Risk Management Reconstructed Implementing fraud risk intelligence practices July 2011 KPMG FORENSIC SM

© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Risk aversion vs. Risk intelligence Risk Aversion Risk Intelligence Risk aversion ignores the basic principle of risk vs. reward. Companies should be averse to unrewarded risks (e.g., ethical and non-compliance risks)

© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Major considerations for financial institutions Fraud risk Anti-money laundering compliance Anti-bribery and corruption/FCPA

Fraud risk management

© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The design, implementation, and evaluation of programs and controls that prevent, detect, and respond appropriately to fraud and misconduct risks. Fraud and risk management

© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Sample fraud and misconduct conditions Opportunity Incentive/Pressure Rationalization

© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Sample categories of fraud and misconduct Fraudulent financial reporting (e.g., improper revenue recognition, overstatement of assets, understatement of liabilities) Misappropriation of assets (e.g., theft of cash, physical assets or intellectual property) Revenue or assets gained by fraudulent or illegal acts (e.g., deceptive sales practices, market rigging, over-billing customers) Expenses or liabilities avoided by fraudulent or illegal acts (e.g., improper avoidance of tax liabilities, wage and hour abuses, falsifying information provided to regulators) Expenses or liabilities incurred for fraudulent or illegal acts (e.g., commercial kickbacks, bribery of domestic or foreign officials) Other misconduct (e.g., other violations of legal, regulatory or ethical standards)

© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Antifraud program objectives Prevent fraud and misconduct Detect occurrence Respond appropriately once discovered

© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Sample antifraud program elements PreventionDetectionResponse Board/audit committee oversight Executive and line management functions Internal audit, compliance, and monitoring functions Fraud and misconduct risk assessment Code of conduct and related standards Employee and third-party due diligence Communication and training Process-specific fraud risk controls Proactive forensic data analysis Hotlines and whistleblower mechanisms Auditing and monitoring Retrospective forensic data analysis Internal investigation protocols Enforcement and accountability protocols Disclosure protocols Remedial action protocols

© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Putting it all together

Anti-money laundering compliance

© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The U.S. regulatory environment Bank Secrecy Act (BSA) (1970) USA PATRIOT Act Office of Foreign Assets Control (OFAC) Foreign Corruption Practices Act (FCPA)

© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Risk-based approach to AML compliance The “Four Pillars” of AML Compliance Policies, Procedures, and Internal Controls Designated BSA/AML Compliance Officer* * Should have Board-designated authority to carry out his/her role and responsibilities Training and Communication Independent Testing / Audit

Anti-bribery and corruption/FCPA

© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Corruption risk for banks More than 1 trillion dollars is paid in bribes each year* * Source: World Bank Institute

© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Interplay between FCPA and money laundering The FCPA prohibits bribery of foreign government officials bribery by definition involves the transfer of money or property The Money Laundering Control Act prohibits transfer of money or property derived from “specified unlawful activity” transfer of money or property for an unlawful purpose FCPA violation is an SUA Therefore, payment of bribes in violation of the FCPA usually involves violations of the Money Laundering Control Act

© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Corruption risk for banks The Bank’s clients Potential AML reporting obligations Bank’s client is engaged in corruption and the transactions are being facilitated by the bank The Bank itself Engages through an employee or authorized agent in bribery to gain an advantage Acquired liability Through violations committed by entity acquired

© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Putting it All Together

Thank you Sven Stumbauer Director, KPMG LLP

© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. All information provided is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation.