Compliance Dictionary

This is the compliance dictionary from TM Group with a focus on the EU and UK market and the financial industries and banking. The compliance dictionary is not complete, and probably never will be, and is by that always under development. This is the perfect reference work, and it makes perfect sense to bookmark it as “compliance dictionary”.

If a compliance term is missing from this page, we encourage you to inform us, and we will include it as soon as possible. Let us know here.

The list has been sorted in alphabetical order, A-Z



Anti-Money Laundering

Money laundering is a financial and federal crime and the actions you take as a financial institution is anti-money laundering and is fighting the financial criminals. According to several international and national laws, directives, and regulations like FINRA AML is a serious threat to the economical systems and infrastructure, and to society itself.

To implement AML, you can choose several options and find the one which is the best for you. You can read more about AML and the solutions to fight financial crime here.


APP Fraud

Authorized Push Payment Fraud

APP Fraud is when a fraudulent person sends an email or other type of message/notification to an employee at a company stating to be an official supervisor/colleague to that receiving employee. In the message it is very difficult to detect that this is a fraudulent message, so the receiver commits the crime on behalf of the fraudster – hence “Authorized”. Read more about APP Fraud in this educational article from us.



Benchmarks Regulation

The BMR regulation aims to manage any conflict of interest in some of the investment and trading processes and are preventing regulated firms from using unregulated benchmarks and improve control. To comply with the BMR you need to have surveillance and record keeping in place with easy access to investigate and reporting when required.



California Consumer Privacy Act

General: The CCPA is the counterpart to GDPR in the US state of California. It protects the citizens of the state and determines how businesses should obtain, keep, store, and process the personal data.

The Nordic perspective: A Nordic firm conducting any business in the state of California must comply with all the regulations, rules and demands of the CCPA. That means, if you are a business which does not have anything to do with the citizens of California, then CCPA is just a regulation to be aware of, but if you are doing business in California, then you need proper systems to manage your CCPA initiatives.

Who enforces the CCPA?

The California Attorney General is the main enforcer of the CCPA.

Read more about CCPA and it EU-sister, GDPR here.


CFI Code

Classification of Financial Instrument Code

This is the code used to identify and classify the type and characteristics of a financial instrument according to the international standard from ISO, who is the organization owning the CFI Codes.



Commodity Future Trading Commission

This US commission is an independent entity of the US Government which regulates the derivatives in the US market. The CFTC is overseeing the entire financial market for the good of the market, firms, and users.



Collusion is when multiple companies, who are normally in competition with each other, conspire and collude to push the demand for a product/service. Thereby, manipulating with and gaining an advantage over the market affecting the price of the stocks. Collusion falls under Market Abuse.

Read more about how to tackle collusion here.



Confirmation of Payee

CoP is a method that, to a greater extent than previously, gives the end-users – both private and businesses – greater assurance that the transaction they are about to complete is being sent to the correct person by matching the legal owner of the account and the registered name. In its essence, it is an account name checking system. 

To cope with CoP issues and regulation you most up your Fraud Management-game. Read more about Fraud Management here.



This definition is from the EU Commission.

“A derivative is a financial contract linked to the fluctuation in the price of an underlying asset or a basket of assets. Common examples of assets on which a derivative contract can be written are interest rates instruments, equities, or commodities.

An over-the-counter (OTC) derivative is one which is privately negotiated and not traded on an exchange.

OTC derivatives account for almost 95% of the derivatives markets. They have a significant impact on the real economy, from mortgages to food prices.”



Dodd-Frank Wall Street Reform and Consumer Protection Act

General: The Dodd-Frank regulation was on July 21st, 2010 instated to prevent a repetition of the financial crisis in 2008. It regulates and protects the financial market and its users. It is a US federal law and overhauled the US financial market. It mainly focusses on banks, mortgage lenders, and credit rating agencies. It has been argued by Dodd-Frank critics that the regulation could make the US firms regulated by the Dodd-Frank regulation less competitive in the global financial landscape.

The regulation was instated under the Barack Obama administration, but in 2018 the Trump administration rolled back parts of it.

The Nordic perspective: When a Nordic financial firm is conducting financial business in the US the Dodd-Frank Wall Street Reform and Consumer Protection Act applies. On the other hand, if a Nordic financial firm is not conducting any business in the US, the Dodd-Frank does not apply.

Who enforces the Dodd-Frank regulation?

The US government has a series of authorities and institutions to keep an eye on the financial firm conducting business in the US, and all of them are enforcing the Dodd-Frank regulations in its own way. To name the most important ones:

  • The Financial Stability Oversight Counsel (FSOC)
  • Consumer Financial Protection Bureau (CFPB)
  • Securities and Exchange Commission (SEC)
  • Commodity Future Trading Commission (CFTC)

Safeguard your business to comply with Dodd Frank - read more about how to do so here.



European Market Infrastructure Regulation

General: EMIR entered into force in August 2012 and is an EU regulation, which regulates the over the counter (OTC) derivatives, trade repositories and central counterparties. Basically, it comes down to that the EMIR regulation requires that the reporting of derivative contracts is executed to a certain standard and that risk management standards are implemented. This means all investment firms and financial institutions in the EU must comply with the same regulations on the area.

The Nordic Perspective: All the Nordic countries and the businesses in them are subject to complying with EMIR. It does not give the Nordic, or any other European business, a disadvantage over businesses from the US, because the US-counterpart to EMIR is Dodd-Frank.

Who enforces the EMIR?

The EU Commission enforces EMIR.



ePrivacy Regulation

ePR sets the standards and the directive that ensures that the consumers’ privacy is kept, stored, and processed in the right way to protect the consumers. It is being overseen by the European Data Protection Board.



European Securities and Markets Authority

ESMA is an independent EU authority whose purpose is to complete and oversee a single rule book for the financial markets in the EU, asses all potential risks to the financial markets, its investors, and the financial stability in whole. In some cases, ESMA also supervises specific financial entities. ESMA replaced the Committee of European Securities Regulators (CESR) in 2011.



Financial Conduct Authority

In the UK, FCA is the independent and regulatory body, which exists to make sure the financial market of the UK is honest, fair, and effective to the benefit of all. The FCA do this by regulating and overseeing the conducts of around 60,000 businesses and organizations on the UK market. The FCA is also the prudential supervisor of nearly 49,000 firms and set the specific standards and guidelines for 19,000 businesses.

The operational objective of the FCA is to protect consumers and the UK financial market, and to promote effective competition for the interest of the consumers.



Financial Industry Regulatory Authority

FINRA is the independent, and non-governmental regulating and supervising body in the USA when it comes to investors and brokers. In other words, FINRA is the trading markets big brother. FINRA protects, regulates, and enhances the fair trading market to the benefit of all brokers, firms, and investors.

Comply with FINRA by implementing the necessary interaction recording solutions. Read more about interaction recording and FINRA-compliance here.



Financial Instruments Reference Data System

FIRDS was launched by ESMA to efficiently collect data from Trading Firms and NCAs. FIRDS is a data system which collects data, which is available on the ESMA website and of course compliant with the MiFIR regulations.


Front running

Front running is when a trader makes a trade on his/her own behalf by either buying or selling a stock prior to completing a major purchase on behalf of a client and therefore manipulating the market.

Front running is a part of Market Abuse, and can be coped with by implementing eComms Surveillance into yor organization. Read more about eComms Surveillance here.



Financial Security Authority

The FSA is the equivalent financial authority body in the Nordics to the FCA in UK. FSA stands for Financial Security Authority and regulate, supervise, and protect the financial market in each of the Nordic countries – both the firms and the consumers.

Danish name: Finanstilsynet

Swedish name: Finansinspektionen

Norwegian name: Norges Finanstilsyn

Finnish name: Finanssivalvonta



General Data Protection Regulation

General: The GDPR regulations protects the consumers on the European market and was instated by the European Union on May 25th, 2018. GDPR makes all firm conducting any business with an EU citizen or on the European market protect the personal data of any consumer under heavy regulations and strict rules.

One of the most essential rules and demands of the GDPR regulation is the demand of documenting that all data are been processed while complying with the rules.

The GDPR regulation puts all EU member countries under the same data protecting rules, regulations, and guidelines, which makes everything lot easier for the authorities.

The Nordic perspective: All Nordic businesses are subjects to complying with the entire set of rules and regulation of GDPR. No exceptions are made.

Who enforces the GDPR regulation?

In the first instance the local authorities, like the Danish Data Protection Agency, are enforcing the regulations of GDPR, with the main enforcing body being the Information Commissioner’s Office (ICO).

Comply with the GDPR rules and regulations - nothing else is worth it. Read how to be GDPR compliant here.



International Financial Reporting Standard

IFRS 9 is a Directive that specifies how a financial institution should measure, classify, and report on financial liabilities, financial assets, and in some cases contracts to buy or sell non-financial items. The IFRS 9 Directive aims to make the financial sector more robust and agile and gives a more accurate picture of the financial development in the businesses in EU.


Insider Trading

Insider trading is when an employee of the stock owning company acts on non-public information and by that gains an advantage over the rest trading market by either buying or selling.

Also a part of Market Abuse, and can be surveilled, monitored and coped with using eComms Surveillance. Read more about our eComms Surveillance platform here.



International Standard Organization

The entity that sets standards for multiple areas in the world – also compliance. When a standard is met that standard gets a unique identifiable ISO-number.



Know Your Customer

As a part of Anti-Money Laundering and Anti-Terror Financing KYC is a set of rules and requirements that aims to keep all gates closed for financial criminals. Financial services, banks, and accountants are required to know their customers in multiple aspects, such as customer identity, money flow and origin, and known contacts.



Market Abuse Regulation

MAR was launched and came into effect in July 2016. It aims for better market integrity, by applying higher security, clearer rules, and better protecting of investors. At its core it evolves around insider dealing, unlawful disclosure if inside information and market manipulation. When firms are preventing and setting up security measures against this it is important to monitor all communications – especially electronic communication channels. Therefore, use Natural Language Procession (NLP) to base alerts that are suited your organization.

Keep a close eye on market abusers with eComms Surveillance and interaction recording.



Markets in Financial Instruments Directive

General: MiFID is the first act and MiFID II is the second act of the same regulation. The MiFID II became effective from January 3rd, 2018 and is a regulation which has the objectives to make the financial institutions robust, solid, and transparent. It sets a legal direction for all trading activities in the financial market and protects the trading on both the investors side and the institutional side.

The Nordic perspective: From a Nordic perspective the MiFID II regulation is highly relevant to all financial institutions. When you as a Nordic financial firm conducts any kind of traditional business in the European market you are obliged to comply with the MiFID II regulation.

Who enforces the MiFID II regulation?

The MiFID II regulation is being enforced by local financial authorities and the ESMA (European Securities and Market Authority).

Comply with MiFID and MiFID II with Interaction Recording and eComms Surveillance.



Markets in Financial Instruments Regulation

MiFIR accompanies the MiFID II regulation, and comes form the same EU entity. MiFIR aims to create transparency pre- and post-trade. Trading firms are required to publicly report and disclose certain trades and quotes.

This falls in under eComms Surveillance, and Compliance Archiving



National Competent Authority

The NCA in Denmark is the FSA (Finanstilsynet) and is the single point of contact EU membership countries are required to designate a national authority to be the national owner of all directives and regulation and overseeing them. Under the MiFID II affected firms need to report to the national NCA in their home state.



Payment Card Industry Data Security Standard

PCI DDS is a common standard/regulation in the payment card industry, which everyone in that industry know, or has at least heard of. It is a standard for all companies which are collecting, keeping, processing, or transforming data of the payment cards and its owner. Despite the size or number of transactions.

The standard is overseen by the PCI Security Standards Council.

The PCI DSS especially comes into play when you are have customer interactions in a contact center or call center. Check out our Contact Center Compliance solution here.



Revised Payment Service Directive 2

The PSD 2 Directive aims to make international transactions just as easy, effective, and secure as national transactions to enhance the free market in the EU. The PSD 2 Directive aims at enhancing the free competition, wider selection of products, and better prices for the consumers.

Read more about our Contact Center Compliance solution here.



Regulation on Wholesale Energy Market Integrity and transparency

REMIT came into effect in 2011 and aims to support open and fair competition n the European wholesale energy markets. It improves stability and transparency of the EU energy market by requiring prohibition and reporting standards relating to insider trading, market manipulation, insider information and trade reporting. All firms and staffs are obliged to report any potential or potential breaches of REMIT.

To comply with REMIT, you must put surveillance of all communication in place, and to ease the work for compliance officers use the pre-made and customizable detection models.

REMIT relates to insider trading, market manipulation, insider information and trade reporting, and can be complied with by implementing eComms Surveillance.



(US) Securities and Exchange Commission

The SEC is an independent body of the US federal government with the main responsibility to enforce security laws and regulating the security firms. The SEC protects the investors, maintain fair, orderly, and efficient markets, and facilitate capital formation.



Securities Finance Transaction Regulation

The SFTR is a European reporting legislation for regulation of securities landing and repo. It is in place to enhance the transparency of securities financing transactions by trade repositories. The affected firms are credit institutions, investments firms and relevant third country firms. It is the ESMA who is the authorizing and overseeing entity of the SFTR.



Senior Manager and Certification Regime

THE SMCR aims to reduce harms to the consumers of the trading market and strengthen the market’s integrity by making individuals and professionals more accountable for their conduct and competence. In other word this means that an individual working with trading is held accountable for the decisions and actions they take by encouraging a culture where staff take personal responsibility for their actions and making sure the same staff understand and can demonstrate how to behave and where the responsibility lies.


Spoofing (trading)

Trade spoofing is the act of creating a false supply or demand, and therefore creating a deception of the market, and by that decreasing or increasing the value of a stock/product.

You can view spoofing as “bluffing”, because the trader (aka the “spoofer”) says he/she is going to do something, and then does not do it in the very end. It is the FCA/FSA who is the enforcing body when it comes to spoofing.

The eComms Surveillance platform from us will address the spoofing issue in your organization.



Unique Trade Identifier

The UTI is a mandatory field to fill in in the EMIR Reporting Framework to identify derivatives contract.


This compliance dictionary is being updated on a regular basis. If any compliance term is missing, please do not hesitate to contact us. Thanks!

Share this post