Prudential Group. Sanctions Policy. September 2014

Transcription

1 Prudential Group Sanctions Policy September 2014

2 Version history Updated By Date of Change Comment Version Group Compliance 15 th October 2013 Version 1 Group Compliance 22 nd November Incorporating BU feedback Version 2 Group Compliance 15 th August 2014 Annual refresh Version 1 Group Compliance 12 th September 2014 Annual refresh Version 2 2

3 Table of Contents 1 PURPOSE AND OBJECTIVES OF THIS POLICY PURPOSE BACKGROUND APPLICATION CONSEQUENCES OF NON-COMPLIANCE GROUP POLICY LEGAL AND REGULATORY COMPLIANCE WITH SANCTIONS RESTRICTIONS EFFECTIVE AND APPROPRIATE POLICIES AND PROCEDURES RISK ASSESSMENTS DOCUMENTATION OF POLICIES AND PROCEDURES RESPONSIBILITIES SCREENING SYSTEMS Principles and procedures Customers Corporate customers Employees and third parties Investments Rescreening Target matches and reporting Audit trails REVIEW AND ASSURANCE TRAINING REPORTING TO THE GROUP COMPLIANCE DIRECTOR COMPLIANCE WITH THE GROUP S POLICY AND STANDARDS RESPONSIBILITY FOR COMPLIANCE EXEMPTION REQUESTS QUARTERLY REPORTING RISK ASSESSMENTS BU ECONOMIC SANCTIONS POLICY BREACH OF REGULATIONS GLOSSARY

4 Roles and responsibilities Policy Owner Approval Party/Responsibility The Group Compliance Director owns this Policy and will review it on an annual basis or upon change in relevant legislation. The Group Compliance Director will undertake periodic testing of compliance with this Policy. The Prudential Board approve this Policy following review by the Group Audit Committee. The Chief Executive of each Business Unit (BU) has ultimate responsibility for ensuring that their respective business areas establish systems and controls to comply with this Policy. This includes:- Implementation Taking full account of this Policy when entering into new products or business segments; implementing new systems or payment types; and expanding business operations, including through mergers or acquisitions. Ensuring that any reliance on third parties or service providers for compliance with this Policy remain reasonable. Ensuring that all relevant employees receive appropriate training, with the support of the Group and Business Unit MLPOs in training development delivery. Ensuring that the controls implementing this Policy are working effectively. Ensuring immediate reporting of any breach or suspected breach of this Policy to the Business Unit MLPO. 4

5 1 Purpose and objectives of this Policy 1.1 Purpose This policy sets out overarching requirements that apply across the Prudential Group relating to financial and economic sanctions ( sanctions ) and the standards of compliance for the Prudential Group in relation to sanctions. The Prudential Group is committed to complying with sanctions in order to: comply with the law and regulation; help prevent organised crime and terrorism; and protect the reputation of Prudential Group. 1.2 Background Sanctions are restrictive measures imposed on targeted regimes, countries, governments, entities, individuals and industries by international bodies such as the United Nations ( UN ), the European Union ( EU ), individual countries or groups of countries. They can take the form of measures imposed directly against the targets or restrictions on the ability of other persons to deal with, or on behalf of, the targets. It is the latter which is most relevant to the Prudential Group. The Prudential Group is required by law to comply with sanctions restrictions applicable in the jurisdictions in which it operates. This Policy sets out certain minimum standards to be applied across the Prudential Group in order to help ensure that the Prudential Group as a whole and the business units (BU s), legal entities and individuals of which it is comprised comply with the requirements of applicable law and regulation relating to sanctions. As part of this, the Prudential Group is committed to ensuring that each BU has in place effective systems and procedures, tailored to the particular risks and practical and legal requirements of that BU, for the screening of customers and other third parties. Through these systems and procedures the Prudential Group aims to ensure that all applicable sanctions restrictions are observed. The use of economic and financial sanctions has increased globally, and most jurisdictions where the Prudential Group operates can and do operate sanctions regimes. The obligations and restrictions imposed on the Prudential Group by sanctions regimes are separate from, and operate in addition to, other legal and regulatory obligations and restrictions, for example antimoney laundering ( AML ) obligations and, in certain jurisdictions including the US, antiterrorism financing requirements. However, in certain jurisdictions there are close connections between sanctions regimes and AML and anti-terrorism financing regimes as a result of the similarities between the customer and transaction due diligence checks that firms are required to carry out under each of the regimes. The specific requirements of sanctions vary around the world but, by way of example, the financial sanctions regime in force in the UK imposes restrictions, amongst other things, on:

6 dealing with funds (including cash, securities and other assets) and economic resources that belong to, or are controlled by 1, the persons, entities and groups subject to the sanctions; making available funds to, or for the benefit of, the persons, entities and groups subject to the sanctions; in certain cases, making financial services (including insurance and asset management services) available to, or for the benefit of, the persons, entities and groups subject to the sanctions; and participating, knowingly and intentionally, in activities the object or effect of which is to enable or facilitate the commission of actions prohibited by the sanctions regime. 1.3 Application Restrictions relating to sanctions can have a very wide application, often applying to all persons within the jurisdiction that imposes the restrictions, including companies and other legal entities that are incorporated or organised, or are conducting business, within that jurisdiction. Additional requirements often apply to members of the Prudential Group because of their status as regulated entities. Restrictions relating to sanctions may also apply to directors, officers and employees of the Prudential Group based on their citizenship or the fact that they are located in a particular jurisdiction. For example, British citizens may commit criminal offences under the UK s sanctions regime wherever they are located. Similarly, U.S. citizens, including those holding dual citizenship and permanent residents of the United States, are subject to the United States economic sanctions regime wherever they are located. Sanctions requirements can be complex and will vary from time to time. It may be necessary to take legal advice to ensure that current requirements are fully understood and are being complied with. This Policy applies to all personnel, all BUs and all members of the Prudential Group. 1Sanctions screening should cover beneficial owners (including trustees, or company directors), that are identified by the firm in question as requiring verification under its risk-based approach to customer due diligence. Beneficial owner refers to the individual (s) who ultimately owns or controls a customer and/or the individual on whose behalf a transaction is being conducted. It also includes those persons who exercise ultimate effective control over a legal entity. This definition should also apply to beneficial owner of a beneficiary under a life or other investment linked insurance policy. In respect of private individuals the customer himself or the life assured is the beneficial owner, unless there are features of the transaction, or surrounding circumstances, that indicate otherwise. In relation to entities, beneficial owners are individuals either owning or controlling more than 25% of the company s shares or voting rights (potentially members of the board of directors). 6

7 1.4 Consequences of Non-Compliance Members of the Prudential Group: Failure to comply with sanctions can expose members of the Prudential Group to civil and criminal liability, fines, reputational damage, public reprimand, limitation on business and other serious consequences. Individuals: Directors and officers of Prudential Group companies and individual members of staff who fail to comply with legal requirements relating to sanctions may be committing criminal and/or civil offences which may result in personal liability and penalties such as fines and imprisonment. Employees who fail to comply with this policy may be subject to disciplinary action up to and including dismissal. In certain jurisdictions, if a body corporate or other legal person commits an offence with the consent or connivance of a director, partner or other officer, or the offence is attributable to any neglect on the part of a director, partner or other officer, then that director, partner or other officer is guilty of a separate offence. 2 Group Policy The Prudential Group is committed to complying with sanctions restrictions and in this regard it requires its BUs to adopt effective and appropriate policies, procedures, systems and controls that seek to ensure that each BU, and each Group company, can and does comply with applicable sanctions restrictions. 2.1 Legal and regulatory compliance with sanctions restrictions Each BU must comply with the legal and regulatory requirements relating to sanctions in the jurisdiction(s) in and from which it operates and each legal entity which forms part of the BU must comply with the legal and regulatory requirements relating to sanctions in the jurisdiction in which it is incorporated or organised. Following consultation with a local head of Compliance or Group Compliance, it may be necessary to seek advice from local counsel as to the legal and regulatory requirements relating to sanctions currently in force in a particular jurisdiction.

8 2.2 Effective and appropriate policies and procedures Each BU must establish and maintain effective and appropriate policies, procedures, systems and controls ( Policies and Procedures ) for ensuring that its business is conducted in compliance with legal and regulatory requirements relating to sanctions in the jurisdiction(s) in and from which it operates and that each Group company which forms part of the BU complies with legal and regulatory requirements in the jurisdiction in which it is incorporated or organised. Each BU must provide details of its Policies and Procedures relating to sanctions to Group and provide regular updates as to its compliance with local sanctions-related requirements to which it is subject. When formulating its Policies and Procedures each BU must consider carefully the sources of sanctions which might apply to it and to the individual Group companies of which it is comprised (which may differ between jurisdictions). These may include, but may not be limited to, sanctions imposed by any of the following: the UN; the EU; HM Treasury (HMT); the US Treasury Department s Office of Foreign Assets Control (OFAC); the US Treasury under Section 311 of the USA PATRIOT Act against transactions, individuals or entities identified as being of Primary Money Laundering Concern; the US government through Export Control Lists maintained or referenced by the US Bureau of Industry & Security, including the Denied Persons List, Unverified List, Entity List, and the Debarred List; and governments of other countries where such sanctions are legally applicable to the BUs operations. In addition, these Policies and Procedures must ensure that BUs do not conduct business with any individual or entity: which appears on Prudential s own list of restricted individuals or entities (if any); and/or designated by the Group Compliance Director, who may designate other individuals and entities and lists of persons (e.g. names and BIC codes of sanctioned banks and banks in sanctioned countries). Each BU should consider whether the presence of any overseas citizens (and in particular US or EU citizens) among its senior management or boards of directors means that it will be necessary or advisable for the BU to comply with the sanctions restrictions of any other jurisdiction which might apply to those overseas citizens by virtue of their citizenship and/or for other appropriate measures to be taken to mitigate specific risks for those individuals, with a view to protecting those individuals as far as practicable against the risk of a sanctions violation. BU s should screen against UN, HMT and OFAC in addition to local lists

9 2.3 Risk assessments BUs must annually (or more frequently where the risks of the relevant business warrant it for example if it was discovered that a sanctions match had not been picked up by the screening or the number of sanctions matches rose unexpectedly) conduct and document a comprehensive sanctions risk assessment. As part of the assessment process, BUs will need to consider which parts of their business could be affected by the application of relevant sanctions restrictions. In conducting a risk assessment, each BU must, as a minimum, take account of the following factors: the nature of its customers, products, services and activity profiles; the jurisdictions in and from which it operates and the jurisdictions in which the Group companies through which it carries on its business are incorporated or organised; the legal and regulatory requirements imposed in the jurisdictions in and from which it operates and the jurisdictions in which the Group companies through which it carries on its business are incorporated or organised; the jurisdictions in which its customers are resident or carry on business and whether such jurisdictions and/or persons within such jurisdictions are subject to sanctions regimes; the distribution channels it uses to conduct its business; the extent and accuracy of the information that it holds regarding customers and persons connected with customers (e.g. beneficial owners, trustees and directors); the extent to which it is able to conduct due diligence checks in relation to the sanctions policies and procedures applied by third parties that refer customers to it, and the length of time since the last such checks were conducted; the extent to which it may be exposed to breaches of sanctions through its involvement with third parties; whether there are overseas citizens on its board of directors or in other senior management positions who may be subject to the sanctions restrictions of another jurisdiction by virtue of their citizenship; the complexity and volume of the products and transactions it is involved with or provides; the processes and systems that it has in place and its operating environment; the extent to which its products and services are likely, by their nature, to be used by persons subject to sanctions restrictions; the adequacy and performance of its procedures, systems and controls since the last risk assessment; historical sanctions matches identified by the BU; and any relevant industry guidance (including in the UK, without limitation, any guidance published by the Joint Money Laundering Steering Group and, in the US, without limitation, any guidance published by OFAC). The risk assessments undertaken by each BU must be approved by the applicable local boards of the Group companies that comprise the BU and reported to the relevant BU or regional audit committee. This risk assessment should form the basis for the calibration of the BUs sanctions screening system and the decisions taken around the calibration should be recorded here. 9

10 2.4 Documentation of Policies and Procedures BUs must document their local Policies and Procedures relating to sanctions and clearly set out their approach for complying with legal, regulatory and Group requirements in this area. Each BUs Policies and Procedures relating to sanctions must be informed by the risk assessments it is required to undertake. 2.5 Responsibilities Responsibility for ensuring that business is conducted in compliance with relevant laws and regulations relating to sanctions rests with each BU, recognising that each Group company that forms part of a BU will have its own legal responsibilities in relation to applicable sanctions restrictions and these may differ even within a BU. Accordingly, the management of each BU and, where relevant, of each Group company within the BU, is responsible for ensuring that it complies with this Policy, applicable legal and regulatory requirements and standards of good practice relating to applicable sanctions. Each BU and the board of each Group company, as applicable, must approve and be responsible for local Policies and Procedures relating to sanctions, and provide appropriate resources for sanctions compliance. The board of a BU or a Group company may delegate authority to nominated executives to ensure that legal and regulatory requirements are adhered to at an operational level. In particular, such boards may delegate authority to senior executives managing BUs that operate through more than one Group company. Such delegation does not, in any event, reduce the responsibility of the relevant board. 2.6 Screening systems Principles and procedures The principal aim of the Policies and Procedures for each BU must be to ensure that business is not carried on with, and payments are not made to, any person in contravention of an applicable sanctions restriction (the Policy Objective ). A key aspect of the Policies and Procedures must therefore be an effective process for screening customers and third parties against applicable sanctions lists. BUs must develop and maintain an effective process for screening that is appropriate to the nature, size and risks of their business. The scope, frequency and complexity of the screening undertaken by each BU should be appropriately tailored to suit its business, activities and risk profile and should be informed by the regular risk assessments required to be undertaken. Each BU must be able to justify the scope and frequency of screening which it undertakes. BUs must ensure that the screening system which they use undergoes, either internal or external testing on a regular basis to ensure that it functions effectively to be determined on a risk based approach. 10

11 BUs must consider the different approaches that may be required for paper and electronic processes that they undertake. For electronic processes, an automated screening system is usually required, with such systems capable of using fuzzy logic where the BU considers that the risks warrant that capability. Screening should be undertaken by BUs against lists of sanctions targets published by the governments and other applicable organisations under the laws and regulations in the applicable jurisdiction(s) identified as part of the risk assessment process Customers Each BU must, in light of the Policy Objective and its own risk assessment, consider the method by which it can most effectively screen new customers (including corporate customers2) as part of its customer introduction process Each BU must also consider, in light of the Policy Objective and its own risk assessment, the extent to which it should carry out screening checks each time that a payment is made to a customer (or another beneficiary or payee). BUs must also consider whether it is necessary or appropriate to carry out screening checks at other points in the product cycle, for example each time a customer invests in a new product and each time there is any other significant transaction involving the product in which a customer is invested. In considering this, BUs must have regard to factors such as the availability of automated screening, the materiality of the relevant transaction and historical sanctions matches identified through regular screening of the existing customer base. BUs would not be expected to screen a member of the Prudential Group that may be acting as a customer or supplier of services in the context of a particular transaction or arrangement. Where customers are referred to a BU by another regulated entity, BUs may choose to consider this as part of the risk assessment when determining the screening procedures that should apply. However, BUs must be aware that they remain responsible for ensuring that any transactions undertaken with that customer would not be a breach of applicable restrictions relating to sanctions. If a BU acquires customers by referral, the Policies and Procedures for that BU should address the screening consequence for the situation where a customer is referred to a BU and that BU is supplied with information regarding the identity of the customer. The assumption is that all such information would be screened. 2 A corporate customer is defined as any entity that is not a natural person. 11

12 WWhere, pursuant to arrangements with agents, distributors or other third parties, a BU is not supplied with information regarding the identity of the underlying customers, the Policies and Procedures for that BU should at a minimum require appropriate steps to be taken to satisfy itself that the referring entity screens their customers in a way that the BU reasonably regards as acceptable. In such cases, the BU should carry out (and record the results of) due diligence checks with respect to the screening and AML processes operated by the agent, distributor or other third party in order to assess and understand any differences between the processes that the agent or distributor operates and those operated by the BU. Where BUs are not able to carry out such due diligence checks, this should be considered as part of their risk-based approach. Where a BU utilises external service providers to conduct sanctions screening the business unit should carry out (and record the results of) due diligence checks with respect to the screening processes operated by the external service provider in order to assess and understand any differences between the processes that the external service provider operates and those operated by the BU. Periodically during the relationship monitoring of the external service provider s controls should be undertaken to ensure that they are working as expected Corporate customers Where a BU is in possession of information (e.g. through AML due diligence procedures) regarding the identity of beneficial owners, trustees, shareholders, directors or other persons connected with a corporate customer, the BU should consider, in light of the Policy Objective and its own risk assessment, the extent to which those persons should be subjected to screening. Where the risk assessment warrants it, a BU should request further information from its corporate customers regarding their beneficial owners, trustees, shareholders, directors and other persons connected with them. If a BU is in possession of new information about persons connected with corporate customers (e.g. when new directors are appointed or if there are changes to beneficial owners), it should ensure that records are updated appropriately and consider the extent to which it would be appropriate or necessary to screen against this new information Employees and third parties Adopting a risk-based approach, BUs must consider whether to carry out screening checks against current and prospective employees and other persons, such as suppliers to, or agents and distributors appointed by, the BU and other third parties with whom they have a business relationship (e.g. joint venture partners). The scope and frequency of any screening to be undertaken should be informed by the risk assessments undertaken by each BU. BUs should consider carrying out checks against third party suppliers as part of their procurement processes and more frequently afterwards where a risk assessment indicates that it would be a prudent course of action Investments The sanctions restrictions imposed by certain jurisdictions make it an offence to make available funds (including cash and payment instruments) to sanctions targets. BUs that are investing funds (e.g. by way of the acquisition of debt or equity securities) should, where a reasoned assessment of risk indicates that it would be prudent, screen against the entities or persons to whom these funds are made available. 12

13 Where investments are being acquired in the secondary market and they are in possession of the relevant information, BUs should consider screening against counterparties to transactions where the nature of the transaction indicates that this would be prudent. Where BUs are in possession of the relevant information, they should also consider the extent to which screening should be undertaken against other persons connected with the recipients of funds (for example, directors and beneficial owners) where the nature of the transaction indicates that this would be prudent Rescreening In accordance with a risk-based approach, BUs should also consider implementing procedures for the re-screening of customers and other third parties on a regular basis (for example following updates to applicable sanctions lists) even in the absence of transactions involving products in which a customer is invested Target matches and reporting BUs must investigate whether a potential match is an actual target match or a false positive. It is expected that potential matches should be reviewed and resolved as soon as possible and within 5 working days of notification 3. Subject to applicable law in the jurisdictions to which they are subject, BUs may need to freeze or reject accounts where there is a target match, to ensure that no breach of applicable legal and regulatory requirements occurs. Advice may need to be sought in each case as to the appropriate response to a target match. BUs must comply with all applicable obligations to notify local regulators/law enforcement agencies, including when there is an actual target match. BUs must notify the Group Compliance Director as soon as practicable following the identification of an actual target match using the Financial Sanctions match report template 4. BUs must ensure that matched targets are prominently and clearly identified within applicable systems. Controls must require staff to make a referral to relevant compliance staff prior to dealing with such individuals and/or entities Audit trails BUs must maintain clear and documented audit trails of screening undertaken, investigations into potential target matches, the decisions and actions taken and, where appropriate, the rationale for deciding that a potential target match is a false positive. Audit trails should be maintained for a period of no less than five years and longer if required by local legislation 3 This clearance target does not apply to system upgrades or fixes or where the full database is rescreened 4 Where local data protection restrictions prevent the Financial Sanctions match report template being completed in full, then it should be completed with sanitised data. 13

14 2.7 Review and assurance Each BU must each year or, where the risks of the business warrant it, more frequently, review and take steps to assure the effectiveness and appropriateness of its Policies and Procedures and to check that the BU has operated in a manner which complies with its Policies and Procedures and the objectives of this Policy, and that its Policies and Procedures remain up-todate and adequate. Each BU shall amend its Policies and Procedures where a review or assurance-check shows that to be necessary. Without limitation, such reviews must cover the effectiveness of any proprietary automated screening systems that a BU uses. The review and assurance process undertaken by a BU must be carried out in addition to any review and assurance process carried out at Group level, unless agreed by the Group Compliance Director that duplication would result. Each such review and assurance-check must be appropriately documented. 2.8 Training BUs must ensure sanctions training is provided to all relevant staff 5, and that refresher training is included to ensure that knowledge remains up-to-date. Staff should receive training when they join the business and annually thereafter during the refresher training period. Training should cover: this Policy; the legal and regulatory background to sanctions in the jurisdictions in and from which the relevant BU operates and the jurisdiction(s) in which the entities through which it carries on its business are incorporated or organised; how to recognise and deal with customers who may be subject to sanctions; and the relevant Policies and Procedures operated by the BU. 2.9 Reporting to the Group Compliance Director BUs must ensure that potential matches received, investigated and reported are included in the quarterly MI provided to the Group Compliance Director. Any significant backlogs of alerts should be reported to the Group Compliance Director at the earliest opportunity. 5 Relevant staff may include; All permanent staff Contractors (excluding those contracting through an organisation where there is an expectation that they will have received training through their own organisation) New joiners Temporary staff- To be provided with training unless they are very short term. 14

15 3 Compliance with the Group s Policy and Standards 3.1 Responsibility for compliance Responsibility for ensuring that the Group s business is conducted in compliance with relevant Economic Sanctions legislation ultimately rests with the CEO of each BU and the board of each Group company (see Group Compliance Policy Statement). Accordingly, the management of each company is responsible for any breach of Economic Sanctions laws, codes, rules, regulations. This includes the Group Sanctions Policy with which it is required to comply. The CEO or board may delegate authority to nominated executives to ensure that the relevant Economic Sanctions legislation is adhered to at an operational level. Such delegation does not reduce the ultimate responsibility of the CEO or the board. In addition to compliance with relevant Economic Sanctions legislation, the Group has made certain commitments in its Statement of Business Purpose. These include seeking to enhance the Group s reputation, built over 160 years, for integrity and for acting responsibly within society. The management of each company, including any nominated executives to whom authority is delegated, must be aware of the Group s commitments and must have regard to them when discharging their responsibilities in order to ensure that any actions taken are consistent with the Policy requirements. 3.2 Exemption requests The Group Policy and Standards set out in this Policy are based primarily on international standards. It is expected therefore that requests for exemptions from the Group Policy should be exceptional. Such exceptions should only arise, for example, where the Group Policy is in direct conflict with local laws, or a new company has been acquired and time may be required to change existing procedures. All applications for an exemption from Group Policy should be submitted in accordance with the requirements of Chapter 2.13 of the Group Governance Manual. The Group Compliance Director will consider exemption requests and discuss them within the Group Compliance Function and with Group Legal, as appropriate. It should be noted that no exemption will be granted that breaches compliance with local legislation, regulation or guidance. Where the BU requesting the exemption is located in a FATF country, and the waiver would breach a FATF Recommendation, the waiver request should detail the jurisdiction s reasons for its decision not to comply with the relevant Recommendation. 3.3 Quarterly reporting MLPO s should report to the Group Compliance Director (or the RMLPO where there is one in place): statistics for the quarter; an update on matters reported to the Group Compliance Director as outstanding at the end of the previous quarter; a summary of matters reported to the Group Compliance Director during the quarter showing the present situation; and any other matters which the MLPO considers should be reported to the GCD. Reports should be submitted in the MI format provided by Group Compliance. If there is insufficient space on the form, then lines can be added or notes appended as appropriate. Quarterly reports should be sent to the Group Compliance Director (via the RMLPO where there is one in place) within 15 working days of the quarter end. 15 Sanctions Policy 2014

16 The main objective of the reporting requirement is to deliver to Group Head Office, timely, objective reports on significant breaches and other significant money laundering prevention issues. This will enable Group Compliance, Group Legal, and other Group functions to become involved at an early stage if it is appropriate to do so. 3.4 Risk assessments Each BU must annually (or more frequently where the risks of the relevant business warrant it) conduct and document a comprehensive sanctions risk assessment. This should be sent to Group Compliance s nominated individual (the Group Compliance Director) for review, via the RMLPO where there is one in place. The risk assessments undertaken by each BU must be approved by the MLPO and referred to the applicable local Boards where appropriate, and reported to the relevant BU or Regional Audit Committee. 3.5 BU Economic Sanctions Policy Each BU must provide details and a copy of its approved Economic Sanctions policy to Group Compliance s nominated individual (the Group Compliance Director) via the RMLPO where there is one in place. 3.6 Breach of Regulations Exception reports in this category will cover any breach of Economic Sanctions regulation which may: constitute a fraudulent or criminal act involving dishonesty; give rise to disciplinary action by the relevant authorities or Regulators (other than minor matters of an administrative nature); generate adverse publicity such as to damage a Group company s reputation; give rise to a material fine and/or costs levied by a court of law, relevant authorities or Regulators; involve a material monetary loss to the Group (other than a fine or regulatory costs); result in the dismissal (or forced resignation) of an employee; and prompt an enhancement or addition to Group procedures, designed to prevent a repetition; A non-material breach which is repeated in such a way as to suggest the breakdown of economic sanctions controls should be regarded as material or significant. Any reports submitted to a relevant authority in respect of a breach of Economic Sanctions legislation must be copied to Group Compliance (with an English translation where appropriate), subject to local laws allowing this. 16 Sanctions Policy 2014

17 4 Glossary In this Policy, the following defined terms or abbreviations take the stated meanings (expanded where appropriate throughout the Policy): BU or Business Unit CEO EU GCD GEC GHO GwIA Group MLPO OFAC RMLPO UK UN A business unit of the Prudential Group Chief Executive Officer European Union Group Compliance Director Group Executive Committee Group Head Office Group-wide Internal Audit Prudential Group Money Laundering Prevention Officer U.S. Office of Foreign Assets Control Regional Money Laundering Prevention Officer United Kingdom of Great Britain and Northern Ireland United Nations 17 Sanctions Policy 2014