Money Laundering Prevention, Combating of Financing of Terrorism and Know Your Customer Policies for HNB Group (Revised)

R M P Ratnayake Chief AML Compliance Officer 30th June 2009

An Outline
The precise meaning of the word Banking is trust. The business of banking evolved several centuries ago, in whatever the form it took at that time. Immaterial of the structure of comprehensiveness, the banker behaved and conducted the business in a manner that the trust placed in him and his business by the general public, the sovereign, the policy makers and the business community did not wean off or deteriorate at any time. Accepting money as a deposit, earned or received through illegal sources such as crime, prostitution, pilfering by persons with authority, fraud, robbery or terrorism is considered anti-social and probably viewed as helping or encouraging those culprits to continue such activity in the future as well. Knowingly or unknowingly aiding and abating to launder dirty money and mix them with money in circulation is a punishable offence. Tipping off or advising a money launderer to take away dirty money and hide from the law is also a criminal and punishable offence.

Contents
Executive Summary Introduction
Introduction Vision Mission Objectives of AML Policy Validity of AML Policy Review of AML Policy Document Ownership of the Policy Scope of the Policy Risk Committee of HNB AML Unit AML/CFT Compliance by Subsidiaries and Overseas Offices 2 2 2 3 3 3 3 4 4 4 5 6 7 7 8 8 9 9 9 10 10 10 11 11 12 12 13 13 14 14 15 15 15 Page 1

HNBs Internal AML/KYC Procedure

Know Your Customer Principles (KYC) Obtaining AML/KYC Data from Existing/New Customers Opening of Accounts/establishing customer relationship Opening an accounts for an individual Opening accounts for legal entities Opening accounts for Minors, Elderly or Disable persons Telephone & Internet Banking Accounts for charitable organizations, religious bodies, sporting, social and Professional bodies/societies Non account holders/walking customers Correspondent Banks Risk Profiling of Customers Customer Due Diligence Ongoing Customer Due Diligence Additional Guidelines on Money Laundering AML Monitoring & Controls AML Reporting Structure Chief AML Compliance Officer (CAMLCO) Responsibilities of Chief AML Compliance Officer Responsibilities of the Corporate Management Responsibilities of other employees Responsibilities of Internal Audit

Suspicious Transactions/Businesses Suspicious Cash Transactions Suspicious Transactions using Customer Accounts Suspicious Investment related Transactions Suspicious Transactions using Electronic Banking Services Suspicious International Banking & Financial Transactions Suspicious use of Letters of Credit Suspicious Loan Transactions Additional indications of possible Money Laundering (for employees to be aware of and keep in mind at all times) General Cash Transactions Transactions involving Accounts Transaction related to Offshore Business Activity Personal Transactions Corporate & Business Transactions Transactions related to Loans & Similar Products Foreign Exchange Dealings & Money Services Businesses Recognizing & Reporting of Suspicious Transactions How to report a Suspicious Transaction Reporting Procedure Role of Chief AML Compliance Officer on Receiving the Report The importance of Timing in Reporting Other Mandatory Reports to Financial Intelligence Unit Training of Staff Training Methodology Retention of Records Cooperation with Authorities Powers and Functions of Financial Intelligence Unit Freezing and Forfeiture of Assets in relation to Offence of Money Laundering

16 16 17 17 18 18 18 19 19 19 20 21 21 22 22 22 22 23 23 23 24 24 25 25 26 26 26 27 27

Executive Summary
HNB and its group of companies, recognize as a policy; the importance of complying with the regulations relating to Anti Money Laundering and Combating Financing of Terrorism, thereby assisting the regulators and law enforcement agencies to combat money laundering and terrorist financing. The steps taken by HNB towards same are as follows. Establishing an Anti Money Laundering Unit which is headed by the Chief AML Compliance Officer who is a member of the banks Senior Management. Chief AML Compliance Officer reports to MD/CEO through AGM (Risk & Compliance) who is a corporate management officer. The Branch Managers and Heads of Departments/Divisions have been appointed as AML Compliance Officers for the Branches/Departments under their purview. Regional Heads are appointed as Regional Compliance Officers for AML/CFT purposes, to whom Branch Managers may report. However, Branch Managers have the option to deal direct with the AML Unit at head Office. AML/KYC data collection forms were introduced as mandatory documents to be obtained along with the account opening mandate, which have been designed based on minimum set of common information identified by AML Compliance Officers of all banks, based on the stipulations of FTRA No. 6 of 2006 and Minimum Standard Rules and Guidelines issued by FIU in May 2007 Due to very heavy volume of existing customer base, the present initial focus will be on all Current Accounts and other Customer Accounts that record high transaction volumes/balances. The bank will embark on the rest of the account relationships on a risk based approach. A Risk Matrix, has been developed and all Branch Managers and Officers in Charge of opening of accounts have been trained on the application of the Risk Matrix towards Risk Profiling of Customers as; High Risk, Medium Risk & Low Risk. Risk Profiling is done centrally upon completion of AML/KYC data collection exercise and necessary internal software development and installation of expert AML software. HNB will continue to update its AML policies and procedures periodically, in order to meet the new rules and regulations and the changes in banks operational activities. HNB recognizes and are aware that preventing money laundering/combating financing of terrorism and adherence to KYC principles is an on-going process that involves constant due diligence.

Chief AML Compliance Officer AML Unit Level 18 HNB Towers

-1-

Introduction
Introduction
By legislation, banks operating in Sri Lanka are required to be compliant to AML/CFT laws and regulations issued by the financial Intelligence Unit. It is recognized that there has to be in place; a mechanism, to consider AML/CFT from the perspective of the bank which provides policy guidelines for the employees of the bank who may have to deal with wide range of AML/CFT issues on daily transactions. This document will therefore serve such purpose. Whilst predominantly serving as the AML policy document with the approval of the Risk Committee / Board of Directors, it provides additional inputs to the compliance officers and staff members.

VISION Establish an AML/CFT Risk mitigating culture within the organization to provide necessary measures to prevent Money Laundering and combat Financing of Terrorism.

MISSION Establish and Maintain internal procedures and systems to; (a) (b) (c) (d) (e) Implement customer identification requirements Implement procedures for record keeping and retention requirements Implement the processes of on-going customer due diligence and scrutiny of customers Implement the reporting requirements Make the staff aware of the laws relating to ML and FT

Establish an audit functions to test the banks procedures and systems for necessary compliance Familiarize staff on AML concepts & train them to recognize suspicious transactions Ensure that the Off-Shore Customer Centers and Subsidiary Companies adopt and observe AML measures in the same manner as mentioned above.

-2-

Objectives of AML Policy To protect the reputation of HNB and the group of companies To make HNB fully compliant to AML laws & regulations. To establish an effective mechanism to prevent Money Laundering & Combating of Financing Terrorism To assist the regulators in preventing Money Laundering & Combating Financing of Terrorism To safeguard the bank, its stakeholders, the economy, the public and the country, from all kinds of AML/CFT risks. To build global confidence over the bank and the country.

Validity of the AML Policy This policy document has been prepared based on the provisions of the legislations on AML/CFT in Sri Lanka, such as Convention on the Suppression of Financing of Terrorism Act No. 25 of 2005, Prevention of Money Laundering Act No. 05 of 2006 and Financial Transaction Reporting Act No. 06 of 2006 and the Minimum Standard Rules and Guidelines issued by Financial Intelligence Unit of Central Bank of Sri Lanka. Review of AML Policy Document The bank as a policy recognize the need to periodically review the AML policy document in order to ensure that there is a proper balance between the AML policies and prevailing business practices of the bank which are subject to amendments, in view of frequent changes in the landscape of operations and complexity in the banks operational activities driven by the external and internal forces such as competition, technological changes, business process re-engineering, geographical expansion of business and variety of products and services being introduced. Ownership of the Policy Ownership of this document will primarily be vested with the Risk Committee and the Corporate Management of the Bank. Implementation of the Policy will be the responsibility of the Chief AML Compliance Officer (CAMLCO). Any constraints faced by CAMLCO in implementation of the policy must be brought to the notice of AGM (Risk & Compliance), who in turn should bring same to the notice of MD/CEO and Risk Committee of the Bank and appropriate solutions must be asserted.

-3-

Scope of the Policy The scope of this policy extends to all areas of business carried out by HNB, including its overseas operations and businesses of subsidiaries. Risk Committee of HNB Risk Committee of HNB is comprised of several Key Corporate Management members and chaired by MD/CEO. The CAMLCO and Asst. General Manager (Risk & Compliance) are members of the Risk Committee and provide current inputs to the Risk Committee for discussion and solutions. AML Unit The AML Unit of HNB is located at the Head Office and liaise with all customer centres, subsidiary companies and offices overseas. Based on the current and future requirements, the composition of the AML Unit will vary and strategies to combat ML/TF through business processes and procedures will be continuously updated. The main functions of the AML Unit are as follows. Ensure that customer centres and business units acquire minimum KYC data and carryout Customer Due Diligence using a common minimum set of data identified by AML Compliance Officers of all banks operating in Sri Lanka in order to create a level playing field among all competitor banks Screening for suspicious transactions and take appropriate action. Submission of Cash Transactions Reports (CTR) and Electronic Funds Transfer Reports (EFT) to FIU every fortnight above the threshold prescribed. (Rs.1.0 Mn.) Submission of Suspicious Transaction Reports (STR) to FIU. Responding to FIU inquiries and requests for information. Ensure that subsidiary companies operating within the HNB Group and the overseas offices comply with the statutory requirements. This is done by way of developing AML policies for such operations and monitoring proper application/implementation of processes, procedures and controls. Training staff on the laws relating to Anti Money Laundering & Combating Financing of Terrorism Train staff to recognize suspicious transactions and follow the reporting structure. Risk Profiling of Customers on AML/CFT perspective. Maintain cordial relationships with regulators, law enforcement agencies and competitor banks and counterparties Working towards procuring a common AML software for all banks to employ the AML/CFT surveillance activities to create a level playing field. Updating AML/KYC/CFT policies periodically

-4-

AML/CFT Compliance by Subsidiaries and Overseas Offices HNB comprises the following subsidiaries at present. HNB Assurance Plc Sithma Development (Pvt) Ltd. Acuity Partners (Pvt) Ltd., Comprising Acuity Securities PLC. and Acuity Stock Brokers PLC.

The overseas offices managed by HNB at present are as follows. Delma Exchange UAE Majan Exchange Oman Commercial Interlink Financial Services Canada

HNB Plc, as the Parent Company, has the responsibility to ensure that its subsidiary companies and overseas offices comply with the local AML/CFT regulations and that of the relevant foreign jurisdictions. This is done by way of developing AML policies for such operations and monitoring the relevant processes/procedures/controls for proper applications and implementation.

-5-

Hatton National Banks Internal AML/KYC Procedures

-6-

Know Your Customer Principles (KYC)

In KYC Principles, particularly, when opening accounts or establishing customer relationships, the identity and relevant information of every customer and related counterparties need to be obtained to ensure that no business is conducted with money launderers, terrorists and blacklisted persons or entities. In order to assist branches in the process of acquiring KYC data of their customers, AML KYC data collection forms have been introduced and put into practice, the details of which are as follows. 1) KYC Data Collection Form (appropriate form to be selected from i iv below) i. ii. iii. iv. Form AML 1(a) Applicable for Individual/Joint Accounts Form AML 1(b) Applicable for Sole Propriator/Partnership Accounts Form AML 1(c) Applicable for Limited Liability Companies Form AML 1(d) Applicable for Miscellaneous Accounts

2) Individual Information Sheet (Form AML 2) (To be obtained from Directors/Partners/Sole Proprietor/Office Bearers of Clubs & Societies/Trustees/Attorneys/Administrators/Executors etc. as the case may be, in addition to the KYC form applicable to relevant account maintained by the entity which they represent. (Specimens of the above forms, please find in Annexure I)

Obtaining AML/KYC Data from existing/new customer

Keeping in line with legislations, HNB recognizes its duty to acquire AML/KYC data from its customer base, i.e. both existing & new. Accordingly as mentioned above, branches were equipped with AML data collection forms and a letter intended to be dispatched to all existing customers, prepared in English, Sinhala & Tamil signed by the CAMLCO, which describes the circumstances under which such details are being called for, to enable branches to acquire AML/KYC data from existing customers. In view of the extremely large number of accounts involved, the process is to be carried out in the following manner. Details of all new customers should be obtained at the time of opening of accounts using the KYC data collection forms made available. AML Forms and the Special Letter addressed to the customer signed by CAMLCO to be made available to all existing Current Account holders without any exception. This can be done by way of handing over letters personally to those customers who visit the branch, hand delivering the letters to the customers in the vicinity of forwarding the letters along with the Current Account Statement. In the event of failure in all above available options, letters could be dispatched by mail.
-7-

On the portfolio of existing Savings Account customers, please follow the same procedure stated above in relation to current accounts (except the option of delivery the forms with the statement) to be adopted, except for those accounts which carry less than Rs.500,000balance as at 31/05/2009. The following procedure to be adopted in respect of rest of existing savings customers i.e. whose accounts have recorded a balance of less than Rs.500,000- as at end of May 2009. i. The forms to be handed over to the customers when they visit the branch on their 1st visit Priority must be given to acquire AML/KYC data on a risk based approach

ii.

As regards all Fixed & Time Deposit accounts, AML forms may be handed over when the renewal notice is served or when the customer calls over at the branch, whichever occurs earlier.

Opening of Accounts/Establishing Customer Relationships

Opening an account for an Individual Branch must obtain and record the following information a) b) c) d) e) f) g) h) Full Name Residential address National Identity Card or Passport or Driving License Occupation Employers name and address of Business Details (as appropriate) Source of Funds Birth Certificate (in case of minor accounts) Expected value of deposits to be routed through the account per month

The details given above must be verified for accuracy by checking any of the following a) b) c) d) Original NIC Valid Passport Valid Driving License Bank Statements etc.

In addition supplemented by Water/Electricity/Telephone Bill or any proof to show physical presence at the address (location), if the declared address vary from that of the produced identity document.

-8-

Opening Account for Legal Entities Branches are required to obtain and record following information a) Entity name b) Business registration certificate number c) Legal Form d) Registered Address e) Type of business activity f) Source of Funds g) Expected value of deposits to be routed through the account per month h) Personal details of Directors, Key officials etc. The details given above need to be verified and supplemented by a) b) c) d) e) f) g) Certificate of Incorporation Business registration certificate Memorandum and Articles of Association Partnership Agreement Form 48 under the Companies Act Resolution adopted to open account if Company Certificate of commencement of business

When opening accounts for Minors, Elderly or Disabled Persons In addition to the normal identification of individuals a) Identity of parent/legal guardian b) Identity of person authorized to operate account c) In case of a legal guardian other than parents, certified copy of Court Order appointing such guardian

Telephone and Internet Banking (This applies to instances where there are no face to face contacts with the customers) Identification procedures when there is no face to face contact must serve two purposes. (i) (ii) A person bearing the name of the applicant exists and lives at the address provided. They must ensure that the applicant is indeed that person

The following checks/verification measurers when done will give a reasonable degree of assurance as to the authenticity of the applicant when there is no face to face contact.

-9-

Some of the more widely used methods and checks are : a) Telephone contact with applicant independently verified at home or business number b) Obtaining previous bank statements to determine employer, income level, banking transactions etc. c) Obtaining of a reference letter from employer/another individual of certain social standing/organization which is satisfactory is acceptable to the Bank. Accounts opened for charitable organization, religious bodies, sporting social and professional bodies/societies Accounts should not be opened for the above unless proof of their existence and authority to carry out their functions is submitted and the Bank could verify the accuracy by other additional means. Non Account Holders/Walk in Customer Those who wish to conduct one-off transactions the details of such customers i.e. name, address and NIC number and also those of any beneficial owners if there are any, must be verified prior to entering into any relationships, by obtaining some proof of identity. Correspondent BankWhen acting as a Correspondent Bank, the Bank should gather sufficient Information about the respondent bank to fully understand the nature of their business. Factors that should be taken into consideration: a. b. c. d. e. f. g. Respondent Banks Management Its major business activities Location of the business Respondent Banks KYC and Money Laundering prevention and detection efforts The purpose of the account Condition of Bank regulation and supervision in the correspondents country The Bank should refuse to enter into or continue a correspondent banking relationship with a i. Bank incorporated in a jurisdiction in which it has no physical presence (eg. Shell Banks) ii. Where banks are located in countries that have poor KYC standards or have been identified by FATF as non compliant to AML/CFT regulations

- 10 -

Risk Profiling of Customers The AML Unit has developed a Risk Matrix to risk profile the customers. The following criteria are used to ascertain the level of risk pertaining to each customer. 1. The type of account 2. The volume of funds routed through the account 3. Availability of documentary evidence to justify the declared levels of operation and status of the customer All branch managers and officers in charge of opening of accounts have been given an extensive training in the application of risk matrix. However, the policy decision has subsequently been taken to carry out the risk profiling centrally, upon installation of the expert AML software and making necessary adjustments in the core system to make provision for branches to input required data into the system.

Customer Due Diligence HNB carries out customer due diligence measures including identifying and verifying the identity of the customer when; establishing new business relationships carrying out occasional transactions a suspicion of money laundering or terrorist financing occurs the Bank has doubts about the veracity or adequacy of previously obtained customer identification data

In the above process, the following measures will be undertaken. Identifying the customer and verifying the customers identity using reliable source documents Identifying the beneficial owner when transactions are carried out by third parties Obtaining information on the purpose and intended nature of the business relationship The sources of income

Ongoing Customer Due Diligence Depending on the risk category i,e, whether the relationship falls under High Risk, Medium Risk or Low Risk, ongoing customer due diligence will be carried out on the following basis. Low Risk In the event the volumes exceeds the declared levels Medium Risk Once a year High Risk Quarterly
- 11 -

Additional Guidelines on Money Laundering pertaining to the above Where the Bank acts as a trustee, escrow agent or in other fiduciary capacity we should establish the identity of the individual/entities involved and the identity of the actual beneficiaries and determine the legitimacy of the transaction. The Bank shall not open an account or engage in any business dealings with customers under factitious names or numbers where we do not know the original identity of the account holder. Where a person operates an account by way of a Power of Attorney and a third party operates same, bank needs to follow the KYC as in a normal person for both parties. Where an entity authorizes Director/employee to operate the account, the certified copy of the Board Resolution or other applicable document should be called for, to ensure the genuineness of the authorization.

- 12 -

AML Monitoring and Controls

AML Reporting Structure

The AML Reporting Structure of HNB is as follows. Board of Directors MD/CEO

AGM R & C

Chief AML Compliance Officer

Regional Head

Regional Head

Regional Head

Branches

Branches

Branches

Branches

Branches

Branches

Heads of Depts. & Units

- 13 -

CHIEF AML COMPLIANCE OFFICER (CAMLCO) Bank has delegated the responsibility to control and monitor AML issues within the bank to an independent staff member, designated as Chief AML Compliance Officer with reporting line directly to the Managing Director/Chief Executive Officer through Asst. General Manager (Risk & Compliance). The MD/CEO will report to the Board of Directors, should circumstances warrant same Responsibilities of the Chief AML Compliance Officer Implement anti money laundering policy of the bank in line with the requirements and update AML policy on an ongoing basis in line with local and international requirements. Ensure that all branches and departments conduct their business in concordance with the spirit of the banks AML policy. Monitor the day-to-day operations to detect unusual customer activity (as mentioned elsewhere in this document under section recognising suspicious transactions/business) Serve as a contact point in the bank for AML Compliance issues: a) Provide feed back to staff on compliance requirements b) Receiving internal suspicious transactions reports from staff, analyse and investigate same and liaise with the financial intelligence unit as appropriate. c) Taking reasonable steps to acquire relevant information from customer or other sources. d) Report all suspicious/money laundering transactions to Managing Director/CEO and AGM (Risk & Compliance) and Financial Intelligence Unit (FIU) To ensure that branches and business units acquire minimum KYC data and carryout Customer Due Diligence using the common minimum set of data. Screening of suspicious transactions and take appropriate action / submission of Suspicious Transaction Reports (STR) to FIU Submission of statutory reports, i.e. Cash Transaction Reports (CTR) and electronic Funds Transfer Reports (EFT) every fortnight (EFT & CTR for transactions above Rs. 1.0 Mn.). Attending to FIU inquiries and requests for information

- 14 -

To ensure that subsidiary companies in the HNB Group and the offshore customer centres comply with the statutory requirements. This is done by way of developing AML policies for such operations and monitoring proper application/implementation of processes, procedures and controls. Training staff on the laws relating to Anti Money Laundering & Combating Financing of Terrorism Train staff to recognize suspicious transactions and follow the reporting structure. Risk Profiling of customers on AML/CFT perspective, with the assistance from IT/Software. Maintain cordial relationships with regulators, law enforcement agencies and competitor banks & counterparties Working towards procuring a common AML software for all banks to intensify AML/CFT monitoring activities. Updating AML/KYC/CFT policies periodically, depending on the changing environmental factors.

Responsibilities of the Corporate Management Corporate Management is broadly responsible for ensuring that all business units within the bank comply with AML/CFT regulations with the assistance of Chief AML Compliance Officer . Also, they are responsible for taking appropriate actions to resolve policy issues reported to them by CAMLCO or Internal Audit Department of the bank. In carrying out the above responsibilities, Corporate Management will be assisted by the Risk Committee of the bank, which is comprised of several Corporate Management Officers.

Responsibilities of the Other Employees All employees have a responsibility primarily towards the employer and secondarily towards the country to follow and apply the AML/CFT procedures and controls developed by the bank to ensure compliance with the AML policy guidelines. Responsibilities of the Internal Audit The Banks Internal Audit Department is responsible for checking whether business units comply with laid down internal procedures, control and AML/CFT Policy Guidelines. Any deviations identified must be reported to the Corporate Management and the Chief AML Compliance Officer for appropriate action and necessary rectifications.

- 15 -

Suspicious Transactions/Business
Whilst all unusual transactions are not automatically linked to Money Laundering, unusual transactions become suspicious if they are considered inconsistent with a customers known legitimate business or personal activities or with the normal business for that type of an account. The following are some but certainly not all areas where staff should remain vigilant to possible Money Laundering situations. The fact that any of the following do occur does not necessarily lead to a conclusion that Money Laundering has taken place, they could well raise the need for further inquiry. A key to recognizing suspicious transactions is to know enough about the customer to recognize that a transaction, or series of transactions, is unusual for that particular customer. Whilst the following provide some examples, recognizing suspicious transactions is a matter of good sense and attention to detail.

Suspicious Cash Transactions 1. Unusually large cash deposits made by an individual or an entity whose normal business activities would mainly be conducted by cheques or other instruments. 2. Substantial increase in cash deposits by any individual or an entity without an apparent cause, especially if such deposits are subsequently transferred within a short period out of the account to a destination not normally associated with the customers. 3. Customers who deposit or receive deposits in numerous stages and/or in different locations under uni banking systems without citing acceptable reasons. 4. Customer accounts whose transactions, both deposits and withdrawals are mainly conducted in cash rather than in negotiable instruments (e.g. cheques, letters of credit, draft etc.) without an apparent reason. 5. Customer who constantly pay-in deposits in cash to meet requests for Bankers drafts, money transfers or other negotiable instruments without an apparent reason. 6. Customer who seek to change large quantities of lower denomination bank notes for those of higher denomination bank notes with no obvious reasons. 7. Customers who transfer large sums of money outside the country with instructions for payment in cash, in favour of non-resident customers with no apparent business purposes. 8. Unusually large cash deposits using ATMs or cash deposit machines to avoid direct contact with the employees of the bank and if such deposits are not consistent with the business/normal income of the concerned customers.

- 16 -

Suspicious Transactions using Customers Accounts 1. Customers who maintain trust accounts, not required by the type of business they conduct particularly. 2. Customers who have numerous accounts and pay-in amounts of cash to each of these accounts, whereby the total of credits is a large amounts; except, for institutions which maintain such multiple accounts for banking relationships which are explainable. 3. Any individual or company whose account shows virtually no business-related activates, but is used to receive or disburse large sums which have no obvious purpose or for a purpose not related to the account holder and/or his business. 4. Customers who have accounts with several financial institutions within the same locality and who transfer the balances of those accounts to one account, then transfer the consolidated amount to a person abroad. 5. Paying-in large third party cheques endorsed in favour of the account holder when they do not seem to be relevant to the account holder and his nature of business. 6. Large cash withdrawals from a previously dormant/inactive account, or from an account which has just received unexpected large sums of money from abroad. 7. Individuals who deposit monies into an account without an adequate explanation. 8. A large numbers of depositors making deposits into a particular account without any acceptable reasoning. 9. Unusually large deposits in any account of a business whose accounts have never witnessed such deposits; particularly, when a large part of such deposits are in cash.

Suspicious Investment Related Transactions 1. Purchasing of securities to be held by the bank in safe custody, where same does not appear appropriate given the customers apparent standing. (Financial income etc.) 2. Individual or commercial institutions who bring in large sums of money to invest in foreign currencies or securities, where the size of transactions are not consistent with the income of the concerned individual or commercial institutions.

3. Buying or selling securities with no justifiable purpose or in circumstances, which appear unusual.

- 17 -

Suspicious Transactions Using Electronic Banking Services 1. When an account received numerous small fund transfers electronically, and then the account holder carries out large transfers in the same way to another country/destination. 2. Where a customer makes regular and large payments using different means including, electronic payments that cannot be clearly identified as bonafide transactions, or receive regular and large payments from countries known for serious ML/FT activities. 3. Where transfers from abroad which are received in the name of a customer of the bank or any financial institution electronically, are then transferred abroad in the same way.

Suspicious International Banking and Financial Transactions 1. Customers introduced by a branch outside the country, an affiliate or another bank, based in one of the countries known for the production or consumption of drugs or other serious criminal activities. 2. Building up of large balances not consistent with the known turnover of the customers business and the subsequent transfer to account(s) held abroad or another destination 3. Frequent request for Travellers, Cheques, foreign currency drafts or other negotiable instruments, for no obvious reasons. 4. Frequent paying-in of Travellers Cheques or foreign currency drafts, into accounts for no obvious reasons, particularly if such instruments have been originated abroad. Suspicious use of Letters of Credit a. Where applicant of a LC (customer of the bank) and the beneficiary of the LC are same individuals/entities. Where the Banks customer who opens letters of credit, when the beneficiary is a owner of a shipping company Where amounts on letters of credit submitted by the customer to the bank and to the Customs/Ports/Airport authorities do not match the original. Where the size of the facilities are not in line with the securities on hand, nature of business and net-worth of the customers. Where such trade is not consistent with the customers usual business

b.

c.

d.

e.

- 18 -

Suspicious Loan Transactions: 1. 2. Customers who repay classified/problem loans, surprisingly before the expected time. Customers who request loans against assets held by third parties, where the origin of these assets is not known, or the assets are inconsistent with the customers standing. Non-resident individuals who request loans secured by bank guarantees issued by foreign banks where the purpose of the transaction is questionable. Loan transactions against pledge of deposits with financial institutions outside the country, especially if these were in countries known for the production, processing or consumption of drugs or other criminal activities.

3.

4.

Additional Indications of Possible Money Laundering (For employees to be aware of and keep in mind at all items)
Supplementary to the information provided earlier, the following items are additional indications of unusual or suspicious activity. General Frequent address changes by customers/clients Client does not want correspondence sent to home address Client repeatedly uses an address but frequently changes the names involved Client uses a post office box or general delivery address, or other type or mail drop address, instead of a street address when this is not the norm for that area. Clients home or business telephone number has been disconnected or there is no such number when an attempt is made to contact client shortly after he/she has opened an account Client is always accompanied and watched/guarded. Client shown uncommon curiosity about internal systems, controls, policies and reporting; client has unusual knowledge of the law in relation to suspicious transaction reporting. Client has only vague knowledge of the amount of a deposit Client gives unrealistic, confusing or inconsistent explanation for transaction or account activity. Defensive stance to questioning or over-justification of the transaction. Client is secretive and reluctant to meet in person Unusual nervousness of the person conducting the transaction. Client insists on a transaction being done quickly Client appears to have recently established a series of new relationships with different financial entities.

- 19 -

 Client attempts to develop close rapport with staff. Client offers money, gratuities or unusual favours for the provision of services that may appear unusual or suspicious. Client attempts to convince employee not to complete any documentation required for the transaction. Large contracts or transactions with apparently unrelated third parties, particularly from abroad. Large lump-sum payments to or from abroad, particularly with countries known or suspected to facilitate money laundering activities. Client is quick to volunteer that funds are clean or not being laundered Clients lack of business knowledge and trade practices. Forming companies or trusts with no apparent business purposes Unusual transference of negotiable instruments. Uncharacteristically premature redemption of investments particularly with requests to remit proceeds to apparently unrelated third parties, with little regard to tax or other cancellation charges. Large or unusual currency settlements for investments or payment for investments made from an account that is not the clients Clients seeking investment management services where the source of funds is difficult to pinpoint or appears inconsistent with the clients means or expected behavior Purchase of large cash value investments, soon followed by heavy borrowing against them. Buying or selling investments for no apparent reason, or in circumstances that appear unusual, (eg. Losing money on such investments without being concerned.) Forming overseas subsidiaries or branches that do not seem necessary to the business and manipulating transfer prices with them. Extensive and unnecessary foreign travel. Purchasing at prices significantly below or above market. Excessive or unusual sales commissions or agents fees, large payments for unspecified services or loans to consultants, related parties, employees or government employees. Cash Transactions Client frequently exchanges small notes for large ones. Deposit of bank notes with a suspect appearance (very old notes, notes covered in powder etc.) Use of unusually large amounts in travelers cheques Frequent domestic and international ATM activity Client asks to hold or transmit large sums of money or other assets when this type of activity is unusual for the client. Purchase or sale of gold, diamonds or other precious metals or stones in cash, specially when the bank has doubts about bona fide of such activities, based on the customer declared business standing/nature. Shared address for individuals involved in cash transactions, particularly when the address is also for a business location, or does not seem to correspond to the stated occupation
- 20 -

Transactions Involving Accounts Apparent use of personal account for business purposes. Opening accounts when the clients address is outside the local service ares Opening accounts with names very similar to other established business entities. Opening an account that is credited exclusively with cash deposits in foreign currencies. Use of nominees who act as holders of, or who hold power of attorney over, bank accounts. Account with a large number of small cash deposits and a small number of large cash withdrawals. Funds being deposited into several accounts, consolidated into one and transferred outside the country. Use of wire transfers and the e-banking to move funds to/from high-risk countries and geographic locations. Accounts receiving frequent deposits of bearer instruments (e.g. bearer cheques, money orders, bearer bonds) followed by outward wire transactions. Deposit at a variety of locations and times for no logical reason. Multiple transactions are carried out on the same day at the same branch but with an apparent attempt to use different tellers. Establishment of multiple accounts, some of which appear to remain dormant for extended periods. Accounts that was reactivated from inactive or dormant status suddenly sees significant activity. Cash advances from credit card accounts to purchase cashiers cheques or to wire-out funds to foreign destinations. Large cash payments on small or zero-balance credit card accounts followed by credit balance refund requests made by account holders. Attempting to open accounts for the sole purpose of obtaining online banking capabilities.

Transactions Related to Offshore Business Activity Loans secured by obligations from offshore banks Loans to or from offshore companies. Offers of multimillion-dollar deposits from a confidential source and sent from an offshore bank or somehow guaranteed by an offshore bank. Transactions involving an offshore shell bank whose name may be very similar to the name of a major legitimate institution.

- 21 -

Personal Transactions Client runs large credit card balances Client visits the safety deposit box area immediately before making cash deposits. Client wishes to have credit and debit cards sent to international or domestic destinations other than his or her address. Client has numerous accounts and deposits cash into each of them, with the total credits being a large amount. Client has frequent deposits identified as proceeds of asset sales bur assets cannot be substantiated. Client acquires significant assets and liquidates them quickly with no explanation Client acquires significant assets and encumbers them with security interests that do not make economic sense.

Corporate and Business Transactions Financial statements of the business differ noticeably from those of similar businesses. Representatives of the business avoid contact with the branch as much as possible, even when it would be more convenient for them to have such contact. Client makes a large volume of seemingly unrelated deposits to several accounts and frequently transfers a major portion of the balances to a single account at the same bank or elsewhere. Client makes a single and substantial cash deposit composed of many large bills. Asset acquisition is accompanied by unusual security arrangements.

Transactions related to loans and similar products Client suddenly repays a problem loan unexpectedly. Client asks to borrow against assets held by another financial institution or a third party, when the origin of the assets is not known. Loan transactions are entered into in situations where the client has significant assets and the loan transaction does not make economic sense. Customer seems unconcerned with terms of credit or costs associated with completion of a loan transaction.

Foreign Exchange Dealings and Money Services Businesses Client exchanges currency and requests the largest possible denomination notes in a foreign currency. Client wants a cheque issued in the same currency to replace the one being cashed. Client instructs that funds are to be picked up by a third party on behalf of the payee. Client requests numerous cheques or postal money orders in small amounts and various names, which would exceed the permitted amount of exchange.
- 22 -

Recognising & Reporting of Suspicious Transactions

In accordance with the local and international norms it is an offence to fail to report suspicion of Money Laundering and Terrorist Financing. Failure to report such circumstances is punishable and on conviction involve heavy fines and/or imprisonment.

How to report a suspicion Transaction In the first event of any suspicion the staff concerned should report the same immediately to the immediate superior (The Compliance Officer of the branch/unit) to ensure that there are no known facts which would negate the suspicion. The law requires employees to report any reasonable suspicions that they may have about a customer or their transactions. The law also requires the Bank to have appropriate effective reporting procedures in place (Please refer Annexure II A specimen of Suspicious Transaction Report (STR)) It also requires that all employees follow there procedures using them correctly as they are intended to be used.

Reporting Procedure HNBs reporting procedures and their correct use are designed to ensure that, when a suspicious transaction has been identified the suspected customer is not informed the matter is dealt with quickly and professionally the FIU is notified and provided with the necessary records, as appropriate

Business Units will report their suspicions with supporting information. Branch must ensure that the supporting information being sent to CAMLCO is relevant to the suspicion so that it is passed on to the Financial Intelligence Unit through CAMLCO. Accordingly, the report should be sent by the Branch Manager/Regional Manager to the Chief AML Compliance Officer (CAMLCO) based at the Head Office in HNB Towers, who in turn will submit same to FIU, after satisfying himself as to the validity and the merit of the issue in question to be reported.

- 23 -

Role of the Chief AML Compliance Officer (CAMLCO) on receiving the report When the Chief AML Compliance Officer receives the Suspicious Transaction Report, (STR) the CAMLCO will decide whether the report gives rise to knowledge or suspicion that the relevant customer is involved in money laundering. If CAMLCO believes that the suspicions may be justified and require further investigation, he/she then in turn must report to the Financial Intelligence Unit (FIU), under advise to MD/CEO and AGM (R & C)

The Bank may make further inquiries within the parameters of its own records but it does not need to carry out more detailed criminal investigations. Once a matter is reported by the bank by way of a STR, it is the responsibility of the law enforcement agencies to do so. If the authorities feel the report is worth further investigation, they would continue to do so. The Bank may however, be served with orders requesting further information and/or instructions for the freezing of the customers funds. The employees have a duty to assist the CAMLCO, in reporting the suspicion to FIU effectively, by making sure that the information provided describe why there are reasonable grounds for suspicion and what they are contains accurate information is timely and not delayed

The importance of timing in Reporting It is very important that there is no delay in reporting. It is the duty of all employees to report suspicion as soon as they have established reasonable grounds, and collected the relevant supporting material. Further, the consequences of not reporting suspicions immediately to the CAMLCO could be serious for the employee involved and may include individual fines, imprisonment, or both as set out in the legislation. Under no circumstances should the customer know that they have been reported for suspicious activity, or that an investigation is underway or may be underway. This does not mean that the employer cannot ask the customer for an explanation, or continue to provide them with a normal customer service. But it does mean that the employee must do so without alerting them to the fact that the bank may or had already notified same to the FIU. If customers being investigated are informed, the Bank is liable for tipping them off, which is a criminal offence for the individual who alerted the customer to the existence of an actual or potential investigation.

- 24 -

Other Mandatory Reports to Financial Intelligence Unit As per paragraph (b) of Section 6 of the Financial Transaction Reporting Act No.6 of 2006, all Cash and Electronic Fund Transfers made at the request of a customer or made in favour of a customer, exceeding a sum as shall be prescribed by regulation, shall be reported to FIU by the bank on a fortnightly basis. Accordingly, there are two types of mandatory reports submitted to FIU (i) (ii) Cash Transaction Reports (CTR) Electronic Fund Transfer Reports (EFTR)

Above reportings are presently done electronically by updating the relevant information into the FIU website as a web-upload. Present reporting threshold is Rs.1.0 Mn. thus all Cash and Electronic Fund Transfers in excess of Rs. 1.0 Mn. are mandatorily reported to FIU fortnightly (i.e. on 15th and as at end of every calendar month).

Training of Staff
The HNB recognizes the need to train its staff on AML/CFT regulations and Minimum Standard Rules issued by FIU, the application of such regulations and compliance requirements to be met by the bank and its staff. In order to achieve the above objective, the bank has adopted the following procedures. All Branch Managers, Assistant Managers and Officers handling front office operation have been trained on basic AML/CFT concepts, its application and necessary compliance requirements to be met. During the year 2008 all training programes conducted by the HNB Training Centre included a session on AML related activities. All Branch Managers, Assistant Managers and Officers handling front office operations have been trained on the risk profiling of customers and the application of the Risk Matrix developed by the AML Unit. A basic AML course has been hosted in the Hatna Net under E-learning process for the benefit of all staff. Upon studying the contents of the said study material, the staff members are supposed to test the knowledge acquired by them by sitting for the MCQ question paper hosted in the same online programme. The staff of AML Unit carry out training sessions in Branches, Regional Offices and Head Office Departments on prior arrangements An intermediate level AML training material has been developed by the AML Unit and passed on to Training Division, to be hosted on Hatna-net e-learning module for the benefit of those staff members who have passed the basic AML programme. Action will be taken to include advanced level AML courses on Hatna-net, as and when the circumstances warrant same.
- 25 -

Training Methodology New employees - Through sessions conducted at Induction Programmes Existing employees - Through periodical in-house training programmes at branches as well as at Head Office Training Centre - External training for designated staff on best practices & current trends

Retention of Records It is needless to mention the importance of record keeping. By maintaining appropriate records, bank helps provide an audit trail of funds thus assist the authorities in tracing any suspect funds back to its original criminal source. It is also important that any records so maintained are easily retrievable without undue delay. Further, such records retained should be complete and accurate. Accordingly, the following records need to be maintained for six years from the date of cessation of the relevant account relationship. However, if an inquiry or an investigation has commenced on any account relationship, the retention period is not restricted to six years but will extend until such investigation or inquiry is over and the relevant files are closed. Customer identification and additional Know Your Customer details Transaction details

It is also required that All anti-money laundering monitoring reports made by CAMLCO and records of consideration on those reports and of any action taken as a consequence, including reporting made to the corporate management, internal auditors or to the FIU be maintained until such inquiries are over or for six years from the cessation of the account relationships whichever that occurs later, for future reviews. Records showing the dates of anti-money laundering training and the names and acknowledgement of the staff receiving the training be maintained for 6 years period from the date of training.

Corporation with Authorities HNB recongnises the need to have a cordial relationship with regulators and law enforcement agencies. However, due regard must be given the banks duty of secrecy to its customers. Therefore, request for copies of statements, account balances and other customer information must always be provided only upon receipt of proper orders from FIU, may be verbally or in writing subject to the verbal orders are confirmed in writing without undue delay.
- 26 -

Powers & Functions of Financial Intelligence Unit (FIU) Financial Intelligence Unit (FIU) which functions under the wings of Central Bank of Sri Lanka, has been established under the sections of the Financial Transaction Reporting Act No. 6 of 2006. The FIU has the power to issue rules and guidelines within the provisions of the legislations applicable in Sri Lanka Financial Institutions shall report to FIU the transactions any persons conduct with such institutions provided, a) Such transactions fall within the mandatory reporting requirements. b) Such transactions are suspicious within the provision of Convention on the Suppression of Terrorist Financing Act No. 25 of 2005 or Prevention of Money Laundering Act No.5 of 2006. No civil, criminal or disciplinary proceedings shall be against any institutions or its employees, in relation to any action taken by such institution/its employees in terms of FTRA No.6 of 2006, provided such acts have been carried out in good faith. FIU has the power to examine any books, records etc. of the bank, should the circumstances warrant same. FIU has the authority to imposition of penalty to enforce compliance by the bank, provided such penalty shall not exceed a sum of Rs. 1.0 Mn. in any given case. However, where a person or a body who has been subjected a penalty on a previous occasion subsequently fails to conform to a requirement on any further occasion, such person shall be liable to the payment of an additional penalty in a sum consisting of double the amount imposed as the penalty of the first occasion and for each non compliance after such first occasion

Freezing and forfeiture of Assets in relation to the offence of Money Laundering A Police Officer not below the rank of a Superintendent of Police or in the absence of such officer, an Asst. Superintendent of Police may issue freezing order on bank account, in the event where there are reasonable grounds to believe that such account holder is involved in any activity relating to Money Laundering and it is necessary to prevent further acts being committed in relations to such offence. Such freezing order issued as stated above, shall be in force for a period of 7 days of the making thereof. The police officer upon issuing the freezing order as stated above shall within 7 days during which such order shall be in force, should make an application to High Court seeking confirmation of such freezing order and also if the circumstances so necessitates request an extension of the original period of 7 days.
- 27 -

If the High Court is satisfied that there are sufficient reason for making of such freezing order the court may extend the freezing order for a period not exceeding one year from the date of making of the freezing order by the police officer. Provided that where indictment is filed for the offence of Money Laundering in connection with the account on which the freezing order was issued such freezing order shall remain in force until the conclusion of the trial unless vacated by court. Where a person is convicted of the offence of Money Laundering by the court the frozen balances of the relevant accounts can be forfeited to the state free from all encumbrances.

- 28 -

Annexure I Annexure I will include specimens of AML forms I(a), I(b), I(c), I (d) & AML 2 which please find in the attachment.

Annexure II Annexure II will include specimen of Suspicious Transaction Report (STR) which please find in the attachment.