Generic AML Compliance Program Guidelines – No Specific Lead

e Designated Compliance Officer — For further guidance, please refer to the Designation of AML Compliance Officer and the AML Compliance Organization section, e Risk Assessments — For further guidance, please refer to the Enterprise-wide Risk Assessment, Business Line Risk Assessment, Customer Risk Assessment and OFAC Risk Assessment sections. e Customer Acceptance and Maintenance Program — For further guidance, please refer to the Know Your Customer, Due Diligence and Enhanced Due Diligence, Section 326 — Verification of Identification, Section 312 - Special Due Diligence for Correspondent Accounts and Private Banking Accounts and High Risk Customers sections. e Large Currency Monitoring and Currency Transaction Report Filing Program — For further guidance, please refer to the Currency Transaction Reports section. e Monitoring, Investigating and Suspicious Activity Report Filing Program — For further guidance, please refer to the Transaction Monitoring, Investigations and Red Flags and Suspicious Activity Reports sections. e Sanctions Program — For further guidance, please refer to the Office of Foreign Assets Control section. » Information Sharing — For further guidance, please refer to Section 314(a) — Cooperation among Financial Institutions, Requlatory Authorities and Law Enforcement Authorities, Section 314(b) Requirements — Cooperation among Financial Institutions and National Security Letters sections. e Recordkeeping and Retention Program — For further guidance, please refer to the Funds Transfer Recordkeeping Requirement and the Travel Rule, Recordkeeping Requirements for the Purchase and Sale of Monetary Instruments, Form 8300 and Report of Foreign Bank and Financial Accounts sections. e Independent Testing — For further guidance, please refer to the Independent Testing section. e Training — For further guidance, please refer to the AML Training section. e Management and Board Reporting — For further guidance, please refer to the Designation of AML Compliance Officer and AML Compliance Organization section. It is important to note that not all types of financial institutions are required to have each of the key components listed above. For additional guidance on the AML requirements of nonbank financial institutions, please refer to the Nonbank Financial Institutions and Nonfinancial Businesses section. 35. How can technology be used to support a financial institution's AML program? Technology can be used, for example, to support: e Monitoring for Suspicious Transactions and Facilitating Suspicious Activity Report Filing — For further guidance, please see the Suspicious Transaction Monitoring and Suspicious Activity Report Filing Software section. e Monitoring for Large Currency Transactions and Facilitating Currency Transaction Report Filing — For further guidance, please see the Large Currency Transaction Monitoring and Currency Transaction Report Filing Software section. e Verification of Customer Information (e.g., CIP) ~ For further guidance, please see the Customer Verification Software section. e Storage of Customer Information (e.g., CIP, EDD) — For further guidance, please see the Customer Information Database and Customer Risk Assessment Software section. e Calculation of Customer Risk Ratings — For further guidance, please see the Customer Information Database and Customer Risk Assessment Software section. e Searching Against Special Lists of Prohibited and/or High-Risk Individuals/Entities (¢.g., Office of Foreign Assets Control [OFAC], 314(a), Subpoenas, Media Searches, Internal “Deny” Lists, Politically Exposed Persons [PEPs]) for Customers and Transactions — For further guidance, please see the Interdiction Software and List Providers sections. e AML Training — For further guidance, please see the Training Software section. e Case Management - For further guidance, please see the Case Management Software section. protiviti | 25 HOUSE_OVERSIGHT_024131