Compliance & Document Verification Glossary

AMLD6 (6th Anti-Money Laundering Directive) is the sixth European Union directive on combating money laundering, adopted in 2018. It harmonises the definition of money laundering offences across the EU and strengthens applicable criminal penalties.

AML (Anti-Money Laundering) refers to the set of laws, regulations, and procedures designed to prevent criminals from disguising illegally obtained funds as legitimate income. AML frameworks require regulated businesses to detect and report suspicious financial activities.

An audit trail is a chronological and immutable record of all actions, decisions, and events related to a document verification process. It provides formal evidence that each verification step was performed in compliance with regulatory requirements, and enables the complete reconstruction of the verification journey in the event of an inspection.

Biometric verification is an identification method that uses a person's unique physical or behavioural characteristics to confirm their identity. It includes facial recognition, fingerprint, iris, or voice recognition.

A Compliance Officer is the professional responsible for designing, implementing, and overseeing an organisation's compliance programme. They ensure adherence to regulatory obligations, particularly in anti-money laundering, data protection, and anti-corruption.

A confidence score is a numerical value, typically expressed as a percentage or on a scale of 0 to 100, that quantifies the degree of certainty an automated system has regarding the validity or authenticity of a document or an extracted data point. The higher the score, the more confident the system is in its analysis.

A criminal record extract (extrait de casier judiciaire in France) is an official document issued by the National Criminal Records Office summarizing criminal convictions against an individual. In France, there are three bulletins: B1 (reserved for judicial authorities), B2 (accessible to certain administrations and employers), and B3 (requested by the individual, listing only the most serious convictions). It is equivalent to the DBS check in the UK or the FBI background check in the US.

Cross-document validation is the process of verifying the consistency of information across multiple documents submitted by the same individual or entity. It detects inconsistencies that reveal document fraud or identity theft.

CDD (Customer Due Diligence) refers to the measures that regulated entities must apply to identify their customers, understand the nature of their activities, and assess the risk of money laundering or terrorist financing. CDD forms the operational foundation of KYC processes.

Data minimization is a core GDPR principle requiring organisations to collect and process only the personal data strictly necessary for the stated purpose. This principle compels organisations to justify every data point collected and avoid any excessive accumulation of information.

Deepfake detection refers to the technologies and methods used to identify images, videos, or audio generated or manipulated by artificial intelligence. In the context of identity verification, it aims to counter fraud attempts using synthetic faces.

The Digital Operational Resilience Act is a European regulation imposing strict digital operational resilience requirements on financial entities. Applicable since 17 January 2025, it covers ICT risk management, incident reporting, resilience testing, and oversight of critical third-party providers.

Document authentication is the process of verifying the authenticity and integrity of an official document. It analyses physical and digital security features to determine whether a document is genuine or counterfeit.

Document fraud refers to any falsification, counterfeiting, or fraudulent use of an official or private document to deceive a third party. It encompasses the fabrication of fake documents, the alteration of authentic documents, and the use of stolen documents.

The eIDAS regulation (Electronic IDentification, Authentication and trust Services) is the European legal framework governing electronic identification and trust services for electronic transactions within the internal market. It establishes rules for electronic signatures, seals, timestamps, and remote identification.

EDD (Enhanced Due Diligence) refers to the heightened verification measures applied to customers presenting a high risk of money laundering or terrorist financing. EDD goes beyond standard Customer Due Diligence (CDD) and requires more thorough checks and increased monitoring.

Face matching is a biometric technology that compares the facial features of a person with a reference image to confirm their identity. It is widely used in remote identity verification processes.

The FATF (Financial Action Task Force) is the intergovernmental body that sets global standards for combating money laundering and terrorist financing. Its 40 Recommendations form the reference framework adopted by over 200 jurisdictions worldwide.

LCB-FT (Lutte Contre le Blanchiment et le Financement du Terrorisme) is France's comprehensive legal and regulatory framework for preventing money laundering and terrorism financing. Transposing EU anti-money laundering directives, it imposes due diligence, suspicious transaction reporting, and data retention obligations on regulated professionals.

The Geldwäschegesetz (GwG) is Germany's federal anti-money laundering and counter-terrorism financing law. Transposing EU anti-money laundering directives, it imposes strict customer identification, transaction monitoring, and suspicious activity reporting obligations on obliged entities in Germany.

The General Data Protection Regulation is the European legal framework governing the collection, processing, and storage of personal data. Effective since 25 May 2018, it applies to any organisation handling data of EU residents, with fines of up to 4% of global annual turnover.

The IBAN (International Bank Account Number) is an internationally standardized identifier used to uniquely identify a bank account worldwide. The RIB (Relevé d'Identité Bancaire) is a French bank identity document containing the complete banking details of an account holder, including the IBAN, BIC, and bank institution information. The RIB is equivalent to a bank statement header in the UK or a voided check in the US.

Identity fraud is the deliberate use of another person's identity, or the creation of a fictitious identity, to commit fraudulent acts. It can involve identity theft, impersonation, or the fabrication of synthetic identities.

Identity proofing is the process of collecting, validating, and verifying a person's information to establish their identity with a defined level of confidence. It is the first step before issuing digital credentials.

Identity verification is the process of confirming that a person is who they claim to be. It relies on the analysis of official documents, biometric data, or personal information to establish the authenticity of an identity.

An insurance certificate (attestation d'assurance in France) is an official document issued by an insurance company certifying that a natural or legal person holds valid insurance coverage for a specified period and defined risks. It is required in numerous professional, real estate, and contractual procedures to prove public liability and professional indemnity coverage. It is equivalent to a Certificate of Insurance (COI) in the US or a Certificate of Employers' Liability in the UK.

Intelligent Document Processing (IDP) is a technology approach that combines OCR, artificial intelligence, and natural language processing to automatically extract, classify, and validate information from unstructured documents. Unlike OCR alone, IDP understands the context and semantics of the extracted data.

The Kbis extract is the official document certifying the legal existence of a commercial company in France. Issued by the clerk of the commercial court, it serves as the company's official "identity card" and contains all information registered with the Trade and Companies Register (RCS). It is the French equivalent of a Certificate of Incorporation in the UK or Articles of Organization in the US.

KYC (Know Your Customer) refers to the set of regulatory procedures that enable businesses to verify the identity of their clients. These checks are mandatory for financial institutions and regulated professions to prevent money laundering and terrorist financing.

Liveness detection is a technology that verifies a person is physically present during a remote identity verification. It distinguishes a real human being from a fraud attempt using a photo, video, or mask.

Machine learning applied to document verification refers to the set of artificial intelligence techniques that enable systems to learn how to detect fraud, classify documents, and validate authenticity without being explicitly programmed for each case. These models continuously improve with every new document analysed.

The Markets in Crypto-Assets Regulation (MiCA) is the first comprehensive European regulatory framework for crypto-assets. Fully applicable since 30 December 2024, it imposes licensing, transparency, and investor protection obligations on crypto-asset issuers and crypto-asset service providers (CASPs).

Ongoing Monitoring refers to the obligation for regulated entities to continuously monitor transactions and the business relationship with their clients. It aims to detect suspicious activities, verify the consistency of operations with the client's profile, and keep customer information up to date.

Optical Character Recognition (OCR) is a technology that converts images of text — scanned documents, photos, or PDFs — into machine-readable text data. In the context of document verification, OCR enables the automatic extraction of identity information from supporting documents.

The Payment Services Directive 2 (PSD2) is the European regulatory framework governing payment services and access to bank accounts. Effective since January 2018, it introduced Strong Customer Authentication (SCA), open banking, and new obligations for third-party payment service providers.

A payslip (bulletin de salaire in France) is the document that employers are legally required to provide to each employee upon payment of their salary. It details gross pay, social security contributions, tax deductions, and net pay. In KYC and creditworthiness verification procedures, it serves as essential proof of income. In the UK, it is governed by the Employment Rights Act; in the US, the equivalent is a pay stub.

A PEP (Politically Exposed Person) is an individual who holds or has held a prominent public function, along with their immediate family members and known close associates. PEPs present a higher risk of corruption and money laundering due to their position of influence.

Proof of address is an official or semi-official document certifying the residential address of a natural person or the registered office of a legal entity. It is one of the documents systematically required in KYC procedures to confirm the address declared by a client during onboarding. In France, it is called "justificatif de domicile."

The ACPR (Autorité de Contrôle Prudentiel et de Résolution) is the French authority for supervising banks and insurance companies, operating under the Banque de France. It ensures compliance with prudential rules, protects customers, and monitors the effectiveness of anti-money laundering programmes.

A Qualified Electronic Signature (QES) is the highest level of electronic signature defined by the eIDAS regulation. It benefits from a presumption of legal validity equivalent to a handwritten signature in all European Union Member States.

A REST API (Application Programming Interface — Representational State Transfer) is a programming interface that enables two computer systems to communicate via the HTTP protocol. In the context of document verification, a REST API allows identity verification services to be integrated directly into existing business applications.

The right to be forgotten, formally the right to erasure, allows individuals to request the deletion of their personal data when it is no longer necessary, consent has been withdrawn, or processing is unlawful. Enshrined in Article 17 of the GDPR, this right is not absolute and must be balanced against other legal obligations.

The Risk-Based Approach (RBA) is the fundamental principle that compliance measures should be proportionate to the level of risk identified. Regulated entities allocate more resources to high-risk clients and transactions, while applying simplified measures to low-risk situations.

The Sapin 2 Act (Law No. 2016-1691 of 9 December 2016) is the French legislation on transparency, anti-corruption, and modernisation of the economy. It requires large French companies to implement an anti-corruption compliance programme comprising eight mandatory pillars.

SIREN (Système d'Identification du Répertoire des Entreprises) and SIRET (Système d'Identification du Répertoire des Établissements) are unique identification numbers assigned by INSEE to every business and each of its establishments in France. The SIREN has 9 digits identifying the legal entity, while the SIRET has 14 digits (SIREN + 5-digit NIC) identifying each business premises. They are comparable to the EIN in the US, the Companies House number in the UK, or the Handelsregisternummer in Germany.

A Suspicious Activity Report (SAR) is the mandatory filing that regulated professionals must submit to the financial intelligence unit (FinCEN in the US, NCA in the UK, Tracfin in France) when they suspect that a transaction is linked to money laundering, terrorist financing, or tax fraud.

A synthetic identity is a fictitious identity created by combining real personal information (often stolen) with fabricated data. Unlike traditional identity theft, it does not correspond to any real person, making it particularly difficult to detect.

Tamper detection encompasses the techniques used to identify unauthorised modifications made to a digital or physical document. It analyses visual, structural, and digital anomalies to determine whether a document has been altered.

The tax notice (avis d'imposition in France) is the official document issued annually by the tax authorities indicating the amount of income tax owed by a taxpayer. It summarizes declared income, deductible expenses, the reference taxable income, and the amount of tax payable or refundable. It is equivalent to the P60/SA302 in the UK or the IRS Tax Return Transcript in the US.

Tracfin (Traitement du Renseignement et Action contre les Circuits Financiers Clandestins) is the French Financial Intelligence Unit, attached to the Ministry of Economy. It receives, analyses, and processes suspicious transaction reports submitted by regulated professionals and combats clandestine financial networks.

The Ultimate Beneficial Owner (UBO) is the natural person who ultimately owns or controls a legal entity, directly or indirectly. Identifying the UBO is a fundamental obligation within the anti-money laundering framework.

A webhook is an automatic notification mechanism that enables one system to send data in real time to another system as soon as a specific event occurs. In the context of document verification, webhooks instantly inform the client application of a verification result without the need for continuous server polling.

The Wet ter voorkoming van witwassen en financieren van terrorisme (Wwft) is the Netherlands' anti-money laundering and counter-terrorism financing law. Transposing EU anti-money laundering directives, it imposes customer identification, ongoing monitoring, and unusual transaction reporting obligations on obliged entities in the Netherlands.