KYC Platform Participant Guide



Know Your Customer Instructor Led TrainingTable of Contents TOC \o "1-3" \h \z \u Course Overview PAGEREF _Toc413685272 \h 5Importance of the AML and Sanctions Program PAGEREF _Toc413685273 \h 8Lesson 1: Know Your Customer PAGEREF _Toc413685274 \h 9Topic 1: Know Your Customer Components PAGEREF _Toc413685275 \h 10Topic 2: Consequences of Non-Compliance PAGEREF _Toc413685276 \h 11Topic 3: First, Second, and Third Lines of Defense PAGEREF _Toc413685277 \h 12Topic 4: Customers at State Street PAGEREF _Toc413685278 \h 13Topic 5: Accounts PAGEREF _Toc413685279 \h 15Topic 6: Customer Types PAGEREF _Toc413685280 \h 16Topic 7: New and Existing Customers PAGEREF _Toc413685281 \h 21Topic 8: Know Your Customer Lifecycle and Escalation PAGEREF _Toc413685282 \h 22Topic 9: Opening an Account PAGEREF _Toc413685283 \h 24Topic 10: Overview of the AML Toolkit PAGEREF _Toc413685284 \h 26Lesson 1: Summary PAGEREF _Toc413685285 \h 28Lesson 2: Customer Identification Program PAGEREF _Toc413685286 \h 29Topic 1: Customer Notice (US Customers Only) PAGEREF _Toc413685287 \h 30Topic 2: Required Information for Customer Identification PAGEREF _Toc413685288 \h 31Topic 3: Customer Identification Program Exemptions and Simplified Due Diligence PAGEREF _Toc413685289 \h 34Topic 4: Customer Verification PAGEREF _Toc413685290 \h 36Topic 5: Material Discrepancies PAGEREF _Toc413685291 \h 41Lesson 2: Summary PAGEREF _Toc413685292 \h 42Lesson 3: Customer Due Diligence PAGEREF _Toc413685293 \h 43Topic 1: Standard CDD: Purpose of an Account PAGEREF _Toc413685294 \h 44Topic 2: Standard CDD: Building Customer’s Anticipated Activity Profile PAGEREF _Toc413685295 \h 45Topic 3: Standard CDD: Source of Funds PAGEREF _Toc413685296 \h 46Topic 4: Standard CDD: Source of Wealth PAGEREF _Toc413685297 \h 48Topic 5: Standard CDD: Screening PAGEREF _Toc413685298 \h 52Topic 6: Targeted CDD: Customer Finances PAGEREF _Toc413685299 \h 57Topic 7: Customer Risk Rating PAGEREF _Toc413685300 \h 58Lesson 3: Summary PAGEREF _Toc413685301 \h 60Lesson 4: KYC Platform PAGEREF _Toc413685302 \h 61Topic 1: Queues PAGEREF _Toc413685303 \h 63Topic 2: Dashboards PAGEREF _Toc413685304 \h 64Topic 3: Search Cases PAGEREF _Toc413685305 \h 65Topic 4: Search Legal Entity PAGEREF _Toc413685306 \h 67Topic 5: Legal Entity Management Screen PAGEREF _Toc413685307 \h 69Topic 6: Legal Entity Details PAGEREF _Toc413685308 \h 70Topic 7: Business Details PAGEREF _Toc413685309 \h 71Topic 8: Supplementary Details PAGEREF _Toc413685310 \h 73Topic 9: Risks PAGEREF _Toc413685311 \h 74Topic 10: Status PAGEREF _Toc413685312 \h 75Topic 11: Tasks PAGEREF _Toc413685313 \h 76Lesson 4: Summary PAGEREF _Toc413685314 \h 78Lesson 5: How to Conduct CIP and CDD PAGEREF _Toc413685315 \h 79Topic 1: Capturing Legal Entity PAGEREF _Toc413685316 \h 80Topic 2: Upload Requested Documents PAGEREF _Toc413685317 \h 94Topic 3: Validate PAGEREF _Toc413685318 \h 96Topic 4: Enrich Client Data PAGEREF _Toc413685319 \h 99Topic 5: Upload Risk Rating Results PAGEREF _Toc413685320 \h 102Topic 6: Complete AML PAGEREF _Toc413685321 \h 114Topic 7: Approve for Account Opening PAGEREF _Toc413685322 \h 115Lesson 5: Summary PAGEREF _Toc413685323 \h 117Lesson 6: Enhanced Due Diligence PAGEREF _Toc413685324 \h 118Topic 1: Required and Triggered Enhanced Due Diligence PAGEREF _Toc413685325 \h 119Topic 2: First Line of Defense Responsibilities PAGEREF _Toc413685326 \h 120Topic 3: General Enhanced Due Diligence Requirements PAGEREF _Toc413685327 \h 121Topic 4: Source of Wealth PAGEREF _Toc413685328 \h 122Topic 5: Site Visits PAGEREF _Toc413685329 \h 125Topic 6: PEP Identification PAGEREF _Toc413685330 \h 127Topic 7: Enhanced Due Diligence Customer Profile Form PAGEREF _Toc413685331 \h 129Topic 8: Risks and Mitigants PAGEREF _Toc413685332 \h 130Topic 9: Record Retention PAGEREF _Toc413685333 \h 131Topic 10: How to Conduct PEP Identification PAGEREF _Toc413685334 \h 132Topic 11: How to Conduct EDD PAGEREF _Toc413685335 \h 135Lesson 6: Summary PAGEREF _Toc413685336 \h 137Lesson 7: Ongoing Reviews PAGEREF _Toc413685337 \h 138Topic 1: Periodic Reviews PAGEREF _Toc413685338 \h 139Topic 2: How to Conduct Periodic Reviews for Low and Medium Risk Customers PAGEREF _Toc413685339 \h 140Topic 3: How to Conduct Periodic Reviews for High Risk Customers PAGEREF _Toc413685340 \h 142Topic 4: Event Driven Reviews PAGEREF _Toc413685341 \h 145Topic 5: Examples of Trigger Events PAGEREF _Toc413685342 \h 146Topic 6: Suspicious Activity PAGEREF _Toc413685343 \h 147Topic 7: Transaction Monitoring PAGEREF _Toc413685344 \h 149Topic 8: Employee Identification and Escalation of Suspicious Customer Behavior PAGEREF _Toc413685345 \h 151Topic 9: Sanctions Screening PAGEREF _Toc413685346 \h 153Topic 10: Sanctions Licenses PAGEREF _Toc413685347 \h 159Topic 11: Board and Senior Management Reporting PAGEREF _Toc413685348 \h 160Lesson 7: Summary PAGEREF _Toc413685349 \h 161Participant’s Notes PAGEREF _Toc413685350 \h 162Abbreviations and Acronyms PAGEREF _Toc413685351 \h 163Glossary PAGEREF _Toc413685352 \h 164References PAGEREF _Toc413685353 \h 165Course OverviewState Street exercises due diligence when establishing a relationship with a customer and carries out ongoing monitoring over the life of the relationship with a customer in order to identify and limit AML risk (referred to as Know Your Customer or KYC). KYC is composed of the Customer Identification Program (CIP), Customer Due Diligence (CDD), Enhanced Due Diligence (EDD) (if applicable), and the Customer Risk Rating. This training will provide you with the following:What needs to be completed as part of KYCWhy it need to be completedHow to complete it using the KYC PlatformDay One Course AgendaTimeLesson Title/Description9:00 A.M. – 9:15 A.M.Introductions9:15 A.M. – 10:30 A.M.Know Your Customer, CIP and CDD10:30 A.M. – 11:30 A.M.KYC Platform11:30 A.M. – 11:45 A.M.Q&A11:45 A.M. – 12:00 A.M.Day Two OverviewDay Two Course AgendaTimeLesson Title/Description9:00 A.M. – 9:15 A.M.Recap from Day One9:15 A.M. – 10:30 A.M.KYC Scenarios/hands on exercise10:30 A.M. – 11:00 A.M.EDD 11:00 A.M. - 11:45Ongoing Relationship11:45 – 12:00ConclusionCourse ObjectivesAfter completing this course, you will be able to:Identity customers who maintain accounts and/or relationships with State Street.Manage and mitigate AML, Sanctions, Compliance, Operational, Reputational, and Strategic risks a customer poses throughout the customer lifecycle.Conduct Customer Identification Program (CIP), Customer Due Diligence (CDD), Simplified Due Diligence (SDD), and Enhanced Due Diligence (EDD), wherever appropriate on customers and their Ultimate Beneficial Owners (UBOs) and related parties.Determine the AML Customer Risk Rating (CRR) for new and existing customers and when to apply enhanced due diligence for those customers who are deemed High ply with Sanctions regulations and report instances of suspicious activity.Cooperate with regulatory and law enforcement authorities in criminal investigations, prosecutions, and forfeiture actions relating to AML, Sanctions or other criminal activities.Maintain proper records for five years.Course PrerequisitesBefore taking up this course, you must undergo the following e-learning modules:Know Your Customer at State StreetCustomer Identification ProgramCustomer Due DiligenceEnhanced Due DiligenceOngoing RelationshipSymbols Key for the PowerPoint Presentation IconDescriptionThis slide will provide details about the learning Objectives in the course.This slide will list all the topics in a lesson.This slide will provide details about content covered in a topic.This slide will include provide details about procedural steps for a particular process.This slide will have the content included in a tabular format.This slide will provide details of a discussion activity in the class.This slide will include the discussion question for discussion in the class.This slide will summarize the important points covered in the course.This slide will include assessment questions for the course.Importance of the AML and Sanctions Program Governments and regulatory agencies in jurisdictions impose specific requirements on financial institutions globally in order to combat money laundering, terrorist financing, tax evasion and other criminal activities (collectively referred to herein as “Money Laundering”). Financial institutions must comply with all Anti-Money Laundering (AML) and Sanctions laws and regulations in jurisdictions of operation. Due to State Street’s international presence, the institution must comply with various AML and Sanctions regimes. The purpose this training is to provide State Street’s Business Units with uniform and detailed guidance to prevent the Business Unit and its employees from involvement in money laundering, fraudulent activity, and the financing of terrorist activities.It is the Business Unit who ultimately owns the risk any customer relationship poses to State Street. The AML requirements and controls in place for specific customer types and risk levels for the Business Unit to comply with State Street’s Global AML and Sanctions Policies.Lesson 1: Know Your Customer Topics Know Your Customer ComponentsConsequences of Non-ComplianceFirst, Second, and Third Lines of DefenseCustomers at State StreetAccountsCustomer TypesNew and Existing CustomersKnow Your Customer Lifecycle and EscalationOpening an AccountOverview of the AML ToolkitIntroductionThe AML and Sanctions policies were developed using a Risk-Based Approach. This approach allows State Street to identify, assess, and understand the money laundering and terrorist financing risks that State Street is exposed to, by categorizing its customers as High, Medium, or Low. The higher the risk, the more due diligence is required to prevent and mitigate these risks. A critical part of this process is to Know Your Customer (KYC). OverviewState Street is committed to complying with AML regulations, as implemented by the State Street AML and Sanctions Programs. KYC encompasses standards and procedures designed to ensure State Street knows with they are doing business with. KYC is the process used by State Street to verify the identity of their customers. KYC is becoming increasingly important globally to prevent identity theft, financial fraud, money laundering, and terrorist financing. State Street is committed to complying with AML regulations, as implemented by the State Street AML and Sanctions policies.The objective of KYC is to prevent State Street from being used, intentionally or unintentionally, by criminal elements for money laundering activities. Our policies and procedures enable State Street to know and understand our customers, and their financial dealings better. This helps State Street to manage their risks prudently. Topic 1: Know Your Customer ComponentsOverviewKYC is comprised of the following three components: Customer Identification Program (CIP)This process is a risk-based approach designed to enable the First Line of Defense to form a reasonable belief that it knows the true identity of the customer. This process involves the collection and verification of a customer’s identification information before the customer is onboarded. Customer Due Diligence (CDD)This process allows the First Line of Defense to assess the AML and Sanctions risk associated with the customer and obtaining information sufficient to develop an understanding of normal and expected activity.Enhanced Due Diligence (EDD) This process provides for a closer review of High-risk customers. Their activities are reviewed more closely at the time the account is opened and more frequently throughout the term of the ic 2: Consequences of Non-ComplianceOverviewState Street has no tolerance for breaches within its AML and Sanctions Programs. The consequences of breaches can be significant and may include:For State Street employees: Monetary fines (in millions of dollars)Prison sentences (10 to 30 years)For State Street:Monetary fines (in millions of dollars)Reputational damage (“It takes twenty years to build a reputation and five minutes to destroy it.” (W.Buffet))Cease and desist orders (Likely to weaken the solvency/earnings of the financial institution (FI))Topic 3: First, Second, and Third Lines of DefenseOverviewTo support the activities within the Target Operating Model (TOM), the First, Second, and Third Lines of Defenses responsibilities have been changed.The following table describes the responsibilities of the First, Second, and Third Lines of Defense.Lines of DefenseWho are TheyResponsibilitiesFirst Line of DefenseBusiness Unit and AML KYC CoE (Shared Services)Ensure ongoing compliance is embedded into all relevant AML and Sanctions decisions and operations. Perform routine verification and provide AML Compliance with up to date information on AML and Sanctions key risks and control indicators.Second Line of DefenseAML CompliancePerform Real Time Monitoring focused on particularly risky areas of AML, such as looking to identify suspicious activity.Conduct Ex Post Surveillance over the effectiveness of compliance controls embedded in the First Line of Defense and AML Compliance functions.Third Line of DefenseCorporate AuditThe responsibility of the Third Line of Defense is to conduct independent and regular reviews of State Street’s Global AML and Sanctions Programs including the AML Compliance function itself.AML KYC CoE (Shared Services) is located in either India or Poland. The following table lists the Business Units supported by AML KYC CoE (Shared Services) (India and Poland).IndiaPolandGlobal OpsUSISIISWMSGlobal Credit ServicesIMSSSGMSSGXSSIAFinanceGS-APACSSgA AIS GS-EMEASSGMTopic 4: Customers at State Street OverviewA customer is a person contracting directly with State Street for the provision of products and services. The following table describes the various customer types.TypeDefinitionNon-IndividualsA Non-Individual is a lawful or legally standing organization (such as an association, corporation, partnership, proprietorship, or trust) existing independently and exercising powers independent of its members or beneficiaries – namely, the legal capacity to enter into agreements or contracts; assume obligations; incur and pay debts; sue and be sued; and accountability for illegal activities. IndividualsAn Individual is a natural person (human being), group, or an Indian Tribe, who has rights and duties prescribed by law.Once the Customer has been identified, additional parties also need to be identified. The following table describes the different parties that need to be identified.TypeDefinitionUltimate Beneficial Owners (UBOs)Non-Individuals or Individuals who ultimately own or control a customer and/or the person on whose behalf a transaction is being conducted. UBOs may also called indirect owners, and include any person or entity that owns, has the right to vote, or has the power to sell or direct the sale of a class of the businesses voting securities of an immediate owner.Controlling PartiesNon-Individuals or Individuals with direct or indirect control over the account created. These Non-Individuals and/or Individuals are connected to an account by virtue of having a degree of control over the funds within an account belonging to another individual or non-individual. "Control" means the power to exercise substantial influence over the management or policies of a company through contract or otherwise Examples of controlling parties include, but are not limited to:Investment AdvisorsMembers of The Board of DirectorsGeneral PartnersExecutive Management – President, CEO and CFOThe following table describes the different parties that need to be identified.TypeDefinitionAssociated Third PartiesNon-Individuals or Individuals connected to an account who do not directly contract with State Street, are not controlling parties, and do not have a significant ownership stake in the funds within the account. Associated Third Party relationships may involve outsourced products and services, use of independent consultants, services provided by affiliates and subsidiaries, joint ventures, or other business arrangements where the bank has an ongoing relationship. Examples of Associated Third Parties include, but are NOT limited to:Beneficiaries of Pension FundsTrusteesIntermediariesTradersVendorsTrading and CounterpartiesNominal OwnersSettlorsInvestment Advisors/Investment Managers/Introducers/Promoters (not considered customers)Topic 5: AccountsOverviewAn account is a formal banking or brokerage relationship established to provide or engage in services, dealings, or other financial transactions. It includes a deposit account, a transaction or asset account, investment management account, credit account, or another extension of credit.An account is a broad definition encompassing all products and services provided by State Street.An account includes: Safekeeping servicesMaster custody services Master trust servicesCash management services Accounting servicesData processing, warehousing, and reporting services Performance, risk and compliance analytics servicesInvestment management services and accounts Middle Office servicesCredit accounts, or another extensions of creditDeposit accounts Transaction or asset accountsTopic 6: Customer Types OverviewOnce the customer and the account have been identified, before we can determine what KYC requirements are needed, we need to determine the customer type.The following table lists State Street’s customer types and their definitions.Customer TypeDefinitionsBank (Foreign and Domestic)Banks are financial institutions licensed to receive deposits, and are categorized as either Retail/Commercial or Investment Banks. Retail/Commercial Banks manage deposits and withdrawals from customers, while Investment Banks provide services to clients. Custodial Banks are included in the definition of "Banks," however, financial institutions such as MSBs, insurance companies and Investment Advisors are not.Charities, Religious Group and Non-ProfitNon-Profits are organizations that use surplus revenue to achieve goals rather than distributing the revenue as profits or dividends. Charities receive donations which are used to administer a specific program for the greater good. Charities are unique types of non-profit organizations in that the Charity administers funds to meet non-profit and philanthropic goals, as well as social well-being, and are exempt from federal income tax. Religious Groups also receive donations which are used to carry out specific programs related to the mission of the religious organization. Religious groups are also non-profits and are tax exempt.Foundations/ EndowmentsA foundation is a type of private tax-exempt nonprofit organization that supports charitable activities in order to serve the common good through grants. Foundations are often created with endowments, or money given by individuals, families or corporations, which may or may not be managed by an investment advisor. They generally make grants with the income earned from investing the endowments, and do not carry out their own programs. Foundations and Endowments do not have to operate for charitable purposes. Institutions such as hospitals or universities and those that generally have broad public support or actively function in a supporting relationship to such organizations are exempt from the definition of a Private ernment, Government Agency and Central Bank/Monetary AuthorityGovernments, Government Agencies and Central Banks/Monetary Authorities are those Customers whose sole existence is to perform government functions. They are fully owned, established and operated by a local, regional or national government, and all activities performed by the Customer are in the public sector.Hedge Fund, Private Equity and Venture Capital Fund(Closed-Ended)Hedge Funds, Private Equity and Venture Capital Funds all pool and invest their clients’ money in an effort to make a positive return, and are generally characterized as posing a higher risk to Investors due to limited redemption cycles, ability to borrow against the funds capital and lack of regulatory oversight. The Investments are managed by the heads of each fund, and can be used to purchase debt or equity in a company.Individual - Citizen/ Non-CitizenAll accounts opened solely for Individuals (and not companies), regardless of the Individual's country of citizenship, fall under the Customer Type of Individual-Citizen/Non-Citizen.The following table lists State Street’s customer types and their definitions.Customer TypeDefinitionsInsurance CompanyAll accounts opened for Customers in the business of offering any type of Insurance Policy to the public, regardless of whether or not the company is publically or privately held, should be classified under Insurance Companies.Investment Advisor (Regulated)Regulated Investment Advisors are comprised of Individuals registered with the SEC, State Securities Agency, FSA (or local equivalent) acting on behalf of a fund. A Regulated Investment Advisor is a person or group that makes investment recommendations or conducts securities analysis in return for a fee, whether through direct management of client assets or via written publications. Investment Managers act on behalf of a fund, and are responsible for executing the investments recommended by the Advisors. Promoters also fall within this definition as they are the individuals responsible for setting up funds. Typically, the promoter raises the cash for the fund but doesn't invest themselves (in many jurisdictions promoter regime currently only applies to UCITS funds). Investment Advisor (Unregulated) Unregulated Investment Advisors are comprised of Individuals not registered with the SEC, State Securities Agency, FSA (or local equivalent) acting on behalf of a fund. An Unregulated Investment Advisor is a person or group that makes investment recommendations or conducts securities analysis in return for a fee, whether through direct management of client assets or via written publications. Investment Managers act on behalf of a fund, and are responsible for executing the investments recommended by the Advisors. Promoters also fall within this definition as they are the individuals responsible for setting up funds. Typically, the promoter raises the cash for the fund but doesn't invest themselves (in many jurisdictions promoter regime currently only applies to UCITS funds).Money Service Businesses (MSB) Money Service Businesses are defined as those who, whether or not on a regular basis, act as currency dealers or exchangers, cash checks, issue traveler's checks, money orders or stored value, sell or redeem traveler's checks, money orders or stored value or transmit money. Traditional financial institutions who are regulated are exempt from the definition of MSB. In many jurisdictions, MSBs are subject to regulation.Mutual FundsMutual Funds and Commingled Trusts are investment vehicles made up of a pool of funds collected from many investors for the purpose of investing in securities such as stocks, bonds, money market instruments and similar assets for the sole purpose of generating investor profit. Mutual Funds and Commingled Trusts are operated by money managers, who invest the fund's capital in accordance with objectives set out in the prospectus, and attempt to produce capital gains and income for investors. Mutual Funds are regulated by the SEC, FSA, or local equivalent, while Commingled Trusts are not.Pension PlansPension Plans are a means for an employee to save for retirement. Pension plans allow for an employer to make contributions toward a pool of funds set aside for an employee's future benefit. The pool of funds is then invested on the employee's behalf, allowing the employee to receive benefits upon retirement. Pension plans can be set up by employers (private or public corporations), as well as a Government Agency.The following table lists State Street’s customer types and their definitions.Customer TypeDefinitionsPersonal Investment Vehicle/ Personal Holding Company/ Personal Investment CompanyPersonal Investment Vehicles are investment entities which are privately owned. Private Investment Vehicles tend to be complex, and enable a high level of anonymity. Personal Holding Companies are corporations where at least 60% of the adjusted gross income for a tax year is income of the Personal Holding Company, and who have more than 50% of the value of the corporation's outstanding stock is directly or indirectly owned by five or fewer individuals. Personal Investment Companies are private limited companies used as long term investment vehicles and are subject to tax benefits due to the fact they are often located in offshore investment jurisdictions.Private CompanyPrivate Companies are companies whose shares are not available for public purchase or listed on a stock exchange. Private companies may be regulated or unregulated, and can be established as Partnerships, Limited Liability Companies, Limited Partnerships, Corporations, Unincorporated Businesses or General Partnerships.Public CompanyPublic Companies are companies whose shares are available for public purchase and listed on an approved stock exchange. All public companies are regulated, and can be established as Publically Traded Partnerships (limited public stock offering and ownership by partners which can be individuals or corporations) or Corporations.Securities & Commodities (Broker/Dealer)Securities and Commodities Broker/Dealers are firms or individuals who serve as Agents by executing orders to buy or sell securities or commodities on behalf of clients and charges them a commission for conducting trades.Special Purpose VehicleSpecial Purpose Vehicles ("SPVs") are legal entities created to fulfill narrow, specific or temporary objectives usually created to isolate a company from financial risk. The SPV is usually a subsidiary company with an asset/liability structure and legal status that makes its obligations secure even if the parent company goes bankrupt. Regardless of whether or not the SPV's parent is private or public, Customers meeting this definition should be categorized as SPVs.Supra National OrganizationA Supranational Organization is an organization, or union of multiple countries whose members share in the decision-making and vote on issues pertaining to the wider grouping. Supranational Organizations are not considered Government Agencies due to the fact they are made up of multiple governments. Examples of Supranational Organizations include the United Nations and the European Union.Trusts (Corp & Individual) A Trust is a relationship whereby property is held by one party for the benefit of another. A trust is created by a settlor, who transfers some or all of his or her property to the trust. Trustee(s) hold that property for the trust's beneficiaries, who are Corporations, not Individuals. The trust itself is not a legal entity, but the relationship is formed for the benefit of a stand-alone company. The Trustee(s) are responsible for affairs attendant to the trust, which may include prudently investing the assets of the trust for the Corporate Beneficiaries; however the Trustee(s) sole purpose is not to create profit for the ultimate beneficiaries.The following table lists State Street’s customer types and their definitions.Customer TypeDefinitionsTrust (with Individual Beneficiaries)A Trust is a relationship whereby property is held by one party for the benefit of another. A trust is created by a settlor, who transfers some or all of his or her property to the trust. Trustee(s) hold that property for the trust's Individual Beneficiaries, and has responsibility for affairs attendant to the trust, which may include prudently investing the assets of the trust. The trust itself is not a legal entity, but the relationship is formed for the benefit of a stand-alone company; the Trustee(s) sole purpose is not to obtain a profit for the Individual beneficiaries.University, Hospital and University or Hospital FoundationUniversities are non-profit organizations established to provide education for students. Hospitals are non-profit organizations established to provide medical care for patients. For profit Universities and Hospitals are considered private companies. Universities and Hospitals can be private or public, and require government certification to be established. Universities and Hospitals with religious affiliations are also covered under this category. University or Hospital Foundations are nonprofit organizations set up for the benefit of a University or Hospital. They are exempt from the definition of a Private Foundation due to the fact that they have broad public support.Prohibited CustomersState Street will not enter into a relationship with prohibited Non-Individuals or Individuals which includes:Foreign Shell BanksUnregistered MSBsNumbered accounts or non-disclosed accountsOnline gamblingImportant Note If needed, use the Customer Translation table to map existing Business Unit Customer Types with the new State Street Customer Types.Figure 1: Customer Translation TableTopic 7: New and Existing CustomersOverviewCompleting KYC varies depending on whether the customer is New or Existing.New customer: A new customer is a Non-Individual or an Individual contracting with State Street for the first time.Existing customer: An existing customer is a Non-Individual or an Individual who currently holds a contract with State Street. The following table defines some key terms that will be referenced throughout the KYC process.Customer TypeKYC Account HolderNon-Individual or Individual for which the account is opened.Account Related CDDInformation collected during the CDD process related solely to account activity, which includes: Expected account activityIdentification of all nominal owners of the accountThe purpose for opening the accountWhether the relationship will be used as a Payable Through AccountWhether the relationship will be used for Nested AccountsSub-AccountSub-Accounts (sometimes referred to as child accounts) are often used to compartmentalize Master Accounts (sometimes referred to as parent accounts) allowing for more detailed recordkeeping and organization. Many State Street Business Units utilize sub-accounts to support their internal or customer's operational purposes, for example, a foreign exchange customer with Sub-Accounts in different fiat currencies. These Sub-Accounts have no AML obligations under the Global AML Policy; all AML responsibilities will be executed at the Master Account level. Sub-Accounts under this construct will not be included as part of KPI/KRI reporting. Topic 8: Know Your Customer Lifecycle and Escalation LifecycleThe following table provides information related to the timelines associated for completing KYC.Customer TypeKYC TimingNew CustomerFor new customers and accounts, CIP, CDD, AML Customer Risk Rating (CRR), and EDD, if applicable, must be conducted prior to opening an account and rendering services. In the event that the new customer and account holder are separate legal entities, CIP, CDD, AML CRR, and EDD, if applicable, must be conducted on the contracting and account holder before the account is opened and services are rendered. New Account Existing Customer Same as Account HolderFor existing customers who are establishing a new account with either the same or different division of State Street, where the contracting party is the same as the account holder, the existing customer’s CIP data must be verified before the account is opened and services are rendered. CDD, AML CRR, and EDD, if applicable, must be completed within 30 calendar days of account opening. The existing customer maintains its current risk rating until the risk rating for the new account is calculated. The new account risk rating is factored into the AML CRR upon completion.Existing Customer Different from Account HolderFor existing customers who are establishing a new account with either the same or different Business Unit of State Street, where the contracting party is different from the account holder, the existing customer’s CIP (contracting entity’s CIP) data must be verified before the account is opened or services are rendered. Customer and account related CDD, AML CRR, and EDD, if applicable, must be performed within 30 calendar days of account opening. The existing customer maintains its current risk rating until the new risk rating for the new account is calculated.The new account risk rating is factored into the AML CRR on completion, though the account is a separate legal entity entering the organization through the original customer. Before opening the account and rendering services, CIP, CDD, AML CRR, and EDD, if applicable, must be conducted at both the customer and account level. Existing Customer New Sub-AccountFor existing customers opening a new sub-account, full KYC is only required when the master and sub-account are different legal entities and have different ultimate beneficial ownership. Additional guidance can be found in the AML and Sanctions Business Unit Standard Operating Procedures.In instances where CDD is required for a sub-account, the existing customer’s CIP data must be verified before the sub-account is opened and services are rendered. CDD, EDD (if applicable), and AML CRR must be completed within 30 calendar days of account opening.EscalationIf within 30 calendar days of account opening there is still outstanding information required to complete CIP, CDD or EDD, a plan to remediate the situation, signed by the Business Unit Executive Management Committee member, shall be submitted to the Global Chief AML Officer and the Chief Compliance Officer.If, after 60 calendar days of account opening, there is still outstanding information required to complete the CDD or EDD process, a plan to terminate the customer (including a termination date) will be submitted to the full State Street Executive Management Committee for approval by Business Unit management. Additionally, the Global Chief AML Officer will report to the AML Compliance Financial Intelligence Unit (FIU) all accounts with incomplete CDD or EDD after 60 calendar days from account opening (and any accounts terminated within this timeframe due to incomplete CDD or EDD) for consideration of SAR filing. Figure 2: KYC Lifecycle TimelineTopic 9: Opening an Account OverviewThe relationship with the customer begins when the account is opened and services are rendered. There are three types of established relationships within State Street: Custody Relationship/AccountBank Account Services RenderedThe following table describes the type of established relationships within State Street.Type of AccountDescriptionCustody Relationship/AccountOverview:When describing a custody relationship, Business Units refers to its customers as “Bundled” or “standalone.”Standalone: Term used when a Business Unit is the primary owner of the custody relationship.Bundled: Term used when a Business Unit is NOT the primary owner of the custody relationship. In this case, the Business Unit is a secondary provider of products or services to an existing custody relationship with a different Business Unit.Definition:No later than the day prior to the first transaction date on the account, it is considered an open “live” account.Example: Initial Securities Movement on June 30, 20XX; KYC should be complete no later than June 29, 20XX.Therefore, in certain circumstances, an account can be opened and account numbers can be added to subscription documents in advance of a fund going live. Bank AccountOverview:This is a traditional DDA account. This type of relationship is uncommon at State Street, due to our lack of retail banking operations, and comprises only a small percentage of our total relationships.Definition:Once an account is ready to transact or is capable of receiving a deposit, it is considered an open “live” account. Example: Once an account is open on the Hogan deposit system, it is considered an open “live” account.The following table describes the type of established relationships within State Street.Type of AccountDescriptionServices RenderedOverview:These are “service” oriented activities provided to the customer. Definition:The earlier of: 1) The date the contract has been signed, or2) After the first service has been provided to the customer. Examples: When the first State Street generated report from the account is delivered to the customer.When servicing commences, generally by way of a signed agreement noting that services should not be performed until the agreement is ic 10: Overview of the AML Toolkit OverviewThe AML KYC Toolkit sets the foundation of our AML Program. The following table describes the components of the AML KYC ponentDescriptionGlobal AML and Sanctions PoliciesThe Global Policies establish comprehensive policies, principles and standards to protect State Street’s, and its employees, shareholders’ and customers’ from exposure to AML and Sanctions risks.Global AML and Sanctions Business Unit Standard Operating ProceduresThe Global AML and Sanctions Business Unit Standard Operating Procedures are designed to assist the First Line of Defense in meeting regulatory expectations as well as State Street’s expectations on processes, activities, and controls defined as part of the AML and Sanctions’ control environment.Customer Translation TableThe Customer Translation Table helps the Business Unit map their existing customer types to the new State Street customer types. KYC Requirements MatrixThe KYC Requirements Matrix outlines the Policy requirements for KYC at State Street. It includes a description of each requirement including data and evidence that must be acquired, verified and recorded by customer type. KYC PlatformThe KYC Technology Platform is a tool created to:Facilitate communication and workflow between Business Units and AML KYC CoE (Shared Services).Provide a facility for uploading and storing of documents.Create a record of compliance with KYC Procedures.The KYC Technology Platform supports all components of KYC as well as risk rating calculations for customers, where State Street has a regulatory obligation.KYC Platform functionality allows a user to:Establish a Legal Entity.Manage KYC tasks and workflow.Upload documents to the customer’s file for evidence, including the AML risk rating and screening results.Have one enterprise-wide record and repository to ensure compliance with AML regulations related to KYC.The following table describes the components of the AML KYC ponentDescriptionAML CRRState Street’s policy requires the First Line of Defense to assess each customer’s money laundering risk. A customer relationship includes accounts, products, services, and regulatory and geographic risks that vary across accounts; so each is addressed separately when conducting the risk rating. An overall rating is assigned based on the evaluation of the customer’s characteristics. Risk Forms (EDD Customer Profile and the Low/Medium and High Periodic Review Forms)The EDD Customer Profile Form and the Periodic (Low/Medium or High) Review Forms are designed to provide the First Line of Defense uniform documents for use when executing either EDD or periodic review activities. Discussion QuestionWhat is the purpose of the Customer Translation Table, KYC Requirements Matrix, and Risk Forms (EDD Customer Profile and the Low/Medium and High Periodic Review Forms)? Lesson 1: Summary KYC is comprised of the following three components: CIP, CDD, and EDD.State Street has no tolerance for breaches within its AML and Sanctions Programs. The consequences of breaches can be significant.To support the activities within the Target Operating Model (TOM), the First, Second, and Third Lines of Defenses have been formed.A customer is a person contracting directly with State Street for the provision of products and services. A customer can be either a Non-Individual or an Individual.An "account" is a formal banking or brokerage relationship established to provide or engage in services, dealings, or other financial transactions, and includes a deposit account, a transaction or asset account, investment management account, credit account, or another extension of credit.Once the customer and the account have been identified, before we can determine what KYC requirements are needed, we need to determine the customer pleting KYC varies depending on whether the customer is New or Existing.The relationship with the customer begins when the account is opened and services are rendered. There are three types of established relationships within State Street: Custody Relationship/Account, Bank Account, and Services Rendered.The AML KYC Toolkit comprises: Global AML & Sanctions Policies, Global AML and Sanctions Business Unit Standard Operating Procedures, Customer Translation Table, KYC Requirements Matrix, KYC Platform, AML CRR, and Risk Forms (EDD Customer Profile and the Low/Medium and High Periodic Review forms). Lesson 2: Customer Identification Program Topics Customer Notice (US Customers Only)Required Information for Customer IdentificationCustomer Identification Program Exemptions and Simplified Due DiligenceCustomer VerificationMaterial DiscrepanciesIntroductionThe State Street Global AML Policy requires the First Line of Defense to implement CIP. The CIP includes risk-based procedures designed to enable the Business Unit to form a reasonable belief that it knows the true identity of each customer.As per this policy: The Business Unit must be able to identify the true identity of the customer. The Business Unit obtains and validates the identification information for each customer.The KYC Shared Service performs verification for each customer. The First Line of Defense will utilize the AML KYC Requirements Matrix and the procedure template to determine what information must be obtained and verified for each customer ic 1: Customer Notice (US Customers Only)OverviewAll Business Units are required to provide U.S. customers with adequate notice that State Street is requesting information to verify their identity. The customer notice should/will be:Available in various forms depending on the manner in which the customer opens an account.Adequate if the Business Unit gives a general description of the identification requirements.Adequate if the Business Unit provides it in a way that is reasonably designed to ensure that customers can see it or know about it before opening an account.At a minimum, the following text needs to be provided:Important Information about Procedures for Opening a New AccountTo help the government fight the funding of terrorism and money laundering activities, law requires all FIs to obtain, verify, and record information that identifies each person who opens an account.”Topic 2: Required Information for Customer IdentificationOverviewThe Business Unit must obtain and retain the following minimum identification information from each:New customer seeking to open an account.New person being added to an existing customer’s account.Existing customer seeking to open a new account.Each named individual in a joint/multi-party account is subject to CIP. If a new individual is added to the customer’s account, CIP information must be obtained for that person and the person’s identity must be verified.The following table lists information required for customer identification. CustomerRequired InformationNon-IndividualFull Business or Legal Entity Name (Contracting Party);Physical address and country:Principal place of business/ trading addressLocal office Other physical locationIdentification number: For U.S. Non-Individuals, the Employer Identification Number (EIN) must be a Tax Identification Number (TIN)For non-U.S. Non-Individuals, the foreign TIN or another government-issued identification number, such as a corporate registration number must be obtained and the source documented. Individual (WMS only)NameDate of BirthPhysical Address and Country (a P.O. box cannot be used in place of the customer’s physical address)Identification Number: For a U.S. Individual, the identification number must be a TIN, which, for people, is a Social Security number (SSN). For non-U.S. Individuals, one or more of the following is required to open a customer account: An Individual TINA passport number and country of issuanceAn alien identification card number; or A number and country of issuance of any other unexpired government-issued document evidencing nationality or residence and bearing a photograph or similar safeguardNote: Exceptions to the P.O. box restriction can be sought by following the process outlined in Section 5.9 of the procedural template. If the individual does not have a residential street address or a business street address, any of the following may be recorded: Military Post Office box number; or in the unusual circumstance that none of the required information is available, residential or business street address of the next of kin may be accepted. Proof of relationship with the customer needs to be obtained and recorded.The following table lists information required for customer identification. CustomerRequired InformationControlling Party and Associated Third PartyFull nameDate of birth (for individuals)Job titleUBOs Full nameAddress, including CountryDate of birthID numberNote: This information is required for UBOs with 10% or more ownership.Important Note The timeline for collecting this information varies depending on whether it is a new customer, existing customer with new account etc.Figure 3: KYC Lifecycle Timeline Discussion QuestionShould CIP be conducted for existing customer who is seeking to open an account with State Street? If yes, why and if no, why ic 3: Customer Identification Program Exemptions and Simplified Due DiligenceOverviewA CIP exemption, often referred to as Simplified Due Diligence (SDD), is a reduced form of due diligence in specific circumstances only, and is considered appropriate for certain customers where the money laundering or terrorist financing risk is deemed to be lower.SDD must adhere to relevant legislation, and in line with State Street’s AML Risk Assessment.Customers qualifying for CIP exemption do not need to share copies of licenses or charters. The following table provides details related to verification for exempted customers.Exempt CustomerValidationFinancial Institutions (FIs) with an approved regulatorNote: Accounts opened for the purpose of participating in an employee benefit plan established under the Employee Retirement Income Security Act of 1974 (ERISA), or similar is excluded from the definition of an account and not subject to CIP.Confirmation of the regulated status for FIs must be established through the regulator’s or self-regulatory organization’s websitePublic Companies traded on an approved Stock exchangeConfirmation must include their listed status established through appropriate market data sources, such as Stock Exchange website, and supporting documentation obtained concerning exchange and ernmental entities Confirmation must provide documentation certifying their exempt status.Important Notes If a customer is flagged as eligible for CIP Exemption/SDD, AML KYC CoE (Shared Services) must validate and approve eligibility based upon the requirements. Evidence of this review and sign off, by a supervisor/manager as specified in local procedures, must be in writing and uploaded to the KYC Platform.CIP Exemption/SDD does not preclude the necessity of performing due diligence on a customer. It simply precludes the necessity for having to verify the identity of a customer. Discussion QuestionIdentity the roles of the Business Unit and AML KYC CoE (Shared Services) for customers that are eligible for CIP ic 4: Customer VerificationOverviewAs part of the CIP, AML KYC CoE (KYC Shared Services) must verify the customer identification information collected during the CIP, to form a reasonable belief that it knows the true identity of the customer. Two types of verification methods are available: Documentary verification and Non-Documentary verification. AML KYC CoE (Shared Services) may use one or both of those methods when verifying the identity of customers.The following table describes the Documentary and Non-Documentary Methods of verification.Documentary MethodNon-Documentary MethodPurposeMethods that rely on verifying the customer’s identity through the inspection of physical documents. Methods that rely on verifying the customer’s identity through the collection of customer information using non-documentary sources, for example: Banker’s AlmanacBloombergBureau Van Dijk – ORBISWhere to Locate the RequirementsAcceptable forms of documentary verification are outlined in the Global AML and Sanctions Business Unit Standard Operating Procedures.Acceptable forms of non-documentary verification are outlined in the Global AML and Sanctions Business Unit Standard Operating Procedures.The following table describes the Documentary and Non-Documentary Methods of verification.Documentary MethodNon-Documentary MethodRequirementsFor an existing customer, identification may be verified by the following: Unexpired existing documents on fileAnnotating the information and source, as long as such documents meet current standards and were valid at the time obtainedCustomer verification can be performed via a public domain using:EmailFaxed copy or hard copyNote: If documents are not in English, a certification that confirms the appropriateness of the document may be relied upon.Certain jurisdictions do not allow FIs to make a photocopy of a customer’s identification document. If a photocopy or image of the document is not retained, a record must be made with a description for the relevant document. If documentary verification is used, the following needs to be retained:Description of the document that was used, noting the type of documentAny identification number contained in the documentPlace of issuance Date of issuanceExpiration date A copy or screen print of the non-documentary source should be retained.If a copy of the non-documentary report or print screen is not retained, a record must be made to verify the identity of the customer, such as the name of the source and the unique identifier provided for future reference purposes. The record should include the following:Date of the review of the non-documentary sourceDescription of the method usedResults, including if no record was found.All non-documentary verification must be retained as part of the customer profile within the KYC Platform for five years after the record is made or longer, if required by local regulations. This may include:The results of any measures undertaken to verify the identity of the customer.The results of any measures undertaken to verify the identity of additional controlling persons. A description of resolution of any substantive discrepancies that were discovered when verifying identifying information. The following table describes the Documentary and Non-Documentary Methods of verification.Documentary MethodNon-Documentary MethodUse of Non-Standard VerificationIf a Business Unit seeks to verify a customer’s identity using a documentary means that is not listed and additional CIP sources must be approved by the Global Chief AML Officer. The Global Chief AML Officer will determine if the identification document or non-documentary method proposed is acceptable, for this one-time situation. The Global Chief AML Officer’s approval must be documented and retained.If a Business Unit seeks to verify a customer’s identity using a non-documentary means that is not listed and additional CIP sources must be approved by the Global Chief AML Officer. The Global Chief AML Officer determines if the identification document or non-documentary method proposed is acceptable, for this one-time situation. The Global Chief AML Officer’s approval must be documented and retained.The following table provides information related to acceptable non-individual documents, acceptable individual documents, and unacceptable documents.Acceptable Non-Individual DocumentsAcceptable Individual DocumentsUnacceptable DocumentsAcceptable identification documents for Non-Individuals include:A copy of banking license (banks only)For jurisdictions that do not issue physical banking licenses:A screenshot of the regulator’s website, confirming regulated status The issue date of license and permissions/restrictions associated, sufficient to confirm whether the counterparty is an offshore bankFor other foreign FIs other than banks, a copy of the license or authority under which the FI operates, issued by the country of incorporationArticles of IncorporationArticles of Association/OrganizationSigned Limited Partnership AgreementSigned General Partnership AgreementLLC Operating AgreementFull Trust Agreement or copies of relevant pagesCertificate of Trade or Business NameNote: A full list of acceptable documents can be found in the KYC Requirements Matrix.Acceptable identification documents for Individuals include:Government Issued Identification CardDriver’s LicensePassport (any, with photograph)US Passport Card (with photograph)Military Identification or dependent’s Military Identification CardConsular Identification CardTribal Identification CardNote: A full list of acceptable documents can be found in the KYC Requirements Matrix.Unacceptable identification documents include:Social Security Card, except for accounts for minors and seniors Non-personalized cash cardsStudent ID cardsRail cardsClub membership cards Note: A full list of acceptable documents can be found in the KYC Requirements Matrix. Discussion QuestionTwo types of verification methods are available: Documentary verification and Non-Documentary verification. Which of these methods will AML KYC CoE (Shared Services) use when verifying the identity and why?Topic 5: Material DiscrepanciesOverviewIn the course of verifying the identity of a customer, material discrepancies may arise between:Information obtained from the customerInformation obtained during the verification processExample: TIN or address that does not match with what the customer originally provided. Resolving DiscrepanciesAML KYC CoE (Shared Services) may use one or more of the following steps to resolve such material discrepancies before the customer’s account is opened:Confirm information received from the customer is correct.Verify identity through additional means.Escalating DiscrepanciesIf material discrepancies cannot be resolved, AML KYC CoE (Shared Services) is responsible for: Alerting the Business Unit AML OfficerProviding details of what customer information does not match, including the documentation sources where the customer information can be found.Maintaining a record of such material discrepancies by documenting it and its resolution in the customer’s profile.If the material discrepancy cannot be resolved and verification cannot be completed, the customer’s account cannot be opened and the matter must be considered by AML Compliance for suspicious activity reporting. Discrepancies not deemed to be material might include inability to verify an address – for instance, a recent change of resident/office.All records related to the discrepancies made in the course of verifying identification of customers and how the discrepancy was resolved must be documented in the customer’s profile and maintained for a period of at least five years from the date of the record. Lesson 2: Summary All Business Units are required to provide U.S. customers with adequate notice that State Street is requesting information to verify their identity. The Business Unit must obtain and retain minimum identification information from each: new customer seeking to open an account, or new person being added to an existing customer’s account, before the account is opened and services are rendered, and for an existing customer seeking to open a new account.A CIP exemption, often referred to as SDD, is a reduced form of due diligence in specific circumstances only, and is considered appropriate for customers where the money laundering or terrorist financing risk is deemed to be lower.After the Business Units gather the necessary information and documents, AML KYC CoE (Shared Services) must verify the identity of a customer through documentary or non-documentary means, or through a combination of both to form a reasonable belief that it knows the true identity of the customer.In the course of verifying the identity of a customer, material discrepancies may arise between information obtained from the customer and information obtained during the verification process.Lesson 3: Customer Due Diligence Topics Standard CDD: Purpose of an AccountStandard CDD: Building Customer’s Anticipated Activity ProfileStandard CDD: Source of FundsStandard CDD: Source of WealthStandard CDD: ScreeningTargeted CDD: Customer FinancesCustomer Risk RatingIntroductionCDD begins with the identification and verification of the customer’s identity. In the CDD process, the Business Unit must obtain information and AML KYC CoE (Shared Services) which will validates the information provided by the Business Unit which will be sufficient to develop an understanding of normal and expected activity for the customer’s occupation, business operations, and financial situation. The First Line of Defense assesses the AML and Sanctions risks associated with the customer by collecting and analyzing additional information and conducting name and country screening. The First Line of Defense is responsible for obtaining and collecting customer information to:Anticipate the types of transactions in which a customer is likely to engage.Provide information that can be used in monitoring and reporting of suspicious activity.Assess the money laundering and terrorist financing risks associated with a customer.Obtain documentation that identifies whether that entity’s shares are held in bearer form or that the entity is authorized to issue bearer shares for privately-held legal entities.The CDD process includes screening, risk rating and the KYC requirements by customer type. In addition, the CDD process outlines the required KYC information and identifies specific documentation and information requirements by customer type for both new and existing customers.Standard CDD vs. Targeted CDDWithin CDD, there are two types:Standard CDD: Completed for all customers, regardless of the Customer TypeTargeted CDD: Completed only for certain Customer ic 1: Standard CDD: Purpose of an AccountOverviewThe Business Unit must:Gather information about the customer’s anticipated activity. Ensure that information required is commensurate with the risk associated with the products and services to be delivered and/or the customer segment. Include details of what products and services are being provided to the customer and intended use of the plete the applicable CDD process requirements and include the customer’s account profile in the customer’s KYC file in the customer database system to ensure that the appropriate CDD information is captured to clearly evidence and document the CDD process.Important Note Determining the purpose of an account is a qualitative assessment based on the information that is gathered from the customer. Within the KYC Platform, there is a list of reasons and you must choose the one that best fits the customer. (For example - Investments in Stock Market, Retirement Investments, Estate Planning etc.) Discussion QuestionWhile obtaining and collecting customer information during CDD, what details should the Business Unit capture?Topic 2: Standard CDD: Building Customer’s Anticipated Activity ProfileOverviewBefore the customer’s account opening process is complete, the Business Unit must collect information to cover:Anticipated account activity Reflect higher risk activities that are expectedTransactions that are not routine (i.e., a one-time transaction as a result of the sale of a property or a loan disbursement)Source of funds Source of wealthHigh-risk transactions will be documented as part of the customer profile and is a factor in determining the customer’s risk rating. High Risk transactions can include international wires to/from High-risk jurisdictions or international ACH transactions (IAT).The Business Unit will accept only those customers whose source of funds and source of wealth can be reasonably established to be legitimate. In the case of UBOs, it may be necessary to establish the ultimate source of funds for the account and whose source of wealth should be subject to due diligence. Refer to the AML KYC Requirements Matrix for relevant documentation that needs to be collected per category.To help build the anticipated activity profile, the Business Unit must obtain the following information: Country of formation/operationsType of businessProducts and services requestedLegal entity structure Discussion QuestionWhat information should the Business Unit collect before the customer’s account opening process is complete?Topic 3: Standard CDD: Source of FundsOverviewAs part of building the Customers anticipated account profile; the Business Unit must take adequate measures to establish the source of funds that are involved in the proposed relationship or occasional transaction.This is not simply the name of the FI from where the funds are coming, but rather it is the source from which the customer came into possession of the funds. Identification of the source of funds contributes to the source of wealth for the customer. The following table provides detailed information related to a customer’s source of funds.Source of FundsPurposeTo establish the source of funds that are involved in the proposed relationship or occasional transaction.Non-Individual/ Individual DocumentsBelow is a list of Non-Individual/Individual Documents:Insurance payoutPayroll401KGiftTrustInternet paymentsDomestic wire transfersMonetary instrumentsCash deposits of foreign currencyCash deposits of local currencyForeign wire transfersThird-party checkNon-Individual TransactionsExamples of Unique Transactions include:Grant funding received from the federal government to fund solar power transformation project. Tax rebate received from the state government as part of a special agreement for job creation.Continuous Transactions:Revenue from business operations and business investments in bonds.Credit card receivables for products and services provided to customers.Individual TransactionsExamples of Unique Transactions include:Settlement received from an insurance company and looking to invest the funds for future use.Proceeds from a bank account recently closed and used to open the same/similar type of account.Inheritance received from a family member which will be a one-time event.Continuous Transactions:Payroll deposits made into the account on a periodic basis, weekly, biweekly, or monthly.Pension or annuity payments made into the account on a monthly basis after retiring.Revenue received from a small business owned and operated by the Individual. Discussion QuestionSettlement received from an insurance company and looking to invest the funds for future use. This is an instance of Non-Individual ic 4: Standard CDD: Source of WealthOverviewIn order to evaluate the source of a customer’s wealth, the Business Unit should gather information relevant to the manner in which the customer’s assets were obtained. This is the accumulation of the customer’s net worth which includes, in part, the funds held by State Street. For example, the information collected by the Business Unit will differ depending on whether the wealth was acquired through:Investments or investment returnsOwnership of a businessEmploymentProfessional practice or otherwise. The following table provides detailed information related to a customer’s source of wealth.Source of WealthPurposeTo evaluate the source of a customer’s wealth.Non-Individual DocumentsBelow is a list of Non-Individual Documents:ProspectusAnnual reportsKey investor information documentLetter/contract note from previous investment company giving notification of proceeds of maturing investment/claimSigned tax return from a certified accountantCompleted sale contractLoan agreementRecent loan statementsLetter from donor confirming details of gift and acknowledging the source of the donated fundsLegal sale document(s) (such as contract notes)Signed letter from the Attorney Signed letter from a certified accountantNon-Individual TransactionsBelow is a list of Non-Individual Transactions:Investments from new subscribers in a fund and earnings from the investment of subscriber fundsInvestment returns from joint business ventures with well-known FIs and other non-bank FIsSale of an insurance company’s stock over a period of time to reduce the overall risk exposure of the companyPrivate company in the insurance industry recently sold its office buildings as part of their plan to consolidate business operations to stay within the U.S.Public company in the non-bank financial services industry recently had their initial public offering/stock market launch to institutional investors to raise capital to make an acquisition of a competitor for increased market shareThe following table provides detailed information related to a customer’s source of wealth.Source of WealthIndividual DocumentsBelow is a list of Individual Documents:Last three months’ pay slipsConfirmation from the employer of the income and bonuses for last two yearsBank statements that clearly show receipt of the most recent three months’ regular salary payments from the named employerLatest accounts, if self-employedGrant of Probate with a copy of the will that must include the value of the estateLoan agreementRecent loan statementsBank statementsLetter from a donor confirming details of gift and acknowledging the source of the donated fundsIndividual TransactionsBelow is a list of Individual Transactions:Divorce settlement received that was used to fund the new accountAnnual bonus received from the individual's current employer Dividends received from stock held in a brokerage account on a quarterly basis Alimony payments received on a monthly basisExampleThe tables below walks through a mutual fund example, the following 4 factors are used to satisfy the Source of Wealth requirement for a customer from the KYC Platform. The following factors work together to tell a story of the customer, from the identification of the customer type, nature of business, the sources, and the overall justification statement.Customer TypeNature of the BusinessSource of WealthJustificationThis begins the KYC process defining the requirements for each customer type. Identification of the customer type offers immediate, inherent information related to the customer itself. For example if the customer is an open ended mutual fund, it can be assumed already that the fund has many investors that participate or contribute to the fund, and that the assets are from the investors.Mutual FundIndividualsBanksInvestment Advisor (regulated)Pension FundCharityEndowmentThe nature of business has a risk rating associated with it and is essential information to understanding the customer, as well as contributing to the understanding of the operations and reasonableness of the source of wealth.The type of business in which the customer engages can be found through the SIC/NAICS/NACE codes which should already be entered in the KYC Platform (reused from requirement #21 in the KYC Platform). The industry of best fit for an open ended mutual fund, identified in the previous box example is in bold below. 525910 - Open-End Investment Funds531 - Real Estate525 - Funds, Trusts, and Other Financial Vehicles5251 - Insurance and Employee Benefit Funds525110 - Pension Funds525930 - Real Estate Investment TrustsThe source of wealth requirement states: Verify from the customer the source of wealth. (This is not simply the name of the institution from which the funds are coming, but the accumulation of the customer’s net worth, which includes, in part, the funds held by State Street).Following the open ended mutual fund example, given that the fund has many investors and is a vehicle to make investments and returns for its investors the below options fit as sources of wealth for the fund, bolded below.Pick list Drop Down of the various sources of wealth:Investment Income/ReturnsBusiness OperationsSubscriptionsGovernmentDonationsEarnings (Sale of Shares)Earnings (Sale of Business)Earnings (Sale of Property)Earnings (Sale of Investments)Earnings (Maturing investments or policy claim)Earnings (Investment related income - e.g., dividends) Employment (Salaried)Employment (Retirement Income)Employment (Self-employed)Inheritance/Family GiftInsurance Proceeds/SettlementDivorce SettlementWinnings (Government Lottery)Winnings (Non-Government Lottery)The source of wealth takes a number of factors into consideration. An assessment must be conducted utilizing the information collected from previous requirements during KYC. Factors contributing to the Source of Wealth's accuracy and reasonableness include:From where the funds came; How the customer came into the funds; From whom, if received from another individual, or entity; When the funds were acquired; and The location(s) from where the funds came.Free form textThe above parameters, combined with the industry, and customer type, as well as the sources of income over time lead to a narrative regarding the source of wealth. For example:An Investment Manager recently brought in a Mutual Fund, which is an open-ended investment fund (525910), with thousands of investors, and is targeted for long term investment returns. (This leads one to assess that a mutual fund which accepts a large amount of capital from investors to grow the investment returns is reasonable. This source of wealth is justified as one can expect that operations, fees, investments and earnings all contribute to the source of wealth, and the immediate source of funds are directly attributable to investments from new shareholders). Discussion QuestionDividends received from stock held in a brokerage account on a quarterly basis. This is an instance of Individual ic 5: Standard CDD: ScreeningOverviewAML KYC CoE Shared Services conducts screening on the names and countries associated with customers, all UBOs, and any other related and specified controlling parties, and associated third parties prior to opening the customer’s account. Screening consists of the following searches:Global, Local, and State Street Sanctions ListsWorld Check Iran Economic Interest Database (IEI Database)AML Compliance Counterparty AML Watch ListNegative news Search (through World Check or another vendor) PEPFinancial Crimes Enforcement Network (FinCEN) Section 311 Special MeasuresSanctions ScreeningsAt customer onboarding, names and countries of all customers, UBOs and any other related and specified controlling parties, and associated third parties must be screened for Sanctions purposes using the following lists:Global, Local, and State Street Sanctions ListsWorld Check IEI DatabaseAML Compliance Counterparty AML Watch ListAfter running the searches noted above, AML KYC CoE (Shared Services) will review all potential and partial search results. The Business Unit will review each potential match to determine whether the results are false positives or confirmed matches.Negative NewsAll customers, UBOs and any other related and specified controlling parties, and associated third parties must be screened for negative news items, and once analyzed, should be designated as relevant or non-relevant. Negative news can be classified as relevant negative news and non-relevant negative news.The following table provides details related to relevant negative news and non-relevant negative news.Relevant Negative NewsNon-Relevant Negative NewsRelevant Negative News is when the customer poses a High-risk. Generally, only negative information that reflects the reputation of the customer for legal or regulatory compliance is relevant, such as:Criminal or regulatory enforcement actionsMoney laundering or Sanctions violationsOther illegal activity that was conducted by or facilitated by the customerNegative financial news or information about litigation with customers or competitors also generally is not relevant. Crimes committed against the customer generally may not be relevant, such as embezzlement and/or traffic violation. If there is any doubt whether negative news is relevant, the Business Unit AML Officer must be consulted.In the case of a confirmed match and materiality, the Business Unit will contact the Business Unit AML Officer and AML Compliance Financial Intelligence Unit (FIU) on the same day. Non-relevant negative news largely pertains to less significant instances of the activities described above. The offenses are typically isolated and/or minor in nature. Non-relevant negative news corresponds to incidents that reflect no significant reputational, legal, or financial impact on the customer. It should be noted that, multiple instances of a non-relevant behavior that appear to suggest control issues for an individual or institution may collectively be interpreted as relevant.The following table lists examples of relevant and non-relevant negative news that includes but is not limited to a customer’s and/or related party’s established or reasonably substantiated connections. Relevant Negative NewsNon-Relevant Negative NewsTerrorist activity related to AMLMisdemeanor criminal convictions or judgmentsAML and Sanctions non-complianceUnremarkable civil awards, settlements or penaltiesViolations of AML laws, regulations or sanctionsInsignificant or extraneous litigationDrug-related offenses due to cash intensive nature increases AML RiskRogue employee actionsFraud related to AMLActions by former members of senior managementBribery related to AML (especially relevant for PEPs)Actions by more junior employeesRegulatory enforcement actions (e.g. cease and desist order, consent order, formal agreement)Resolved minor disputes with third partiesGovernment/agency issued blacklists or watch lists as criminal activity increases money laundering riskSmall lapses in business practicesLaw enforcement investigations (e.g. indictment, arrest, kickback, Ponzi scheme, counterfeiting) as criminal activity increases money laundering riskStandard inconsequential industry-specific enforcementsFelonious criminal convictions or judgments (e.g. indictment, arrest, kickback, Ponzi scheme, counterfeiting) as criminal activity increases money laundering riskThe establishment of the customer as a Senior Public OfficialLarge civil awards or penalties due to increased risk of money launderingPersonal matters not relevant to the activities of our customer or related parties (e.g. infidelity or driving while under the influence)Fines or settlements related to AMLCorrupt/unethical professional activity due to increased risk of money launderingDisreputable published articles or reports as behavior indicates a potential increased money laundering riskPolitically Exposed Person (PEP)In order to meet its regulatory obligations State Street is required to identify customers, and nominal or UBOs, who are PEPs. PEPs may generally be viewed as High-risk customers. The following table provides detailed information related to a PEP.PEP DefinitionPEP Customer OnboardingA PEP is defined as a current or former:Senior official (i.e., individual with substantial authority over policy, operations, or use of government-owned resources) in the executive, legislative, administrative, military, or judicial branches of a foreign government whether elected or notSenior official of a major foreign political partySenior executive of a foreign government-owned commercial enterpriseA corporation, business, or other entity that has been formed by, or for the benefit of, any such IndividualA corporation, business, or other entity whereby more than fifty percent (%) of the board members or ownership rights are (controlled by) such individual(s)An immediate family member of any such individual (i.e., spouse, parent, sibling, children, or spouse’s parents and siblings)A person who is widely and publicly known (or actually known by State Street) to be a close associate of such individual, i.e., senior level advisorNote: The term PEP refers to foreign and domestic Non-Individuals/Individuals.State Street and Business Unit management are responsible for ensuring that State Street do not knowingly or unwittingly assist in hiding or moving funds that represent the proceeds of corruption by PEPs, where AML Compliance is responsible for monitoring the effectiveness of the control environment around PEPs at the Business Unit level. After a PEP is identified through the CDD process, AML KYC CoE (Shared Services) should collect specific CDD information via the Business Unit or documentation related to the PEP and assess the associated AML risk. In determining the level of risk, AML KYC CoE (Shared Services) should consider factors such as:Official duties of the individualNature of the title (e.g., honorary or salaried)Level of authority over government activities or other government officialsAccess to significant government assets or funds Control over the account Negative news or other reportsFinCEN Section 311 Special MeasuresSection 311 of the USA PATRIOT Act (Section 311) grants the Secretary of the Treasury the authority, upon finding that reasonable grounds exist for concluding that a foreign jurisdiction, foreign FI, class of transaction, or type of account is of “primary money laundering concern,” to require domestic FIs and financial agencies (such as banks) to take certain “special measures” against the entity identified as a primary money laundering concern.These special measures, which may be proposed and implemented by Treasury's FinCEN, range from requiring additional due diligence and special attention concerning particular account transactions among U.S. FIs to prohibiting the opening or maintenance of any correspondent or payable through accounts. The following special measures can be imposed individually, jointly, in any combination and in any sequence:Recordkeeping on and reporting of certain transactionsCollection of information relating to beneficial ownership Collection of information relating to certain payable-through accounts Collection of information relating to certain correspondent accountsProhibition or conditions on the opening or maintaining of correspondent or payable-through accounts Discussion QuestionDifferentiate between Relevant Negative news and Non-Relevant Negative News. Support your answers with ic 6: Targeted CDD: Customer FinancesOverviewFor all relevant customer types, the Business Unit seeks to obtain financial information, as a source of CDD information for the customer. It should be noted that obtaining these documents is mandatory for Financial Institutions (FIs). The following table provides details related to Separate Annual Report and Consolidated Annual Report.Separate Annual ReportAnnual Report Consolidated into Parent ReportThe following should be documented from the company website, audited financial statements or provided by the entity:Name of external auditorsEvidence of auditThe most recent audited financial statements, within the last two yearsJurisdictional equivalent to audited financialsJustification/attestation, approved by AML Compliance, for lack of information Note: Some jurisdictions may not have these available due to jurisdictional regulations, in those instances, the jurisdictional equivalent; justification and an attestation are acceptable.There may be circumstances where the customer is either a wholly or majority owned subsidiary or a Branch, that does not have its own separate annual report, but has their financial information consolidated into its Parent's report and accounts.In these circumstances, the Parent’s consolidated report and accounts should be used, provided these are audited by a reputable auditor appropriate for the size and nature of the customer. If the Business Unit has any concern in this regard, the matter should be referred to the Business Unit AML Officer for agreement or otherwise that the auditor is appropriate and the Parent’s financials may be relied upon. Discussion QuestionWhile obtaining financial information, as a source of CDD information for the customer, when should the Business Unit use the Parent’s consolidated report and accounts?Topic 7: Customer Risk RatingOverviewAfter all of the necessary information has been obtained from the Business Unit, AML KYC CoE (Shared Services) risk rates the customer prior to opening the customer’s account to assess the AML Risk of conducting business with this customer.The AML CRR:Drives decisions to initiate, maintain, limit, or terminate particular customer relationships.Triggers approval requirements for KYC and exception processes.Effectively monitor High-risk customers by resource devotion.Determines the frequency of periodic reviews.Allows for the application of different levels and aspects of surveillance, including transaction monitoring.AML KYC CoE (KYC Shared Services) classifies its customers as High, Medium, or Low based on the AML CRR scoring methodology and documents this score in the customer’s KYC file. Figure 4: Risk CategoriesKey Points The CDD process is designed to cover both new and existing customers. In instances where an additional customer, controlling party or associated third party is added to a relationship after it is established, the Business Unit must document the additional KYC information when required, as part of the addition to the customer’s account relationship.When a customer refuses to provide information this raises concerns in the context of the broader due diligence, these instances will be escalated to the Global Chief AML Officer via the Unusual Activity Report. The Global Chief AML Officer or delegate will determine whether the on-boarding should continue, based on the information the customer is refusing to provide and the overall due diligence results. Discussion QuestionWhat should be the acceptable course of action in instances where a customer refuses to provide information requested per the process requirements?Lesson 3: SummaryWithin CDD, there are certain tasks that need to be completed for all customers, no matter what the Customer Type. We refer to this as Standard CDD.The Business Unit will accept only those customers whose source of funds and source of wealth can be reasonably established to be legitimate. In the case of UBOs, it may be necessary to establish the ultimate source of funds for the account and whose source of wealth should be subject to due diligence.Part of building the Customers anticipated account profile; the Business Unit must take adequate measures to establish the source of funds that are involved in the proposed relationship or occasional transaction.In order to evaluate the source of a customer’s wealth, the Business Unit should gather information relevant to the manner in which the customer’s assets were obtained. This is the accumulation of the customer’s net worth which includes, in part, the funds held by State Street. The third step in CDD is when the Business Unit conducts screening on the names and countries associated with customers, all UBOs, and any other related and specified controlling parties, and associated third parties prior to opening the customer’s account. Negative news can be classified as relevant negative news and non-relevant negative news.Section 311 of the USA PATRIOT Act (Section 311) grants the Secretary of the Treasury the authority, upon finding that reasonable grounds exist for concluding that a foreign jurisdiction, foreign FI, class of transaction, or type of account is of “primary money laundering concern,” to require domestic FIs and financial agencies (such as banks) to take certain “special measures” against the entity identified as a primary money laundering concern.In order to meet its regulatory obligations State Street is required to identify customers, and nominal or UBOs, who are PEPs. PEPs may generally be viewed as High-risk customers. Once all the customer information is gathered from the customer, the Business creates a Separate Annual Report and Consolidated Annual Report.After all of the necessary information has been obtained from the Business Unit, KYC Share Services risk rates the customer prior to opening the customer’s account to assess the AML Risk of conducting business with this customer.Lesson 4: KYC Platform Topics QueuesDashboardsSearch CasesSearch Legal EntityLegal Entity Management ScreenLegal Entity DetailsBusiness DetailsSupplementary DetailsRisksStatusTasksIntroductionBefore we get into specific procedural steps within CIP and CDD, we would first like to introduce you to the KYC Platform and discuss the standard functionality to help you navigate.The Main Screen is the first screen that you will see when you log on. This screen allows you to search and manage new and existing cases. The components of the KYC Platform Main Screen are:Queues Tab: This tab allows you to manage and edit your existing cases.Dashboard Tab: This tab allows you to view only the items that you are or have worked on.Search Tab: This tab allows you to search for an existing Entity.Search Details Section: This section allows you to enter search criteria to find if a case exists or does not exist.Search Results Section: This section allows you to view the results displayed by the search entered in the Search Details.Figure 5: KYV Platform Main ScreenImportant NoteThis system is driven by user access and not all features will be available. For example, Team Tasks will only be viewed by ic 1: QueuesOverviewThe Queues Tab has three sections that allow you to manage and edit existing ic 2: DashboardsOverviewThe Dashboard Tab allows you to view only the items that you are or have worked on. The following table lists the steps you need to follow to view your Dashboard.StepActionClick Dashboard within the KYC Platform Main Screen.Click My Dashboard icon to view My Dashboard ic 3: Search CasesOverviewThe Search Tab allows you to search for existing Cases. The table below lists the steps you need to follow to search for cases.StepActionIn the KYC Platform Main screen, click Search to view the Search icons.To search Cases, click on the Search Cases icon.In the Case Search screen, to search for a case, enter the following search criteria:Case ID and/orCase Name and/orCustomer NameNote: This is a dynamic search, so you could input part of a name to get a set of search results.The table below lists the steps you need to follow to search for cases.StepActionOnce you enter the search criteria, click Search to view your search results. Topic 4: Search Legal EntityOverviewThe Search Tab allows you to search for existing Legal Entities. The table below lists the steps you need to follow to search Legal Entities.StepActionIn the KYC Platform Main screen, click Search to view the Search icons.To search Legal Entities, click Search Legal Entity.In the Legal Entity Search screen, to search for a Legal Entity, enter the following search criteria:Legal Entity ID and/orLegal Entity Name and/orNote: This is a dynamic search, so you could input part of a name to get a set of search results.The table below lists the steps you need to follow to search Legal Entities.StepActionOnce you enter the search criteria, click Search to view your search results. To view the results, click the arrow next to the item.Note: Only if the Entity exists will it appear in the Results. If the search results come back with no matches, you must Create ic 5: Legal Entity Management ScreenOverviewThe Legal Entity Management Screen is the screen where the Business unit will enter all of the KYC information/data and/or documentation for each customer. This screen is divided into five sections as follows: Legal Entity Details Business Details Supplementary DetailsRisk StatusTasksImportant NotesFields with the red asterisk are mandatory fields and must be populated before you save and move on.Fields that are grayed out, means this data was previously populated on the prior screen and was carried over to this screen; users are not able to make any changes or updates to these ic 6: Legal Entity DetailsOverviewThe Legal Entity Details section is specific information regarding where the Legal Entity was formed and/or incorporated. As well as, specific information on the Business Unit that is engaging in the relationship. The following table provides details about the fields and their descriptions within this section.Field NameDescriptionLegal Entity Type*The Customer Type of the Legal Entity Legal Entity Name*The Legal Entity Name as it is reflected within the information/data/documentation you received from the Customer, for example a contract.LEILegal Entity Identifier is an industry identification number assigned to an entity.Country of IncorporationThe country the Legal Entity was incorporated.Date of Formation/ IncorporationThe date the Legal Entity was formed or incorporated. State Street Business UnitThe Business Unit that is entering the Legal Entity/Customer/AccountShared ServicesThe location of the Shared Services that supports the Business UnitIDKYC Platform Identification Number assigned to each KYC Tracking Case, generated by the systemGEMS IDGEMS Identification Number for Legal Entity from the GEMS SystemState of IncorporationThe state in which the Legal Entity is incorporatedIdentification #The type of identification that the Legal Entity is using to verify identity:Alien Identification NumberConsular Identification CardEINTINForeign TINPassport NumberSSNState Street Business Unit LocationWhat country the Business Unit is locatedLatest Updated DateSystem driven date based on when updates are madeTopic 7: Business DetailsOverview The Business Details section is information that is specific to the Business of the Legal Entity. The following table provides details about the fields and their descriptions within this section.Field NameDescriptionTrade As Name(s)Official name the Legal Entity is traded asListed on Approved ExchangeIndicate whether the Legal Entity is listed on an approved Stock ExchangeStock ExchangeIndicate what Stock Exchange the Legal Entity is traded onRegulated ByIndicate the Regulator of the Legal EntityStock SymbolIndicate the Stock Symbol of the Legal EntityCUSIP (US Only)A CUSIP is a nine-character alphanumeric code that identifies a North American financial security for the purposes of facilitating clearing and settlement of tradesISIN/ SEDOL/ RIC (Non-US)ISIN stands for International Securities Identification Number, which uniquely identifies a security. Securities for which ISINs are issued include bonds, commercial paper, stocks and warrants.SEDOL stands for Stock Exchange Daily Official List, a list of security identifiers used in the United Kingdom and Ireland for clearing purposes. SEDOLs serve as the National Securities Identifying Number for all securities issued in the United Kingdom and are therefore part of the security's ISIN as well.RIC stands for Reuters Instrument Code. Is a ticker-like code used by Thomson Reuters to identify financial instruments and indices.Products and Services offeredIndicate the products and services that are offered by the Legal EntitySource of FundsThe source of funds refers to the origin of the particular funds or other assets which are the subject of the business relationship (e.g., the amounts being invested, deposited, or wired as part of the business relationship). This information will usually give an indication as to the volume of wealth the customer would be expected to have, and a picture of how the customer acquired such wealth.The following table provides details about the fields and their descriptions within this section.Field NameDescriptionSource of WealthThe source of wealth refers to the origin of the customer’s entire body of wealth (i.e., total assets).Initial On boarded DateDate the Legal Entity started their relationship with State Street Corporation.Primary Business LocationGeography where the Legal Entity conducts its business.Other Stock ExchangeIndicates if the Legal Entity is traded on another Stock Exchange.Other Regulated ByIndicates if the Legal Entity is regulated by another regulator.SICSIC stands for Standard Industrial Classification, which is a system for classifying industries by a four-digit code.NAICSNAICS stands for North American Industry Classification System used by business and government to classify business establishments according to type of economic activity (process of production) in Canada, Mexico, and the United States of America.Purpose of AccountIndicates why the Legal Entity requested to conduct business with State Street Corporation.Other Source of FundsIndicates if the Legal Entity has other Source of Funds to document.Other Source of WealthIndicates if the Legal Entity has other Source of Wealth to document.Legal StructureIndicate how the Legal Entity is legally structuredTopic 8: Supplementary DetailsOverviewThe Supplementary Details section is information that is specific to the expected activity in the account. The following table provides details about the fields and their descriptions within this section.Field NameDescriptionInvestment GoalsIndicate the investment goals of the Legal EntityNested AccountNested Accounts are a sub-set of accounts associated with, or having access to, correspondent accounts of foreign financial institutions. Risks arise when the foreign financial institution permits another financial institution, through the nested account, access to the account, because this allows foreign financial institutions to have anonymous access to a different jurisdictional banking system. Funds received are seen by the bank as coming from legitimate, established channels and its foreign correspondents.Customer has up to date records?Indicate whether the records provided by the Legal Entity are currentSchedule for RedemptionIndicate the schedule for redemptions; monthly or quarterlyType of TrustIndicate the type of trust: Individual Trust, Family Trust, Corporate TrustValue of TrustIndicate the value of the trust for which the account is being openedAvailable Investment OptionsIndicate the available investment options for the account.Payable Through AccountThis is a service offered by a jurisdiction’s banking entities to foreign banks, involving the banking entity opening a checking account for the foreign bank. The foreign bank may solicit customers that reside outside of certain financial markets who, for a fee, are provided with the means to conduct banking transactions in the new market through the foreign bank's account at the service providing banking entity.Funding and disbursement criteriaIndicate how the legal entity is funded and how the disbursement criteria are considered, including what kind of beneficiary information is collectedPercentage of RedemptionIndicate the percentage of redemptionTopic 9: RisksOverviewThe Risk section is information that is specific to the results of screening and Customer Risk Rating. The following table provides details about the fields and their descriptions within this section.Field NameDescriptionNegative NewsAll customers, UBOs, controlling parties, and associated third parties must be screened for negative news items, and once analyzed, should be designated as relevant or non-relevant. Not all negative news is relevant, i.e., would be relevant to the decision whether the customer poses a High AML Risk. Generally, only negative information that reflects on the reputation of the customer for legal or regulatory compliance is relevant, e.g., criminal or regulatory enforcement actions, money laundering or Sanctions violations, or other illegal activity that was conducted by or facilitated by the customer. Negative financial news or information about litigation with customers or competitors also generally is not relevant. Crimes committed against the customer generally may not be relevant, e.g., misdemeanor or traffic violation. If there is any doubt whether negative news is relevant, the Business Unit AML Officer must be consulted. (See the procedures document for full definition of Material negative News)Authorized SignersNot being usedOwnersIndicate whether a material match has been found for all Ultimate Beneficial Owners screened.UBO is an Individual or entity who has a level of control over, or entitlement to, the funds or assets in the account that, as a practical matter, enables the individual, directly or indirectly, to control, manage or direct the account. The ability to fund the account or the entitlement to the funds of the account alone, however, without any corresponding authority to control, manage or direct the account (such as in the case of a minor child beneficiary), does not cause the individual to be a Beneficial Owner.Risk CategoryCustomer Risk Rating - Customer Risk Rating as used herein refers to the money laundering risk of the customer based upon State Street’s standard methodology.ManagementIndicate whether a material match has been found for all Management personnel ic 10: StatusOverviewThe Status section is information that is specific to that status of the case. The following table provides details about the fields and their descriptions within this section.Field NameDescriptionEdit StatusProvides that the status of the customer’s case.Last Verified DateProvides the previous date the Legal Entity/KYC Tracking Case completed the KYC Process. With initial entry this field will be greyed out until the KYC Process is ic 11: TasksOverviewThe Task section is information that is specific to the seven tasks within the KYC Process. The following table provides details about the tabs and their descriptions within this section.Field NameDescriptionTasksThe Tasks tab presents ‘in progress’ and ‘completed’ tasks related to the Case.LE RolesThe LE Roles Tab indicates the role of the Legal Entity: Customer, Account, or Customer and Account AddressesThe Addresses tab presents a full grid listing of all addresses associated to the Legal Entity. From the Addresses Tab, the users with the appropriate permissions can add addresses to an entity and perform a range of functions on addresses listed like view, edit, remove.DocumentsThe Documents tab presents a full grid listing of all documents associated to the KYC Tracking Case. From the Documents Tab, users with the appropriate permissions can add documents to an entity and perform a range of functions on documents listed like view, edit, remove the mentsThe Comments Tab presents a grid listing of all comments associated to the case. From here users with the appropriate permissions can add comments and view the listing of comments already captured. Note: comments added from the Case Details page section will also list here once the Case Details are saved. HistoryKYC Platform maintains a complete record of actions/operations that takes place to on the case in question. ProductsThis tab presents a full grid listing of all products added to a Legal Entity. Products will only be added to Legal Entities with the LE Role of Account. From the Products Tab, the users with the appropriate permissions can add products to the Legal Entity and edit the Product Details.Associated PartiesThe Associated Parties tab presents Legal Entities linked manually to the KYC Tracking Case in context. Users can associate Legal Entities from this tab. This tab is where the user will link all Associated 3rd Parties, Controlling Parties and Beneficial Owners.Within the KYC Platform, there are seven tasks that create the workflow for who, what, and when it needs to be done throughout the KYC onboarding process. The following table provides details about these tasks.TaskTask NameDescriptionActorCapture Legal Entity DataCreate Entity in KYC PlatformEnter all customer information within the below sections:Customer DetailsBusiness DetailsSupplementary DetailsRiskAdd LE Role – Customer/AccountAdd additional address(es)Add Product DetailsAdd Associated 3rd PartiesBusiness UnitUpload Request DocumentsUpload all customer documents that were gathered during CIP and CDDBusiness UnitAssign KYC Tracking CaseAssign to Shared Services Shared Services ManagerValidateValidate and ensure that all required information and documentation has been gathered, satisfies all requirements and entered correctly.Shared Services Enrich Client DataPerformCustomer Verification – Documentary or Non-DocumentaryOnboard Screenings – Sanctions List and Negative News ScreeningsCapture evidence & upload as documentsShared Services Refer KYC Tracking CaseRefer Case back to previous StageThis can happen at any point during tasks #3-6Shared Services ManagerUpload Risk RatingCalculate Risk Rating in CRR ToolUpload results as documentsAssign value in Products DetailsAssign value in Risk Rating Upload screenShared Services Complete AMLPerform escalation for High Risk Rating ValueUpload evidence/results as docNote: During this task, all escalations will be performed outside the KYC Platform and a record of the escalations and work completed by the BU and/or AML Compliance must be captured and uploaded into the KYC Platform.Shared Services Approve for Account OpeningReviewApprove or ReferShared Services ManagerLesson 4: SummaryThe components of the KYC Platform Main Screen are Queues Tab, Dashboard Tab, Search Tab, Search Details Section, and Search Results Section.The Queues Tab has three sections that allow you to manage and edit existing cases.The Dashboard Tab allows you to view only the items that you are or have worked on.The Search Tab allows you to search for existing Cases.The Search Tab allows you to search for existing Legal Entities.The Legal Entity Management Screen is the screen where the First Line of Defense will enter all of the KYC information/data and/or documentation for each customer.The Legal Entity Details section is specific information regarding where the Legal Entity was formed and/or incorporated.The Business Details section is information that is specific to the Business of the Legal Entity. The Supplementary Details section is information that is specific to the customer’s expected account activity. The Risk section is information that is specific to the results of the screenings and Customer Risk Rating. The Status section is information that is specific to that status of the case. Within the KYC Platform, there are seven tasks that create the workflow for who, what, and when it needs to be done throughout the KYC onboarding process. Lesson 5: How to Conduct CIP and CDD Topics Capturing Legal EntityUpload Requested DocumentsValidateEnrich Client DataUpload Risk Rating Results Complete AMLApprove for Account OpeningOverviewOnce all the information, data and/or documentation has been gathered the Business Unit will begin the first task of Capturing Legal Entity Data in the KYC Platform. During this task all customer information will be entered into the below sections:Customer DetailsBusiness DetailsSupplementary DetailsAdd LE Role – Customer/AccountAdd Product DetailsAlso, need to ensure that following is added if applicable:Add additional address(es)Add Associated 3rd PartiesImportant NoteIf, at any point during CIP and CDD, a material discrepancy is identified, the Business Unit should escalate the details of the material discrepancy to the Business Unit AML Officer for resolution. Material discrepancies can relate to customers refusing to provide information, conflicting customer information and/or inability to verify ic 1: Capturing Legal Entity OverviewThe following table lists the steps that the Business Unit needs to perform during Task 1 – Capturing Legal Entity. StepActionProvide notice to U.S. customers, including associated third parties, controlling parties, and UBOs, about the information State Street will be requesting to complete CIP.Obtain the following customer identification information:NamePhysical address and country:Principal place of business/trading addressLocal office Other physical location Date of birth (when applicable)Identification numberDetermine the Customer Type using the Translation table to map to the new State Street Customer Types.Note: Once the Customer Type has been identified and jurisdiction is determined, access the KYC Requirements Matrix to collect all information required, including associated third parties, controlling parties and UBOs. The following table lists the steps that the Business Unit needs to perform during Task 1 – Capturing Legal Entity. StepActionTo access the KYC Requirements Matrix, go to the KYC Portal at the following location: . Click on the KYC Requirements Matrix.In the Customer Type section at the top of the Tool, select the appropriate Customer Type by clicking on the Customer Type once.The following table lists the steps that the Business Unit needs to perform during Task 1 – Capturing Legal Entity. StepActionIn the Jurisidcition section, follow the steps below:Select Global Corporate Standard Press and hold the Ctrl Key of the system and select Jurisdiction by clicking on the name once.Result: Both the Standard and additional Jurisdictional steps are displayed. Notes: If the Jurisdiction is not listed, select Global Corporate Standard Jurisdiction by clicking once, standard steps will be displayed.At a minimum the Standard KYC Requirements must be followed, if a specific Jurisdiction has additional KYC Requirements all must be followed.If a specific Jurisdiction requires less than the minimum, the minimum standard KYC Requirements must be followed.In the KYC Element section, the tool defaults to list both CIP/CDD and EDD steps. If either CIP/CDD or EDD steps are not required, you can select the appropriate elements by clicking on the required element.Note: To clear the KYC element selection, click the Clear Filter icon, the Tool will return to the default.The KYC Requirements Matrix will display the search results and for each requirement the following information is provided:Req # - unique idRequirement Description – narrative description of the AML requirementData – required data or informationEvidence – acceptable types of requirements evidenceCustomer Type – Identifies the Customer Type selectedJurisdiction – Identifies the Jurisdiction(s) selectedKYC Element – Identifies the KYC Element(s) selectedNote: If the Step number contains a decimal and number after it, that Req # may replace or enhance the Req # it follows (example: Standard Req 3 requires that the physical address be obtained, the Jurisdictional enhancement 3.1 requires that the address also be verified.)The following table lists the steps that the Business Unit needs to perform during Task 1 – Capturing Legal Entity. StepActionAfter determining the customer type and gathering the required information, data and/or documentation, access the KYC Portal at the following location: 11.In the KYC Portal, click KYC Platform. The following table lists the steps that the Business Unit needs to perform during Task 1 – Capturing Legal Entity. StepActionBefore we start to build the KYC case, we first need to deterimine if this customer already exists within State Street. Within the KYC Platform Main screen, click Search to view the Search icons.Note: It is important to complete this step because if the customer already exists they could have KYC documents on file that could be leveraged.To search Legal Entities, click Search Legal Entity.The following table lists the steps that the Business Unit needs to perform during Task 1 – Capturing Legal Entity. StepActionWithin the Legal Entity Search tab, enter the following information:Full legal name in the Legal Entity Name fieldSelect the Country of Jurisdiction in the Country list Click SearchIf the customer already exists another Business Unit has onboarded this customer, in this situation, you must review the KYC information, data and/or documentation to ensure it is valid and up-to-date.If the customer does not exist, create new Legal Entity in the KYC Platform by clicking the Create New button to view the Add Legal Entity Screen.The following table lists the steps that the Business Unit needs to perform during Task 1 – Capturing Legal Entity. StepActionWithin the Add Legal Entity Screen, select the Legal Entity Type which is the Customer Type.Within the Add Legal Entity Screen, enter all information required to create a Legal Entity in the KYC Platform:Complete all required fields denoted with an “*”Classify Legal Entity Role as a CustomerSelect SaveIn the Customer Details screen, enter all additional information into the KYC Platform as required by the KYC Requirements Matrix Remember: Fields with the red asterisk are mandatory fields and must be populated before you save and move on.The following table lists the steps that the Business Unit needs to perform during Task 1 – Capturing Legal Entity. StepActionIn the Business Details screen, enter all additional information into the KYC Platform as required by the KYC Requirements Matrix. Note: Not all fields within this section are required; it would depend on the customer type. In the Supplementary Details screen, enter all additional information into the KYC Platform as required by the KYC Requirements Matrix. Click Save for Later when all data entry fields have been completed.The following table lists the steps that the Business Unit needs to perform during Task 1 – Capturing Legal Entity. StepActionNavigate to the Tabs section at the bottom of the screen and within the LE Roles tab, click Create New to open up the Legal Entity Role Window:In the Legal Entity Role window, complete the following:Within the Legal Entity Role field, select AccountWithin the Role Status field, select ActiveClick Save. Note: Once the Account role has been added, there should be two roles assigned to this Legal Entity; Customer and Account.To enter additional addresses, select the Address tab; click Create New to open the Add Address window.The following table lists the steps that the Business Unit needs to perform during Task 1 – Capturing Legal Entity. StepActionIn the Add Address dialog box, select/enter the following information:Address TypeAddress Line 1Town/CityCountry – Once this field is entered, the State/Country dropdown becomes availableState/CountryClick Save. The address will be added as an item in the Address tab. Select the Products tab, select the following information:Product CategoryProduct NameState Street Contracting EntityClick AddTo enter detailed Product information, click on the Edit icon to view the Product Details screen.Note: This section is where you select the products that the customer is purchasing from State Street. The following table lists the steps that the Business Unit needs to perform during Task 1 – Capturing Legal Entity. StepActionIn the Product Details screen, enter the following information:Product DetailsExpected ActivityHigh Risk TransactionsClick SaveClick BackNote: Do not enter the Risk Rating; this is completed by Shared Services. Select the Associated Parties tab, click Create New.Within the Association tab, under Association Details, select the Relationship.Within the Associated Entity field, enter the Entity or select the Magnifying Glass to view a list of existing Legal Entities. The following table lists the steps that the Business Unit needs to perform during Task 1 – Capturing Legal Entity. StepActionIf the Legal Entity exists, select it in the search results to add the association, and then click Select.Click Save and Complete or click Save and Add Another to add another association.If the Entity does not exist, click on Create New.To add an Associated Third Party within the Add Legal Entity Screen, select the Legal Entity Type which is the Customer Type of the Associated Third Party.The following table lists the steps that the Business Unit needs to perform during Task 1 – Capturing Legal Entity. StepActionWithin the Add Legal Entity Screen, for Associated Third Parties only the following is needed:Full NameDate of Birth (Individuals Only)Job TitleEnter the following to add the Associated Third Party into the KYC Platform:First NameLast NameDate of Birth (Individuals Only)State Street Business Unit – System requirementState Street Business Unit Location – System requirementShared Services – System requirementClick on the Unknown Address box, the address is not requiredClick SaveWithin the Additional Details section, complete the followingAdd the Job Title into the Occupation fieldClick Save.Once the Associated Party has been added now you have to associate it the Legal Entity. Follow steps 30 – 38 to complete.Once Legal Entity Details and all tabs information has been entered, click Save and Complete. Task 1 – Capturing Legal Entity Data is ic 2: Upload Requested Documents OverviewOnce the Legal Entity has been created in the KYC Platform, and all information has been entered for the Legal Entity, the next task is to upload supporting documentation gathered. The following table lists the steps that the Business Unit needs to perform during Task 2 – Uploading Request Documents. StepActionOn the Tasks tab, click Refresh.On the Documents tab, click Add Document.In the Add a Document screen, in the Document Source list, select Uploaded Document.Note: The Add a Document screen will continue to add fields once a field is selectedThe following table lists the steps that the Business Unit needs to perform during Task 2 – Uploading Request Documents.StepActionEnter the following information:Click Browse and search for the appropriate document on local computer, the name of the Document will be auto-populated with the name of the fileSelect the Document CategorySelect the Document Type (The Document Type values are driven by the Document Category chosen)Click Save and Complete when document(s) have finished uploading (Click Save and Add Another as appropriate)On the Tasks tab, select Complete from the task icon.Note: Once all documents are updated, the case is saved and sent to AML KYC CoE (Shared Services).Task 2 – Upload Request Documents is ic 3: Validate OverviewOnce Task 2 – Upload Request Documents has been completed, the KYC Tracking Case will be assigned to a AML KYC CoE (Shared Services) User by a Shared Service Manager. The AML KYC CoE (Shared Services) User will validate that all required information has been gathered and entered into the KYC Platform correctly, and will also validate that all required documentation has been gathered, satisfies the document requirements, and has been uploaded to the KYC Platform.The following table lists the steps that AML KYC CoE (Shared Services) needs to perform during Task 3 – Validate.StepActionOn the My Tasks Queue tab, selects the All folder to find the case.A list of assigned cases appears, select Navigate from the small icon to the right of the case to validate.In the Legal Entity Management screen, validate that all required information has been entered into the Customer, Business and Supplementary Detail sections, per the KYC Requirements Matrix. The following table lists the steps that AML KYC CoE (Shared Services) needs to perform during Task 3 – Validate.StepActionOn the LE Roles tab, validate the Legal Entity Roles.On the Documents tab, open each document to validate information entered in the Legal Entity Management screen is correct (fields that were populated from customer documents).On the Documents tab, validate that all required documents have been uploaded into the KYC Platform per the KYC Requirements Matrix (Accessible through the KYC Portal).On the Documents tab, open each document by selecting Edit Document Properties from the icon to the right of each document.Click the View Document link and validate that it satisfies document requirements:Click, Current, Legible, signed and in full and Annotated if in language other than English.Click SaveClick Back to navigate to the Legal Entity Management screen.On the Addresses tab, validate that all address information is correct.On the Products tab, validate that all product information has been entered correctly as follows:Validate product information is correct on the Products tabNavigate to the Product Details screen by clicking on the icon to the right of the productValidate that all information entered in the Product Details screen is correctClick Back to navigate to the Legal Entity Management ScreenThe following table lists the steps that AML KYC CoE (Shared Services) needs to perform during Task 3 – Validate.StepActionOn the Associated Parties tab, validate all Associated Parties have been added and all the information is correct as follows:Validate product information is correct on the Associated Parties tabNavigate to the Product Details screen by clicking on the icon to the right of the product, and selecting ViewValidate that all information entered in the Product Details screen is correctClick Back to navigate to the Legal Entity Management screenOnce all documents have been validated, navigate to the Tasks tab and complete the task by selecting Complete from the icon to the right of the task.Task 3 – Validate is ic 4: Enrich Client Data OverviewOnce Task 3 – Validate has been completed; the next task is Enrich Client Data.To complete this task, the AML KYC CoE (Shared Services) User will perform:Customer Verification, either by documentary or non-documentary meansPerform the Onboard Screenings, consisting of the Negative News and List Screening. All screening, including Customer Verification, will be performed in a system outside of the KYC Platform. It is required that results and evidence of the screenings be captured as a document, and then uploaded into the KYC Platform.The following table lists the steps that AML KYC CoE (Shared Services) needs to perform during Task 4 – Enrich Client Data.StepActionTo perform non-documentary verification, perform the following steps:Navigate to the Non-documentary Verification system (Accessible through the KYC Portal)Run verification screening in external systemCapture results locally as a documentNavigate to the KYC Platform through the KYC PortalNavigate to the My Tasks Queue on the left side of the screen and click Refresh, then select All – All tasks assigned to the user will appear under the search resultsSelect the Navigate icon to the right of the appropriate task in the Search Results – this will bring the user to the Legal Entity Management screenNavigate to the Documents tab to upload the results of the Customer Verification as a document, and then click Add Document.The following table lists the steps that AML KYC CoE (Shared Services) needs to perform during Task 4 – Enrich Client Data.StepActionUnder Document Details, enter the following information:Select the Document Source value as Uploaded Document.Select the Document Direction as InboundType in the Document Name as appropriateSelect the Document Category as KYC – this will drive the values of the Document Type dropdownSelect the Document Type as ScreeningClick SaveTo perform Documentary Verification, perform the following steps:Perform Customer Verification screening with identification documents provided by the customerCapture results locally as a documentUpload evidence in the KYC Platform as a document (See previous step for adding document steps)The following table lists the steps that AML KYC CoE (Shared Services) needs to perform during Task 4 – Enrich Client Data.StepActionTo perform Onboard Screenings, perform the following steps:Navigate to the KYC Portal Collaborate.Navigate to the Onboard Screenings systems through the KYC PortalPerform List Screenings on Legal Entity and all Associations in external systemCapture screening results as a documentUpload evidence as a document in the KYC Platform (See previous step for Adding a Document)Navigate to the KYC Portal through CollaborateNavigate to the Negative News Screening system through the KYC PortalPerform Negative News Screening on Legal Entity and all Associations in external systemCapture screening results as a documentNavigate to the KYC Platform through the KYC PortalUpload evidence as a document in the KYC Platform (See previous step for Adding a DocumentThe Documents Tab should now have documents capturing the results of the following:Customer Verification – Either Documentary or Non-documentaryList ScreeningNegative News ScreeningOn the Tasks tab, In the KYC Portal, select Complete in the icon dropdown to the right of the task complete the task.On the Tasks tab, click Refresh to bring up the next task Upload Risk Rating Result.Task 4 – Enrich Client Data is ic 5: Upload Risk Rating Results OverviewOnce Task 4 – Enrich Client Data has been completed; the next task is Upload Risk Rating Results.Once the customer has been verified, Onboard Screenings have been completed, and results have been uploaded as evidence to the KYC Platform, the KYC Shared Service User will complete the next task of calculating the Risk Rating using the Customer Risk Rating Tool, and uploading the result to the KYC Platform.The following table lists the steps that AML KYC CoE (Shared Services) needs to perform during Task 5 – Upload Risk Rating Results.StepActionWithin the KYC Portal, click on the Customer Risk Rating (CRR) Tool tab.To view the CRR Tool, complete the following:Select the SSC CRR SpreadsheetClick on Download a Copy tabThe following table lists the steps that AML KYC CoE (Shared Services) needs to perform during Task 5 – Upload Risk Rating Results.StepActionFollow the following steps to save the tool:Click the File tab in the upper left-hand corner of the screenSelect Save AsWhen prompted by the dialogue box, select which drive to save the toolClick SaveThe step-by-step instructions to use Customer Risk Rating tool are given on the Instruction tab.Identify the appropriate KYC Customer Type using the Customer Translation Table.The following table lists the steps that AML KYC CoE (Shared Services) needs to perform during Task 5 – Upload Risk Rating Results.StepActionClick the grey Launch button to open the worksheet and start the risk scoring process.Select the appropriate KYC Customer Type using drop-down menu. Note: The Customer Type options are available in alphabetical order:If not auto-populated, enter your full name (first, last/family). Also, enter your Employee ID.Enter the name of the Legal Entity (See KYC Req. #1) in the given field.The following table lists the steps that AML KYC CoE (KYC Shared Services) needs to perform during Task 5 – Upload Risk Rating Results.StepActionEnter the GEMS ID in the given field.Enter the MCH ID if available; if this field is not applicable to the customer, please enter N/A.Enter the date of the customer’s first account opening with State Street in DD-MMM-YYYY format, for example 12-APR-1996. If there has been any relevant negative news identified about the customer (as defined in KYC Req. #17), select Yes from the Relevant Negative News drop-down menu. Otherwise, select No.Note: KYC Req. #17: Conduct negative news screening on the customer (CDD Screening). The following table lists the steps that AML KYC CoE (KYC Shared Services) needs to perform during Task 5 – Upload Risk Rating Results.StepActionSelect No for customer types Government, Mutual Funds, Pension Plans, Investment Advisor (Regulated), Investment Advisor (Unregulated), Foundations/Endowments, Charities, SPVs, Hedge Fund & Private Equity, Sovereign Wealth Funds, Trusts (Corp & Ind), Universities and Supra National Organization.For all other customer types, if the customer can issue Bearer Shares (See KYC Req. #31) select Yes, otherwise select No.Note: KYC req. #31: Obtain confirmation as to whether the legal entity issued bearer shares.Select Yes if customer is listed on an exchange (See KYC Req. #10), otherwise, select No from the drop-down menu. Note: KYC req. #10: Obtain documentation supporting whether the entity is listed on an exchange.For customers listed on an exchange, please identify the country of the primary exchange on which the entity is listed – only single response allowed.The following table lists the steps that AML KYC CoE (KYC Shared Services) needs to perform during Task 5 – Upload Risk Rating Results.StepActionOnce a country has been selected, select the primary exchange on which the entity is listed from the drop-down menu. If not available, please select Other and specify which exchange.For customer types Non-FI Public Company, Non-FI Private Company, Government, Investment Advisor (Unregulated), Foundations/Endowments, Charities, SPVs, Hedge Fund & Private Equity, Sovereign Wealth Funds, Trusts (Corp & Ind), Universities and Supra National Organizations select No proof obtained from the drop-down menu.If proof of regulatory status has been obtained (See KYC Req. #9) select Proof obtained, otherwise, select No proof obtained from the drop-down menu.Note: KYC req. #9: Validate documentation supporting the entity's current Regulatory Status.The following table lists the steps that AML KYC CoE (KYC Shared Services) needs to perform during Task 5 – Upload Risk Rating Results.StepActionIf Proof obtained, select the country and name of primary regulator from the drop-down menus – only single response allowed.If the primary regulator is not available, please select Other and specify which regulator has oversight of the entity.Select applicable Industry and Industry code describing the entity's line or nature of business i.e., industry where the customer operates or invests in, from the drop-down menu (KYC Req. #21).Note: In case of Governments, if it is related to central bank then select category Finance and Insurance and specific code of 521110: Monetary Authorities-Central BankEmbassies use category Public Administration and specific code of 928120: International AffairsOther government organizations except central banks and embassies use the category Public Administration and select any of the specific codes.KYC req. #21: Obtain the industry code describing the Customer's line or nature of business.The following table lists the steps that AML KYC CoE (KYC Shared Services) needs to perform during Task 5 – Upload Risk Rating Results.StepActionSelect the appropriate Legal Structure for the customer from the drop-down menu. (See KYC Req. #19). Note: For customer type Governments, select Government (State-owned Body) or Government (Municipality), for Government Agencies select Government (Agency) and for Central Banks/Monetary Authorities select Government (State-owned Body)KYC Req. #19: Identify and verify completed legal documentation required for the creation of a legal entity in the customer's geography and/or state of operation to identify the legal structure.Select the country where the company was incorporated per the legal documentation obtained (See KYC Req.#20).Note: Domicile of Legal Entity vs Domicile of Government Entity will be automatically displayed based on Customer Type chosen.KYC Req. #20: Obtain the date and domicile of formation/incorporation of the legal entity.The following table lists the steps that AML KYC CoE (KYC Shared Services) needs to perform during Task 5 – Upload Risk Rating Results.StepActionSelect as many options as applicable for Geography where the entity conducts its business (KYC Req.#26), i.e., where the business operates or makes investments.Note: If Governments, Government Agencies & Central Banks/Monetary Authorities, then refer to KYC Req.#20.KYC Req. #26: Obtain the geography where the customer/legal entity conducts its business.Select the appropriate CRR Product Category.Select Yes if Remote Deposit Capture (RDC) capabilities are provided as a service, otherwise select No.Select the appropriate Contracting Location, i.e., the country where the contract was established for the product from the drop-down menu.The following table lists the steps that AML KYC CoE (KYC Shared Services) needs to perform during Task 5 – Upload Risk Rating Results.StepActionOnce all fields have been populated, click the Calculate and Save button in the lower left hand corner in order to calculate the customer risk rating. The tool will display a rating across from the Calculate and Save button.A separate Excel document will be saved in the same directory as this tool in the following format: SSC_CRR_Version_Name_GEMSID_MCHID_Date_Time.xlsxNote: If a warning appears prompting the user to escalate to Compliance, please email as an attachment to AMLCompliance@ for further review.Once the risk rating is calculated, save the spreadsheet so it can be uploaded into the Customer’s file within the KYC Platform.To upload risk rating results to the KYC Platform, navigate to the KYC Platform through the KYC Portal.Navigate to the KYC Tracking Case –To Upload the Risk Rating Result.The following table lists the steps that AML KYC CoE (KYC Shared Services) needs to perform during Task 5 – Upload Risk Rating Results.StepActionNavigate to the Documents tab and upload the Risk Rating Results as a document (See previous step for Adding a Document)Select the Document Type value as Risk Rating SpreadsheetClick Save and Complete – this will bring the user to the Legal Entity Management screen.Navigate to the Products tab in the Legal Entity Management screen to assign the Risk Rating value at the Product Level, and then select Edit from the icon dropdown to the right of the product.In the Product Details screen, complete the following:Select the Risk RatingClick SaveClick Back to navigate back to the Legal Entity Management screen.Navigate to the Tasks tab in the Legal Entity Management screen and select the Navigate icon to the right of the task to navigate to the Upload Risk Rating Result screen.The following table lists the steps that AML KYC CoE (KYC Shared Services) needs to perform during Task 5 – Upload Risk Rating Results.StepActionIn the Upload Risk Rating Result screen, perform the following steps:Select a value for each screening performed and then select the value for the Risk Rating CalculationClick Save and Complete – The system will navigate to the Legal Entity Management screen where the Tasks tab will be updated to the next task Complete AML.Note: Risk Category will not be entered in this screen. In Production, this field will be auto-populated with the value input in the Product Details screen.Task 5 – Upload Risk Rating is ic 6: Complete AML OverviewOnce Task 5 – Upload Risk Rating has been completed; the next task is AML Complete.The purpose of the Complete AML Task is to capture any escalations that are required if the Risk Rating Value is High. All escalations will be performed outside the KYC Platform, and a record of the escalations and work completed by the Business Unit and Compliance will be captured as documents and uploaded to the KYC Platform.The following table lists the steps that AML KYC CoE (Shared Services) needs to perform during Task 6 – Complete AML.StepActionIf NO escalation is required, navigate to the Tasks tab in the Legal Entity Management screen and select Complete from the icon to the right of the task.Click Refresh to bring up the next task Approve for Account Opening – this will move the KYC Tracking Case to the Shared Services Manager’s task queue.The Complete AML task is now complete.Task 6 – Complete AML is ic 7: Approve for Account Opening OverviewOnce Task 6 – Complete AML has been completed; the next task is Approve for Account Opening. This is the final task of the KYC AML Process in the KYC Platform.The AML KYC CoE (Shared Services) Manager will review all information and documents that have input into the KYC Tracking Case before providing final approval.The following table lists the steps that AML KYC CoE (Shared Services) Manager needs to perform during Task 7 – Approve for Account Opening.StepActionNavigate to the KYC Platform through the KYC Portal.To review and approve, complete the following:From the Work Queue on the left of the screen, click KYC TrackingClick Review & Approve – This will bring up all KYC Tracking Cases that are in the Review & Approve stage.Click on the ID Link to the left of the correct Case – This will bring up the Case Details screen.The following table lists the steps that AML KYC CoE (Shared Services) Manager needs to perform during Task 7 – Approve for Account Opening.StepActionIn the Case Details screen, click the Navigate icon to the right of Approve for Account Opening Task – This will bring up the Manager Review screen.In the Manager Review screen, click the Navigate icon to the right of one of the previously completed tasks – This will bring up the Legal Entity Management Screen.Perform final review of KYC Tracking Case.Once the review is complete, navigate to the Tasks Tab and select the “Navigate” icon to provide approval on the Manager Review ScreenSelect the Review Outcome as Approve.Select the next review date based on the Risk Rating assigned to the KYC Tracking Case.Click Save and Complete.Task 7 – Approve for Account Opening is complete. The KYC Tracking Case has now been Approved and Completed. The Approve for Account Opening task is now complete. KYC AML Process is Complete.Lesson 5: SummaryWithin CDD, there are certain tasks that need to be completed for all customers, no matter what the Customer Type, referred to as Standard CDD. Before the customer’s account opening process is complete, the Business Unit must collect information to cover anticipated account activity, source of funds, and source of wealth.Part of building the Customers anticipated account profile; the Business Unit must take adequate measures to establish the source of funds that are involved in the proposed relationship or occasional transaction.In order to evaluate the source of a customer’s wealth, the Business Unit should gather information relevant to the manner in which the customer’s assets were obtained. This is the accumulation of the customer’s net worth which includes, in part, the funds held by State Street. The third step in CDD is when the Business Unit conducts screening on the names and countries associated with customers, all UBOs, and any other related and specified controlling parties, and associated third parties prior to opening the customer’s account. Negative news can be classified as relevant negative news and non-relevant negative news.Section 311 of the USA PATRIOT Act (Section 311) grants the Secretary of the Treasury the authority, upon finding that reasonable grounds exist for concluding that a foreign jurisdiction, foreign FI, class of transaction, or type of account is of “primary money laundering concern,” to require domestic FIs and financial agencies (such as banks) to take certain “special measures” against the entity identified as a primary money laundering concern.In order to meet its regulatory obligations State Street is required to identify customers, and nominal or UBOs, who are PEPs. PEPs may generally be viewed as High-risk customers. For all relevant customers, the Business Unit seeks to obtain financial information, as a source of CDD information for the customer. It should be noted that obtaining these documents is mandatory for FIs. After all of the necessary information has been obtained from the Business Unit, AML KYC CoE (Shared Services) risk rates the customer prior to opening the customer’s account to assess the AML risk of conducting business with this customer and decide any risk mitigating strategies using CRRM. The components of the KYC Platform Main Screen are Queues Tab, Dashboard Tab, Search Tab, Search Details Section, and Search Results Section.Lesson 6: Enhanced Due Diligence Topics Required and Triggered Enhanced Due DiligenceFirst Line of Defense ResponsibilitiesGeneral Enhanced Due Diligence RequirementsSource of WealthSite VisitsPEP IdentificationEnhanced Due Diligence Customer Profile FormRisks and MitigantsRecord RetentionHow to conduct PEP IdentificationHow to conduct EDDIntroductionEDD is a process that provides for a closer review of High-risk customers. EDD is required for High-risk State Street customers based on the AML Customer Risk Rating (CRR) and certain High-risk customer types notwithstanding the AML CRR.EDD may be necessary when issues:Arise in the course of conducting CDD (such as relevant negative news is identified).Are covered through account/transaction monitoring and require the AML CRR to be elevated to High-ic 1: Required and Triggered Enhanced Due DiligenceOverviewEDD is critical to identify a High-risk customer’s anticipated transactions.A High-risk customer’s activities should be reviewed more closely at the time the account is opened and more frequently throughout the term of the relationship. The following table provides details related to Required EDD and Triggered EDD.Required EDDTriggered EDDEDD is always required for customers rated High and for the following customers types, regardless of their AML CRR, including but not limited to:Correspondent accounts for Foreign Financial Institutions (FIs) (as required by Section 312 of the USA PATRIOT Act)Correspondent accounts for Foreign Banks (as required by Sections 313 and 319(b) of the USA PATRIOT Act)Foreign private banking customers (as required by Section 312 of the USA PATRIOT Act)Note: For additional guidance on required information, data, and/or documentation for customer types, refer to the AML KYC Requirements Matrix in the AML Toolkit. Customer accounts not subject to EDD requirements at the time of account opening may later become subject to EDD requirements if:The customer’s risk attributes and the AML CRR has changed, as a result of information updates during a periodic or event driven review of the relationship or other information that comes to the Business Unit’s or AML Compliance’s attention.Material risk-related information, adverse or otherwise, concerning the customer is identified and elevates the AML CRR. AML Compliance increases the AML CRR. Discussion QuestionEDD is always required for certain customer types notwithstanding their AML CRR. Provide two examples of customer types for which EDD is ic 2: First Line of Defense ResponsibilitiesOverviewAfter completing CDD and determining that the customer is High-risk or the customer type requires mandatory EDD, AML KYC CoE (Shared Services) must perform EDD that involves:Investigative and analytic due diligence with respect to High-risk customers.Reviewing transactions of existing customers as identified through the High-risk review ic 3: General Enhanced Due Diligence Requirements OverviewTo better understand the risks posed by a customer who requires EDD, the Business Unit obtains additional information about the customer, UBOs, and any other related and specified controlling parties and associated third parties.For UBOs, the First Line of Defense collects information on beneficial owners with ten percent (%) (for High-risk) or more ownership of the entity, based on State Street's policy requirements, through documentary means. This includes: NameAddress including countryDate of birthID numberAML KYC CoE (Shared Services) uses the KYC Requirements Matrix to determine what information, data, and/or documentation is required by customer type and jurisdiction and provides to AML Compliance to so they can do the following:Identify the risks posed by the customer.Prescribe any unique mitigants that may need to be implemented. Discussion QuestionHow does AML KYC CoE (Shared Services) determine what information, data, and/or documentation is required by customer type and jurisdiction for certain customer types notwithstanding their AML ic 4: Source of WealthOverviewPart of CDD is to identify the Source of Wealth, and for high risk customers Source of Wealth needs to be verified. The customer’s source of wealth is a combination of data points collected through the KYC process. The information collected will differ depending on whether the wealth is acquired through:Ownership of a businessEmployment or professional practiceInheritanceInvestmentsDocumentation that contains information can be used in conjunction with other data points to validate the customer’s source of wealth.The following table provides details about the type of documents are used to identify the source of wealth for a customer.Non-IndividualIndividualLetter/contract note from previous investment company giving notification of proceeds of maturing investment/claimSigned tax return from a certified accountantCompleted sales contractLoan agreementRecent loan statementsLetter from donor confirming details of a gift and acknowledging the source of the donated fundsLegal sale document(s) (such as contract notes)Signed letter from the Attorney Signed letter from a certified accountantLast three months’ pay slipsConfirmation from the employer of income and bonuses for last two yearsBank statements that clearly show receipt of the most recent three months’ regular salary payments from the named employerLatest accounts, if self-employedGrant of Probate (with a copy of the will) that must include the value of the estateLoan agreementRecent loan statementsBank statementsLetter from a donor confirming details of gift and acknowledging the source of the donated fundsAttributes contributing to the accuracy and reasonableness of the customer’s source of wealth include:From where the funds cameHow the customer acquired the fundsFrom whom, if received by an individual or entityWhen the funds were acquired The location(s) from where the funds cameSource of wealth can be either Reasonable or Unreasonable.The following table provides a Reasonable Example and an Unreasonable Example to help determine a customer’s source of wealth.Reasonable ExampleUnreasonable ExampleA Regulated Investment Advisor in the non-bank financial services industry (NAICS: 523930) recently had their initial public offering/stock market launch to investors to raise capital for an acquisition of a competitor for increased market share. (This leads one to conclude that a financial institution has recently accepted a large amount of investments from investors to grow the company. This source of wealth is reasonable as one can expect that operations, fees, investments, and earnings all contribute to the source of wealth, whereas the immediate source of funds from the offering are directly attributable to investments from new shareholders).Therefore, the following must be included:Customer Type + Nature of Business + Source(s) of Wealth + Justification = Reasonable Assessment that the source of wealth is accurateAn unregulated Investment Manager located in Spain, whose profile had traditionally been investing in equities, is now heavily investing in Chilean mines, and wants to expand investments into the landscaping industry in Qatar. (This leads one to ask the question of why an investment manager is changing his investment profile from consistent investment in equities to investments in High-risk industries and countries without providing a reasonable explanation). Discussion QuestionWhat is the criterion for collecting information from a customer to determine his/her source of wealth? Topic 5: Site VisitsOverviewSite visits are an important part of the EDD process for MSBs, and other customer types, to confirm the veracity of the information provided by the customer. The following table provides information about Site Visits, Trigger Events, Report Requirements, and Key Elements.TaskDescriptionSite VisitsThe Business Unit AML Officer performs site visits at the customer’s primary place of business at the onset of the relationship and annually thereafter. Information collected during the course of a site visit is NOT limited to the following examples:Establishing the physical location of the customerValidating the existence of a Compliance OfficerEvaluating the AML training materialAssessing that operations are in line with the expectations for that customer typeValidating the presence of a current AML ProgramAffirming that the personnel representing the customer are presentTrigger EventsA site visit may be trigged by events identified by the First Line of Defense and escalated to the Business Unit AML Officer, or directly by concerns raised through processes within AML Compliance.Some examples of trigger events include:Events that may indicate a heightened AML risk, such as regulatory action, relevant negative news, and additions to Sanctions lists.Transaction monitoring findings and SAR filings.Customers in High-risk jurisdictions, determining that the Parent does not have either financial control of the account or adequate oversight over the activity of the subsidiary in question.The impact of such trigger events on site visitation requirements depends on the specifics of the trigger event and is determined by the Business Unit AML Officer in discussions with the Business Unit Chief Operating Officer and/or delegate and AML Compliance.Note: Where a site visit is determined to be appropriate as a result of a SAR filing, care must be taken to avoid “tipping off” the customer.The following table provides information about Site Visits, Trigger Events, Report Requirements, and Key Elements.TaskDescriptionReport RequirementsDetails of site visits are recorded, which at a minimum must include:Date of the site visitCustomer name and locationNames of all parties who attended the meetingsSubject of such meetingsOutcomes of the meetingsDescription of the business location Identified risk factorsKey ElementsThe key elements of site visits remain a confident understanding of the:CustomerPersonnel associated with itAML Program and controlsOperations that are in line with what would be expected Risk factors include:Lack of transparency into operations and oversight of the customer’s activitiesNo physical locationConstantly putting off the visitUnavailability of Compliance personnel The full copy of the report is added to the customer’s KYC profile. Discussion QuestionWhen can the site visits be triggered? Topic 6: PEP IdentificationOverviewState Street is not prohibited from establishing relationships with PEPs, or from establishing relationships with customers who have PEPs within their organizational structure, unless there is reliable information that the PEP is improperly profiting from his/her public office.Customer accounts for all PEPs require the application of EDD. Reasonable steps must be exercised to identify customers who are PEPs prior to opening the customer’s account. PEPs may be identified through the checks against local or regional lists, which are conducted at the time the customer’s account is opened.PEP MatchesIn the event that a match occurs, AML KYC CoE (Shared Services) must review the match and eliminate any false potential name matches.In the case of a possible or confirmed match, AML KYC CoE (Shared Services) must review the match and provide documentation and an explanation as to why the match is either a false positive or confirmed match, and keep the record on file. Any potential matches must be escalated to the OFAC/Sanctions Central Monitoring, if there is any question about the customer’s PEP status.If a PEP is identified in overnight or periodic batch screening, AML KYC CoE (Shared Services) has 30 calendar days to conduct EDD using the KYC Requirements Matrix and obtain required approvals.EDD for PEPsWhen it has been determined that a customer is or has a PEP associated with it, additional KYC must be performed on the PEP. The information, data and/or documentation required to complete the additional KYC is detailed in the KYC Requirements Matrix. AML KYC CoE (Shared Services) completes the following:Reviews and verifies the required information, data, and/or documentation received and the Business Unit contacts the customer for any remaining information that is missing. Verifies information, data, and/or documentation received is valid and performs EDD prior to informing AML Compliance using the Enhanced Due Diligence Customer Profile.During the course of the relationship, the level and nature of risk associated with the PEP account may change. AML Compliance, in conjunction with the First Line of Defense, is responsible for conducting ongoing High-risk customer reviews throughout the course of the relationship, if the customer is a PEP entity or the individual customer is a PEP. PEP accounts along with High-risk accounts are re-assessed within six months of account opening and annually thereafter. Discussion QuestionWhat is the role of AML Compliance for PEP customers? Topic 7: Enhanced Due Diligence Customer Profile FormOverviewDuring the onboarding process, if a customer is designated as High-risk, the Business Unit must send all KYC information, data, and/or documentation to AML Compliance via an AML Enhanced Due Diligence Customer Profile, which must contain the reason for rating the customer as High-risk.AML Compliance is responsible for reviewing the AML Enhanced Due Diligence Customer Profile, to determine the unique mitigants required to onboard the customer and rendering an opinion via an FIU ic 8: Risks and MitigantsOverviewFor customers requiring EDD, the First Line of Defense may open a customer’s account only after the:Business Unit Chief Operating Officer, equivalent, and/or delegate approves the request.Money Laundering Reporting Officer (MLRO) where applicable, receives and acknowledges their review of the risks and any unique mitigants in the FIU assessment from AML Compliance.Unique mitigants are based on the situation and circumstances specific to each customer and may consist of one or more controls that are:Established at onboarding Performed throughout the existence of a High-risk account, such as enhanced transaction monitoring, which could dictate tighter algorithms or more frequent review cycles. Important NoteOnly the Business Unit AML Officer can override the AML CRR for Medium and Low-risk customers and only the AML Compliance FIU can override the AML CRR of a High-risk customer.The following are examples of potential mitigants that may be used for monitoring High-risk customers:Enhanced transaction monitoring Documenting existing relationshipsRepute and/or verification of customer directorsSite visitsOngoing screening of key principles, Ultimate Beneficial Owners (UBOs) outside of automated sanctions screening Discussion QuestionIdentify the controls that may apply to unique mitigants. Topic 9: Record RetentionOverviewAs a requirement, all customer facing businesses, support functions, and control functions must maintain records of a customer’s identity, transactions, and other significant records.This ensures that legal and regulatory requirements in the jurisdictions in which it operates are met thereby ensuring confidentiality, bank secrecy, and data protection.AML records must be maintained for a minimum of five years (from the end of the customer relationship in the case of identity records) or longer, if local regulation requires.Records must be stored to facilitate adequate access and retrieval in a timely manner. Discussion QuestionState Street’s record retention policy requires that AML records must be maintained for a minimum of five years. State the reason for retaining these records. Topic 10: How to Conduct PEP IdentificationOverviewThe following table lists the steps that the First Line of Defense performs during PEP identification and screening.StepActionOwnerEnter the following information into WorldCheck and check the following information against local or regional lists in {insert list screening tool} for non-individual customers at the time of onboarding:Full legal and any “trading as” name;City and country of registered office address in country of incorporation; and City and country of business address (if different from registered address).AML KYC CoE (Shared Services)Enter the following information into WorldCheck and check the following information against local or regional lists in {insert list screening tool} for individual customers at the time of onboarding:Full legal name (last name, first name, and middle initial); and City and country of residence. AML KYC CoE (Shared Services)Enter the following information into WorldCheck and check the following information against local or regional lists in {insert list screening tool} for other related parties (if applicable) at the time of onboarding: Information required to be identified in relation to third parties (such as Beneficial Owners, controlling parties, and associated third parties) each as defined in the Global AML Policy, must be screened at the time of account opening.AML KYC CoE (Shared Services)The following table lists the steps that the First Line of Defense performs during PEP identification and screening.StepActionOwnerCompare the name of the customer or related party being screened to the name of the PEP identified in WorldCheck or local or regional lists in {insert list screening tool}. If no combination of the first and last names of the individual or entity matches the PEP, this should be considered a “Negative Match” (as defined below) and there is no need to proceed to the next steps.It is important to also compare the name of the individual or entity identified being screened to all alternate names, or “AKA” shown for identified PEPs.In the case of businesses/organizations, perform this analysis for the business/organization name: Compare the individual’s Date of Birth (“DOB”) with those shown for identified pare the individual’s or entity’s identification data to that shown for the identified PEP.If information is sufficient to clear the potential match cannot be obtained, the potential match should be forwarded to the respective Business Unit. AML KYC CoE (Shared Services)If a potential match is received, determine which of the below four scenarios applies:Two or more pieces of the individual’s or non-individual’s demographic data (including the name) match to that of the identified PEP. This should be considered a “Positive Match” and must be forwarded to OFAC/Sanctions Central MonitoringThere is no demographic data provided in the PEP list or database. Since there is insufficient information to resolve the potential match, it should be forwarded to OFAC/Sanctions Central Monitoring who will consult with the source issuing the PEP list or database. The PEP list or database provides demographic data, but demographic data is missing from the individual or entity’s record. The Business Unit maintaining the account that generated the potential match must obtain the missing data to evaluate the match status.There is enough data on both, the individual or entity being screened and the PEP list or database to determine that it is not a match. Specifically, nothing on either record, other than the name or portions of the name, matches. This should be considered a “False Positive Match” and documented accordingly.AML KYC CoE (Shared Services)The following table lists the steps that the First Line of Defense performs during PEP identification and screening.StepActionOwnerConduct supplemental EDD and obtain required approvals within 30 calendar days for PEPs identified in overnight or periodic batch screening.Business Unit and AML KYC CoE (Shared Services)Complete these steps at the time of a customer periodic review and all trigger events.AML KYC CoE (Shared Services)Topic 11: How to Conduct EDDOverviewThe following table lists the steps that the First Line of Defense performs during EDD.StepActionOwnerCollect the EDD requirements based on the AML KYC Requirements Matrix if necessary.Business UnitReview the information, data and/or documentation received from the customer and update the customer’s KYC file in the KYC Platform with this information.Business UnitVerify the customer’s source of wealth from the documentation compiled. AML KYC CoE (Shared Services)Request additional documentation to complete the Source OF Wealth verification when appropriate.Business UnitIdentify beneficial owners with a 10 percent (%) or greater ownership interest.AML KYC CoE (Shared Services)Utilize business applications and public domain (open source) data to review and validate the provided documentation to ensure that the customer information is accurate.AML KYC CoE (Shared Services)Conduct site visits for MSBs and other customer types where applicable and document the information obtained in a report.Business Unit AML OfficerAdd the site visit report to the customer’s KYC file in the KYC Platform.Business Unit AML OfficerUse Prime and WorldCheck to screen the related parties (UBOs, controlling parties, and associated third parties) information against all required lists as specified in Section 4.5.5, Screening.AML KYC CoE (Shared Services)Contact the customer for any additional outstanding information, data and/or documentation needed as a result of a potential match.Business UnitEscalate any potential matches which cannot be dispositioned to AML Compliance for review.AML KYC CoE (Shared Services)If, based on the results of the screenings, AML and/or Sanctions policies and guidelines will dictate the relationship is prohibited, terminate the relationship.Business UnitCapture all information, data and/or documentation compiled during the gathering of requirements.AML KYC CoE (Shared Services)The following table lists the steps that the First Line of Defense performs during EDD.StepActionOwnerSend an email to AML Compliance FIU that the Enhanced Due Diligence Customer Profile is available for review in the KYC Platform. The Enhanced Due Diligence Customer Profile must contain the reason for rating the customer or account High Risk. AML KYC CoE (Shared Services)Evaluate the risks presented in the Enhanced Due Diligence Customer Profile by the Business Unit and assign any relevant unique mitigants to manage the risks, which will be captured in the Financial Intelligence Unit Assessment. AML Compliance FIURequest any required additional documentation or mitigants from the Business Unit.AML Compliance FIUContact the potential customer, if required, to gather sufficient information to answer the specific questions from AML Compliance FIU.Business UnitComplete the Financial Intelligence Unit Assessment. This will include the enhanced procedures required to onboard the High AML Risk customer and outline the monitoring and any other unique mitigants the Business Unit will implement to monitor the account in the case of endorsement.AML Compliance FIUNotify the Business Unit of endorsement or notice of non-endorsement to onboard the customer.AML Compliance FIUReview and acknowledge the risks and any unique mitigants in the Financial Intelligence Unit Assessment and decide to either continue with procedural steps and complete the account opening process, or in the case of non-endorsement, work with AML Compliance FIU to discuss what parameters would be necessary to open the account. Business UnitSign off on the Financial Intelligence Unit Assessment to accept the risk presented by the customer at the Business Unit level and retain the documentation along with the KYC information in the KYC Platform.Business Unit Chief Operating Officer, equivalent and/or delegateReview, acknowledge, and if applicable approve of the risks and unique mitigants in the Financial Intelligence Unit Assessment when customers are Risk Rated High. Send the approved FIU Assessment back to AML KYC CoE (KYC Shared Services). Money Laundering Reporting Officer (MLR”)Upload the FIU Assessment to the KYC file in the KYC Platform.AML KYC CoE (Shared Services)If the customer is accepted, open the account.Business UnitIf the customer is rejected, retain the signed rejection of the customer in the customer’s KYC file in the KYC Platform.Business UnitLesson 6: SummaryA High-risk customer’s activities should be reviewed more closely at the time the account is opened and more frequently throughout the term of the relationship. After completing CDD and determining that the customer is High-risk or the customer type requires mandatory EDD, AML KYC CoE (Shared Services) must perform EDD.To better understand the risks posed by a customer who requires EDD, the Business Unit obtains additional information about the customer, UBOs, and any other related and specified controlling parties and associated third parties.AML KYC CoE (Shared Services) uses the KYC Requirements Matrix to determine what information, data, and/or documentation is required by customer type and jurisdiction.The information collected to determine a customer’s source of wealth will differ depending on whether the wealth is acquired through ownership of a business, employment or professional practice, inheritance, and investments.Source of wealth can be either Reasonable or Unreasonable.Site visits are an important part of the EDD process for MSBs, and other customer types, to confirm the veracity of the information provided by the customer. PEPs may be identified through the checks against local or regional lists, which are conducted at the time the customer’s account is opened.When it has been determined that a customer is or has a PEP associated with it, additional KYC must be performed on the PEP. The information, data and/or documentation required to complete the additional KYC is detailed in the KYC Requirements Matrix. Unique mitigants are based on the situation and circumstances specific to each customer and may consist of one or more controls.AML records must be maintained for a minimum of five years (from the end of the customer relationship in the case of identity records) or longer, if local regulation requires.Lesson 7: Ongoing Reviews114300533400Topics Periodic ReviewsHow to Conduct Periodic Reviews for Low and Medium Risk CustomersHow to Conduct Periodic Reviews for High Risk CustomersEvent Driven ReviewsExamples of Trigger EventsSuspicious ActivityTransaction MonitoringSanctions screening Sanctions LicensesBoard and Senior Management ReportingIntroductionOnce the Customer has been onboarded, there are many activities that are required to maintain the ongoing relationship with the customer. These activities ensure that the KYC information we have on file is accurate, that we are monitoring our AML and Sanctions risks, and that State Street remains compliant with its AML and Sanctions Program as well as the regulations that drive it. The following activities are included in ongoing relationship:Periodic ReviewsEvent Driven ReviewsSuspicious ActivityTransaction MonitoringOngoing Sanctions ScreeningBoard and Senior Management ReportingTopic 1: Periodic ReviewsOverviewIn accordance with State Street’s Global AML Policy, the Business Unit and the AML KYC CoE (Shared Services) will conduct risk-based periodic reviews on all customers in order to ensure KYC information is accurate and revise where appropriate the customer’s risk rating. Business Units will be notified of upcoming reviews 90 days prior to the due date of the review, according to the established timeline by risk level (below), by the Shared Service.AML KYC CoE (Shared Services) will initiate and complete, in conjunction with AML Compliance and the Business Unit, periodic reviews of customer accounts in accordance with the below schedule:Customer TypeFrequencyHigh-risk Customer Every year; the first review should be scheduled after six months from the date in which the entity’s status in the KYC Platform reflects “complete.” Medium-risk CustomerEvery two yearsLow-risk CustomerEvery three yearsThe timeline for conducting periodic reviews begins when a customer has been fully onboarded and approved. Discussion QuestionDo you think periodic reviews of medium risk customer should be done annually instead of every two years? Will it help to identify more customers with financial irregularities?Topic 2: How to Conduct Periodic Reviews for Low and Medium Risk CustomersOverviewThe following table lists the steps that the First line of defense performs for low and medium risk customers.StepActionOwnerContact the appropriate Business Unit representative 90 calendar days in advance of the Periodic Review.Remember: Low is every three years and Medium is every two years.AML KYC CoE (Shared Services)Enter all data elements into the required/specific fields in the Periodic Review Form and retain the form in the KYC Platform after obtaining all required information, data and/or documentation per the AML KYC Requirements Matrix. AML KYC CoE (Shared Services)Review the information, data, and/or documentation received from the customer, including beneficial ownership. AML KYC CoE (Shared Services)Contact the customer if any of the required information, data, and/or documentation for the Periodic Review Form cannot be obtained.Business UnitValidate that all customer KYC information is up to date and accurate in the customer’s KYC file in the KYC Platform and all customer profiles and associated cases (e.g. alerts, investigation and remediation results) are up to date and accurate. AML KYC CoE (Shared Services)Determine if there are any material changes to the customer’s original information.AML KYC CoE (Shared Services)Re-screen the following customer (account/account holder) and associated party information against all the required lists as noted in Section 4.5.5, Screening, using Prime and Worldcheck:Customer’s full name/business name;Parent holding companies;Owners of the business;Board of Directors; Senior Management; and Country of domicile and country of residence, for the individuals for whom it is required to be obtained as part of onboarding per the KYC Requirements Matrix, should also be reviewed to ensure the BU does not enter into a relationship with prohibited countries. See the Global Sanctions Policy for more information.AML KYC CoE (Shared Services)Review the actual activity against the previously documented expected profile. Business UnitThe following table lists the steps that the First line of defense performs for low and medium risk customers.StepActionOwnerDocument findings where actual activity is expected based on what State Street knows about the customer and what is documented in the customer’s KYC profile in the KYC Platform. Any known major changes in expected behavior will be included in the KYC profile in the KYC Platform. If customer activity has not deviated from expected activity, use actual transactional activity as a baseline going forward.Business UnitWhere acceptable reasons for the variance between expected and actual activity cannot be obtained, escalate the matter to the Business Unit AML Officer for review.Business UnitProvide guidance on next steps, which may include recommending a change to the CRR, completing a UAF, and/or exiting the relationship in a timely manner. The Periodic Review will be suspended until further advice has been provided.Business Unit AML OfficerProgress the profile according to the advice from the Business Unit AML Officer including any agreed updates to the customer account profile.AML KYC CoE (Shared Services)Review the updated customer KYC profile for potential changes in the risk rating to determine if the CRR should be revised.AML KYC CoE (Shared Services)Review the CRR when information indicates that the customer has a material change. See Section 4.5.8 for information on CRR.Enter all applicable customer information into CRR Tool in order to generate the CRR. Validate that all data elements have been entered completely and accurately.Generate the CRR and save the results in the KYC Platform. AML KYC CoE (Shared Services)Forward the completed Periodic Review Form to the Business Unit Chief Operating Officer, equivalent and/or delegate for review and sign off.AML KYC CoE (Shared Services)Sign off on the Financial Intelligence Unit Assessment to accept the risk presented by the customer at the Business Unit level and retain the documentation along with the KYC information in the KYC Platform.Business Unit Chief Operating Officer, equivalent and/or delegateRecord all findings and attach all documentation to the KYC profile in the KYC Platform.Business Unit and AML KYC CoE (Shared Services)Topic 3: How to Conduct Periodic Reviews for High Risk CustomersOverviewThe following table lists the steps that the First line of defense performs for high-risk customers.StepActionOwnerContact the appropriate Business Unit representative 90 calendar days in advance of the six month or annual Periodic Review.AML KYC CoE (Shared Services)Enter all data elements into the required/specific fields in the Periodic Review Form and retain the form in the KYC Platform after obtaining all required information, data and/or documentation per the AML KYC Requirements Matrix. AML KYC CoE (Shared Services)Review the information, data, and/or documentation received from the customer, including beneficial ownership. AML KYC CoE (Shared Services)Contact the customer if any of the required information, data, and/or documentation for the Periodic Review Form cannot be obtained.Business UnitValidate that all customer KYC information is up to date and accurate in the customer’s KYC file in the KYC Platform and all customer profiles and associated cases (e.g. alerts, investigation and remediation results) are up to date and accurate. AML KYC CoE (Shared Services)Determine if there are any material changes to the customer’s original information.AML KYC CoE (Shared Services)Re-screen the following customer (account/account holder) and associated party information against all the required lists as noted in Section 4.5.5, Screening, using Prime and WorldCheck:Customer’s full name/business name;Parent holding companies;Owners of the business;Board of Directors; Senior Management; and Country of domicile and country of residence, for the individuals for whom it is required to be obtained as part of onboarding per the KYC Requirements Matrix, should also be reviewed to ensure the BU does not enter into a relationship with prohibited countries. See the Global Sanctions Policy for more information.AML KYC CoE (Shared Services)Review the actual activity against the previously documented expected profile. Business UnitThe following table lists the steps that the First line of defense performs for high-risk customers.StepActionOwnerDocument findings where actual activity is expected based on what State Street knows about the customer and what is documented in the customer’s KYC profile in the KYC Platform. Any known major changes in expected behavior will be included in the KYC profile in the KYC Platform. If customer activity has not deviated from expected activity, use actual transactional activity as a baseline going forward.Business UnitIdentify and document discrepancies between expected and actual activity (e.g., changes in transactional frequency/patterns, transactions to/from High Risk jurisdictions, negative news identified). If customer activity has not deviated from expected activity, use actual transactional activity as a baseline going forward.Business Unit and AML KYC CoE (Shared Services)Where acceptable reasons for the variance cannot be obtained (e.g., the activity is not consistent with the understanding of the relationship), escalate to AML Compliance and the Business Unit Chief Operating Officer, equivalent, and/or delegate.AML KYC CoE (Shared Services)Provide guidance on next steps which may include filing a SAR, changing the CRR and/or exiting the relationship. The Periodic Review will be suspended until further advice has been provided.AML Compliance FIUProgress the profile according to the advice from AML Compliance FIU including any agreed updates to the customer account profile.AML KYC CoE (Shared Services)Review the risks and mitigating activities and/or controls to ensure they are implemented as outlined in the EDD Customer Profile and/or customer file as documented in the KYC Platform.Business Unit AML Officer Complete a full review of the customer to validate the:Correct risk rating is assigned; Appropriate controls and unique mitigants are in place; Controls and unique mitigants have been adhered to; andRelationship remains within its risk appetite.Business Unit and AML KYC CoE (Shared Services)Send an email to AML Compliance FIU when the Periodic Review Form for High Risk Customers is available for review. AML KYC CoE (Shared Services)Evaluate the risks presented in the Periodic Review Form by the Business Unit and assign any relevant unique mitigants to manage the risks, which will be provided via email to the Business Unit. AML Compliance FIURequest any required additional documentation or mitigants from the Business Unit.AML Compliance FIUContact the customer, if required, to gather sufficient information to answer the specific questions from AML Compliance FIU.Business UnitSign the ment on the Periodic Review Form if applicable.AML Compliance FIUThe following table lists the steps that the First line of defense performs for high-risk customers.StepActionOwnerNotify the AML KYC CoE (Shared Services) of endorsement or notice of non-endorsement of the Periodic Review Form.AML Compliance FIUNotify the Business Unit of completion of the Periodic Review Form by AML Compliance FIU.AML KYC CoE (Shared Services)Review and acknowledge the risks and any unique mitigants provided by AML Compliance FIU.Business UnitProvide the Periodic Review Form to the Business Unit Chief Operating Officer, equivalent and/or delegate and the MLRO, in certain jurisdictions, for review and sign off. AML KYC CoE (Shared Services)Sign off on the High Risk Periodic Review form to accept the risk presented by the customer at the Business Unit level and retain the documentation along with the KYC information in the KYC Platform.Business Unit Chief Operating Officer, equivalent and/or delegateReview and sign off on the risks and mitigating activities and/or controls to ensure they are implemented as outlined in the EDD Customer Profile and/or customer file as documented in the KYC Platform.MLROReceive formal approval prior to increasing or decreasing the risk rating to or from High Risk as a result of Periodic Review. AML KYC CoE (Shared Services)Record all findings and attach all documentation to the KYC profile in the KYC Platform.Business Unit and AML KYC CoE (Shared Services)Record all findings and attach all documentation to the KYC profile in the KYC Platform.Business Unit and AML KYC CoE (Shared Services)Topic 4: Event Driven ReviewsOverviewThe event driven review process involves reviewing issues arising from customer and transaction monitoring and screening. These issues will be handled at the time they arise. An event driven review may be warranted before the next scheduled periodic review due to certain trigger events or changes related to the customer or related parties. Where concerns are raised through these processes, these will be escalated to the Business Unit AML Officer who will determine the required course of action, which may result in closing the customer’s account, refreshing of the KYC file, or modifying the risk rating. An event is any activity that could negatively impact the overall AML and/or Sanctions risks associated with the customer.The Business Unit identifies an event through:Manual monitoringInformation provided by the customer or from other sourcesIf an event is identified, the Business Unit conducts an event driven review depending on the type of event, and should notify AML KYC CoE (Shared Services) and AML Compliance. An event driven review resets the scheduled periodic review. Discussion QuestionHow does the Business Unit identify an event? Topic 5: Examples of Trigger EventsOverviewSome examples of trigger events include:The customer or related parties are added to Global or applicable Local Sanctions listsThe customer’s or related parties’ country information changes to a Sanctioned countryPayments to or from the customer are blocked or rejected for Sanctions reasonsInformation is received that suggests the customer is attempting to circumvent Sanctions or is associated with Sanctioned partiesNew customer relationships (i.e., change in ownership structure)The customer undergoes a change to the legal structure/formation of the business (i.e., going public or changing from a non-profit to a for-profit business)Suspicious account activitiesThe customer identifies additional controlling parties, associated third parties, or signersIf it is determined, as part of the review, that enough information has changed to warrant a change to the AML CRR, the change will be documented in the customer’s profile only after a risk rating has been generated using the most current customer information.The following table describes the actions required for Low, Medium, and High-risk customers.For customers who were Low or Medium-risk and have become High-riskFor customers who were High-risk and have become Low or Medium-risk For customers who were Low-risk and are now considered Medium-risk, and for customers who were Medium-risk and are now considered Low-riskThe First Line of Defense conducts EDD and obtains the required signoffs from AML Compliance, Money Laundering Reporting Officer (MLRO) (where applicable), and the Business Unit Chief Operating Officer, equivalent and/or delegate.The First Line of Defense conducts CDD. Moving to a lower risk rating requires signoffs from AML Compliance MLRO (where applicable), and the Business Unit Chief Operating Officer, equivalent and/or delegate.The First Line of Defense obtains approval from the Business Unit Chief Operating Officer, equivalent and/or ic 6: Suspicious ActivityOverviewIt is the responsibility of all State Street employees to detect and prevent money laundering by escalating any activity or information that could possibly be associated with money laundering to management. During the course of business, all State Street employees must be vigilant in the fight against money laundering and terrorist financing by being alert and aware of unusual activities or “red flags” associated with potential suspicious activities.It is State Street’s policy to identify, investigate, and report suspicious activities in a complete, accurate, and timely manner.State Street employees must not knowingly or through willful blindness aid and abet individuals, who attempt to violate or circumvent money laundering laws or the State Street Global AML Policy, by providing:Advice Facilitating customer transactions using personal accountsConducting transactions that break or obscure the audit trailBreaches of the State Street Global AML Policy may result in disciplinary action, up to and including dismissal, civil, and/or criminal penalties.Suspicious Activity DefinedSuspicious activities are defined in several ways and can involve funds derived from illegal activities: Intended or conducted to hide or disguise funds or assets derived from illegal activities. Designed to evade AML regulatory requirements.Suspicious activities can appear to serve no business or apparent lawful purpose, and the financial institution can determine no reasonable explanation for a transaction after examining all available facts. Suspicious activities can also involve use of a FI to facilitate criminal activities.AML Compliance monitors suspicious activities or patterns that may be inconsistent with the anticipated or expected activities for a particular customer or account.These activities may include:Incoming/outgoing wiresJournals of funds and securitiesDeposits, withdrawals, and/or asset movementsRed FlagsIdentifying red flags is an integral part of the AML and Sanctions Compliance Programs. State Street employees’ understanding of, and ability to recognize, red flags is vital to ensure timely and adequate identification and escalation of unusual or suspicious activities. The following table lists the steps that the First line of defense performs for identifying Red Flags.StepActionOwnerIdentify relevant patterns, practices, and specific forms of activity that are “red flags” signaling possible unusual or suspicious activities as defined in the AML and Sanctions Compliance ProgramsBusiness UnitIf a red flag, or series of red flags, is detected, document it using the Unusual Activity Form (UAF). The UAF should include: Description of what has happened;Documentation of when it happened (list the specific transactions/activities, dates and supporting documentation); andDescription of why the transaction/activity is unusual. Business UnitSubmit the UAF to AML Compliance FIU, the Business Unit AML Officer/MLRO and/or Business Unit Manager or equivalent in line with local requirements via email and confirm receipt.Business Unit and Business Unit AML OfficerAny inquiries from AML Compliance FIU or Business Unit AML Officer following the UAF must be promptly responded to via email and receipt must be confirmed.AML Compliance FIU and Business Unit AML Officer Ensure AML Compliance FIU communication takes place, to enable AML Compliance to periodically update the AML and Sanctions Compliance Programs to reflect possible changes/additions in red flags. Business Unit, Business Unit AML Officer and AML Compliance FIUImportant NotesIdentifying one or more red flags in customer or transaction activity does not in and of itself indicate suspicious activity (money laundering and/or terrorist financing). However, additional care needs to be taken, including notifying your immediate supervisor or your Business Unit AML Officer.If not explained through further review, red flags must always be researched and investigated. It is the responsibility of all State Street employees to be alert to unusual activity and report the ic 7: Transaction MonitoringOverviewAML Compliance FIU monitors account activity for unusual size, volume, pattern, or type of transactions, taking into account risk factors and red flags that are appropriate to each Business Unit. Monitoring can be conducted through Automated Monitoring or Manual Monitoring.Automated MonitoringManual MonitoringThe AML Compliance Financial Intelligence Unit (FIU) uses a Windows? based desktop application to monitor customer account activity for the purpose of determining whether abnormal transaction patterns are present. This application filters, compiles, summarizes transaction data, and identifies instances of potentially suspicious behavior.The Business Unit identifies suspicious behaviors by conducting manual monitoring of customer and account related activity. Automated MonitoringThe AML Compliance FIU uses ASSIST//CK?, a Windows? based desktop application, to monitor customer account activity for the purpose of determining whether abnormal transaction patterns are present. Whenever abnormal patterns are identified, the AML Compliance FIU will contact the Business Unit who:Receives an information request from the AML Compliance FIU by email; andEnsures a timely and accurate follow up of this information request, as detailed in the request itself. ASSIST//CK? generates exception reports based on the degree to which actual activity exceeds pre-defined transaction profiles. On a monthly basis, account exceptions are referred by the AML Compliance FIU to the Business Unit representative responsible for the reported account. The exception report is also sent to the Business Unit AML Officer. When the Business Unit representative receives an exception report from the AML Compliance FIU, the Business Unit must complete the following:StepActionOwnerReview the customer’s KYC file in the KYC Platform, particularly the expected activity. Business UnitReview the customer transaction history in {insert account transaction system}.Business UnitDetermine whether activity identified in the exception report is outside the normal, expected activity for the account.Business UnitInform the AML Compliance FIU of potentially suspicious/unusual activity.Business UnitInvestigate the case to determine if a suspicious activity report is required or if no further action is necessary.AML Compliance FIUWhen the Business Unit representative receives an exception report from the AML Compliance FIU, the Business Unit must complete the following:StepActionOwnerProvide the Business Unit with further guidance on how to address the exception, documented in the UAF.AML Compliance FIURespond to the AML Compliance FIU within ten (10) calendar days.Business UnitManual MonitoringThere are instances where the Business Unit will identify suspicious behaviors by conducting manual monitoring of customers and customer’s accounts related to activity. The Business Unit must adhere to procedures for monitoring customer accounts. This can also include identifying potentially suspicious customer behavior highlighted in red flags.The following table lists the steps that the Business Unit performs for identifying suspicious behaviors by conducting manual monitoring.StepActionOwnerAssess whether customer activity or behavior triggers a red flag based on unusual or suspicious behavior identified.Business UnitReview the customer’s KYC file in the KYC Platform, particularly the expected customer activity.Business UnitReview the customer transaction history in {insert account transaction system}.Business UnitDetermine whether the activity is outside the normal, expected activity for the account.Business UnitDocument manual monitoring results in the UAF, including:Describing what has happened (details of reason to start monitoring activities).Documenting when it happened (list the specific transactions and supporting documentation).Listing arguments whether or not this activity is suspicious.Business UnitSubmit UAF to the AML Compliance FIU, Business Unit AML Officer, and/or Business Unit Manager so that a case may be opened and investigated. Business UnitImportant NoteState Street may receive inquiries and requests from law enforcement or regulatory agencies to maintain and monitor a customer’s account(s).The Business Unit must enhance these procedures, where necessary, to comply with requirements of the regulatory and law enforcement bodies in their jurisdiction, and to notify the AML Compliance Regional Head of all such ic 8: Employee Identification and Escalation of Suspicious Customer BehaviorOverviewIf a State Street employee identifies an activity he/she knows or has reason to believe is unlawful, otherwise potentially suspicious, or abnormal customer activity, within one business day, the employee must:StepActionOwnerNotify the AML Compliance FIU, Business Unit AML Officer/MLRO and/or Business Unit Manager.Business UnitNotification must be in writing, utilizing the UAF. The UAF should include:Description of what has happened.Documentation of when it happened (list the specific transactions/activities, dates and supporting documentation).Description of why the transaction/activity is unusual.Submit the UAF to AML Compliance FIU, and/or MLRO (where available) via email and confirm receipt.Business Unit and Business Unit AML OfficerAny inquiries from AML Compliance FIU or Business Unit AML Officer following the UAF must be promptly responded to via email and receipt must be confirmed.AML Compliance FIU and Business Unit AML Officer Upon receiving a UAF, AML Compliance FIU or equivalent will review the document and decide if the suspicious activity documentation requires additional information and/or warrants filing a report with the appropriate authorities in the form of a Suspicious Transaction Report or Suspicious Activity Report (STR/SAR) (or jurisdictional equivalent). When a STR/SAR is warranted, the AML Compliance FIU will follow the local governance structure for reporting purposes by informing the local MLRO or the SAR Review Committee (in the U.S.).Business Unit, Business Unit AML Officer and AML Compliance FIUImportant NotesEmployees should not attempt to perform their own review or investigation before referring potentially suspicious activity. At the same time, employees should maintain a file which provides the identity of the individual or entity in question, the type of activity, and why it is considered unusual or questionable.After submitting the UAF, the employee may be contacted by the Business Unit AML Officer or the AML Compliance FIU during the course of an investigation. Throughout the investigation, STRs/SARs are strictly confidential, and a State Street employee’s disclosure regarding the consideration of a STR/SAR filing is strictly prohibited. Under no circumstances may any employee inform any person known to be or suspected of being involved in the illegal or suspicious activity that the activities are believed to be suspicious or are being reported internally or to government authorities.Impact on Customer RelationshipWhen suspicious activity has been identified, the Business Unit must:Determine whether it will terminate the customer relationship (in some cases this may be done in consultation with law enforcement).If suspicious activity continues, State Street may be required by law to report suspicious activity periodically via a STR/SAR.If law enforcement requests that State Street continue the relationship while investigating the matter:State Street must receive a letter from the investigating agency stating the purpose of the request; andThe non-U.S. Business Unit AML Officer must confirm that honoring the request is in accordance with local AML laws and regulations and obtain guidance from Legal Counsel.If State Street files a STR/SAR on a customer, several courses of action may be taken that may require additional action by the Business Unit. These include: Accelerating periodic or event-driven reviewsLimiting account activity of customers who have been investigatedIncreasing monitoring on further account activitySuspending paymentsClosing an account(s)/terminating the customer relationshipThe appropriate State Street employees (General Counsel, AML Compliance and Business Unit management, and in certain cases, in consultation with law enforcement) must determine if the customer relationship is to be terminated as a result of the identified suspicious ic 9: Sanctions ScreeningOverviewOngoing Sanctions screening is automated and performed by OFAC/Sanctions Central Monitoring, and is mainly focused on existing customer screening and third party screening.AML KYC CoE (Shared Services) must screen the customer, both Non-Individuals and Individuals, for potential matches with Sanctioned countries at the time of onboarding. Names and locations of the following must be screened:Customer and other related party names, such as collective investment vehicle name, pension fund name, name of corporation for corporate cashBeneficial Owners/Shareholders/Underlying Customers The following table lists the steps that AML KYC CoE (Shared Services) performs to screen the customer.StepActionOwnerCheck the names and locations of the following against the applicable Sanctions lists, as noted in Section 4.5.5, Screening, using Prime and WorldCheck: Customer and other related party names and country (i.e., collective investment vehicle name, pension fund name, name of corporation for corporate cash).Beneficial Owners/Material Shareholders names and country.AML KYC CoE (Shared Services)Check the names of the following against the applicable Sanctions lists using Prime and WorldCheck:Controlling parties and associated third parties.AML KYC CoE (Shared Services)Enter the following information into Prime for individual customers:Full legal name (last name, first name, and middle initial); and City and country of residence. AML KYC CoE (Shared Services)Enter the following information into Prime for other related parties (if applicable):Refer to the KYC Requirements Matrix for the related parties’ information to be captured and Appendix rmation required to be identified in relation to third parties (such as Beneficial Owners) each as defined in the Global AML Policy, must be screened at the time of account opening.AML KYC CoE (Shared Services)Perform investigative steps to determine whether the customer or related party being screened is the individual or entity against whom the various government have leveled sanctions if a potential match is identified.AML KYC CoE (Shared Services)The following table lists the steps that AML KYC CoE (Shared Services) performs to screen the customer.StepActionOwnerCompare the name of the customer or related party being screened to the name of the sanctioned party. If no combination of the first and last names of the individual or entity matches those of the sanctioned party, this should be considered a Negative Match (as defined below) and there is no need to proceed to the next steps.It is important to also compare the name of the individual or entity identified being screened to all alternate names, or “AKA” shown for the sanctioned party.In the case of businesses/organizations, perform this analysis for the business/organization name. Compare the individual’s DOB (Date of Birth) and POB (Place of Birth if applicable/available) with those shown for the sanctioned party. Compare the individual’s or entity’s identification data to that shown for the sanctioned party.If information sufficient to clear the potential match cannot be obtained, the potential match should be forwarded to the respective Business Unit. AML KYC CoE (Shared Services)If there is a potential match, determine which of the below four scenarios applies:Two or more pieces of the individual’s or non-individual demographic data (including the name or jurisdiction) match to that of the sanctioned party or OFAC sanctioned country. This should be considered a “Confirmed Match” and must be forwarded to OFAC/Sanctions Central Monitoring.There is no demographic data provided in the Sanctions List since there is insufficient information to resolve the potential match, it should be forwarded to the non-U.S. Business Unit AML Officer who will consult with the relevant governmental body that issues the Sanctions List directly.The Sanctions List provides demographic data, but demographic data is missing from the individual or entity’s record. The Business Unit maintaining the account that generated the potential match must obtain the missing data to evaluate the match status.There is enough data on both, the individual or entity being screened and the Sanctions List to determine that it is not a match. Specifically, nothing on either record, other than the name or portions of the name, matches. This should be considered a “Negative Match” and documented accordingly.Confirmed match between customer’s jurisdiction and prohibited country according to OFAC or jurisdictional equivalent. Escalate to OFAC/Sanctions Central Monitoring immediately.AML KYC CoE (Shared Services)MatchesThe following table provides details about a Confirmed Match and False Positive Match.Confirmed MatchFalse Positive MatchA confirmed match is a Non-Individual or an Individual whose exact name, plus at least one other item of personal data, specifically the date of birth, identification number, or physical address and country (Individual)/physical and legal address (entity) match to an entry in the Sanctions lists.Example:A transaction is processed in the name of Kindhearts. As identification located in the SWIFT message, Kindhearts included a corporate address, 125 East Main Street, Toledo OH in the details field. A match is identified to an OFAC SDN, named Kindhearts for Charitable Humanitarian Development with the same address. Since the name and address match exactly to the information in the OFAC SDN list, this is an example of a confirmed match.A false positive match is a Non-Individual or an Individual whose name matches an entry in one of the Sanctions lists, but the accompanying personal data does not match.Example:In a periodic update to the SDN list, OFAC adds a name with the following description:“ABBAS, Adbul Hussein, Italy (individual) [IRAN]”In a review of our previously cleared transactions, we identify a potential name match for a customer Issac Hussein. Issac Hussein receives monthly payments. The filter matched the last name of the individual or entity identified in the payment message with the last name of the designated individual in the Sanctions list. This instance would be considered a false positive match because the name of the individual or organization identified in the payment message and designee in the Sanctions list do not match.Sanctions ClearingPotential matches are to be addressed with immediacy regardless of whether related to a customer or customer’s customer. Potential matches should be cleared within one (1) business day, from the day they were generated in the Sanctions screening system. In case of a potential match at a minimum, the following activities need to be performed by AML KYC CoE (Shared Services):StepActionOwnerAssess the quality of the potential match by evaluating how much of the list’s name is matching against the transaction’s and the other identifying information provided such as date of birth, passport number, address, etc.AML KYC CoE (Shared Services)If the potential match is deemed to be a false positive, the explanation is recorded in Prime and the KYC Platform. If any research material or information was used to clear a hit, then this is saved electronically in Prime and the KYC Platform.AML KYC CoE (Shared Services)If the potential match is deemed to be a confirmed match with an individual or entity on a Sanctions List, the AML KYC CoE (Shared Services) must immediately notify OFAC/Sanctions Central Monitoring by opening a case in Prime. AML KYC CoE (Shared Services)AML KYC CoE (Shared Services) must always save research material and information used to assess the potential match in the customer information management system and customer’s KYC file. Documentation supporting the match assessment, including arguments and conclusions, needs to be filed. Additionally all confirmed matches escalated, including documentation, need to be documented by AML KYC CoE (Shared Services). All State Street employees must use uniform documentation when notating any cleared or confirmed Sanctions match. The following annotation standards have been outlined:Match of False PositiveAnnotationsExamplesConfirmed MatchThe individual or entity identified in the new or ongoing Sanctions screening matched that of theSanctions Lists. The individual or entity, XXX, identified in the new or ongoing Sanctions screening, matched that of the Listed individual or entity, XXX. False PositiveThe individual or entity identified in the new or ongoing Sanctions screening matched that on the Sanctions List, which was determined to be a false positive based upon address/location not matching the Sanctions list.The individual, Tony Blair, located in Livingston, Zambia, identified in the new or ongoing Sanctions screening as a potential match, was determined to be a false positive based upon location/address not matching the Sanctions List individual, Anthony Charles Lynton Blair, London, England. False PositiveThe individual or entity identified in the new or ongoing Sanctions screening matched that on Sanctions Lists, where the potential match was determined to be a false positive based upon name and nationality/address not matching the Sanctions List.The individual, Tony Frederick Blair, of Livingston, Zambia, identified in the new or ongoing Sanctions screening had a potential match, but was determined to be a false positive based upon name not matching the Sanctions List individual, Anthony Charles Lynton Blair of the United Kingdom. Escalation ProcessWhen Sanctions related alerts, whether identified at onboarding or ongoing screening, are not timely cleared, the following escalation process will be followed by AML Compliance:TimeframeEscalating partiesAfter five calendar daysVP – Business Unit Business Unit Sanctions Compliance OfficerGS Compliance Mailbox After ten calendar daysSVP – Business Unit Business Unit Sanctions Compliance OfficerSenior Compliance OfficerGlobal Chief AML OfficerGS Compliance Mailbox After fifteen calendar daysEVP – Business Unit Business Unit Sanctions Compliance OfficerSenior Compliance OfficerGlobal Chief AML OfficerChief Compliance OfficerGS Compliance Mailbox Exception ReportsOn a weekly basis, OFAC/Sanctions Central Monitoring sends through a list of all aged alerts to the Business Unit. The Business Unit must review the alerts using the information in {insert customer database system} and {insert account transaction system}. The Business Unit will disposition alerts within one business day and return the results to OFAC/Sanctions Central Monitoring. Should the Business Unit fail to address aged alerts, OFAC/Sanctions Central Monitoring will initiate the escalation process that includes notification of Business Unit management, and AML Compliance including the Business Unit AML Officer, the Business Unit Sanctions Compliance Officer and the Global Chief AML Officer. The Business Unit, upon receipt of such emails from OFAC/Sanctions Central Monitoring, must research and annotate open alerts, and respond within one business day after performing the following tasks:StepActionOwnerReview the alert to determine what part of the transaction is causing the hit on the Sanctions List.Business UnitAssess the quality of the match by reviewing how much of the List is matching the customer’s information.Business UnitRefer to KYC documentation in KYC Platform to see if additional information provided such as date of birth, passport number, country of residence, country of incorporation, etc. is also a match with information in the transaction.Business UnitThe Business Unit, upon receipt of such emails from OFAC/Sanctions Central Monitoring, must research and annotate open alerts, and respond within one business day after performing the following tasks:StepActionOwnerRecord the explanation for hits deemed to be false positive in Prime and save the research materials supporting the decision in Prime.Business UnitRecord the explanation for hits deemed to be confirmed matches with an individual or entity on a Sanctions List in Prime and save the research materials supporting the decision in Prime.Business UnitUse the annotation standards identified above to draft a response to OFAC/Sanctions Central Monitoring detailing findings.Business UnitEmail the response to OFAC/Sanctions Central Monitoring and the Business Unit Sanctions Compliance Officer within one business day of receipt of the exception report.Business Unit Discussion QuestionAML KYC CoE (Shared Services) must screen the customer, both Non-Individuals and Individuals, for potential matches with Sanctioned countries at the time of onboarding. Provide some examples of sanctioned countries. Topic 10: Sanctions LicensesOverviewA license is an authorization from governmental authorities (such as OFAC) to engage in a transaction that otherwise would be prohibited. There are two types of licenses: General Licenses: Authorizes a particular type of transaction for a class of persons without the need to apply for a license.Specific Licenses: A written document issued by the governmental authority to a particular person or entity, authorizing a particular transaction in response to a written license application.General LicensesIf a customer states that a transaction is covered by a general license, the Business Unit is required to consult with AML Compliance and receive confirmation of the license prior to trade settlement or rendering services. AML Compliance will coordinate with Corporate Legal and Legal counsel to determine if the general license applies to State Street and if the transaction is permissible.Specific LicensesIf a specific license is granted to a customer, the Business Unit must adopt additional procedures to ensure that the terms of the license are met on an ongoing basis. These procedures must include:StepActionUploading a copy of the license to the KYC Platform.Including the license number on all transactions.Ongoing monitoring of compliance with the parameters of the license.Monitoring the license expiration, as applicable.In cases where the customer provides a specific license to a Business Unit, the Business Unit must email the following information to AML Compliance and the Business Unit Sanctions Compliance Officer: Customer nameAccount number(s)License numberCopy of the licenseCopy of the transaction requestAML Compliance must check the validity of that license with the issuing authority, before completing the transaction.Important NoteIf a customer wants to engage in a transaction prohibited by Sanctions regulations, the Business Unit Sanctions Compliance Officer must notify AML Compliance. AML Compliance can provide the Business Unit with information on how the customer can request a specific license with the regulator. The Business Unit must not settle trades or render services until the license is granted by the regulator. If a license is granted, the Business Unit is responsible for adopting and developing additional internal procedures to ensure that the terms of the license are met with guidance from the Business Unit Sanctions Compliance ic 11: Board and Senior Management ReportingOverviewAML and Sanctions reporting to the board supports State Street’s AML and Sanctions Compliance Program that:Outlines the governance structure, policies, procedures, and standards of State Street. Ensures compliance with all relevant laws, codes, rules, regulations, and standards of good business practice.The First Line of Defense is responsible for gathering relevant AML and Sanctions data for senior management and board reporting. Data can be provided on an ongoing basis, or based on ad hoc requests from either senior management and/or AML Compliance.AML Compliance maintains a list of Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs), which it collects from the First Line of Defense. In addition to KRI/KPI metrics, AML Compliance and/or State Street management may request information related to:AML and Sanctions projects and initiatives. Records of AML and Sanctions related training. The following table provides details about KRI/KPI for Accounts, Activity, and Assessments.AccountsActivity AssessmentsCustomers (Customers)AccountsFunded Accounts Missing Risk RatingFunded Accounts Missing DocumentationOverdue Normal Risk Account ReviewsOverdue Higher Risk Account ReviewsNormal Risk AccountsHigh Risk AccountsHigh Risk Accounts ApprovedHigh Risk Accounts DeclinedAccounts in High Risk JurisdictionsAccounts where UBO is a PEPAccounts for Other High Risk BusinessUnauthorized InvestorsPositive Sanctions HitsSanctions Cases 1-5 DaysSanctions Cases 6-30 DaysSanctions Cases 30+ DaysPotentially Suspicious Referrals to the FIUNumber Of Exceptions > 30 DaysNumber Of Exceptions > 60 DaysNumber Of Exceptions > 90 DaysSARs Filed (by Event Type)314(a) Positive Hits314(b) Positive HitsPEP Cases Aged 0-30 DaysPEP Cases Aged 31-60 DaysPEP Cases Aged 61-90 DaysPEP Cases Aged 91+ DaysAML-Related Regulatory ExaminationsAML-Related Regulatory Issues ReceiveAML-Related Regulatory Issues OutstandingAML-Related Corporate Audit Issues ReceivedAML Related Corporate Audit Issues OutstandingFuture Regulatory AML-Related Examinations Expected in CurrentLesson 7: Summary In accordance with State Street’s Global AML Policy, AML KYC CoE (Shared Services) conducts risk-based periodic reviews on all customers to ensure the KYC information is accurate and revises the customer’s risk rating, if appropriate. Business Units will be notified of upcoming reviews 90 days prior to the due date of the review.An event driven review may be warranted before the next scheduled periodic review due to certain trigger events or changes related to the customer or related parties. During the course of business, all State Street employees must be vigilant in the fight against money laundering and terrorist financing by being alert and aware of unusual activities or “red flags” associated with potential suspicious activities.AML Compliance FIU monitors account activity for unusual size, volume, pattern, or type of transactions, taking into account risk factors and red flags that are appropriate to each Business Unit. Ongoing Sanctions screening is automated and performed by OFAC/Sanctions Central Monitoring, and is mainly focused on existing customer screening and third party screening.The First Line of Defense is responsible for gathering relevant AML and Sanctions data for senior management and board reporting. Data can be provided on an ongoing basis, or based on ad hoc requests from either senior management and/or AML Compliance.AML Compliance maintains a list of Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs), which it collects from the First Line of Defense. Participant’s NotesAbbreviations and AcronymsIf any abbreviations and acronyms, list hereGlossaryIf any glossary terms, list hereReferences If any references or source documents are available, list here ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download