Aetna Anti-Money Laundering and Financial Sanctions Compliance Policy

Transcription

1 Aetna AML and Financial Sanctions Compliance Policy Aetna Anti-Money Laundering and Financial Sanctions Compliance Policy Originating Department: Aetna s AML Compliance Office Effective Date: January 1, 2015 Next Review Due by: January 1, Policy Scope Aetna s anti-money laundering ( AML ) and financial sanctions compliance policy (referred to as the Policy ) applies to all business operations of Aetna, its subsidiary companies, and external entities conducting business on Aetna s behalf (collectively referred to as Aetna ), and to all products and services that Aetna offers. For definitions of key terms mentioned in the Policy, see Appendix A. 2. Policy Statement and Objectives Aetna is committed, as set forth in the Aetna Code of Conduct, to full compliance with all applicable laws and regulations. This includes applicable AML and financial sanction regulations, including those of the U.S. Office of Foreign Assets Control ( OFAC ), Bank Secrecy Act ( BSA ), USA PATRIOT Act, European Union ( EU ) Financial Sanctions Regime, United Nations Common Security Council and other regulations in countries where Aetna does business. Based on assessed inherent risks (see Appendix B for Aetna AML risk assessment attributes), Aetna has implemented and administers the Policy to ensure that Aetna conducts its business in compliance with these laws and regulations. Aetna requires all its employees and external entities that act on its behalf to adhere to the Policy so that Aetna can effectively: Prevent money laundering and any activity that facilitates money laundering or the funding of terrorist or criminal activities; Ensure that it does not engage in any business in any sanctioned countries in compliance with Aetna s Sanctioned Countries Guidance or with any blocked individuals/entities on applicable regulatory sanctions list including OFAC s Specially Designated Nationals ( SDN ) list; and Report violations and suspicious activities to applicable regulatory and law enforcement agencies, as required by laws and regulations. 3. Policy Oversight and Accountability The Aetna AML Compliance officer (with the AML Compliance Office) is responsible for overseeing the Policy at the enterprise level. The AML Compliance Office will provide guidance and training to assist Business Units and Business Compliance Officers ( BCOs ) to implement the Policy. The AML Compliance Council will assist the AML Compliance Office to ensure effective oversight and clear business accountability. The AML Compliance Council shall be comprised of cross-functional representatives including Aetna AML Compliance Officer, Aetna Legal Counsel, Head of Commercial Compliance, Head of Enterprise Compliance and Ethics, Head of Internal Audit, and Business Compliance Officers and senior management personnel for Business Units that have a higher level of AML risk exposure. Aetna Proprietary Information For Internal Use Only

2 The Aetna AML Compliance Officer chairs the AML Compliance Council, and may delegate responsibilities as necessary and appropriate. The AML Compliance Council s responsibilities include, but are not limited to, i) developing strategies to promote compliance and early detection of potential violations, ii) evaluating the compliance risk assessment process and the monitoring work plans for effectiveness, iii) overseeing implementation and monitoring of effective corrective action plans, iv) supporting the staff and resources allocation, and v) reviewing and revising the Policy as necessary. Senior management of Business Units, as warranted based on the AML Risk Assessment (also see Section 11 for additional information on AML risk assessment), is responsible for the following: Appointing a contact person to interact directly with the AML Compliance Council. Establishing Business Unit specific policies and procedures to effectively implement the Policy; Providing training and awareness communications to their higher risk employees and third parties who act on Aetna s behalf about the Policy requirements and Business Unit specific policies and procedures. Monitoring to ensure Business Units ongoing compliance with the Policy and related Business Unit specific procedures, including compliance by their staff and third parties acting on Aetna s behalf (including brokers, agents and other intermediaries). Conducting or cooperating in the performance of enterprise wide or Business Unit specific periodic independent audit, assessment and testing of the Policy. Ensure full and timely implementation of corrective actions resulting from risk assessment, audit, or violation. Managers and employees are responsible for ensuring compliance with the Policy and related Business Unit specific policies and procedures and AML laws and regulations. 4. Due Diligence and Know Your Customers In order to effectively prevent Aetna from being inadvertently used by money-launderers, Business Units and their external agents that act on their behalf (collectively referred to as Business Units ) are required, as warranted based on the AML Risk Assessment (also see Section 11 for additional information on AML risk assessment) to perform due diligence and collect minimum customer and payee identification information. This is to ensure the validity of those with whom Aetna does business and to facilitate AML screening (see Section 5 AML Screening and Alerts Review) in compliance with applicable laws and regulations. For customer and payee identification information collection and verification, see Appendix C. If a customer or payee either refuses to provide required information, or appears to have intentionally provided misleading information, Business Units shall notify the AML Compliance Office. The AML Compliance Office will review the circumstances and determine the next steps that Business Units should take. For this purpose, customers and payees mean person, entity or organization with which Aetna does business, including but not limited to: employees, plan sponsors, members, providers, brokers, agents, vendors, suppliers, banks, and other financial intermediaries. 5. AML Screening and Alerts Review AML screening is an Aetna enterprise-wide undertaking to ensure its compliance with the laws and regulations intended to detect and prevent terrorist and money laundering activities. The AML Compliance Office employs tools, including Lexis Nexis Bridger Insight software (referred to as Bridger ) to systematically screen, on a regular basis, based on risk and regulatory requirements, its members, plan sponsors, providers, vendors, Aetna Proprietary Information for Internal Use Only 2

3 suppliers, consultants, agents, brokers, banks and others with which it does business against the OFAC sanctioned countries list, the SDN list and other applicable regulatory watch lists (see Aetna s Sanctioned Countries Guidance), and also against financial sanctions rules set forth by European Union, United Nations Common Security Council and other regulators in countries where Aetna does business. Certain business areas may perform AML screening on their own in place of or in addition to Aetna enterprise-wide screening performed by the AML Compliance Office. The AML Compliance Office shall review alerts resulting from AML screening to ensure proper disposition. To assist the alert review, Business Units shall promptly research and provide any missing information required by the AML Compliance Office. Aetna s AML screening program includes ongoing regular screening for all Business Units and may include preenrollment screening and pre-payment screening for higher risk Business Units. For risk rating methodology and risk drivers, see Appendix B. The AML Compliance Office manages the AML screening. Business Units are required to timely fulfill their responsibilities to support AML screening. 6. Raising Concerns and Reporting Violations Employees should promptly raise questions or concerns and report any known or suspected violation of the Policy or applicable laws and regulations to their manager and to the AML Compliance Office. You can contact the AML Compliance Office at InternationalComplaince@aenta.com. If you are ever in doubt about the proper course of action, ask for guidance. In addition, for reporting suspicious activities, see Section 7. Employees may also make confidential, anonymous reports in relation to any actual or potential violation of the Policy by contacting Aetna s AlertLine at in the U.S or on the web at (Note: Outside of the U.S., dial the AT&T Direct access code for the country you are calling from followed by AT&T Direct access codes can be found at or by contacting your local operator.) Non-Retaliation Policy: Aetna prohibits retaliating against anyone because he or she in good faith raised concerns or reported suspected violations. Employees who retaliate against others who report suspected violations will themselves be subject to disciplinary action, up to and including dismissal. 7. Reporting to Regulatory and Law Enforcement Agencies To comply with applicable AML and financial sanction regulations, the AML Compliance Office or others as delegated or appropriate, in consultation with Aetna Legal Counsel and/or outside counsel as needed, will submit, as required or otherwise warranted, periodic filings, reports and certifications. Suspicious Activity Report ( SAR ): Business Units shall, as warranted based on the AML Risk Assessment (also see Section 11 for additional information on AML risk assessment) and regulatory requirements, implement a documented process for monitoring payee accounts and identifying signs of suspicious activities that suggest money laundering. These are commonly referred to as red flags (see Appendix D for a list of red flag examples). If a red flag is detected, Business Units shall perform additional due diligence before proceeding with the transaction. If a reasonable explanation is not determined, Business Units shall report the suspicious activity to the AML Compliance Office. The AML Compliance Office shall review the circumstances, and shall consult with Aetna Legal Counsel as needed to determine if a SAR filing is warranted. Business Units shall assist the investigation and collect information required by the AML Compliance Office. When a SAR filing is determined as warranted, either the AML Compliance Office or the Business Units that have established SAR reporting Aetna Proprietary Information for Internal Use Only 3

4 procedures and have been authorized to do so by the AML Compliance Office, shall file, the report with the United States Department of the Treasury Financial Crimes Enforcement Network (FinCEN). The AML Compliance Office or the authorized Business Units shall file a SAR no later than 30 calendar days after the date of the initial detection of facts that may constitute a basis for filing a report. If no suspect is identified on the date of such initial detection, the AML Compliance Office or the authorized Business Units may delay filing for an additional 30 calendar days to identify a suspect, but in no case shall reporting be delayed more than 60 calendar days after the date of such initial detection. The AML Compliance Office shall monitor the SAR reports filing. Business Units shall, as warranted based the AML Risk Assessment (also see Section 11 for additional information on AML risk assessment), develop business specific policies and procedures for suspicious activities reporting. Foreign Bank and Financial Accounts Report ( FBAR ): The AML Compliance Office oversees Aetna Treasury, Tax, and Investment Management to ensure that a Corporate FBAR is filed annually if the aggregate value of any foreign financial accounts in which Aetna has a financial interest or signature authority exceeds $10,000 at any point during the calendar year. The United State Department of the Treasury Financial Crimes Enforcement Network ( FinCEN ) requires that an FBAR must be filed electronically on an annual basis, no later than June 30th. Aetna Treasury, Tax and Investment Management are jointly responsible for filing the Corporate FBAR report timely, completely and accurately. Report of Cash Payments over $10,000 Received in a Trade or Business Any Business Unit engaged in a trade or business that, in the course of that trade or business, receives more than $10,000 in cash in one transaction or in two or more related transactions, must file Form 8300 with Internal Revenue of Service ( IRS ). Notification of Financial Sanction Violation to Regulatory Agencies: Business Units shall notify the AML Compliance Office of any potential financial sanction violation. The AML Compliance Office shall investigate or consult in the investigation of the circumstances, and shall consult, as warranted, with Aetna Legal Counsel to determine if notifying a regulatory agency is required. Business Units shall assist or perform the investigation and collect information required by the AML Compliance Office. As warranted, the AML Compliance Office shall report or shall approve the reporting of violation to the appropriate regulatory agency and along with corrective actions that Aetna has taken. The AML Compliance Office and Business Units shall ensure full and timely implementation of corrective actions. Report of Blocked Transactions: Business Units shall notify the AML Compliance Office of any payments blocked or rejected by financial institutions under OFAC. The AML Compliance Office shall investigate the circumstances, and shall consult, as warranted, with Aetna s AML Legal Counsel, prior to notifying the relevant regulatory agency. Business Units shall assist the investigation and collect information required by the AML Compliance Office. A Report of Blocked Transactions must be filed by fax within 10 days of notification regarding or becoming aware of the blocking. The AML Compliance Office is responsible for filing the Report of Blocked Transactions timely, completely and accurately. The AML Compliance Office shall oversee the investigation of positive match results identified through AML screening. The AML Compliance Office shall investigate the circumstances, and shall consult, as warranted, with Aetna Legal Counsel, to determine if a Report of Blocked Transaction filing is warranted. Business Units shall assist the investigation and collect information required by the AML Compliance Office. A Report of Blocked Transactions must be filed by fax within 10 days of the Aetna Proprietary Information for Internal Use Only 4

5 blocking. The AML Compliance Office is responsible for filing the Report of Blocked Transactions timely, completely and accurately. A Report of Blocked Property must be filed by mail annually no later than September 30th to the relevant regulatory agency. The AML Compliance Office is responsible for filing the Report of Blocked Transactions timely, completely and accurately. EU or Other Jurisdictions Certifications: The AML Compliance Office is responsible for certifying to the appropriate regulator (e.g., Central Bank of Ireland), as required on a quarterly or other required basis, that Aetna has taken appropriate measures to thoroughly examine Aetna s records and: Confirm whether or not Aetna has any funds or economic resources in the name of any natural or legal person, group or entity currently the subject of EU or other applicable restrictive measures; and Confirm that Aetna has adequate systems and controls in place to ensure compliance at all times with obligations under EU or other applicable financial sanctions legislation. Confidentiality: No one shall disclose or discuss SAR or financial sanction violation investigation results with anyone other than those who have a legitimate need to know. Unless otherwise permitted by applicable regulations, no one shall disclose or discuss any AML concern, investigation, notice or SAR filing with the person(s) subject of such matters. Most of such disclosures are strictly prohibited by the Bank Secrecy Act. Communicating Subpoenas, Inquiries and Notices: Business Units and others shall immediately inform the AML Compliance Office of any subpoenas, inquiries or notices of noncompliance related to AML or financial sanctions regulations. 8. Recordkeeping The AML Compliance Office and applicable Business Units, as warranted based on the AML Risk Assessment (also see Section 11 for additional information on AML risk assessment), shall retain AML records per applicable department specific record retention policy, at a minimum for five years, after a relationship is terminated with customers. (For this purpose, customers mean anyone Aetna does business with, including but not limited to: employees, plan sponsors, members, providers, brokers, agents, vendors, suppliers, banks and other financial intermediaries.) The AML Compliance Office or appropriate Business Units shall maintain FBARs and SARs in compliance with Aetna s applicable department specific record retention policy, at a minimum for five years. Records to be maintained include, but are not limited to: Details of any pre-sar filing investigations, including what final determination was made and how it was reached; Documentation concerning all client identity due diligence; Information relating to all red flag investigations; Copies of all AML materials utilized to ensure appropriate AML training for all appropriate employees; Reports to senior management related to the Policy; Copies of exception reports utilized to detect suspicious activities; Copies of all SARs and FBARs, as applicable, filed by Aetna; Reports to regulators or law enforcement officials; Reports of cash payments over $10,000 (Form 8300); and Any other appropriate materials required to document the enforcement of the Policy. Aetna Proprietary Information for Internal Use Only 5

6 9. Training & Awareness All employees with responsibility for monitoring or engaging in business processes and transactions that may be the source of AML risk ( Relevant Responsibility ), and others conducting business on Aetna s behalf with Relevant Responsibility, are required to take annual training about the Policy and supporting procedures. The AML Compliance Office will provide periodic training and updates as required to clarify responsibilities under the Policy and to inform employees of any changes to the Policy. General AML Compliance Training and Awareness: All employees with Relevant Responsibility are required to take Aetna s AML compliance training upon hire and at least annually thereafter. Agents/vendors with Relevant Responsibility who act on Aetna s behalf in support of the Policy are also required to take the training. The AML Compliance Office is responsible for updating the AML compliance training to ensure its accuracy. The AML Compliance Office will provide training and awareness communications to other agents that may have impact on Aetna s AML compliance via Aetna Learning Center online training, in person live training, or s. Specialized Training: Business Units that have a higher AML compliance risk are responsible for, in consultation with the AML Compliance Office, the AML Compliance Council and BCOs, evaluating specialized AML training materials, determining training methods and training frequency, delivering the training, tracking training completion status, and retain training materials and attendance records. Employees with Relevant Responsibility in these Business Units, and managers who manage such employees, are required to take specialized AML compliance training. This also applies to agents/vendors with Relevant Responsibility who act on Aetna s behalf. 10. Monitoring, Auditing and Reporting Business Units, as warranted based on the AML Risk Assessment (also see Section 11 for additional information on AML risk assessment), shall perform risk-based monitoring to assess its compliance with the Policy and related policies and procedures and report the results to the AML Compliance Office and the AML Compliance Council as required by the AML Compliance Office and/or Council. Elements for ensuring ongoing compliance with and early detection of violations of the Policy may include the following based on Business Units AML risk assessment results: Audits to periodically test compliance and assess understanding of the rules Metrics, key risk indicators Escalation protocols Investigation protocols Corrective and disciplinary actions Management reporting of the above Internal Audit may perform audits of compliance with the Policy by Business Units. Additionally, an external firm may be engaged to independently assess selected Business Units AML compliance status or the overall Aetna enterprise AML compliance status. The AML Compliance Council will review the audit results and take appropriate actions to ensure that Aetna and/or Business Units and/or others address findings. Aetna Proprietary Information for Internal Use Only 6

7 11. Risk Assessment and Policy Modification Periodically, but no less than biennially, the AML Compliance Office shall perform a risk assessment to evaluate the effectiveness of the Policy to ensure ongoing compliance with AML rules and regulations. The AML Compliance Council will assist in the risk assessment process and Business Units will be responsible, with participation of their Business Compliance Officers and input form the AML Compliance Office, for conducting business focused AML and financial sanctions risk assessment. The risk assessment will be based on factors such as product, channel, entity, and geography. Based on the risk assessment results, the AML Compliance Council shall review and approve appropriate Policy modifications to be disseminated by the AML Compliance Office and work with appropriate Business Units to ensure that they build/improve processes and controls to be in compliance. The AML Compliance Office shall periodically review the Policy against applicable regulatory updates, findings from screening and auditing, and make necessary modifications based on the periodic review and risk assessments at Aetna enterprise level and at Business Units level to ensure that the Policy are current, relevant and effective in ensuring Aetna s compliance. Business Units shall take reasonable steps to improve department specific AML compliance processes and controls, and close any gaps identified from internal and/or external audits. 12. Enforcement and Consequences of Violations In accordance with Aetna s Code of Conduct, employees who breach this Policy, or any applicable AML or financial sanctions requirements, will be subject to disciplinary action, up to and including dismissal. Additional civil and criminal penalties may also apply. If you manage a person (including another employee or a broker, agent or other third party acting on Aetna s behalf) who commits a violation and the investigation shows that you ignored the Policy, related procedures or a law or regulation, you also may be disciplined, up to and including dismissal. 13. Policy Contact For questions about this Policy, you can send an with your questions to International Compliance. The Policy has been reviewed and approved by: Name: Betsy Donnelly Title: Head of Aetna International and AML Compliance Signature: Signature Date: 03/23/2015 Aetna Proprietary Information for Internal Use Only 7

8 APPENDIX A Key Definitions Office of Foreign Assets Control ( OFAC ) is an office of the US Department of the Treasury. OFAC administers and enforces economic and trade sanctions based on US foreign policy and national security goals against targeted foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the United States. OFAC acts under Presidential national emergency powers, as well as authority granted by specific legislation, to impose controls on transactions and freeze assets under US jurisdiction. Many of the sanctions are based on United Nations and other international mandates, are multilateral in scope, and involve close cooperation with allied governments. Money Laundering is generally defined as engaging in acts designed to conceal or disguise the true origins of criminally derived proceeds so that the unlawful proceeds appear to have been derived from legitimate origins or constitute legitimate assets. Generally, money laundering occurs in three stages. Cash first enters the financial system at the placement stage, where the cash generated from criminal activities is converted into monetary instruments. At the layering stage, the funds are transferred or moved into other accounts or other financial institutions to further separate the money from its criminal origin. At the integration stage, the funds are reintroduced into the economy and used to purchase legitimate assets or to fund other criminal activities or legitimate businesses. Terrorist financing may not involve the proceeds of criminal conduct, but rather an attempt to conceal the origin or intended use of the funds, which will later be used for criminal purposes. The Specially Designated Nationals list (also known as the SDN list) is a list of individuals, groups, and entities subject to economic sanctions by OFAC. In addition to companies and people owned, controlled by, or acting on behalf of countries are targeted by OFAC, the list also includes non-country-specific designated entities like suspected narcotics traffickers or terrorists. In most cases, U.S. citizens, permanent residents, and U.S.-based businesses are forbidden from working with SDNs, whose assets are typically frozen. The Financial Action Task Force ( FATF ) is an inter-governmental body established in 1989 by the Ministers of its Member jurisdictions. The objectives of the FATF are to set standards and promote effective implementation of legal, regulatory and operational measures for combating money laundering, terrorist financing and other related threats to the integrity of the international financial system. The FATF is therefore a policy-making body which works to generate the necessary political will to bring about national legislative and regulatory reforms in these areas. Return to the Policy Aetna Proprietary Information for Internal Use Only 8

9 APPENDIX B: Aetna AML Risk Assessment Attributes Category Attributes High Risk Medium Risk Low Risk Existing Screening Program / Currently Performing No Yes, Internal Yes, External History of OFAC Issues Yes Yes, but infrequent No Blocked Accounts Subpoenas Sanctions Enforcements Manual vs. Automated Manual Automated, Aetna Developed Automated, by 3 rd Party Screening Provider Frequency of Screening Monthly or less frequently Weekly Daily Products & Services Customers & Entities Geographic Location Do you use the most current list every time you screen? No Yes, but only for some watch lists, not for all Pre-Payment Screening (if applicable) No Yes, but only for some Yes payments, not for all Documented Case Management Tool No or unknown Yes, but documentation not complete or up-to-date Yes Investment Vehicle / Value Accumulation Holding Client Money Group Health Insurance Non Insurance B to B o HRA, HAS, FSA Medical I-Triage o LTC Dental Medicity Behavioral Health Active Health Group Insurance Investment Vision HMS (Group and Individual) Pharmacy Services not involving Disability payment processing TPA Services involving Payment Processing Group vs. Individual Individual / Small Group Group Source of Funding / Contracting Entity Transaction Location Non-US Government NGO / Charity Individual Most/All transactions outside of the US Non-US private sector corporation Some transactions outside of the US Yes US private sector corporation US government funded No transactions outside of the US Out of scope for screening: No contractual relationship, no payments to or from entity (e.g. out of network provider, reimbursement payment made to member.) Return to the Policy Aetna Proprietary Information for Internal Use Only 9

10 APPENDIX C Suggested Customer and Payee Identification Information Collection and Verification While it has always been important for financial institutions to be aware of whom they are doing business with, the USA Patriot Act made such due diligence even more paramount. Passed in October 2001, it required all financial service providers to establish Anti-Money Laundering programs in order to catch potential cases of terrorism financing. Section 326 holds institutions accountable for their ongoing Know Your Customer screening and initial customer screening. Federal regulators require that financial institutions perform risk-based due diligence in verifying the identities of potential clients and keep detailed records of the process used and the information gathered. In general, Business Units should, as warranted based on the AML Risk Assessment (also see Section 11 for additional information on AML risk assessment) and to comply with applicable regulations, collect and verify customer and payee identification information, and retain copies of identification documents. For U.S. persons or entities, the minimum customer and payee identification information generally includes: Name Date of birth or date of incorporation Address Identification number, which will be a social security number ( SSN ) or taxpayer identification number ( TIN ) for U.S. persons or entities Depending on the information source and customer risk rating, information verification may be required, such as verifying photo identification (passport, driving license or other comparable source). For non-u.s. persons or entities, the minimum customer and payee identification information includes: Name Date of birth or date of incorporation Address Passport number and country of issuance Alien identification card number (if relevant) Number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photograph or other similar safeguard. Based on the risk, and to the extent reasonable and practicable, Business Units will ensure that it has a reasonable belief of the true identity of its employees, plan sponsors, members, providers, brokers, agents, vendors, suppliers and others with which we do business. In verifying customer and payee identity, Business Units, as required by regulations or assessment of risks, shall review photo identification. For verification purposes, Business Units shall rely on a government-issued identification to establish a customer or payee's identity, analyze the information provided to determine if there are any logical inconsistencies in the information obtained, and document the verification. The documentation shall include all identifying information provided by the customer or payee, the methods used, results of the verification, and the sign-off of the person who has performed the verification. Return to the Policy Aetna Proprietary Information for Internal Use Only 10

11 APPENDIX D Red Flag Examples Listed below are examples of signs of suspicious activities that may suggest money laundering, commonly referred to as red flags. When you detect a red flag, you must conduct (or arrange for the Business Unit to conduct) appropriate due diligence (in accordance with Section 4 and Appendix C of the Policy) before proceeding with the relevant transaction. These red flags may be not applicable to every Business Unit in Aetna. Use your judgment to determine red flags. When in doubt, please contact your manager and your compliance contact for further guidance. The customer exhibits unusual concern regarding the firm's compliance with government reporting requirements and the firm's AML policies, particularly with respect to his or her identity, type of business and assets, or is reluctant or refuses to reveal any information concerning business activities, or furnishes unusual or suspect identification or business documents. The customer wishes to engage in transactions that lack business sense or apparent investment strategy, or are inconsistent with the customer's stated business strategy. The information provided by the customer that identifies an apparently legitimate source for funds is false, misleading, or substantially incorrect. Upon request, the customer refuses to identify or fails to indicate any legitimate source for his or her funds and other assets. The customer (or a person publicly associated with the customer) has a questionable background or is the subject of news reports indicating possible criminal, civil, or regulatory violations. The customer exhibits a lack of concern regarding risks, commissions, or other transaction costs. The customer appears to be acting as an agent for an undisclosed principal, but declines or is reluctant, without legitimate commercial reasons, to provide information or is otherwise evasive regarding that person or entity. The customer has difficulty describing the nature of his or her business or lacks general knowledge of his or her industry. The customer attempts to make frequent or large deposits of currency, insists on dealing only in cash equivalents, or asks for exemptions from the firm's policies relating to the deposit of cash and cash equivalents. The customer engages in transactions involving cash or cash equivalents or other monetary instruments that appear to be structured to avoid the local government reporting requirements (e.g. $10,000 for U.S.), especially if the cash or monetary instruments are in an amount just below reporting or recording thresholds. For no apparent reason, the customer has multiple accounts under a single name or multiple names, with a large number of inter-account or third-party transfers. The customer is from, or has accounts in, a country identified as a non-cooperative country or territory by the Financial Action Task Force. The customer's account has unexplained or sudden extensive wire activity, especially in accounts that had little or no previous activity. The customer's account shows numerous currency or cashier s check transactions aggregating to significant sums. The customer's account has a large number of wire transfers to unrelated third parties inconsistent with the customer's legitimate business purpose. The customer's account has wire transfers that have no apparent business purpose to or from a country identified as money laundering risk or a bank secrecy haven. Aetna Proprietary Information for Internal Use Only 11

12 The customer's account indicates large or frequent wire transfers, immediately withdrawn by check or debit card without any apparent business purpose. The customer makes a funds deposit followed by an immediate request that the money be wired out or transferred to a third party, or to another firm, without any apparent business purpose. The customer makes a funds deposit for the purpose of purchasing a long-term investment followed shortly thereafter by a request to liquidate the position and transfer of the proceeds out of the account. The customer requests that a transaction be processed in such a manner to avoid the firm's normal documentation requirements. The customer prepays or overpays any scheduled payments for loan or annuity products. Return to the Policy Aetna Proprietary Information for Internal Use Only 12