Exhibit 99.4
NEW YORK STATE BANKING DEPARTMENT
NEW YORK, NEW YORK
| ) |
| ) |
AMERICAN EXPRESS BANK LTD. | ) |
New York, New York | ) |
| ) | WRITTEN AGREEMENT |
and | ) |
| ) |
NEW YORK STATE BANKING DEPARTMENT | ) |
New York, New York | ) |
| ) |
WHEREAS, the New York State Banking Department (“Department”) recently conducted an examination of American Express Bank, Ltd. (“Bank”) and determined that there are deficiencies in the Bank’s compliance with applicable federal and state laws, rules, and regulations relating to anti-money laundering (“AML”) policies, procedures, and practices, including the Bank Secrecy Act (“BSA”) (31 U.S.C.§ 5311 et seq.); the rules and regulations promulgated thereunder by the U.S. Department of the Treasury (31 C.F.R. Part 103); and those of the New York State Banking Department (the “Department”) (3 N.Y.C.R.R. Part 300) (collectively, “BSA/AML Requirements”);
WHEREAS, the Bank provides significant international wire transfer services and correspondent banking services, and the Department has determined that there are compliance and risk management deficiencies at the Bank in these operational areas;
WHEREAS, it is the common goal of the Department and the Bank to ensure that the Bank fully addresses all deficiencies in the Bank’s policies, procedures and procedures, internal control environment, compliance staffing, training, customer due diligence practices and suspicious activity reporting with respect to BSA/AML Requirements; and
WHEREAS, the Bank has begun to take steps to address the deficiencies described above;
WHEREAS, on August , 2007, the board of directors of the Bank, at a duly constituted meeting, adopted a resolution authorizing and directing WRichard Holmes, Chairman and Chief Executive Officer, to enter into this Written Agreement (“Agreement”) on behalf of the Bank, and consenting to compliance by the Bank with each provision of this Agreement.
NOW, THEREFORE, the Department and the Bank hereby agree as follows:
Primary Contact
1. Within 10 days of this Agreement, the Bank shall designate an officer to be responsible for coordinating and submitting to the Department the written programs, plans, procedures, and engagement letter required under the terms and conditions of this Agreement.
Anti-Money Laundering Compliance
2. Within 60 days of this Agreement, the Bank shall submit to the Department an acceptable written compliance program for the Bank that is designed to improve the Bank’s internal controls to ensure compliance with BSA/AML Requirements. The program shall include provisions for updates on an ongoing basis as necessary to incorporate amendments to the BSA/AML Requirements. At a minimum, the program shall include:
(a) improvements to the Bank’s system of internal controls for foreign correspondent banking in order to ensure compliance with all recordkeeping and reporting requirements;
2
(b) controls designed to ensure compliance with all requirements relating to correspondent accounts for non-U.S. persons;
(c) an assessment of legal and reputational risks associated with the Bank’s correspondent banking and funds transfer clearing activities; and
(d) adequate resources for the BSA/AML compliance officer, including sufficient staff levels, to implement and maintain an effective program for compliance with BSA/AML Requirements, and the Bank’s internal policies and procedures.
Suspicious Activity Reporting and Customer Due Diligence
3. Within 60 days of this Agreement, the Bank shall submit to the Department an acceptable written customer due diligence program designed to reasonably ensure the identification and timely, accurate, and complete reporting of all known or suspected violations of law and suspicious transactions against or involving the Bank to law enforcement and supervisory authorities as required by BSA/AML Requirements. At a minimum, the program shall include:
(a) a methodology for assigning risk levels to the Bank’s customer base, including correspondent account holders, that considers factors such as type of customer, type of product or service, and geographic location;
(b) a risk-focused assessment of the Bank’s customer base that:
(i) identifies the categories of customers whose transactions and banking activities are routine and usual; and
(ii) determines the appropriate level of enhanced due diligence necessary for those categories of customers that pose a heightened
3
risk of conducting potentially illicit activities at or through the Bank;
(c) for each customer who requires enhanced due diligence, procedures to:
(i) determine the appropriate documentation necessary to verify the identity and business activities of the customer;
(ii) understand the normal and expected transactions of the customer based on appropriate criteria;
(iii) provide for a periodic review of the parameters of expected account activity; and.
(iv) review all international customer account files for the adequacy and timeliness of account documentation, and, where necessary, correct any deficiencies;
(d) procedures to ensure that the results of the risk assessment are communicated to senior management so that it is aware of the risk profile of the customer base;
(e) for correspondent accounts established, maintained, administered, or managed in the United States for a non-U.S. financial institution, procedures that are designed to ensure compliance with applicable due diligence and other requirements (including the provisions of 31 C.F.R. §§ 103.176 and 103.177), and that, at a minimum, provide for:
(i) obtaining and maintaining appropriate information about the respondent, its business operations, markets served, customer base, and its AML policies and procedures, particularly with respect to its customer relationships, that may present a heightened risk of money laundering or other concerns; and
4
(ii) ensuring that correspondent banking services provided by the Bank are reviewed and approved by senior management, and are subject to appropriate ongoing review;
(f) the establishment of policies and procedures and appropriate monitoring criteria to ensure the proper detection and timely and complete reporting of all known or suspected violations of law and suspicious or unusual transactions, including, but not limited to:
(i) effective monitoring of customer accounts and transactions, including transactions conducted through correspondent accounts;
(ii) participation by appropriate levels of management in the process of identifying, reviewing, documenting and reporting potentially suspicious activity;
(iii) adequate escalation of information about potentially suspicious activity through appropriate levels of management;
(iv) adequate procedures to ensure the accurate, timely and complete preparation and filing of Suspicious Activity Reports (“SARs”);
(v) a requirement that the investigation and resolution of all system-generated alerts are appropriately resolved, documented, and , where necessary, appropriately escalated;
(vi) procedures to ensure that suspicious transaction referrals are tracked and reconciled to ensure that they result in the filing of a timely SAR or a documented decision not to file; and
(vii) policies and procedures describing actions to be taken in the event of (1) the filing of multiple SARs for the same customer, and (2)
5
the failure of a correspondent banking customer to provide requested due diligence information, including the procedures to be followed in determining whether and when an account should be closed.
Independent Testing
4. Within 60 days of this Agreement, the Bank shall submit to the Department an acceptable written plan for independent testing of the Bank’s compliance with BSA/AML Requirements, to be performed on a regular basis by qualified persons who are independent of the Bank’s business lines and compliance functions. This function may be performed by Internal Audit. At a minimum, the plan shall include:
(a) procedures to evaluate the Bank’s compliance with BSA/AML Requirements, including the performance of customer due diligence and the monitoring of customer activity to ensure compliance with applicable suspicious activity reporting requirements;
(b) procedures for the review of independent testing results by senior management and escalation to the Bank’s board of directors in appropriate circumstances;
(c) procedures to ensure that senior management institutes and completes appropriate actions in response to the independent testing results;
(d) procedures to ensure that independent testing results are communicated to the Department on a regular basis and retained for subsequent supervisory review; and
6
(e) procedures to review the adequacy and effectiveness of the Bank’s training programs to ensure that appropriate personnel possess the requisite knowledge to comply with BSA/AML Requirements and relevant internal policies and procedures.
Transaction Monitoring System
5. (a) Within 45 days of this Agreement, the Bank shall submit to the Department an acceptable written plan, including a timetable, for a review, enhancement and verification of the adequacy of the transaction monitoring system by a qualified, independent consultant (“Consultant”) acceptable to the Department. The plan shall also include a methodology and target date for the Consultant’s determination that the transaction monitoring system is effective.
(b) Within 60 days of this Agreement, the Bank shall submit to the Department acceptable written customer account and transaction monitoring policies and procedures that are designed to effectively manage legal and reputational risks and ensure compliance with legal and regulatory requirements. The acceptable policies and procedures shall take effect upon the determination by the Consultant that the improved transaction monitoring system is fully effective. Documentation to support the determination that the improved transaction monitoring system is fully effective shall be retained for subsequent supervisory review.
Interim Transaction Monitoring Procedures
6. Within 30 days of this Agreement, the Bank shall submit to the Department acceptable written interim transaction monitoring procedures for the Bank that shall remain in
7
effect until the Consultant confirms, through the performance of appropriate tests, that the enhanced transaction monitoring system is fully effective. These interim procedures shall be designed to monitor the transactions of the Bank so that it can comply with applicable suspicious activity reporting requirements.
Transaction Review
7. Within 30 days of this Agreement, the Bank shall engage a qualified independent firm (the “Independent Firm”) (which may be the same consultant described in paragraph 4(a)), acceptable to the Department, to conduct a review of account and transaction activity during the time period July 1, 2006 through December 31, 2006 to determine whether suspicious activity involving accounts or transactions at, by, or through the Bank was properly identified and reported in accordance with applicable suspicious activity reporting laws and regulations (the “Transaction Review”), and to prepare a written report detailing the Independent Firm’s findings (the “Independent Firm’s Report”). The Department may, based on its evaluation of the results of the Transaction Review, direct the Bank to engage the Independent Firm to expand the scope of the Transaction Review to include an additional period or periods of time, and to prepare a second report of findings. The scope and methodology for such expanded review shall be determined in the same manner as described in paragraph 8 of this Agreement.
8. Within 10 days of the engagement of the Independent Firm, but prior to the commencement of the Transaction Review, the Bank shall submit to the Department an acceptable engagement letter that sets forth:
(a) the scope of the Transaction Review, including the types of accounts and transactions to be reviewed;
8
(b) the methodology for conducting the Transaction Review, including any sampling procedures to be followed;
(c) the expertise and resources to be dedicated to the Transaction Review;
(d) the anticipated date of completion of the Transaction Review and the Independent Firm’s Report; and
(e) a commitment on the part of the Independent Firm that any required reports shall be provided simultaneously to the Bank and the Department, and further, that interim reports, draft reports, or work papers associated with the Transaction Review will be preserved and made available to the Department upon request.
9. Throughout the Transaction Review, the Bank shall ensure that all matters or transactions required to be reported that have not been previously reported are reported in accordance with applicable rules and regulations.
Training
10. Within sixty (60) days of the effective date of this Written Agreement, the Bank shall submit a written plan, acceptable to the Department that is designed to improve current training at the Bank with respect to BSA/AML Requirements. Such plan shall further provide for the testing of the effectiveness of such training. Individual employee training shall be tracked in order to ensure that employees are qualified to perform their assigned duties. The training shall extend to all aspects of regulatory and internal policies and procedures related to BSA/AML Requirements, and shall include measures designed to ensure that the training is sufficiently tailored to the particular duties of the employees, and the activities conducted by the Bank. The
9
plan shall provide for periodic training updates to provide reasonable assurance that all appropriate personnel are trained in the most current BSA/AML Requirements.
Approval, Implementation, and Progress Reports
11. (a) The Bank shall submit written programs, plans, policies, procedures, and an engagement letter that are acceptable to the Department within the applicable time periods set forth in paragraphs 2 through 8 and 10 of this Agreement.
(b) Within 10 days of acceptance by the Department, the Bank shall adopt the approved programs, plans, policies, procedures, and engagement letter. Upon adoption, the Bank shall implement the approved programs, plans, policies, and procedures and thereafter fully comply with them.
(c) During the term of this Agreement, the accepted programs, plans, policies, procedures, and engagement letter shall not be amended or rescinded without the prior written approval of the Department.
12. On the first business day of each month following the date of this Agreement, the Bank shall submit to the Department written progress reports detailing the form and manner of all actions taken to secure compliance with the provisions of this Agreement and the results thereof. Management responses to any audit reports covering BSA/AML Requirements prepared by internal and external auditors shall be included with the progress reports. The Department may, in writing, discontinue the requirement for progress reports or modify the reporting schedule.
10
Notices
13. All communications regarding this Agreement shall be sent to:
(a) Mr. David S. Fredsall
Deputy Superintendent
New York State Banking Department
One State Street
New York, New York 10004
(b) James D. Stubbs
Chief Compliance Officer
American Express Bank Ltd.
Three World Financial Center
200 Vesey Street
New York, NY 10285
Miscellaneous
14. The provisions of this Agreement shall be binding on the Bank and its successors and assigns.
15. Each provision of this Agreement shall remain effective and enforceable until stayed, modified, terminated or suspended in writing by the Department. If, while this Agreement is in effect, the Bank or its parent companies are parties to a definitive contract to sell the Bank, or otherwise transfer substantially all of the Bank’s assets and liabilities to an unaffiliated third party, the Bank shall promptly notify the Department, which shall have discretion to stay, modify, terminate or suspend any or all of the provisions of this Agreement.
16. Notwithstanding any provision of this Agreement, the Department may, in its sole discretion, grant written extensions of time to the Bank to comply with any provision of this Agreement.
11
17. The provisions of this Agreement shall not bar, estop, or otherwise prevent the Department or any other federal or state agency from taking any further or other action affecting the Bank or any of its successors or assigns.
18. This Agreement is enforceable by the Department pursuant to Section 39 of the New York Banking Law.
IN WITNESS WHEREOF, the parties hereto have caused this Agreement to be executed as of this 6th day of August, 2007.
AMERICAN EXPRESS BANK LTD. | | NEW YORK STATE BANKING
DEPARTMENT |
|
|
By: | /s/ Mr. WRichard Holmes | | | By: | /s/ Mr. David S. Fredsall | |
| Mr. WRichard Holmes
Chairman and Chief Executive
Officer | | Mr. David S. Fredsall
Deputy Superintendent of Banks |
| | | | | | | | |
12
