GROUP POLICY TO COMBAT MONEY LAUNDERING AND TERRORIST FINANCING. Anti-Money Laundering Policy

Transcription

1 PAG. 1 DI 37 GROUP POLICY TO COMBAT MONEY LAUNDERING AND TERRORIST FINANCING Anti-Money Laundering Policy MACROPROCESS PROCESS TITLE DATE OF UPDATE PROTOCOL NO. 6 INTERNAL AND DEVELOPMENT PROCESSES 6.02 INTERNAL CONTROL SYSTEM GROUP POLICY TO COMBAT MONEY LAUNDERING AND TERRORIST FINANCING OCTOBER Established with Circular No. 8664/S dated 3 October 2013

2 PAG. 2 DI 37 Contents Foreword Duties and responsibilities of the Corporate Bodies and the Control Body Parent Bank s Board of Directors Parent Bank s Top Management Parent Bank s Board of Statutory Auditors Group companies Supervisory Bodies under Legislative Decree 231/ Subsidiaries Top Bodies The anti-money laundering oversight structure First level controls Control and Organisational Support Staff Second level controls The Anti-Money Laundering Function Head of suspicious activity reporting Third level controls The Internal Audit Function Distribution network oversight Training Operating procedures in money laundering and terrorist financing risk management Customer due diligence Recording of relations and transactions and data preservation Suspicious activity reporting Limits on the use of cash and bearer securities Attachment 1 AML & CTF Policy of BPV Finance Plc Attachment 2 AML Program and Policy of the BPVI Representative Office New York Head Office... 26

3 PAG. 3 DI 37 Foreword Money laundering and terrorist financing are criminal phenomena that pose a serious threat to the legal economy and can have destabilising effects especially on the banking and financial system. If on one hand the globalisation of financial activity and the rapid development of information technologies provide new operating opportunities and growth prospects for the economy, on the other hand they give rise to increased risks of the phenomena of financial crime and therefore to the need for every bank to adopt measures to avoid being involved, even inadvertently, in transactions associated with the laundering of illicit capital and terrorist financing. The Banca Popolare di Vicenza Group responds in a responsible way to the complexities and dangers of these phenomena, by adopting a corporate policy that is consistent with the rules and principles laid down by national and Community legislative provisions and complies with international anti-money laundering and anti-terrorism standards. This Policy defines the responsibilities, duties and operating procedures involved in the management, at Group level, of the risk of money laundering and terrorist financing. The document has been drawn up by the Group Anti-Money Laundering Function and submitted to the approval of the Parent Bank s Board of Directors and is constantly updated by the Anti-Money Laundering Function. The Anti-Money Laundering Policy is published on the websites and on the corporate intranet of Group Companies. 1. Duties and responsibilities of the Corporate Bodies and the Control Body 1.1. Parent Bank s Board of Directors The Parent Bank s Board of Directors is responsible for the overall supervision of the money laundering and terrorist financing risk management system for the entire Banca Popolare di Vicenza Group. The Parent Bank s Board of Directors carries out the following non-delegable duties: - Identifies and periodically examines the strategic guidelines and risk government policies relating to money laundering and terrorist financing. - Continuously ensures that the duties and responsibilities involved in combating money laundering and terrorist financing are allocated in a clear and appropriate manner, guaranteeing that the operating functions are separate from the control functions and that these functions are provided with resources that are adequate in qualitative and quantitative terms.

4 PAG. 4 DI 37 - Ensures that an adequate, complete and timely system of information flows to and within the corporate bodies is set up. Protection of the confidentiality of those who participate in the suspicious activity reporting procedure must be ensured. - Draws up a comprehensive and coordinated internal control system, which allows prompt detection and management of the money laundering risk and ensures its effectiveness over time. - At least once a year, examines the reports on the activity performed by the head of anti-money laundering and the controls carried out by the competent functions. - Ensures that the shortcomings and irregularities found at the end of the various level controls are promptly brought to the attention of the competent bodies and functions. The Parent Bank s Board of Directors also: - Appoints and revokes, upon the General Manager s proposal, subject to assessment by the Control Committee and after having consulted the Board of Statutory Auditors, the Head of the Group Anti-Money Laundering Function, informing the Subsidiaries Bodies 1. - Appoints, upon proposal of the Head of the Group Anti-Money Laundering Function in agreement with the General Manager, after having consulted the Board of Statutory Auditors, the Anti-Money Laundering Function Contact Persons at the Subsidiaries, informing the Subsidiaries Bodies Parent Bank s Top Management The Parent Bank s General Manager ensures effective management of the money laundering risk. For this purpose he: - Implements and updates the internal procedures and the responsibilities of the corporate structures and functions in order to avoid inadvertent involvement in money laundering and terrorist financing activities. - Ensures that the operating procedures and information systems allow correct identification of the customers details, acquisition and constant update of all the information required to examine their economic/financial profile and identification of the commercial reasons underlying the relations established and the transactions performed: - Sets up procedures for fulfilling the obligations regarding preservation of documents and recording of information in the Single IT Archive. - Defines, with regard to suspicious activity reporting, a procedure that can guarantee certainty of reference, standard conduct, generalised application to the entire structure, adopting measures designed to ensure the strictest confidentiality with regard to the identity of persons 1Boards of Directors (or Sole Director), Boards of Statutory Auditors, General Managers and, if existing, Control Committees, Supervisory Bodies under Legislative Decree 231/01 and Managing Directors of the subsidiary companies concerned.

5 PAG. 5 DI 37 who participate in the suspicious activity reporting procedure, as well as tools, including IT tools, for detecting abnormal transactions. - Defines the initiatives and procedures for ensuring timely fulfilment of the reporting obligations to the authorities established by money laundering and terrorist financing laws. - Defines the information flows designed to ensure that all the corporate structures involved and the bodies entrusted with control duties pursuant to Article 52 of Legislative Decree 231/2007 are aware of the risk factors. - Approves training and development programmes for subordinate employees and collaborators on the obligations arising from anti-money laundering and terrorist financing regulations, guaranteeing that training activity is continuous and systematic. - Adopts suitable tools to ensure the activity performed by employees and collaborators is constantly checked in order to detect any abnormalities that emerge especially in conduct, in the quality of communications addressed to contact persons and to corporate structures and in relations held by said employees or collaborators with customers. - In cases of operating activity carried out via telephone or electronic channels, ensures the adoption of specific computer procedures for compliance with anti-money laundering laws, with particular regard to automatic identification of abnormal transactions. 1.3 Parent Bank s Board of Statutory Auditors The Board of Statutory Auditors monitors compliance with the law and completeness, functionality and adequacy of the anti-money laundering controls. For this purpose it: - Closely assesses the suitability of the existing procedures for customer due diligence, registration and preservation of information and for suspicious activity reporting. - Encourages action to investigate the reasons behind the shortcomings, abnormalities and irregularities found and promotes the adoption of appropriate corrective measures. The Board of Statutory Auditors is consulted on decisions concerning the appointment of the Head of the Anti-Money Laundering Function and the Function s Contact Persons at the Subsidiaries and the definition of the overall structure of the money laundering and terrorist financing risk management and control system. The Board of Statutory Auditors immediately informs the Supervisory Authorities pursuant to Article 52, paragraphs 1 and 2, letter a), of Legislative Decree 231/2007 of all the events or actions of which it becomes aware that could constitute breach of the provisions for implementation of the Decree. Furthermore, pursuant to Article 52, paragraph 2, letter d), within thirty days, it informs the sector Supervisory Authorities 2 of infringements of the provisions contained in Article 36 of which it is aware. 2The report may be made jointly with other corporate bodies and functions.

6 PAG. 6 DI Group companies Supervisory Bodies under Legislative Decree 231/2001 Each Supervisory Body under Legislative Decree 231/2001 set up at the Group Companies ensures compliance, to the extent required in order to guarantee the functioning and observance of the organisational models for preventing the offences referred to in Article 25 octies of Legislative Decree 231/2001, with the rules set forth in Legislative Decree 231/07 on the matter of preventing the use of the financial system for the purpose of laundering the proceeds of criminal activities and financing terrorism, if necessary submitting the disclosures required by Article 52, paragraph 2), of the aforesaid Decree 2. The Body receives information flows from the corporate functions and has unlimited access to all the information of relevance for the purpose of fulfilling its duties Subsidiaries Top Bodies The strategic decisions at Group level on managing the money laundering and terrorist financing risk are taken by the Parent Bank s Corporate Bodies. The Corporate Bodies of the Group Subsidiaries must be aware of the decisions taken by the Parent Bank s Top Bodies and are responsible, each acting within their powers, for implementation in their own corporate context of the strategies and policies for managing the risk of money laundering and international terrorist financing. In this regard the Parent Bank involves, as it deems most appropriate, the Subsidiaries Corporate Bodies in decisions made on the matter of policies and procedures for managing the risk in question. 2. The anti-money laundering oversight structure The Banca Popolare di Vicenza has adopted an organisational structure, operating procedures and information systems that are capable of guaranteeing compliance with the laws and regulations for preventing and combating money laundering and terrorist financing. In view of the Group s current size, on the basis of the powers assigned by the Supervisory Provisions and of the logics of proportionality they establish, the controls set up by the Parent Bank are structured on three levels: - First level controls (or line controls) - Second level controls (risk management controls) - Third level controls (internal audit activity) First level controls Line controls are essentially operating controls designed to ensure that operations are correctly performed.

7 PAG. 7 DI 37 Line controls are carried out: By the production structures themselves (e.g. controls of a hierarchical nature) As part of back office activity. The Group has also adopted appropriate control safeguards incorporated in the procedures and in the computer systems used by the network and by the central structures. These safeguards consist in automatic messages of an informative or freezing nature used in order to fulfil the obligations set forth in Legislative Decree 231/2007. A considerable part of the control activities is carried out directly by the employees performing the operations and while they are being performed as they are considered an integral part of the operating processes Control and Organisational Support Staff The Control and Organisational Support Staff (COSS) carry out line controls designed to certify, for Group banks, the correct application of the legislative/operating provisions in force, by conducting periodic sample checks. The results of the checks performed are brought to the attention of the Area Manager, who is responsible for monitoring the Staff and for corrective actions to eliminate any problem areas found in the branches. 2.2 Second level controls Controls on risk management, entrusted to different structures from the production structures, aim to contribute to defining the methods for measuring/assessing the risk of money laundering and terrorist financing and to continuously check the effectiveness of procedures, structures and systems, in preventing and combating the breach of applicable external and internal regulations The Anti-Money Laundering Function The Parent Bank Banca Popolare di Vicenza set up the Group Anti-Money Laundering Function as an oversight body entrusted with continually preventing and combating the performance of money laundering and terrorist financing transactions for all Group Companies. The Function, which is independent and has resources that are qualitatively and quantitatively adequate for the duties to be performed, reports directly to the Top Bodies and has access to all the corporate activities and to any information of relevance for the performance of its duties. For the Subsidiaries which have centralised the Anti-Money Laundering Function under the Parent Bank, a Contact Person is appointed, who reports to the Head of the Function and whose duties are to: - Assist and perform on-site support functions for the Head of Function.

8 PAG. 8 DI 37 - Ensure support to the Subsidiary s Top Management in guaranteeing effective management of the money laundering and terrorist financing risks, in accordance with the instructions provided by the Head of the Group Anti-Money Laundering Function. The Function continuously checks that the corporate procedures adopted by the Group Companies are consistent with the objective of preventing and combating breach of external and internal regulations concerning money laundering and terrorist financing. Furthermore, the Function carries out the specific duties expressly assigned to it by legislation in force as well as the duties requiring the possession of high specialist expertise in the matter of application of anti-money laundering laws. Therefore, in accordance with the timeframes and procedures specified in the Group Anti-Money Laundering Function Regulations, the Anti-Money Laundering Function: - Continuously identifies the applicable rules and measures/assesses their impact on corporate processes and procedures. - Contributes to identification of the system of internal controls and procedures designed to prevent and combat the risks of money laundering and terrorist financing. - Checks suitability of the system of internal controls and procedures adopted and proposes any organisational and procedural amendments required or appropriate to ensure adequate risk oversight. - Provides advice and assistance to the Corporate Bodies and Top Management (in the case of offer of new products and services, the Function carries out the prior assessments within its authority). - Checks the reliability of the information system that provides the data for the corporate Single IT Archive. - Every month transmits the aggregate data on the recordings made in the Single IT Archive to the Financial Intelligence Unit (FIU). - Working with the other corporate functions responsible for training, draws up an appropriate training programme designed to provide subordinate employees and collaborators with continuous updates. - Prepares information flows addressed to the Corporate Bodies and Top Management. The Anti-Money Laundering Function is directly responsible for the enhanced control activities in the cases indicated in the Group Anti-Money Laundering Function Regulations and, if this duty is assigned to the operating structures, it checks the adequacy of the process conducted by the line structures, submitting both the process and the results to close examination. The Function pays specific attention to the adequacy of the internal systems and procedures concerning the customer due diligence and registration obligations and of the systems for detecting,

9 PAG. 9 DI 37 assessing and reporting suspicious activities, to the effective detection of other situations which must be reported and to the appropriate filing of the documentation and records required by regulations. For these assessments the Function carries out checks and monitoring activity on a sample basis, in accordance with the procedures and timeframes indicated in the Group Anti-Money Laundering Function Regulations. The Function submits to the Board of Directors, the Board of Statutory Auditors and the Control Bodies: - The annual plan of activities (once a year) - A report on action taken, on inefficiencies observed and on related corrective measures to be taken and on personnel training activity (once a quarter for banks and twice a year for the other companies at which it is set up). With regard to cross-border operating activity implemented by the Group through the companies and representative offices established abroad 3, the oversight provided by the Anti-Money Laundering Function consists in checking the specific obligations required by the laws of the host country and checking that the procedures in place are in line with Group standards and can ensure that information is shared at consolidated level. In the case of companies with head offices in Italy and for which the setting up of an Anti-Money Laundering Function is not required, the oversight specifically concerns the procedures for preventing the offences envisaged by Articles 25-quater and 25-octies of Legislative Decree 231/2001 and the activities that have been outsourced by other Group Companies to the extent that these activities may affect performance of the anti-money laundering obligations by the principal companies Head of suspicious activity reporting Pursuant to Article 42, paragraph 4, of Legislative Decree 231/2007, the Head of the Group Anti- Money Laundering Function, on behalf of the legal representative of each Group Company subject to the obligation set forth in Article 41 of the aforesaid Decree, assesses the suspicious activity reports received and transmits those believed to be founded to the Financial Intelligence Unit (FIU). With regard to suspicious activity reports received from other structures (network or central), the Head communicates, using the procedures indicated in the Anti-Money Laundering Function Regulations, the outcome of its assessments to the head of the structure from which the report originated. Given the particular significance that the dispatch of a report can have in the oversight of money laundering and terrorist financing risks, the Head may disclose the names of the customers that have been reported to the heads of other operating structures identified on the basis of his prudent evaluation. 2.3 Third level controls The internal audit activity (third level controls) is designed to continuously check the degree of adequacy of the corporate organisational structure and its compliance with the reference laws and to monitor the functionality of the entire internal control system. 3Attached: AML & CTF Policy of BPV Finance Plc and AML Compliance Program and Policy of the BPVI representative office New York Head Office

10 PAG. 10 DI The Internal Audit Function The internal audit activity is carried out continuously, periodically or by exception, by the Group Internal Audit Function including through on-site inspections. The Internal Audit Function checks: - Constant compliance with the due diligence obligation, both when establishing the relationship and during its development over time. - Effective acquisition and orderly preservation of the data and documents required by regulations. - Correct functioning of the Single IT Archive (AUI). - Effective degree of involvement of subordinate employees and collaborators and of heads of the central structures in implementing active collaboration. The auditing and inspection activities are planned in such a way as to guarantee that each operating structure is subject to inspection within a reasonable period of time and that these activities are more frequent in structures most exposed to the risks of money laundering and terrorist financing. The Function periodically checks alignment between the various sector procedures and those for providing data for the Single IT Archive. The results of the inspection and auditing activities are disclosed to the inspected structures for the necessary remediation activities. The Function submits full reports on the activity performed and on the related results to the Corporate Bodies. 2.4 Distribution network oversight The Banca Popolare di Vicenza Group not only refers, in collaboration contracts entered into with agents, promoters and external persons, to the rules of conduct for anti-money laundering purposes that they must observe when performing activity on behalf of Group intermediaries, but also provides its sales network staff with operating tools and procedures, including computer tools and procedures, that can assist them in executing each transaction and the related anti-money laundering obligations. 2.5 Training The Banca Popolare di Vicenza Group implements personnel training and development programmes that take into account changes in legislation and the procedures provided for fulfilling the obligations required by anti-money laundering laws.

11 PAG. 11 DI 37 The final objective is to spread within Group companies a culture of compliance and observance of the laws on preventing and combating money laundering and terrorist financing, ensuring that personnel are aware of the corporate obligations and liabilities that may arise from failure to comply. Training programmes are addressed to all personnel and specific attention is paid to employees and collaborators who have more direct contact with customers. Specific training programmes are provided for personnel belonging to the Anti-Money Laundering Function. Personnel training activity is carried out on a continuous and systematic basis and is part of comprehensive programmes. Each year a report is submitted to the General Manager, to be presented to the Parent Bank s Board of Directors, on the training and development activity on the matter of anti-money laundering laws. 3. Operating procedures in money laundering and terrorist financing risk management Efforts to prevent and combat money laundering and terrorist financing play a strategic role in the efforts to repress criminal phenomena and are based on three fundamental institutions: - Appropriate due diligence on customers with which relations are established or transactions are executed (customer due diligence). - Recording of relations and transactions and preservation of the appropriate supporting documents. - Suspicious activity reporting Customer due diligence Customer knowledge plays a key role in the current regulatory framework and is essential to effectively combating money laundering and terrorist financing. Due diligence obligations require: - Identification of the customer and of any executor and/or beneficial owner. - Check of the identity of the customer, of any executor and of any beneficial owner on the basis of documents, data and information obtained from reliable and independent sources. - Acquisition of information on purpose and expected nature of the on-going relationship and, when relevant according to a risk-based approach, of the occasional transaction. - Constant monitoring during the on-going relationship. Due diligence obligations apply to all new customers and subject to assessment of the risk present to the existing customer base and, however, in the following cases:

12 PAG. 12 DI 37 - When an on-going relationship is established. - When an occasional transaction is executed, upon the customer s instructions, which involves the transmission or movement of means of payment exceeding or equal to EUR 15,000.00, regardless of whether it is implemented in a single transaction or through a serious of fractioned transactions 4. - When there is a suspicion of money laundering or terrorist financing, regardless of any applicable derogation, exemption or threshold. - When there are doubts as to the completeness, reliability or truthfulness of the information or documentation previously acquired from the customer. There are two further degrees of customer due diligence obligations that are commensurate with the customer s risk profile: enhanced due diligence and simplified due diligence. Enhanced due diligence consists in adopting more in-depth, extensive and frequent measures in the various areas of due diligence. Enhanced measures are applied to customers who have a high risk of money laundering and terrorist financing and however in the case of: - Distance transactions - Transactions and/or establishing of on-going relationships with politically exposed persons (PEPs) - Correspondence accounts with correspondent bodies of Non-EU States - Transactions involving deposit of cash or securities from other States - Dispatch to the Financial Intelligence Unit (FIU) of a suspicious activity report - Use of products, transactions and technologies that can increase the risk of money laundering and terrorist financing. Simplified due diligence applies to customers with a low risk of money laundering and/or terrorist financing and to products and transactions that fall within the categories indicated in Article 25 of Legislative Decree 231/2007 and in Bank of Italy Order dated 3 April In this regard, the Group collects sufficient information on the customer to allow it to establish whether the customer meets the conditions of low money laundering and terrorist financing risk required for application of the simplified measures and checks that these requirements persist over time. The Group has adopted an anti-money laundering questionnaire 5 as a useful tool to fulfil the customer identification obligations and to collect the information required to fulfil the due diligence obligations. 4The registration threshold for fractioned transactions adopted by the Group is consistent with the decisions taken by the ABI-ARMA Committee 5For Group Banks the questionnaire is integrated in the computer applications

13 PAG. 13 DI 37 Intermediaries have also been provided with control procedures capable of determining whether the customer identification details, acquired in the due diligence activity, match those contained in the lists produced by international bodies, such as, for example: - Natural persons who hold or have held prominent public functions, their immediate family members or persons known to be close associates of such persons (PEPs). - Bodies, companies or natural persons identified by the authorities as terrorists or members or associates of the Taleban and Al-Qaida. - Persons operating or resident, even partially, in States reported as having a high money laundering risk and as non-cooperative according to the information provided by the Bank of Italy or other national or supranational institutions committed to preventing offences. - Persons to be subject to measures to freeze capital and economic assets. Customer profiling 6 is carried out when accepting a new customer (or when collecting new data) and also on an on-going basis. The computer safeguards available to the Group intermediaries allow them to profile customers by assigning 7 a score representing the level of risk of money laundering and terrorism financing. On the basis of the risk profile assigned to the customer, the checks carried out are more or less strict. Group Companies fulfil the customer due diligence obligations according to the procedures and timeframes indicated in the reference internal regulations. If Group intermediaries are unable to fulfil the customer due diligence obligations, they do not establish on-going relationships or execute transactions and, if appropriate, they close existing relations. 3.2 Recording of relations and transactions and data preservation The Group Companies that are addressees of Legislative Decree 231/ have set up the Single IT Archive (AUI). The AUI is managed in such a way as to ensure information is clear and complete and that it is promptly recorded in accordance with the time limits established by regulations in force. Group Companies preserve documents and record the information acquired to fulfil the customer due diligence for a period of ten years from execution of the transaction or from termination of the ongoing relationship. 6In assessing the customer, relationships and transactions reference is made to the criteria set forth in the Bank of Italy Order dated 3 April If it is deemed necessary the risk score assigned automatically by the system can be changed. 8With the exception of BPVI Multicredito Agenzia in attività finanziaria S.p.A. as it does not establish on-going relationships and does not execute transactions with customer.

14 PAG. 14 DI Suspicious activity reporting In compliance with provisions in force, the Group actively cooperates with the Financial Intelligence Unit (FIU) and adopts a structured process for suspicious activity reporting. When Group intermediaries suspect or have reasonable grounds to suspect that money laundering or terrorist financing transactions are underway, have been implemented or attempted, they forward a suspicious activity report to the FIU. The suspicion may arise from the characteristics, size or nature of the transaction or from any other circumstance that they have acknowledged by virtue of the functions performed, also considering the economic capacity and the activity carried on by the person to which it refers, on the basis of elements acquired in the course of the activity performed. In order to facilitate identification of suspicious activity, reference is made to the Operating Instructions on the matter issued and periodically updated by the Bank of Italy and to the Operating Models issued by the FIU. To help Group intermediaries to identify suspicious activity the networks and central structures are provided with special computer applications. The Group Anti-Money Laundering Function also carries out ad hoc monitoring designed to identify and analyse abnormal or higher risk operating activity. Inquiries into suspicious activity reports are conducted with a view to ensuring the swiftest possible analysis and decision on whether to send the reports, and in general, to ensuring their traceability, confidentiality and completeness. 3.4 Limits on the use of cash and bearer securities The Group Anti-Money Laundering Function is assigned the responsibility, on behalf of the Group Companies subject to the obligation set forth in Article 51 of Legislative Decree 231/2007, for assessing the evidence of possible breaches of the provisions of Articles 49 and 50 of the aforesaid decree and for subsequent communication to the Ministry of Economy and Finance (MEF) of infringements that have come to its notice.

15 PAG. 15 DI 37

16 PAG. 16 DI 37

17 PAG. 17 DI 37

18 PAG. 18 DI 37

19 PAG. 19 DI 37

20 PAG. 20 DI 37

21 PAG. 21 DI 37

22 PAG. 22 DI 37

23 PAG. 23 DI 37

24 PAG. 24 DI 37

25 PAG. 25 DI 37

26 PAG. 26 DI 37

27 PAG. 27 DI 37

28 PAG. 28 DI 37

29 PAG. 29 DI 37

30 PAG. 30 DI 37

31 PAG. 31 DI 37

32 PAG. 32 DI 37

33 PAG. 33 DI 37

34 PAG. 34 DI 37

35 PAG. 35 DI 37

36 PAG. 36 DI 37

37 PAG. 37 DI 37