Anti-Money Laundering Compliance

Document Sample
Anti-Money Laundering Compliance Powered By Docstoc

       Audit Procedure                                           Control Objective

       The purpose of the Act is to deter drug related and
       white collar crimes. It requires financial institutions
       to maintain appropriate records and file certain
       reports that have a high degree of usefulness in
       criminal, tax, or regulatory investigations or


       To determine that the company has adopted
       policies and procedures to ensure compliance with
     1 Anti-Money Laundering laws and regulations.

       To determine whether the institution obtains
       taxpayer identification numbers from its customers
       and maintains certain records that might aid the
       Office of Thrift Supervision (OTS) investigators in
     2 tracing and reconstructing transactions.

       To determine whether the institution has installed
       adequate policies and procedures, audit coverage
       and employee training programs to ensure that the
       requirements of 31 C.F.R. Part 103 are well known
       to affected employees and that compliance is
       adequately monitored from within the organization
       in compliance with section 326.8 of FDIC rules and
     3 regulations.

A.     Prior Reports
       Review the most recently completed regulatory
       examinations and audit reports noting any
     1 exceptions.

       Outline in the workpapers the content of the
       recommendations and determine if corrective action
a.     has been taken.
       If not, determine why. (Have they simply not
       responded to or are there not\w mitigating
       circumstances and/or controls so that the
       exceptions or recommendation is no longer
b.     applicable.
B.     Policies and Procedures
       Obtain and review the Bank Secrecy Policy.
       Determine whether policies and procedures are
       adequate to ensure compliance with the Bank
       Secrecy Act (BSA), Anti-Money Laundering (AML),
       and OFAC laws and regulations. They should
     1 address:

      The steps in place to ensure that the following five
      reports are submitted to the government as
a.    required:
      Potential high risk activities, businesses, and
b.    countries.
      Requirements of applicable laws and regulations,
c.    including:

      31 CFR 103 (Financial Record Keeping and
1)    Reporting of Currency and Foreign Transactions).
      The steps in place to ensure that the following five
      reports are submitted to the government as
a)    required:

      i) IRS Form 4789 Currency Transaction Report. A
      CTR must be filed for each deposit, withdrawal,
      exchange of currency, or other payment or transfer,
      by, through or to a financial institution, which
      involves a transaction of currency of more than
      $10,000. Multiple transactions must be treated as a
      single transaction if the bank has knowledge that (a)
      they are conducted by or on behalf of the same
      person and (b) they result in cash received or
      disbursed by the financial institution of more than

      ii) U.S. Customs Form 4790 Report of International
      Transportation of Currency or Monetary Instruments
      (CMIR). Each person (including a bank) who
      physically transports, mails, or ships, or causes to
      be physically transported, mailed, or shipped or
      received, currency, traveler's checks, and certain
      other monetary instruments in an aggregate amount
      exceeding $10,000 into or out of the U.S. must file a
     iii) Department of the Treasury Form 90-22.1
     Report of Foreign Bank and Financial Accounts
     (FBAR). Each person (including a bank) subject to
     the jurisdiction of the united States having an
     interest in, signature or other authority over, one or
     more bank, securities, or other financial accounts in
     a foreign country must file FBAR if the aggregate
     value of such accounts at any point in a calendar
     year exceeds $10,000.

     iv) Treasury Department Form 90-22.47 and OCC
     Form 8010-9, 8010-1 Suspicious Activity Report
     (SAR). Banks must file a SAR for any suspicious
     transaction relevant to a possible violation of law or

b)   Additional records that are required to be kept are:

     i). Monetary Instrument Sales Records. A bank
     must retain record of each cash sale of bank
     checks, drafts, cashier's checks, money orders, and
     travelers' checks between $3,000 and $10,000
     inclusive. These records must include evidence of
     verification of the identity of the purchaser and other

     ii). Funds Transfer Record Keeping and Travel Rule
     Requirements. A bank must maintain a record of
     each funds transfer of $3,000 or more which it
     originates, acts as an intermediary for, or receives.
     The amount and type of information a bank must
     record and keep depends upon its role in the funds
     transfer process. Also, a bank that acts as an
     originator or intermediary for a funds transfer must
     pass certain information along to the next bank in
     the funds transfer chain.

2)   12 CFR 21.21 BSA Compliance

     Establishing a comprehensive program and set of
     controls, including account opening, monitoring, and
     currency reporting procedures that are approved by
a)   the board of directors and fully implemented.
     Institutes a requirement that senior management be
     kept informed of compliance efforts, audit reports,
     identified compliance deficiencies, and the
b)   corrective actions taken.

c)   Makes BSA compliance a condition of employment.
     Incorporates BSA compliance into job descriptions
d)   and performance evaluations of bank personnel.
     Establishes a system of independent testing of
e)   compliance.
     Designates a compliance officer with the day to day
     responsibilities for managing all aspects of the BSA
     program and compliance with applicable
f)   regulations.
     Establishes a training program to ensure that
     appropriate bank personnel are trained in all
     aspects of the regulatory requirements of the BSA
     and the bank's internal compliance with BSA and
g)   the anti-money laundering regulations.

3)   12 CFR 21.11 Reports of Suspicious Activities

     Processes and responsibilities for filing Suspicious
     Activity Reports (SAR). Banks must be able to
     make informed decisions about the suspicious
     nature of a particular transaction and whether to file
     a SAR. Reports must be filed for the following
a)   reasons:

     i). Insider abuse involving any amount.
     ii). Violations of federal law aggregating $5,000 or
     more when a suspect can be identified.
     iii). Violations of federal law aggregating $25,000 or
     more regardless of a potential suspect.

     iv). Transactions aggregating $5,000 or more that
     involve potential money laundering or violations of
     the BSA if the bank knows, suspects, or has
     reasons to suspect the transaction:

     1. Involves funds from illegal activities or is
     intended or conducted to hide or disguise illicit
     funds or assets as part of a plan to violate or evade
     any law or regulation or to avoid any transaction
     reporting requirement under federal law;
     2. Is designed to evade any of the BSA regulations;
     3. Has no business or apparent lawful purpose or is
     not the sort in which the particular customer would
     be normally expected to engage, and the bank
     knows of no reasonable explanation for the
     transaction after examining the available facts,
     including the background and possible purpose of
     the transaction.
4)   18 USC 1956 and 1957 Money Laundering Statutes

a)   The policy should address:;

     i). Money Laundering in its different forms (e.g.
     placement, layering, integration, structuring).
     ii). Compliance with BSA and related anti-money
     laundering laws and regulations.
     iii). Establish a Customer Identification Program.
     iv). Identify high risk activities, businesses, and
     foreign countries (those commonly associated with
     money laundering).

     18 USC 981 and 982 Civil and Criminal Forfeiture
5)   Statues

     Civil and criminal penalties can be imposed for
     violations of anti-money laundering laws and
     regulations. Penalties can result in substantial fines
     and in prison terms. Banks that fail to comply with
     reporting and recordkeeping requirements face
     possible civil penalties of up to $500 for negligent
     violations and the greater of the amount involved in
a)   the transaction (up to $100,000) or $25,000.

     Under certain circumstances, businesses can also
     be held liable for the acts of their employees. The
     maximum criminal penalty for violating a BSA
     requirement is a fine of up to $500,000 or a term of
     imprisonment up to 10 years, or both.

6)   31 CFR 500 et seq. Office of Foreign Asset Control

     The program should include written polices and
     procedures for filtering transactions for possible
     OFAC violations, designating an individual
     responsible for day to day compliance, establishing
     and maintaining strong lines of communication
     between departments of the bank, and an annual in-
a)   depth audit of OFAC compliance.
     It should include procedures for maintaining current
     lists of blocked couriers, entities, and individuals
     and disseminating such information throughout the
     bank's domestic operations and its offshore
b)   branches and offices.
       Process and responsibilities for responding to
7)     changes in laws and regulations.

d.     Employee consequences for non-compliance.

       A comprehensive program for opening and
       maintaining accounts and establishing other
       customer relationships, including the following
e.     procedures:

       Identification, documentation, and verification of
1)     customer information.
2)     Monitoring of suspicious activity.
3)     Reporting suspicious activity.

f.     Coverage of all products and units of the company.

       Review the compliance program to ensure
       compliance with all reporting and recordkeeping
       requirements of the BSA (including Suspicious
       Activity Reports requirements). Determine that the
     2 program provides for the following:

       A system of internal controls to ensure ongoing
a.     compliance [12 CFR 21.21 (c) (1)].
       Independent testing for compliance to be conducted
       by either bank personnel or an outside party. List
       person(s) designated to conduct independent
b.     testing [12 (c) (2)].

       Program should include transitional testing of high-
       risk accounts, high risk services, and CTR filing
       patterns. Wire transfer accounts with high volumes
       cash activity, cashier checks, and loans should be
1)     tested periodically for potential money laundering.
       Designation of a qualified individual(s) responsible
       for coordinating and monitoring day to day
c.     compliance [12 CFR 21.21 (c) (3)].
       List of individual(s) responsible for compliance and
       the appropriateness of qualifications (i.e., training,
1)     experience, etc.)
       Training for appropriate personnel [12 CFR 21.21
d.     (c) (4)].
       Reporting to board and management efforts to
       ensure ongoing compliance, including a listing of
       SARs filed with the appropriate federal law
       enforcement agencies and the Department of
e.     Treasury [12 CFR 21.11 (h)].
       It should also include guidelines\ for meeting the
       reporting and recordkeeping requirements as

       The filing of a report of each deposit, withdrawal,
       exchange of currency or other payment or transfer,
       by, through or to the financial institution, which
       involves a transaction in currency of more than
f.     $10,000 (CTR, IRS Form 4789).

       The filing of a report (U.S. Customs Form 4790) of
       each shipment of currency or other monetary
       instrument(s) in excess of $10,000 out of the United
       States or into the United States, except via common
       carrier, by, or to the institution. In most cases, this
g.     refers to the institution's cash shipments.
       The maintenance of required records for each
       monetary instrument sale for currency in amounts
       between $3,000 and $10,000 inclusive, with the
       supporting information prescribed in 31 CFR
h.     103.29.

     3 Who is responsible for the program?

       NOTE: A senior official should be designated; this
       does not have to be an "executive officer', but one
       who is in a position and has the authority to make
       and enforce BSA policies.

       Through discussions with the person, determine
       that they are aware of their responsibilities.
a.     Document how they perform their duties.
       Is the person designated in the policy as the Bank
b.     Secrecy/AML officer?
1)     Is this documented in the minutes?
       Document how high risk areas and high volume
c.     accounts are monitored and tested.

     4 When was the program last approved by the board?
C.     Customer Identification Program
       Has the company developed clear customer
       acceptance policies and procedures, including a
       description of customers that should not be
     1 permitted to open accounts?

       What customer identification procedures have been
       established for non face to face customers (this
       would include customers brought to the company by
a.     a third party investment advisor)?
       Obtain a copy of the Customer Identification
       Program. Review policy for adequacy. At a
     2 minimum the policy should include:

       Personal Accounts

       Social security number or alien identification
a.     number (from U.S. residents).

       Verification of acceptable identification (e.g., driver's
       license, state issued photo identification, passport,
b.     national identity card for no-resident aliens, etc).
c.     Verification of address of residence.
       Estimation of anticipated account activity and
d.     customer's income source and/or profession.
       Consideration of the source of funds used to open
e.     the account.
       Information obtained from a service bureau to
       determine whether the customer has been reported
       for overdrawing accounts, potentially conducting
f.     check kiting schemes, etc.
       Third party references, verification services,
g.     telephone, website, and reverse directories.
h.     Other account relationships.

       Business Accounts
       Taxpayer identification number and legal name of
a.     business entity.
       Verification of legal status of business (i.e., sole
b.     proprietorship, partnership, etc.).
       Identification (another information previously listed
       for personal accounts) for principals of the business
c.     and authorized signers.
d.     Verification of the location of the business.
       A description of the principal line of business and all
       types of business operations in which the customer
e.     engages.
f.     An estimation of anticipated account activity.
       Consideration of the source of funds used to open
g.     the account.
       For large commercial customers, copies of financial
h.     statements.

       Information obtained from a service bureau to
       determine whether a customer has been reported
       for overdrawing accounts, potentially conducting
i.     check kiting schemes, etc., if applicable.
       Ensure that the written program addresses the risk
       based procedures for verifying the identity of each
       customer to the extent reasonable and practicable.
       Determine that the program evidences the fact that
       Customer Identification procedures are based on
       the company's assessment of the relevant risks,
       including those presented by the various types of
       accounts maintained by the firm, the various
       methods of opening accounts provided, the various
       types of identifying information available and the
     3 company's size, location, and customer base.

       Ensure that the CIP contains procedures for
       verifying the identity of each customer, using
       information obtained in accordance with 3 above,
       within a reasonable time before or after the
       customer's account is opened. The procedures
       must describe when the officer will use documents,
       non-documentary methods, or a combination of
     4 both methods.

       Determine that, when the officer relies on
       documents to verify customer identity, that the
     5 documents include one or more of the following:

       For an individual, an unexpired government-issued
       identification evidencing nationality or residence and
       bearing a photograph or similar safeguard, such as
a.     a driver's license or passport; and
       For a person other than an individual (such as a
       corporation, partnership or trust), documents
       showing the existence of the entity, such as certified
       articles of incorporation, a government issued
       business license, a partnership agreement, or a
b.     trust instrument.

       Determine that, when the officer allows customer
       identification through non-documentary methods,
       the CIP contains procedures that set forth the non-
     6 documentary methods that will be used.
       Determine that the methods permitted by the CIP
       are limited to contacting the customer;
       independently verifying the customer's identity
       through the comparison of information provided by
       the customer with information obtained from a
       consumer reporting agency, public database, or
       other source; checking references with other
       financial institutions; or obtaining a financial
a.     statement.
       Ensure that the non-documentary procedures
       address the following situations; where an individual
       is unable to present an unexpired government
       issued identification document that bears a
       photograph or similar safeguard; the officer is not
       familiar with the documents presented; the account
       is opened without obtaining documents; the
       customer opens the account without obtaining
       documents; the customer opens the account
       without appearing in person; and where the officer
       is otherwise presented with circumstances that
       increase the risk that the officer will be unable to
       verify the true identity of the customer through
b.     documents.

       Ensure that the CIP address situations where,
       based on the risk assessment of a new account
       opened by a customer that is not an individual, the
       office will obtain information about individuals with
     7 authority or control over such account.

       Determine that the CIP includes procedures for
       responding to circumstances in which the officer
       cannot form a reasonable belief that it knows the
       true identity of a customer. The procedures should
     8 describe:

a.     When the account should not be opened;
       The terms under which a customer may conduct
       transactions while the officer attempts to verify the
b.     customer's identity;
       When the account should be closed after attempts
c.     to verify a customer's identity fails;

       When a Suspicious Activity Report should be filed in
d.     accordance with applicable law and regulations.

       Determine that the CIP includes procedures for
       making and maintaining a record of all information
       obtained in the verification of a customer's identity.
     9 The records must include, at a minimum:
        All identifying information about a customer
a.      obtained;

        A description of any document that was relied on
        when following the documentary method of verifying
        the customer's identity, noting the type of document,
        any identification number contained on the
        document, the place of issuance, and if any, the
b.      date of issuance and expiration date;
        A description of the methods and the results of any
        measures undertaken to verify the identity of a
        customer following non-documentary methods as
c.      followed by the CIP; and
        A description of the resolution of each substantive
        discrepancy discovered when verifying the
d.      identifying information obtained.

        Determine that the CIP includes procedures for
        determining whether a customer appears on any list
        of known or suspected terrorists or terrorist
        organizations issued by any Federal Government
        agency and designated as such by Treasury in
        consultation with the Federal functional regulators.
        The procedures must require the officer to make
        such a determination within a reasonable period of
        time after the account is opened, or earlier if
        required by another federal law or regulation or
        federal directive issues in connection with the
        applicable list. The procedures also must require
        the officer to follow all federal directives issued in
     10 connection with such lists.

        Ensure that the CIP includes procedures for
        providing customers with adequate notice that the
        company is requesting information to verify their
        identities. Notice is adequate if the officer generally
        describes the identification requirements of 31 CFR
        Part 103, Section 122 and provides such notice in a
        manner reasonably designed to ensure that a
        customer is able to view the notice, or is otherwise
        given notice, before opening an account. For
        example, depending upon the manner in which the
        account is opened, a notice is posted in the lobby or
        on its website, includes the notice on account
        applications, or used any other form of oral or
     11 written notice.
        If the CIP includes procedures specifying when the
        officer will rely on the performance by another
        financial institution (including an affiliate) of any
        procedures of the CIP, with respect to any customer
        of the company that is opening an account or has
        established an account or similar business
        relationship with the other financial institution to
        provide or engage in services, dealings, or other
        financial institution enters into a contract requiring it
        to certify annually that it has implemented its anti-
        money laundering program, and that it will perform
        (or its agent will perform) specified requirements of
     12 the CIP.

a.      Verify that annual certifications are on file.
D.      New Accounts
        Obtain copies of new account applications and
        other forms used to ensure that information
        required by the AML and Customer Identification
        policies and regulations are obtained, and that
        customer identification methods required by the
      1 policy are followed.
        Review the forms to ensure that they facilitate the
        gathering of all information required by regulation
      2 and policy.

      3 Select 25 accounts opened in the past ninety days.

        Test documentation in each selected account to
        ensure that account documents include all elements
        required by the policy; including information
        required by the Customer Identification Program.
        Documents should provide evidence that the
        customer's identity was verified in a manner
        consistent with policy, and should document the
        source of funds deposited to an account, business
        purpose of the account, and expected trade and
a.      account volume.
      4 Describe any systems in place to stratify existing and new customers by risk.

        What characteristics, criteria, or activities are used
        to assign risk factors to customers, and which
        criteria, characteristics or activities would result in a
        "high-risk" assessment (high net worth, highly
        concentrated accounts, high wire activity, foreign
a.      accounts, etc.)
        Obtain a list of accounts considered to be of higher
b.      than average risk.
         Describe and evaluate the
         monitoring/review/surveillance systems in place for
         these accounts and explain how they differ from
         accounts without a "high" risk grade (all accounts
c.       should be subject to surveillance).

         Describe on-going procedures in place to monitor
         the continuing accuracy of customer information
         and to ensure that changes are reflected in account
         records. Review documents to ensure that they
         facilitate collection of information required by the
     5   Customer Identification Program.
E.       OFAC List Verification
         Describe the firm's procedures for screening new
         and existing customers against the OFAC list.
         Address the frequency with which screenings are
         performed; whether or not existing accounts are
         routinely and periodically screened; whether the
         screen is made in house or by a third party or
         processor; what reports are generated as a result of
         the procedure, and how and by whom are they
     1   reviewed.
         Describe procedures for verifying that assets
         involved in transactions are screened against OFAC
         list. Who performs the screen, what documentation
         exists, who reviews exception reports, how and by
     2   whom are "hits" resolved.
         Review documentation of follow-up and resolution
     3   of any OFAC hits.
F.       Intermediary Accounts
         Obtain a list of intermediaries such as independent
         advisers, asset managers, joint ventures,
         outsourcing arrangements, etc. who identify clients
     1   on behalf of the firm.
         Document the procedures in place to ensure that
         the intermediary applies the same due diligence
     2   standards as the firm. Consider:

       Is the intermediary regulated by one of the Federal
a.     functional regulators?
       Is the intermediary governed by regulations similar
b.     to the anti-money laundering regulations?
       Are standards for customer identification
       procedures and other new account due diligence
       procedures spelled out in the contract with the
c.     intermediary and agreed to by both firms?
       Does the company apply its own customer
       identification procedures to accounts introduced by
d.     intermediaries?
       Determine what, if any, processes are in place to
       monitor the transactions and other activities of
     3 accounts introduced by intermediaries.
G.     Training
       Review copies of the training material, making sure
       they are adequate. (Copies of the training materials
       must be available for review by examiners).
     1 Determine that the materials cover:

         The company's internal compliance policies and
a.       procedures.
         The reporting and record keeping requirements of
b.       BSA/AML.
c.       Reporting of large currency transactions.
         Exemptions from large currency transaction
d.       reporting.
e.       The crime of money laundering.

         Examples of money laundering cases and methods
f.       and how such activities can be identified.
g.       The company's suspicious activity monitoring.
         Reporting of suspicious activity or alleged criminal
h.       conduct.
i.       Sale of monetary instruments.

         The types of business, products, types of accounts,
         and geographies that can be more susceptible to
j.       abuse by money launderers and other criminals.
k.       The requirements of OFAC.
l.       Compliance responsibilities of employees.

         Civil and criminal penalties for violations of the BSA,
         AML, or OFAC laws and regulations and any other
m.       consequences of non-compliance for employees.
n.       Record retention requirements.
o.       Frequency of training.
         Review documentation of persons in attendance to
         determine that all people affected by BSA are
     2   receiving training.
         Question the BSA Compliance Officer and other
         personnel to determine that they are sufficiently
         knowledgeable concerning BSA and operating
     3   procedures.
         Schedule employees and officers who have not
         received AML training in the past twelve months.
         Describe the reasons that these individuals have
         not been trained, and explain when training will be
     4   conducted.
H.       Suspicious Activity Monitoring
         In a memo, document the methods developed for
         monitoring suspicious activity. At a minimum, the
     1   memo should include:

         What level is monitoring performed? What are the
a.       parameters?
b.     Is the monitoring system manual or computerized?

c.     Who is responsible for monitoring? Who reviews?
       Describe the systems in place to identify
       "suspicious" transactions. Suspicious activity is
       anything outside the customer's normal course of
       business. This could be a sudden increase in the
       size of deposits or withdrawals, an increase in the
       number of deposits etc. Some things o consider
d.     are:

1)     Who files SARs when required?
2)     Who reviews the SARs before submission?
3)     Where are completed SARs maintained?
       What reports are used to monitor suspicious
4)     activity?

5)     How and to whom is suspicious activity reported?
6)     What type of documentation is maintained?
7)     How often are reviews performed?
       Obtain SARs filed in the current year. Determine
     2 that files contain:

a.     Documentation to support the suspicious activity.
b.     A copy of the SAR filed.
c.     A copy of the customer's profile.
d.     Other documents that may be required.
       Determine that SARs have been reported to the
e.     board.
       Given the products offered, the company size, and
       its locations, does the number of SARs filed appear
f.     to be reasonable?
1)     What is the basis for your conclusion.

       Does the company undertake regular reviews of its
       customer base to ensure that it understands the
     3 nature of its accounts and the potential risks?

a.     How often?
b.     What parameters are used?
c.     What reports are used?
d.     What documentation is retained?

     4 What type of account is considered to be high-risk?

a.     What procedures are in place to monitor?
b.     Who monitors?
c.     How often are they monitored?
       Is the review performed manually or is an
d.     automated system used?
       Obtain and review the documentation to support the
     5 monitoring of high-risk accounts.

a.       Determine if the level of review is adequate.
I.       Currency Transaction Report
         Describe the firm's policies concerning the
     1   acceptance of cash.
         Describe and evaluate procedures in place
         surrounding the acceptance of cash, including
         descriptions of logs or ledgers used, accounts to
         which funds are deposited, and reconciliation
         procedures. Conclude as to the adequacy of
     2   controls.
         Describe and evaluate procedures in place to
         monitor and report cash transactions as required by
         laws and regulations. Address methods to monitor
     3   multiple cash transactions.
         Review currency transaction reports filed year to
     4   date for completeness and timeliness of filing.
         Review all Suspicious Activity Reports filed year to
     5   date for completeness and timeliness of filing.
         Obtain a list of customers granted exemptions from
         currency transaction report filings. Review
         documentation supporting the granting of the
         exemption, including the one-time special CTR and
         documentation substantiating the cash transaction
     6   volume.

       Has management developed and communicated a
       written AML, Bank Secrecy, Currency Transaction
       Reporting, and Customer Identification Program
     1 policies?

       Has a formal training program been established
       which calls for AML training for all new employees,
     2 as well as annual training for existing employees?
       Have all employees received AML training in the
     3 past twelve months?

     4 Has an AML Compliance Officer been designated?
       Have the duties of the AML Compliance Officer
     5 been defined in writing?
       Does the AML Compliance Officer report to a
       member of the Board of Directors or Executive
     6 Management on AML compliance mattes?
       Has the AML Compliance Officer received
     7 sufficient training to perform their job effectively?
        Have new account checklists and other documents
        been reviewed and revised in light of the anti-money
        laundering laws and regulations to ensure that they
        provide a means for documenting the firm's
      8 customer identification verification procedures?
        Do new account files contain information
        substantiating the source of the customer's funds,
        estimated size of the account and volume, and any
        other items required by the Customer Identification
      9 Program?
        Have procedures been established for the
        maintenance of a watch list or data base of
        customers, companies, and individuals with
        presumed connections to crimes, crime-related
        activities, or senior officials in any branch of a
        foreign government and non-cooperative
     10 jurisdiction?

        Have procedures been established for screening all
     11 existing and new accounts against the OFAC list?
        Has the company adopted, and does it enforce,
        written procedures to ensure that independent
        advisors, asset managers, and others identifying
        clients on behalf of the firm employee customer
        verification procedures at least as stringent as those
     12 employed by the company?
        Have systems been adopted to stratify existing and
        new customers based on AML risk characteristics
     13 of the account?

        If so, have heightened monitoring, surveillance, and
        review systems been established for high risk
a.      accounts?

        Are procedures in place to ensure that customer
        information, including source of funds, addresses,
     14 and employment, is updated periodically?
        Do adequate systems and reports exist to facilitate
        monitoring of activity in customer accounts to
        identify, investigate, and resolve apparent money
     15 laundering?
                                              Workpaper Performed     Date       Date
Risk if Objective Not Met Control Technique   Reference     By      Expected   Completed
Budget   Actual   Document             Reviewed
Hours    Hours    Reference   Source      By    Remarks/Comments
Audit Program Area

                     AUDIT PROCEDURES   Ref.
Done   Time      Date       Date               Checked
 By    Spent   Expected   Finished   Remarks     By:
             Audit Program Area

                          Audit Procedure
Global Ref
Control Objective   Risks   Control
 Control KeyControl? Frequency   Owner   Exceptions   Type   Document    Mapping to
Description                                                  Reference   Standards
       Question   Yes No   Comment
Finding Ref #   Control Testing   Finding
Management Response & Treatment

Shared By: