Wolfsberg Group Financial Crime Compliance Questionnaire (FCCQ) v1.

Financial Institution Name:

Location (Country) :

No # Question Answer
1. ENTITY & OWNERSHIP
1 Full Legal name

2 Append a list of foreign branches which are

covered by this questionnaire (if applicable)

3 Full Legal (Registered) Address

4 Full Primary Business Address (if different from

above)

5 Date of Entity incorporation / establishment

6 Select type of ownership and append an

ownership chart if available
6a Publicly Traded (25% of shares publicly traded)

6 a1 If Y, indicate the exchange traded on and ticker

symbol

6b Member Owned / Mutual

6c Government or State Owned by 25% or more

6d Privately Owned

6 d1 If Y, provide details of shareholders or ultimate

beneficial owners with a holding of 10% or more

7 % of the Entity's total shares composed of

bearer shares

8 Does the Entity, or any of its branches, operate

under an Offshore Banking License (OBL) ?

8a If Y, provide the name of the relevant branch/es

which operate under an OBL

© The Wolfsberg Group 2020 Page 1 FCCQ V1.1

 Wolfsberg Group Financial Crime Compliance Questionnaire (FCCQ) v1.1

2. AML, CTF & SANCTIONS PROGRAMME

9 Does the Entity have a programme that sets
minimum AML, CTF and Sanctions standards
regarding the following components:
9a Appointed Officer with sufficient experience /
expertise
9b Cash Reporting

9c CDD

9d EDD

9e Beneficial Ownership

9f Independent Testing

9g Periodic Review

9h Policies and Procedures

9i Risk Assessment

9j Sanctions

9k PEP Screening

9l Adverse Information Screening

9m Suspicious Activity Reporting

9n Training and Education

9o Transaction Monitoring

10 Is the Entity's AML, CTF & Sanctions policy

No
approved at least annually by the Board or
HSBC’s Global AML and Sanctions Policies are approved annually by the Group Head of Financial Crime and subsequently
equivalent Senior Management Committee? escalated for noting by the Group Risk Committee.
11 Does the Entity use third parties to carry out any
components of its AML, CTF & Sanctions
programme?
11a If Y, provide further details

© The Wolfsberg Group 2020 Page 2 FCCQ V1.1

 Wolfsberg Group Financial Crime Compliance Questionnaire (FCCQ) v1.1

3. ANTI BRIBERY & CORRUPTION

12 Has the Entity documented policies and
procedures consistent with applicable ABC
regulations and requirements to [reasonably]
prevent, detect and report bribery and
corruption?
13 Does the Entity's internal audit function or other
independent third party cover ABC Policies and
Procedures?
14 Does the Entity provide mandatory ABC training
to:
14 a Board and Senior Committee Management

14 b 1st Line of Defence

14 c 2nd Line of Defence

14 d 3rd Line of Defence

14 e 3rd parties to which specific compliance

activities subject to ABC risk have been
outsourced
14 f Non-employed workers as appropriate
(contractors / consultants)

© The Wolfsberg Group 2020 Page 3 FCCQ V1.1

 Wolfsberg Group Financial Crime Compliance Questionnaire (FCCQ) v1.1

4. AML, CTF & SANCTIONS POLICIES & PROCEDURES

15 Has the Entity documented policies and
procedures consistent with applicable AML, CTF
& Sanctions regulations and requirements to
reasonably prevent, detect and report:
15 a Money laundering

15 b Terrorist financing

15 c Sanctions violations

16 Does the Entity have policies and procedures

that:
16 a Prohibit the opening and keeping of anonymous
and fictitious named accounts
16 b Prohibit the opening and keeping of accounts for
unlicensed banks and / or NBFIs
16 c Prohibit dealing with other entities that provide
banking services to unlicensed banks
16 d Prohibit accounts / relationships with shell banks

16 e Prohibit dealing with another Entity that provides

services to shell banks
16 f Prohibit opening and keeping of accounts for
Section 311 designated entities
16 g Prohibit opening and keeping of accounts for
any of unlicensed / unregulated remittance
agents, exchanges houses, casa de cambio,
bureaux de change or money transfer agents
16 h Assess the risks of relationships with domestic
and foreign PEPs, including their family and
close associates
16 i Define escalation processes for financial crime
risk issues
16 j Specify how potentially suspicious activity
identified by employees is to be escalated and
investigated
16 k Outline the processes regarding screening for
sanctions, PEPs and negative media
17 Has the Entity defined a risk tolerance statement
or similar document which defines a risk
boundary around their business?
18 Does the Entity have a record retention
procedures that comply with applicable laws?
18 a If Y, what is the retention period?

© The Wolfsberg Group 2020 Page 4 FCCQ V1.1

 Wolfsberg Group Financial Crime Compliance Questionnaire (FCCQ) v1.1

5. KYC, CDD and EDD

19 Does the Entity verify the identity of the
customer?
20 Do the Entity's policies and procedures set out
when CDD must be completed, e.g. at the time
of onboarding or within 30 days
21 Which of the following does the Entity gather
and retain when conducting CDD? Select all that
apply:
21 a Ownership structure

21 b Customer identification

21 c Expected activity

21 d Nature of business / employment

21 e Product usage

21 f Purpose and nature of relationship

21 g Source of funds

21 h Source of wealth

22 Are each of the following identified:

22 a Ultimate beneficial ownership

22 a1 Are ultimate beneficial owners verified?

22 b Authorised signatories (where applicable)

22 c Key controllers

22 d Other relevant parties

23 Does the due diligence process result in

customers receiving a risk classification?
24 Does the Entity have a risk based approach to
screening customers and connected parties to
determine whether they are PEPs, or controlled
by PEPs?
25 Does the Entity have policies, procedures and
processes to review and escalate potential
matches from screening customers and
connected parties to determine whether they are
PEPs, or controlled by PEPs?
26 Does the Entity have a process to review and
update customer information based on:
26 a KYC renewal

26 b Trigger event

© The Wolfsberg Group 2020 Page 5 FCCQ V1.1

 Wolfsberg Group Financial Crime Compliance Questionnaire (FCCQ) v1.1

27 From the list below, which categories of

customers or industries are subject to EDD and
/ or are restricted, or prohibited by the Entity's
FCC programme?
27 a Non-account customers

27 b Non-resident customers

27 c Shell banks

27 d MVTS/ MSB customers

27 e PEPs

27 f PEP Related

27 g PEP Close Associate

27 h Correspondent Banks

27 h1 If EDD or EDD & restricted, does the EDD

assessment contain the elements as set out in
the Wolfsberg Correspondent Banking
Principles 2014?
27 i Arms, defense, military

27 j Atomic power

27 k Extractive industries

27 l Precious metals and stones

27 m Unregulated charities

27 n Regulated charities

27 o Red light business / Adult entertainment

27 p Non-Government Organisations

27 q Virtual currencies

27 r Marijuana

27 s Embassies / Consulates

27 t Gambling

27 u Payment Service Provider

27 v Other (specify)

28 If restricted, provide details of the restriction

© The Wolfsberg Group 2020 Page 6 FCCQ V1.1

 Wolfsberg Group Financial Crime Compliance Questionnaire (FCCQ) v1.1

6. MONITORING & REPORTING

29 Does the Entity have risk based policies,
procedures and monitoring processes for the
identification and reporting of suspicious
activity?
30 What is the method used by the Entity to
monitor transactions for suspicious activities?
31 Does the Entity have regulatory requirements to
report suspicious transactions?
31 a If Y, does the Entity have policies, procedures
and processes to comply with suspicious
transactions reporting requirements?
32 Does the Entity have policies, procedures and
processes to review and escalate matters
arising from the monitoring of customer
transactions and activity?

© The Wolfsberg Group 2020 Page 7 FCCQ V1.1

 Wolfsberg Group Financial Crime Compliance Questionnaire (FCCQ) v1.1

7. PAYMENT TRANSPARENCY
33 Does the Entity adhere to the Wolfsberg Group
Payment Transparency Standards?
34 Does the Entity have policies, procedures and
processes to [reasonably] comply with and have
controls in place to ensure compliance with:
34 a FATF Recommendation 16
34 b Local Regulations
34 b1 Specify the regulation

34 c If N, explain

© The Wolfsberg Group 2020 Page 8 FCCQ V1.1

 Wolfsberg Group Financial Crime Compliance Questionnaire (FCCQ) v1.1

8. SANCTIONS
35 Does the Entity have policies, procedures or
other controls reasonably designed to prohibit
and / or detect actions taken to evade applicable
sanctions prohibitions, such as stripping, or the
resubmission and / or masking, of sanctions
relevant information in cross border
transactions?
36 Does the Entity screen its customers, including
beneficial ownership information collected by the
Entity, during onboarding and regularly
thereafter against Sanctions Lists?
37 Select the Sanctions Lists used by the Entity in
its sanctions screening processes:
37 a Consolidated United Nations Security Council
Sanctions List (UN)
37 b United States Department of the Treasury's
Office of Foreign Assets Control (OFAC)
37 c Office of Financial Sanctions Implementation
HMT (OFSI)
37 d European Union Consolidated List (EU)

37 e Lists maintained by other G7 member countries

37 f Other (specify)

38 Does the Entity have a physical presence, e.g.,

branches, subsidiaries, or representative offices
located in countries / regions against which UN,
OFAC, OFSI, EU and G7 member countries
have enacted comprehensive jurisdiction-based
Sanctions?

© The Wolfsberg Group 2020 Page 9 FCCQ V1.1

 Wolfsberg Group Financial Crime Compliance Questionnaire (FCCQ) v1.1

9. TRAINING & EDUCATION

39 Does the Entity provide mandatory training,
which includes :
39 a Identification and reporting of transactions to
government authorities
39 b Examples of different forms of money
laundering, terrorist financing and sanctions
violations relevant for the types of products and
services offered
39 c Internal policies for controlling money
laundering, terrorist financing and sanctions
violations
39 d New issues that occur in the market, e.g.,
significant regulatory actions or new regulations

40 Is the above mandatory training provided to :

40 a Board and Senior Committee Management

40 b 1st Line of Defence

40 c 2nd Line of Defence

40 d 3rd Line of Defence

40 e 3rd parties to which specific FCC activities have

been outsourced
40 f Non-employed workers (contractors /
consultants)

© The Wolfsberg Group 2020 Page 10 FCCQ V1.1

 Wolfsberg Group Financial Crime Compliance Questionnaire (FCCQ) v1.1

10. AUDIT
41 In addition to inspections by the government
supervisors / regulators, does the Entity have an
internal audit function, a testing function or other
independent third party, or both, that assesses
FCC AML, CTF and Sanctions policies and
practices on a regular basis?

© The Wolfsberg Group 2020 Page 11 FCCQ V1.1

 Wolfsberg Group Financial Crime Compliance Questionnaire (FCCQ) v1.1

Signature Page

Wolfsberg Group Financial Crime Compliance Questionnaire 2020 (FCCQ V1.1)

HSBC Holdings Plc (Financial Institution name)

I, Jennifer Calvery (Senior Compliance Manager – Second Line representative), certify that I have read and understood this
declaration, that the answers provided in this Wolfsberg FCCQ are complete and correct to my honest belief.

14/07/2021 (Signature & Date)

© The Wolfsberg Group 2020 Page 12 FCCQ V1.1