Internal Controls

The annualised rate of return at which the net present value of all cash flows from an investment equals zero. IRR is the standard performance metric for private equity and venture capital funds, allowing comparison across investments with different holding periods and cash flow profiles.

The framework of policies, procedures, and organisational structures that guide the responsible development, deployment, and monitoring of artificial intelligence systems. AI governance encompasses risk management, ethical guidelines, regulatory compliance, model validation, and accountability mechanisms.

The body of laws, regulations, and procedures designed to prevent criminals from disguising illegally obtained funds as legitimate income. AML compliance requires financial institutions to implement customer due diligence, transaction monitoring, suspicious activity reporting, and record-keeping.

Adherence to the requirements of the Sarbanes-Oxley Act of 2002 (SOX), US federal legislation mandating rigorous financial reporting, internal controls, and audit standards for publicly traded companies. SOX Section 302 requires CEO/CFO certification of financial statements, while Section 404 mandates annual assessment of internal controls over financial reporting.

The framework of policies, standards, and processes that ensures data assets are managed consistently, securely, and in compliance with regulations throughout their lifecycle. Strong data governance increases the reliability and value of data as an intangible asset, directly supporting analytics, AI applications, and data monetisation strategies.

The policies, procedures, and controls organisations implement to ensure they do not engage in prohibited transactions with sanctioned countries, entities, or individuals. Sanctions regimes are administered by bodies including OFAC (US), OFSI (UK), and the EU Council, and violations can result in severe criminal penalties, asset freezes, and reputational damage.

A chronological record of system activities, transactions, or document changes that provides a verifiable history of who did what, when, and why. Audit trails are essential for regulatory compliance, fraud detection, and internal controls, and are required by standards including SOX, GDPR, and ISO 27001.

A controlled testing environment established by a financial regulator that allows fintech companies and other innovators to test new products, services, or business models with real customers under relaxed regulatory requirements for a limited period. The FCA launched the first regulatory sandbox in 2016, and the concept has since been adopted by over 50 jurisdictions globally.