Anti-Money Laundering (AML) and Bank Secrecy Act (BSA) Policy
Contents
- 1. Introduction and Purpose
- 2. Scope and Applicability
- 3. Definitions
- 4. Roles and Responsibilities
- 5. AML Risk Assessment
- 6. Know Your Customer (KYC) and Client Onboarding
- 7. Internal Controls and Monitoring
- 8. Suspicious Activity Reporting (SAR)
- 9. Training and Awareness
- 10. Recordkeeping
- 11. Independent Review and Audit
- 12. Compliance with Laws and Cooperation with Authorities
- 13. Policy Enforcement
- 14. Policy Approval and Maintenance
1. Introduction and Purpose
amotivv, inc. ("the Company") is dedicated to complying with all relevant laws and regulations related to Anti-Money Laundering (AML) and the Bank Secrecy Act (BSA), despite our position as a technology solution provider rather than a direct financial services provider. This policy sets forth the Company's commitment to preventing the use of its software or solutions for unlawful purposes, including money laundering and terrorist financing.
2. Scope and Applicability
This policy applies to all Company employees, contractors, officers, directors, and any individuals or entities working on the Company's behalf. It sets forth the minimum standards that must be followed to ensure we meet our AML and BSA obligations:
- Identifying and assessing AML/BSA-related risks within our operations.
- Monitoring for suspicious activity to the extent applicable to our software solutions.
- Reporting any suspicious activity to the appropriate authorities (where legally required).
- Maintaining comprehensive records of activities and training sessions.
- Cooperating with regulatory authorities and law enforcement, as required.
3. Definitions
- Money Laundering: The process by which individuals or entities attempt to conceal the origins of illicit funds by introducing them into the legitimate financial system.
- Terrorist Financing: The act of providing funds for terrorist activities, whether derived from legitimate or illegitimate sources.
- Suspicious Activity: Any transaction or pattern of transactions that is inconsistent with a known, legitimate activity or that raises doubt as to its lawful purpose.
4. Roles and Responsibilities
- Board of Directors / Executive Management: Oversee the AML/BSA compliance program, ensure adequate resources, and set the "tone from the top."
- AML/BSA Compliance Officer:
- Responsible for the design and implementation of the AML program.
- Monitors compliance and ensures internal controls are in place.
- Acts as a liaison to law enforcement and regulatory agencies, as needed.
- Employees and Contractors: Must complete assigned training, be aware of red flags, and report suspicious behavior or activities to the AML/BSA Compliance Officer immediately.
5. AML Risk Assessment
Although amotivv, inc. is not a direct financial institution, we still conduct a risk assessment process to identify potential AML risks in our software products and relationships with clients. The risk assessment should consider:
- Nature of Business: Our solutions may interact with fintech-adjacent companies or be integrated into financial applications, which can indirectly expose our services to money laundering risks.
- Client Profile: Assessment of our clients' business models to ensure they have robust AML/BSA protocols in place.
- Geographic Risk: Potential exposure if our software is used by entities in high-risk jurisdictions.
- Product/Service Risk: Identifying features of our software that could be misused to obscure transactions or otherwise facilitate suspicious activity.
6. Know Your Customer (KYC) and Client Onboarding
While amotivv, inc. may not be legally required to maintain a full KYC program like a financial institution, we commit to the following steps when onboarding new clients (especially if they provide regulated financial services):
- Basic Due Diligence:
- Verify the prospective client's legal status and nature of business.
- Check for negative news, regulatory actions, or sanctions against the entity.
- Enhanced Due Diligence (EDD):
- For higher-risk clients, further investigate ownership structure, source of funds for their business, and overall reputation.
- Ongoing Monitoring:
- Continuously monitor relevant news sources and regulatory updates concerning our clients.
7. Internal Controls and Monitoring
- Process Controls: Ensure that development, updates, and deployment of our software solutions incorporate controls to prevent misuse, such as audit trails, transaction logging, or identity verification integrations if applicable.
- Transaction Monitoring (Indirect):
- While we may not directly process transactions, we advise and, if applicable, configure solutions to help clients monitor and flag suspicious patterns.
- Coordinate with clients to ensure transaction alerts are properly escalated and managed.
8. Suspicious Activity Reporting (SAR)
Though the Company itself may not file SARs (Suspicious Activity Reports) as a non-financial provider, we commit to supporting our clients in meeting their own SAR obligations. We will:
- Report Suspicious Activities Internally: Employees who detect suspicious activities or patterns during software development or client interactions must immediately report to the AML/BSA Compliance Officer.
- Coordinate with Clients: If suspicious activity arises from a client's use of our software, promptly notify the client's compliance team so they can take appropriate actions, including filing SARs if required by law.
9. Training and Awareness
- AML/BSA Training: Provide initial and ongoing training to relevant employees and contractors to ensure they understand:
- Basic AML principles and red flags.
- The importance of following internal controls.
- Their obligation to report suspicious activity.
- Refresher Training: Conduct training at least annually and when significant changes occur in regulations or internal policies.
10. Recordkeeping
We maintain records related to our AML/BSA compliance efforts, including:
- Client Due Diligence Files: Basic information on each client and any due diligence results.
- Training Records: Attendance logs, training materials, and certifications.
- Monitoring Activities: Any logs or data reviews conducted to detect suspicious activity within our software environment.
- Documentation of Investigations: Records of internal or external investigations, including any suspicious activity escalations to clients.
11. Independent Review and Audit
The Company will engage an independent party (internal or external) to periodically review the effectiveness of our AML/BSA controls. This review will assess:
- The completeness of risk assessments.
- The adherence to documented policies and procedures.
- The adequacy of training programs.
- The recordkeeping processes.
12. Compliance with Laws and Cooperation with Authorities
We comply fully with all relevant laws, regulations, and law enforcement efforts. We will provide timely and accurate information to appropriate regulatory and law enforcement agencies upon legally valid requests and in compliance with applicable data protection laws.
13. Policy Enforcement
Failure to comply with the policies and procedures set forth herein may result in disciplinary action, including possible termination of employment or engagement, and/or referral to appropriate law enforcement authorities.
14. Policy Approval and Maintenance
This policy is approved by the Company's Board of Directors / Executive Management. It will be reviewed and updated at least annually, or when regulatory or business changes warrant an update.
- Approved By: Jason Smith, CEO
- Board Approval Date: February 7th, 2025
- Policy Owner: Jason Smith, CEO