The document outlines key components for establishing a compliant bank secrecy act (BSA) and anti-money laundering (AML) system, emphasizing internal controls, risk assessment, and employee training. It details the responsibilities of the compliance officer and the processes for customer due diligence (CDD), reporting suspicious activities, and ongoing compliance management. Additionally, it provides guidelines for the Cayman Islands’ AML/CFT regulations and highlights necessary procedures for customer identification and transaction monitoring.

1. BSA / AML – US (Pages 1-6)
AML / CTF – Cayman Islands (Pages 7-15)
Detection, DataValidation, Risk Assessment

2. BSA / AML –Building a Compliant System
▪ System of Internal Controls
▪ IndependentTesting
▪ Training staff
▪ Designation of individual responsible
for BSA / AML compliance
▪ Line of Communication – regularly
reports to Board or Board Committee
and Senior Management, carries out
directives of Board re BSA/AML
Board
CEO
General
Counsel
Compliance
Officer
CFO

3. RECOMMENDED - INTERNAL CONTROLS
▪ Identify the Risk Areas - types of services or products including deposit accounts, checking, investment accounts; geographic locations;
type of transactions
▪ Inform and Notify Management - compliance initiatives, deficiencies, corrective actions, SARs
▪ Appoint a Compliance Officer – person responsible for BSA/AML compliance
▪ Provide for Continuity – change in control contingencies, staffing
▪ Recordkeeping and reporting – ensure compliance with all reporting and recordkeeping, timely update when change in regulation
▪ Implement Risk Based customer due diligence (CDD)(KYC) policies, procedures and processes
▪ Identify and file all reportable transactions (SARs, CTRs, CTR exemptions) – centralize review and report filing functions
▪ Provide for dual controls and segregation of duties – decision maker to file is separate from reporting/filing party
▪ Provide controls and systems for filing CTRs and CTR exemptions
▪ Provide controls and monitoring systems for timely detection and reporting of suspicious activities
▪ Adequate supervision of employees (i) handling currency transactions, (ii) completing reports, (iii) granting exemptions, (iv) monitoring
suspicious activities, etc.
▪ Incorporate BSA/AML compliance into job descriptions and performance evaluations of employees, as appropriate
▪ Train and re-train periodically for awareness of regulations and internal policies and procedures.

4. RECOMMENDED - INDEPENDENT TESTING:
▪ Evaluate adequacy and effectiveness of BSA/AML compliance program, policies, procedures by (1) statement as to effectiveness and
compliance with regulations, (2) inclusion of sufficient information which is basis for this conclusion
▪ Review of financial institution’s risk assessment – reasonable based upon risk profile of products, services, customers, entities,
geographic locations?
▪ Risk Based Transaction Testing – verify financial institution’s recordkeeping and reporting (CIP, SARs, CTRs, CTR exemptions, information
sharing requests)
▪ Evaluation of Management’s actions – resolving violations and deficiencies reported / noted in prior audits, exams, progress of
outstanding supervisory actions
▪ Review of StaffTraining – adequacy, accuracy, completeness
▪ Review of effectiveness of suspicious activity monitoring systems – manual, automated, combination by reviewing SARs, large currency
aggregation reports, monetary instrument reports, funds transfer records, NSF reports, large balance fluctuation reports, account
relationship reports
▪ Assessment of overall process for identifying and reporting suspicious activity – review of filed or prepared SARs – accuracy, timeliness,
completeness, effectiveness of financial institution’s policies
▪ Assessment of integrity and accuracy of management information system (MIS) used in BSA/AML compliance program – reports used
to identify large currency transactions, aggregate daily currency transactions, funds transfer transactions, monetary instrument sales
transactions, analytical and trend reports

5. RECOMMENDED - COMPLIANCE OFFICER:
▪ Key Qualities – expertise, authority, resources and time to perform the role
▪ Responsible for
– Coordinating and monitoring day-to-day compliance.
– Managing all aspects of the compliance program
▪ Board of Directors are responsible for ensuring the Compliance Officer has sufficient
authority and resources (monetary, physical and personnel) to administer the
compliance program effectively based upon the financial institution’s risk profile.
▪ Fully knowledgeable of BSA and related regulations
▪ Understand financial institution’s products, services, customers, entities and
geographic locations as well as the risks associated with those

6. RECOMMENDED – TRAINING, TRAINING & MORE TRAINING:
▪ Train regularly
- Regulatory requirements
– Internal policies, procedures and processes
▪ Train staff whose specific duties involve BSA risk
– Tailor training to specific duties and responsibilities, applicable line of business or operational unit (e.g.
trust services, international transactions, private banking)
– Cross train and re-train if assigned to new position or new hire
▪ Periodic, Ongoing and Up-to-date
– Staff: train and re-train if assigned new duties, new products or services, change in regulations or
guidance, new identified risks
– Management: keep informed, advise on changes and new developments in BSA/AML, implementation of
regulations, directives and guidance from regulatory agencies, ramifications of violations and risk for non-
compliance, approve new and or review periodically the policies, procedures, and processes
▪ Document training
– who attended
– materials presented
– Dates
– tests administered & results

7. Money Laundering Regulations / Proceeds of
Crime Law (MLR/POCL) - Caymans
▪ Relevant Financial Businesses Subject to MLR/POCL
▪ Schedule 2 Activities within definition of Relevant Financial Business
▪ Guidance for compliance with regulations relating to anti-money laundering and
counter-terrorism financing (AML/CTF)
– Identification KnowYour Customer (KYC)
– Monitoring
– Internal Reporting of SuspiciousActivities
– Compliance Management
– Record Keeping
Customer
Information
Account
approved
Transaction
Monitoring

8. Entities Subject to Regulations
▪ Relevant Financial Businesses
– Banking or trust business carried on by a person who is a licensee under the
Banks andTrust Companies Law
– Building Societies licensed under the Buildings Societies Law
– Co-operatives licensed under the Cooperative Societies Law
– Insurance businesses, including insurance managers, agents, sub-agents or
brokers within meaning of the Insurance Law
– Mutual Fund Administrator or mutual fund regulated under Mutual Funds Law
– Company Management as defined in Companies Management Law
– List of Activities under Schedule 2

9. Schedule 2 List of Activities by Businesses
subjecting them to AML/CTF regulations (1 of 2)
▪ Acceptance of deposits and other repayable funds from the public.
▪ Lending.
▪ Financial leasing.
▪ Money transmission services.
▪ Issuing and administering means of payment (e.g. credit cards, travellers’ cheques and
bankers’ drafts).
▪ Guarantees and commitments.
▪ Trading for own account or for account of customers in: (a) money market instruments
(cheques, bills,CDs, etc.); (b) foreign exchange; (c) financial futures and options; (d)
exchange and interest rate instruments; (e) transferable securities.
▪ Participation in securities issues and the provision of services related to such issues.
▪ Advice to undertakings on capital structure, industrial strategy and related questions
and advice and services relating to mergers and the purchase of undertakings.
▪ Money broking.

10. Schedule 2 List of Activities by Businesses
subjecting them to AML/CTF regulations (2 of 2)
▪ Portfolio management and advice.
▪ Safekeeping and administration of securities.
▪ Safe custody services.
▪ Financial, estate agency and legal services provided in the course of business relating to the sale,
purchase or mortgage of land or interests in land on behalf of clients or customers.
▪ The services of listing agents and broker members of the Cayman Islands Stock Exchange as
defined in the CSX Listing Rules and the Cayman Islands Stock Exchange Membership Rules
respectively.
▪ The conduct of Securities Investment Business.
▪ Dealing in precious metals or precious stones, when engaging in a cash transaction of fifteen
thousand dollars or more.
▪ The provision of registered office services to a private trust company by a company that holds a
Trust license under section 6(5)(c) of the Banks andTrust Companies Law (2009 Revision).

11. Know Your Customer (KYC)
▪ Individuals
– Name, address, date and place of birth, nationality, occupation, purpose of account,
estimated level of turnover for account (deposits and debits), source of funds
– Documentation of customer identification – passport, armed forces ID card, Cayman
Islands employer ID card (photo and signature), provisional or driver’s license (photo
and signature)
– Documentation of name and address – reference from respected professional
(lawyer, doctor, accountant), check register of electors, credit reference agency
search, telephone directory, utility bill, personally visit home
▪ Corporations
– Certificate of incorporation, details of registered office, place of business
– Explanation of nature of business, reason for account, expected turnover, source of
funds, financial statements
– Identify of owners (10% or more interest in business), directors, controller and
“beneficial owner(s)”
– Resolution of Authority to enter into transaction

12. On-Going Monitoring of Relationship
▪ “One-off transaction" means any transaction other than a transaction carried on in the
course of an established business relationship formed by a person acting in the course
of relevant financial business
▪ “Exempted one-off transaction" means a one-off transaction (whether a single
transaction or a series of linked transactions) where the amount of the transaction or
the aggregate of a series of linked transactions is less than CI$15,000 or the equivalent
in any other case.
▪ Develop and apply written policies and procedures for taking reasonable measures to
ensure documents, data and information collected during KYC process are up-to-date
▪ Monitor for changes in
– Transaction type
– Frequency
– Amount
– Geographical origin/destination
– Account signatories

13. Internal Reporting for Suspicious Activities
▪ Appointment of Money Laundering Reporting Officer (MLRO)
– All staff should report all suspicious activities to MLRO (even if business,
customer was declined)
– MLRO
▪ investigates the reported activity and
– (1) submit report to Reporting Authority or
– (2) document and keep records of why it was not substantiated suspicious activity and
therefore not reported;
▪ establish and maintain a register of ML referrals made to MLRO by staff

14. Compliance Management System
▪ Appoint Compliance Officer (may be the MLRO)
– Sufficient skills and experience
– Reports directly to the Board
– Sufficient seniority and authority so Board acts and reacts to CO’s recommendations
– Regular reporting and contact with Board
– Sufficient resources (time, staff)
– Unfettered access to all business lines, departments and information necessary to
appropriately perform the function
 Develop policies, procedures and processes
 Training of Staff
 Audit of Compliance Management System
Board
Compliance
Officer / MLRO

15. Record Keeping
▪ Maintain for at least 5 years all records on transactions
– Sufficient information to allow the reconstruction of the transaction, evidence
for prosecution
– Records of Identification Data obtained for 5 years after relationship has ended
– Reports of SuspiciousActivities – retain until confirmation matter has been
concluded
– Verification of Identity
– Records relating to transactions
– Training records
– Register of all enquiries made by ReportingAuthority