BSA-AML Examiner School Case Study eBook

Internal Use Only

BSA/AML Policy and Program

○ Information sharing. ● Mechanisms designed to monitor ongoing compliance, which include: ○ Staffing; ○ Reviewing new products and services; ○ Ongoing monitoring and testing; ○ Training; ○ Reporting; and ○ Independent testing of the BSA/AML/OFAC program. A. DESIGNATION OF A BSA/AML OFFICER The Bank’s Board will designate a qualified BSA/AML Officer to have responsibility for day-to-day oversight of the Bank’s BSA/AML/OFAC compliance. The Chief Compliance Officer will act as the BSA/AML Officer and reports directly to the Chief Risk Officer. The CCO will be responsible for periodic reporting to the Management Risk and Compliance Committee and the Board. All Bank employees are responsible for executing their responsibilities under the BSA/AML/OFAC program. The BSA/AML Officer may rely on Critical Third Parties, including Fintech Partners, to manage key processes and operations necessary to implement this BSA/AML/OFAC program. In all such cases, the BSA/AML Officer will retain responsibility for the implementation of the Policy/Program, ensure that all Bank employees and relevant Critical Third Party employees receive appropriate training, and closely monitor the effectiveness of the processes and operations. Similarly, the Bank may require each Fintech Partner to designate a dedicated AML Officer who will also serve as its primary liaison with TS&J’s BSA/AML Officer. B. INTERNAL CONTROLS The BSA/AML Officer will maintain and oversee a system of risk-based internal controls designed to limit and control financial crime risks and maintain compliance with applicable BSA/AML/OFAC laws and regulations. This section provides more details on TS&J’s internal control standards and oversight of Critical Third Parties, including Fintech Partners. Unless otherwise specified, the Bank will expect Fintech Partners to adopt similar internal controls for their AML programs and be subject to oversight by TS&J’s BSA/AML Officer and Compliance function. 1. BSA/AML/OFAC RISK ASSESSMENT The BSA/AML Officer will assess the Bank’s BSA/AML/OFAC compliance risk no less than annually through a formal risk assessment process. The BSA/AML

11

Confidential