e __|solated and Technical Violations: Limited instances of noncompliance that do not threaten overall program effectiveness Some common problems and issues include, but are not limited to, the following: e AML compliance officer (as well as other employees) lacks sufficient experience and/or knowledge regarding AML policies, procedures and tools e __Insufficientinadequate resources dedicated to AML compliance e Lack of specific and customized training of employees with critical functions (e.g., account opening, transaction processing, risk management) e Failure to conduct adequate risk assessments (e.g., customer risk assessment, business line risk assessment, OFAC risk assessment) e Failure to incorporate risk assessments into a transaction-monitoring process, customer acceptance standards, audits, testing or training e Inadequate Know Your Customer (KYC) procedures (e.g., CIP, CDD and EDD at or after account opening, including inadequate controls over required fields, inadequate methods of obtaining and/or maintaining current information, lack of reporting capabilities over missing information, and lack of verification procedures) e Poor documentation maintained for investigations that did not lead to SAR filings e Poor follow-up on SAR actions (e.g., close, monitor) e __Lack of reporting of key SAR information to senior management/board of directors e Inadequate tuning, validation and documentation of automated monitoring systems e Overreliance on software to identify transactions for which CTRs and/or SARs must be filed without fully understanding how the software is designed and what information it does/does not capture e Exclusion of certain products from transaction monitoring (e.g., loans, letters of credit, capital markets activities) e _Lack of timeliness when filing CTRs and SARs (e.g., reports are manually filed via certified mail, and the date postmarked is not noted) e _ Lack of or inadequate independent testing of the AML Compliance P