BSA/AML Examiner School - Case Study Oct 2023

AJ&R BANK & TRUST Bank Secrecy Act, Anti-Money Laundering and OFAC Compliance Program May 20, 2015

I. BSA/AML/OFAC COMPLIANCE PROGRAM General goals of the Bank's BSA Program consist of: 1. Developing a BSA/AML/OFAC risk profile of the Bank to design effective risk-based internal controls. 2. A system of internal controls to ensure ongoing compliance based on the BSA Risk Assessment. 3. Independent audits to ensure ongoing compliance conducted by either Bank personnel or a third party entity consultant. 4. Designation of a Bank Secrecy Act Officer responsible for coordinating and monitoring day to day compliance. 5. Training of all Bank personnel on an annual basis. II. BSA Risk Assessment The Bank has developed a risk assessment that identifies the Bank's BSA/AML and OFAC risk profile. Our risk assessment consists of the following: • Assessment of new products, services, assessment of targeted customers, entities and geographic locations. • The risk assessment program is an ongoing process. It is the responsibility of the Board of Directors and Senior Management to ensure the Bank's risk assessment is updated annually to identify changes in the Bank's risk profile (i.e., when new products and services are introduced, existing products and services change, high risk customer's open and close accounts, or the Bank expands through mergers and acquisitions). • The BSA/AML Compliance Program was developed based on our risk assessment. III. System of Internal Controls The Bank will maintain an effective BSA, AML and OFAC internal control structure, including suspicious activity monitoring and reporting. IV. Independent Audits It is the policy of the Bank to conduct an independent annual audit by internal and/or external auditors to ensure complete adherence of the Bank Secrecy Act. Results of this audit will be reported to the Board of Directors Audit/Compliance Committee and the BSA Compliance Officer. Senior Management and the BSA Compliance Officer will take appropriate action to correct any exceptions found as a result of the audit. The Bank's external auditors will conduct an objective independent evaluation of the Bank's written BSA/AML and OFAC Compliance Program, perform testing for specific compliance with the BSA, and evaluate pertinent management information systems (MIS) and the quality of risk management for all banking operations, departments and subsidiaries.

For Training Purposes Only

Page 1