization of risks.
Compliance
The term “compliance,” often used as a synonym for conformity, refers to the framework established to meet regulatory, internal, and industry-specific obligations. In practice, it does not merely refer to a set of rules. It also involves demonstration, governance, tools and execution capacity.
COSI
The systematic communications of information are regulated transmissions addressed to TRACFIN regarding certain flows or transactions specified by law. They are transmitted via the ERMESplatform, just like certain reports or suspicious activity reports. Their proper implementation requires a clear understanding of the reporting process and the expected traceability requirements.
UNSC
The United Nations Security Council may adopt restrictive measures that subsequently give rise to implementation obligations regarding asset freeze. For your teams, this requires a thorough review of regulatory sources and continuous updating of reference materials. This coordination is crucial when it comes to identifying obligations related to international sanctions.
Report of a Suspicion
The suspicion report is the mechanism through which regulated professionals submit reports to TRACFIN information regarding suspicious or atypical transactions. Its quality depends on the relevance of the analysis, the consistency of the narrative, and the traceability of the reasoning. More broadly, it is part of a sound understanding of how TRACFIN and best reporting practices.
DORA
The Rules DORA, for Digital Operational Resilience Act, regulates digital operational resilience of the financial entities concerned. It has been in effect since January 17, 2025 and strengthens requirements related to the management of risks associated with information and communication technologies, incidents, testing and third-party technology providers. It thus redefines a significant portion of the expectations placed on the digital governance of financial institutions.
Due diligence
Due Due Diligence refers to the checks performed to assess a client, partner, transaction, or third party before a decision is made. In financial compliance, it feeds into KYC, KYB, sanctions list screening, detection ofPEP , and country risk assessment. It is most effective when based on a clear methodology, solid evidence, and appropriate tools.
E-K: EBA, embargo, ERMES, EU AI Act, false positives, screening, FATF, asset freeze, Glass Box, KYB, KYC, KYS, KYT
EBA
TheEuropean Banking Authority is involved in the development and coordination of the European prudential framework. Within the scope of DORA, it publishes reports and guidance useful to financial institutions subject to the regulation. Its role is part of the regulatory framework supporting the practical implementation of digital operational resilience.
Embargo
Theembargo is a restrictive measure that prohibits or limits certain trade, goods, technologies, or services with a country, a sector, or a category of recipients. For you, the challenge lies in the relationship between sectoral embargo, counterparty screening and asset freeze. This area requires reliable, continuous, and legally transparent controls.
ERMES
Secure Messaging Information Exchange is the online platform used to transmit to TRACFIN suspicion reports or information, as well as COSI. Its use requires clear internal procedures and a standardized format for reported cases. It is part of a reporting system that demands consistency, security, and high-quality writing.
EU AI Act
The European regulation onartificial intelligence introduces a risk-based approach, with documentation, transparency, human supervision and monitoring for certain systems. For a RegTech, this framework reinforces the value of explainable AI and traceable. The requirement for explainability becomes not only technical but also strategic in terms of compliance.
False positives
A false positive occurs when an alert is triggered but no actual risk is confirmed after analysis. Their accumulation ties up teams, lengthens response times, blurs the hierarchy of priorities, and increases alert fatigue. The challenge, then, is to reduce false positives in AML without compromising the expected level of vigilance.
Filtering
The filtering involves comparing a name, entity, vessel, country, or operation against reference lists, watchlists , or risk criteria. Its effectiveness depends on the quality of the sources, the configuration, and theexplainability of the engine. When it comes to sanctions, its robustness directly determines the relevance of the screening.
FATF
The Financial Action Task Force sets the international benchmarks for combating money laundering, terrorist financing, and proliferation financing. Its recommendations provide a lasting framework for the expectations placed on governments and, as a direct result, on your internal systems. Their scope is also measured through gray and blacklists and their concrete impact on compliance obligations.
Asset freeze
The asset freeze prohibits the provision of funds or economic resources to designated persons or entities. In France, these measures take effect immediately and are based in particular on the national registry maintained by the Directorate General of the Treasury. Their implementation requires strict coordination between obligations, controls, and traceability.
Glass Box
A logic Glass Box explains the result produced by the tool, the weighting applied, the source used, and the trace retained. At AP Solutions IO, this approach meets a very practical need: to enable you to defend your decisions during anaudit, the inspection and regulators, while leaving the final decision to humans.
KYB
Know Your Business aims to identify and assess a legal entity : structure, executives, Beneficial Owners, business activity, country, exposure to sanctions, and risk level. It forms the foundation for establishing and maintaining a controlled business relationship. Its scope is particularly significant when it comes to securing a relationship with a company.
KYC
Know Your Customer refers to the verification of a customer’s identity, document consistency, profile, and risk. A robust process must remain transparent, traceable, and aligned with the risk map. Its quality is measured by its ability to integrate obligations, control steps, and compliance tools.
KYS
Know Your Supplier refers to the evaluation of suppliers and service providers. This aspect is becoming increasingly important as compliance chains rely on APIs, third-party data, technology providers and increased obligations regarding document resilience.
KYT
Know Your Transaction refers to the analysis of a transaction based on its amount, frequency, destination, context, and unusual nature. It is one of the pillars of transaction monitoring and transaction monitoring. Its effectiveness depends largely on the ability to prioritize alerts with precision.
L-P: AML-CFT, sanctions list, monitoring, OFAC, onboarding,PEP, high-risk countries, legal entity, risk profile, sanctions screening
AML-CFT
The anti-money laundering and counter-terrorism financing encompasses all obligations designed to prevent, detect, analyze, and report certain risks and transactions. For you, it involves governance, vigilance, monitoring, reporting, internal control and accountability. It thus takes the form of a coherent set of obligations, methods, and control points.
List of sanctions
A sanctions list lists individuals, entities, vessels, or organizations subject to restrictive measures. Its effective use requires reliable updates, a relevant matching logic, and rigorous management of homonyms. Its implementation therefore requires careful oversight of controls and alert management.
Monitoring
The monitoring, understood as continuous monitoring, encompasses the tracking of business relationships, risk events, changes in documentation, and operations. At AP Solutions IO, it is part of a real-time, configurable and readable, powered by AP Monitoring.
OFAC
TheOffice of Foreign Assets Control of the U.S. Treasury administers and enforces U.S. economic and financial sanctions. Even when you operate primarily within a European framework, exposure to OFAC remains a matter of concern for groups, dollar-denominated flows, and certain counterparties. The issue takes on particular significance when it comes to accurately documenting sanctions controls.
Onboarding
TheOnboarding refers to the process of establishing a relationship with a client or partner. This is the stage where the identification process, document collection, and initial scoring, and sanctions screening, and the verification of PEP and the formalization of the level of vigilance.
PEP / PEP
A politically exposed person presents a specific level of exposure that warrants appropriate, enhanced, and documented vigilance. The guidelines issued by French authorities explicitly address this issue. Your teams must therefore rely on a stable, consistent, and traceable method capable of providing a framework for the operational handling of this sensitive status.
High-risk countries
At the European Union level, certain third countries have been identified as having strategic deficiencies in AML-CFT. Entities subject to the European framework must apply enhanced vigilance to transactions involving these jurisdictions. This requires a clear understanding of the official lists, the criteria used, and their integration into the scoring.
Legal entity
A legal entity is an entity with legal personality, distinct from the natural persons who manage or own it. Accordingly, its classification affects the KYB, the identification of the beneficial owner, scoring and the depth of the checks.
Risk profile
The risk profile summarizes the level of exposure of a client, a company, a country, a transaction, or a third party. It must be explainable, dated, revisable, and based on clear criteria to be defensible in an audit.
Sanctions screening
The sanctions screening involves comparing customer, third-party, or transaction data against relevant sanctions lists. Its value depends less on the volume of alerts generated than on the accuracy of the engine and the quality of the reasoning behind it.
R–Z: UBO registry, national asset freeze registry, remediation, GDPR, RCCI / RSCI / MLRO, sanctions, scoring, transaction monitoring, TRACFIN, UBO, due diligence, enhanced due diligence, WHOIS, compliance workflow
UBO Registry
The acronym UBO refers to Ultimate Beneficial Owners, that is, the Beneficial Owners. For your teams, this concept helps align a company’s apparent structure with its actual control. It becomes crucial whenever it is necessary to document the identification and effective control of an entity.
National Freeze Registry
In France, the Directorate General of the Treasury maintains a national registry listing the asset freeze measures applicable within the country. This tool must be integrated into screening procedures and audit logs. Its use is part of an approach designed to ensure that asset freeze obligations and asset traceability remain fully under control.
KYC remediation
The KYC remediation involves updating customer files that have become incomplete, inconsistent, outdated, or insufficiently documented under current regulations. This is often one of the most sensitive tasks prior to an audit, a system migration, or a regulatory review. Its success depends heavily on the method chosen and the tools used to bring the files up to standard.
GDPR
The General Data Protection Regulation regulates the processing of personal data in the European Union. In accordance with this, it requires a strict separation between necessary collection, legal basis, retention period, security and document governance. This requirement is fully reflected in the way KYC must be designed and documented.
RCCI / RSCI / MLRO
Depending on the organization, these roles are responsible for—or at the very least coordinate—part of the compliance, audit, or anti-money laundering framework. The key point remains the same: having tools capable of documenting decision-making processes, streamlining reviews, and supporting regulatory compliance.
International financial sanctions
The international financial sanctions encompass restrictive measures adopted at the national, European, or international level to prohibit, restrict, or regulate certain flows, transactions, or the provision of resources. Their implementation requires reliable data, up-to-date lists, and a robust verification mechanism. Any organization subject to these measures must therefore have a thorough understanding of the applicable framework, the risks involved, and the management procedures.
Sector-specific sanctions
The sectoral sanctions target specific sectors, goods, technologies, or services. They often require a more nuanced analysis than simple name-based filtering, as the assessment must take into account the nature of the product, the country involved, the intended use, and, in some cases, the supply chain.
Scoring
The Scoring involves assigning weights to various criteria in order to produce a usable risk hierarchy. At AP Solutions IO, we approach it from an explainable, configurable and auditable, powered by AP Scoring.
Transaction Monitoring
The Transaction monitoring aims to identify unusual, inconsistent, or potentially suspicious transactions based on rules, scenarios, alerts, and contextual analysis. It is a cornerstone of the detection system and the ability to report to TRACFIN. Its effectiveness also depends on a KYT capable of better prioritizing alerts.
TRACFIN
TRACFIN is the financial intelligence unit attached to the Ministry of Economy and Finance. It receives and analyzes information provided by regulated professionals and contributes to the fight against illicit financial networks, money laundering, and terrorist financing. Its role is not limited to receiving reports; it also establishes best practices for reporting information.
UBO
Ultimate Beneficial Owner is the English equivalent of beneficial owner. This term frequently appears in international databases, group processes, and international standards. It must therefore be clearly defined and standardized in internal procedures.
Vigilance
The Due Diligence encompasses all checks performed at the outset of a business relationship and throughout its duration. It is only fully effective if each measure can be linked to the appropriate risk level and to relevant supporting evidence. Its effectiveness depends on a system of controls that is clear, proportionate, and justifiable.
Heightened vigilance
The increased vigilance applies when the risk increases, for example in the presence of a PEP, a high-risk country, an atypical transaction, or a structure that is difficult to interpret. It requires more thorough verification, more robustly documented reasoning, and an appropriate level of escalation.
WHOIS
The WHOIS refers to directory services and data related to domain names and certain Internet resources. As such, it can assist in investigations concerning a e-commerce site, a counterparty or a suspicious digital scheme, provided that it is aligned with current restrictions on access to registration data.
Compliance Workflow
The compliance workflow refers to the processing chain that links data collection, filtering, scoring, analyst review, validation, escalation, and archiving. When it remains transparent, well-equipped, and traceable, it reduces operational friction and strengthens regulatory defense capabilities.
How this glossary can benefit your organization
This page is more than just a simple glossary. It was designed to serve as a powerful tool for aligning language, methods and tools. When your teams accurately apply the concepts of KYC, PEP, and asset freezing, sanctions screening, and DORA, and GDPR or TRACFIN, they make decisions with greater rigor and provide better justification for their decisions. They also cooperate more effectively with legal, IT, internal control, and audit.
We apply the same high standards to our modules AP Scan, AP Scoring, AP Monitoring and AP Filter. Our approach Glass Box allows you to understand why an alert is triggered, what source is feeding it, which criteria are factored into the score, and what decision was recorded in the audit trail. This approach becomes even more important as regulatory expectations regarding documentation, human oversight, digital resilience and data protection.
If you would like to convert this financial compliance glossary into an operational tool, we can assist you. AP Solutions IO offers you a French RegTech solution designed for large enterprises and ME companies. Hosted in France, API-interoperable, multilingual, no-code and updated every four months, it is designed to enhance the auditability of your systems, the traceability of your decisions, and control over your false positives.
