Anti-Money Laundering Compliance Training October 2014

Overview of Material Overview and Purpose Regulatory Framework Recent Developments Compliance Program Compliance Officer Internal Controls Risk Assessment Client Identification Program Monitoring OFAC Reporting & Recordkeeping Suspicious Activity Reports (SARs) Independent Testing Training Penalties for Non-Compliance DRAFT

Overview and Purpose DRAFT

Money Laundering Overview What is Money Laundering? Essentially, money laundering is any legitimate financial transaction involving the proceeds of an unlawful activity that is made with the intention of erasing or disguising their unlawful origins For example:  Wire transfers of funds to pay for an unlawful activity Deposits and transfers of stolen funds Transmission of illicit funds through legitimate enterprises to disguise or “wash” them Charge of excessive fees by lawyers, which in turn are used for illegal purposes Anti-money laundering guidelines came into prominence globally after the 9/11 attacks and the subsequent enactment of the USA Patriot Act. DRAFT

Why BSA/AML Compliance? Purpose: To prevent the Trust Company from being used as a conduit for money laundering or to finance terrorism To help identify the source, volume, and movement of currency and other monetary instruments transported or transmitted into or out of the U.S. or deposited into financial institutions To aid in the investigation of money laundering, tax evasion, international terrorism, and other criminal activity into or out of the U.S. DRAFT

Regulatory Framework DRAFT

Regulatory Framework Bank Secrecy Act To combat money laundering and international terrorism, the BSA requires the board of directors of the Trust Company to: Provide for a system of internal controls reasonably designed to detect and report evidence of money laundering or other suspicious activity Train all relevant employees Appoint a BSA Officer, who will oversee these efforts Provide for independent testing of the internal controls to ensure they are effective and, if not, to make improvements DRAFT

Regulatory Framework Bank Secrecy Act (continued) Suspicious Activity Report (SAR) A SAR filing is required for any suspicious transactions: Involving insider abuse regardless of the dollar amount; Where there is an identifiable suspect and the transaction involves $5,000 or more; and Where there is no identifiable suspect and the transaction involves $25,000 or more. A SAR filing is also required when there is a known violation of the BSA involving $5,000 or more. A SAR should also be filed if there is reason to believe a transaction is tied to illegal activity, regardless of the dollar amount. DRAFT

Regulatory Framework USA PATRIOT Act of 2001 The PATRIOT Act requires trust companies to adopt a Client Identification Program (“CIP”) as part of its BSA compliance program. All trust companies must meet certain minimum CIP requirements under Section 326 of the PATRIOT ACT, which include: Client information; Client verification; Comparison with government lists; Notice to clients; and Record retention DRAFT

Recent Developments DRAFT

Key 2012-2013 Developments ING Bank Settlement Dutch bank agreed to pay a $619 million penalty for moving billions of dollars through the U.S. financial system at the behest of clients, acts that violated economic sanctions. Authorities say ING moved money from Cuban and Iranian clients through New York banks, while deliberately shielding the transactions through the use of opaque payment methods and shell companies. ING also admitted to falsifying the records of New York financial institutions. The countries involved were Iran and Cuba. Takeaway: Firms must manage the potential risks associated with providing financial services to shell companies, and they must be knowledgeable about sanctions imposed on other countries. DRAFT

Key 2012-2013 Developments First Bank of Delaware Settlement The bank received concurrent civil money penalties of $15 million, for violations of the BSA and AML laws and regulations. The bank also settled civil charges on related activities brought by the Justice Department. The FDIC and FinCEN determined that the bank failed to implement an effective BSA/AML Compliance Program with internal controls reasonably designed to detect and report evidence of money laundering and other suspicious activity. Specifically, the bank failed to adequately oversee third-party payment processor relationships and related products and services in a manner commensurate with associated risks. Takeaway: Firms must assess their risk and then align and implement an effective BSA compliance program that addresses that risk. DRAFT

Compliance Program DRAFT

BSA Compliance Officer Compliance Program Every BSA/AML Compliance Program must have four pillars: BSA/AML Program BSA Compliance Officer Internal Controls Training Independent Testing DRAFT

Compliance Program BSA Compliance Officer Must be appointed by the Board Must be responsible for management of the Trust Company’s BSA compliance program Must have the sufficient authority and resources to administer the compliance program Must regularly apprise the board and senior management of ongoing BSA compliance DRAFT

Compliance Program Internal Controls Consist of the Trust Company’s Risk Assessment Policies, Procedures, and Processes Client Identification Program (CIP) OFAC Compliance Program Transaction Monitoring and other Means of Detecting Suspicious Activity Filing Necessary Suspicious Activity Reports (SARs) Recordkeeping and Record Retention These internal controls must be designed to limit and control risks, and to achieve compliance with the BSA. DRAFT

Identification and Reporting of Suspicious Activity Compliance Program Risk Assessment and Compliance Program Establish: BSA Officer Policies and Procedures Information Systems Training Independent Testing Identification and Reporting of Suspicious Activity Risk Assessment Compliance Program Identify & Measure Risk: Products Services Clients Geographies Results: Regular process of identifying and reporting suspicious activity DRAFT

Compliance Program BSA/AML Risk Assessment To assess risk, the BSA requires analysis of the following areas: Products and Services Trusts increase risks in the absence of transparency and knowing the true owner and source of funds Clients Screening of new accounts’ principal signatories is a key to compliance program integrity Politically exposed persons increase risk Client due diligence reduces risk Monitoring accounts helps identify potentially suspicious activity Appropriate staff training empowers employees Geographic locations Location or citizenship of the trustee/beneficiary may subject the account to greater scrutiny Foreign Trusts Foreign Signatories and Beneficiaries DRAFT

Compliance Program Internal Controls Client Identification Program (CIP) Must be written, approved by the board and incorporated in the compliance program Must include: Account opening procedures that specify the identifying information obtained from each client; and Reasonable and practical risk-based procedures for verifying the identity of each member Comparison of identity with government lists (OFAC) Must retain the identifying information for 5 years after the year in which account is closed Not required to make and retain copies of photocopies, but if this is done, security must be ensured DRAFT

Compliance Program Internal Controls - OFAC Screening OFAC operates in various countries throughout the world with the goal of protecting the U.S. monetary system from bad actors. It also acts as a liaison with foreign governments on financial intelligence information sharing on counter- terrorist financing and counter-narcotics trafficking matters. In particular, OFAC Maintains a watch list of over 5,000 individuals and entities with which no U.S. persons or entities can do business Administers and enforces targeted country- and regime-based sanctions programs against hostile countries Compliance with OFAC is not mandatory within OFAC regulations; however, both federal and state banking examiners will mandate compliance. OFAC is not a regulator, rather an enforcement agency. DRAFT

Compliance Program Internal Controls - OFAC Requirements are separate and distinct from the BSA, but they share a common national security goal OFAC regulations require the following: Block accounts and other property of specified countries, entities, and individuals Prohibit or reject unlicensed trade and financial transactions with specified countries, entities, and individuals Reporting blocked and prohibited transactions to OFAC DRAFT

Compliance Program Internal Controls - OFAC The following program components are recommended: Risk assessment Internal controls Flagging files for review if appear suspicious in any way Defining criteria for comparing names to OFAC list Determining which hits are valid or false (investigation) Reassessment of OFAC filtering system Prevention of transactions until comparisons are made Maintaining the OFAC list of Sanctioned Countries and Jurisdictions of Concern Managing blocked accounts Reporting transactions, blocked accounts and prohibited transactions Maintaining clients’ OFAC licensing information, if applicable Independent testing (at least annually) Responsible individual Training DRAFT

Compliance Program Internal Controls - Monitoring Ongoing Know Your Client (“KYC”) Procedures Begins with CIP and assessing the risks associated with each client Provides knowledge of usual and customary transactions in which a client is likely to engage Assists in determining when transactions are not usual and customary, and therefore, potentially suspicious Should include an enhanced client due diligence (CDD) for high-risk clients Keep current client information DRAFT

Compliance Program Internal Controls - Transaction Monitoring The Trust Company must monitor transactions to identify any that are suspicious because they are: Outside of what is usual and customary for the client Reveal a pattern that is unusual or suspicious To or from high risk individuals, entities, or countries DRAFT

Compliance Program Internal Controls – Reporting - SARs The Trust Company is required to file a SAR with respect to: Criminal violations involving insider abuse in any amount Criminal violations aggregating $5,000 or more when a suspect can be identified Criminal violations aggregating $25,000 or more regardless of a potential suspect DRAFT

Compliance Program Internal Controls – Reporting - SARs Identification of Unusual Activity Employee Identification Transaction Monitoring Reports Law Enforcement Inquiries Other Referrals Alert BSA Officer SAR Decision Making SAR Completion & Filing DRAFT

Compliance Program Internal Controls – Reporting - SARs – Red Flags The Trust Company should consider the following to identify and research suspicious activity: Client engages in transactions having no apparent business purpose Information provided by the client is false, inconsistent, or misleading Client engages in wire transfers with high risk jurisdictions having no apparent business purpose Investor difficulty in describing the reasons for frequent wire transfers to unfamiliar bank accounts or jurisdictions other than the investor’s home country Transfers into accounts in jurisdictions where drug trafficking and/or terrorist financing is known to occur, or to other high risk countries Client identification appears suspect DRAFT

Compliance Program Internal Controls – Reporting - SARs SARS must be filed no later than 30 calendar days from the date of the initial detection of the suspicious activity 60 calendar days if no suspect can be identified Board must be notified that a SAR has been filed Must begin filing electronically on November 28, 2014 DRAFT

Compliance Program Internal Controls – Reporting - SARs Must retain copies of SARs and supporting documentation for 5 years from the date of the report NO disclosure to anyone involved in the transaction that a SAR has been filed May inform FinCEN, law enforcement or federal banking agencies May share the SAR, or any information that would reveal the existence of the SAR, with an affiliate, provided the affiliate is subject to a SAR regulation DRAFT

Compliance Program Training All staff whose duties require knowledge of the BSA, tailored to their specific responsibilities Should be ongoing, as regulations and staff change Should include regulatory requirements and the trust company’s internal policies, procedures, processes, and penalties for non-compliance Inform board and senior management of changes to the BSA and the implementing regulations Document training program Materials, dates and attendance/completion records DRAFT

Compliance Program Independent Testing Should be conducted by the internal audit department, outside auditors, or other qualified independent parties Conducted every 12 – 18 months Results reported to the Board Risk-based, covering all of the Trust Company’s activities DRAFT

Penalties for BSA Violations DRAFT

Penalties for BSA Violations Trust Company(ies) Cease and Desist Order Order of Supervision, Removal, or Prohibition Criminal money penalties Civil money penalties Individuals Removal from the Trust Company DRAFT

Takeaway Points DRAFT

Takeaway Points Strong internal controls The Board of Directors of Eleutherian Trust Company plays a pivotal role in ensuring the Trust Company’s BSA/AML Compliance Program not only meets established regulatory requirements, but also protects the integrity of the firm and its clients. Strong internal controls Extensive due diligence procedures Know Your Client Monitoring and review of client relationships Accurate recordkeeping and reporting Ongoing training Notifying the AML officer of any concerns. The elements above all contribute to the Trust Company’s ability to effectively detect and report suspicious activity, and provide helpful information on such activity. DRAFT

Questions? If you have questions or comments about the training presentation, please contact Matthew Maurer at mmaurer@eleutheriantrust.com DRAFT