AML Compliance Guide: KYC, PEP, CDD and Other Key Terms Explained

AML Terminology Explained

Money laundering legislation involves many abbreviations and terms that can make interpreting and understanding the subject difficult. However, understanding a few key concepts will take you a long way and make compliance with obligations easier.

You may have recently come across the abbreviation "AML". Perhaps a supervisory authority has contacted you and urged you to get your company's AML routines in order?

Below is a breakdown of the most important AML abbreviations and what they mean in practice.

AML – Anti-Money Laundering

The abbreviation refers to the legislation and regulation aimed at preventing money laundering. Money laundering means activities where funds earned through criminal means are "laundered" clean by obscuring their origin. Money laundering is therefore always preceded by some other crime. Funds may, for example, be deposited in a bank or used to purchase valuable items such as real estate or jewelry – but criminals have many methods. That's why it's important that various actors in society bear common social responsibility and strive to expose criminal activity.

TF – Terrorist Financing

The abbreviation refers to illegal terrorist financing, and its prevention also falls under money laundering law. Such activities have serious societal consequences, which is why financial support for terrorism must be prevented alongside money laundering

KYC – Know Your Customer

KYC is the cornerstone of good AML work and an umbrella term under which the abbreviations below fall. Its purpose is to achieve a deep understanding of the customer's activities – in other words, good customer knowledge. The related abbreviations CDD and EDD fall under this umbrella:

  • CDD – Customer Due Diligence: The standard process of verifying and understanding a customer's identity and activities.

  • EDD – Enhanced Due Diligence: A deeper level of investigation or monitoring, typically applied to higher-risk customers.

BO – Beneficial Owner

In a limited liability company, beneficial owners are those who directly or indirectly own more than 25% of the company, directly or indirectly exercise more than 25% of voting rights, or otherwise exercise ultimate decision-making power. A publicly listed company does not need to report its beneficial owners.

For associations, foundations, and housing companies, beneficial owners are board members. For public law entities, beneficial owners are board members or other persons exercising ultimate decision-making power.

Swedish entities must report beneficial owners to the Swedish Companies Registration Office (Bolagsverket), and those with reporting obligations must always verify an entity's beneficial owners as part of KYC work. A beneficial owner is always a natural person – identifying them clarifies who actually controls the organization and to whom profits flow.

PEP – Politically Exposed

Person PEP status applies to a person holding a significant public office with considerable decision-making power, or whose decisions are difficult to appeal. This includes, for example: heads of state, ministers, members of parliament, supreme court justices, central bank board members, ambassadors, senior military officers, and directors of international organizations.

  • Why must PEPs must be identified? There's nothing wrong with having influence itself – but a person's mandate makes them vulnerable to unethical activities. A PEP has been entrusted to make decisions concerning common affairs, making it strictly forbidden to act in one's own or a friend's interest. For example, Supreme Court justices are classified as PEPs because their decisions are difficult to appeal, and the risk of injustice increases if a judge can be bribed. Special monitoring is therefore necessary. Fortunately, corruption is rare in Finland – and rigorous AML work helps keep it that way.

RCA – Relative or Close Associate to a PEP

RCA status applies to a PEPs spouse or equivalent partner, children and their spouses or partners, parents, and business partners.

Notably, a PEPs siblings do not receive RCA status. However, one must always consider persons who, for example, conduct joint business with a PEP person.

A person retains PEP or RCA status for at least 18 months in Sweden after the end of their term. In some cases – such as globally influential individuals who have held high office – it may be appropriate to consider PEP status as never expiring.

SOF & SOW – Source of Funds / Source of Wealth

Both terms relate to understanding where a customer's money comes from – and they are not the same thing. SOF refers to the origin of specific funds in a transaction, while SOW refers to the broader picture of how a customer has accumulated their overall wealth.

At its simplest, it's about asking where the money comes from. A bank statement alone is not sufficient proof – it shows a balance, not an origin. Similarly, proof of gambling winnings only confirms a win, not what money was used to play in the first place. Even a property deed isn't always enough. The goal is to understand the customer as a whole: by what means was their financial position reached, and can they demonstrate it credibly?

KYC – Know Your Country

Although the "C" in KYC almost always refers to "customer", it sometimes also means country. In thorough AML analysis, the customer's connections to different countries and their impact on risk must be taken into account. Country-specific risks may include the prevalence of corruption, terrorism, international sanctions, drug trafficking, human trafficking, or the transparency of the banking sector.

The most important reference lists for country risk assessment are maintained by FATF (Financial Action Task Force) and the European Union:

  • FATF Black List (High-Risk Jurisdictions subject to a Call for Action) – countries with severe deficiencies in their AML/CFT frameworks, requiring enhanced due diligence or countermeasures.

  • FATF Grey List (Jurisdictions under Increased Monitoring) – countries actively working to address identified weaknesses, but requiring closer attention.

  • EU High-Risk Third Countries – the European Commission's list of countries with strategic deficiencies in their AML/CFT regimes, updated regularly.

ODD – Ongoing Due Diligence

Money laundering law requires continuous monitoring of customer relationships. It's not enough to ask the customer once how things are – the situation must be updated regularly. The review interval may be longer or shorter depending on the risk level, but the key principle is that monitoring never stops.


You have now completed a crash course in AML language. Don't let the jungle of abbreviations confuse you – at its simplest, AML work is about deeply understanding your customer's and business partner's operations. Do you understand their activities and earnings logic? Are the details consistent and credible? Are there factors that may increase risk? And most importantly: can you demonstrate that you have performed all these checks?

Looking for a tool that handles all of this in one place? DOKS covers the full AML workflow: automated PEP and sanctions screening, risk-based questionnaires, a configurable risk algorithm with country, industry, and other custom risk indicators, structured risk analysis, and reminders to ensure customer data stays current.

Automate Compliance

Whether you're an experienced compliance professional or just starting to consider what your organisation needs, sit down with our expert to assess your situation and find the right solution for you.

Contact Us

Automate Compliance

Whether you're an experienced compliance professional or just starting to consider what your organisation needs, sit down with our expert to assess your situation and find the right solution for you.

Contact Us

Automate Compliance

Whether you're an experienced compliance professional or just starting to consider what your organisation needs, sit down with our expert to assess your situation and find the right solution for you.

Contact Us