MedGift

Anti-Money Laundering (AML) Program: 

Compliance and Supervisory Procedures

Date of Last Revision: September 5, 2020

1.              MedGift Policy

 

It is the policy of the firm to prohibit and actively prevent money laundering and any activity that facilitates money laundering or the funding of terrorist or criminal activities by complying with all applicable requirements under the Bank Secrecy Act (BSA) and its implementing regulations.

 

Money laundering is generally defined as engaging in acts designed to conceal or disguise the true origins of criminally derived proceeds so that the proceeds appear to have derived from legitimate origins or constitute legitimate assets. Generally, money laundering occurs in three stages. Cash first enters the financial system at the “placement” stage, where the cash generated from criminal activities is converted into monetary instruments, such as money orders or traveler’s checks, or deposited into accounts at financial institutions. At the “layering” stage, the funds are transferred or moved into other accounts or other financial institutions to further separate the money from its criminal origin. At the “integration” stage, the funds are reintroduced into the economy and used to purchase legitimate assets or to fund other criminal activities or legitimate businesses. 

 

Although cash is rarely deposited into securities accounts, the securities industry is unique in that it can be used to launder funds obtained elsewhere, and to generate illicit funds within the industry itself through fraudulent activities. Examples of types of fraudulent activities include insider trading, market manipulation, Ponzi schemes, cybercrime and other investment-related fraudulent activity.

 

Terrorist financing may not involve the proceeds of criminal conduct, but rather an attempt to conceal either the origin of the funds or their intended use, which could be for criminal purposes. Legitimate sources of funds are a key difference between terrorist financiers and traditional criminal organizations. In addition to charitable donations, legitimate sources include foreign government sponsors, business ownership and personal employment. Although the motivation differs between traditional money launderers and terrorist financiers, the actual methods used to fund terrorist operations can be the same as or similar to methods used by other criminals to launder funds. Funding for terrorist attacks does not always require large sums of money and the associated transactions may not be complex.

 

Our AML policies, procedures and internal controls are designed to ensure compliance with all applicable BSA regulations and FINRA rules and will be reviewed and updated on a regular basis to ensure appropriate policies, procedures and internal controls are in place to account for both changes in regulations and changes in our business.

 

2.              AML Compliance Person Designation and Duties

Designate your firm’s AML Compliance Person and describe his or her duties.

 

The firm has designated Mark Edelstein as its Anti-Money Laundering Program Compliance Person (AML Compliance Person), with full responsibility for the firm’s AML program. Mr. Edelstein has a working knowledge of the BSA and its implementing regulations and is qualified by experience, knowledge, and training commensurate with the organization’s risk profile. The duties of the AML Compliance Person will include monitoring the firm’s compliance with AML obligations and overseeing communication and training for employees. The AML Compliance Person will also ensure that the firm keeps and maintains all of the required AML records and will ensure that Suspicious Activity Reports (SARs) are filed with the Financial Crimes Enforcement Network (FinCEN) when appropriate. The AML Compliance Person is vested with full responsibility and authority to enforce the firm’s AML program. 

 

The firm will provide FINRA with contact information for the AML Compliance Person through the FINRA Contact System (FCS), including: (1) name; (2) title; (3) mailing address; (4) email address; (5) telephone number; and (6) facsimile (if any). The firm will promptly notify FINRA of any change in this information through FCS and will review, and if necessary update, this information within 17 business days after the end of each calendar year. The annual review of FCS information will be conducted by Joe Hewitt and will be completed with all necessary updates being provided no later than 17 business days following the end of each calendar year. In addition, if there is any change to the information, Joe Hewitt will update the information promptly, but in any event not later than 30 days following the change.

 

 

3.              Giving AML Information to Federal Law Enforcement Agencies and Other Financial Institutions

a.              FinCEN Requests Under USA PATRIOT Act Section 314(a)

As the firm is not a Financial Institution and does not provide any banking services, this section does not apply.  If in the future the firm elects to open accounts, we will take the necessary steps to ensure that we create policies and procedures to comply with 314(a) requests.

 

b.              National Security Letters

 

We understand that the receipt of a National Security Letter (NSL) is highly confidential. We understand that none of our officers, employees or agents may directly or indirectly disclose to any person that the FBI or other federal government authority has sought or obtained access to any of our records. To maintain the confidentiality of any NSL we receive, we will process and maintain the NSL by maintaining confidentiality and complying with requests.

 

 

c.              Grand Jury Subpoenas

We understand that the receipt of a grand jury subpoena concerning a customer does not in itself require that we file a Suspicious Activity Report (SAR). When we receive a grand jury subpoena, we will conduct a risk assessment of the customer subject to the subpoena as well as review the customer’s campaign activity. If we uncover suspicious activity during our risk assessment and review, we will elevate that customer’s risk assessment to our payment aggregator. We understand that none of our officers, employees or agents may directly or indirectly disclose to the person who is the subject of the subpoena its existence, its contents or the information we used to respond to it. To maintain the confidentiality of any grand jury subpoena we receive, we will process and maintain the subpoena by complying with requests and maintaining confidentiality.

 

 

d.              Voluntary Information Sharing With Other Financial Institutions Under USA PATRIOT Act Section 314(b)

As the firm is not a Financial Institution and does not provide any banking services, this section does not apply.

 

e.              Joint Filing of SARs by Broker-Dealers and Other Financial Institutions

 

As the firm is not a Financial Institution or Broker Dealer, and does not provide any banking services, this section does not apply.

 

 

f.               Sharing SARs With Parent Companies

As the firm is not a subsidiary of any company, this section does not apply.

 

 

4.              Checking the Office of Foreign Assets Control Listings

As the firm does not process payments or provide banking services, and accepts only campaign organizers who utilize a personal U.S. bank account to receive donations, the firm does not perform OFAC searches. 

 

However, the firm does collect name, address, telephone number, and social media account information and review social media accounts of campaign organizers and beneficiaries for valid content that is consistent with the information provided.  If a reasonable certainty of the campaign organizer’s or beneficiary’s identity cannot be formed through this review, the campaign is closed.

 

 

5.              Customer Identification Program

We do not open or maintain customer accounts within the meaning of 31 CFR 1023.100, in that we do not establish formal relationships with “customers” for the purpose of effecting transactions in securities. If in the future the firm elects to open customer accounts or to establish formal relationships with customers for the purpose of effecting transactions in securities, we will first establish, document and ensure the implementation of appropriate CIP procedures.

 

a.              Required Customer Information

 

As the firm does not process payments or provide banking services, and accepts only campaign organizers who utilize a U.S. bank account to receive donations, the firm is not required to maintain a Customer Identification Program.  However, the firm does collect name, address, telephone number, and social media account information.

 

b.              Customers Who Refuse to Provide Information 

If a potential or existing customer either refuses to provide the information described above when requested, or appears to have intentionally provided misleading information, our firm will not open a new campaign and will close any existing campaign.

 

c.              Verifying Information

Based on the risk, and to the extent reasonable and practicable, we will ensure that we have a reasonable belief that we know the true identity of our customers by using risk-based procedures to verify and document the accuracy of the information we get about our customers. Our AML Compliance Person will analyze the information we obtain to determine whether the information is sufficient to form a reasonable belief that we know the true identity of the customer (e.g., whether the information is logical or contains inconsistencies).  

 

We will verify customer identity through reviews social media accounts of campaign organizers and beneficiaries for valid content that is consistent with the onboarding information provided.  If a reasonable certainty of the campaign organizer’s or beneficiary’s identity cannot be validated through this review, the campaign is closed.

 

 

We will verify the information within a reasonable time before or after the campaign is opened.

 

We recognize that the risk that we may not know the customer’s true identity may be heightened for certain types of accounts, such as an account opened in the name of a corporation, partnership or trust that is created or conducts substantial business in a jurisdiction that has been designated by the U.S. as a primary money laundering jurisdiction, a terrorist concern, or has been designated as a non-cooperative country or territory. For this reason, we do not open campaigns for potential organizers who are not individuals with a U.S. personal bank account to receive donations.

 

d.              Lack of Verification

 

When we cannot form a reasonable belief that we know the true identity of a customer, we will do the following: (1) not open a campaign; (2) close a campaign after attempts to verify a customer’s identity fail.

 

e.              Recordkeeping

 

With respect to non-documentary verification, we will retain documents that describe the methods and the results of any measures we took to verify the identity of a customer. We will also keep records containing a description of the resolution of each substantive discrepancy discovered when verifying the identifying information obtained. We will retain records of all identification information for five years after the campaign has been closed; we will retain records made about verification of the customer’s identity for five years after the record is made.

 

f.               Comparison with Government-Provided Lists of Terrorists

As the firm does not process payments or provide banking services, and accepts only campaign organizers who utilize a U.S. bank account to receive donations, the firm does not perform Terrorist List searches.  However, the firm does collect name, address, telephone number, and social media account information and reviews social media accounts of campaign organizers and beneficiaries for valid content that is consistent with the onboarding information provided.  If a reasonable certainty of the campaign organizer’s or beneficiary’s identity cannot be validated through this review, the campaign is closed.

 

g.              Notice to Customers

As the firm does not process payments or provide banking or brokerage services, the firm is not required to maintain a Customer Identification Program. 

 

h.              Reliance on Another Financial Institution for Identity Verification

As the firm does not process payments or provide banking or brokerage services, the firm is not required to maintain a Customer Identification Program.  Campaign owners are required to link a personal U.S. bank account to their sub-account with our payment aggregator, and based on our risk profile, we rely on that U.S. bank to perform identity verification.

 

 

6.              Customer Due Diligence Rule

 

We do not open or maintain accounts for legal entity customers within the meaning of 31 CFR 1010.230. If in the future the firm elects to open accounts for legal entity customers, we will first establish, document and ensure the implementation of appropriate CDD procedures commensurate with our resulting higher risk profile.

 

a.     Identification and Verification of Beneficial Owners

 

b.     Understanding the Nature and Purpose of Customer Relationships

 

c.     Conducting Ongoing Monitoring to Identify and Report Suspicious Transactions

 

 

7.              Correspondent Accounts for Foreign Shell Banks

 

We do not open or maintain accounts for legal entity customers within the meaning of 31 CFR 1010.230. If in the future the firm elects to open accounts for legal entity customers, we will first establish, document, and ensure the implementation of appropriate CDD procedures.

 

a.              Detecting and Closing Correspondent Accounts of Foreign Shell Banks

                  b.              Certifications

 

                  c.              Recordkeeping for Correspondent Accounts for Foreign Banks

d.              Summons or Subpoena of Foreign Bank Records; Termination of Correspondent Relationships with Foreign Bank

 

8.              Due Diligence and Enhanced Due Diligence Requirements for Correspondent Accounts of Foreign Financial Institutions

We do not open or maintain accounts for legal entity customers within the meaning of 31 CFR 1010.230. If in the future the firm elects to open accounts for legal entity customers, we will first establish, document and ensure the implementation of appropriate CDD procedures.

 

a.              Due Diligence for Correspondent Accounts of Foreign Financial Institutions

b.              Enhanced Due Diligence

 

 

9.              Due Diligence and Enhanced Due Diligence Requirements for Private Banking Accounts/Senior Foreign Political Figures

We do not open or maintain private banking accounts.

 

 

10.           Compliance with FinCEN’s Issuance of Special Measures Against Foreign Jurisdictions, Financial Institutions or International Transactions of Primary Money Laundering Concern

We do not open or maintain customer accounts within the meaning of 31 CFR 1023.100, in that we do not establish formal relationships with “customers” for the purpose of effecting transactions in securities. If in the future the firm elects to open customer accounts or to establish formal relationships with customers for the purpose of effecting transactions in securities, we will first establish, document and ensure the implementation of appropriate procedures to comply with any Special Measures issued by FinCEN.

 

11.           Monitoring Campaigns for Suspicious Activity

We will monitor campaign activity for unusual size, volume, pattern or type of transactions, taking into account risk factors and red flags that are appropriate to our business. (Red flags are identified in Section 11.b. below.) Monitoring will be conducted through Board reporting. The customer risk profile will serve as a baseline for assessing potentially suspicious activity. The AML Compliance Person or his or her designee will be responsible for this monitoring, will review any activity that our monitoring system detects, will determine whether any additional steps are required, will document when and how this monitoring is carried out, and will report suspicious activities to the firm’s payment aggregator.

 

We will conduct the following reviews of activity that our monitoring system detects: regular Board review and discussion. We will document our monitoring and reviews as follows: meeting minutes. The AML Compliance Person or his or her designee will conduct an appropriate investigation and review relevant information from internal or third-party sources. Relevant information can include, but not be limited to, the following: reporting that identifies donation and disbursement activity outside the norm for our campaigns.

 

 

a.              Emergency Notification to Law Enforcement by Telephone 

In situations involving violations that require immediate attention, such as terrorist financing or ongoing money laundering schemes, we will immediately call an appropriate law enforcement authority. If we become aware that a customer appears on OFAC’s SDN list, we will call the OFAC Hotline at (800) 540-6322. Other contact numbers we will use are: FinCEN’s Financial Institutions Hotline ((866) 556-3974) (especially to report transactions relating to terrorist activity), local U.S. Attorney’s office ((704) 344-6222), and local FBI office ((704) 672-6100).

 

 

b.              Red Flags

Red flags that signal possible money laundering or terrorist financing include, but are not limited to:

 

Customers – Insufficient or Suspicious Information

 

•         Provides unusual or suspicious identification documents that cannot be readily verified.

 

•         Reluctant to provide complete information about nature and purpose of the MedGift Support page or the beneficiary of the page.-

 

•         Information is false, misleading or substantially incorrect.

 

•         Background is questionable or differs from expectations based on information provided.

 

•         Customer with no discernable reason for using the firm’s service.

 

Efforts to Avoid Reporting and Recordkeeping

 

         Reluctant to provide information needed to complete MedGift support page creation and validation.

 

•         Tries to persuade an employee not to file required reports or not to maintain required records.

 

•         “Structures” deposits, withdrawals or purchase of monetary instruments below a certain amount to avoid reporting or recordkeeping requirements.

 

•         Unusual concern with the firm’s compliance with government reporting requirements and firm’s AML policies.

 

 

c. MedGift Support pages only accept credit cards and ETF transactions.   MedGift has identified these  additional red flags to consider should our policy change.

 

i. Certain Funds Transfer Activities

 

·       Wire transfers to/from financial secrecy havens or high-risk geographic location without an apparent business reason.

·       Many small, incoming wire transfers or deposits made using checks and money orders. Almost immediately withdrawn or wired out in manner inconsistent with customer’s business or history. May indicate a Ponzi scheme.

·       Wire activity that is unexplained, repetitive, unusually large or shows unusual patterns or with no apparent business purpose.

 

ii. Certain Deposits or Dispositions of Physical Certificates

 

•         Physical certificate is titled differently than the account.

•         Physical certificate does not bear a restrictive legend, but based on history of the stock and/or volume of shares trading, it should have such a legend.

•         Customer’s explanation of how he or she acquired the certificate does not make sense or changes.

•         Customer deposits the certificate with a request to journal the shares to multiple accounts, or to sell or otherwise transfer ownership of the shares.

 

iii. Activity Inconsistent With Business

 

        Transactions patterns show a sudden change inconsistent with normal activities.

        Unusual transfers of funds or journal entries among accounts without any apparent business purpose.

        Maintains multiple accounts, or maintains accounts in the names of family members or corporate entities with no apparent business or other purpose.

•         Appears to be acting as an agent for an undisclosed MedGift support page beneficiary , but is reluctant to provide information.

 

iv. Other Suspicious Customer Activity

 

•         Law enforcement subpoenas.

•         Payment by third-party check or money transfer without an apparent connection to the customer.

•         Payments to third-party without apparent connection to customer.

•         No concern regarding the cost of transactions or fees (i.e., surrender fees, higher than necessary commissions, etc.).

 

 

d. Responding to Red Flags and Suspicious Activity

When an employee of the firm detects any red flag, or other activity that may be suspicious, he or she will notify the AML Compliance Person or his or her designee. Under the direction of the AML Compliance Person, the firm will determine whether or not and how to further investigate the matter. This may include gathering additional information internally or from third-party sources, or closing the campaign.

 

 

12.           Suspicious Transactions and BSA Reporting 

As the firm does not process any financial transactions or open or maintain any banking or financial accounts, Suspicious Transactions and BSA Reporting are not applicable. Should our business change to include financial services, we will take proper steps to ensure that we file reporting as required by the BSA and USA PATRIOT Act, including the following.

a.              Filing a SAR

b.              Currency Transaction Reports 

c.              Currency and Monetary Instrument Transportation Reports

d.              Foreign Bank and Financial Accounts Reports

e.              Monetary Instrument Purchases

 

f.               Funds Transmittals of $3,000 or More Under the Travel Rule

 

13.           AML Recordkeeping

a.              Responsibility for Required AML Records and SAR Filing

Our AML Compliance Person and his or her designee will be responsible for ensuring that AML records are maintained properly.

 

As the firm does not process any financial transactions or open or maintain any banking or financial accounts, we do not create and maintain SARs, CTRs, CMIRs, or FBARs.

 

We will maintain relevant documentation on customer identity and verification.

 

b.              SAR Maintenance and Confidentiality

As the firm does not process any financial transactions or open or maintain any banking or financial accounts, we do not have the information required to submit SARs.

If in the future the firm elects to open accounts, we will take proper steps to ensure that we hold SARs and any supporting documentation confidential. We will not inform anyone outside of FinCEN, the SEC, an SRO registered with the SEC or other appropriate law enforcement or regulatory agency about a SAR. We will refuse any subpoena requests for SARs or for information that would disclose that a SAR has been prepared or filed and immediately notify FinCEN of any such subpoena requests that we receive. See Section 11 for contact numbers. We will segregate SAR filings and copies of supporting documentation from other firm books and records to avoid disclosing SAR filings. Our AML Compliance Person will handle all subpoenas or other requests for SARs. [Describe any other retention or confidentiality procedures of your firm for SARs.] We may share information with another financial institution about suspicious transactions in order to determine whether we will jointly file a SAR according to the provisions of Section 3.d. In cases in which we file a joint SAR for a transaction that has been handled both by us and another financial institution, both financial institutions will maintain a copy of the filed SAR.

c.              Additional Records

 All Medgift support pages must be linked to US-based bank accounts through our payment partner.  MedGift support pages only accept donations via credit card or EFT which are posted the beneficiary’s merchant’s sub-account as hosted by MedGift’s payment partner.  These funds are periodically transferred from the sub-account to the beneficiary’s US-based personal checking account.  MedGift and its payment partner maintain logs of all financial transactions.  In the event the following might occur we maintain copies of all transactions:


·       A record of each advice, request or instruction received or given regarding any transaction resulting (or intended to result and later canceled if such a record is normally made) in the transfer of currency or other monetary instruments, funds, checks, investment securities or credit, of more than $10,000 to or from any person, account or place outside the U.S.;


·       A record of each advice, request or instruction given to another financial institution (which includes broker-dealers) or other person located within or without the U.S., regarding a transaction intended to result in the transfer of funds, or of currency, other monetary instruments, checks, investment securities or credit, of more than $10,000 to a person, account or place outside the U.S.;

 

·       Each document granting signature or trading authority over each customer’s account;

 

·       Each record described in Exchange Act Rule 17a-3(a): (1) (blotters), (2) (ledgers for assets and liabilities, income, and expense and capital accounts), (3) (ledgers for cash and margin accounts), (4) (securities log), (5) (ledgers for securities in transfer, dividends and interest received, and securities borrowed and loaned), (6) (order tickets), (7) (purchase and sale tickets), (8) (confirms), and (9) (identity of owners of cash and margin accounts);

 

·       A record of each remittance or transfer of funds, or of currency, checks, other monetary instruments, investment securities or credit, of more than $10,000 to a person, account or place, outside the U.S.; and

 

·       A record of each receipt of currency, other monetary instruments, checks or investment securities and of each transfer of funds or credit, of more than $10,000 received on any one occasion directly and not through a domestic financial institution, from any person, account or place outside the U.S.

 

14.           Clearing/Introducing Firm Relationships

As the firm does not process any financial transactions or open or maintain any banking or financial accounts, we do not have a direct relationship with a clearing firm.  If in the future the firm elects to open accounts, we will work with any clearing firm we engage to prevent money laundering.

 

 

15.           Training Programs

We will develop ongoing employee training under the leadership of the AML Compliance Person and senior management. Our training will occur on at least an annual basis. It will be based on our firm’s size, its customer base, and its resources and be updated as necessary to reflect any new developments in the law.

 

Our training will include, at a minimum: (1) how to identify red flags and signs of money laundering that arise during the course of the employees’ duties; (2) what to do once the risk is identified (including how, when and to whom to escalate unusual customer activity or other red flags for analysis and, where appropriate, the filing of SARs); (3) what employees’ roles are in the firm’s compliance efforts and how to perform them; (4) the firm’s record retention policy; and (5) the disciplinary consequences (including civil and criminal penalties) for non-compliance with the BSA.

 

We will develop training in our firm, or contract for it. Delivery of the training may include educational pamphlets, videos, intranet systems, in-person lectures and explanatory memos. Currently our training program is: annual review of the basic training for AML in the U.S. provided at http://bankersacademy.com.  We will maintain records to show the persons trained, the dates of training and the subject matter of their training.

 

We will review our operations to see if certain employees, such as those in compliance, require specialized additional training. Our written procedures will be updated to reflect any such changes. 

 

 

16.           Program to Independently Test AML Program

a.              Staffing

The testing of our AML program will be performed at least every two calendar years (on a calendar year basis) by Amy Moore, an independent third party. We will evaluate the qualifications of the independent third party to ensure they have a working knowledge of applicable requirements under the BSA and its implementing regulations. Amy Moore also has earned ACAMS certification and seven years of experience in AML and OFAC compliance with a major financial institution. Independent testing will be performed more frequently if circumstances warrant.

 

                  b.              Evaluation and Reporting

 

After we have completed the independent testing, staff will report its findings to senior management. We will promptly address each of the resulting recommendations and keep a record of how each noted deficiency was resolved. 

 

 

17.           Monitoring Employee Conduct and Accounts

We do not open or maintain customer accounts within the meaning of 31 CFR 1023.100, in that we do not establish formal relationships with “customers” for the purpose of effecting transactions in securities.

 

We will subject employee campaigns, if any, to the same AML procedures as customer campaigns, under the supervision of the AML Compliance Person. We will also review the AML performance of supervisors, as part of their annual performance review. The AML Compliance Person’s campaigns, if any, will be reviewed by Joe Hewitt. Chair of Audit Committee.  

 

 

18.           Confidential Reporting of AML Non-Compliance

Employees will promptly report any potential violations of the firm’s AML compliance program to the AML Compliance Person, unless the violations implicate the AML Compliance Person, in which case the employee shall report to the audit committee chair. Such reports will be confidential, and the employee will suffer no retaliation for making them.

 

 

19.           Additional Risk Areas

The firm has reviewed all areas of its business to identify potential money laundering risks that may not be covered in the procedures described above. No major additional areas of risk have been identified.

 

 

20.           Senior Manager Approval 

Senior management has approved this AML compliance program in writing as reasonably designed to achieve and monitor our firm’s ongoing compliance with the requirements of the BSA and the implementing regulations under it. This approval is indicated by signatures below.

 

 

Signed: Mark Edelstein

 

Title: Executive Director

 

Date: September 5, 2020

 

MedGift Advocacy Services, Inc. is a 501c3 non-profit organization, classified as a public charity and is registered in the State of Georgia under EIN 81-4017965.