50% Rule

Persons whose property and interests in property are blocked pursuant to an Executive order or regulations administered by OFAC (blocked persons) are considered to have an interest in all property and interests in property of an entity in which such blocked persons own, whether individually or in the aggregate, directly or indirectly, a 50 percent or greater interest. Consequently, any entity owned in the aggregate, directly or indirectly, 50 percent or more by one or more blocked persons is itself considered to be a blocked person.

Aggregate Ownership

Aggregate Ownership means with respect to any Shareholder or group of Shareholders, and with respect to any class of Company

Also Known As

AKA

Acronym for “also known as,” commonly used on sanctioned entities or persons lists in reference to an alias or multiple aliases or multiple spellings of an individual’s name.

Anti-Money Laundering

AML

This describes the efforts of the private and public sector to prevent and deter money laundering.

Beneficial owner

Refers to the natural person(s) who ultimately owns or controls a customer and/or the natural person on whose behalf a transaction is being conducted. It also includes those persons who exercise ultimate effective control over a legal person or arrangement.

BIS-748P

BIS’s “Multipurpose Application Form,” which can be used for requesting authority to export or reexport, or to request BIS to classify your item. Requirements for submitting a license application are detailed in Part 748 of the EAR.

Board Member

BRD

Represents members of the supervisory board, board of directors or management board of State-Owned Companies

Business Entity

It is an organization created by one or more natural persons to carry on a trade or business. These include corporations, cooperatives, partnerships, sole traders, limited liability company and other specifically permitted and labelled types of entities.

Chief Compliance Officer

CCO

Corporate official in charge of overseeing and managing compliance issues within an organization, ensuring the company is complying with regulatory requirements and company employees are complying with internal policies and procedures.

Common Foreign and Security Policy of the European Union.

CFSP

The organized, agreed foreign policy of the EU for mainly security and defense diplomacy and actions.

Compliance (Internal & External)

Internal compliance assures adherence to the rules, regulations, and best practices as defined by internal policies, and external compliance which is the practice of following the laws, guidelines, and regulations imposed by external governments, industries, and organizations.

Compliance Framework

A compliance framework is a structured set of guidelines that details an organization's processes for maintaining accordance with established regulations, specifications or legislation.

Compliance Officer

CO

A compliance officer is a corporate officer who ensures that a company complies with its outside regulatory and legal requirements as well as internal policies and bylaws.

Compliance Risk

Compliance risk is exposure to legal penalties, financial forfeiture and material loss an organization faces when it fails to act in accordance with industry laws and regulations, internal policies or prescribed best practices.

Corporate Governance

Corporate governance is a term that refers broadly to the rules, processes or laws by which businesses are operated, regulated and controlled. The term can refer to internal factors defined by the officers, stockholders or constitution of a corporation, as well as to external forces such as consumer groups, clients and government regulations.

Corrective Action

An aspect of quality management that aims to rectify a task, process, product, or even a person's behavior when any of these factors produce errors or have deviated from an intended plan. It can be thought of as an improvement to an organization to eliminate undesirable effects.

Cybersecurity

The state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this.

Data Breach

An incident in which sensitive, protected, or confidential data has potentially been viewed, stolen, or used by an individual unauthorized to do so.

Doing Business As

DBA

Term used to describe an entity’s business or trade name, meaning “doing business as” (such as ABC Corporation, dba John’s Autoparts). The term is used in watchlists with sanctioned entities or persons.

FATF 8 Special Recommendations on Terrorist Financing

The Eight Recommendations were issued by the FATF in October 2001 and set out the basic framework for combating terrorist financing. They required implementation of a range of measures, including taking immediate steps to ratify the 1999 United Nations Convention for the Suppressing of the Financing of Terrorism and the relevant United Nations Resolutions; criminalizing the financing of terrorism, terrorist acts and terrorist organizations; freezing and confiscating their assets; and providing the widest possible range of assistance to other countries’ law enforcement and regulatory authorities for terrorist investigations.

FATF Recommendations

Officially called The International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation, these recommendations issued by the FATF set out a comprehensive and consistent framework of measures which countries should implement in order to combat money laundering and terrorist financing, as well as the financing of proliferation of weapons of mass destruction. There are some Recommendations that are related to sanctions, which are set out in Section C of the FATF Recommendations.

Fraud

A deception deliberately practiced in order to secure unfair or unlawful gain.

Freezing

This means to prohibit the transfer, conversion, disposition or movement of any funds or other assets that are owned or controlled by designated persons or entities on the basis of, and for the duration of the validity of, an action initiated by the United Nations Security Council or in accordance with applicable Security Council resolutions by a competent authority or a court. As part of the implementation of a freeze, countries may decide to take control of the property, equipment, instrumentalities, or funds or other assets to protect against flight.

General Data Protection Regulation

GDPR

A set of rules designed to give EU citizens more control over their personal data. It's the core of Europe's digital privacy legislation.

Governance, Risk and Compliance

GRC

A strategy for managing an organization's overall governance, enterprise risk management and compliance with regulations.

Information Security Management System

ISMS

A set of policies and procedures for systematically managing an organization's sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.

Internal Audit

Internal audits evaluate a company’s internal controls, including its corporate governance and accounting processes. They ensure compliance with laws and regulations and help to maintain accurate and timely financial reporting and data collection. Internal audits also provide management with the tools necessary to attain operational efficiency by identifying problems and correcting lapses before they are discovered in an external audit.

Know Your Customer or Know Your Client

KYC

Know Your Customer or Know Your Client, also called Customer Due Diligence. The term describes a set of money laundering control and sanctions compliance policies and procedures that are used to determine the true identity of a customer/client and the type of activity that will be “normal and expected” for the customer, and to detect activity that should be considered “unusual” for the particular customer.

OFAC Fifty Percent Rule

Entities that a person on the OFAC SDN List owns (defined as a direct or indirect ownership interest of 50% or more) are also blocked, regardless of whether that entity is separately named on the SDN List.

OFAC Interpretive guidance

OFAC Interpretive guidance

OFAC issues interpretive guidance on specific issues related to the sanctions programs it administers. These interpretations of OFAC policy are sometimes published in response to a public request for guidance or may be released proactively by OFAC in order to address a complex topic.

OFAC Penalty

OFAC can impose hefty penalties for violations of sanctions programs. Depending on the program, criminal penalties for willful violations can include fines ranging up to $20 million and imprisonment of up to 30 years. Civil penalties for violations of the Trading With the Enemy Act can range up to $65,000 for each violation. Civil penalties for violations of the International Emergency Economic Powers Act can range up to $250,000 or twice the amount of the underlying transaction for each violation. Civil penalties for violations of the Foreign Narcotics Kingpin Designation Act can range up to $1,075,000 for each violation. Potential criminals violations may be referred to the Department of Justice.

Personally Identifiable Information

PII

PII is any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered PII.

Red Flag Indicators

Published by BIS, a checklist of things to look for in export transactions to help identify possible violations of the EAR and export to unauthorized End-users.

Restrictive Measures

Official terms for sanctions in the European Union. Restrictive measures against third countries, individuals or entities, are an essential EU foreign policy tool that it uses to pursue objectives in accordance with the principles of the Common Foreign and Security Policy (CFSP). Certain EU measures are imposed by Resolutions adopted by the UN Security Council under Chapter VII of the UN Charter. The EU may however decide to apply autonomous measures in addition to the UN’s measures or adopt restrictive measures autonomously. In general terms, the EU imposes its restrictive measures to bring about a change in policy or activity by the target country, part of a country, government, entities or individuals. They are a preventive, non-punitive, instrument which should allow the EU to respond swiftly to political challenges and developments.

Risk Assessment

The process of identifying variables that have the potential to negatively impact an organization's ability to conduct business.

Risk Assessment Framework

RAF

A risk assessment framework (RAF) is a strategy for prioritizing and sharing information about the security risks to an information technology (IT) infrastructure.

Risk-Based Approach

Identifying the areas of high risk within the organization's compliance universe and building and prioritizing your compliance monitoring program around these risks.

Risk Exposure

Risk exposure is a quantified loss potential of business. Risk exposure is usually calculated by multiplying the probability of an incident occurring by its potential losses.

Risk Management

The forecasting and identification of potential risks in advance, analyzing them, and taking precautionary steps to reduce/curb the risk.

Root Cause Analysis

RCA

A systematic process for identifying “root causes” of problems or events and an approach for responding to them.

Sanctions Risk Assessment

Risk assessment can include inherent, perceived and residual risks associated with given business activities and/or relationships in sanctioned jurisdictions or with potentially sanctions entities.

Transparency

Transparency, in a business or governance context, is honesty and openness. Transparency and accountability are generally considered the two main pillars of good corporate governance.

Whistleblower

A whistleblower is a person who voluntarily provides information to the general public, or someone in a position of authority, about dishonest or illegal business activities occurring at an organization. This organization could include a government department, a public company or a private organization

Code of Conduct

A set of rules outlining the social norms and rules and responsibilities of, or proper practices for, an individual, party or organization.

End-User Certificate

To certify that the buyer is the final recipient of the materials and is not planning on transferring the materials to another party.

Letter of Credit (LC)

LC

A letter of credit is a credit instrument issued by a bank guaranteeing payments on behalf of its customer to a third party when certain conditions are met. LCs are commonly used to finance exports.

Memorandum of Understanding

MOU

An agreement between two parties establishing a set of principles within which they will govern their relationship on a particular matter. MOUs are used by countries to govern their sharing of assets in international asset-forfeiture cases or to set out their respective duties in anti-money laundering initiatives.

Policies

Internal “rules” of a financial institution that define how employees are expected to conduct themselves and the operating rules of the financial institution or business. Policies, including sanctions compliance policies, are general statements of intent and action, generally requiring implementing procedures.

Sales Invoice

A Sales Invoice is a bill that you send to your Customers against which the Customer makes the payment.