2022 Trust Forum Presentations

INTERNAL FR/OFFICIAL USE // SECURE EXTERNAL

Basic Reminders

Unlike the Bank Secrecy Act: • Sanctions laws and OFAC-issued regulations apply to all U.S. persons regardless of where they are located o US banks and their domestic branches, agencies, rep offices, foreign branches, and often their overseas offices and subsidiaries • A sanctions compliance program (SCP) is not required by regulation o However, “OFAC strongly encourages organizations subject to U.S. jurisdiction…to employ a risk-based approach to sanctions compliance by developing, implementing, and routinely updating a SCP” o OFAC expects a SCP with five components: ƒ Management commitment ƒ Risk assessment ƒ Internal controls ƒ Testing and auditing ƒ Training • Only OFAC can determine if a violation of their regulations occurred • Trust accounts present similar sanctions concerns to deposit taking, lending, and other traditional banking activities • When misused, trust and asset management accounts can conceal the identity of beneficial and legal owners o OFAC's position is that beneficiaries should be screened • Many factors contribute to sanctions risk, including: o Type of trust or agency account and its size o Types and frequency of transactions o Country of residence of the principals or beneficiaries o Country where established o Source of funds • Banks may not include trust accounts or transactions within its “core” sanctions screening platforms • It remains important to assess the adequacy of the bank’s policies, procedures, processes, and systems to manage the risks associated with trust services, and management’s ability to implement effective due diligence, monitoring, and reporting systems . Trust Considerations 11/3/2022 3

INTERNAL FR/OFFICIAL USE // SECURE EXTERNAL

11/3/2022

4