C. Rachel Raemore Romijn Senior Vice President Compliance Director Wachovia Corporation

1. Fiduciary & Investment Risk Management Association National Risk Management Training Conference April 2008 C. Rachel Raemore Romijn Senior Vice PresidentCompliance DirectorWachovia Corporation

2. Overview of Presentation • Overview of Strong AML Program: WARRCOM – What is it? • Customer Due Diligence in Detail • Assessments in Detail

3. Alphabet Soup…. SEC FRB BSA OCC FINRA USA PATRIOT Act IRS

4. Overview of a Strong AML/ATF/OFAC Program WARRCOM • Written Policies and Procedures • Awareness and Training • Regulatory and Internal Reporting • Record keeping • Customer and Product Due Diligence • Oversight • Monitoring and Assessments

5. Written Policies and Procedures • Cascading Policies • FFIEC Analysis and 2006 Updates • 312 Implementation

6. Awareness and Training Everybody should get something • Web based Training Module • Specialized Focused Training • PEPs • Offshore Companies and Trust • 312

7. Regulatory and Internal Reporting • Regulatory Reporting • such as SARs, CTRs, 314, 311 • Centralized Escalation • Score Card and MIS

8. Customer and Product Due Diligence • Ongoing Monitoring of all Clients • Independent in-country visits for certain types of clients • High Risk Codes • 312 • New Product Committee

9. Specific Issues……In a High Touch Space High Touch Due Diligence Process and Relationship…. So you should know and understand client – get to the warm body Know and continue to know their reputation Source of Wealth Proactively vet PEP risk

10. Specific Issues……In a High Touch Space • Mostly Managing Reputational Risk….Not Just AML • Coordinate Actions for or against the client…Red Flag Committee Structure

11. Oversight • Management – “How do you know?” • Compliance & Risk Management • Internal Audits • External Audits • Regulatory Exams

12. Monitoring and Assessments People and Automated Systems • Assessment Program • Automated Tools • Escalation • Ongoing Due Diligence of Customers and Products

13. What is an Assessment? • Risk Assessment of high risk types looking at products, customers, and geography • Self Assessments of policies and processes • Risk Matrix and on-going Surveillance

14. Four Main Elements to AML Assessment Program:WRAP • W: WARRCOM Quality Assessment • R: Risk Matrix or Score Card • A: Audit, Compliance and Regulatory Examination Results • P: Policy development based on Products and Services, Customer Types and Geographies

15. Policy Development Based on Products and Services, Customer Types and Geographies Products and Services • Who are you? Customer Types • What do you want? Products and Services • Where are you from? Geographies

16. (W: WARRCOM Quality Assessment)Self Assessments • What does success look like? • How are GAPs resolved and tracked? • Are reports issued?

17. R: AML Risk Matrix The Facts • AML Risk Matrix or Score Card: Incorporate FFIEC Appendix J & M and Additional Questions for all AML Risk Assessment Units

18. A: Audit, Compliance and Regulatory, Examination Results • Add Internal Audit Results • Summarize Compliance Review Results • Add Regulatory Results

19. Resources: More than FFIEC Manual • Securities Industry and Financial Markets Association (SIFMA) Anti-Money Laundering and Financial Crimes Committee 2008 Guidance for Deterring Money Laundering and Terrorist Financing Activity, February 2008 • FINRA a Small Firm Template, Anti-Money Laundering Program: Compliance and Supervisory Procedures • SEC Anti-Money Laundering Source Tool • FinCEN’s Guidance, Application of the Requiring Special Due Diligence Programs for Certain Foreign Accounts to the Securities and Futures Industries, May, 10, 2006