BSA-AML Examiner School Case Study eBook

Internal Use Only

BSA/AML Policy and Program

any customer on either of these two lists and will promptly offboard any customer it discovers that falls within these categories. TS&J will also promptly offboard any customer that does not meet its KYC standards or is discovered as a result of KYC or other BSA/AML/OFAC controls to be outside of its risk tolerance. Know Your Employee and Know Your Vendor TS&J will conduct ‘know your employee’ and ‘know your vendor’ activities in order to mitigate the risk of Bank employees, Critical Third Parties, including Fintech Partners, conducting, abetting, or exhibiting willful blindness to financial crimes. In relation to all Bank employees, TS&J will: ● Collect and verify identification information; ● Conduct background verifications, subject to applicable law and regulation; ● Screen against sanctions lists; ● Maintain IT security access controls designed, among other purposes, to restrict physical and electronic access to sensitive information and systems; ● Require all Bank employees, as well as contractors with duties relevant to the BSA/AML/OFAC program, to undertake BSA/AML/OFAC training (see below); and ● Ensure Bank employees’ personal use of TS&J BaaS Solutions platform, as well as products and services, is subject to the same CIP, monitoring, and other BSA/AML/OFAC related processes as all other TS&J customers. TS&J will screen all vendors and Fintech Partners against sanctions lists. In addition, vendors and Fintech Partners will be subject to risk-based ongoing review as part of its third party risk management program, which (when relevant) will assess the BSA/AML/OFAC risks in the relationship and ensure appropriate controls are in place where necessary. This may include some or all of the actions identified above in relation to Bank employees, along with BSA/AML/OFAC contractual obligations and SLAs, ongoing monitoring of vendor compliance with BSA/AML/OFAC requirements, and any other controls needed to ensure vendors support TS&J’s BSA/AML/OFAC program. Operationalizing the KYC Program The manner in which the Bank’s KYC program is implemented will depend on the type of customer relationship. TS&J will have two main types of customer relationships, TS&J Sourced Customers and Fintech Partner-Sourced Customers, which are defined in Section 4 of this Policy/Program.

16

Confidential