Hogan Lovells US LLP
Columbia Square
555 Thirteenth Street, NW
Washington, DC 20004
T +1 202 637 5600
F +1 202 637 5910
www.hoganlovells.com

November 17, 2014
FOIA CONFIDENTIAL TREATMENT REQUESTED BY FBME BANK LTD.
BY ELECTRONIC MAIL
Jennifer Shasky Calvery
Director
Financial Crimes Enforcement Network
U.S. Department of Treasury
P.O. Box 39
Vienna, VA 22183
Attention: Richard May, Director, FinCEN Office of Special Measures
Richard.May@fincen.gov
Re:

Notice of Proposed Rulemaking – Financial Crimes Enforcement Network
(FinCEN): Supplemental Information
RIN 1506-AB27

Dear Director Shasky Calvery:
On behalf of our client, FBME Bank Ltd. (“FBME” or the “Bank”), and as discussed with Richard
May, we thank you for the opportunity to provide additional information to FinCEN as part of the
Bank’s response to the Notice of Proposed Rulemaking and Notice of Finding in this matter.
As detailed in EY’s September 22, 2014 Assessment of FBME's Compliance Program
(“Assessment”), FBME’s Manual of Policies and Procedures (the "Manual”) is in compliance
with the applicable requirements of the current EU and Cypriot Money Laundering Directives 1/.
The enclosed submission provides documentation, Bates numbered FBME00000023 to
FBME00000614, to deepen FinCEN’s understanding of the policies and operations of FBME’s
anti-money laundering ("AML") and sanctions compliance program (“Compliance Program” or
“Program”). This letter describes the documents contained in this submission for your

1/
Directive 2005/60/EC of the European Parliament and of the Council of 26 October 2005 on
the prevention of the use of the financial system for the purpose of money laundering and terrorist
financing (the "EU 3rd Directive") and the fourth issue of the Directive to Credit Institutions in
accordance with Article 59(4) of the Prevention and Suppression of Money Laundering Activities
Laws of 2007 to 2013, issued by the Central Bank of Cyprus ("CBC") in December 2013 (the "CBC
4th Directive").
Hogan Lovells US LLP is a limited liability partnership registered in the District of Columbia. “Hogan Lovells” is an international legal practice that includes Hogan Lovells US
LLP and Hogan Lovells International LLP, with offices in: Alicante Amsterdam Baltimore Beijing Brussels Caracas Colorado Springs Denver Dubai Dusseldorf
Frankfurt Hamburg Hanoi Ho Chi Minh City Hong Kong Houston Johannesburg London Los Angeles Luxembourg Madrid Mexico City Miami Milan Monterrey
Moscow Munich New York Northern Virginia Paris Philadelphia Rio de Janeiro Rome San Francisco São Paulo Shanghai Silicon Valley Singapore Tokyo
Ulaanbaatar Warsaw Washington DC Associated offices: Budapest Jakarta Jeddah Riyadh Zagreb. For more information see www.hoganlovells.com

 Jennifer Shasky Calvery

-2-

November 17, 2014

reference. We also detail certain enhancements to the Program that FBME has implemented or
is in the process of implementing.
As we have discussed, we will be providing additional information in future submissions. For
example, we are working with EY to complete a transactional review of the issues raised in the
Notice of Finding. As that review progresses, we will seek to meet with you to explain our
findings, our compliance enhancement plans, and to address any outstanding questions or
concerns.
As we have expressed previously, the commercial uncertainty surrounding this proceeding has
had, and continues to have, a detrimental impact on the business operations of FBME, its
affiliates, and its many accountholders. With each passing day, the hurdles to its eventual
successful reentry into the banking system get higher. Accordingly, we respectfully request
expedited review of this submission.
I. Corporate Governance
FBME’s internal structure ensures that Compliance has an active role and a strong voice in
Bank matters. Not only does the Money Laundering Compliance Officer (“MLCO”) deliver an
annual report directly to the Board of Directors regarding the Compliance Program in Cyprus,
but as Group Head of Compliance, the MLCO reports semi-annually to the Board regarding
compliance issues facing the entire Bank. The MLCO is also a member of the Executive
Committee. Unlike most of the other Group Heads, the MLCO / Group Head of Compliance has
an elevated status within the reporting structure. (See Organization Chart 2.1 (Group
Functions Reporting Structure).)
In our Comment, we described the history of the Bank as well as the reasons for locating the
Bank’s operations in Cyprus and Tanzania. The structure that resulted from these business
decisions is demonstrated in FBME’s organization charts. For your reference, we attach FBME’s
Organization Charts 1 (Corporate Structure) 2/, 2.1 (Group Functions Reporting
Structure), 2.2 (Branch Structure), and 2.4 (Cyprus Branch Organization Chart). These
charts also appear in the Manual.
II. Manual of Policies and Procedures
FBME’s Manual governs its internal processes and serves as a reference of FBME’s policies. It
is provided to all employees and is available electronically on all employee computer desktops
as a shortcut from the shared drive of all Bank departments.
Since its adoption in its current format in 2006, Compliance personnel annually review and
update the Manual. The Bank further updates the Manual when prompted by changes in legal
and regulatory requirements, industry best practices, or the recommendations of internal or
external audits. The Manual has been approved by senior management and the Bank’s Board
of Directors at least annually and whenever there were changes to policy that required updates
to the Manual. For example, in May 2010, FBME added new requirements to the Monitoring
2/
With respect to the Organization Chart (Corporate Structure), Ayoub-Farid M. Saab owns
50% of FBME Limited via trust, as reflected in a separate FBME Ownership Document attached.

 Jennifer Shasky Calvery

-3-

November 17, 2014

subsections of the Manual to incorporate new procedures used in connection with HotScan and
Mantas. In August 2011, the Bank added due diligence requirements governing services to
private banking customers. The most recent update to the Manual occurred in May 2014 to
reflect changes to the CBC’s 4th Directive. In response to the 4th Directive’s changes, several
sections of the Manual were amended and others were restructured to achieve greater
specificity and clarity.
The Compliance section of the current Manual provides policies and procedures designed to
address AML risks, including but not limited to: KYC procedures, required documentation for
personal and corporate accounts, procedures for high-risk customers, monitoring of accounts
and transactions, procedures governing funds transfers and cash deposits, and the duties of the
MLCO.
For your reference, we attach the Compliance section of the current Manual, which focuses on
KYC and other AML compliance procedures. We also attach the Group Policies section of the
Manual, which includes policies that govern company employees including the Code of Ethics.
Further, we attach an October 2006 Policies and Procedures Memo, which describes the
process for Board approval of the Manual.
III. Money Laundering Compliance Officer
In our public Comment, we described the duties of the MLCO and Alternate MLCO. The MLCO
at the Bank is responsible for effective implementation of the Compliance Program, assessment
of risks facing the Bank, preparing and applying an annual staff training program, and
preparation of an annual report to the Board of Directors regarding the status of various
compliance activities and Program elements. EY had no recommendations or areas of
improvement to this element of FBME’s Program. 3/
For your reference, we attach the Manual (please see Section O.B.7). We also attach the
MLCO’s Annual Reports from FY 2012 and FY 2013, which demonstrate FBME’s commitment
to ensuring that the Board is kept apprised of the status of the Program and new legal
developments affecting it. Finally, we attach the Compliance Department’s Planned Activities
for 2014.
IV. Employee Training
As described in more detail in our Comment, all employees receive training related to
compliance matters, including AML and sanctions compliance. In addition, supplemental
training on AML procedures and legal developments is provided to all customer-facing
employees, and Compliance personnel also attend external trainings offered by AML experts.
EY noted in its report that the MLCO provides informal training throughout the year to
employees in selected departments (i.e. Business Development).4/ As part of its Assessment,
3/
With respect to Lilit Khachatryan, the MLCO, we wanted to clarify and correct a statement in
the September 22 submission and in the Assessment; her degree in Master of Business
Administration is from Hult International School of Business in Boston, Massachusetts. The Bank
and Ms. Khachatryan are discussing her ongoing status with the Bank.
4/
Assessment at FBME00000013.

 Jennifer Shasky Calvery

-4-

November 17, 2014

EY analyzed a July 12, 2014 training conducted by the MLCO and found that it “met the key
CBC 4th Directive provisions and addressed, among others, the following: customer due
diligence / customer acceptance, handling of Politically Exposed Persons (PEPs) and other
high-risk customers, ongoing monitoring of customer relationships, updating customer records,
and reliance on third parties (e.g., key business introducers.)”5/
FBME has procedures to document compliance training. FBME has a bank-wide central training
register maintained by the Training Manager for all internal trainings, and consistent with EY’s
recommendation, the Bank has expanded this central register to include external trainings as
well as internal training.
The Bank developed an education plan, with the most recent version issued on January 22,
2014. Compliance training for newly hired employees is required by Bank policy. In line with
EY's recommendation, the Bank has directed the MLCO to put in place formal procedures for
new hire training. The Bank is implementing these formal procedures before the Bank hires any
new employees. Additionally, also in accordance with EY’s recommendation, the Compliance
Department is documenting a formal induction training curriculum for all new employees. The
course covers the Compliance Department’s function and duties; AML and sanctions
regulations and risks; customer acceptance and Approved Third Party policy; risk classification
and identification of high risk clients; monitoring systems, such as HotScan and Mantas;
suspicious transaction reporting; interactions with external financial institutions and regulatory
authorities; and regulatory and legal frameworks. With respect to other employees, the Bank will
provide a general awareness electronic training program for all employees, including the
Executive Committee, before the end of 2014 and intends to have similar training in every
subsequent year. The program also includes formal training for Members of the Board of
Directors before the end of 2014 and refresher trainings on an annual basis.
For your reference, we attach the Manual (please see Section O.B.7), an MLCO Annual
Report covering FY 2012 that describes the training that took place that year and a bank-wide
AML training and quiz from 2012. We also attach a training regarding the 4th Directive and
a supplemental training, both from July 12, 2014, given to customer-facing employees.
V. Approved Third Parties
FBME devotes considerable attention to ensuring that Approved Third Parties (“ATPs”), the
third-party lawyers, accountants, or other professionals who introduce customers to FBME, are
registered and regulated in their respective jurisdictions to guard against money laundering. The
policies governing the engagement and monitoring of ATPs were detailed in our Comment. We
described the due diligence that is conducted regarding ATPs. That due diligence includes
FBME’s verification that the ATP is subject to mandatory professional registration in a
jurisdiction that complies with EU or EU-equivalent AML/CTF measures, that the ATP’s
compliance with those measures is subject to supervision, and that sufficient documentation
exists to substantiate the ATP’s professional expertise and maintenance of an AML policy. As
described below, FBME maintains ongoing account monitoring for all customers, including the
ATPs themselves as well as customers referred by ATPs. Moreover, the MLCO reviews and
approves every ATP engagement before it is undertaken.
5/

Assessment at FBME00000013.

 Jennifer Shasky Calvery

-5-

November 17, 2014

To supplement our description, we attach the following documents:






Form 213A – Customer Acceptance – Guidance for Intermediaries. This document,
referred to in our Comment, describes the nature of the business sought by FBME and
the type of clients, activities, and geographical locations that FBME does not permit.
Corporate ATP Profile and Personal ATP Profile. These forms cover the contact
information and business activities of the ATP and the documentation that the ATP is
required to produce.
Form 705 – Professional Intermediary Evaluation. This form probes the ATP’s
regulatory environment, customer acceptance policies, recordkeeping and reporting
procedures, and training policies.
Bank Sign-off of ATP Form. This form is used by the MLCO to assess and approve the
engagement.
Business Introducer Agreement. This contract governs the relationship between
FBME and the ATP.

VI. KYC
As described in further detail in our Comment, FBME conducts extensive KYC due diligence,
both at the onboarding stage and on an ongoing basis. The KYC process has evolved since
2011, as FBME has continued to enhance its program and procedures.
With regard to prospective corporate customers, the Bank requires that such customers
complete several forms during the onboarding stage. These forms and the requisite supporting
documentation are listed in Form 281C – Account Opening Checklist, attached. For your
reference, we also attach the following documents:





Account Information Sheet: This form lists key account information such as the
company name, directors, nominee shareholders and true beneficial owners, ATP, and
business profile information. This form is placed in each customer file.
Form 201C – Corporate Account Application Form. As a part of this five-page
application form, the prospective customer must provide information including: the full
legal name of the company; its registration number and country of incorporation; its
registered office address; its business address where offices and/or staff are physically
located; its country of operation; the names and professions of its directors; the purpose
of the account; a specific narrative description of all present, potential, and future
business activities of the company; the names of any affiliated or related entities; the
anticipated annual account turnover; the anticipated sources of incoming funds
(including the name of any anticipated remitter, country of remitter’s bank, remitter’s
business activities, and website); the anticipated outgoing payments (including the name
of any anticipated beneficiary, country of beneficiary’s bank, beneficiary’s business
activities, and website); and a list of all authorized signatories, including their full name,
capacity, and profession.
Form 202C – Corporate Account Signature Card. This form requires the signatures
of any new authorized signatories. The form also requires that any new signatory
provide certified copies of identity documents and original/certified copies of proof of
address.

 Jennifer Shasky Calvery















-6-

November 17, 2014

Form 210C – Corporate Account Group Structure Form. This form must be
completed by legal entities which are part of a group and/or have affiliated companies
with the same beneficial ownership wherein the beneficial owner has more than a ten
percent interest, including companies which maintain an account with FBME as well as
outside the Bank. Customers are required to include information about the
parent/holding company, subsidiaries, and affiliated/associated companies. For all
related parties, the customer must identify the name, country of incorporation, nature of
relationship, main activities, and a physical address where the offices and/or staff are
physically located. The customer must also provide a diagram reflecting the nature of
the relationship between the entities.
Form 213 – Unacceptable Client Activities Declaration. Customers are required to
confirm that they are not and will not become involved with any unacceptable business
activities. Specifically, they agree not to engage in business with any unacceptable
clients (e.g. persons included on UN, EU, HMT, and OFAC sanctions lists or anonymous
accounts), unacceptable activities (e.g. production or trade of weapons and military
arms, gaming and gambling related business, adult entertainment, unlicensed trade of
pharmaceutical products, or wholesale trade of telephones and/or electronic computer
components), or unacceptable geographic locations.
Form 213B – List of Unacceptable Business Activities. This list, provided to all
corporate customers, outlines the unacceptable business activities described in the
Unacceptable Client Activities Declaration above.
Form 223A – Letter of Confirmation of Company’s Good-Standing by the
Directors. In this form, the current directors must provide the names of all current
directors and registered shareholders and confirm that the company is in good standing.
(The Directors and Shareholders are independently verified through other corporate
documents.)
Form 223C – Statement of Beneficial Ownership. Nominee Shareholders are
required to list all ultimate beneficial owners, as well as the number of shares held by
each person and their occupation. In addition, the shareholders must confirm, to the
best of their knowledge and belief, that these beneficial owners are not directly or
indirectly involved in any criminal conduct or any money laundering activity. (This form is
accompanied by the Trust Deed signed between the Nominee Shareholder and the
beneficial owners, or a Declaration of Trust in which the Nominee Shareholders declare
they hold the shares on the beneficial owners’ behalf.)
Form 282C – Occupation Form. This form requires the prospective customer to
provide the names and occupations of all company directors and authorized signatories.
Form 283C – Occupation Form. This form requires the prospective customer to
provide the names and occupations of all individual shareholders including beneficial
owners holding a ten percent interest or above. (Companies with complex shareholding
structures, i.e. three or more layers of shareholders, submit additional documentation
and diagrams of their shareholding structure).
Form 706 – Beneficial Owner Profile Form. This form probes beneficial owners
regarding their involvement in public administration as well as their professional
background and source of wealth. The form also contains questions about close
associates and the visibility of immediate family members in public life. In October 2014,
this form was enhanced to require additional documentation regarding source and size
of wealth.

 Jennifer Shasky Calvery

-7-

November 17, 2014

With regard to prospective personal account customers, the Bank requires that such customers
complete several forms during the onboarding stage. These forms and the requisite supporting
documentation are listed in Form 281P – Account Opening Checklist, attached. For your
reference, we also attach the following documents:




Form 201P – Personal Account Application Form. As part of this four-page
application form, the prospective customer must provide information, including: the
address of his/her permanent (and any temporary) residence; nationality; passport
information; occupation; employer contact information; the purpose of the account; the
source of funds, the anticipated annual account turnover; the anticipated sources of
incoming funds (including the name of each anticipated remitter, country of remitter’s
bank, remitter’s business activities, and website); and the anticipated outgoing payments
(including the name of each anticipated beneficiary, country of beneficiary’s bank,
beneficiary’s business activities, and website).
Form 202P – Personal Account Signature Card. This form requires the signatures for
any new authorized signatories. The form also requires that any new signatory provide
certified copies of identity documents and original/certified copies of proof of address.

If the accountholder is a Politically Exposed Person, a PEP Profile Form is completed to
document the enhanced due diligence conducted. This form is attached.
For all customers, the Bank performs several checks to verify the accuracy of the customer’s
information. The New Accounts Approval Unit (“Unit”) performs internet-based research and
uses World-Check and URU checks to verify the provided information. The Unit verifies the
authenticity of the documents provided (passports, identification cards, reference letters, etc.) as
well as the submitted incorporation information, the company’s good standing status, and
business licenses. The Unit carries out background checks on all individuals linked to the
account, all remitters/beneficiaries the company works with, and affiliated companies. The Unit
also returns to the customer, often on multiple occasions, with questions raised during the
background research before an account is approved or declined.
As described in the Comment, the KYC Due Diligence Unit’s seven employees are responsible
for completing annual reviews of all high-risk customers as well as reviews of customers
classified as normal risk every three years. For your reference, we attach the KYC Update Unit
Internal Process document, which provides guidelines for these KYC due diligence updates,
and the Customer File Update Checklists for Normal and High Risk Customers, which are
completed when each file is updated, and stored in the file. The KYC Due Diligence Unit
conducts an extensive check of each file when it is reviewed, including reviewing individual
KYC, business profiles, and World-Check and URU checks. The guidelines further stipulate
that should a client not respond within the legally prescribed deadline, the Bank places a “No
Credit/No Debit” marker on the account, which indicates that no credits may be applied to and
no withdrawals may be made from the account. Files are marked complete only upon receipt of
all original/certified documents.
VII. Transaction Monitoring
For your reference, we attach the Manual (please see Section O.5.6) and the Compliance
Monitoring Unit Internal Process Document. This document cites the various restricted entity

 Jennifer Shasky Calvery

-8-

November 17, 2014

lists screened by FBME’s interdiction filter, HotScan, and describes the procedures used to
monitor transactions via Mantas, FBME’s software to evaluate past transactions and generate
alerts based on certain activity; monitor dormant accounts and those blocked by Compliance;
monitor card transactions; and review cash and check transactions. FBME has invested in
upgrades to its HotScan and Mantas systems and additional World-Check software, as well as
in human resources by increasing the number of Compliance staff and the number of trainings
they attend locally and abroad.
VIII. Alert Investigation
FBME has in place an investigation process to address AML and sanctions issues, as described
in our Comment. EY recommended that FBME implement an electronic case management
system to register alerts and track the progress of the related investigation, and automatically
update the report when an investigation is closed.6/ FBME plans to introduce this system by the
end of 2014.
For your reference, we attach the Compliance Monitoring Unit Internal Process Document,
which explains the step-by-step procedure followed when alerts are triggered in HotScan or
Mantas, or received from other Bank departments following suspicious account activity.
IX. Risk Assessments
As described in detail in our Comment, following KPMG’s recommendation in its 2013 audit,
FBME implemented its first AML/CTF risk assessment, which was completed in February
2014. This risk assessment analyzed fifty-five areas of potential risk and identified five areas
requiring further enhancements. For your reference, we attach the 2014 AML-CTF Risk
Assessment for fiscal year 2013.
*.*.*
This submission details the procedures and operations FBME has established to implement the
requirements of its Compliance Program. These procedures, together with the planned
enhancements described in this letter, the strength of FBME’s existing Compliance Program,
and the further enhancements to FBME’s AML policies, organizational structure, and KYC
requirements described in FBME’s public Comment, demonstrates a firm commitment by
FBME to further enhance its Compliance Program in accordance with industry best practices.
FBME reaffirms its commitment to continue to cooperate with the U.S. Government, as well as
the governments of Cyprus and Tanzania in the fight against money laundering and other illicit
activities. We look forward to working with FinCEN to resolve its concerns so that it may
withdraw the Notice and NPRM as quickly as possible.
We will continue to provide additional information to FinCEN about FBME’s AML and sanctions
Compliance Program. We thank you for your consideration of the foregoing, and we welcome
your questions or comments at any time.

6/

Assessment at FBME00000018.

 Jennifer Shasky Calvery

-9-

Sincerely,

Peter Spivack
Beth Peters
Evans Rice
Hogan Lovells US LLP
Counsel to FBME Bank Ltd.
cc:

Mona Sahaf, FinCEN
FBME Bank Ltd.
Jeanne Archibald
Louise Lamb
Anthony Capobianco

November 17, 2014