OFAC Compliance Officer Responsibilities NorthPark has designated as the BSA/CIP/OFAC Compliance Officer. The BSA Officer will maintain and update the policies. At least annually the policy will be reviewed and approved by the NorthPark Board of Directors. In addition to the BSA, the BSA Compliance Officer will also be responsible for the Customer Identification Program (CIP) Policy and the Bank Secrecy Act (BSA) Policy. All operational procedures and daily activities related to these regulations and policies are the responsibility of the BSA Officer. OFAC Regulations NorthPark must monitor all financial transactions performed by or through them to detect those that involve any entity or person subject to the OFAC laws and regulations. In most situations NorthPark should accept deposits and funds subject to OFAC regulations, but freeze the funds and accounts, so that absolutely no funds can be withdrawn (this is called blocking ). There are a few situations that may require NorthPark to reject the transaction or funds instead of accepting and blocking them. Exact regulations vary, in accordance with requirements imposed by the eight federal statutes and the specific sanctions. Transactions Subject to OFAC The following financial transactions must be reviewed for OFAC on the core system by running an individual OFAC scan for compliance including, without limitation: Deposit accounts (checking, savings, etc.) Loans (All loan types at origination) Wire transfers (Incoming & Outgoing for all individuals and entities) IAT (International ACH Transactions) Depositing or cashing checks (Non-Members cashing On Us checks with proper I D) Purchase of money orders or corporate checks Guarantors and collateral owners Credit Cards Trust accounts The names of all parties to a transaction should be checked against the list of names of individuals, entities, geographical locations or countries that have been identified by OFAC. This includes, but is not limited to the following (as applicable): Beneficiaries Collateral Owners Guarantors / Cosigners Receiving Parties Sending Parties Page 1
Wire Transfers - OFAC Scan Procedures Our third party vendor Corporate Central Federal Credit Union completes an OFAC scan on Receiving Institution, Beneficiary, and Sender before a wire is processed. If there is a possible match Corporate Central notifies NorthPark to research and verify before the funds are sent. The core system will automatically prompt scans for all parties involved when posting a wire in or out as well. IAT (International ACH Transactions) - OFAC Scan Procedures All IAT are scanned through OFAC before the transactions are posted by the Accounting Department. If there is a match a block will be placed on the account. On-Going OFAC Scan Procedures All opened and closed accounts are scanned weekly against OFAC and a report is generated for the BSA Officer. All accounts are screened against government listings as well credit reports. All members and or signers as well as the business name is scanned against government listings for all current business accounts. Training Procedures The NorthPark BSA Officer ensures that all employees are trained in relationship to the OFAC and this policy. NorthPark BSA/CIP/OFAC Compliance Officer is responsible for ensuring that all appropriate personnel and the Board of Directors are aware of their responsibilities regarding administration of the OFAC program. All employees have annual mandatory training to review the policies and procedures in relation to BSA/CIP/OFAC by the BSA Officer or a specialized compliance officer. All new employees will be trained in policy and procedures of OFAC by the BSA Officer or the Operations Manager. The BSA Officer will also receive additional training by outside sources as offered by the ICUL or other companies that specialize in Government Regulations. Record-Keeping Requirements under the BSA NorthPark will comply with the general record retention period of five years required by OFAC regulations. All records are stored for easy access within a business day, taking into consideration the nature of the record and the amount of time expired since the record was made. NorthPark fulfills all other OFAC record-keeping requirements as it makes and retains financial records in the ordinary course of business. Check Current and New Members The core processor will run a weekly OFAC scan for open and closed memberships the Saturday of the week they receive notification from the Treasury for Specially Designated Nationals (SDN) List. These scans can be multiple times or less Page 2
depending on the notification to run the scan from the Treasury. The BSA Officer will receive a notification of any suspect hits on the daily reports generated by the core processor. This is an automated service offered by the core processor and reports are generated every Monday for viewing. These reports are retained by the BSA Officer. If the name is determined to be a true match, appropriate action must be taken to block (or reject, if applicable) the transaction, and then file the appropriate report with OFAC. All accounts for the matched name should immediately be frozen and placed in a blocked account, so that no funds can be withdrawn from these open accounts. Notify the BSA Officer or your immediate Supervisor and the BSA Officer; immediately when a blocked account occurs. Specific Transactions If the transaction is a deposit, NorthPark is to accept the funds and immediately place the funds in a blocked account so that no funds can be withdrawn. This applies unless it is one of the few transactions that are to be rejected, in which case the NorthPark should refuse to take the funds and proceed with the transaction. Note: The member should be advised immediately of the blocking of the account or funds, also inform your immediate supervisor. The Due Diligence Code must be changed to a 3 for future monitoring by the BSA Officer. Dividends on Blocked Accounts Any funds placed in a separate blocked account will collect reasonable dividends as mandated by OFAC regulations. This regulation applies regardless of whether it is the credit union s policy to pay dividends on these accounts or not. (I.e. even if it falls below the normal balance requirement to receive dividends, NorthPark must pay reasonable dividends on this account anyway). The Due Diligence Code must be changed to a 3 for future monitory by the BSA Officer. Important OFAC Reports There are a number of important reporting requirements for OFAC, when an applicable event is identified. However, the three most important are: 1. Any transaction that has been blocked or rejected must be reported to OFAC within 10 business days, the property became blocked (see the OFAC Submission Report). 2. An annual report of all property blocked as of June 30 are due by September 30 of each year. (see the Annual Report of Blocked Property). 3. OFAC requires the retention of all reports and blocked or rejected transaction records for five years. Page 3
Please refer to the samples for OFAC Submission report as well as for the Department of the Treasury s OFAC reporting documentation. The BSA Officer will also seek further instructions on the OFAC website which may also involve contacting the OFAC hotline. Blocked Transaction Reporting Information 1. NorthPark s name and address (as holder of the account). 2. The name, title and phone number of the person that OFAC should contact for further information regarding the transaction or account. 3. Full information about the transaction including: a. Full name of the owner or account party b. A description of the property c. The location of the property d. Type of transaction, account or description of the property e. Amount (actual or estimated) f. Date of transaction g. Date of report filing h. Status and location of the account i. Any information necessary to identify the property 4. Confirmation that the property has been placed into a clearly identifiable, new or existing blocked account containing the name of (or interests of) the entity subject to blocking. 5. Name and phone number of the BSA Officer. 6. A photocopy of any written instruction received concerning the transaction. OFAC Violations If NorthPark believes it may have violated OFAC laws or regulations we will contact the OFAC Counsel immediately. The BSA Officer will also seek further instructions on the OFAC website which may also involve contacting the OFAC hotline. OFAC may take the following factors into consideration when determining whether to levy civil or criminal penalties for an OFAC violation: 1. The extent of the Credit Union s compliance efforts. 2. The comprehensiveness of the OFAC compliance policies and procedures. 3. How NorthPark monitors transactions for compliance with the OFAC regulation and laws (e.g., whether it uses interdiction software, etc.) Annual Independent Audit An annual independent audit to verify this credit union s system of internal controls and test for ongoing compliance with the OFAC regulations will be conducted by (internal audit, NorthPark Supervisory Committee, CPA firm, etc.). A written Page 4
report of this audit will be signed, dated and maintained for review by the DFI examiners, with copies sent to management, the NorthPark BSA Compliance Officer and the Supervisory Committee. OFAC Risk Assessment The Credit Union will conduct a comprehensive initial review of its operation in order to ensure that OFAC requirements are being met. This will include, but not limited to: Review of the following procedures as well as an ongoing review of new products and Services offered by the Credit Union. This Risk Assessment along with the OFAC Policy will be reviewed and updated annually and sent to the Board to be approved. Service Provided to Membership Procedures Deposit Accounts All owners, beneficial owners, trustees and beneficiaries of accounts are verified against OFAC prior to account opening. Signers on accounts are also verified against the OFAC list. Loan Accounts IAT (International ACH Transactions) All opened and closed accounts are scanned weekly against OFAC and a report is generated for the BSA Officer. All accounts are screened against government listings via the core processor. All members and or signers as well as the business name is scanned against government listings for all current business accounts. NorthPark no longer offers business/fiduciary or guardianship accounts. All borrowers are verified against OFAC prior to loan funding. Co-signers & guarantors are also verified. Xtend staff or NorthPark Accounting staff run the initial scan on all ACH transactions that show IAT transactions on the ACH exceptions report. If the transaction passes the OFAC scan then we post the transaction to the member account. If the transaction does not pass the OFAC scan then the transaction is turned over to the NorthPark BSA Officer to do their due diligence to review and make a decision to post or return. NorthPark has very few IAT transactions. NorthPark has small volume and dollar amounts for IAT s. Page 5
Monetary Instruments It is NorthPark s policy not to sell monetary instruments to non-members. NorthPark does process checks to shared branch guest members but the funds must be available in their account. All checks processed to members are scanned against OFAC before dispersal. Wire Transfers Cashed Checks Internet Banking MSB s (Money Service Businesses) Field of Membership It is NorthPark s policy not to perform wire transfers for non-members. All non-member originators and beneficiaries, both incoming and outgoing, are verified against OFAC. Outgoing wires are prior to submission; Incoming wires are verified prior to funding; NorthPark does not perform International outgoing wires; NorthPark does not perform wire transfers to financial secrecy havens. Checks are not cashed for non-members unless the check is drawn on the credit union. All on us checks for non-members are verified for identity and scanned against OFAC. Members cannot open a membership account on-line. Transfers are allowed only for a person transferring funds into common ownership accounts and are only allowed to and from credit union accounts. NorthPark does not have any registered Money Service Businesses. Stable well known customer base with small percentage of non-resident aliens (former or current Dow employees). NorthPark has no branches located out of the U.S. NorthPark has little or no accounts in a Field of Membership located in High Intensity Financial crimes areas (HIFCA) or high risk geographic locations. HIGH RECENT ACTIONS BY OFAC WHERE THE CREDIT UNION NOT ADDRESSED THE ISSUES, THUS LEADING TO AN INCREASED RISK MODERATE A SMALL NUMBER OF RECENT ACTIONS BY OFAC INCLUDING NOTICE LETTERS OR CIVIL MONEY PENALTIES WHERE CREDIT UNION IS NOT AT RISK OF SIMILAR VIOLATIONS IN THE FUTURE LOW NO HISTORY OF OFAC ACTIONS. NO EVIDENCE OF APPARENT VIOLATIONS THAT MAY LEAD TO A VIOLATION Page 6
Sample SAMPLE ONLY SAMPLE SUBMISSION REPORT OFAC Report and OFAC Reporting Documents Fax to: 1-202-622-1657 -or- Mail to: Office of Foreign Assets Control Annex Building 1500 Pennsylvania Avenue, NW Washington, DC 20220 Attention: Compliance Office Institution: XYZ FCU Contact: John Doe Address: Phone: 123-456-7890 (ext 123) City State: Fax: 123-456-0987 Zip Code: Email: THE FOLLOWING TRANSACTION HAS BEEN BLOCKED Transaction Name of Entity: Tigar America Name of Account Holder: Marie A. Willson Type of Transaction: Checking Account Transaction ID: 123331231 8-15-1999 Status Status: Account Blocked 8-15-2000 OFAC Listing SDN File 07/06/1999 OFAC Listing: TIGAR AMERICA FRYK Address: Jacksonville, Florida, U.S.A. The information needed in a submission report can vary depending on the program listing of the blocked entity. More reporting information is available at: www.treas.gov/ofac. Page 7
EXHIBIT - 2 SAMPLE REPORTING DOCUMENTS Annual Report of Blocked Property TD F 90-22.50 Office of Foreign Assets Control Department of the Treasury Washington, D.C. 20220 The Office of Foreign Assets Control (OFAC) requires an annual report of all property blocked or funds retained under OFAC Regulations found in Title 31 of the Code of Federal Regulations, Parts 500 through 599. The United States Government needs this information for planning purposes and to verify compliance with OFAC Regulations. The report is to be submitted annually by September 30 to the Compliance Programs Division, OFAC, Department of the Treasury, Washington, D.C. 20220. General Instructions Any person holding property blocked or funds retained under OFAC Regulations is required to submit a report on this form concerning such property. Reports filed in accordance with OFAC Regulations are regarded as containing commercial and financial information, which is privileged and confidential. Requests to submit reports in alternative formats will be considered on a case-by-case basis. For additional copies of the form, as well as other information of interest to holders of blocked property, call OFAC s fax-on-demand service at (202) 622-0077. Page 8
EXHIBIT - 2 SAMPLE REPORTING DOCUMENTS Part A - U.S. Person Holding Property. State reporter s corporate name and address and the name and telephone number of an individual corporate official to contact regarding this report. Name: Address: Individual to contact regarding this report: Name: Title: Telephone: Total number of accounts or items reported on Part B: Complete the certification where applicable. The report is not valid without the certification. I, (name), certify that I am the (title) of the (corporate name), that I am authorized to make this certification, and that, to the best of my knowledge and belief, the statements set forth in this report, including any papers attached hereto or filed herewith, are true and accurate, and that all material facts in connection with said report have been set forth herein. Signature Date Page 9
Part B - Property Reported Identify each account or item of property separately in the spaces provided below. Use additional photocopies of Part B as needed. Use supplemental attachments if the space provided is inadequate. Be sure to indicate the number of accounts or items reported on Part B in the appropriate space on Part A. Owner: Description: Identify the owner of the property. Provide a brief but comprehensive description of the property. Include account type, number, and currency (if other than U.S. Dollars) where applicable. Value: Provide the value (or an estimate) of the property as of June 30. If a value date other than June 30 is reported, so indicate. Location: Regulations: List the location or branch where the property is held, if different than the address shown in Part A. Identify the Part of Title 31 of the Code of Federal Regulations under which this property is blocked. Owner Description Value Location Regulations (Copyright Department of the U.S. Treasury www.ofaccompliance.com.) Any additional questions regarding these procedures need to be direct to the BSA Compliance Officer. Page 10