Siena, march 2012 Pag. 1 di 5 MPS GROUP 1 - A p p l i c a t i o n This Global Anti-Money Laundering Policy (Policy) applies to all Banca Monte dei Paschi di Siena subsidiaries and branches (collectively "BMPS" or "the Bank"), irrespective of where they are located, and establishes minimum standards that officers and employees (collectively "employees") at BMPS must follow. While ensuring consistency with the above standards each subsidiary or branch has to comply with local anti-money laundering laws, rules and regulations. The Policy must be read in conjunction with the relevant sections of internal procedures adopted by Head Office (Group s Directive and related documents) to combat money laundering, according to Bank of Italy supervisory rules and international applicable principles. 2 - O v e r v i e w BMPS is committed to complying with all applicable laws and regulations designed to combat money laundering, terrorist financing and other financial crimes (collectively, "money laundering"). Although the specific anti-money laundering ("AML") requirements differ by subsidiary/branch, BMPS has adopted this Policy as a reflection of its commitment to AML principles throughout the Bank. The following general requirements are integrated by each BMPS entity with local-tailored internal AML procedures specifying processes, roles and responsibilities within the organization. If any employee is in any doubt as to his responsibilities, he/she should seek guidance from his/her local AML representative which can excalate specific matters at a Group Level. Compliance with all applicable AML laws, rules and regulations is strictly required and is a condition of employment with the Bank. Any employee who engages in money laundering, or who fails to comply with all applicable AML laws and regulations is liable to imprisonment and/or a fine under the various local regimes depending on the seriousness of the offence involved and on the intentionality or not of the action. In addition, the Bank may be the subject of a fine and/or public censure both of which could have a significant reputational impact. In view of the above, failure to comply with this Policy either negligently or in collusion with others may result in the Bank taking internal disciplinary action, termination of employment included, or referring to the relevant regulatory agency the employee that breached the law. 3 - B r i e f B a c k g r o u n d o n M o n e y L a u n d e r i n g Criminal enterprises generate cash from sales of drugs, robberies, theft, extortion and other criminal activities but illegally generated funds may after be invested into a number of licit activities. Certain corrupt political figures have also been known to have stolen funds from national governments and to have moved the proceeds to offshore accounts in jurisdictions that have
Siena, march 2012 Pag. 2 / 5 provided anonymity. Moreover, it has previously been identified that both legal and illegal funds have been used to finance terrorist activity. 3. 1 - M o n e y L a u n d e r i n g Proportionally and coherently with the scope and complexity of the activities conducted by each BMPS Entity, it is imperative that all employees be vigilant in preventing and detecting money laundering. Employees should recognize that money laundering is the disguising of illegally obtained funds with the objective of reintroducing the funds into the economy so as to give the appearance of legitimacy. Generally speaking, money laundering activities involve three different stages: Placement: this occurs when cash generated from crime is placed in the financial system. Those entities or businesses which deal in cash may be more vulnerable to this stage of money laundering; Layering: after the proceeds of crime have been placed in the financial system, layering occurs when these funds are moved around and converted into different instruments in order to distance them from the illegal activity and to give them the appearance of legitimacy. This stage may involve the movement of funds between different products and entities and/or across multiple jurisdictions in order to obscure the audit trail. BMPS entities have to pay a special attention to this stage of money laundering considering that criminal efforts aimed to deceiving financial institutions can make difficult the detection of illicit activity. Integration: once the origin of the criminal proceeds has been obscured, the funds are then reentered into the legitimate economy, for example, through the investment in real estate or other legitimate business ventures. This is the most difficult stage of the money laundering process to detect. 3. 2 - T e r r o r i s t F i n a n c i n g Money laundering activities may also involve using legally derived proceeds rather than criminally derived proceeds for the purpose of financing terrorist or other related activities. Although the underlying motivation behind terrorist financing and money laundering may differ, the techniques employed by both are often similar and closely related. For example, terrorists have been known to transfer money to and from financial institutions and to purchase various types of financial instruments in order to conceal the funding of terrorist activities. While money laundering may involve the movement of large sums of money, the amounts involved in terrorist financing may be relatively small by comparison. 4 - W i l l f u l B l i n d n e s s Active collusion in a money laundering scheme is not the only way that BMPS employees can expose themselves and the Bank to law enforcement or regulatory scrutiny. An employee who has knowledge that the proceeds of illegal activities are involved in a transaction, but still goes forward with a transaction involving such funds, may be prosecuted for money laundering or assisting a money launderer. Even where there is no direct evidence of that knowledge, circumstantial evidence showing that an employee had reasonable grounds to know or suspect, or was "willfully blind" to such information, may be sufficient to result in criminal or civil liability. Furthermore, failure to take certain actions, such as reporting potential money laundering or suspicious activity or maintaining a required record, may also result in liability. 5 - H e a d O f f i c e C o m p l i a n c e F u n c t i o n BMPS has established and maintains a permanent and effective Head Office Compliance Function which is responsible for strategic decisions at BMPS concerning the management of compliance risk. The function is guaranteed a formal and independent status within the organization and has
Siena, march 2012 Pag. 3 / 5 functional reporting to the General Manager but also the right of direct access to the board of directors. BMPS has appointed a Global Head of AML who is responsible for assessing the Bank s overall money laundering risk, for designing, implementing, and monitoring the Bank's AML policies and procedures and for assessing the robustness of the AML systems and controls including surveillance and monitoring tools. The Global Head of AML is also responsible for coordinating and for advising the Bank on money laundering issues, as well as assisting with the development of training and awareness programs, coordinating global investigations and reporting of suspicious activity, and liaising regularly with the local AML compliance functions. The local compliance functions have the mandate to communicate with any employee and obtain access to any records or files necessary in order to carry out its responsibilities. 6 - A n t i - M o n e y L a u n d e r i n g F r a m e w o r k Each BMPS subsidiary/branch is required by local legislation and/or regulations to have in place an AML program, must have implemented a framework which, at a minimum, consists of the following: The designation of an AML Compliance Officer; Internal policies, procedures and controls to i) ensure compliance with all applicable laws and regulations; ii) assign duties and responsibilities; iii) establish appropriate first/second level controls and adequate segregation of activities; A written client identification program and know your customer process; Suspicious activity monitoring and reporting requirements; Respect of sanctions programs; Record keeping requirements; An on-going training program for all relevant employees; Periodic independent testing of the AML program. Further detail with respect to each component part is described below. 6. 1 - A M L C o m p l i a n c e O f f i c e r Each BMPS subsidiary/branch must appoint an individual who is responsible for reasonably ensuring compliance with applicable local AML requirements, regulatory expectations and industry practices as well as developing and implementing an AML framework as described below. 6. 2 - I n t e r n a l P o l i c i e s a n d P r o c e d u r e s Each BMPS subsidiary/branch must establish AML policies, procedures and controls in compliance with local laws and regulations. These policies, procedures and controls are reviewed regularly to reasonably ensure that: any amendments to AML regulations, or the enactment of new AML regulations, are appropriately considered, and where necessary, put into application; and (ii) any amendments or additions to the AML Program are similarly reviewed and adopted. Policies and procedures must also ensure adequate levels of oversight and accountability as well as appropriate segregation of duties through all the processes. AML risk assessment methodology has to be detailed into the above policies and procedures. 6. 3 - C l i e n t I d e n t i f i c a t i o n P r o g r a m Each BMPS subsidiary/branch must have procedures in place to identify, and where required, verify the identity of, new clients including processes for conducting enhanced due diligence on any new client relationships or transactions identified as higher risk. The type of
Siena, march 2012 Pag. 4 / 5 information collected, as well as the frequency with which it will be reviewed and updated, will be determined on a risk-based basis in accordance with applicable laws and regulations. As a general rule, however, each BMPS subsidiary/branch will not conduct business where it: knows or reasonably suspects that any assets obtained by a client are the result of the proceeds of criminal activity; or where the client is a known terrorist, criminal or the subject of international sanctions; and/or where the client is a shell bank. In addition, each BMPS subsidiary/branch will not maintain anonymous accounts for any of its clients. 6. 4 - S u s p i c i o u s A c t i v i t y M o n i t o r i n g Each BMPS subsidiary/branch must develop procedures and processes for monitoring, escalating and reporting suspicious and/or criminal activity in a timeframe and manner which is consistent with regulatory requirements. Employees must immediately report any knowledge or suspicion of money laundering, including terrorist financing, or other financial crimes to either their Manager, the Compliance department as soon as reasonably practicable. Following any necessary investigation, the Compliance department will determine whether or not there are sufficient concerns to file a Suspicious Activity Report. Where a Suspicious Activity Report has been filed, the Compliance department, in conjunction with the business and as necessary the General Manager will determine what additional remedial steps need to be taken, for example, termination of a client's account or increased monitoring. 6. 5 - S a n c t i o n s S c r e e n i n g Each BMPS subsidiary/branch must establish sanctions screening procedures and processes designed to review all new and existing client data and funds transfers against applicable Sanctions Programs, and to reasonably ensure that funds are not received from or transferred to, or each BMPS subsidiary/branch facilitates or conducts business with applicable sanctions targets. 6. 6 - C h a n n e l s o f c o m m u n i c a t i o n Each subsidiary/branch facilitates adequate flows of information to ensure: downward: the Bank s strategies and expectations as well as its policies and procedures are communicated to all employees for achieving a coordinated effort in the fight to money laundering and terrorism financing; channels of communication for being effective require that all staff is enabled to fully understand and adhere to policies and procedures affecting their duties and responsibilities; upward: the senior management and the board are made aware of the risks regarding the AML processes and process escalation is effective, where necessary. 6. 7 - R e c o r d K e e p i n g Each BMPS subsidiary/branch is responsible for establishing procedures demonstrating compliance with record keeping requirements as mandated by applicable law and policy. 6. 8 - T r a i n i n g P r o g r a m Each BMPS subsidiary/branch requires that AML training be provided for all relevant employees, including those responsible for developing or maintaining client relationships, monitoring accounts and transferring funds. Ongoing training is provided to reasonably ensure that appropriate employees are familiar with money laundering systems and controls, as well as with any recent developments in AML regulation and/or legislation. 6. 9 - I n d e p e n d e n t T e s t i n g
Siena, march 2012 Pag. 5 / 5 The local Internal Audit Department will be responsible for testing the robustness of each BMPS subsidiary/branch's AML compliance program and will report any findings or results to the Head Office Internal audit department, the Audit Committee of the Board as well as to local Senior Management. The local Compliance Officer is responsible for reasonably ensuring that any results from the audit process are considered for incorporation into the AML program.