2200. bank secrecy act (bsa), anti-money laundering …...it is the policy of resource one credit...

Resource One Credit Union BSA/AML/OFAC Policy Board Policy Policy 2200

Revised: January 2018 Ratified: April 2019

2200. BANK SECRECY ACT (BSA), ANTI-MONEY LAUNDERING (AML) &

OFFICE OF FOREIGN ASSET CONTROL (OFAC) POLICY



Table of Contents

PURPOSE .................................................................................................................................. 1

INTRODUCTION ............................................................................................................... 1

CIVIL AND CRIMINAL PENALTIES ................................................................................... 1

POLICY STATEMENT ....................................................................................................... 2

MONEY LAUNDERING ..................................................................................................... 3

TERRORIST FINANCING .................................................................................................. 4

RISK ASSESSMENT ......................................................................................................... 5

ANTI-MONEY LAUNDERING COMPLIANCE OFFICER ...................................................... 5

MEMBER IDENTIFICATION PROGRAM ............................................................................ 6

Member Notice ....................................................................................................................... 7

Required Information .............................................................................................................. 7

Refusal to Provide Required Information ................................................................................ 8

Texas Address Confidentiality Program (ACP) ....................................................................... 8

Member Verification Procedures ............................................................................................. 8

Documentary Evidence .......................................................................................................... 9

Non-Documentary Evidence ................................................................................................... 9

Discrepancies ......................................................................................................................... 9

Suspicious Activity at Account Opening .................................................................................10

Lack of Verification ................................................................................................................10

Risk-Based Determination .....................................................................................................10

Member Due Diligence ..........................................................................................................10

Enhanced Due Diligence for Higher Risk Members ...............................................................11

Prohibited Persons ................................................................................................................12

Verification Recordkeeping Requirements .............................................................................12

Use of Third Parties ...............................................................................................................13

Reliance and/or Delegation ...................................................................................................13

SUSPICIOUS ACTIVITY REPORTING .............................................................................. 13

Suspicious Activity .................................................................................................................14

Suspicious Activity Red Flags ................................................................................................14

Identification of Unusual Activity ............................................................................................15

Employee Identification ......................................................................................................15

Law Enforcement Inquiries and Requests, and National Security Letters ...........................15

Transaction Monitoring .......................................................................................................15

SAR Determination and Filing Guidelines ..............................................................................16

Timing ...................................................................................................................................17

SAR Quality ...........................................................................................................................17

Suspicious Activity Report Filings and Reporting ...................................................................17



Filing on Continuing Activity ...................................................................................................17

Prohibition of SAR Disclosure ................................................................................................17

Safe Harbor ...........................................................................................................................18

Record Retention ..................................................................................................................18

CURRENCY TRANSACTION REPORTING ...................................................................... 18

Identity Verification ................................................................................................................19

Multiple Transactions .............................................................................................................20

CTR Filing .............................................................................................................................20

Filing Timeframes and Record Retention ...............................................................................21

CTR Filing Exemptions ..........................................................................................................21

Phase I Exemptions ...........................................................................................................21

Phase II Exemptions ..........................................................................................................21

Designation of Exempt Person Form ..................................................................................22

Annual Review ...................................................................................................................23

CTR Back-Filing ....................................................................................................................23

MONEY SERVICES BUSINESSES................................................................................... 23

Due Diligence ........................................................................................................................23

Enhanced Due Diligence .......................................................................................................24

INFORMATION SHARING ............................................................................................... 24

Information Sharing Between Law Enforcement and Financial Institutions - Section 314(a) ..24

Procedures ........................................................................................................................25

Confidentiality ....................................................................................................................26

Voluntary Information Sharing – Section 314(b) ....................................................................26

Procedures ........................................................................................................................26

Confidentiality ....................................................................................................................27

Annual Notice ....................................................................................................................27

Suspicious Activity .............................................................................................................27

PURCHASE AND SALE OF MONETARY INSTRUMENTS RECORDKEEPING................... 27

FUNDS TRANSFER RECORDKEEPING .......................................................................... 28

Originating Institution Responsibilities ...................................................................................28

Travel Rule Requirement .......................................................................................................29

Intermediary Institution Responsibilities .................................................................................29

Beneficiary Institution Responsibilities ...................................................................................29

Retrieve Ability ......................................................................................................................29

INTERNATIONAL ACH TRANSACTIONS ........................................................................ 30

FOREIGN CORRESPONDENT ACCOUNTS AND FOREIGN SHELL BANKS ..................... 30

PRIVATE BANKING ACCOUNTS .................................................................................... 30

SPECIAL MEASURES .................................................................................................... 30



FOREIGN BANK AND FINANCIAL ACCOUNTS REPORTS (FBAR) .................................. 31

INTERNATIONAL TRANSPORTATION OF CURRENCY OR MONETARY INSTRUMENTS

REPORTS (CMIRS) ......................................................................................................... 31

RECORDKEEPING ......................................................................................................... 31

Required Records .................................................................................................................31

Record Retention ..................................................................................................................33

OFFICE OF FOREIGN ASSETS CONTROL ...................................................................... 33

OFAC Program ......................................................................................................................34

Blocked/Prohibited Transactions ...........................................................................................34

OFAC Licenses .....................................................................................................................34

OFAC Reporting ....................................................................................................................35

OFAC Disputes .....................................................................................................................35

Independent Testing ..............................................................................................................35

Responsible Individual ...........................................................................................................36

Risk Assessment ...................................................................................................................36

BSA, AML, and OFAC TRAINING PROGRAM .................................................................. 36

Applicability ...........................................................................................................................36

Content ..................................................................................................................................36

INDEPENDENT TESTING ............................................................................................... 37

CONFIDENTIAL REPORTING OF BSA, AML, and OFAC NON-COMPLIANCE .................. 38

Appendix A .................................................................................................................... 39

Appendix B .................................................................................................................... 40

Appendix C .................................................................................................................... 44

Historical Record of Policy Changes .............................................................................. 63

Resource One Credit Union BSA/AML/OFAC Board Policy 2200 Page 1

Revised: June 2016 Ratified: April 2019

PURPOSE

The purpose of this policy is to establish the Resource One Credit Union Bank Secrecy

Act, Anti-Money Laundering, and OFAC Programs (Program) that set forth the

oversight, objectives, roles and responsibilities needed to prohibit and actively prevent

money laundering and any other activity that facilitates money laundering or the funding

of terrorist or criminal activities as required by the Bank Secrecy Act, USA PATRIOT Act

of 20011 and all rules and regulations of the Department of the Treasury, and the

Internal Revenue Service.

INTRODUCTION

On October 26, 2001, the USA PATRIOT Act (Act) became law. Title III of the Act

amended the Bank Secrecy Act (BSA) to require all financial institutions to develop and

institute anti-money laundering (AML) programs that, at a minimum:

1. Include internal policies, procedures, and controls;

2. Designate a compliance officer to administer and oversee the program;

3. Provide for ongoing employee training; and

4. Include an independent audit function to test the program.

CIVIL AND CRIMINAL PENALTIES

Civil and criminal penalties may be brought to institutions and individuals for violation of

the BSA or implementing regulations. Criminal penalties for money laundering and

terrorist financing and violations of the BSA can be severe.

A person convicted of money laundering may face up to 20 years in prison and a fine up

to $500,000. Any property involved in transaction(s) or traceable to the proceeds of the

criminal activity, including loan collateral, personal property, and entire banking

accounts may be subject to forfeiture.

A person, including a Credit Union employee, willfully violating the BSA or its

implementing regulations is subject to a criminal fine of up to $250,000 or five years in

prison, or both. Additionally, a person who commits such a violation while violating

1 Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (Public Law 107-56).

Resource One Credit Union BSA/AML/OFAC Policy Policy 2200 Page 2


another U.S. law, or engaging in a pattern of criminal activity, is subject to a fine of up to

$500,000 or ten years in prison, or both.

An institution that violates certain provisions of the BSA, or implementing regulations,

faces criminal money penalties up to the greater of $1 million or twice the value of the

transaction.

In addition, financial institutions are at risk of losing their charters and employees risk

being removed and barred from the banking industry.

POLICY STATEMENT

It is the policy of Resource One Credit Union (Credit Union) to comply with all

requirements of the Bank Secrecy Act and all regulations of the Department of Treasury

and the Internal Revenue Service relating thereto. Specifically, the Credit Union shall:

Perform an annual risk assessment to assess the risks of money laundering,

terrorist financing, or other illegal financing activities being facilitated by member

relationships with the Credit Union. Upon determining that any member poses

such risks, to impose additional surveillance measures on that member’s

transactions in order to detect and report any suspicions of such activities in a

timely manner;

Establish procedures and communication channels among Credit Union counsel,

the compliance officer, the persons who receive service of process (such as

subpoenas and summonses) on behalf of the Credit Union, and such others as

may be necessary to ensure that law enforcement information requests

concerning Credit Union members and lawsuits by and against Credit Union

members are included in the Credit Union’s processes for considering whether to

file a Suspicious Activity Report about a member;

Properly report all currency transactions that exceed $10,000 made by or for any

person on any day;

Maintain records of monetary instruments sold for currency in the amount

between $3,000 and $10,000;

Maintain appropriate records relating to certain funds transfers of $3,000 or

more;

Respond timely to government requests for information under Section 314(a) of

the USA PATRIOT Act, and



Maintain a Member Identification Program, which ensures that appropriate

information is obtained and verified for all Credit Union members.

The Credit Union will take reasonable steps and exercise reasonable diligence to

prohibit and actively prevent money laundering and activities that facilitate money

laundering or the funding of terrorist or criminal activities. The Credit Union is

committed to complying with all applicable anti-money laundering laws and guarding

against money laundering. To this end, the Credit Union has developed this Program

to:

Protect the Credit Union against the risks of unscrupulous persons attempting to

fund terrorist or other criminal activities or launder the proceeds of illegal

activities through the Credit Union;

Conduct the business of the Credit Union in a manner consistent with applicable

laws and regulations, including the AML regulations of applicable regulatory

organizations, designed to combat money laundering activities; and

Protect the Credit Union from potential liability under the Act.

MONEY LAUNDERING

Money laundering is the criminal practice of filtering illegally gained funds, also known

as “dirty money,” through a series of transactions so that the funds appear to be “clean.”

Money laundering can also be described as disguising the source of ownership of

illegally gained funds to make them appear legitimate. Money laundering usually does

not involve cash at every stage of the laundering process. Although money laundering

is a diverse and complex process, it basically involves three independent steps that may

occur simultaneously:

Placement – The first step of money laundering is placement. The intent of

placement is to introduce “dirty” money into the financial system to begin the

laundering process. Placement techniques can include structuring and

commingling of assets. Structuring is generally used to attempt to circumvent or

avoid reporting requirements of currency transactions. Comingling is used to mix

“dirty” money with legitimate funds in an account. An example may include:

dividing large amounts of currency into less-conspicuous smaller sums that are

deposited directly into an account, depositing a refund check from a canceled

vacation package or insurance policy, or purchasing a series of monetary



instruments (e.g., cashier’s checks or money orders) that are then collected and

deposited into accounts at another location or financial institution.

Layering - The second step of money laundering is layering. The intent of

layering is to complicate the paper trail and disguise the origin of where funds

have come from by moving money around within the financial system. This is

usually accomplished by completing a complex series of transactions. These

may include converting cash into traveler’s checks, money orders, wire transfers,

letters of credit, stocks, bonds, or purchasing valuable assets such as art or

jewelry designed to disguise the origins and ownership of the funds.

Integration –The final step of money laundering is integration. Successful

integration occurs when funds have been placed, layered and have obtained a

legitimate appearance within the financial system. The funds are then used for

additional transactions that increase the appearance of legitimacy. An example

may include the purchase and resale of real estate or other assets.

TERRORIST FINANCING

The motivation behind terrorist financing is ideological as opposed to profit-seeking.

Terrorism is intended to intimidate a population, government, or organization to do or

abstain from doing something through the threat of violence. Terrorist operations

depend on an effective financial infrastructure to carry out their cause.

Terrorists generally finance their activities through both unlawful and legitimate sources.

Unlawful activities may include: extortion, kidnapping, narcotics trafficking, smuggling,

fraud, theft, robbery, and identity theft. The improper use of charitable or relief funds

have also been identified as sources of terrorist funding. In the case of improper use of

charitable or relief funds, the contributor may not be aware that the charity actually

funds terrorist activities.

Although the motivation differs between traditional money launderers and terrorist

financiers, the actual methods used to fund terrorist operations can be similar to those

used by other criminals that launder funds. For example, terrorist financiers use

currency smuggling, structured deposits or withdrawals, purchases of monetary

instruments, credit cards, debit cards, prepaid cards, and funds transfers.



Funding for terrorist attacks may not involve complex transactions, and may not involve

large sums of money.

RISK ASSESSMENT

The Credit Union has implemented an annual risk assessment process to:

1. Identify the specific risk categories unique to the Credit Union; and

2. Conduct a detailed analysis of the data identified to better assess the risk within

each category.

Various factors, such as the number and volume of transactions, geographic locations,

and nature of member relationships are considered when the risk assessment is

prepared. The most recent FFIEC Guidelines are considered when performing the risk

assessment. Findings and corrective action plans shall be developed by the

compliance officer and management at the conclusion of each risk assessment to

ensure that:

1. Senior management is aware of any issues detected; and

2. Noted issues are addressed in a timely manner.

ANTI-MONEY LAUNDERING COMPLIANCE OFFICER

The AML Compliance Officer (Officer) for the Credit Union is set forth in Appendix A.

The Officer is responsible for:

Oversight and monitoring for compliance with the Program on an ongoing basis;

For determining that the prescribed policies and procedures are implemented,

effective, and comply with all applicable laws and regulations; and

For adequacy and effectiveness of Program training materials.

The Officer shall serve as the main contact person for communicating with the Federal

government including, but not limited to, the Financial Crimes Enforcement Network

(FinCEN) of the Department of the Treasury (Treasury), regarding issues related to the

Program. The Officer shall update this Program as necessary to accommodate

changes in the BSA, applicable regulatory requirements, and the Credit Union’s

business model.



The Officer shall report at least annually to the board of directors regarding the

efficiencies of the Program and shall recommend any appropriate changes in the

program. The Board of Directors and senior management shall be informed of changes

and new developments in the BSA, its implementing regulations and directives, and the

federal banking agencies’ regulations. The Board of Directors will be informed of the

importance of BSA and AML regulatory requirements, the ramifications of

noncompliance, and the risks posed to the Credit Union.

If the Officer position should become vacant, the Chief Financial Officer shall be

responsible for oversight and compliance of this Program.

MEMBER IDENTIFICATION PROGRAM

The Member Identification Program (MIP) provides for verifying the identity of members

to the extent reasonable and practicable, maintaining records associated with such

verification, and for consulting lists of known terrorists. This verification enables the

Credit Union to form a reasonable belief that it knows the true identity of each member.

1. For purposes of this Program, the term "member" means a Credit Union account

holder of record who is:

a. A “person” (an individual, a corporation, a partnership, a trust, an estate,

or any other entity recognized as a legal person) who opens a new

account, or

b. An individual who opens a new account for:

i. An individual who lacks legal capacity; or

ii. For an entity that is not a legal person.

2. The term “member” does not include:

a. Persons who have an existing account with the Credit Union, provided that

the Credit Union has a reasonable belief that it knows the person’s true

identity;

b. A person who does not receive banking services, such as a loan applicant

who application is denied;

c. Federally regulated banks;

d. Banks regulated by a state bank regulator;

e. Governmental entities; and

f. Publicly traded companies.



Member Notice

The Credit Union shall provide the following notice for members to view or receive prior

to opening an account:

IMPORTANT INFORMATION ABOUT PROCEDURES FOR OPENING A NEW

ACCOUNT - To help the government fight the funding of terrorism and money

laundering activities, federal law requires all financial institutions to obtain, verify, and

record all information that identifies each person who opens an account. What this

means for you: When you open an account, we will ask for your name, address, date of

birth, and other information that will allow us to identify you. We may also ask to see

your driver license or other identifying documents.

Required Information

The Credit Union will obtain the following information from each member and the Credit

Union will use the information on the application or credit report as supporting

documents:

1. Name;

2. Date of birth (for individuals);

3. Physical Address:

a. The address where the member physically resides [or an Army Post Office

(APO) or Fleet Post Office (FPO)]; or

b. If other than an individual (such as an estate, corporation, partnership, or

trust), a principal place of business, local office or other physical address

of the entity;

4. Identification numbers:

a. U.S. Persons - A taxpayer identification number (TIN) from each member.

b. Non-U.S. Persons - A taxpayer identification number, passport number

and country of issuance, alien identification card number, or number and

country of issuance of any other unexpired government-issued document

evidencing nationality or residence and bearing a photograph or similar

safeguard.

It is the responsibility of each individual involved in opening an account to ensure the

four pieces of information listed above are obtained.



Refusal to Provide Required Information

If a potential or existing member either refuses to provide the required member

information or appears to have intentionally provided misleading information, the Credit

Union will not open a new account and, after considering the risks involved, will

consider closing all existing account(s), if applicable. The Officer, or designee, will be

notified of the facts and will determine whether or not to file a Suspicious Activity Report

(SAR) as set forth below.

Texas Address Confidentiality Program (ACP)

The Texas ACP helps victims of family violence, sexual assault, and stalking keep their

actual address confidential. The Texas Address Confidentiality Program (ACP),

administered by the Office of the Attorney General (OAG), provides a substitute post

office box address and free mail forwarding service for participants to protect their

physical address information. Participants in the program are provided with a substitute

address to be used in place of the address where they live. Participants may use the

substitute address provided to them for purposes of the MIP regulation requiring that the

Credit Union obtain a residential or business street address at account opening.

1. If the individual member does not have a residential or business street address,

the rules permit the member to provide a “residential or business street address

of next of kin or of another contact individual.”

2. The credit Union would not be in compliance with the MIP rules if it accepts the

ACP post office box address to fulfill MIP requirements.

In an effort to support participants in an ACP, FinCEN authorized an exception to the

MIP requirement that a credit union obtain a member’s residential or business street

address for participants of an ACP. A participant in a state-created ACP shall be treated

as not having a residential or business street address and the state entity serving as a

designated agent of the participant will act as another contact individual for the purpose

of complying with FinCEN’s rules. Therefore, the Credit Union should collect the street

address of the ACP sponsoring agency for purposes of meeting its MIP address

requirement.

Member Verification Procedures

The Credit Union has employed procedures for verifying the identity of its members by

collecting required member information. To the extent reasonable and practicable, the



Credit Union will ensure, using risk-based procedures, that it has a reasonable belief

that it knows the true identity of its members.

The Credit Union will generally use both documentary and non-documentary evidence

in performing member verification. In analyzing verification information, the Credit

Union will consider whether there is a logical consistency among the identifying

information provided, such as the member’s name, street address, zip code, telephone

number, date of birth, and social security number. After a review of documentary and

non-documentary evidence, if the Credit Union still does not have a reasonable belief

that it knows the true identity of the member an account will not be established.

Documentary Evidence

Appropriate documents for verifying the identity of members may include, but are not

limited to, the following:

1. For an individual – an unexpired government-issued identification evidencing

nationality or residence and bearing a photograph or similar safeguard, such as a

driver, Texas handgun license or passport; or

2. For a person other than an individual - documents showing the existence of the

entity, such as certified articles of incorporation, a government-issued business

license, a partnership agreement, trustee certifications, or a trust instrument; and

Non-Documentary Evidence

Non-documentary methods of verifying the identity of members may include, but is not

limited to:

1. Contacting the member;

2. Independently verifying the member’s identity through the comparison of

information provided by the member with information obtained from a consumer

reporting agency, public database, or other source;

3. Checking references with other financial institutions; or

4. Obtaining a financial statement.

Discrepancies

If discrepancies are noted between the information provided and the verification

methods, the Credit Union will resolve all substantial discrepancies prior to opening an

account. Resolutions of discrepancies shall be notated and retained in accordance with

the MIP.



Suspicious Activity at Account Opening

If, during its attempts to verify the member’s identity, the Credit Union finds suspicious

information that may indicate possible criminal activity, the Officer, or designee, shall be

notified. The Officer, or designee, will determine whether to file a SAR in accordance

with applicable law and regulation and the SAR Filing guidelines detailed below.

Lack of Verification

Under circumstances in which the Credit Union cannot form a reasonable belief that it

knows the true identity of a person, an account will not be opened for the person.

Risk-Based Determination

The Credit Union shall consider the following factors, among others, in assessing the

money laundering risk posed by particular members or transactions, and the due

diligence to be performed will be such as the Credit Union believes is commensurate

with the risk. Factors to be considered in assessing money laundering risk include:

1. Whether the member is an individual or entity;

2. Whether the member is an existing member;

3. How the person became a Credit Union member;

4. Whether the member’s business or occupation is the type more likely to be

susceptible to illicit activity (e.g., cash intensive businesses);

5. Whether the member resides in, is incorporated in or operates from a jurisdiction

with bank secrecy laws, or a jurisdiction that has otherwise been identified as an

area worthy of enhanced scrutiny;

6. Whether the member is a senior foreign political figure; and

7. Whether the member is a non-U.S. person.

Member Due Diligence

An integral part of an effective Member Due Diligence (MDD) policy is a comprehensive

knowledge of the transactions carried out by the members of the financial institution.

Therefore, it is necessary that the MDD procedures allow for the collection of sufficient

information to develop a “transaction profile” of each member. The primary objective of

such procedures is to enable the Credit Union to predict with relative certainty the types

of transactions in which a member is likely to be engaged.



Regardless of the type of account or relationship being established it is imperative the

Credit Union knows the true identity of the individual or entity wishing to establish an

account by the following measures:

1. Ascertaining the stated business purpose of each commercial enterprise with

whom the Credit Union conducts business;

2. Identifying the ownership of all accounts and those using safe custody facilities;

3. Obtaining identification information from all new members; and

4. Being aware of unusual activity that is disproportionate to the member’s known

business or occupation.

Enhanced Due Diligence for Higher Risk Members

Members who pose higher risk for money laundering, terrorist financing or other criminal

activity present increased risk to the Credit Union. As such, the Credit Union shall

consider a combination of factors to determine the level of Enhanced Due Diligence

(EDD) required commensurate with the risk presented by the member. EDD refers to

the additional attributes about the member that allow the Credit Union to better

understand who the member is and what types of account and transaction activities to

expect from the member.

EDD applies not only to new members, but should be considered, as appropriate, for

existing members. Members deemed high risk by the Compliance team, may be asked

to complete a questionnaire regarding the expected activity within their account(s).

Examples of EDD information that could be collected include, but are not limited to, the

following:

Occupation;

Employer;

Purpose of account;

Source of funds and wealth;

Expected activity on account (transaction types, dollar volumes, frequency);

Identification of the beneficial owners of accounts;

Identification of entity officer and owners;

Details of other banking relationships that the member maintains;

Approximate salary or annual income;

Additional sources of income;



Approximate net worth;

If military, current rank and branch of service;

Third party documentation, such as bank references and credit reports; and/or

Entity establishment documents, operating agreements, and trust documents.

See Appendix B for persons and entities that may require enhanced scrutiny.

Prohibited Persons

The Credit Union shall not maintain an active account for the following types of

members:

Any person or entity whose name appears on the List of Specially Designated

Nationals, Blocked Persons (Blocked Person List) or Consolidated Sanctions List

(Non-SDN List) maintained by OFAC as set forth at http://www.treas.gov/ofac.

Any person or entity who is located in or is a national of any country appearing

on the list of Countries Subject to OFAC-Administered Sanctions (Sanctioned

Country List) subject to the OFAC regulations as set forth at

http://www.treas.gov/ofac;

Any person or entity whose names appear on such other lists of prohibited

persons or entities as may be mandated by applicable law or regulation

(collectively, an “OFAC person”).

Foreign financial institutions.

In the event that the Credit Union determines that a member is an OFAC person, the

Credit Union will determine whether it should reject the transaction and/or block the

member's assets and file a blocked assets and/or rejected transaction form with OFAC.

The Credit Union may notify federal authorities using the OFAC Hotline at 1-800-540-

6322.

Verification Recordkeeping Requirements

The Credit Union will keep records regarding MIP as required by law. At a minimum, the

Credit Union will retain the identifying information obtained at account opening for a

period of five years after the account is closed. For credit cards, the MIP information

used shall be retained for a period of five years after the account closes or becomes

dormant. The Credit Union shall also keep a description of the following for five years

after the record was made:

http://www.treas.gov/ofac



1. Any document that was relied on to verify identity, noting the type of document,

the identification number, the place of issuance, and, if any, the date of issuance

and expiration date.

2. The method and the results of any measures undertaken to verify identity.

3. The results of any substantive discrepancy discovered when verifying identity.

Use of Third Parties

The Credit Union may use information from a third party within the MIP processes; such

as, credit reports, Accurint, ChexSystems, Qualifile, Secretary of State, etc.

Reliance and/or Delegation

The Credit Union does not rely upon any other financial institution to perform its MIP

verification processes.

SUSPICIOUS ACTIVITY REPORTING

Suspicious activity reporting forms the cornerstone of the BSA reporting system. The

Credit Union will be vigilant with respect to identifying any potentially suspicious activity.

An employee or officer of the Credit Union shall contact the Officer, or designee, as

soon as reasonably practicable after the employee or officer learns of any transaction or

series or pattern of transactions conducted or attempted by, at, or through the Credit

Union, and which the Credit Union knows, suspects, or has reason to suspect:

1. Involves funds derived from illegal activity or is intended or conducted in order to

hide or disguise funds or assets derived from illegal activity (including without

limitation, the ownership, nature, source, location, or control of such funds or

assets) as part of a plan to violate or evade any federal law or regulation or to

avoid any transaction reporting requirement under federal law or regulation;

2. Is designed, whether through structuring or other means, to evade any

requirements of any regulation promulgated under the BSA;

3. Has no business or apparent lawful purpose or is not the sort in which the

particular member would normally be expected to engage, and the Credit Union

knows of no reasonable explanation for the transaction after examining the

available facts, including the background and possible purpose of the

transaction; or

4. Involves the use of the Credit Union to facilitate criminal activity; or



5. Any attempts or acts of intrusion into the Credit Union’s computer system or

network.

Suspicious Activity

The Credit Union is required to file a SAR with respect to:

1. Criminal violations involving insider abuse in any amount;

2. Criminal violations aggregating $5,000 or more where a suspect can be

identified;

3. Criminal violations aggregating $25,000 or more regardless of a potential

suspect; or

4. Transactions conducted or attempted by, at, or through the Credit Union and

aggregating $5,000 or more, if the Credit Union knows, suspects, or has reason

to believe that the transaction:

o May involve potential money laundering or other illegal activity;

o Is designed to evade the BSA or its implementing regulations;

o Has no business or apparent lawful purpose or is not the type of

transaction that the particular customer would normally be expected to

engage in, and the Credit Union knows of no reasonable explanation for

the transaction after examining the available facts, including the

background and possible purpose of the transaction.

It is important to note that while the Credit Union is required to report suspicious

activity, the Credit Union is not obligated to investigate or confirm the underlying

predicate crime.

Suspicious Activity Red Flags

While a comprehensive definition of suspicious activity is difficult, numerous “red flags”

may trigger the need for further inquiry with respect to a particular transaction.

Appendix C sets forth certain “red flags” that signal possible money laundering or

terrorist financing, as well as potentially high-risk products and services. Suspicious

transactions may include assets of any type, including monetary instruments such as

cash, traveler’s checks, any negotiable instrument, securities, as well as wire transfers.

Typically, a suspicious transaction might seek to hide or disguise the ownership, nature,

source, location, destination or control of the funds. Suspicious activity can occur either

at the outset of the member relationship or long after the relationship has been initiated.

Transactions should be viewed within the context of other account activity, and a



determination of whether a transaction is actually suspicious may depend on the

member and the particular transaction. Any transaction that appears to be suspicious

shall be brought to the attention of the Officer, or designee.

Identification of Unusual Activity

All Credit Union employees involved in effecting banking transactions are prohibited

from engaging in or facilitating any suspicious activity or any activity that constitutes

money laundering. Any employee who becomes aware of any suspicious activity

should immediately report that activity to his or her supervisor or the Officer, or

designee. Any supervisor who learns of possible suspicious activity should report such

activity immediately to the Officer, or designee.

Employee Identification

It is possible that Credit Union personnel may become aware of or suspect criminal

activity by Credit Union members or employees. Any such suspicions must be reported

promptly to the Officer, or designee. If the Officer, or designee, determines, after

conducting an investigation pursuant to this Program, that the Credit Union should notify

federal authorities of a suspicious activity, such notification may occur by contacting the

appropriate federal law enforcement authorities directly, and/or by filing a SAR with

FinCEN, as prescribed by applicable law.

Law Enforcement Inquiries and Requests, and National Security Letters

In addition to Section 314 requests, law enforcement inquiries and requests can include

criminal subpoenas and National Security Letters (NSLs). The receipt of any law

enforcement inquiry does not, by itself, require the filing of a SAR.

Any inquiry about member information including subpoenas, court orders and related

legal process should be referred to the Officer for review.

Transaction Monitoring

The Credit Union uses both manual and surveillance monitoring (automated account

monitoring) to identify potentially suspicious activities.

Verafin (automated monitoring system) is used to monitor member relationships and

transaction activity. Alerts are generated by the system for unusual activity. The



compliance team reviews such alerts to determine whether the activity warrants further

investigation and/or reporting.

Shared Branching transactions are included in monitoring processes. Any unusual

transactions that occur as result of a Shared Branching transaction will be investigated

and filed upon, when deemed necessary, in accordance with this Program.

SAR Determination and Filing Guidelines

The Officer, or designee, shall ensure procedures and processes are in place to

complete the following for all reported instances of suspicious activity:

1. An investigation is conducted to review and consider all the facts and

circumstances of the case.

2. If the Officer, or designee, determines that a suspicious activity referral does not

warrant the filing of a SAR, a record shall be made noting the reason.

3. When a determination is made to file a SAR, it will be completed and submitted

by the Officer, or designee.

4. Whether or not a SAR is filed, the Officer, or designee, may flag the account(s)

involved for continued observation. The Officer, or designee, may determine to

take additional action with respect to an account as to which actual or potential

suspicious activity has been detected.

5. In situations involving violations where the Officer, or designee, believes

immediate attention is required, such as terrorist financing or ongoing money

laundering schemes, the Officer, or designee, shall immediately notify an

appropriate law enforcement authority or FinCEN by telephone in addition to

filing a SAR.

After thorough research and analysis has been completed, the Officer, or designee,

shall determine whether a SAR should be filed. The Officer is responsible for ensuring

that all SARs are filed in accordance with regulatory requirements.

From time to time, following a thorough investigation, a decision to not file a SAR may

occur. Such decisions will be documented and maintained for a period of five years

from the date of determination.



Timing

A SAR must be filed no later than 30 calendar days from the date of initial detection of

facts that may constitute a basis for filing a SAR. If no suspect can be identified, the

time period for filing is extended to 60 days.

The 30-day or 60-day period does not begin until an appropriate review is conducted

and a determination is made that the transaction under review is “suspicious” within the

meaning of the SAR regulation.

SAR Quality

The Credit Union is required to file SARs that are complete, thorough, and timely. All

known subject information shall be included on the SAR form. Narratives shall be

thorough, clear, and well organized.

Suspicious Activity Report Filings and Reporting

Suspicious Activity Reports will be completed and filed electronically via the BSA e-filing

system by the Officer, or designee. All SARs will be reported promptly after filing to the

Board of Directors, or a committee thereof.

Filing on Continuing Activity

Continuing suspicious activity shall be reviewed and reported at least every 90 days.

Additionally, this information shall be reviewed to determine whether or not the Credit

Union desires to terminate a relationship with the member or employee that is the

subject of the filing.

Should law enforcement request that certain accounts remain open, the Credit Union

will require the request be made in writing. The written request should indicate that the

agency has requested that the Credit Union maintain the account and the purpose and

duration of the request. Ultimately, the decision to maintain or close the account is up

to the Credit Union. All facts and circumstances shall be considered if any such request

is presented.

Prohibition of SAR Disclosure

Under no circumstances may the Officer, any director, trustee, officer, employee,

associated person or agent of the Credit Union disclose any information that a SAR has

been prepared or filed to any other person. Thus, any person subpoenaed or otherwise

requested to disclose a SAR or the information contained in a SAR, except when such

disclosure is requested by FinCEN or an appropriate law enforcement or federal



banking agency, shall decline to produce the SAR or to provide any information that

would disclose that a SAR has been prepared or filed. FinCEN and the Credit Union’s

regulator should be notified of any such request and of the Credit Union’s response.

All requests for information regarding a SAR shall be referred to the Officer for guidance

on a response.

Safe Harbor

Federal law provides protection from civil liability for all reports of suspicious

transactions made to appropriate authorities, including supporting documentation,

regardless of whether such reports are filed pursuant to the SAR instructions.

Specifically, the law provides that a Credit Union and its directors, officers, employees,

and agents make a disclosure to the appropriate authorities of any possible violation of

law or regulation, including a disclosure in connection with the preparation of SARs,

shall not be liable to any person under any law or regulation of any State or political

subdivision of any State, or under any contract or other legally enforceable agreement,

for such disclosure or for any other person identified in the disclosure. The safe harbor

applies to SARs filed within the required reporting thresholds as well as to SARs filed

voluntarily on any activity below the threshold.

Record Retention

The Credit Union will retain all copies of SARs and any supporting documentation for a

period of no less than five (5) years from the date of filing. “Supporting documentation”

refers to all documents or records that assisted in making the determination to file a

SAR.

CURRENCY TRANSACTION REPORTING

The Credit Union will file a Currency Transaction Report (CTR), for each deposit,

withdrawal, exchange of currency or other payment or transfer, by, through, or to such

financial institution which involves a transaction in currency of more than $10,000, which

is not otherwise exempt. Multiple currency transactions are treated as a single

transaction if the financial institution has knowledge that they are by or on behalf of any

person and result in either cash in or cash out totaling more than $10,000 during any

one business day. The following types of transactions are subject to reporting,

individually or by aggregation:



Denomination exchanges

Individual retirement accounts

Loan payments

Automated teller machine transactions

Purchases of certificates of deposit

Deposits and withdrawals, including those conducted at a Shared Branch

location

Funds transfers paid for in currency

Monetary instrument purchases

The employee performing the transaction for the member is responsible for completing

the CTR. The Officer, or designee, will review and file the CTR.

Shared Branching transactions are included in overall CTR reporting processes. The

Credit Union will file a CTR for any currency transaction processed by the Credit Union

for over $10,000 for benefit of the same member on the same business day that occurs

as result of a Shared Branching transaction.

Identity Verification

Prior to concluding any large currency transaction, the employee handling the

transaction must verify and record the name and address of the individual presenting

the transaction. Identity may be verified by the following documentation:

Driver license

Texas handgun license

Passport

Alien identification cards

Other official documents evidencing nationality or residence

The mere notation of “known member” or “signature card on file” on the CTR is

prohibited. The specific identifying information must be listed on the CTR.

In the instance the Credit Union is required to examine identification documents of

individuals engaging in large currency transactions or cash purchases of monetary

instruments and an elderly or disabled member does not possess the identification

documents normally acceptable (e.g., driver or Texas handgun license, passport, or

state issued identification cards), the employee must:



Determine that the individual does not have identification documents normally

accepted;

Review internal records for any information on file to determine the individual’s

identity, and ask for other forms of identification;

Accept as appropriate identification only those documents which have been

specified as acceptable identification for transactions involving elderly or disabled

individuals who do not possess identification documents normally accepted

within the banking community when cashing checks for non-depositors;

Limit such appropriate documents to a social security, Medicare, Medicaid, or

other insurance card presented along with another document that contains both

the name and address of the individual (e.g., an organization membership or

voter registration card, utility or real estate tax bill); and

Record the word “Elderly” or “Disabled” on the CTR and/or record of cash

purchases of monetary instruments and the method used to identify the elderly or

disabled individual such as “Social Security and (organization) Membership Card

only ID”.

If the large currency transaction is being conducted on behalf of another, the employee

handling the transaction must record the identity, account number, and tax identification

number of the person on whose behalf the transaction is being conducted.

Multiple Transactions

BSA regulations require that multiple currency transactions be treated as a single

transaction (aggregated) if the financial institution has knowledge that they are “by or on

behalf of any person and result in either cash-in or cash-out totaling more than $10,000

on any one business day.” A CTR will be filed for multiple currency transactions

exceeding $10,000 on any one business day. The Cash Transaction report will

aggregate multiple or single currency transactions exceeding $10,000 on any one

business day, and will be reviewed daily when alerts are generated. A CTR will be filed

on any such transactions. The Officer, or designee, is responsible for reviewing such

alerts and for filing any CTRs identified by the system.

CTR Filing

The Officer, or designee, will transmit CTRs electronically via FinCEN’s BSA e-filing

system.



Filing Timeframes and Record Retention

CTRs must be filed within 15 calendar days of the date on which the currency

transaction occurred. If a CTR is returned as incomplete or incorrect, the Officer, or

designee, shall review the information and correct and re-submit the CTR. A copy of

the CTR will be retained for five years after the date of filing.

CTR Filing Exemptions

Under Phase I exemptions, transactions in currency by banks, governmental

departments or agencies, and listed public companies and their subsidiaries are exempt

from reporting. Under Phase II exemptions, transactions in currency by smaller

businesses that meet specific criteria laid out in FinCEN’s regulations may be exempted

from reporting.

Phase I Exemptions

The following are exempt under Phase I exemption:

1. A bank, to the extent of its domestic operations.

2. A federal, state, or local government agency or department.

3. Any entity exercising governmental authority within the United States.

4. Any entity (other than a bank) whose common stock is listed on the New York

Stock Exchange or the American Stock Exchange or are listed on the NASDAQ

Stock Market (with some exceptions).

5. Any subsidiary (other than a bank) of any “listed entity” that is organized under

U.S. law and at least 51% of whose common stock is owned by the listed entity.

Phase II Exemptions

A business that does not fall into any of the Phase I categories may still be exempted

under Phase II exemptions if it qualifies as a “non-listed business” or as a “payroll

customer”.

A “payroll customer” is defined solely with respect to withdrawals for payroll purposes

from existing exemptible accounts and as a person who:

1. Has maintained a transaction account at the Credit Union for at least two months;

2. Operates a firm that regularly withdraws more than $10,000 in order to pay its

U.S. employees in currency; and

3. Is incorporated or organized under the laws of the U.S. or a state, or is registered

as and eligible to do business within the U.S. or a state.



A “non-listed business” is a commercial enterprise to the extent of its domestic

operations that:

1. Has maintained a transaction account at the Credit Union for at least two months;

2. Frequently engages in currency transactions in excess of $10,000 (more than

five times in a 12 month period); and

3. Is incorporated or organized under the laws of the U.S. or a state, or is registered

as and eligible to do business within the U.S. or a state.

Certain businesses are ineligible for treatment as an exempt business. Businesses

engaged primarily in one or more of the following specified activities are ineligible:

Serving as a financial institution or as an agent for a financial institution of any

type.

Purchasing or selling motor vehicles of any kind, vessels, aircraft, farm

equipment, or mobile homes.

Practicing law, accounting, or medicine.

Auctioning of goods.

Chartering or operation of ships, buses, or aircraft.

Operating a pawn brokerage.

Engaging in gaming of any kind (other than licensed pari-mutuel betting at race

tracks).

Engaging in investment advisory services or investment banking services.

Operating a real estate brokerage.

Operating in title insurance activities and real estate closings.

Engaging in trade union activities.

Engaging in any other activity that may, from time to time, be specified by

FinCEN.

A business that engages in multiple business activities may qualify for an exemption as

a non-listed business as long as no more than 50% of its gross revenue per year is

derived from one or more of the ineligible business activities above.

Designation of Exempt Person Form

The Credit Union shall file a one-time Designation of Exempt Person form for each

exempt member, as required. The Designation of Exempt Person form is not required

for Phase I eligible members that are banks, federal, state, or local governments, or



entities exercising governmental authority. However, the Credit Union must ensure that

the entity is eligible, and document the basis for the conclusion.

The form will be filed electronically with FinCEN within 30 days after the first transaction

in currency that the Credit Union wishes to exempt.

Annual Review

The information supporting each designation of a Phase I or Phase II exemption shall

be reviewed and verified annually. Annual reviews shall be documented. Additionally,

exempted accounts shall be reviewed no less than annually for suspicious transactions.

CTR Back-Filing

If it is discovered that the Credit Union has failed to file CTRs on reportable

transactions, the Credit Union will begin filing CTRs upon discovery.

MONEY SERVICES BUSINESSES

The Credit Union is not accepting applications for new Money Services Businesses (MSB) at the present time. The Credit Union will conduct the following measures to monitor existing Money Services Business accounts. Generally, a business is an MSB if it conducts more than $1,000 cash activity with one person in one or more transactions on the same day utilizing one or more of the following services:

Money orders and/or Traveler’s checks;

Check cashing and/or Payday Lending;

Currency dealer/currency exchanger;

Stored value cards; OR

Money transfer services in any dollar amount. MSBs are required to register with the Texas Department of Banking and FinCEN.

Due Diligence

The Credit Union will conduct a risk assessment on new business accounts to determine that they are not an MSB (See Appendix D). Established MSB accounts will be reviewed annually. Such review will include the following:

Review of MSB Risk Assessment;

Confirm compliance with state or local licensing requirements, if applicable:



o Texas Department of Banking registration - registration must be renewed annually

o FinCEN registration - registration must be renewed every two years;

Confirm agent status, if applicable. MSB transactional information is reviewed via the Verafin automated monitoring system. Alerts are generated by the system for unusual activity. The compliance team reviews such alerts to determine whether the activity warrants further investigation and/or reporting.

Enhanced Due Diligence

For businesses where the Credit Union has determined the member presents a higher risk of money laundering or terrorist financing, any or all of the additional measures may be taken:

Review the MSB’s BSA/AML program.

Review results of the MSB’s independent testing of its AML program.

Review written procedures for the operation of the MSB.

Conduct on-site visits.

Review list of agents, including locations.

Review written agent management and termination practices for the MSB.

Review written employee screening practices for the MSB.

INFORMATION SHARING

On September 26, 2002, financial regulations implementing section 314 of the USA

PATRIOT Act became effective. The regulations established procedures for information

sharing to deter money laundering and terrorist activity. In 2010, FinCEN amended the

regulations to allow state, local, and certain foreign law enforcement agencies access to

the information sharing program.

Information Sharing Between Law Enforcement and Financial Institutions -

Section 314(a)

The Credit Union will respond to FinCEN 314(a) requests about its accounts or

transactions by searching its records to determine whether the Credit Union maintains

or has maintained any account for, or has engaged in any transaction with each

individual, entity, or organization named in the request.



Procedures

The Officer, or designee, shall serve as the point-of-contact regarding 314(a)

information requests and responses to orders which implement special measures.

Upon receipt of the 314(a) request, unless otherwise stated in the request, the Officer,

or designee will search Credit Union records for accounts maintained by a named

suspect during the preceding 12 months, and transactions conducted by, on behalf of,

or with a named subject during the preceding six months.

Searches will include the following:

1. Deposit account records to determine whether the named subject is or was an

accountholder;

2. Funds transfer records to determine whether a named subject was an

originator/transmitter of a funds transfer for which the institution was the

originator/transmitter’s financial institution, or a beneficiary/recipient of a funds

transfer for which the institution was the beneficiary/recipient’s financial

institution;

3. Records of the sale of monetary instruments (money orders, cashier’s checks,

and traveler’s checks) to determine whether a named subject purchased a

monetary instrument;

4. Loan records to determine whether a named subject is or was a borrower;

5. Trust account records to determine whether a named subject matches the name

in which an account is titled;

6. Records of accounts to purchase, sell, lend, hold or maintain custody of

securities to determine whether a named subject is or was an accountholder;

7. Commodity futures, options, or other derivatives account records to determine

whether a named subject is or was an accountholder; and

8. Safe deposit box records to determine whether a named subject maintains or

maintained, or has or had authorized access to, a safe deposit box, but only if

such safe deposit box records are searchable electronically.

If the search parameters differ from those mentioned above (for example, if FinCEN

requests longer periods of time or limits the search to a geographic location), the Credit

Union will limit or expand the search accordingly.



If the Credit Union searches its records and does not uncover a matching account or

transaction, then the Credit Union will not reply to the Request.

Credit Union searches are performed through the Verafin system. Alerts will be

generated for any potential matches. Questionable or positive alerts are reviewed by

the Officer, or designee. The alert status shall be updated to reflect whether the hit was

a true hit or a false positive.

If the Credit Union finds a true match, the match will be reported electronically to

FinCEN.

Confidentiality

The Credit Union shall not disclose the fact that FinCEN has requested or obtained

information from the Credit Union, except to the extent necessary to comply with the

Request. The Credit Union will maintain procedures to protect the security and

confidentiality of the requests. The Credit Union will direct questions it has about the

request to the requesting Federal law enforcement agency as designated in the request.

Unless otherwise stated in the request, the Credit Union will not be required to treat the

request as continuing in nature, and it will not be required to treat the request as a list

for purposes of the MIP or verification requirements. The Credit Union will not use

information provided to FinCEN for any purpose other than:

To report to FinCEN as required under Section 314 of the Act;

To determine whether to establish or maintain an account or engage in

transaction; or

To assist the Credit Union in complying with any requirement of Section 314.

Voluntary Information Sharing – Section 314(b)

The Credit Union has filed Notice with FinCEN that it will participate in voluntary

information sharing with other registered financial institutions concerning those

suspected of terrorist financing and money laundering. The Notice allows a financial

institution or an association of financial institutions to share information with other

financial institutions or associations of financial institutions regarding individuals,

entities, organizations, and countries for purposes of detecting, identifying, or reporting

activities that the financial institution or association suspects may involve possible

money laundering or terrorist activities. Section 314(b) of the USA PATRIOT Act



provides financial institutions with the ability to share information with one another,

under a safe harbor that offers protections from liability, in order to better identify and

report potential money laundering or terrorist activities.

Procedures

The Credit Union will take reasonable steps to verify that a requesting financial

institution has submitted the requisite Notice to FinCEN prior to sharing information;

either by obtaining confirmation from the financial institution, or by consulting a list of

such financial institutions that FinCEN makes available.

Confidentiality

The Credit Union will employ procedures both to ensure that only relevant information is

shared and to protect the security and confidentiality of this information, including

segregating it from the Credit Union's other books and records.

Annual Notice

It is the responsibility of the Officer, or designee, to complete the Notice annually. Only

the compliance team or legal department may share any such information. The Credit

Union will ensure that any changes, updates or deletions of current 314(b) notifications

are submitted to FinCEN via e-mail at [email protected].

Suspicious Activity

As a result of shared information, if the Credit Union knows, suspects, or has reason to

suspect an individual, entity or organization is involved in, or may be involved in terrorist

activity or money laundering, the compliance team will file a Suspicious Activity Report

(SAR) in accordance with this Program.

PURCHASE AND SALE OF MONETARY INSTRUMENTS RECORDKEEPING

The Credit Union shall maintain record of the issuance of any monetary instrument

(cashier’s check or money order) in an amount between $3,000 and $10,000. Multiple

purchases by the same member during one business day will be treated as one

purchase. Additionally, contemporaneous purchases of the same or different types of

instruments totaling $3,000 or more shall be treated as one purchase.



The Credit Union will maintain records of the issuance or sale of these instruments to

any individual purchaser, including:

Name of purchaser;

Date of purchase;

Type of instrument purchased;

Serial number of each of the instruments purchased;

Dollar amounts of each of the instruments purchased in currency; and

Specific identifying information, if applicable.

The Credit Union shall only sell monetary instruments to current members.

FUNDS TRANSFER RECORDKEEPING

The Credit Union has procedures with respect to transfers of funds of $3,000 or more.

The following procedures will be followed pursuant to BSA regulations and other

applicable laws. The following procedures do not apply to the following transmittals of

funds: (1) Transmittals where the transmitter and recipient are any of the following: (a) a

bank; (b) a wholly-owned domestic subsidiary of a bank chartered in the United States;

(c) a broker or dealer in securities; (d) a wholly-owned domestic subsidiary of a broker

or dealer in securities; (e) the United States; (f) a state or local government; or (g) a

federal, state or local government agency or instrumentality; and (2) Transmittals where

both the transmitter and the recipient are the same person and the transmitter’s

financial institution and the recipient’s financial institution are the same.

Originating Institution Responsibilities

Wire transfers of $3,000 or more must include in the transmittal at the time it is sent to

the receiving institution:

Name and address of the originator.

Amount of the payment order.

Date of the payment order.

Any payment instructions.

Identity of the beneficiary’s institution.

As many of the following items as are received with the payment order:

o Name and address of the beneficiary.

o Account number of the beneficiary.



o Any other specific identifier of the beneficiary.

The Credit Union does not provide funds transfer services for non-members.

Travel Rule Requirement

Wire transfers of $3,000 the transmittor’s institution must include in the transmittal at the

time it is sent to the receiving institution:

Name of the transmittor and, if the payment is ordered from an account, the

account number of the transmittor.

Address of the transmittor.

Amount of the transmittal order.

Date of the transmittal order.

Identity of the recipient’s financial institution.

As many of the following items as are received with the transmittal order:

o Name and address of the recipient.

o Account number of the recipient.

o Any other specific identifier of the recipient.

Intermediary Institution Responsibilities

The Credit Union does not act as an intermediary institution for funds transfers.

Beneficiary Institution Responsibilities

The Credit Union shall retain a record of each payment order of $3,000 or more for all

transfers where the Credit Union is the beneficiary institution.

Retrieve Ability

Originators - Information retained shall be retrievable by reference to the name of the

originator. Where the originator is an established member and has an account used for

funds transfers, information shall also be retrievable by the account number.

Beneficiaries - Information retained shall be retrievable by reference to the name of the

beneficiary. Where the beneficiary is an established member and has an account used

for funds transfers, information shall also be retrievable by the account number.



INTERNATIONAL ACH TRANSACTIONS

International payments made via the ACH network are identified as International ACH

Transactions (IAT). An IAT is an ACH transaction for which:

At least one processing financial institution or third-party is domiciled in the U.S.

or otherwise under U.S. jurisdiction, and at least one party to the transaction is

outside U.S. jurisdiction; or

Most or all parties to the transaction are outside the U.S., but at least one

processing financial institution is subject to U.S. jurisdiction.

All IATs shall be screened against the OFAC list prior to posting to an account.

Appropriate action shall be taken, in accordance with the Credit Union’s OFAC policies

and procedures, if any matches against the list are noted.

FOREIGN CORRESPONDENT ACCOUNTS AND FOREIGN SHELL BANKS

Section 312 of the USA PATRIOT Act requires U.S. financial institutions to perform due

diligence and, in some cases, enhanced due diligence, with regard to correspondent

accounts established or maintained for foreign financial institutions and private banking

accounts established or maintained for non-U.S. persons.

The Credit Union does not establish or maintain accounts for Foreign Correspondent

Accounts or Foreign Shell Banks.

PRIVATE BANKING ACCOUNTS

The Credit Union currently does not establish accounts that qualify as Private Banking

Accounts. If at some point in the future the Credit Union contemplates establishing

such an account, the Credit Union will, prior to the opening of such an account,

establish procedures for the enhanced scrutiny and special due diligence over the

account.

SPECIAL MEASURES

The USA PATRIOT Act authorizes the Secretary of the Treasury to require domestic

financial institutions to take special measures against certain foreign jurisdictions,

foreign financial institutions, classes of international transactions, or types of accounts

of primary money laundering concern.



The Credit Union will comply with the requirements presented from the Secretary of the

Treasury in regards to special measures. Since the type of special measure may

change, the Credit Union will adhere to instructions given for each special measure

individually.

FOREIGN BANK AND FINANCIAL ACCOUNTS REPORTS (FBAR)

The Credit Union does not currently have a financial interest in, or signature or other

authority over any financial accounts of more than $10,000 in a foreign country. In the

event the Credit Union shall have such a financial interest or authority and is required by

law to file with Treasury, it will file the FBAR form as required by applicable law.

INTERNATIONAL TRANSPORTATION OF CURRENCY OR MONETARY

INSTRUMENTS REPORTS (CMIRS)

CMIRs are required to be filed by each person who physically transports, mails, or

ships, or causes to be physically transported, mailed, or shipped currency or other

monetary instruments in an aggregate amount exceeding $10,000 at one time from the

United States to any place outside the United States or into the United States from any

place outside the United States; and each person who receives in the United States

currency or other monetary instruments in an aggregate amount exceeding $10,000 at

one time which have been transported, mailed, or shipped to the person from any place

outside the United States.

The Credit Union does not transport, mail or ship monetary instruments that require

filing of CMIR.

RECORDKEEPING

Records are maintained by the Credit Union in order to provide an audit trail for law

enforcement officials investigating potential money laundering schemes, and to

document the Credit Union's compliance with all applicable legal and regulatory

requirements relating to money laundering.

Required Records

The following records must be retained on file by paper storage, backup of core system,

or electronically:



1. A record of each extension of credit in an amount in excess of $10,000, except

an extension of credit secured by an interest in real property, which record shall

contain the name and address of the person to whom the extension of credit is

made, the amount, nature or purpose, and the date thereof;

2. A record of each advice, request, or instruction received or given regarding a

transaction resulting or intended to result in the transfer of currency or other

monetary instruments, funds, checks, investment securities, or credit, in excess

of $10,000 to or from any person, account, or place outside the U.S.;

3. Each document granting signature authority over each deposit, including any

notations (if such are normally made) of specific identifying information which

verifies the identity of the signer (such as a driver license number or credit card

number);

4. Each statement, ledger card or other record on each deposit, showing each

transaction in, or with respect to, that account;

5. Each item in excess of $100 (other than Institution charges or periodic charges

made pursuant to agreement with the member) comprising a debit to a member’s

deposit not required to be kept, and not specifically exempted under 31 CFR

103.34(b)(3);

6. Each item, including checks, drafts, or transfers of credit, in excess of $10,000

remitted or transferred to a person, account or place outside the U.S.;

7. A record (letter of transmittal, cash letter, or application for a draft or transfer,

etc.) of each remittance or transfer of funds, or of currency, other monetary

instruments, checks, investment securities, or credit, in excess of $10,000 to a

person, account or place outside the U.S.;

8. A record (letter of transmittal, cash letter, etc.) of each receipt of currency, other

monetary instruments, investment securities or checks, and of each transfer of

funds or credit, in excess of $10,000 received on any one occasion directly (and

not through a domestic financial institution) from a financial institution, broker or

dealer in foreign exchange outside the U.S.;

9. Records prepared or received by a financial institution in the ordinary course of

business which would be needed to reconstruct a demand deposit account and

trace a check in excess of $100 deposited in such account through its domestic

processing system or to supply a description of a deposited check in excess of

$100;



10. A record containing the name, address, and taxpayer identification number, if

available, of the purchaser of each certificate of deposit, as well as a description

of the instrument, a notation of the method of payment, and the date of the

transaction;

11. A record containing the name, address and taxpayer identification number, if

available, of any person presenting a certificate of deposit for payment, as well

as a description of the instrument and the date of the transaction; and

12. Each deposit slip or credit ticket reflecting a transaction in excess of $100 or the

equivalent record for direct deposit or other wire transfer deposit transactions

(each slip or ticket should record the amount of any currency involved).

Record Retention

The above records must be maintained, in a readily accessible location, for a period of

five years from the event they document, or such other period as may be required by

law.

OFFICE OF FOREIGN ASSETS CONTROL

OFAC administers and enforces economic and trade sanctions based on U.S. foreign

policy and national security goals against targeted foreign countries, terrorists,

international narcotics traffickers, and those engaged in activities related to the

proliferation of weapons of mass destruction. OFAC imposes controls on transactions

and can freeze foreign assets under U.S. jurisdiction.

The Credit Union shall comply with Federal laws, regulations, and orders regarding

doing business with, maintaining accounts for, or handling transactions or monetary

transfers for foreign countries or foreign nationals listed on the OFAC list of Specially

Designated Nationals (SDN) or Consolidated Sanctions List.

The Credit Union will not open an account for, handle a transaction or monetary transfer

for, or do business with any person, or other entity on the OFAC lists of SDN’s and

Consolidated Sanctions List or Blocked Entities. If it is found that the Credit Union has

such an account or a member of Credit Union is included on the list, all accounts of

such member shall be blocked and held in accordance with the instructions from the US

Treasury Department.



OFAC Program

All new members, wire transactions, and international ACH transactions will be run

against the OFAC Specially Designated Nationals (“SDN”) list and all other known US

Government lists prior to establishing a relationship or sending/receiving a transaction.

All members are scanned on a nightly basis via the Verafin application. Members are

screened against the SDN list, in addition to other watch lists that have been selected

within the Verafin system (e.g., the Consolidated Sanctions List).

Alerts of any potential matches will generate for review by the Officer, or designee.

Alerts will be reviewed to determine whether the alert is a true match or a false positive.

If a true match is detected, the account will be blocked if required by OFAC. If a false

positive is detected the record will be annotated and closed.

Blocked/Prohibited Transactions

The Credit Union will block transactions and/or freeze assets that:

Are by or on behalf of a blocked individual or entity,

Are to or through a blocked entity, or

Are in connection with a transaction in which a blocked individual or entity has an

interest.

The definition of asset is broad and is specifically defined within each sanction program.

Assets and property includes anything of direct, indirect, present, future, or contingent

value (including all types of transactions). In certain cases, an underlying transaction

may be prohibited, but there is no "blockable" interest in the transaction (i.e., the

transaction should not be accepted, but there is no OFAC requirement to block the

assets). In these situations, the transaction is rejected (not processed).

OFAC Licenses

OFAC has the authority, through a licensing process, to permit certain transactions that

would otherwise be prohibited under regulation. The Credit Union is not aware of any

members possessing OFAC licenses to enable prohibited transactions. If applicable,

the Credit Union will maintain copies of member’s OFAC license.



OFAC Reporting

In the case of interdictions related to narcotics trafficking or terrorism, the Credit Union

will notify OFAC as soon as possible by phone or e-hotline about the potential hit, along

with providing a follow up letter within ten (10) days.

Any blocked transactions must be reported to the Officer, or designee. The Officer, or

designee, is responsible for filing an initial report of blocked property with OFAC within

10 business days from the date the property became blocked or held. Annually, by

September 30, the compliance team will file with OFAC a report on all blocked property

held as of June 30 that year.

OFAC Disputes

If the Credit Union is ever involved in litigation, arbitration, or other binding alternative

dispute resolution proceedings in the United States on behalf of or against persons

whose property, or interest in property, is blocked or whose funds are required to be

retained under the OFAC regulations (or when the outcome of any proceeding may

affect blocked property or retained funds), the Officer, or designee, shall:

Provide notice of the commencement of such proceedings to OFAC;

Submit copies of all pleadings, motions, memoranda, exhibits, stipulations,

correspondence, and proposed orders or judgments (including any proposed

final judgment or default judgment) submitted to the court or other adjudicatory

body, and all orders, decisions, opinions, or memoranda issued by the court, to

OFAC's Chief Counsel within 10 days of filing, submission or issuance; and

Notify OFAC's Chief Counsel by telefacsimile (202-622-1911) of the scheduling

of any hearings, conferences, or other court proceedings which may be

dispositive of the merits of the case or of any claim raised in the proceedings.

Independent Testing

An in-depth audit of the Credit Union’s OFAC program shall be conducted no less than

annually by an independent firm. The audit is to include an objective, comprehensive

evaluation of OFAC policies, procedures and processes.



Responsible Individual

The Officer is responsible for the day to day compliance of the Program. This includes,

but is not limited to, the reporting of blocked or rejected transactions, the oversight of

blocked funds, and ensuring watch lists are kept current.

If the Officer position should become vacant, the Chief Operating Officer shall be

responsible for oversight and compliance of this Program.

Risk Assessment

The Credit Union will conduct an OFAC risk assessment on an annual, or more

frequent, basis to assess the various risk factors associated with its members, products

and services, and geographical areas served. Based on the results of the OFAC risk

assessment, the Credit Union will enhance its processes and procedures to address

OFAC risks presented to the organization.

Record Retention

The above records must be maintained, in a readily accessible location, for a period of

five years from the event they document, or such other period as may be required by

law.

BSA, AML, and OFAC TRAINING PROGRAM

Applicability

The Officer shall ensure that annual training is provided to all Credit Union employees

and the Board of Directors. The Officer shall ensure that all employees receive training

appropriate to their position and responsibilities. Any employee violation of these

requirements shall be treated with the same seriousness accorded to any violation of

security, and it shall be grounds for disciplinary action including dismissal. The Officer

is responsible for carrying out the direction of the Board of Directors and ensuring that

employees adhere to the Credit Union’s BSA, AML, and OFAC policies, procedures,

and processes.

Content

The BSA, AML, and OFAC training program shall include awareness instruction for all

personnel. New employees must complete BSA, AML, and OFAC training when they

join Resource One Credit Union. An established level of proficiency is required of all



personnel. The ongoing education and training program shall consist of the following

components:

1. Program Awareness - A copy of this Program shall be made available to all

employees and officers.

2. Ongoing Education - The training program shall include the following:

a. General awareness of overall BSA, AML and OFAC requirements;

b. How to identify "red flags" for possible signs of illicit activity that could

arise during the course of employee duties;

c. What to do when a risk is identified;

d. What the employee’s role is in the Credit Union’s compliance efforts; and

e. Disciplinary consequences, including civil and criminal penalties for non-

compliance.

3. Additional Specialized Training - The Credit Union may provide or require

additional specialized training for employees whose duties may require a more

detailed understanding of the laws and regulations.

INDEPENDENT TESTING

An independent test of the Program will be performed annually, by an external auditor.

It is the responsibility of the Officer to ensure the independent test is conducted and

includes at a minimum the following:

1. Evaluation of the overall integrity and effectiveness of the Program, including

policies, procedures, and processes;

2. Review of the Credit Union’s risk assessment for reasonableness, given the

Credit Union’s risk profile (products, services, and geographic locations);

3. Appropriate transaction testing to verify the Credit Union’s adherence to

recordkeeping and reporting requirements (e.g., MIP, SARs, CTRs and CTR

exemptions, and information sharing requests);

4. Evaluation of management’s efforts to resolve violations and deficiencies noted

in previous audits and regulatory examinations, including progress in addressing

outstanding supervisory actions, if applicable;

5. Review of staff training for adequacy, accuracy, and completeness;

6. Review of the effectiveness of the suspicious activity monitoring systems

(manual, automated, or a combination) used for Program compliance; and



7. Review of the effectiveness of the suspicious activity referral, investigation and

reporting process.

Upon completion of the audit, the Auditor shall prepare a written report documenting the

results of the audit, including any deficiencies and recommendations for enhanced

compliance with the Program. If deficiencies or recommendations are identified, each

of the resulting deficiencies or recommendations will be addressed by the Officer and

senior management. A record of the audit will be maintained for five years from the

date of the completion of the audit.

CONFIDENTIAL REPORTING OF BSA, AML, and OFAC NON-COMPLIANCE

Employees should report any alleged violations of the Credit Union's AML compliance

program to the Officer.



Appendix A

BSA/OFAC/AML COMPLIANCE OFFICER

The Compliance Manager serves as the Credit Union’s Bank Secrecy Act (BSA), Office

of Foreign Asset Control (OFAC) and Anti-Money Laundering (AML) Compliance Officer

and may be contacted as follows:

Name: Brett Carpenter

Title: Compliance Manager

Address: 7518 Ferguson Road Dallas, TX 75228

Telephone Number: (214)319-3158

Fax Number: (214)292-0739

Email: [email protected]

In the absence of a Compliance Manager, the Chief Operating Officer will serve in this

role and may be contacted as follows:

Name: Doug Bedner

Title: Chief Operating Officer

Address: 1200 Belleview Street Dallas, TX 75215

Telephone Number: (214)565-5394

Fax Number: (214)292-0725

Email: [email protected]



Appendix B

POTENTIAL HIGH RISK INDIVIDUALS AND ENTITIES

Non-Resident Aliens (NRAs)

Foreign individuals maintaining relationships with U.S. institutions can be divided into

two categories: resident aliens and non-resident aliens (“NRA”). Though NRAs are not

permanent residents, they may have a legitimate need to establish an account

relationship with a U.S. financial institution. Financial institutions may find it more

difficult to verify and authenticate an NRA accountholder’s identification, source of

funds, and source of wealth, which may result in risk.

Politically Exposed Persons (PEPs)

Individuals and entities identified as PEPs, also known as Senior Foreign Political

Figures, are considered a higher risk to the Credit Union. Generally, the Credit Union

does not open or maintain PEP accounts; however, if any such accounts are detected

or established, the Credit Union shall implement enhanced monitoring procedures to

monitor PEP account activity.

Embassy and Foreign Consulate Accounts

Embassies contain the offices of the foreign ambassador, the diplomatic representative,

and their staff. Foreign consulate offices act as Branches of the embassy, and foreign

ambassadors’ diplomatic representatives, their families, and their associates may be

considered politically exposed persons (PEPs) in certain circumstances.

Non-Bank Financial Institutions

NBFIs are broadly defined as institutions that offer financial services. The USA

PATRIOT Act has defined a variety of entities as financial institutions in including

casinos and card clubs, securities and commodities firms (e.g., brokers/dealers,

investment advisers, mutual funds, hedge funds, or commodity traders), money services

businesses (“MSB”) (e.g., certain check cashers; currency dealers or exchangers,

issuers, sellers, or redeemers of traveler’s checks, money orders, or stored value cards;

money transmitters, and other financial institutions (e.g., dealers in precious metals,

stones, or jewels, pawnbrokers; loan or finance companies).

Professional Service Provider (PSP)



A professional service provider acts as an intermediary between its client and the Credit

Union. Professional service providers include lawyers, accountants, investment

brokers, and other third parties that act as financial liaisons for their clients.

Non-Governmental Organizations and Charities

Non-Governmental Organizations (NGOs) are private nonprofit organizations that

pursue activities intended to provide basic social services, promote the interests of the

poor, or undertake community development to serve the needs of citizens,

organizations, or groups in one or more of the communities that the NGO operates. An

NGO is any nonprofit organization that is independent from government. NGOs can

range from large regional, national, or international charities to community-based self-

help groups. NGOs also include research institutes, churches, professional

associations, and lobby groups. NGOs typically depend, in whole or in part, on

charitable donations and voluntary service for support.

Since NGOs can be used to obtain funds for charitable organizations, the flow of funds

both into and out of the NGO can be complex, making them susceptible to abuse by

money launderers and terrorists. Consequently, law enforcement has increased their

scrutiny of NGOs.

Business Entities (Domestic and Foreign)

The term “corporate entities” refers to a variety of company formations that may be used

for many purposes. Corporate entities are relatively easy to establish. Individuals,

partnerships, and existing corporations establish corporate entities for legitimate

reasons, but the entities may be abused for money laundering and terrorist financing.

Private Investment Companies (PICs)

PICs are separate legal entities. PICs offer confidentiality of ownership, hold assets

centrally, and may provide intermediaries between private banking members and the

potential beneficiaries of the PICs. A PIC may also be an investment of a trust account.

PICs are incorporated frequently in countries that impose low or no taxes on company

assets and operations, or that are bank secrecy havens.

Money laundering and terrorist financing risks arise because business entities can hide

the true owner of assets or property derived from or associated with criminal activity.



The privacy and confidentiality surrounding some business entities may be exploited by

criminals, money launderers, and terrorists.

Third Party Payment Processors

Non-bank or third-party payment processors are entities that provide payment-

processing services to merchants and other business entities. Processors may now

service a variety of merchant accounts, including conventional retail and Internet-based

establishments, prepaid travel, and Internet gaming enterprises. Processors generally

are not subject to BSA or AML regulatory requirements and, as result, some may be

vulnerable to money laundering, identity theft, and fraud schemes.

Cash Intensive Businesses

Cash-intensive businesses and entities cover various industry sectors. Most of these

businesses are conducting legitimate business; however, some may be misused by

money launderers to legitimize their illicit proceeds. The nature of cash-intensive

businesses and the difficulty in identifying unusual activity may cause these businesses

to be considered high risk.

Money Service Businesses (MSBs)

MSBs are businesses that engage in one or more of the following capacities: as an

issuer, seller, or redeemer of money orders or traveler’s checks; as a provider of check

cashing services; as a currency dealer or exchanger; and conduct more than $1,000 in

the money service business activity with the same person on the same day. In addition,

all businesses that provide money transfer services in any amount are considered an

MSB and are required to register as such.

High Risk Business Entity List

The Regulatory agencies have identified a list of high-risk entities, based on certain

kinds of businesses, transactions, or geographic locations that may lend themselves

more readily than others to criminal activity. Below is the list of entities that, due to their

nature or financial activity, are classified as high-risk for money laundering by the

federal banking regulators:

Accountants

Amusement Parks

Foreign Money Exchange

Sales and Exchange of Money Orders



Attorneys

Auctions

Auto Clubs

Beauty Salons

Bingo

Card Clubs

Casinos

Cigarette Distributors

Convenience Stores

Charter Transportation

Check Cashers

Cruise Lines

Discotheques

Doctors

Embassies

Flower Importers

Foreign Banks

Gas Stations

Hotels/Motels

Investment Banks

Investment Advisors

Leather Importers

Liquor Stores

Money Exchanges

Money Services Businesses

Off-Track Betting Agency

Parking Garages

Pawn Shops

Privately owned-ATMs

Ranchers

Real Estate Brokers

Real Estate Companies

Sales and Exchange Of Traveler’s Checks

Sales or Purchase Of Motor Vehicles

Scrap Metal Dealers

Stock Brokers

Telegraph Companies

Title Study Companies

Ticket Brokers

Travel Agents

Unions

Vending Machines

Video Sales/Rental Company

Wire Transfer Business



Appendix C

SUSPICIOUS ACTIVITY RED FLAGS

The following are examples of potentially suspicious activities, or “red flags” for money

laundering and terrorist financing. These are not all-inclusive lists.

Potentially Suspicious Activity That May Indicate Money Laundering

The following examples are potentially suspicious activity that may indicate money

laundering:

Members Who Provide Insufficient or Suspicious Information

A member uses unusual or suspicious identification documents that cannot be

readily verified.

A member provides an individual tax identification number after having previously

used a Social Security number.

A member uses different tax identification numbers with variations of his or her

name.

A business is reluctant, when establishing a new account, to provide complete

information about the nature and purpose of its business, anticipated account

activity, prior banking relationships, the names of its officers and directors, or

information on its business location.

A member’s home or business telephone is disconnected.

The member’s background differs from that which would be expected on the

basis of his or her business activities.

A member makes frequent or large transactions and has no record of past or

present employment experience.

A member is a trust, Shell Company, or Private Investment Company that is

reluctant to provide information on controlling parties and underlying

beneficiaries. Beneficial owners may hire nominee incorporation services to

establish shell companies and open bank accounts for those shell companies

while shielding the owner’s identity.



Efforts to Avoid Reporting or Recordkeeping Requirement

A member or group tries to persuade a Credit Union employee not to file required

reports or maintain required records.

A member is reluctant to provide information needed to file a mandatory report,

to have the report filed, or to proceed with a transaction after being informed that

the report must be filed.

A member is reluctant to furnish identification when purchasing negotiable

instruments in recordable amounts.

A business or member asks to be exempted from reporting or recordkeeping

requirements.

A person customarily uses the automated teller machine to make several

deposits below a specified threshold.

A member deposits funds into several accounts, usually in amounts of less than

$3,000, which are subsequently consolidated into a master account and

transferred outside of the country, particularly to or through a location of specific

concern (e.g., countries designated by national authorities and Financial Action

Task Force on Money Laundering (FATF) as non-cooperative countries and

territories).

A member accesses a safe deposit box after completing a transaction involving a

large withdrawal of currency, or accesses a safe deposit box before making

currency deposits structured at or just under $10,000, to evade CTR filing

requirements.

Funds Transfers

Many funds transfers are sent in large, round dollar, hundred dollar, or thousand

dollar amounts.

Funds transfer activity occurs to or from a financial secrecy haven, or to or from a

higher-risk geographic location without an apparent business reason or when the

activity is inconsistent with the member’s business or history.



Many small, incoming transfers of funds are received, or deposits are made

using checks and money orders. Almost immediately, all or most of the transfers

or deposits are wired to another city or country in a manner inconsistent with the

member’s business or history.

Large, incoming funds transfers are received on behalf of a foreign client, with

little or no explicit reason.

Funds transfer activity is unexplained, repetitive, or shows unusual patterns.

Payments or receipts with no apparent links to legitimate contracts, goods, or

services are received.

Funds transfers are sent or received from the same person to or from different

accounts.

Funds transfers contain limited content and lack related party information.

Automated Clearing House Transactions

Large-value, automated clearing house (ACH) transactions are frequently

initiated through third-party service providers (TPSP) by originators that are not

Credit Union members and for which the Credit Union has no or insufficient due

diligence.

TPSPs have a history of violating ACH network rules or generating illegal

transactions, or processing manipulated or fraudulent transactions on behalf of

their members.

Multiple layers of TPSPs that appear to be unnecessarily involved in

transactions.

Unusually high level of transactions initiated over the Internet or by telephone.

NACHA — The Electronic Payments Association (NACHA) information requests

indicate potential concerns with the Credit Union’s usage of the ACH system.

Activity Inconsistent with the Member’s Business



The currency transaction patterns of a business show a sudden change

inconsistent with normal activities.

A large volume of cashier’s checks, money orders, or funds transfers is

deposited into, or purchased through, an account when the nature of the

accountholder’s business would not appear to justify such activity.

A retail business has dramatically different patterns of currency deposits from

similar businesses in the same general location.

Unusual transfers of funds occur among related accounts or among accounts

that involve the same or related principals.

The owner of both a retail business and a check-cashing service does not ask for

currency when depositing checks, possibly indicating the availability of another

source of currency.

Goods or services purchased by the business do not match the member’s stated

line of business.

Payments for goods or services are made by checks, money orders, or Credit

Union drafts not drawn from the account of the entity that made the purchase.

Lending Activity

Loans secured by pledged assets held by third parties unrelated to the borrower.

Loan secured by deposits or other readily marketable assets, such as securities,

particularly when owned by apparently unrelated third parties.

Borrower defaults on a cash-secured loan or any loan that is secured by assets

which are readily convertible into currency.

Loans are made for, or are paid on behalf of, a third party with no reasonable

explanation.

To secure a loan, the member purchases a certificate of deposit using an

unknown source of funds, particularly when funds are provided via currency or

multiple monetary instruments.



Loans that lack a legitimate business purpose, provide the Credit Union with

significant fees for assuming little or no risk, or tend to obscure the movement of

funds (e.g., loans made to a borrower and immediately sold to an entity related to

the borrower).

Changes in Bank-to-Bank Transactions

The size and frequency of currency deposits increases rapidly with no

corresponding increase in non-currency deposits.

A Credit Union is unable to track the true accountholder of correspondent or

concentration account transactions.

The turnover in large-denomination bills is significant and appears

uncharacteristic, given the Credit Union’s location.

Changes in currency-shipment patterns between correspondent banks are

significant.

Cross-Border Financial Institution Transactions

U.S. financial institution increases sales or exchanges of large denomination U.S.

bank notes to Mexican financial institution(s).

Large volumes of small denomination U.S. banknotes being sent from Mexican

casas de cambio to their U.S. accounts via armored transport or sold directly to

U.S. financial institutions. These sales or exchanges may involve jurisdictions

outside of Mexico.

Casas de cambio direct the remittance of funds via multiple funds transfers to

jurisdictions outside of Mexico that bear no apparent business relationship with

the casas de cambio. Funds transfer recipients may include individuals,

businesses, and other entities in free trade zones.

Casas de cambio deposit numerous third-party items, including sequentially

numbered monetary instruments, to their accounts at U.S. financial institutions.

Casas de cambio direct the remittance of funds transfers from their accounts at

Mexican financial institutions to accounts at U.S. financial institutions. These



funds transfers follow the deposit of currency and third-party items by the casas

de cambio into their Mexican financial institution.

Bulk Currency Shipments

An increase in the sale of large denomination U.S. bank notes to foreign financial

institutions by U.S. financial institutions.

Large volumes of small denomination U.S. bank notes being sent from foreign

nonbank financial institutions to their accounts in the United States via armored

transport, or sold directly to U.S. financial institutions.

Multiple wire transfers initiated by foreign nonbank financial institutions that direct

U.S. financial institutions to remit funds to other jurisdictions that bear no

apparent business relationship with that foreign nonbank financial institution.

Recipients may include individuals, businesses, and other entities in free trade

zones and other locations.

The exchange of small denomination U.S. bank notes for large denomination

U.S. bank notes that may be sent to foreign countries.

Deposits by foreign nonbank financial institutions to their accounts at U.S.

financial institutions that include third-party items, including sequentially

numbered monetary instruments.

Deposits of currency and third-party items by foreign nonbank financial

institutions to their accounts at foreign financial institutions and thereafter direct

wire transfers to the foreign nonbank financial institution’s accounts at U.S.

financial institutions.

Trade Finance

Items shipped that are inconsistent with the nature of the member’s business

(e.g., a steel company that starts dealing in paper products, or an information

technology company that starts dealing in bulk pharmaceuticals).

Members conducting business in higher-risk jurisdictions.

Members shipping items through higher-risk jurisdictions, including transit

through non-cooperative countries.



Members involved in potentially higher-risk activities, including activities that may

be subject to export/import restrictions (e.g., equipment for military or police

organizations of foreign governments, weapons, ammunition, chemical mixtures,

classified defense articles, sensitive technical data, nuclear materials, precious

gems, or certain natural resources such as metals, ore, and crude oil).

Obvious overpricing or underpricing of goods and services.

Obvious misrepresentation of quantity or type of goods imported or exported.

Transaction structure appears unnecessarily complex and designed to obscure

the true nature of the transaction.

Member requests payment of proceeds to an unrelated third party.

Shipment locations or description of goods not consistent with letter of credit.

Significantly amended letters of credit without reasonable justification or changes

to the beneficiary or location of payment. Any changes in the names of parties

should prompt additional OFAC review.

Privately Owned Automated Teller Machines and Automated Transmitter Money

Automated teller machine (ATM) activity levels are high in comparison with other

privately owned or financial institution-owned ATMs in comparable geographic

and demographic locations.

A bitcoin ATM is an electronic telecommunications device (an ATM) that allows a

person to exchange bitcoins and cash without the need for a human to facilitate

the transaction.

Sources of currency for the ATM cannot be identified or confirmed through

withdrawals from account, armored car contracts, lending arrangements, or other

appropriate documentation.

Insurance

A member purchases products with termination features without concern for the

product’s investment performance.



A member purchases insurance products using a single, large premium payment,

particularly when payment is made through unusual methods such as currency or

currency equivalents.

A member purchases a product that appears outside the member’s normal range

of financial wealth or estate planning needs.

A member borrows against the cash surrender value of permanent life insurance

policies, particularly when payments are made to apparently unrelated third

parties.

Policies are purchased that allow for the transfer of beneficial ownership interests

without the knowledge and consent of the insurance issuer. This would include

secondhand endowment and bearer insurance policies.

A member is known to purchase several insurance products and uses the

proceeds from an early policy surrender to purchase other financial assets.

A member uses multiple currency equivalents (e.g., cashier’s checks and money

orders) from different financial institutions and money services businesses to

make insurance policy or annuity payments.

Shell Company Activity

A financial institution is unable to obtain sufficient information or information is

unavailable to positively identify originators or beneficiaries of accounts or other

activity (using Internet, commercial database searches, or direct inquiries to a

respondent institution).

Payments to or from the company have no stated purpose, do not reference

goods or services, or identify only a contract or invoice number.

Goods or services, if identified, do not match profile of company provided by

respondent institution or character of the financial activity; a company references

remarkably dissimilar goods and services in related funds transfers; explanation

given by foreign respondent institution is inconsistent with observed funds

transfer activity.



Transacting businesses share the same address, provide only a registered

agent’s address, or have other address inconsistencies.

Unusually large number and variety of beneficiaries are receiving funds transfers

from one company.

Frequent involvement of multiple jurisdictions or beneficiaries located in higher-

risk offshore financial centers.

A foreign correspondent institution exceeds the expected volume in its client

profile for funds transfers, or an individual company exhibits a high volume and

pattern of funds transfers that is inconsistent with its normal business activity.

Multiple high-value payments or transfers between shell companies with no

apparent legitimate business purpose.

Purpose of the shell company is unknown or unclear.

Embassy and Foreign Consulate Accounts

Official embassy business is conducted through personal accounts.

Account activity is not consistent with the purpose of the account, such as pouch

activity or payable upon proper identification transactions.

Accounts are funded through substantial currency transactions.

Accounts directly fund personal expenses of foreign nationals without appropriate

controls, including, but not limited to, expenses for college students.

Employees

Employee exhibits a lavish lifestyle that cannot be supported by his or her salary.

Employee fails to conform to recognized policies, procedures, and processes,

particularly in private banking.

Employee is reluctant to take a vacation.

Other Unusual or Suspicious Member Activity



Member frequently exchanges small-dollar denominations for large-dollar

denominations.

Member frequently deposits currency wrapped in currency straps or currency

wrapped in rubber bands that is disorganized and does not balance when

counted.

Member purchases a number of cashier’s checks, money orders, or traveler’s

checks for large amounts under a specified threshold.

Member purchases a number of open-end prepaid cards for large amounts.

Purchases of prepaid cards are not commensurate with normal business

activities.

Member receives large and frequent deposits from online payments systems yet

has no apparent online or auction business.

Monetary instruments deposited by mail are numbered sequentially or have

unusual symbols or stamps on them.

Suspicious movements of funds occur from one institution to another, and then

funds are moved back to the first institution.

Deposits are structured through multiple branches of the same institution or by

groups of people who enter a single branch at the same time.

Currency is deposited or withdrawn in amounts just below identification or

reporting thresholds.

Member visits a safe deposit box or uses a safe custody account on an unusually

frequent basis.

Safe deposit boxes or safe custody accounts opened by individuals who do not

reside or work in the institution’s service area, despite the availability of such

services at an institution closer to them.

Member repeatedly uses an institution or branch location that is geographically

distant from the member’s home or office without sufficient business purpose.



Member exhibits unusual traffic patterns in the safe deposit box area or unusual

use of safe custody accounts. For example, several individuals arrive together,

enter frequently, or carry bags or other containers that could conceal large

amounts of currency, monetary instruments, or small valuable items.

Member rents multiple safe deposit boxes to store large amounts of currency,

monetary instruments, or high-value assets awaiting conversion to currency, for

placement into the banking system. Similarly, a member establishes multiple safe

custody accounts to park large amounts of securities awaiting sale and

conversion into currency, monetary instruments, outgoing funds transfers, or a

combination thereof, for placement into the banking system.

Unusual use of trust funds in business transactions or other financial activity.

Member uses a personal account for business purposes.

Member has established multiple accounts in various corporate or individual

names that lack sufficient business purpose for the account complexities or

appear to be an effort to hide the beneficial ownership from the institution.

Member makes multiple and frequent currency deposits to various accounts that

are purportedly unrelated.

Member conducts large deposits and withdrawals during a short time period after

opening and then subsequently closes the account or the account becomes

dormant. Conversely, an account with little activity may suddenly experience

large deposit and withdrawal activity.

Member makes high-value transactions not commensurate with the member’s

known incomes.

Potentially Suspicious Activity That May Indicate Elder Abuse

The following examples are potentially suspicious activity that may indicate elder

(member ages 62 or older) abuse:

Unusual activity in an elder’s accounts, including large, frequent or unexplained

withdrawals.

ATM withdrawals by an elder that has never used an ATM or debit card.



ATM withdrawals at random locations and/or times of day.

Changing their account from a basic account to an account that is more

complicated that offers more services the elder does not fully understand.

Withdrawals from accounts or transfers between accounts the member cannot

explain.

New “friends” accompanying the elder to the institution.

Sudden nonsufficient fund activity or unpaid bills.

Closing of CD’s or accounts without regard to penalties.

Uncharacteristic attempts to wire large sums of money.

Suspicious signatures on checks or forgery.

Confusion, fear or lack of awareness.

Refusal to make eye contact, shame or reluctance to talk.

Checks issued as a “loan” or “gift”.

Statements that no longer go to the member’s home.

New powers of attorneys that the elder does not understand.

Altered wills or trusts.

Loss of property.

Potentially Suspicious Activity That May Indicate Terrorist Financing

The following examples are potentially suspicious activity that may indicate terrorist

financing:

Activity Inconsistent with the Member’s Business

Funds are generated by a business owned by persons of the same origin or by a

business that involves persons of the same origin from higher-risk countries (e.g.,



countries designated by national authorities and FATF as non-cooperative

countries and territories).

The stated occupation of the member is not commensurate with the type or level

of activity.

Persons involved in currency transactions share an address or phone number,

particularly when the address is also a business location or does not seem to

correspond to the stated occupation (e.g., student, unemployed, or self-

employed).

Regarding nonprofit or charitable organizations, financial transactions occur for

which there appears to be no logical economic purpose or in which there appears

to be no link between the stated activity of the organization and the other parties

in the transaction.

A safe deposit box opened on behalf of a commercial entity when the business

activity of the member is unknown or such activity does not appear to justify the

use of a safe deposit box.

Funds Transfers

A large number of incoming or outgoing funds transfers take place through a

business account, and there appears to be no logical business or other economic

purpose for the transfers, particularly when this activity involves higher-risk

locations.

Funds transfers are ordered in small amounts in an apparent effort to avoid

triggering identification or reporting requirements.

Funds transfers do not include information on the originator, or the person on

whose behalf the transaction is conducted, when the inclusion of such

information would be expected.

Multiple personal and business accounts or the accounts of nonprofit

organizations or charities are used to collect and funnel funds to a small number

of foreign beneficiaries.



Foreign exchange transactions are performed on behalf of a member by a third

party, followed by funds transfers to locations having no apparent business

connection with the member or to higher-risk countries.

Other Transactions That Appear Unusual or Suspicious

Transactions involving foreign currency exchanges are followed within a short

time by funds transfers to higher-risk locations.

Multiple accounts are used to collect and funnel funds to a small number of

foreign beneficiaries, both persons and businesses, particularly in higher-risk

locations.

A member obtains a credit instrument or engages in commercial financial

transactions involving the movement of funds to or from higher-risk locations

when there appear to be no logical business reasons for dealing with those

locations.

Institutions from higher-risk locations open accounts.

Funds are sent or received via international transfers from or to higher-risk

locations.

Insurance policy loans or policy surrender values that are subject to a substantial

surrender charge.

Red Flags for Human Trafficking include:

A business member does not exhibit normal payroll expenditures (e.g.,

wages, payroll taxes, social security contributions); possibly non-existent.

To the extent a financial institution is able to observe, a member with a

business may deduct large amounts from the wages of its employees alleging

extensive charges (e.g., housing and food costs), where the employees only

receive a small fraction of their wages either before or after the payment of

wages.

Consider in tandem with other indicators when determining whether

transactions are linked to human trafficking through transactional activity

(credits and/or debits) inconsistent with a member's alleged employment,



business or expected activity, or where transactions lack a business or

apparent lawful purpose or when cash deposits or wire transfers are kept

below $3,000 or $10,000 in apparent efforts to avoid record keeping

requirements or the filing of Currency Transaction Reports (CTRs),

respectively.

Frequent outbound wire transfers, with no business or apparent lawful

purpose, directed to countries at higher risk for human trafficking or to

countries that are inconsistent with the member's expected activity.

A member's account appears to function as a funnel account, where cash

deposits occur in cities/states where the member does not reside or conduct

business; funds are often quickly withdrawn (same day) after the deposits are

made.

Transactions conducted by individuals, escorted by a third party (e.g., under

the pretext of requiring an interpreter), to transfer funds (that may seem to be

their salaries) to other countries.

Frequent payments to online escort services for advertising, including small

posting fees to companies of online classified ads as well as more expensive,

higher-end advertising and website hosting companies.

Frequent transactions, inconsistent with expected activity and/or line of

business, carried out by a business member in apparent efforts to provide

sustenance to individuals (e.g., payment for housing, lodging, regular vehicle

rentals, purchases of large amounts of food) or payments to employment or

student recruitment agencies that are not licensed/registered or that have

labor violations.

Red Flags for Human Smuggling include:

Multiple wire transfers, generally kept below the $3,000 reporting threshold, sent

from various locations across the United States to a common beneficiary located

in a U.S. or Mexican city along the southwest border.



Multiple wire transfers conducted at different branches of a financial institution to

or from U.S. or Mexican cities along the Southwest Border on the same day or on

consecutive days.

Money flows that do not fit common remittance patterns:

o Wire transfers that originate from countries with high migrant populations

are directed to beneficiaries located in a U.S. or Mexican city along the

southwest border; or

o Beneficiaries receiving wire transfers from countries with high migrant

populations who are not nationals of those countries.

Unusual currency deposits into U.S. financial institutions, followed by wire

transfers to countries with high migrant populations in a manner that is

inconsistent with expected member activity.

Multiple, apparently unrelated, members sending wire transfers to the same

beneficiary, who may be located in a U.S. or Mexican city along the Southwest

Border.

A member's account appears to function as a funnel account, where cash

deposits (often kept below the $10,000 reporting threshold) occur in cities/states

where the member does not reside or conduct business.

Frequent exchange of small-denomination for larger denomination bills by a

member who is not in a cash intensive industry.

Inflows are largely received in cash where substantial cash receipts are

inconsistent with the member's line of business; extensive use of cash to

purchase assets and to conduct transactions.



Appendix D

BUSINESS ACCOUNT QUESTIONNAIRE

Circle One: New Existing

Full Legal Name: ___________________________________________________________

Trade Names or DBAs: ___________________________________________________________

Physical Address: ___________________________________________________________

Mailing Address: ___________________________________________________________

NAICS Code: ___________________________________________________________

Purpose of Account: ___________________________________________________________

Nature of Business: ___________________________________________________________

Ownership Type:

❒Corporation ❒Partnership ❒ Limited Liability Company

❒Sole Proprietorship ❒Non-Profit Organization ❒ Association or Club

Principals or Owners (including Beneficial Owners) - please attach additional pages if necessary.

% of Ownership Individual’s Name Title/Responsibility

How long have you or the beneficial owners controlled/owned the business? ___ Years ___ Months

List each of your owned business locations below (attach additional pages if needed)

________________________________________________________________________________

__________________________________________________________________________________

1. Expected Annual Revenue:___________________________________

2. Expected Annual Expenses: __________________________________

3. Internet Gambling



Does your company have any games or financial activities on its website? ❒ Yes ❒ No

Do you provide services to companies who provide internet gambling? ❒ Yes ❒ No

If legal in your state, provide licensing. Otherwise, by signing below you are certifying that the

company is not engaged in unlawful internet gambling.

4. Money Services Businesses

Does your company cash checks over $1,000? ❒ Yes ❒ No

Does your company issue cashier’s checks or money orders over $1,000? ❒ Yes ❒ No

Does your company exchange currency over $1,000? ❒ Yes ❒ No

Does your company transmit currency or virtual currency in any dollar amount? ❒ Yes ❒ No

Does your company provide or sell prepaid cards over $1,000? ❒ Yes ❒ No

If YES to any question in #4, please STOP here. We are not currently opening accounts for

Money Services Businesses.

5. Marijuana-Related Businesses

Are you a producer, processor, or retailer of marijuana? ❒ Yes ❒ No

Is this business a marijuana-related business? ❒ Yes ❒ No

(Examples: Insurance Company, Landlord, Security System Provider, etc. for a marijuana-related

business.)

If YES to any question in #5, please STOP here. We are not currently opening accounts for

Marijuana-Related Businesses.

6. Privately Held ATMs

Do you have any ATMs at any of your business locations? ❒ Yes ❒ No

If yes, provide the physical location of each ATM (attach additional pages if needed)

1. ____________________________________________________

2. ____________________________________________________

3. ____________________________________________________

Activity for each ATM ATM #1 ATM #2 ATM #3

1. Monthly number of withdrawals

2. Monthly cash withdrawal amount

3. Average withdrawal amount

4. Source of cash replenishment (from normal business, vendor, etc.)



7. Non-Profit Organizations

What is the purpose of your non-profit organization? ___________________________________

__________________________________________________________________________

Where do your donations come from? _______________________________________________

What types of banking services do you expect to use at Resource One on a monthly basis?

Please notate anticipated volumes below.

Expected Services

Number Average Amount

❒ Currency deposits or withdrawals, other than for funding ATMs __________ __________

❒ Withdrawal of cash to fund ATMs __________ __________

❒ Check deposits __________ __________

❒ Currency Exchange __________ __________

❒ Domestic wire services __________ __________

❒ International wire services __________ __________

❒ Domestic ACH transactions __________ __________

❒ International ACH transactions __________ __________

❒ Internet banking services __________ __________

❒ Remote Deposit Capture services __________ __________

❒ Purchase of official checks, travelers checks, stored value cards __________ __________

Printed Name Title

Signature Date



Historical Record of Policy Changes

Date Revised: March 2014 Date Ratified: March 2014 Currency Transaction Reports (CTRs) (Pages 6-9): This section was rewritten to reflect regulatory changes. Monitoring Government Lists – OFAC Listing (pages 30 & 31): This section was revised to add “Foreign Sanctions Evaders (FSE)” to the lists provided by the Office of Foreign Control. International ACH Transactions (page 37): This section is also included in the Products and Services Policy and was deleted to eliminate redundancy.

Date Revised: April 2015 Date Ratified: April 2015

The policy was completely rewritten and expanded to reflect regulatory updates.

Date Revised: July 2015

Date Ratified: July 2015

Money Service Businesses Inserted the Money Service Businesses section on page 23 in response to 2014 exam.

Date Revised: June 2016

Date Ratified: June 2016

The section pertaining to Voluntary Information Sharing – Section 314(b) was modified

so that financial institutions may share information with one another, under a safe

harbor that offers protections from liability. Additionally, any changes to the annual

notice will be submitted to FinCEN via email (page 25).

Appendix A was updated to name Mack Richie as the Compliance Officer for the credit

union.



Date Revised: May 2017

Date Ratified: May 2017

Suspicious Activity Reporting

Section 5 (page 14) – Added intrusion attempts as a reason to file a Suspicious Activity Report (SAR).

Office of foreign assets control (OFAC)

The following changes appear on page 36:

Responsible Individual Section – Updated title of backup OFAC officer.

Record Retention Section – Included in the Bank Secrecy Section, text was added to clarify record retention as it relates to OFAC.

BSA, AML, and OFAC Training Program

Applicability Section (page 36) – The Board has been included in annual compliance training but this was not stated in this policy.

Appendix A

Applicability Section (page 39) – The change was required due to the recent resignation of the Compliance Manager. Additionally, the officer’s scope included overseeing Bank Secrecy, Office of Foreign Asset Control and Anti-Money Laundering. The heading was changed to reflect those duties.

Date Revised: January 2018

Date Ratified: January 2018

Appendix A was updated to name Brett Carpenter as the Compliance Officer for the

credit union and name Doug Bedner as the backup.

2200. bank secrecy act (bsa), anti-money laundering …...it is the policy of resource one credit...

Documents