Fall Regulatory Summit

Internal Use Only

Sample -BSA/AML Policy Certification

4. The BSA/AML Program meets the requirements of Pillar Two: Designation of a BSA Compliance Officer (CO), namely: a. The Board or equivalent governing body has designated a BSA CO and the CO must give regular updates to said Board/equivalent governing body. € Yes € No b. The CO has appropriate independence and a clear line of communication to the Board/equivalent governing body. € Yes € No 5. The BSA/AML Program meets the requirements of Pillar Three: Training of Appropriate Personnel, namely: a. The company has policies and procedures relating to training of appropriate personnel, including, but not limited to, tracking and updating of training materials. € Yes € No 6. The BSA/AML Program meets the requirements of Pillar Four: Independent Testing Program for Compliance, namely: a. The company policy contains an independent testing program for compliance. € Yes € No The Company understands that approval or granting of a license by an agency does not mean the policy has been approved by the agency or that the policy submitted meets all necessary requirements of a BSA/AML Policy. They company further understands that the Policy in its entirety, may not be fully reviewed by the agency until the company’s first examination. I hereby certify that the facts and answers herein are accurate, complete, and not misleading. _____________________ (Signature) _____________________ (Full Name) _____________________ (Title)

In connection with the BSA/AML Policy attached, _____ (Insert Applicant Name)_________ hereby states as indicated below with a Yes or No answer those items which are covered in the attached Policy. 1. The Board or equivalent governing body has adopted a written BSA/AML Compliance Program. € Yes € No 2. The information in the BSA/AML Program agrees with the business activity information provided in the Business Plan. € Yes € No 3. The BSA/AML Program meets the requirements of Pillar One: Policies and Procedures and Internal Controls, namely: a. The company has policies and procedures relevant for Suspicious Activity Reports, Currency Transaction Reports, Currency and Money Instrument Reports, Foreign Bank Account Reports. € Yes € No b. The company has policies and procedures to comply with Office of Foreign Asset Control requirements. € Yes € No c. The company has accurate record retention policies for all related document categories. € Yes € No d. The company has a policy directing how to appropriately handle law enforcement requests. € Yes € No e. The company has policies and procedures relating to agency due diligence. € Yes € No f. The company has policies and procedures relating to agent training. € Yes € No g. The company has done a risk assessment. € Yes € No h. The company has policies and procedures relating to “know your customer/customer due diligence.” € Yes € No

“Equivalent governing body” refers to those entities that do not have a Board.

_____________________ (MM/DD/YY) _____________________ (Company NMLS #) 17

Internal Use Only

Agenda

Disclosure Questions Update

Mortgage Business-Specific Requirements

Record Retention

Remote Work

18