F in an cial In s titu tio n N a m e : 1 - Bocpic.bankofchina.com/bocappd/italy/201711/P020171107419870456633.… · F in an cial In s titu tio n N a m e : L o c a tio n : The questionnaire

Financial Institution Name :

Location:

The questionnaire is required to be answered on a Legal Entity (LE) Level. This means the Financial Institution will answer the questionnaire at an ultimate parent / headoffice level and covering all branches. This questionnaire should not cover more than one LE. Accordingly, each question in the DDQ will need to be addressed from theperspective of the LE and on behalf of all of its branches. If a response for the LE differs for one of its branches this needs to be highlighted and detail regarding thisdifference captured at the end of each subsection. If a branch business activity (products offered, client base etc.) is significantly different than its head office, the branchshould complete a separate questionnaire.

The questions highlighted in Bold align with the original Wolfsberg Questionnaire.

S.No Entity & Ownership R e s p o n s e

Full legal name1

2 Provide a list of branches which are covered by thisquestionnaire

3 Full legal (registered) address

4 Full primary business address if different from above

5 Date of Entity incorporation/ establishment

Select type of ownership and append a chart of6 ownership if available

a Publicly Traded (25% of shares publicly traded)

a1 If Y, indicate the exchange traded on and ticker symbol

b Member Owned/ Mutual

c Government or State Owned over 25%

d Privately Owned

If Y, provide details of shareholders or ultimate beneficiald1 owners with a holding greater than 10%

1

WCBDDQ - 23102017v1

:Financial Institution Name :

Location:

2

7 % of the Entity's total shares composed of bearer shares

8 Does the Entity, or any of its branches, operate under an offshore banking license (OBL) ?

a If Y, provide the name of the relevant branch/eswhich operates under an OBL

9 Name of primary financial regulator / supervisory authority

10 Provide Legal Entity Identifier (LEI) if available

11 Provide the full legal name of ultimate parent (if differentfrom the Entity completing the DDQ)

12 Jurisdiction of licensing authority and regulator of ultimate parent

WCBDDQ - 23102017v1


Location:

S.No Entity & Ownership Response

13 Select the business areas applicable to the Entity

a Retail Banking

b Private Banking / Wealth Management

c Commercial Banking

d Transactional Banking

e Investment Banking

f Financial Markets Trading

g Securities Services/ Custody

h Broker/Dealer

i Multilateral Development Bank

j Other

Does the bank have a significant (>10%) offshore customer base,either by number of customers or by revenue (where offshore14means not domiciled in the location where bank services are beingprovided)?

a If Y, provide details of the country and %

15 Select the approximate:

a Number of employees

b Total Assets

Confirm that all responses provided in the above166 Section I. ENTITY & OWNERSHIP are representative of all the

LE's branches

If No, clarify which questions the difference/s relate to16aand the branch/es that this applies to.

3

WCBDDQ - 23102017v1


Location:

S.No PRODUCTS & SERVICES Response

17 Does the Entity offer the following products and services:

a Correspondent Banking

a1 If Yes

Does the Entity offer domestic banks correspondent bankinga2 services?

Does the Entity allow domestic bank clients to provide downstreama3 relationships?

Does the Entity have processes and procedures in place to identifya4 downstream relationships for domestic banks?

Does the Entity offer Foreign Banks correspondent bankinga5 services?

a6 Does the Entity allow downstream relationships with Foreign Banks?

Does the Entity have processes and procedures in place to identifya7 downstream relationships with Foreign Banks?

Does the Entity offer regulated MSBs / MVTS correspondenta8banking services?

a9 Does the Entity allow downstream relationships with MSBs / MVTS?

4

WCBDDQ - 23102017v1


Location:

Does the Entity have processes and procedures in place to identifya10 downstream relationships with MSBs / MVTS?

b Private Banking (domestic & international)

c Trade Finance

d Payable through Accounts

e Stored Value Instruments

f Cross Border Bulk Cash Delivery

g Domestic Bulk Cash Delivery

h International Cash Letter

i Remote Deposit Capture

j Virtual / Digital Currencies

k Low Price Securities

l Hold Mail

m Cross Border Remittances

n Service to walk-in customers (non-account holders)

o Sponsoring Private ATMs

p Other high risk products and services identified by the Entity

Confirm that all responses provided in the above Section II.18 PRODUCTS & SERVICES are representative of all the LE's

branches

If N, clarify which questions the difference/s relate to and the18a branch/es that this applies to

5

WCBDDQ - 23102017v1


Location:

S.No AML & SANCTIONS PROGRAMME Response

Does the Entity have a programme that sets minimum AML19 and Sanctions standards regarding the following

components:

a Appointed Officer with sufficient experience / expertise

b Cash Reporting

c CDD

d EDD

e Beneficial Ownership

f Independent Testing

g Periodic Review

h Policies and Procedures

i Risk Assessment

j Sanctions

k PEP Screening

l Adverse Information Screening

m Suspicious Activity Reporting

n Training and Education

o Transaction Monitoring

How many full time employees are in the Entity's AML & Sanctions20 Compliance Department?

Is the Entity's AML & Sanctions policy approved at least21annually by the board or equivalent senior managementcommittee?

Does the Board or equivalent senior management committeereceive regular reporting on the status of the AML & Sanctions22programme?

Does the Entity use third parties to carry out any components23 of its AML & Sanctions programme?

6

WCBDDQ - 23102017v1


Location:

7

23a If Y, provide further details

24 Confirm that all responses provided in the above SectionAML & SANCTIONS are representative of all the LE's branches

24a If N, clarify which questions the difference/s relate to and the branch/es that this applies to.

WCBDDQ - 23102017v1


Location:

S.No ANTI BRIBERY & CORRUPTION Response

Has the Entity documented policies and procedures consistentwith applicable ABC regulations and requirements to25[reasonably] prevent, detect and report bribery andcorruption?

Does the Entity have an enterprise wide programme that sets26 minimum ABC standards?

Has the Entity appointed a designated officer or officers with27 sufficient experience / expertise responsible for coordinating the

ABC programme?

Does the Entity have adequate staff with appropriate levels of28 experience / expertise to implement the ABC programme

Is the Entity's ABC programme applicable to:29

a Joint ventures

b Third parties acting on behalf of the Entity

30 Does the Entity have a global ABC policy that

prohibits the giving and receiving of bribes? This includespromising, offering, giving, solicitation or receiving of anything ofa value, directly or indirectly, if improperly intended to influence actionor obtain an advantage

includes enhanced requirements regarding interaction with publicb officials

c includes a prohibition against the falsification of books and records?

8

WCBDDQ - 23102017v1


Location:

9

31 Does the Entity have controls in place to monitor the effectiveness of their ABC programme?

32 Does the Entity's board or senior management committee receive regular Management Information on ABC matters?

33 Does the Entity perform an Enterprise Wide ABC risk assessment?

a If Y select the frequency

34Does the Entity have an ABC residual risk rating that is the net result of the controls effectiveness and the inherent risk assessment?

WCBDDQ - 23102017v1


Location:

Does the Entity's ABC EWRA cover the inherent risk components35 detailed below:

Potential liability created by intermediaries and other third-partya providers as appropriate

Corruption risks associated with the countries and industries inb which the Entity does business, directly or through intermediaries

Transactions, products or services, including those that involvec state-owned or state-controlled entities or public officials

Corruption risks associated with gifts and hospitality,d hiring / internships, charitable donations and political contributions

Changes in business activities that may materially increase thee Entity's corruption risk

Does the Entity's internal audit function or other independent third36 party cover ABC Policies and Procedures

37 Does the Entity provide mandatory ABC training to:

a Board and senior committee management

b 1st Line of Defence

c 2nd Line of Defence

d 3rd Line of Defence

3rd parties to which specific compliance activities subject to ABCe risk have been outsourced

f Non-employed workers as appropriate (contractors / consultants)

Does the Entity provide ABC training that is targeted to specific38roles, responsibilities and activities?

Confirm that all responses provided in the above Section39ANTI BRIBERY & CORRUPTION are representative of all the LE'sbranches

If N, clarify which questions the difference/s relate to and the39abranch/es that this applies to.

10

WCBDDQ - 23102017v1


Location:

S.No POLICIES & PROCEDURES Response

Has the Entity documented policies and procedures consistent40 with applicable AML, CTF & Sanctions regulations and

requirements to reasonably prevent, detect and report:

a Money laundering

b Terrorist financing

c Sanctions violations

41 Are the Entity's policies and procedures updated at leastannually?

Are the Entity's policies and procedures gapped against /42 compared to:

a US Standards

a1 If Y, are any dispensations / waivers provided for such gaps?

b EU Standards

b1 If Y, are any dispensations / waivers provided for such gaps?

11

WCBDDQ - 23102017v1


Location:

43 Does the Entity have policies and procedures that:

Prohibit the opening and keeping of anonymous anda fictitious named accounts

Prohibit the opening and keeping of accounts for unlicensedb banks and/or NBFIs

Prohibit dealing with other entities that provide bankingc services to unlicensed banks

d Prohibit accounts / relationships with shell banks

Prohibit dealing with another Entity that provides services toe shell banks

Prohibit opening and keeping of accounts for Sectionf 311 designated entities

Prohibit opening and keeping of accounts for any of unlicensedg / unregulated remittance agents, exchanges houses, casa de

cambio, bureaux de change or money transfer agents

Assess the risks of relationships with PEPs, including theirhfamily and close associates

i Define escalation processes for financial crime risk issues

Define the process, where appropriate, for terminating existingj customer relationships due to financial crime risk

Specify how potentially suspicious activity identified byk employees is to be escalated and investigated

Outline the processes regarding screening for Sanctions, PEPsl and negative media

m Outline the processes for maintenance of internal "watchlists"

Has the Entity defined a risk tolerance statement or similar44 document which defines a risk boundary around their

business?

Does the Entity have record retention procedures that comply45with applicable laws?

a If Y, what is the retention period

Confirm that all responses provided in the above Section46 POLICIES & PROCEDURES are representative of all the LE's

branches

If N, clarify which questions the difference/s relate to and the46abranch/es that this applies to.

12

WCBDDQ - 23102017v1


Location:

S.No AML & SANCTIONS RISK ASSESSMENT Response

Does the Entity's AML EWRA cover the inherent risk components47detailed below:

a Client

b Product

c Channel

d Geography

Does the Entity's AML EWRA cover the controls effectiveness48 components detailed below:

a Transaction Monitoring

b Customer Due Diligence

c PEP identification

d Transaction Screening

Name Screening against Adverse Media & Negative Newse

f Training and Education

g Governance

h Management information

49 Has the Entity's AML EWRA been conducted in the last 12 months?

Does the Entity's Sanctions EWRA cover the inherent risk50components detailed below:

a Client

b Product

c Channel

d Geography

13

WCBDDQ - 23102017v1


Location:

Does the Entity's Sanctions EWRA cover the controls51effectiveness components detailed below:

a Customer Due Diligence

b Transaction Screening

c Name Screening

d List Management

e Training and Education

f Governance

g Management information

Has the Entity's Sanctions EWRA been conducted in the last 1252months?

Confirm that all responses provided in the above SectionAML & SANCTION RISK ASSESSMENT are representative of all53the LE's branches

If N, clarify which questions the difference/s relate to and the53a branch/es that this applies to.

14

WCBDDQ - 23102017v1


Location:

S.No KYC, CDD and EDD Response

54 Does the Entity verify the identity of the customer?

Do the Entity's policies and procedures set out when CDD55 must be completed, e.g., at the time of onboarding or within 30

days?

Which of the following does the Entity gather and retain when56 conducting CDD? Please select all that apply

a Ownership structure

b Customer identification

c Expected activity

d Nature of business / employment

e Product usage

f Purpose and nature of relationship

g Source of funds

h Source of wealth

57 Are each of the following identified:

a Ultimate beneficial ownership

a1 Are ultimate beneficial owners verified?

b Authorised signatories (where applicable)

c Key controllers

d Other relevant parties

At a minimum, what is the threshold applied to beneficial ownership58 identification?

Does the due diligence process result in customers receiving a59risk classification?

15

WCBDDQ - 23102017v1


Location:

If Y, what factors / criteria are used to determine the customer's risk60 classification? Please select all that apply:

a Product usage

b Geography

c Business type / Industry

d Legal Entity type

e Adverse information

f Other (please specify)

Does the Entity have a risk based approach to screening customers61 for adverse media / negative news?

62 If Y, is this at:

a Onboarding

b KYC renewal

c Trigger event

What is the method used by the Entity to screen for adverse media /63negative news?

16

WCBDDQ - 23102017v1

70 subject to EDD and/or are restricted, or prohibited by the entity's


Location:

S.No KYC, CDD and EDD Response

Does the Entity have a risk based approach to screening64 customers and connected parties to determine whether they

are PEPs, or controlled by PEPs?

65 If Y, is this at:

a Onboarding

b KYC renewal

c Trigger event

66 What is the method used by the Entity to screen PEPs?

Does the Entity have policies, procedures and processes toreview and escalate matters arising from screening customers67and connected parties to determine whether they are PEPs, orcontrolled by PEPs?

Does the Entity have a process to review and update customer68 information based on:

a Changes in risk classification

b KYC renewal

c Trigger event

Does the Entity maintain and report metrics on current and past69 periodic or trigger event due diligence reviews?

From the list below, which categories of customers orindustries are subject to EDD and/or are restricted, or70prohibited by the Entity's AML programme?

a Non-account customers

b Offshore customers

17

WCBDDQ - 23102017v1


Location:

18

c Shell banks

d MVTS / MSB customers

e PEPs

f PEP Related

g PEP Close Associate

h Correspondent Banks

WCBDDQ - 23102017v1


Location:

If EDD or EDD & Restricted, does the EDD assessment containh1 the elements as set out in the Wolfsberg Correspondent

Banking Principles 2014?

i Arms, defense, military

j Atomic power

k Environment / Corporate Social Responsibility

l Precious metals and stones

m Unregulated charities

n Regulated charities

o Red light business / Adult entertainment

p Non-Government Organisations

q Virtual currencies

r Marijuana

s Embassies / Consulates

t Gambling

u Payment Service Provider

v Other (please specify)

71 If restricted, provide details of the restriction

Does the Entity perform an additional control or quality review on72 clients subject to EDD?

Confirm that all responses provided in the above Section73 KYC, CDD and EDD are representative of all the LE's branches

If N, clarify which questions the difference/s relate to and the73a branch/es that this applies to

19

WCBDDQ - 23102017v1


Location:

20

currency reporting

S.No MONITORING & REPORTING Response

74 Does the Entity have risk based policies, procedures and monitoring processes for the identification and reporting of suspicious activity?

75 What is the method used by the Entity to monitor transactions for suspicious activities?

76 If manual or combination selected, specify what type oftransactions are monitored manually

77 Does the Entity have regulatory requirements to report currency transactions?

a If Y, doesprocesses

the Entity have policies,with

procedures andto comply

requirements?

78Does the Entity have policies, procedures and processes to review and escalate matters arising from the monitoring of customer transactions and activity?

79 Confirm that all responses provided in the above Section MONITORING & REPORTING are representative of all the LE'sbranches

79a If N, clarify which questions the difference/s relate to and the branch/es that this applies to

WCBDDQ - 23102017v1


Location:

S.No PAYMENT TRANSPARENCY Response

Does the Entity adhere to the Wolfsberg Group80 Payment Transparency Standards?

Does the Entity have policies, procedures and processes to[reasonably] comply with and have controls in place to ensure81compliance with:

a FATF Recommendation 16

b Local regulations

b1 Specify the regulation

c If N, explain

Does the Entity have processes in place to respond to Request for82 information (RFIs) from other entities in a timely manner?

Does the Entity have controls to support the inclusion of required83 and accurate originator information in international

payment messages?

Does the Entity have controls to support the inclusion of required84beneficiary in international payment messages?

Confirm that all responses provided in the above Section85 PAYMENT TRANSPARENCY are representative of all the LE's

branches


21

WCBDDQ - 23102017v1


Location:

S.No SANCTIONS Response

Does the Entity have a Sanctions Policy approved by managementregarding compliance with sanctions law applicable to the Entity,86including with respect its business conducted with, or throughaccounts held at foreign financial institutions?

Does the Entity have policies, procedures, or other controlsreasonably designed to prevent the use of another Entity’s accounts

87 or services in a manner causing the other Entity to violate sanctionsprohibitions applicable to the other Entity (including prohibitionswithin the other Entity's local jurisdiction)?

Does the Entity have policies, procedures or other controlsreasonably designed to prohibit and / or detect actions taken toevade applicable sanctions prohibitions, such as stripping, or88the resubmission and/or masking, of sanctions relevantinformation in cross border transactions?

Does the Entity screen its customers, including beneficialownership information collected by the Entity, during89onboarding and regularly thereafter against Sanctions Lists?

90 What is the method used by the Entity?

Does the Entity screen all sanctions relevant data, including at a91 minimum, Entity and location information, contained in cross border

transactions against Sanctions Lists?

92 What is the method used by the Entity?

Please select the Sanctions Lists used by the Entity in its93 sanctions screening processes:

a Consolidated United Nations Security Council Sanctions List(UN)

United States Department of the Treasury's Office ofb Foreign Assets Control (OFAC)

c Office of Financial Sanctions Implementation HMT (OFSI)

d European Union Consolidated List (EU)

e Lists maintained by other G7 member countries

f Other (Please specify)

22

WCBDDQ - 23102017v1


Location:

23

94 How timely does the Entity update its lists when new entities are added to Sanctions List?

95 How timely are additions or updates to the Sanctions Lists used by the Entity incorporated into the Entity's active screening against:

a Customer Data

b Transactions

96

Does the Entity have a physical presence, e.g., branches, subsidiaries, or representative offices located in countries/ regions against which UN, OFAC, OFSI, EU and G7 member countries have enacted comprehensive jurisdiction-based Sanctions

97 Confirm that all responses provided in the above Section SANCTIONS are representative of all the LE's branches


WCBDDQ - 23102017v1


Location:

S.No TRAINING & EDUCATION Response

98 Does the Entity provide mandatory training, which includes :

Identification and reporting of transactions toa government authorities

Examples of different forms of money laundering, terroristb financing and sanctions violations relevant for the types of

products and services offered

Internal policies for controlling money laundering, terroristc financing and sanctions violations

New issues that occur in the market, e.g. significantd regulatory actions or new regulations

e Conduct and Culture

99 Is the above mandatory training provided to :

a Board and senior committee management

b 1st Line of Defence

c 2nd Line of Defence

d 3rd Line of Defence

e 3rd parties to which specific FCC activities have been outsourced

f Non-employed workers (contractors/consultants)

Does the Entity provide AML, Sanctions & CTF training that is100 targeted to specific roles, responsibilities and HR products, services

and activities?

Does the Entity provide customised training for AML and Sanctions101 staff?

Confirm that all responses provided in the above Section102 TRAINING & EDUCATION are representative of all theLE's branches


24

WCBDDQ - 23102017v1


Location:

25

S.No QUALITY ASSURANCE /COMPLIANCE TESTING Response

103 Are the Entity's KYC processes and documents subject to quality assurance testing?

104Does the Entity have a programme wide risk based and independent QA or Compliance Testing process (separate to the independent Audit function)?

105Confirm that all responses provided in the above SectionQuality Assurance / Compliance Testing are representative of all the LE's branches


WCBDDQ - 23102017v1


Location:

S.No AUDIT Response

In addition to inspections by the government supervisors/regulators,does the Entity have an internal audit function, a

106 testing function or other independent third party, or both, thatassesses FCC AML and Sanctions policies and practices on aregular basis?

How often is the Entity audited on its AML & Sanctions programme107by the following:

a Internal Audit Department

b External Third Party

Does the internal audit function or other independent third party108 cover the following areas:

a AML & Sanctions policy and procedures

b KYC / CDD / EDD and underlying methodologies

c Transaction Monitoring

d Transaction Screening including for sanctions

e Name Screening & List Management

f Training & Education

g Technology

h Governance

i Reporting / Metrics & Management Information

j Suspicious Activity Filing

k Enterprise Wide Risk Assessment

l Other (please specify)

Are adverse findings from internal & external audit tracked to109 completion and assessed for adequacy and completeness?

Confirm that all responses provided in the above section,110 AUDIT are representative of all the LE's branches


26

WCBDDQ - 23102017v1


Location:

Wolfsberg Correspondent Banking Due Diligence Questionnaire 2017 (CBDDQ 2017)

Declaration Statement (To be signed by Group Money Laundering Prevention Officer, Global Head of Anti-Money Laundering, Chief Compliance Officer, Global Head of Financial Crimes Compliance or equivalentposition holder AND/OR Global Head of Correspondent Banking)

______________________ (bank name) is fully committed to the fight against financial crime and makesevery effort to remain in full compliance with all applicable financial crime laws, regulations andstandards in all of the jurisdictions in which it does business and holds accounts.______________________ (bank name) understands the critical importance of having effective andsustainable controls to combat financial crime in order to protect its reputation and to meet its legaland regulatory obligations.

______________________ (bank name)recognises the importance of transparency regarding parties totransactions in international payments and has adopted/is committed to adopting these standards.

______________________ (bank name) further certifies it complies with/is working to comply with theWolfsberg Correspondent Banking Principles and the Wolfsberg Trade Finance Principles.

The information provided in this Wolfsberg CBDDQ will be kept current and will be updated no lessfrequently than on an annual basis. __________________________(bank name) commits to file accuratesupplemental information on a timely basis.

I, __________________________ (MLRO or equivalent), certify that I have read and understood thisdeclaration, that the answers provided in this Wolfsberg CBDDQ are complete and correct to my honestbelief, and that I am authorised to execute this declaration on behalf of ______________________________

I, __________________________(Global Head of Correspondent Banking), certify that I have read andunderstood this declaration, that the answers provided in this Wolfsberg CBDDQ are complete and correct to myhonest belief, and that I am authorised to execute this declaration on behalf of ______________________ _(bank name)

_______________________ (Signature & Date)

27

WCBDDQ - 23102017v1

Documents

F in an cial In s titu tio n N a m e : 1 - Bocpic.bankofchina.com/bocappd/italy/201711/P020171107419870456633.… · F in an cial In s titu tio n N a m e : L o c a tio n : The questionnaire