February 10, 2012 Michelle Hemerley Director, Compliance Consulting

Introduction and Overview Board Reporting Best Practices Report Format Scorecard Board Training Various Methods of Training Topics to Include Recent FinCEN information The new Consumer Financial Protection Bureau

Best Practices – At least Quarterly BSA Report Board Reporting At least Annually Effectiveness of the BSA/AML Program Approve Policy and Risk Assessment Best Practices – At least Quarterly BSA Report Program, Policy, Risk Assessment update Examination and Audit update SAR Reporting Number and Dollar Amounts General Summary of Suspicious Activity Any issues with SAR Reporting

BSA/AML Board Report Scorecard Example

Additional Scorecard Items BSA/AML Report Additional Scorecard Items Monetary Instruments purchased with cash greater than $3,000 High-Risk customer numbers and percentages OFAC matches 314(a) matches Accounts opened / Loans Closed

Additional BSA/AML Report Items High-Risk Customer information Reviews and Monitoring information Visits to High-Risk Customers BSA/AML Training Conducted

Annual BSA/AML Training Board Training Types of Training Computer Based In-Person Documentation Annual BSA/AML Training Initial Refresher/Risk Based/Recent Enforcement Actions

What is Money Laundering? Annual Board Training What is Money Laundering? Placement – Introduce unlawful proceeds into the banking system without attracting attention Layering – Moving funds around to create confusion and complicate the paper trail Integration – Ultimate goal to create the appearance of legality Terrorist Financing

BSA/AML & OFAC Requirements Currency Transaction Report (CTR) Purpose is to create a “paper trail” for transactions (deposit, withdrawal, etc.) conducted with cash Required to complete a CTR for all cash transactions over $10,000 Monetary Instrument Log Purpose is to create a “paper trail” for monetary instruments (cashier’s checks, money orders, traveler’s checks, etc.) purchased with cash Required to maintain a record of all monetary instruments purchased with cash between $3,000 and $10,000

BSA/AML & OFAC Requirements Suspicious Activity Report (SAR) Purpose is to assist in combating terrorist financing, money laundering, and other financial crimes. Required to identify, research and report suspicious activity Office of Foreign Asset Control (OFAC) The office that administers and enforces economic and trade sanctions against targeted foreign countries, terrorists, international narcotics traffickers, and those engaged in activities related to weapons of mass destruction. Prohibited from opening an account or conducting a transaction with anyone on the OFAC list.

Role of Board of Directors Establish culture of compliance - set the tone Approve BSA/AML Compliance Program and appoint BSA/AML Officer Provide direction and support to management Discuss BSA/AML significant concerns Maintain knowledge of BSA/AML requirements Ensure necessary corrective action is taken

Role of Senior Management Manage the enterprise-wide BSA/AML program Report Quarterly to Board of Directors Establish a structure to identify, monitor and manage BSA/AML risk for the Bank Clearly assign responsibility and accountability Provide appropriate resources Integrate BSA/AML compliance objectives into management goals

Key Components of BSA/AML Program BSA/AML Compliance Program Requirements: Internal controls – policies, procedures, and processes to control risks and achieve compliance Independent testing Designated BSA/AML personnel Training Board of Directors Oversight Customer Identification Program (CIP)

Key Components (Cont’d) Risk assessment Customer & Enhanced Eue diligence Suspicious activity detection, monitoring and reporting OFAC USA PATRIOT Act - section 314 (a) and (b) Information and communication

BSA/AML Compliance Program BSA/AML Officer – Michelle Hemerley Assistant BSA Officers BSA/AML Department High Risk Account Specialist FinCEN 314 & OFAC Compliance Officer Independent Audit completed by X

Customer Identification Program Most Important Key – Know Your Customers Required to Verify the Customer’s Identity and obtain required documentation (Name, Address, DOB, SS#) Run against X list

Initial Customer Due Diligence Identification Proof of Business Anticipated Activity & Returns Google Enhanced Due Diligence Contact customer to discuss business Visits Monitoring

Money Laundering Red Flags Customers Who Provide Insufficient or Suspicious Information Activity Inconsistent with the Customer’s Business Other Suspicious Activity (I.e., wire transfers, increase in activity or returns) Employee Activity

High-Risk Customers Cash Intensive Businesses International Businesses/PEPs Third Party Processors Outbound Telemarketing Debt Consolidation Privately Owned ATMs

Money Service Business High-Risk Customers Money Service Business A Business that conducts more than $1,000 in business with one person in one or more transactions on the same day in one or more of the following services: Money orders, Traveler’s checks and Stored Value / Prepaid Access Cards Check cashing / Payday Lending Currency dealing and exchange OR Providing money transfer service IN ANY AMOUNT

Remote Deposit Capture (RDC) Remotely Created Checks (RCC) Product Information Remote Deposit Capture (RDC) Scan checks and transmit images Remotely Created Checks (RCC) Check authorized by customer remotely via phone or on-line without signature Automated Clearing House (ACH) Network for electronic alternative to paper checks – governed by NACHA rules Third Party Payment Processor Provide payment processing to merchants and other business entities

Identifying Suspicious Activity Risk analyzed at initial account opening Risk score based on: Type of business and volume of activity Geographic location Average Ticket Previous Returns Customers are monitored by the BSA/AML Department accordingly

Identifying Suspicious Activity BSA/AML Department Monitoring MSB Monitoring – Structuring, commercial check cashing, microstructuring as well as site visits and annual reviews Cash Vault Monitoring – Monthly review of cash withdrawal fluctuations Remote Deposit Capture Monitoring – Daily, monthly and periodic reviews of variances, returns, and unusual trends or activity ACH Monitoring - Monthly review of activity variances and analysis of returns

Reporting Suspicious Activity If suspicious activity is noted, complete Unusual Activity Form and send to BSA/AML Department immediately Be sure to explain “Who”, “What”, “When”, “Where”, “How” and “Why” you are suspicious Keep CONFIDENTIAL – never discuss with anyone

Refresher/Risk Based Training Recommend still cover BSA/AML requirements and Board responsibilities Bank’s specific BSA/AML Risks according to Risk Assessment Recent Examination Findings and Enforcement Actions Latest Money Laundering Schemes Check Fraud Mortgage & R/E Fraud Illegal Aliens Internet Gambling Human Trafficking

Recent FinCEN Information Sign up for FinCEN e-mails / AMLA membership Law Enforcement Case Examples FinCEN Requires AML Program and SAR Filing for Non-Bank Mortgage Lenders and Originators FinCEN Extends Deadline for Adopting New CTR and SAR

The New Consumer Financial Protection Bureau (CFPB) CFPB Authority Bank’s over $10 Billion and Non-Bank Financial Institutions Consumer Complaints Various Consumer Regulations – not BSA/AML New Examinations Product Life Cycle Consumer Perspective UDAAP and Fair Lending

Final BSA/AML Comments & Questions