The Importance of an AML Programme Simon Kingsbury

Much of the money is banked in Britain” AML Background “Corruption is bleeding Africa to death and the cost is borne by the poor. Much of the money is banked in Britain” Hugh Bayley MP, Chair of the United Kingdom’s House of Commons Africa All Party Parliamentary Group

Consequences of Poor AML Controls Dec 16, 2009 ABN Amro - $500MM for facilitating movement of illegal money from sanctioned countries May 18, 2010 May 5, 2010 Alpari £140,000 for inadequate AML controls and systems; individual AML reporting officer fined £14,000 for breach accountability HSBC – $500MM possible fine for AML/BSA violations in global banknotes and CB business Aug 5, 2010

Reputational/ Franchise AML Considerations Legal/ Regulatory Social Reputational/ Franchise Economic

Strategic Importance World class AML program Expansionist World class AML program Embedded culture in the business Evidence of change for good Well managed risk

Connections between financial institutions Global banking networks connect global, regional and local financial institutions to clients of every type: Governments and Embassies Multi-nationals, Top tier corporates, Small businesses and Individuals Local banks are important links in the AML risk management framework. Partnership, knowledge transference and engagement between local banks and global Banks like Citi can help both appropriately dimension risk levels and progress business relationships with confidence.

AML Compliance Culture Board level focus EMEA AML Committees Audit Top level Commitment Effective Implementation Monitoring & Review Front Office DNA Policies & Procedures Risk Assessment Due Diligence AML Monitoring Training Awareness & Understanding Business Management Oversight Client engagement Know Your Customer AML Program Risk Committees OneCiti AML risk assessment template Know Your Product

Framework of an AML Program The objective of the AML program is to prevent, detect and report money laundering, terrorist financing and other illicit activity. Prevention Detection Reporting The AML Program is designed in accordance with global regulatory requirements and guidance to address effective: Policies Processes Personnel Controls Successful execution of the program requires a strong awareness of AML risks and requirements across all levels of the organization. Account Opening Customer Identification Program Know Your Customer (KYC) Processes Enhanced Due Diligence Customer Screening Training Policies and Procedures Risk Assessments Transaction Monitoring Alert Generation Investigations Client Behaviour Profiling Periodic Reviews Enterprise-wide Reviews Suspicious Activity Reporting Account Restrictions or Closures Business Reviews Management Information Risk Analysis 8

AML Controls Three Lines of Defense First Line of Defense Business and Support Units Second Line of Defense AML & Product Compliance, Legal, Compliance Testing Third Line of Defense Audit Business Management Drives a compliance culture – “tone at the top” Ensures client on-boarding meets AML requirements Oversees operational support units Monitors results of internal risk assessment reviews Support Units Operational support for client on-boarding and renewals AML transaction monitoring OFAC and other list scanning AML Compliance Oversees implementation of the business AML Program Provides guidance on internal policies and regulatory requirements Reviews business and operational procedures; identifies and assesses client and product AML risk Reviews escalated transactions and potential SAR recommendations Product Compliance Reviews and approves new and existing products; coordinates with overall business oversight with AML Advisory Legal Provides legal advice to Compliance and the business Compliance Testing Performs targeted and mandatory risk-based reviews of controls Audit Provides independent periodic assessments of the adequacy and effectiveness of internal controls