# 🛡️ AML/BSA COMPLIANCE PLAYBOOK
**BlackRoad OS, Inc. - Anti-Money Laundering Program**

---

## TABLE OF CONTENTS

1. [AML Program Overview](#aml-program-overview)
2. [Customer Identification Program (CIP)](#customer-identification-program)
3. [Customer Due Diligence (CDD)](#customer-due-diligence)
4. [Beneficial Ownership](#beneficial-ownership)
5. [OFAC Screening](#ofac-screening)
6. [Transaction Monitoring](#transaction-monitoring)
7. [Suspicious Activity Reporting (SAR)](#suspicious-activity-reporting)
8. [Currency Transaction Reporting (CTR)](#currency-transaction-reporting)
9. [Red Flags & Scenarios](#red-flags-scenarios)
10. [Training & Testing](#training-testing)

---

## AML PROGRAM OVERVIEW

### Four Pillars of AML Compliance

```
┌─────────────────────────────────────────────────────────┐
│           AML PROGRAM COMPONENTS                        │
├─────────────────────────────────────────────────────────┤
│                                                          │
│  1. POLICIES, PROCEDURES & INTERNAL CONTROLS            │
│     └─ Written AML Program                              │
│     └─ Risk-based approach                              │
│     └─ Board approved                                   │
│                                                          │
│  2. DESIGNATED AML COMPLIANCE OFFICER                   │
│     └─ Day-to-day responsibility                        │
│     └─ Adequate authority                               │
│     └─ Access to resources                              │
│                                                          │
│  3. ONGOING EMPLOYEE TRAINING                           │
│     └─ Annual training minimum                          │
│     └─ Role-based training                              │
│     └─ Red flags & scenarios                            │
│                                                          │
│  4. INDEPENDENT TESTING                                 │
│     └─ Annual minimum                                   │
│     └─ Qualified external party                         │
│     └─ Comprehensive scope                              │
│                                                          │
└─────────────────────────────────────────────────────────┘
```

### AML Officer Responsibilities

**Daily:**
- Review OFAC screening alerts
- Monitor high-risk account activity
- Review exception reports

**Weekly:**
- Review transaction monitoring alerts
- Follow up on pending investigations
- Update AML investigation log

**Monthly:**
- AML metrics report to senior management
- Training needs assessment
- AML program effectiveness review

**Quarterly:**
- Enhanced due diligence reviews (high-risk)
- AML program updates for regulatory changes
- Report to Board Risk Committee

**Annually:**
- Independent AML testing coordination
- Annual AML training program
- AML risk assessment update
- AML program certification to Board

---

## CUSTOMER IDENTIFICATION PROGRAM (CIP)

### CIP Requirements (USA PATRIOT Act Section 326)

**Required Information - INDIVIDUALS:**
```
┌──────────────────────────────────────────┐
│ BEFORE ACCOUNT OPENING - MUST OBTAIN:   │
├──────────────────────────────────────────┤
│ 1. Name                                  │
│ 2. Date of Birth                         │
│ 3. Address (residential or business)     │
│ 4. Identification Number:                │
│    • U.S. Person: SSN or ITIN            │
│    • Non-U.S. Person: Passport + Country │
└──────────────────────────────────────────┘
```

**Required Information - ENTITIES:**
```
┌──────────────────────────────────────────┐
│ BEFORE ACCOUNT OPENING - MUST OBTAIN:   │
├──────────────────────────────────────────┤
│ 1. Legal Name                            │
│ 2. Principal Place of Business           │
│ 3. Mailing Address (if different)        │
│ 4. Identification Number:                │
│    • U.S. Entity: EIN                    │
│    • Non-U.S. Entity: Similar number    │
│                       or other identifier│
└──────────────────────────────────────────┘
```

### Identity Verification Procedures

**ACCEPTABLE DOCUMENTS (Individuals):**

**Tier 1 - Government-Issued Photo ID:**
- ✅ Driver's license (U.S. state or territory)
- ✅ U.S. passport
- ✅ State-issued ID card
- ✅ Military ID
- ✅ Foreign passport (with visa for non-U.S. citizens)

**Tier 2 - Supporting Documents (if Tier 1 unavailable):**
- Bank statement (showing name & address)
- Utility bill (within 2 months)
- Voter registration card
- Birth certificate (plus supporting docs)

**Verification Steps:**
1. Obtain photocopy of ID (front and back)
2. Verify ID appears authentic (not obviously fake)
3. Verify customer information matches ID
4. Check ID expiration date (must be current)
5. Document verification method used
6. Retain copy in customer file

**ACCEPTABLE DOCUMENTS (Entities):**
- Articles of Incorporation
- Business license
- Partnership agreement
- Trust instrument
- Government registration

**Additional Verification:**
- Secretary of State business search
- Dun & Bradstreet report
- Public records search
- Third-party database verification

### CIP Failure Procedures

**If Unable to Verify Identity:**

**TIMELINE:**
```
Day 0   - Account opened, CIP attempted
Day 30  - If not verified, restrict account
Day 60  - If still not verified, enhanced review
Day 90  - If still not verified, close account & file SAR
```

**Restrictions at Day 30:**
- No withdrawals or transfers
- No new securities purchases
- Only sales of existing positions allowed
- Customer notified of restriction

**Day 90 Actions:**
- Close account
- Liquidate positions
- Send proceeds via check to address on file
- File SAR (reason: unable to verify identity)
- Maintain records for 5 years

---

## CUSTOMER DUE DILIGENCE (CDD)

### Risk-Based Customer Categorization

**LOW RISK:**
- U.S. citizens/residents
- Employed with verifiable income
- Standard investment objectives
- Modest account size (<$250,000)
- No PEP status
- No high-risk geography
- Transparent source of funds

**MEDIUM RISK:**
- High net worth ($1M+)
- Self-employed
- Complex investment strategies
- Multiple accounts
- Frequent transfers
- Cash intensive business
- Previous AML concerns (resolved)

**HIGH RISK:**
- Politically Exposed Persons (PEP)
- Non-resident aliens
- High-risk countries (FATF list)
- Cash intensive businesses
- MSBs (Money Service Businesses)
- ATMs, check cashing, casinos
- Foreign shell companies
- Anonymous structures (bearer shares)
- Offshore jurisdictions
- Unregistered charities
- Prior regulatory actions

### Enhanced Due Diligence (EDD)

**Required for HIGH RISK customers**

**Enhanced Information to Obtain:**
```markdown
## EDD Questionnaire

### Source of Wealth
- How did customer accumulate wealth?
- Employment history
- Business interests
- Inheritance/gifts
- Investment gains

### Source of Funds
- Where are account funds coming from?
- Employment income
- Business income
- Sale of assets
- Inheritance
- Other (describe)

### Purpose of Account
- Investment objectives
- Expected activity level
- Expected deposit amounts
- Expected withdrawal amounts
- Geographic scope of activity

### Third-Party Relationships
- Any third-party money managers?
- Any authorized traders?
- Any beneficial owners besides customer?
- Any related accounts?

### Expected Activity
- Anticipated annual deposits: $___________
- Anticipated annual withdrawals: $________
- Types of securities to be traded
- Expected trade frequency
- Geographic focus of investments
```

**EDD Review Frequency:**
- HIGH RISK: Quarterly review
- MEDIUM RISK: Annual review
- LOW RISK: Every 3 years or upon trigger event

**Trigger Events Requiring Updated EDD:**
- Significant increase in account activity
- Change in account ownership
- Change in business structure
- Move to/from high-risk jurisdiction
- Media reports about customer
- Law enforcement inquiry
- Unusual transaction patterns

---

## BENEFICIAL OWNERSHIP

### CDD Rule Requirements (FinCEN 2018)

**Applies to:** Legal entity customers (corporations, LLCs, partnerships, etc.)

**Exemptions:**
- Financial institutions
- Government entities
- Publicly traded companies (listed on exchange)
- Banks, credit unions, broker-dealers
- Registered investment companies
- Public accounting firms
- Entities with >20 full-time U.S. employees

**Required Information:**

**1. BENEFICIAL OWNERS (25% or more ownership):**
```
For EACH person owning ≥25% equity:
├─ Name
├─ Date of Birth
├─ Address
└─ Identification Number (SSN or passport)
```

**2. CONTROL PERSON (Single individual):**
```
One person with significant control:
├─ Name
├─ Date of Birth
├─ Address
└─ Identification Number (SSN or passport)

Examples of control:
• CEO
• President
• Managing Partner
• Trustee
• Person with authority to control/dispose of 25%+ assets
```

**Beneficial Ownership Certification Form:**
```markdown
# BENEFICIAL OWNERSHIP CERTIFICATION
## Legal Entity Customer Name: _______________________
## EIN: ________________________________________

I hereby certify that the following individuals are beneficial owners:

### BENEFICIAL OWNERS (25% or greater ownership):
1. Name: ________________  DOB: _______  Address: ________  SSN/Passport: ______
2. Name: ________________  DOB: _______  Address: ________  SSN/Passport: ______
3. Name: ________________  DOB: _______  Address: ________  SSN/Passport: ______
4. Name: ________________  DOB: _______  Address: ________  SSN/Passport: ______

### CONTROL PERSON (check one):
☐ Same as beneficial owner #___ above
☐ Different person:
   Name: ________________  DOB: _______  Address: ________  SSN/Passport: ______
   Title/Role: ___________

I certify that the above information is complete and accurate. I agree to update this information within 30 days of any change.

Signature: ____________________  Date: __________
Print Name: ___________________  Title: _________
```

**Verification:**
- Verify beneficial owner identity same as individual CIP
- Obtain photo ID for each beneficial owner
- Document verification in account file

---

## OFAC SCREENING

### Sanctions Lists

**Primary Lists:**
- **SDN List** (Specially Designated Nationals) - ~11,000 entries
- **Consolidated Sanctions List** - All OFAC lists combined
- **Foreign Sanctions Evaders** - Violations of sanctions
- **Non-SDN Lists** - Sector sanctions, entities of concern

**Update Frequency:** OFAC updates lists frequently (sometimes daily)

### Screening Requirements

**WHEN TO SCREEN:**
```
MANDATORY SCREENING POINTS:
├─ New account opening
├─ Existing customer name change
├─ Every wire transfer (incoming and outgoing)
├─ Every securities transfer
├─ Every ACH transaction
├─ Daily screening of all existing customers
└─ Real-time screening of counterparties
```

**WHO TO SCREEN:**
- Customer name
- Customer address
- Customer date of birth
- Beneficial owners
- Authorized signers
- Wire transfer originators
- Wire transfer beneficiaries
- Securities transfer parties
- Business associates

### OFAC Screening Process

**Automated Screening:**
```python
# Daily OFAC Screening Algorithm
def daily_ofac_screening():
    """
    Screens all customers daily against OFAC lists
    """
    # 1. Download latest SDN list from OFAC
    sdn_list = download_ofac_sdn_list()

    # 2. Get all active customers
    customers = get_all_active_customers()

    # 3. Screen each customer
    for customer in customers:
        matches = fuzzy_match(
            customer.name,
            customer.address,
            customer.dob,
            sdn_list,
            threshold=85  # 85% match threshold
        )

        if matches:
            # Alert for manual review
            create_ofac_alert(
                customer_id=customer.id,
                potential_matches=matches,
                priority="HIGH"
            )
```

**Manual Review Process:**

**For Each OFAC Alert:**

**Step 1: Initial Review (Within 1 Hour)**
- Review customer information
- Review potential match information
- Assess similarity of:
  - Name
  - Date of birth
  - Address
  - Aliases
  - Identification numbers

**Step 2: Decision Matrix**
```
HIGH CONFIDENCE MATCH:
├─ Name: Exact or very close match
├─ DOB: Exact match
├─ Address: Same country/city
└─ Action: BLOCK immediately, call OFAC hotline

POSSIBLE MATCH:
├─ Name: Similar but not exact
├─ DOB: Different or unknown
├─ Address: Different country
└─ Action: Enhanced review, request additional info

FALSE POSITIVE:
├─ Name: Common name, clearly different person
├─ DOB: Significantly different
├─ Address: Different country, no connection
└─ Action: Clear alert, document reasoning
```

**Step 3: Blocking Procedures (if match confirmed)**

**IMMEDIATE ACTIONS:**
1. Freeze account (no transactions allowed)
2. Do NOT notify customer (tipping off prohibited)
3. Call OFAC hotline: 1-800-540-6322
4. File online report: https://ofac.treasury.gov/contact-ofac
5. Await OFAC guidance

**OFAC Report Contents:**
- Your contact information
- Customer information
- Account numbers
- Transaction details (if applicable)
- SDN name matched
- Supporting documentation

**Follow OFAC Instructions:**
- OFAC may authorize release (false positive)
- OFAC may require asset blocking
- OFAC may require transaction rejection
- All communications with OFAC documented

**Step 4: Documentation**
```markdown
# OFAC SCREENING LOG
**Date:** [Date]
**Reviewer:** [Name]
**Alert ID:** [Number]

**Customer Information:**
- Name: [Full name]
- DOB: [Date]
- Address: [Full address]
- Account: [Number]

**Potential Match:**
- SDN Name: [Name from list]
- SDN DOB: [If available]
- SDN Address: [If available]
- SDN Program: [Sanctions program]

**Analysis:**
- Name similarity: [Exact/Close/Different]
- DOB comparison: [Match/Different/Unknown]
- Address comparison: [Same country/Different/Unknown]
- Other factors: [Aliases, ID numbers, etc.]

**Decision:** ☐ Match ☐ Possible Match ☐ False Positive

**Action Taken:**
[Description of action]

**Reviewer Signature:** _______________  **Date:** _______
**Secondary Review:** _______________  **Date:** _______
```

---

## TRANSACTION MONITORING

### Automated Monitoring Rules

**Rule 1: Structuring Detection**
```
TRIGGER: Multiple deposits <$10,000 totaling >=$10,000 within 24 hours

Examples:
• Customer deposits $9,500 and $9,500 same day = ALERT
• Customer deposits $8,000 three times in one day = ALERT

Purpose: Detect CTR avoidance
Review: Within 24 hours
```

**Rule 2: Rapid Movement of Funds**
```
TRIGGER: Deposit followed by withdrawal within 48 hours

Examples:
• Deposit $50,000, withdraw $45,000 next day = ALERT
• Wire in $100,000, wire out $95,000 same week = ALERT

Purpose: Detect potential layering
Review: Within 3 business days
```

**Rule 3: Round Dollar Wires**
```
TRIGGER: Wire transfers in exact round amounts (e.g., $10,000, $25,000, $50,000)

Especially suspicious if:
• High-risk country involved
• Customer has no history of such transactions
• No clear business purpose

Purpose: Detect potential money laundering
Review: Within 24 hours
```

**Rule 4: Unusual Trading Patterns**
```
TRIGGER: Trading activity inconsistent with customer profile

Examples:
• Dormant account suddenly active
• Conservative investor suddenly trading options
• Elderly customer day trading
• Account activity far exceeds stated income/net worth

Purpose: Detect potential account takeover or fraud
Review: Within 2 business days
```

**Rule 5: High-Risk Geography**
```
TRIGGER: Transactions involving high-risk jurisdictions

FATF High-Risk Countries (as of 2025):
• Myanmar
• North Korea
• [Others per current FATF list]

FATF Increased Monitoring:
• [Per current FATF list]

Purpose: Enhanced scrutiny for high-risk jurisdictions
Review: Within 1 business day
```

**Rule 6: Third-Party Transactions**
```
TRIGGER: Deposits/withdrawals from/to parties other than account holder

Examples:
• Check deposits from third parties
• Wires from unknown parties
• Withdrawals to third parties

Exceptions (not alerts):
• Employer payroll deposits
• Authorized third-party managers (documented)

Purpose: Detect potential fraud or money laundering
Review: Within 2 business days
```

### Alert Review Process

**Daily Alert Queue:**
```
8:00 AM  - Pull overnight alerts
8:30 AM  - Triage alerts by priority
         HIGH: OFAC, structuring, high-risk geography
         MEDIUM: Third-party, rapid movement
         LOW: Round dollars, unusual patterns
9:00 AM  - Begin HIGH priority reviews
12:00 PM - HIGH priority reviews complete
1:00 PM  - Begin MEDIUM priority reviews
5:00 PM  - All HIGH and MEDIUM reviewed
         (LOW reviewed within 5 business days)
```

**Alert Review Checklist:**
```markdown
☐ Review customer account opening documentation
☐ Review customer historical activity
☐ Check customer risk rating
☐ Review triggered transaction(s)
☐ Check for business purpose
☐ Review any customer communications
☐ Check for related alerts (same customer)
☐ Research customer background (Google, LinkedIn, etc.)
☐ Determine if activity is:
  ☐ Expected/legitimate
  ☐ Unexpected but explainable
  ☐ Suspicious requiring SAR
☐ Document decision with reasoning
☐ Escalate to AML Officer if suspicious
```

---

## SUSPICIOUS ACTIVITY REPORTING (SAR)

### When to File a SAR

**MANDATORY SAR FILING:**

**Threshold: $5,000+ (aggregate over 90 days)**

**Categories:**
1. **Insider Abuse** - Employee conducting unauthorized transactions
2. **Violations of Law** - Customer using account for illegal activity
3. **Fraud** - Any type of fraud
4. **Money Laundering** - Transactions designed to hide proceeds
5. **Structuring** - Avoiding CTR reporting
6. **Terrorist Financing** - Funds for terrorist activities
7. **Identity Theft** - Use of stolen identity
8. **Computer Intrusion** - Hacking, unauthorized access
9. **Other** - Any suspicious activity not otherwise categorized

**SAR Decision Matrix:**
```
Question 1: Is the activity suspicious?
└─ YES → Continue
└─ NO → Document why not, close alert

Question 2: Does it involve $5,000+ (aggregate)?
└─ YES → File SAR
└─ NO → Consider filing anyway if:
          • Terrorism related
          • Involves structuring
          • Part of larger pattern
```

### SAR Red Flags - Common Scenarios

**SCENARIO 1: Structuring**
```
RED FLAGS:
• Multiple deposits just under $10,000
• Customer makes deposits at multiple branches
• Customer asks about reporting thresholds
• Pattern of deposits designed to avoid CTR

EXAMPLE:
Customer deposits $9,800 on Monday, $9,900 on Tuesday, $9,700 on Wednesday
Total: $29,400 in 3 days - all under $10,000
SAR REQUIRED: Yes (clear structuring pattern)
```

**SCENARIO 2: Rapid Movement**
```
RED FLAGS:
• Large deposit immediately followed by withdrawal
• Funds moved through account with little economic purpose
• No trading activity, only deposits and withdrawals

EXAMPLE:
Monday: Wire in $100,000 from foreign bank
Tuesday: Purchase money market fund
Wednesday: Sell money market fund
Thursday: Wire out $98,000 to different foreign bank
SAR REQUIRED: Likely (layering, no apparent business purpose)
```

**SCENARIO 3: Inconsistent with Profile**
```
RED FLAGS:
• Activity far exceeds stated income/net worth
• Customer occupation doesn't match account activity
• Sudden change in account usage

EXAMPLE:
Customer listed occupation: "Retail clerk"
Customer listed income: "$35,000/year"
Account activity: $500,000 in deposits over 6 months
SAR REQUIRED: Yes (source of funds questionable)
```

**SCENARIO 4: Uncooperative Customer**
```
RED FLAGS:
• Customer refuses to provide information
• Customer provides false/inconsistent information
• Customer avoids contact
• Customer closes account when questioned

EXAMPLE:
Firm requests updated employment information (EDD)
Customer refuses to provide
Customer immediately requests full withdrawal and account closure
SAR REQUIRED: Yes (evasive behavior, possible fraud)
```

**SCENARIO 5: Insider Trading Indicators**
```
RED FLAGS:
• Trading prior to major announcements
• Unusual options activity
• Customer has connection to company insiders
• Pattern of profitable trades around news events

EXAMPLE:
Customer purchases significant call options
Two days later, company announces merger
Customer exercises options for 500% profit
Customer has no prior options trading history
Investigation reveals customer's spouse works at acquiring company
SAR REQUIRED: Yes (possible insider trading - also report to SEC)
```

### SAR Filing Process

**TIMELINE:**
```
Day 0    - Suspicious activity detected
Day 1-5  - Investigation conducted
Day 6-10 - SAR decision made
Day 11-20 - SAR drafted and reviewed
Day 21-30 - SAR filed with FinCEN
Maximum: 30 days from detection
```

**SAR Investigation Checklist:**
```markdown
☐ Review all account documentation
☐ Review all transaction history (minimum 90 days)
☐ Interview relationship manager/rep (if appropriate)
☐ Conduct open-source research (Google, social media, news)
☐ Review beneficial ownership information
☐ Check for related accounts or customers
☐ Review prior SARs or alerts for same customer
☐ Determine if pattern or isolated incident
☐ Assess whether criminal referral warranted
☐ Document all findings
☐ Prepare SAR recommendation memo
☐ Route to AML Officer for decision
```

**SAR Filing Form (FinCEN SAR):**

**Required Information:**
```
PART I - SUBJECT INFORMATION
├─ Name, address, DOB, SSN/EIN
├─ Identification documents
├─ Occupation/business
├─ Phone numbers
└─ Account numbers

PART II - SUSPICIOUS ACTIVITY
├─ Date of detection
├─ Date range of activity
├─ Total dollar amount
├─ Activity type (checkboxes)
└─ IP addresses (if cyber-related)

PART III - NARRATIVE
├─ Who: Subjects involved
├─ What: Description of suspicious activity
├─ When: Timeline
├─ Where: Locations involved
├─ How: Method used
└─ Why: Why suspicious

PART IV - FILING INSTITUTION
├─ Firm information
├─ Contact person
└─ Branch information

PART V - CONTACT FOR ASSISTANCE
└─ Who law enforcement should contact
```

**SAR Narrative Best Practices:**

**GOOD Narrative:**
```
On January 5, 2025, customer John Doe (DOB: 01/15/1980, SSN: xxx-xx-1234) deposited $9,800 cash at Branch A. On January 6, 2025, the same customer deposited $9,900 cash at Branch B. On January 7, 2025, the customer deposited $9,700 cash at Branch C. Total deposits: $29,400 over 3 days.

Customer's account opening information indicates employment as "teacher" with annual income of "$55,000". Customer had no prior cash deposit history. When contacted by registered representative on January 8 regarding the deposits, customer stated funds were "from savings" but became evasive when asked for details. Customer requested immediate withdrawal of funds on January 9.

The pattern of deposits just under $10,000, made at different branches, over consecutive days, appears designed to avoid CTR reporting requirements. The activity is inconsistent with customer's stated occupation and income. Customer's evasive responses and immediate withdrawal request further support suspicion of structuring.
```

**POOR Narrative:**
```
Customer made suspicious deposits. We think it's structuring. Customer was weird when we asked about it.
```

**SAR Filing:**
```
File electronically via BSA E-Filing System:
https://bsaefiling.fincen.treas.gov/

✅ Use institution's BSA E-Filing credentials
✅ Complete all required fields
✅ Attach supporting documentation
✅ Obtain filing confirmation number
✅ Save confirmation in SAR file
```

### Post-SAR Actions

**Account Decisions:**
```
Option 1: MAINTAIN ACCOUNT
• If isolated incident
• If customer cooperates
• If ongoing monitoring sufficient
• Enhanced monitoring implemented

Option 2: CLOSE ACCOUNT
• If repeated suspicious activity
• If customer uncooperative
• If risk too high to manage
• If criminal activity suspected

PROHIBITED: Do not disclose SAR filing to customer (tipping off)
Violation: Up to 5 years imprisonment
```

**SAR Tracking:**
```markdown
# SAR LOG
SAR_Number | Filing_Date | Customer_Name | Account | Amount | Activity_Type | Status | Notes
SAR-2025-001 | 2025-01-15 | John Doe | 12345 | $29,400 | Structuring | Filed | Closed account
SAR-2025-002 | 2025-01-20 | ABC Corp | 67890 | $150,000 | Rapid movement | Filed | Under review
```

---

## CURRENCY TRANSACTION REPORTING (CTR)

### CTR Filing Requirements

**Threshold:** $10,000+ in currency (cash) in single day

**Multiple Transactions:**
```
If customer conducts multiple currency transactions totaling >$10,000 same day:
└─ Aggregate and file ONE CTR

Examples:
• Deposit $6,000 + Deposit $5,000 = $11,000 → FILE CTR
• Withdraw $3,000 + Deposit $8,000 = $11,000 → FILE CTR
• Deposit $10,001 = FILE CTR
```

**Currency Defined:**
- U.S. coins and currency
- Foreign currency (calculate USD equivalent)
- Cashier's checks, money orders, traveler's checks if >$10,000 cash exchanged

**NOT Currency:**
- Personal checks
- Wire transfers
- ACH transfers

### CTR Filing Timeline

**DEADLINE:** 15 days after transaction

**Best Practice:** File within 5 days

### CTR Exemptions

**Eligible for Exemption (after 12 months):**
- Listed public companies
- Subsidiaries of listed companies
- U.S./state/local governments
- Banks and financial institutions
- Businesses with operating accounts meeting criteria

**Not Eligible for Exemption:**
- Individuals
- Sole proprietorships
- Most small businesses
- Check cashing services
- Money transmitters

**Exemption Process:**
1. Customer maintains account for 12 months
2. Firm designates customer as exempt
3. File FinCEN Form 110 (Designation of Exempt Person)
4. Review exemption annually
5. File renewal every 2 years

### CTR Form Completion

**Required Information:**
```
PART I - PERSON(S) ON WHOSE BEHALF TRANSACTION(S) IS CONDUCTED
├─ Name, address, DOB, SSN/EIN
├─ Occupation/business
└─ Identification (type, number, issuing authority)

PART II - INDIVIDUAL(S) CONDUCTING TRANSACTION(S)
└─ If different from Part I, same information

PART III - AMOUNT AND TYPE OF TRANSACTION(S)
├─ Cash in: $________
├─ Cash out: $________
├─ Foreign currency exchanged
└─ Total: $________

PART IV - BRANCH INFORMATION
└─ Where transaction occurred
```

---

## TRAINING & TESTING

### Annual AML Training

**Required Participants:** ALL employees

**Minimum Content:**
- AML laws and regulations
- Firm's AML program
- Red flags and suspicious activity
- Reporting procedures
- Sanctions compliance
- Consequences of violations

**Training Duration:** 60-90 minutes minimum

**Training Record:**
```csv
Employee_Name,Employee_ID,Training_Date,Training_Topic,Hours,Score,Trainer,Signature_Date
John Smith,E1001,2025-01-15,AML Annual Training,1.5,95%,Jane Doe,2025-01-15
```

### Independent Testing

**Frequency:** Annual minimum

**Scope:**
```
COMPREHENSIVE AML TESTING:
├─ CIP procedures review
├─ CDD/EDD procedures review
├─ Beneficial ownership compliance
├─ OFAC screening effectiveness
├─ Transaction monitoring system
├─ SAR decision-making process
├─ CTR filing accuracy
├─ Recordkeeping compliance
├─ Training program adequacy
├─ AML Officer effectiveness
└─ Overall program effectiveness
```

**Tester Qualifications:**
- Independent (not AML Officer or supervised by AML Officer)
- Knowledgeable about AML requirements
- Preferably external qualified consultant

**Testing Deliverable:**
- Written report
- Findings and recommendations
- Management response
- Remediation timeline

---

**🖤🛣️ BlackRoad OS, Inc.**
**AML/BSA Compliance Playbook**
**Version 1.0 | January 2026**