BSA/AML Examiner School - Case Study Oct 2023

AJ & R BANK & TRUST BANK SECRECY ACT/ANTI-MONEY LAUNDERING INDEPENDENT TEST REPORT DECEMBER 2015

I will work with BSA Officer to ensure that everyone has received training. As noted in the exit interview, l received my annual training in June from my prior employer. However, I know this may not be acknowledged during a regulatory examination. Risk Rating The Bank currently risk rates accounts during the account opening process. Review of the current risk rating forms indicates that the samples provided by BSC in 2014 have not been updated to reflect AJ & R Bank's specific risks. Recommendation It is recommended that the BSA Officer update the current forms or create new forms that reflect the Bank's specific risk. Management Response BSA Officer will update the current forms to reflect the Bank's specific risk. I will work with BSA Officer to ensure that the forms contain our specific information. I reviewed this form over the weekend and noted it contains the counties in central Kentucky. We will ensure that this form is bank specific. OFAC Validation Testing Request list responses indicate that the Bank does not complete testing '.o validate the OFAC search application for accuracy or updates to the system. Recommendation As a best practice, periodic testing for accuracy and updates is recommended. Management Response BSA Officer or designee will conduct periodic testing to validate the OFAC searches for Customer's debit/credit card numbers were not truncated when the cards were used as a source of secondary identification. It is considered an industry best practice to truncate customers' debit/credit card numbers to mitigate the risk of identity theft. Recommendation It is recommended that customer's debit/credit card numbers be truncated on CIP forms and on any copies made when a debit/credit card is used as form of identification. Management Response The Bank will only include the last four digits of a customer's debit card when used as a secondary source of identification for CIP forms. For copies, the Bank will "black out" all but the last four digits of a customer's debit card. accuracy or updates to the system. Debit/Credit Card Documentation

7