Skip to content
CityLearning

Compliance glossary

Compliance glossary: UK financial services terms explained

Plain-English definitions of the key terms UK regulated firms need to know — from MLRO and SAR to SM&CR, Consumer Duty and operational resilience. Each entry sets out the regulatory basis and links to the training that helps your team understand it.

A

  • AML — Anti-Money Laundering

    Anti-money laundering (AML) is the discipline of preventing, detecting and reporting the use of the financial system to launder criminal proceeds. In the UK it is given legal force chiefly by the Proceeds of Crime Act 2002 and the Money Laundering Regulations 2017, supervised for most regulated firms by the FCA.

    Financial crime
  • AML/CFT — Anti-Money Laundering and Counter-Terrorist Financing

    AML/CFT is the combined discipline of preventing money laundering and the financing of terrorism. The FATF-derived term reflects that firms run a single integrated control framework — risk assessment, customer due diligence, monitoring and reporting — to detect and deter both the laundering of criminal proceeds and the funding of terrorism.

    Financial crime

B

  • Beneficial ownership

    A beneficial owner is the natural person who ultimately owns or controls a customer, or on whose behalf a transaction is conducted. Under the Money Laundering Regulations 2017, firms must identify beneficial owners — generally those holding more than 25% of shares or voting rights — as part of customer due diligence.

    Financial crime

C

  • CASS — Client Assets Sourcebook

    CASS is the FCA Handbook sourcebook that protects client money and custody assets held by regulated firms. Its core regimes — CASS 6 for safe custody assets and CASS 7 for client money — require segregation, reconciliation and clear record-keeping so that, if a firm fails, clients' money and assets can be returned quickly and in full.

    Regulatory & conduct
  • CDD — Customer Due Diligence

    Customer due diligence (CDD) is the set of checks UK regulated firms must carry out to identify and verify customers, understand the nature of the relationship, and identify any beneficial owners. Required under the Money Laundering Regulations 2017, CDD is the baseline AML control applied to every business relationship.

    Financial crime
  • Certification Regime — Certification Regime under SM&CR

    The Certification Regime is the element of SM&CR covering employees who are not senior managers but whose roles could pose significant harm to the firm or its customers. Firms must assess these individuals as fit and proper and issue a certificate confirming this at least annually, under section 63E of FSMA 2000.

    Regulatory & conduct
  • COBS — Conduct of Business Sourcebook

    COBS is the FCA Handbook sourcebook governing how investment firms conduct designated investment business with clients. It implements the UK's onshored MiFID conduct requirements and covers client categorisation, suitability and appropriateness, disclosure, inducements, best execution and communications with clients.

    Regulatory & conduct
  • COCON — Code of Conduct sourcebook

    COCON is the FCA's Code of Conduct sourcebook — the rulebook that sets the individual Conduct Rules binding on Senior Managers, Certified Persons and all Conduct Rules staff at SMCR firms. It is the mechanism through which SM&CR holds individuals, not just firms, personally accountable for their conduct.

    Regulatory & conduct
  • Conduct risk

    Conduct risk is the risk that the behaviour of a firm or its employees — in how they sell products, treat customers, or make decisions — leads to poor outcomes for customers or markets. It arises from culture, incentives, governance and individual judgement, and sits at the centre of the FCA's supervisory approach.

    Regulatory & conduct
  • Conduct Rules — Individual Conduct Rules under SM&CR

    The Conduct Rules are the minimum standards of individual behaviour that apply to nearly everyone working in an FCA or PRA regulated firm under SM&CR. Set out in the Code of Conduct (COCON) sourcebook of the FCA Handbook, they comprise Tier 1 rules applying to almost all staff and Tier 2 rules applying additionally to senior managers.

    Regulatory & conduct
  • Consumer Duty

    The Consumer Duty (FCA Policy Statement PS22/9) is the FCA's framework for the standard of care UK regulated firms owe to retail customers. Built around a Consumer Principle to deliver good outcomes, it is supported by three cross-cutting rules and four outcomes. It came into force on 31 July 2023.

    Regulatory & conduct
  • Cross-cutting Rules

    The Cross-cutting Rules are the three foundational obligations of the FCA's Consumer Duty that apply across all four outcomes. Firms must act in good faith, avoid causing foreseeable harm, and enable customers to pursue their financial objectives. They set the standard against which all firm conduct toward retail customers is assessed.

    Regulatory & conduct

D

  • De-risking

    De-risking is the practice of declining or terminating business relationships with whole categories of customer to avoid, rather than manage, money-laundering risk. The FCA has warned that blanket de-risking is inconsistent with the risk-based approach required by the Money Laundering Regulations 2017.

    Financial crime
  • DPIA — Data Protection Impact Assessment

    A Data Protection Impact Assessment (DPIA) is a documented process for identifying and minimising the data protection risks of a project. Under Article 35 of the UK GDPR, a DPIA is mandatory where processing is likely to result in a high risk to the rights and freedoms of individuals.

    Data & operational

E

  • EDD — Enhanced Due Diligence

    Enhanced due diligence (EDD) is the additional customer due diligence UK regulated firms must apply to higher-risk customers, relationships or transactions under the Money Laundering Regulations 2017. Regulation 33 specifies when EDD is mandatory, including PEPs, correspondent banking, and dealings involving high-risk third countries.

    Financial crime

F

  • FATF — Financial Action Task Force

    The Financial Action Task Force (FATF) is the intergovernmental body that sets global standards for combating money laundering, terrorist financing and proliferation financing. Its 40 Recommendations shape the UK's Money Laundering Regulations 2017, and its lists of high-risk jurisdictions drive enhanced due diligence requirements.

    Financial crime
  • FCA — Financial Conduct Authority

    The Financial Conduct Authority (FCA) is the UK's conduct regulator for around 42,000 financial services firms and the prudential regulator for most of them. It operates under the Financial Services and Markets Act 2000 (FSMA), with a strategic objective of ensuring markets work well and three operational objectives: consumer protection, market integrity and effective competition.

    Regulatory & conduct
  • FCA Handbook — The FCA Handbook of rules and guidance

    The FCA Handbook is the compendium of rules and guidance made by the Financial Conduct Authority under powers in the Financial Services and Markets Act 2000. It is organised into blocks covering high-level standards, prudential standards, business standards, regulatory processes, redress and specialist sourcebooks, and is the primary source of the binding obligations on UK regulated firms.

    Regulatory & conduct
  • Financial crime — Financial crime (UK regulatory meaning)

    Financial crime is an umbrella term for offences involving money or financial markets. In the UK regulatory sense it is defined broadly in section 1H of the Financial Services and Markets Act 2000 to include fraud, dishonesty, market abuse, handling the proceeds of crime, and financing terrorism, and is addressed in the FCA's Financial Crime Guide.

    Financial crime
  • Financial promotion — Financial promotion regime (section 21 FSMA 2000)

    A financial promotion is any invitation or inducement to engage in investment activity communicated in the course of business. Under section 21 of the Financial Services and Markets Act 2000, such communications are prohibited unless made or approved by an FCA-authorised person, or covered by an exemption.

    Regulatory & conduct
  • Financial sanctions — UK financial sanctions

    UK financial sanctions are restrictions — typically asset freezes and prohibitions on making funds available — imposed on designated persons, entities or regimes. They are administered and enforced by the Office of Financial Sanctions Implementation (OFSI), with their statutory basis primarily in the Sanctions and Anti-Money Laundering Act 2018.

    Financial crime
  • Fit and proper test — Fit and Proper test for Approved Persons and certified staff

    The fit and proper test is the FCA and PRA standard a firm must apply when assessing whether an individual is suitable to hold a senior management function or a certified role under SM&CR. Set out in the FIT sourcebook of the FCA Handbook, it focuses on three areas: honesty, integrity and reputation; competence and capability; and financial soundness.

    Regulatory & conduct
  • Four Outcomes

    The Four Outcomes are the specific areas of firm conduct addressed by the FCA's Consumer Duty: products and services, price and value, consumer understanding, and consumer support. Firms must achieve good outcomes for retail customers across all four areas and monitor and evidence this on an ongoing basis.

    Regulatory & conduct
  • Front-running — Front-running (trading ahead of client orders)

    Front-running is the practice of dealing for one's own account ahead of a client or pending order, exploiting advance knowledge of that order to gain at the client's expense. In the UK it can amount to market abuse under UK MAR and breaches conduct duties under the FCA's MiFID II conflicts and best-execution rules.

    Financial crime

G

  • Greenwashing

    Greenwashing is the practice of making misleading or unsubstantiated claims about the environmental or sustainability credentials of a financial product or firm. Under the FCA's anti-greenwashing rule (effective May 2024) and Sustainability Disclosure Requirements, firms must ensure all sustainability references are fair, clear and not misleading.

    Regulatory & conduct

I

  • Inside information — Inside information (Article 7 UK MAR)

    Inside information is information of a precise nature, not made public, relating to one or more issuers or financial instruments, which if made public would be likely to have a significant effect on the price of those instruments. It is defined in Article 7 of the UK Market Abuse Regulation.

    Financial crime

J

  • JMLSG — Joint Money Laundering Steering Group

    The JMLSG is the UK financial industry body that issues guidance on compliance with the Money Laundering Regulations for financial services firms. Its guidance is recognised by the FCA as the benchmark for what constitutes appropriate AML/CFT compliance, and the standard against which the regulator assesses firm practice.

    Financial crime

K

  • KYB — Know Your Business

    Know Your Business (KYB) is the customer due diligence process applied to corporate and other legal-entity customers. It requires firms to identify and verify the entity, understand its ownership and control structure, and identify its beneficial owners under Regulation 28 of the Money Laundering Regulations 2017.

    Financial crime
  • KYC — Know Your Customer

    Know Your Customer (KYC) is the process of identifying and verifying a customer's identity and understanding the nature of the business relationship before and during onboarding. In the UK it forms the core of the customer due diligence obligations under the Money Laundering Regulations 2017.

    Financial crime

M

  • Management Responsibility Map — Management Responsibility Map

    A Management Responsibility Map (MRM) is a firm-level document required of Enhanced SM&CR firms and dual-regulated firms, setting out how the overall business is governed, how Senior Management Functions relate to each other, and how Prescribed Responsibilities are allocated across the Senior Manager population.

    Regulatory & conduct
  • MAR — Market Abuse Regulation

    The UK Market Abuse Regulation (MAR) is the legal framework prohibiting insider dealing, unlawful disclosure of inside information, and market manipulation in UK financial markets. Retained and adapted after Brexit, it is enforced by the FCA and applies to financial instruments traded on UK venues and related behaviours.

    Financial crime
  • Market manipulation — Market manipulation (Article 12 UK MAR)

    Market manipulation is conduct that distorts, or is likely to distort, the price or trading of financial instruments. Defined in Article 12 of the UK Market Abuse Regulation, it includes misleading transactions, price positioning, dissemination of false information and benchmark manipulation, and is prohibited by Article 15.

    Financial crime
  • MLRO — Money Laundering Reporting Officer

    The Money Laundering Reporting Officer (MLRO) is the individual in a UK regulated firm responsible for receiving internal suspicion reports from staff, deciding whether to submit a Suspicious Activity Report to the National Crime Agency, and overseeing the firm's anti-money laundering framework.

    Financial crime
  • MLRs 2017 — The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017

    The Money Laundering Regulations 2017 (MLRs 2017) are the primary UK framework setting out what regulated firms must do to prevent money laundering and terrorist financing. They mandate a risk-based approach, customer due diligence, ongoing monitoring, record-keeping, internal controls and the appointment of an MLRO and nominated officer.

    Financial crime
  • Money laundering

    Money laundering is the process of disguising the proceeds of crime so they appear to have a legitimate origin. It is criminalised in the UK by the Proceeds of Crime Act 2002 and is conventionally understood in three stages: placement, layering and integration.

    Financial crime

N

  • Non-Financial Misconduct

    Non-financial misconduct (NFM) is serious bullying, harassment or violence in a financial services firm. Under FCA rule COCON 1.1.7FR, effective 1 September 2026, NFM is explicitly within the scope of COCON at all SMCR firms, and can constitute a breach of Individual Conduct Rules 1 and 2.

    Regulatory & conduct

O

  • OFSI — Office of Financial Sanctions Implementation

    The Office of Financial Sanctions Implementation (OFSI) is the part of HM Treasury responsible for implementing and enforcing UK financial sanctions. It maintains the UK consolidated list of sanctioned persons and entities, issues guidance and licences, and investigates and enforces breaches of the sanctions regime.

    Financial crime
  • Operational resilience

    Operational resilience is a UK regulated firm's ability to prevent, adapt to, respond to, recover from and learn from operational disruptions. Under the FCA and PRA framework (Policy Statement PS21/3), firms must identify important business services, set impact tolerances, and stay within them through severe but plausible disruption.

    Data & operational

P

  • PEP — Politically Exposed Person

    A politically exposed person (PEP) is an individual who holds, or has held within the past 12 months, a prominent public function — such as a head of state, minister, senior judge or senior military officer. Under the Money Laundering Regulations 2017, firms must apply enhanced due diligence when dealing with PEPs.

    Financial crime
  • POCA 2002 — Proceeds of Crime Act 2002

    The Proceeds of Crime Act 2002 (POCA) is the primary UK statute that creates the money laundering offences, establishes the suspicious activity reporting (SAR) regime, and provides for criminal asset recovery. Breaching POCA carries criminal liability for individuals, not just the firm.

    Financial crime
  • PRA — Prudential Regulation Authority

    The Prudential Regulation Authority (PRA) is the UK's prudential regulator for banks, building societies, credit unions, insurers and major investment firms. Part of the Bank of England, it operates under the Financial Services and Markets Act 2000 with a general objective of promoting the safety and soundness of the firms it supervises.

    Regulatory & conduct
  • Prescribed Responsibilities

    Prescribed Responsibilities (PRs) are a defined set of accountability areas that SM&CR firms must allocate to specific Senior Managers. Each PR must be held by a named individual with an approved Senior Management Function. PS26/6 from April 2026 allows PRs to be split across multiple SMFs and allocated beyond the standard examples.

    Regulatory & conduct
  • Proliferation financing

    Proliferation financing is the provision of funds or financial services for the manufacture, acquisition or transfer of weapons of mass destruction in breach of international law or sanctions. Since 2022, UK firms must specifically assess and mitigate proliferation-financing risk under the Money Laundering Regulations 2017.

    Financial crime

R

  • Reasonable steps — Reasonable steps (SM&CR duty of responsibility)

    Reasonable steps is the standard at the heart of the SM&CR duty of responsibility: a senior manager can be held personally liable if a regulatory breach occurs in their area of responsibility and they did not take the steps a person in their position could reasonably be expected to take to prevent it.

    Regulatory & conduct
  • Risk-based approach

    The risk-based approach is the principle that AML/CFT resources should be focused in proportion to the money-laundering and terrorist-financing risks a firm faces. In the UK it is mandated by Regulation 18 of the Money Laundering Regulations 2017, which requires every firm to carry out and document a written risk assessment.

    Financial crime

S

  • SAR — Suspicious Activity Report

    A Suspicious Activity Report (SAR) is a report a UK regulated firm submits to the National Crime Agency under the Proceeds of Crime Act 2002 when it suspects that funds are the proceeds of crime, or that a transaction relates to money laundering or terrorist financing.

    Financial crime
  • Senior Managers Regime — Senior Managers Regime (SMR)

    The Senior Managers Regime (SMR) is the element of SM&CR that applies to the most senior decision-makers in a regulated firm. It requires FCA or PRA pre-approval for individuals performing a Senior Management Function, a Statement of Responsibilities for each, allocation of Prescribed Responsibilities, and imposes a statutory duty of responsibility.

    Regulatory & conduct
  • SM&CR — Senior Managers and Certification Regime

    The Senior Managers and Certification Regime (SM&CR) is the FCA and PRA's framework for personal accountability in UK regulated firms. It has three elements: the Senior Managers Regime, the Certification Regime, and the Conduct Rules. It replaced the Approved Persons Regime.

    Regulatory & conduct
  • SMF — Senior Management Function

    A Senior Management Function (SMF) is a controlled function under SM&CR that carries such significant influence over a regulated firm that the individual performing it must be approved by the FCA or PRA before taking up the role. Each SMF holder must have a Statement of Responsibilities and is subject to the duty of responsibility.

    Regulatory & conduct
  • Source of funds

    Source of funds refers to the origin of the specific money used in a particular transaction or relationship, while source of wealth concerns how a customer's overall assets were accumulated. Establishing both is a core element of enhanced due diligence under Regulation 33 of the Money Laundering Regulations 2017.

    Financial crime
  • Statement of Responsibilities — Statement of Responsibilities

    A Statement of Responsibilities (SoR) is an FCA-required document specifying which Senior Management Functions and Prescribed Responsibilities a Senior Manager holds. It defines the individual's personal accountability under SM&CR and must be kept current. PS26/6 allows solo-regulated firms to batch SoR submissions every six months.

    Regulatory & conduct
  • STOR — Suspicious Transaction and Order Report

    A Suspicious Transaction and Order Report (STOR) is a report a firm must submit to the FCA under the UK Market Abuse Regulation when it has reasonable suspicion that a transaction or order may involve insider dealing or market manipulation. It is the market-abuse equivalent of an AML Suspicious Activity Report.

    Financial crime
  • SYSC — Senior Management Arrangements, Systems and Controls

    SYSC is the FCA Handbook sourcebook setting out the senior management arrangements, systems and controls a regulated firm must have. It covers governance, risk management, compliance, internal audit and, for many firms, the SM&CR and Conduct Rules provisions that underpin individual accountability.

    Regulatory & conduct

T

  • TCF — Treating Customers Fairly

    Treating Customers Fairly (TCF) is the FCA's long-standing initiative requiring regulated firms to embed fair treatment of customers throughout their business, built around six consumer outcomes. It is rooted in Principle 6 of the Principles for Businesses and has, for retail customers, largely been superseded and raised by the Consumer Duty.

    Regulatory & conduct
  • Terrorist financing

    Terrorist financing is the provision or collection of funds intended to be used for terrorism, whether the funds are of legitimate or criminal origin. It is criminalised in the UK by the Terrorism Act 2000 and, unlike money laundering, focuses on the destination of funds rather than their source.

    Financial crime
  • Three Lines of Defence

    The Three Lines of Defence is the governance model used by regulated financial services firms to structure risk management and oversight. The first line (business functions) owns and manages risk; the second line (risk and compliance) provides oversight and challenge; the third line (internal audit) provides independent assurance to the board.

    Regulatory & conduct
  • Threshold transactions

    Threshold transactions are transactions at or above a defined monetary value that trigger specific AML obligations. The UK has no general mandatory cash-reporting threshold like the US; instead, defined thresholds — such as the EUR 10,000 high-value-dealer trigger in the Money Laundering Regulations 2017 — prompt customer due diligence and treat large cash as a risk indicator.

    Financial crime
  • Tipping off

    Tipping off is a criminal offence under the Proceeds of Crime Act 2002 committed when someone discloses, to the subject of a Suspicious Activity Report or anyone else, information likely to prejudice a money-laundering investigation. It exists to stop suspects being warned that a SAR has been or may be filed.

    Financial crime
  • Transaction monitoring

    Transaction monitoring is the ongoing scrutiny of customer transactions to identify activity inconsistent with a firm's knowledge of the customer and its risk profile. It is a core ongoing-monitoring obligation under Regulation 28(11) of the Money Laundering Regulations 2017 and underpins the detection of suspicious activity.

    Financial crime

U

  • UK GDPR — UK General Data Protection Regulation

    The UK GDPR is the UK's primary data protection law, formed by retaining the EU GDPR in domestic law after Brexit and reading it alongside the Data Protection Act 2018. It governs the processing of personal data, sets out six lawful bases and data subject rights, and is enforced by the Information Commissioner's Office (ICO).

    Data & operational

W

  • Whistleblowing — Whistleblowing (protected disclosures)

    Whistleblowing is the reporting of suspected wrongdoing — such as breaches of regulatory requirements or financial crime — by a worker. In the UK, qualifying disclosures are protected from detriment and dismissal under the Public Interest Disclosure Act 1998, and FCA-regulated firms must operate whistleblowing arrangements under SYSC 18.

    Regulatory & conduct

Turn definitions into training

CityLearning's UK compliance courses explain these terms in the context of your team's day-to-day decisions. Book a demo to see how.