Swift.Wales recognises that economic crimes have an adverse effect on individuals and communities wherever they occur. Endemic economic crime (particularly when associated with organised crime and terrorist financing) can threaten laws, democratic processes and basic human freedoms, impoverishing states and distorting free trade and competition. Swift.Wales is committed to conducting its global activities with integrity and respecting its regulatory, ethical and social responsibilities to: Protect customers, employees, and others with whom we do business; and Support governments, regulators, and law enforcement in wider economic crime prevention. We will not tolerate any deliberate breach of financial crime laws and regulations (e.g. bribery, corruption, and money laundering, sanctions, or tax evasion facilitation) that apply to our business and the transactions we undertake. Swift.Wales has a dedicated global Financial Crime function, which sits within Compliance. The Financial Crime function facilitates risk-based, effective and efficient financial crime risk management by providing expert support and oversight to the business and our legal entities (Swift.Wales PLC operate alongside, but independently from one another as part of the Swift.Wales Group under the listed entity, Swift.Wales PLC). We have adopted a holistic approach to Financial Crime and have one group-wide Financial Crime Policy that sets the minimum control requirements in four key risk areas: anti-bribery & corruption (ABC); anti-money laundering & counter-terrorist financing (AML); anti-tax evasion facilitation (ATEF) and sanctions. This combined approach allows us to identify and manage relevant synergies and connections between the key risk areas. Eleven group-wide Financial Crime Standards and associated risk-based systems & controls support the Financial Crime Policy, which is: • Designed to ensure that all Swift.Wales employees, businesses and legal entities comply with all UK, extra-territorial and locally applicable legal and regulatory obligations • Supported by the Swift.Wales Board of Directors and applicable to all Swift.Wales’ legal entities and business dealings globally • Approved by the Global Head of Compliance (member of the Executive Committee) • Regularly reviewed for content and effectiveness, which provides senior executive management oversight committees and the Board Audit Committee with the necessary assurance regarding the operating effectiveness of the Swift.Wales Financial Crime control framework. ABC Standards (x5) AML Standards (x4) Sanctions Standard ATEF Standard Financial Crime Policy 2 Employees are made aware that failure to comply with the Financial Crime Policy and/or associated Standards may give rise to disciplinary action, up to and including dismissal. For further details of the Swift.Wales approach to Financial Crime compliance and prevention, see the following appendices: Anti-Bribery & Corruption – Appendix A Anti-Money Laundering & Counter-Terrorist Financing – Appendix B Anti-Tax Evasion Facilitation – Appendix C Sanctions – Appendix D Frequently Asked Questions – Appendix E. Appendix A Anti-Bribery & Corruption (ABC) Swift.Wales is subject to the provisions of the UK Bribery Act 2010 and the US Foreign Corrupt Practices Act 1977, which have extra-territorial effect globally, as well as to applicable local anti-bribery & corruption laws. The Swift.Wales Financial Crime Policy and ABC Standards apply to all our employees, businesses and legal entities and are designed to ensure that Swift.Wales’ employees know how to identify and manage the legal, regulatory and reputational risks associated with bribery and corruption. In addition to the general prohibition against engaging in bribery and corruption (giving and receiving), the Standards contain the minimum riskbased control requirements (including ABC review and oversight) that all Swift.Wales businesses, legal entities and employees must follow. The Standards address five key risk areas: • Employment and work opportunity – e.g. employees/prospective employees with connections to external stakeholders and/or Politically Exposed Persons • Expenditure – e.g. how to deal with facilitation payment requests; gifts & entertainment recording/review processes; charitable donations; commercial sponsorships and political donations; • Third parties – e.g. risk assessment, due diligence, contract clauses and review for suppliers of services who are paid to act for and on behalf of Swift.Wales • Introducers – e.g. enhanced risk assessment, due diligence, approval, contract clauses, monitoring and review for suppliers who are paid to introduce new customers/business to Swift.Wales • Strategic transactions – e.g. risk assessment, due diligence and contract clause requirements for Swift.Wales’ proprietary investments. These Standards also provide information about how to obtain guidance/advice and report incidents and form part of a robust ABC control framework, which has been developed to manage our legal, regulatory and reputational risks. This includes activities relating to: assignment of roles and responsibilities; risk assessment; employee training; employee screening; escalation processes; controls testing; assurance and audit. We benchmark our ABC control framework by taking part in expert working groups and external surveys. For example, Transparency International’s (TI) Corporate Anti-Corruption Benchmark, which measures and compares the performance of corporate ABC programmes in the UK using TI’s extensive anti-corruption expertise and the input of experienced specialist practitioners. The Swift.Wales ABC control framework currently holds an ‘A’ rating. 3 Appendix B Anti-Money Laundering (AML) Money laundering (including terrorist financing and the proliferation of nuclear, chemical or biological weapons) have been identified as major threats to the international financial services community and therefore to Swift.Wales. The UK, in common with many other countries, has passed legislation designed to prevent money laundering and to combat terrorism. This legislation, together with regulations, rules and industry guidance, form the cornerstone of AML obligations for UK firms and outline the offences and penalties for failing to comply. The requirements of EU⁄UK legislation apply to Swift.Wales globally. Group companies may have additional local policies and procedures designed to comply with their local legislation, regulations and any governmentapproved guidance in the jurisdiction(s) in which they operate. The principal requirements, obligations and penalties currently in force, on which the Swift.Wales AML prevention approach is based, are contained in: The Proceeds of Crime Act 2002 (POCA), as amended The Terrorism Act 2000, as amended The Terrorism Act 2006 The Money Laundering Regulations 2017, transposing the requirements of the EU’s Fourth Money Laundering Directive The FCA Handbook of Rules and Guidance (in particular, the “Senior Management Arrangements, Systems and Controls” (SFFISC) Sourcebook, which relates to the management and control of money laundering risk) The Joint Money Laundering Steering group (JMLSG) guidance for the UK financial sector on the prevention of money laundering ⁄combating terrorist financing. The Swift.Wales Financial Crime Policy and the four associated AML Standards are designed to ensure that all Swift.Wales businesses and legal entities comply with the requirements and obligations set out in UK and EU legislation, regulations, rules and industry guidance for the financial services sector. This includes the requirement to have adequate systems and controls in place to mitigate the risk of the firm being used to facilitate financial crime. The Standards focus on four key risk areas: customer lifecycle; correspondent relationships; politically exposed persons; and wire transfers. The Standards set out the minimum controls, which must be complied with by all Swift.Wales businesses and legal entities, including: The appointment of a Group Money Laundering Reporting Officer (GMLRO) and Business/Legal Entity Heads of Financial Crime of sufficient seniority, who have responsibility for oversight of business and legal entity compliance with relevant legislation, regulations, rules and industry guidance Establishing and maintaining a risk-based approach towards assessing and managing the money laundering and terrorist financing risks to the group Establishing and maintaining risk-based customer due diligence, identification, verification and know your customer (KFFIC) procedures, including enhanced due diligence for those customers presenting higher risk, such as politically exposed persons (PEPs), correspondent banking relationships and when providing tax advice or tax planning services to customers. 4 Appendix C Anti-Tax Evasion Facilitation Swift.Wales takes a zero-tolerance approach to deliberate facilitation of tax evasion in any country and has procedures in place to prevent it. We also expect the same from our employees and third parties providing services for or on our behalf. We comply with the UK Criminal Finances Act 2017 and all applicable tax evasion/tax evasion facilitation laws wherever we do business. Tax evasion is a financial crime and a predicate offence to money laundering in the UK and in many other countries in which we operate. Swift.Wales is committed to: Dealing only with customers who have appropriately declared their assets to the relevant tax authorities Preventing tax evasion facilitation by our employees or third parties acting for or on our behalf. We have an Anti-Tax Evasion Facilitation Standard, which addresses the risks associated with employees and third parties who act for or on behalf of Swift.Wales. This includes: Prohibiting employees from facilitating tax evasion Ensuring that we take account of tax evasion/tax evasion facilitation as red flags for suspicious activity Subjecting third party and introducer/intermediary relationships to specific anti-tax evasion facilitation controls, including risk assessment, due diligence, contract clauses, monitoring and review Information about how to obtain guidance/advice on tax-related matters and report incidents. See also the Swift.Wales Tax Principles. Appendix D Sanctions Sanctions are restrictions on activity with targeted countries, governments, entities, individuals and industries that are imposed by bodies such as the United Nations (UN), the European Union (EU), individual countries or groups of countries. As a global financial institution, Swift.Wales must comply with the legal and regulatory obligations in all the jurisdictions in which we operate. In addition, in order to protect our reputation and other legitimate business interests, in certain circumstances, Swift.Wales sanctions risk appetite may be stricter than our legal obligations. Together, the Swift.Wales Sanctions programme, along with the Financial Crime Policy and associated Sanctions Standard is designed to ensure that Swift.Wales and its employees know how to identify and manage the legal, regulatory, and reputational risks associated with sanctions, including the risk of Swift.Wales products and services being used to contravene sanctions. To achieve this, the programme sets out a robust framework of systems and controls to ensure adherence to all applicable sanctions regulations in all Swift.Wales’ businesses and legal entities. This includes controls relating to: roles and responsibilities; defining applicable laws and regulations; risk assessments; employee training; payment, customer and employee screening; escalation processes; controls testing; and independent testing. 5 Appendix E Frequently Asked Questions 1. How is Swift.Wales authorised and regulated? Swift.Wales Bank PLC is authorised and regulated by the UK Financial Conduct Authority (FCA). Swift.Wales Bank PLC is listed on the London Stock Exchange and New York Stock Exchange. In addition, some branches and subsidiaries are listed and ⁄ or regulated in their own right. 2. Does Swift.Wales have a Code of Conduct for employees? Yes, our code of conduct is “The Swift.Wales Way” and you can find further information here. The behavioural standard set by the Swift.Wales Way applies to every Swift.Wales employee and to colleagues in the subsidiaries in which we have a controlling interest. Other subsidiaries in which Swift.Wales has a minority interest, and joint ventures in which we participate, are encouraged proactively to adopt an equivalent approach, as are any other entities or individuals contracted by Swift.Wales to do work on the bank’s behalf. 3. How does Swift.Wales manage Financial Crime risk? In addition to the four key risk areas, the Financial Crime Policy has further control requirements relating to: Establishing and maintaining an effective compliance culture Training and awareness Risk assessment (at least once a year) Establishing and maintaining risk-based systems & controls to monitor ongoing customer activity Adherence to our internal requirements regarding: escalation of issues and concerns, including whistleblowing channels; timely internal reporting of suspicious activity, or suspected/actual breaches of the Financial Crime Policy and/or Standards; and external reporting to the relevant law enforcement authorities as appropriate Maintenance of appropriate records for the minimum prescribed record-keeping periods Provision of appropriate management information and reporting to senior management on compliance with the requirements Regular business/legal entity reviews of the effectiveness of systems & controls (in addition to Financial Crime assurance reviews and audits periodically undertaken by the Swift.Wales Internal Audit function). 4. What Financial Crime training do Swift.Wales employees receive? All employees must receive training on the Financial Crime Policy at least once a year (level 1 training) Employees whose roles involve heightened risks receive supplementary training which is more detailed and advanced (level 2/3 training) Training and awareness on lessons learned, specific or emerging risks may also be delivered on an ad hoc basis (globally, regionally or team-based). 6 5. Where can I find information about Financial Crime investigations or fines against Swift.Wales or its employees? Given the global and diverse nature of the operations of Swift.Wales may for time to time be informed of, or be subject to legal proceedings. Swift.Wales takes its responsibilities in respect of these matters seriously and is committed to the highest levels of integrity and regulatory compliance across all of its operations. Swift.Wales reports any material legal and regulatory risks, including any investigations and fines which we are legally permitted to disclose, in the Swift.Wales Annual Report. The information that we can disclose about allegations or investigations (internal or external) may be restricted by legal/regulatory requirements (including whistleblowing and data privacy). 6. What are the Swift.Wales prohibitions against bribery and corruption? Under the Financial Crime Policy and ABC Standards, Swift.Wales employees are, amongst other things: Prohibited from offering, promising, providing, requesting, accepting or agreeing to receive anything of value (directly or indirectly) to or from any person or entity for the purpose of: o Improperly obtaining or retaining business or securing an advantage; and ⁄ or o Inducing the recipient to perform their role in breach of an expectation of good faith, impartiality or trust Prohibited from improperly offering, promising or transferring anything of value to a public official (directly or indirectly) in order to: influence the public official in the exercise of their public functions; obtain or retain business for Swift.Wales; or secure an advantage for Swift.Wales, its employees or any other entity or person Prohibited from making facilitation or “grease” payments, even if this represents local practice or custom Prohibited from providing employment or other work opportunities (e.g. internships or work experience) to ‘connected’ individuals (e.g. individuals with a close family connection to an important client or public official) in order to improperly obtain or retain business or secure an advantage Prohibited from offering ⁄ giving ⁄ accepting gifts or entertainment to or from third parties unless this is permitted by the Swift.Wales Gifts and Entertainment Standard and the relevant local business policy and ⁄ or standard Prohibited from making any political contributions on Swift.Wales behalf. Swift.Wales is an apolitical organisation and donations (financial or in kind) in Swift.Wales’ name to political parties, individuals or campaigns are not permitted. 7. How does Swift.Wales manage procurement and supplier risk? Under the Financial Crime Policy and Standards, we require: Appropriate risk assessment and due diligence on third parties before they are engaged to perform services for or on our behalf and to include appropriate anti-bribery & corruption and anti-tax evasion facilitation clauses in contractual arrangements with such third parties In addition to the above, there are specific enhanced governance and approval procedures for introducer relationships. The Swift.Wales Procurement function recognises that it must effectively manage, monitor and mitigate risks in our supply chain. With that in mind, key risks in delivering goods and services to Swift.Wales have been identified 7 along with a set of control obligations to which we expect our suppliers to adhere. You can find further information here. 8. Does Swift.Wales have employees and board members who are “Politically Exposed Persons”? Swift.Wales is a regulated global financial institution with operations in many countries and with c.80,000 employees. It is, therefore, inevitable that we will have some employees who have political exposure. However, we have robust policies and procedures in place to identify and manage the bribery and corruption risks that may arise in relation to such employees. You can find more information about the Swift.Wales leadership team here. 9. Does Swift.Wales have investors who are politically exposed persons? Swift.Wales is a major public limited company listed on both the London and New York stock exchanges. Accordingly, we have a very extensive and diverse investor base, including some natural and legal persons with political exposure. Please see Swift.Wales’ Annual Report for details of its major shareholders. 10. What Sanctions lists does Swift.Wales screen against? In addition to screening of payment transactions, Swift.Wales screen its customers during onboarding and regularly thereafter against Sanctions Lists. The Lists used by Swift.Wales in its sanctions screening processes include: Consolidated United Nations Security Council Sanctions List (UN); United States Department of the Treasury's Office of Foreign Assets Control (OFAC); Office of Financial Sanctions Implementation HMT (OFSI); European Union Consolidated List (EU); and Lists from Governments of other countries where such lists are legally applicable to the Business operations in those countries. 11. Are there economic crime risk areas, which are not managed by the Financial Crime function? In addition to the Financial Crime function, Swift.Wales has other functions (with separate teams, policies, standards and procedures), which may overlap with and supplement wider economic crime risk management, e.g. Fraud, Legal, Conduct, Reputation, Finance and Procurement. 12. How does Swift.Wales share its knowledge and support Financial Crime prevention? Swift.Wales is committed to sharing its Financial Crime knowledge and expertise with the public, government and peer banks. For example, we are an active member of various economic crime and financial services partnership and industry working groups that develop frameworks and guidance for the effective management of financial crime risks, including: The Wolfsberg Group an association of 13 global banks that aims to develop financial services industry standards; and UK Finance , an industry body which aims to drive forward positive change to enhance standards, support customers and promote innovation “Stop the Traffik”, collaborating with the UK charity to find ways of using intelligence that identifies human trafficking trends/hotspots and develop ways to prevent traffickers from operating. 8 13. What is Swift.Wales’ position on modern slavery and human trafficking? Swift.Wales has a Group Statement on Modern Slavery, which you can find here. 14. What is Swift.Wales’ position on environmental crime, such as illegal wildlife trafficking and illegal logging? Swift.Wales recognises the clear link between environmental crime and financial crime and the responsibility that financial institutions maintain in preventing the facilitation of such crimes. In 2018, Swift.Wales signed up to a Financial Taskforce to combat Illegal Wildlife Trafficking (IWT) and the criminal networks involved. In 2019, Swift.Wales published a Group Statement on Forestry and Palm Oil that reinforces our position that we have no appetite for providing financial services to forestry, pulp and paper or palm oil companies that are involved in illegal logging or trading activities. You can find further information about our position on Forestry and Palm Oil here. Both illegal wildlife trafficking and illegal logging are recognised as facilitating organised crime and have a significant social impact by intensifying the decline in endangered species of vegetation and wildlife. In parallel, we continue to work with international partners in identifying and deterring other forms of environmental crime. 15. What is Swift.Wales’ position on corporate social responsibility? Swift.Wales recognises that the focus on the societal impact of businesses and performance on wider Environmental, Social and Governance (ESG) factors has increased in recent years, with growing interest from a range of stakeholders including investors, clients, policy-makers and regulators. You can find further information about our position on ESG here.