31 C.F.R (a)(3)(ii)(C) Person with an existing account

Transcription

1 Kelly Goulart, Regulatory Compliance Manager Janie Daniel, Regulatory Compliance Adviser enews Headline: Renewing CDs and Loans Enhanced CDD and Beneficial Owners Question: We have CDs for entities covered under enhanced Customer Due Diligence (CDD) rules issued in May, When those CDs auto renew, are we required to re-certify the beneficial owners under the rule? Answer: Maybe. Specifically, the Final Rule requires the identification and verification of beneficial owners each time a new account is opened. And the definition of a new account is different than the definition of a customer. snip Beginning on the Applicability Date, covered financial institutions 3 must identify and verify the identity of the beneficial owners of all legal entity customers (other than those that are excluded) at the time a new account is opened (other than accounts that are exempted). snip (g) New account. For the purposes of this section, new account means each account opened at a covered financial institution by a legal entity customer on or after the applicability date. Source: And here is a crucial question from the FDIC s FAQs: Final CIP Rule on the subject of renewed loans and certificates of deposit. The underlined portion indicates that a new account is established each time a loan is renewed or a certificate of deposit is rolled over. However, the bold portion indicates that the bank need not perform CIP if it has a reasonable belief of the customer s true identity (and by extension, the identity of the beneficial owners) and no new customer is being added to the account. snip 31 C.F.R (a)(3)(ii)(C) Person with an existing account 1. A loan and a time deposit are each an account for purposes of the CIP rule. How do the requirements of the CIP rule apply to a loan that is renewed, or a certificate of deposit that is rolled over? 1 P a g e

2 The CIP rule applies to a customer, generally, a person that opens a new account. 31 C.F.R (a)(3)(i). (Emphasis added.) Account means a formal banking relationship established to provide or engage in services, dealings, or other financial transactions including a deposit account, a transaction or asset account, a credit account, or other extension of credit. 31 C.F.R (a)(1)(i). For purposes of the CIP rule, each time a loan is renewed or a certificate of deposit is rolled over, the bank establishes another formal banking relationship and a new account is established. However, the rule provides that the term customer does not include a person that has an existing account with the bank, provided that the bank has a reasonable belief that it knows the true identity of the person. 31 C.F.R (a)(3)(ii)(C). In each of these cases, the customer has an existing account. Therefore, as long as the bank has a reasonable belief that it knows the person s true identity, the bank need not perform its CIP when a loan is renewed or certificate of deposit is rolled over. However, if a new customer is added to the loan or deposit account, the bank would need to satisfy the CIP rule with respect to that new account relationship. Source: For the IBAT Legal Ease archive on BSA / AML including CIP, click here. Compliance Tip: Use the IBAT Legislative White Paper to prepare for changes brought on by the 85 th Texas Legislative session. Some changes become effective September 1, IBAT Compliance Helpline: Every week, IBAT staff promptly answer dozens of compliance and regulatory questions like those presented each week in Legal Ease. We strive to answer all questions promptly, completely, and, when possible, with citations. Members are encouraged to call or send an the next time a question of any kind stumps you. Kelly Goulart: kgoulart@ibat.org Janie Daniel: jdaniel@ibat.org Publish: 7/17 Independent Bankers Association of Texas, Austin, Texas, All rights reserved. This document is intended to convey general information only and not to provide legal advice or opinions. This document (and the posting and viewing of the information on the IBAT website) should not be construed as legal advice, may not be current and is subject to change without notice. 2

3 [Date] [Legal Entity Customer Name] [Address] [City/State/Zip Code] Dear [Customer] Your business relationship is important to us. Our goal is to make the business account-opening process an efficient and enjoyable experience for you. Effective May 11, 2018, all banks will be subject to new rules under the Bank Secrecy Act that will aid the government in the fight against crimes to evade financial measures designed to combat terrorism and other national security threats. EACH time an account is opened for a covered Legal Entity, we will be required to ask you for identifying information (name, address, date of birth, social security number), as well as identification documentation for: EACH individual that has 25% or more Beneficial Ownership in the Legal Entity; and, ONE individual that has Significant Managerial Control of the Legal Entity. If you are opening an account on behalf of a Legal Entity, you will be required to provide [appropriate documentation] and to Certify that this information is true and accurate to the best of your knowledge. In order to make this process as efficient as possible, we suggest that you obtain the above, bulleted information, along with [a copy of the current Driver s License] for EACH identified individual. If your business will frequently be opening new accounts/loans, please keep this information current and available to present EACH time you come in to establish a new account. If you have any questions please don t hesitate to contact us. Sincerely, [Name/Title/Phone Number]

4 IMPORTANT INFORMATION ABOUT OPENING A LEGAL ENTITY ACCOUNT Effective May 11, 2018, new rules under the Bank Secrecy Act will aid the government in the fight against crimes to evade financial measures designed to combat terrorism and other national security threats. EACH time an account is opened for a covered Legal Entity, we are required to ask you for identifying information (name, address, date of birth, social security number as well as identification documents) for: Each individual that has beneficial ownership (25% or more); and, One individual that has significant managerial control, of the Legal Entity. If you are opening an account on behalf of a Legal Entity, you will be required to provide the appropriate documentation and to certify that this information is true and accurate to the best of your knowledge. We proudly support all efforts to protect and maintain the security of our customers and our country.

5 Know Your Triggers As the Customer Due Diligence (CDD) rule's implementation date gets closer, we have seen an increase in questions regarding the types of events that may lead a credit union to review the beneficial ownership information of an existing account. So we thought it would be helpful to go over the rule s requirements and give examples of potential triggering events. Before we did in, remember that the definition of a beneficial owner includes two prongs ownership and control so when talking about updating information on beneficial owners, we are referring to both prongs. The 5th pillar of BSA compliance established by the final rule requires that credit unions include in their anti-money laundering (AML) programs, CDD procedures for the purpose of developing a member risk profile and conducting ongoing monitoring of these relationships. See, 81 Fed. Reg Before you sound the alarm at your credit union, it is important to know that the final CDD rule does not impose a categorical requirement to regularly update the beneficial ownership information on an existing account. See, 81 Fed. Reg However, as part of the on-going monitoring, credit unions may encounter some events that could lead the credit union to believe that there has been a fundamental change to the ownership of the account and hence trigger a review of beneficial owners. See, 81 Fed. Reg

6 What Triggers A Review? The rule states that beneficial ownership information should be updated when, in the normal course of business, the credit union detects a relevant change to the account that may alert the credit union to a change in the beneficial ownership structure. Here is an excerpt to the preamble of the CDD rule in which FinCEN explains this concept: "... our requirement is consistent with current practice, and we expect monitoring-triggered updating of beneficial ownership information (as with other customer information) only to occur on a risk basis when material information about a change in beneficial ownership is uncovered during the course of a bank's normal monitoring (whether of the customer relationship or of transactions)... However, there is no expectation that a financial institution obtain updated beneficial ownership information from its customers on a regular basis, whether by using the Certification Form in Appendix A or by any other means."81 Fed. Reg Unfortunately, the CDD rule does not have a prescriptive list of events that will trigger the review of beneficial ownership information for existing business accounts. Rather the rule follows the same risk-based review format of other Bank Secrecy Act (BSA) requirements. These risk-based provisions allow credit unions the flexibility to determine its own triggering events and implement appropriate review procedures. The rule does provide a few examples of events that could lead to a review of an account's beneficial ownership structure such as: "a situation where an unexpected transfer of all of the funds in a legal entity's account to a previously unknown individual would trigger an investigation in which the bank learns that the funds transfer was directly related to a change in the beneficial ownership of the legal entity...; When a financial institution detects information (including a change in beneficial ownership information) about the customer in the cours of it s normal monitoring [and/or] a significant and unexplained change in the customer s activity, such as executing crossborder wire transfers for no apparent reason or a significant change in the volume of activity without explanation." 81 Fed. Reg ,

7 So if the credit union uncovers a potential change to the beneficial ownership information during a high risk review of an account, during the investigation of an AML alert or a SAR filing, the rule would require the credit union to seek updated information for the account at that time. Other triggering events that may require updated beneficial ownership information, depending on specific facts and circumstances, include: A notable increase in CTR filings for the legal entity or any of the beneficial owners The filing of a SAR (depending on the nature and type of suspicious activity) Changes regarding the authorized users or signatories for the account Changes regarding the beneficial owners, ownership structure, nature of the business or customer base Opening a new subaccount for the business A request to close an active subaccount without providing a legitimate reason A 314(a) match Information obtained/provided from or to other Fis through 314(b) information sharing Results from a high-risk review of the account Law enforcement subpoenas or search warrants Transaction monitoring alerts for unexpected activity Before the rule becomes final, credit unions may want to review their current due diligence process and create additional risk-based procedures that specify

8

9 BENEFICIAL OWNERSHIP REFERENCE GUIDE Is the account being opened on behalf of a business? YES NO Obtain and document CIP information for an individual as required by your policy. Is the account being opened for a corporation, limited liability company, limited partnership, business trust or other entity registered under the Secretary of State? YES Beneficial Ownership Information Must Be Obtained and Documented NO Obtain and document CIP information for a sole proprietor, DBA or other unregistered business required by your policy. WHAT YOU NEED TO DO 1. Ask the individual opening the account to provide the name(s) of everyone who owns 25% or more of the company. 2. Ask the individual opening the account to provide the name(s) of at least one person in control of the company. Use the tests below as your guide. Ask the individual opening the account to document the name(s) of the beneficial owner(s) under each test, their addresses, dates of birth and social security numbers on the Beneficial Ownership Certification Form. Obtain documentation to verify the identities. OWNERSHIP ALL individuals who own 25% or more Each individual, who directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, owns 25% or more of the equity interests of a legal entity customer CONTROL AT LEAST ONE person in control An individual with significant responsibility to control, manage, or direct a legal entity customer, including an executive officer (CEO, CFO, COO, Managing Member, General Partner, President, Vice President or Treasurer), OR any other individual who performs similar functions

10 PROCEDURAL NOTES If no one individual owns 25% or more of the legal entity customer, there may be no beneficial owners listed under the ownership prong. If a trust owns 25% or more of the business, use the trustee as the beneficial owner. If another business entity owns 25% or more of the business, inquire about the owners of the business entity that maintains ownership. Remember, this rule is about getting to the humans behind the business. Obtain and document CIP information (name, address, DOB and tax ID #) for each beneficial owner under each test. Obtain documentary evidence for each beneficial owner in accordance with our policy. Photocopies or other reproductions are permissible when identifying beneficial owners. EXCLUSIONS - Financial institutions regulated by a Federal functional regulator or a bank regulated by a State bank regulator - Department or agency of the U.S., of any State, or of any political subdivision of a State - Any entity established under the laws of the U.S., or any State, or of any political subdivision of any State, or under an interstate compact - Any entity (other than a bank) whose common stock or analogous equity interests are listed on the New York, American or NASDAQ stock exchange - Any entity organized under the laws of the U.S. or of any State at least 51% of whose common stock or analogous equity interests are held by a listed entity - Issuers of securities registered under Section 21 of the Securities Exchange Act of 1934 or that is required to file reports under 15(d) of that Act - Any investment company, as defined in Section 3 of the Investment Company Act of 1940, registered with the SEC - An SEC-registered investment adviser, as defined in Section 202(a)(11) of the Investment Advisers Act of An exchange or clearing agency, as defined in Section 3 of the SEA, registered under Section 6 or 17A of that Act - Any other entity registered with the SEC under the SEA - A registered entity, commodity pool operator, commodity trading adviser, retail foreign exchange dealer, swap dealer or major swap participant, defined in Section 1a of the Commodity Exchange Act, registered with the Commodity Futures Trading Commission - A public accounting firm registered under Section 102 of the Sarbanes-Oxley Act - A bank holding company, as defined in Section 2 of the Bank Holding Company Act of 1956 or savings and loan holding company, as defined in Section 10(n) of the Home Owners Loan Act - A pooled investment vehicle operated or advised by an FI excluded from the definition of legal entity customer under the CDD Rule - An insurance company regulated by a State - A financial market utility designated by the Financial Stability Oversight Council under Title VIII of the DFA - A foreign financial institution established in a jurisdiction where the regulator of such an institution maintains beneficial ownership information regarding such institution - A non-u.s. governmental department, agency or political subdivision that engages only in governmental rather than commercial activities - Any legal entity only to the extent that is opens a private banking account subject to 31 CFR

11 REMEMBER TO INCLUDE TRIGGERING EVENTS! Effective January 1, 2018, Beneficial Owners of a legal entity customer with a 25% or more direct or indirect ownership of the equity interests of a legal entity customer must be identified and verified for all new deposit and loan accounts or when making a change in beneficial ownership information to an existing deposit or loan account. Beneficial Owner is defined using two (2) prongs : o Control Prong A single individual with significant responsibility to control, manage, or direct a legal entity customer, including an executive officer or senior manager (E.g. CEO, CFO, COO, Managing Member, General Partner, President, Vice President or Treasurer) or any other individual who regularly performs similar functions; and o Ownership Prong Each individual, if any, who directly or indirectly, through any contract, arrangement, understanding, relationship, or otherwise, owns 25 percent (25%) or more of the equity interests of a legal entity customer; The legal entity customers subject to only the Control Prong of the beneficial ownership requirement are: o A pooled investment vehicle that is operated or advised by a financial institution regulated by a Federal functional regulator or a bank regulated by a State bank regulator; and o Any legal entity that is established as a nonprofit corporation or similar entity and has filed its organizational documents with the appropriate State authority as necessary. A nonprofit corporation or similar entity would include among others, charitable, nonprofit, not for profit, nonstock, public benefit or similar corporations. Such an organization could establish that it is a qualifying entity by providing a certified copy of its Certificate of Good Standing from the appropriate State authority. However, the term legal entity which are not included with regard to beneficial ownership are Natural persons opening accounts for personal use, Sole Proprietorships, Unincorporated Associations, Trusts not formed via State filing, Government entities, Publicly traded companies, Companies registered with the SEC and Bank Holding Companies. A Certification of Beneficial Owner(s) form must be completed by the natural person authorized by the legal entity customer to open accounts at the bank. The information should be accurate to the best of his or her knowledge.

12 Needs to be customized and does not include triggering events. Last BOD Approval Our Small Community Bank Bank Secrecy Act (BSA), Anti-Money Laundering (AML) & Customer Identification (CIP) Customer Due Diligence (CDD) Enhanced Due Diligence (EDD) Policies Introduction. The Currency and Foreign Transactions Reporting Act of 1970 (which legislative framework is commonly referred to as the Bank Secrecy Act or BSA ) requires U.S. financial institutions to assist U.S. government agencies to detect and prevent money laundering. Specifically, the act requires financial institutions to keep records of cash purchases of negotiable instruments, file reports of cash transactions exceeding $10,000 (daily aggregate amount), and to report suspicious activity that might signify money laundering, tax evasion, or other criminal activities. The BSA is sometimes referred to as an anti-money laundering law ( AML ) or jointly as BSA/AML. Several AML acts, including provisions in Title III of the USA PATRIOT Act of 2001, have been enacted up to the present to amend the BSA. Meeting the BSA Requirements. Management acknowledges that the reporting of suspicious activity forms the cornerstone of the BSA reporting system and that such reporting is critical to the United States ability to utilize financial information to combat terrorism, terrorist financing, money laundering, and other financial crimes. This policy establishes guidelines and parameters to enable management, officers and staff to adequately fulfill their duties and responsibilities in safeguarding the integrity, safety and soundness of the Our Bank, (referred to hereafter as Bank ). The purpose and the goal of this policy is to assist Bank management and staff in complying with the requirements of the laws & regulations and to cooperate fully with law enforcement officials with respect to the investigation and apprehension of any individual(s) conducting or attempting to conduct money laundering schemes. The Board of Directors is aware that non-compliance with applicable laws subjects the Our Bank, of Belt, MT, its Directors, Officers and employees to significant civil and criminal penalties. Procedural Bank Requirements. BSA/AML/CIP procedures have been implemented for staff members to use as a quick reference.. BSA/AML Committee Appointed by the Board of Directors and reviewed annually. Duties / Responsibilities of the BSA Committee The BSA Committee is responsible for coordinating and monitoring day-to-day BSA/AML compliance. It is also charged with managing all aspects of the BSA/AML compliance program and with monitoring the Bank s adherence to the BSA and its implementing regulations; however, the board of directors is ultimately responsible for the Bank s BSA/AML program. The BSA Committee may delegate duties to other employees, but the committee shall be responsible for overall compliance. The board of directors is responsible for ensuring that the BSA Committee has sufficient authority and resources (monetary, physical, and personnel) to administer an effective BSA/AML compliance program based on the Bank s risk profile. The BSA Committee should be fully knowledgeable of the BSA and all related regulations as well as having an understanding of the Bank s products, services, customers, entities, and geographic locations, and the potential money laundering and terrorist financing risks associated with those activities. The line of communication should allow the BSA Committee to regularly apprise the board and senior 1

13 management of ongoing compliance with the BSA. Pertinent BSA-related information, including the reporting of SARs filed with FinCEN, shall be reported to the board or an appropriate board committee so that these individuals can make informed decisions about overall BSA/AML compliance. The BSA Committee is responsible for carrying out the direction of the board and ensuring that employees adhere to the Bank s BSA/AML policies, procedures, and processes. Record Keeping Requirements. The BSA and the implementing regulations issued by the U.S. Treasury Department / FinCEN requires Bank s to keep very detailed records pertaining to certain cash transactions. Transaction logs are to be used to document all transactions that include the involvement of cash as required by the regulations. Additional logs have been implemented for auditing and monitoring purposes of transactions for non-customers regardless of the amount. Refer to the procedural manual for Teller procedures. The record keeping requirements are defined as follows: Large Currency Transactions ~ Involvement of more than $10,000 in cash including deposits, withdrawals, loan payments, cash exchanges, purchase of monetary instruments (defined below), etc. The Integrated Teller software generates daily reports to track cash tractions of $3, or more. These reports track multiple transactions to determine if the $10,000 threshold has been exceeded in any given business day and provide a means of secondary review of by the BSA Committee. Purchases of Monetary Instruments ~ Cash purchases of $3,000 to $10,000 including aggregated amounts in one business day for Cashier s Checks, Money Orders or any other monetary instruments. Individual logs for these types of purchases, regardless of the amount, will be utilized as an additional source for auditing and monitoring purposes of the BSA Committee to assist in the active search for suspicious transactions or AML potentials. The use of more than one log may be needed in the event the purchase of the instrument is within the required threshold for reporting. The Bank is required to verify the identity of the person(s) purchasing any of the above said monetary instruments and to maintain records of all such sales. The identification procedures are detailed for customers and non-customers and listed in the procedures manual under Teller Procedures. Wire Transfers ~ Bank s involved in funds transfers are required to collect and retain certain information in connection with funds transfers of $3,000 or more. The information required to be collected and retained depends on the Bank s role in the particular funds transfer (originator s Bank, intermediary Bank, or beneficiary s Bank).The requirements may also vary depending on whether an originator or beneficiary is an established customer of a Bank and whether a payment order is made in person or otherwise. Refer to the procedural manual for all wire transfer procedures. Definitions: External wire transfer: Requested by someone who is not an employee of the Bank for the benefit of themselves or a third party. Internal wire transfer: Requested by an employee of the Bank and is for transacting Bank business such as settlement purposes. Processing Sources: All wire transfers, except foreign wires, will be sent or received through UBB UNET Website, unless the system is inoperative. In this case, these transfers will be made through a telephone transfer with the United Banker s Bank, our 3 rd party processor. UNET is a software communications package developed by United Bankers Bank which allows financial institutions to maintain on-line access to the Electronic Funds Payment System. The access for each user is controlled by a thumbprint registration and/or password. All foreign wire transfers will be made through United Bankers Bank, our 3 rd party processor, via telephone Sources of Funding: It is the general policy of the Bank that only collected funds may be transferred from a customer's account. 2

14 It is not of general practice to transfer funds out of the Bank for a non-customer. However, if such is the case, and with Management or BSA Committee member approval, the funds to be transferred must be in the form of currency or an official Bank check and additional identification information must be obtained. Auditing: Wire transfer procedures will be reviewed periodically in the performance of the compliance audits as required by our Compliance Policy. Any recommended modifications of procedures will be submitted to management in writing. A written report of the audit and the results thereof will be presented to the Board of Directors of the Bank. Thumbprint Signature Program. ~ Our Bank implemented the Thumbprint Signature Program whereas when a non-customer of the Bank presents an on-us or not-on-us check for cashing, a thumbprint signature will be obtained. The thumbprint signature will be the final step to completing a transaction only after proper I.D. has been obtained and a decision has been made to cash the check. Reporting Requirements. Large Currency Transactions - CTR ~ A Currency Transaction Report (CTR) must be filed for each transaction or an aggregate of transactions (of any type) of more than $10,000 in currency, in one business day. The CTR must be thoroughly completed to include reporting not only the individual conducting the transaction, but also the person on whose behalf the transaction was conducted and the person(s) must be identified according to Bank procedures. See CTR Procedures. A copy of the CTR and supporting information will be retained for at least five years. Exemptions: Certain types of currency transactions need not be reported, such as those included in Phase I and Phase II exemptions. See CTR Procedures Exemptions: for an overview document printed from the 2007 BSA Examiners Manual for more information on Businesses eligible and not eligible for exemption status. To exempt a customer from CTR reporting, a Bank must file a Designation of Exempt Person form (FinCEN Form 110). The Bank presently has no known customers it considers to be exempt from the Phase I or Phase II requirements to file completed currency transaction reports. Suspicious Activities Reporting ~ The Bank shall file with the Treasury Department a report of any suspicious transactions relevant to a possible violation of law or regulation. Certain transactions and dollar thresholds have been established by regulation and these types of transactions are included in the procedures manual. All officers and employees must be aware of these requirements. All suspected transactions, including cyber-events, must be reported to the BSA Committee or a Committee member thereof for further investigation. See Suspicious Activities Reporting Procedures. A copy of the SAR (or SAR Investigation Report) and the supporting documentation will be retained for a period of five years even if the decision was made to not file a SAR. Supporting documentation shall be identified and maintained by the Bank as such, and will be deemed to have been filed with the SAR. The Bank shall make all supporting documentation available to FinCEN and any appropriate law enforcement agencies or Bank supervisory agencies upon request. E-Filing of CTR s and SAR s Effective in 2013 both CTR and SAR reports are to be filed online only via FinCEN. Paper reports are no longer available. Although the tellers are typically responsible for completing the paper form of the CTR, authorized and well trained personnel are responsible for accurate and timely submission of such reports. See CTR and SAR procedures for more information. Crimes of Burglary or Robbery perpetrated against the Our Bank must be immediately reported 3

15 to federal and local law enforcement agencies, i.e., the Federal Bureau of Investigation, Great Falls office, , and the Cascade County Sheriff, In addition, they must be immediately reported to our Federal Bank regulator, i.e., The Federal Reserve Bank of Minneapolis, Banking Supervision Department, See Bank Security Policy for more information. Anti-Money Laundering Efforts ~ The Bank is committed to combating money laundering. The BSA/SAR Committee will actively search for suspicious activity during their monthly BSA meetings. When it is suspected, the BSA/SAR committee will review the information and make a recommendation as to whether a Suspicious Activity Report (SAR) should be filed. Money laundering is diverse and complex, but usually includes one or more of the following three basic areas: Placement, which is the placing of unlawful cash proceeds into the Bank by deposits, wire transfer, or other means. Layering, which is the separating of the proceeds of illegal activities from their origins through the use of layers of financial transactions, such as converting cash into traveler s checks, money orders, letters of credit, securities, or valuable assets such as art, jewelry, or precious metals. Integration, which is using apparently legitimate transactions such as sham loans or false import/export documents to disguise illicit proceeds to allow laundered funds to be disbursed back to the laundering party. Management recognizes the need for criminals to utilize the banking system to launder money. Therefore, management and front-line staff members must be diligent in detecting and reporting suspicious activity of any nature. Law Enforcement Inquiries and Requests A Federal, State, Local, or Foreign law enforcement agency investigating terrorist or money laundering activities may request that FinCEN solicit, on its behalf, certain information from a financial institution or a group of financial institutions. The law enforcement agency must provide a written certification to FinCEN attesting that there is credible evidence of engagement or reasonably suspected engagement in terrorist or money laundering activities for each individual, entity, or organization about which the law enforcement agency is seeking such information. The law enforcement agency also must provide specific identifiers, such as a date of birth and address, which would permit a financial institution to differentiate among common or similar names. Upon receiving a completed written certification from a law enforcement agency, FinCEN may require a financial institution to search its records to determine whether it maintains or has maintained accounts for, or has engaged in transactions with, any specified individual, entity, or organization. Law enforcement inquiries and requests can include Section 314(a) requests, Grand-Jury Subpoenas and National Security Letters (NSLs) These requests are highly confidential and any information pertaining to the receipt of such request is not to be disclosed except to the extent required by the request. Mere receipt of any law enforcement inquiry does not, by itself, require the filing of a SAR. However, receipt of a law enforcement inquiry will be relevant to the Bank s overall risk assessment of its customers and accounts. See Law Enforcement Requests Procedures MATTERS REQUIRING IMMEDIATE ATTENTION If the Bank knows, suspects, or has reason to suspect that a customer may be linked to terrorist activity against the United States, the Bank should immediately call FinCEN s Financial Institutions Terrorist Hotline at the toll-free number: Similarly, if any other suspected violation such as an ongoing money laundering scheme requires immediate attention, the Bank should notify the appropriate federal banking and law enforcement agencies. In either case, the Bank must also file a SAR. Closure of Accounts ~ If identifying behavior or activity that causes a SAR to be filed continues and 4

16 subsequent investigations show no reasonable or lawful explanation of such activity or behavior, the BSA Committee will work with Bank management to determine if a closure of the account may be appropriate. Determining to close such accounts is at the sole discretion of Bank management unless law enforcement has requested the account remain open for investigative purposes. See Suspicious Activities Reporting Procedures for additional information Training Requirements ~ Management recognizes that criminal actions against banks can take many forms: fraud, bribery, counterfeiting, deception, forgery, check "kiting", illegal currency transactions, mysterious disappearance, embezzlement, defalcation from within, self-dealing, and outright theft in the form of robbery and burglary. Although it is impossible to define all activity that would qualify as suspicious, the procedures manual provides guidelines to assist staff members in the continuous search for suspicious activities. The BSA Committee will stay abreast of developments in regulatory guidelines, bulletins and alerts relating to money laundering activities. Bank employees should receive periodic training on how to identify money laundering operations and schemes as new information arises. On an annual basis, all officers, employees, and directors of the Bank will attend a training session addressing this policy and the requirements and procedures thereof. New employees of the Bank will be required to read this policy in its entirety as well as be trained on the BSA and related regulations specific to their responsibilities. Training, such as webinars, informational readings, documents, etc. will provided to employees when available and the information pertains to their specific responsibilities and/or duties. Informational Alerts: The Bank participates in an network comprised of other banks, credit unions, etc. to be able to share information about fraudulent checks, schemes and activities. Information relating to fraudulent activity is submitted to a centralized individual who then passes on the information to all who have joined this communication line. This has proven to be a very valuable source of staying abreast of newly created schemes and fraudulent activities. When an is received, it is then distributed to all employees or to specific employees in whom the may relate. All training will be documented by the BSA Committee and the following information will be sent to the BOD on a periodic basis: Date, Topic, Type of Training, Trainer, Attendees Conclusion: The primary purpose of the BSA/AML Policy is to protect the reputation, integrity, and the safety and soundness of the Our Bank. It is not to be misconstrued as a means or a license to intimidate, harass, or wrongfully accuse innocent parties. The policy along with the procedural manual is to be utilized in any instance where Bank personnel detects a known or suspected violation of Federal law, or a suspicious transaction related to a money laundering activity or a violation of the Bank Secrecy Act (BSA).. Anti Money Laundering (AML) Initial and Ongoing Risk Assessment The BSA committee stays abreast of developments in regulatory guidelines and bulletins and alerts relating to money laundering activities. The committee assesses the risk of the Bank s customers and entities, products and services and the Bank s geographical location. The ongoing search for money laundering activities will include an enhanced monthly review of these areas as well as ensuring that the initial risk of any new customers or accounts opened during the previous month will be assigned to a risk category. Any new products or services added will also be reviewed prior to implementing. 5

17 IDENTIFICATION AND CLASSIFICATION OF RISK CATEGORIES Customers and Entities: A very important part of a strong risk assessment is Knowing Your Customer. Management is confident that the staff members of the Bank have this knowledge because a majority of the Bank s customer base consists of long-term local-area residents. However, Management understands that certain customers and entities may pose specific risks tied to the nature of their businesses, occupations or types of transaction activities anticipated or conducted. Consumer Accounts All consumer accounts are initially classified as an Average Risk until monitoring of the information below results in the re-classification to High Risk. Frequently listed on the $3M cash report Frequent use of Safe Deposit Boxes Foreign Activity (ATM / Debit) Wire Transfers including foreign Currency Transaction Reports Accounts being held for charity Commercial Accounts The BSA Committee initially reviewed all commercial accounts to determine their individual level of risk. This was based on Know Your Customer, type of business and the potential of money laundering. Once reviewed, the committee categorized each account into a High or Average status based on the high risk determining factors described as follows: Accounts automatically placed on High Risk Monitoring: o Entities not eligible for exemption status under BSA o Money Service Businesses o Non-profit organizations o Charitable organizations (Fund raising for cash) Other factors for determining possible high risk accounts: o Currency Transaction Reports o Wire transfers including Foreign o Foreign Activity (ATM / Debit) o Frequent use of Safe Deposit Boxes o Frequently listed on the $3M cash log **Both the Consumer and Commercial risk factors as described above are intended to be used as guidelines and are not to be considered an all-inclusive list. Any account that is classified as a High- Risk Account will be monitored accordingly as described under Monitoring of Risk below. Products and Services: The BSA Committee is also responsible for identifying all of the products and services offered by the Bank and the risk that each could be used for money laundering. Special consideration is given to products or services that may facilitate a higher degree of anonymity or involve the handling of high volumes of cash or cash equivalents. The following products and services were identified: This list is not meant to be all-inclusive, and products and services may vary therefore requiring an annual update or as products and services are added. > Monetary Instruments > ACH Services * Cashier s Checks > Electronic Banking (Including Bill Pay & Mobility Services) * Money Orders > Cash Advances > Lending Activities > Wire Transfers 6

18 > Safe Deposit Box Geographic location: Management recognizes that the Bank is located in Cascade County which is classified as a High Intensity Drug Trafficking Area (HIDTA). Management further recognizes that the Bank has accounts with customers and entities located within this area and stresses great importance in CIP procedures, OFAC monitoring, etc. The Bank s policy is not to open any accounts for, or conduct any transactions with, marijuana businesses (including those duly licensed under state law). (see SAR procedures for more information) MONITORING OF RISK Annual Monitoring The customers classified as High-risk status are placed on a continuous monitoring system and a list will be maintained by the BSA Committee. These customers and their accounts will be subject to an annual review conducted by a designated staff member of the Bank and any findings will be reported directly to the BSA Committee. See the attached High Risk Customer Monitoring Report for information that will be collected on an annual basis. Monthly Monitoring The BSA Committee holds monthly meetings to actively search for suspicious activity and money laundering schemes. The Committee reviews all transaction logs, the safe deposit box log, and a list of all new customers/entities. See BSA Committee Procedures for more detailed information. Reporting of Findings Should the Committee find that further investigation of a customer s account(s) is warranted during their reviews, a SAR Investigation Report will be utilized to determine if an actual SAR needs to be filed. The committee will also review the High Risk Customer Monitoring Reports provided by the designated staff member after their annual monitoring is completed to determine if any further investigation is needed. If no further investigation from either review is required, the report will be kept on file for re-review if needed. If further investigation is required, the BSA/SAR committee will continue to monitor these accounts on a monthly basis. A detailed report of any SAR s filed, excluding names, will be reported to the Board of Directors at their next available meeting. Customer Identification Program (CIP). Regulations dealing with customer identification are issued under section 326 of the USA PATRIOT Act and relate, in part, to the Treasury Department s Office of Foreign Asset Control (OFAC). OFAC regulations include Trading With the Enemy Act, International Emergency Economic Powers Act, United Nations Participation Act, USA Patriot Act and others. In general, these regulations restrict the Bank s dealings with certain individuals and/or countries. Specifically, the Bank will not open an account for, handle a transaction or monetary transfer for, or do business with any person, government, or other entity on the OFAC list of Specially Designated Nationals and Blocked Entities. If it is found that the Bank has such an account or a customer of the Bank is included on the list, all accounts of such a customer shall be blocked and held in accordance with instructions from the U.S. Treasury Department. Additionally, the Bank will consult lists provided by a governmental agency of known or suspected terrorists or terrorist organizations and keep records of the information used to verify the customer identity. Procedures to Ensure Compliance 7

19 1. INFORMATION REQUIRED PRIOR TO OPENING AN ACCOUNT. Prior to opening a deposit, transaction or credit account, the Bank will obtain specific information from the customer. An account is defined as an ongoing, formal banking relationship such as a Deposit Account, a Loan or Line of Credit, or a Safe Deposit Box lease. (Due to the limited number of our Safe Deposit Boxes, Our Bank will reserve boxes for established customers only and will not authorize the rental of a box to a non-customer of the Bank). Customers include individual, corporations, partnerships, trust and other organized entities. Customers may include any signatory on an account or those individuals with authority or control over the account when the account holder is an entity with whom the Bank is not familiar. Customers also include individuals who open an account for someone lacking legal capacity such as a minor and individuals opening an account for an entity that is not a legal person such as a civic club. At a minimum, the specific information will include: 1. Name 2. Address - both physical and mailing if different 3. Date of Birth (for individuals) 4. An Identification Number a. U.S. persons - tax payer ID (social security number, individual taxpayer ID number, or employer identification number) b. Non-U.S. persons - tax payer ID number, passport number and Country of origin, alien identification card number, government issued ID bearing photograph, and country of origin. 2. VERIFICATION OF INFORMATION OBTAINED. Information obtained from a customer may be verified through examination of documents or through non-documentary methods depending upon risks involved. The Bank need not verify the identifying information of an existing customer seeking to open a new account, or who becomes a signatory on an account, if the Bank : 1. Previously verified the customer s identity in accordance with Bank procedures, and 2. Continues to have a reasonable belief that it knows the true identity of the customer. Documentary Information. For new customers, the Bank will verify the customer s identity through examination of any one of the following documents: 1. For individuals - an unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguard. In most cases this will be a current driver s license or ID card. 2. For corporations, LLC s, Partnerships, LLP s, Trusts and other entities - documents showing the existence of such entity such as articles of incorporation, certificates of existence and/or good standing, partnership agreement, business license or similar documents. For registered entities the Bank will generally obtain a copy or print-out of the certificate of existence or registration with the Secretary or State. When the Bank is relying solely on documents prepared by the customer, i.e., articles of incorporation, partnership agreement, etc., the Bank will attempt to obtain a credit report which includes information consistent with that provided by the customer. Non-documentary Verification. When documentary verification is unavailable or impractical, the Bank may verify identity through non-documentary methods provided such verification is approved by an operational manager, loan committee, or the Bank BSA compliance committee. Methods of nondocumentary verification may include: 1. Contacting the customer after the account is opened 2. Obtaining a financial statement 3. Comparing information provided by the customer with a trusted third party source such as a credit reporting agency, and 8

20 4. Checking references with other financial institutions Lack of Verification. When documentary evidence is unavailable and non-documentary methods are inconclusive, the BSA Committee must be notified, who will generally make the decision to not open the account requested or close the account if already open. If the BSA Committee decides to allow the account to remain open, reasons supporting this decision must be documented in the customer s file or attached to a signature card. Record Keeping. A record of the identifying information provided by the customer and/or obtained through the verification process will be maintained for at least five years after the account is closed. 3. COMPARISON WITH GOVERNMENT LISTS & OFAC s SDN LISTS. Prior to opening a new account for a new customer, the Bank will compare the consumer s name to lists of known or suspected terrorists and terrorist organizations provided to the Bank by any federal government agency. The comparison will be made by using one of the following sources: OFAC s SDN/FSE Lists (renamed 6/9/14 to Sanctions List) Credit Bureau Reporting Agency Qualifile OFAC WATCH - Fidelity Information Services (FIS) (Quarterly Automated Scrub through Precision) FINCEN lists Phone hot line. Additionally, the Bank compares and updates existing customers to such lists as they are provided and completes a quarterly review against the OFAC Lists available using its 3 rd Party Vendor - FIS. Any matches or hits will be researched to determine if the customer is in fact the person or entity included on the list. The Bank will retain documentation of such research and comments regarding conclusions reached. Periodically, the Bank receives requests from FinCEN known as 314(a) requests. The Bank is registered in the Secure Information Sharing System (SISS). When a request is received, a designated employee logs into the FINCEN website and compares the requested information to our database. In the event of a positive match, it will be reported directly through FinCEN S SISS. A tracking sheet is maintained for all requests received and reviewed. See Law Enforcement Inquiries and Requests procedures for more information) FinCEN 314(b) information sharing program allows banks to share or receive information concerning suspected money laundering or terrorist activities with other financial institutions that are registered in the 314(b) program. Our Bank does not participate in information sharing practices under Section 314(b). 4. PROVIDING NOTICE OF PROCEDURES TO CUSTOMERS. The Bank will post a notice in its lobby stating that specific information will be obtained and verified for new customers upon opening an account. (see below) Bank personnel will also explain, in general terms, its procedures and regulatory requirements for obtaining customer information. IMPORTANT INFORMATION ABOUT PROCEDURES FOR OPENING A NEW ACCOUNT To help the government fight the funding of terrorism and money laundering activities, federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account. What this means for you: When you open an account, we will ask for your name, address, date of birth, and other information that will allow us to identify you. We may also ask to see your driver s license or other identifying documents. CIP Training Training will be provided to all personnel handling new account opening (deposit, transaction and loan accounts) prior to working in this position and on a regular basis thereafter. All employees will receive training on CIP policies and procedures periodically, usually in conjunction with regular BSA training. CIP Audit CIP will be reviewed as part of the ongoing internal and external audit programs with the results of such 9