Published April 24, 2019

The Union of Relief and Development Associations, is referred to in the below policy as “URDA”, is committed to respecting the privacy rights of all of our individuals including donors, potential donors, and visitors to our website. This Privacy Policy explains how URDA handles the information that we collect whether via direct mail, phone or text message, or even through websites operated by the organization from which you are accessing this particular policy. This also includes any present or future software applications created by us for the use on computers and mobile devices, in addition to our social media channels that are controlled by us from which you are accessing this Privacy Policy, as well as through HTML-formatted emails that we send to you that link to the mentioned policy (collectively, including Websites, Apps and our Social Media Pages). By using these Services, you confirm that you agree to this Privacy Policy.

Throughout this Privacy Policy, you will observe the following terms “URDA,” “we,” “our” and “us” and they refer to:

• The Union for Relief and Development Association, a non-profit organization based in Lebanon.

1. Types of personal information collected on this website:

“Personal Information” refers to any type of information that identifies you as an individual or relates to an identifiable individual, including:

• First and last name
• Postal address (including billing and shipping addresses)
• Telephone number
• Email address
• Donation amount
• IBAN bank account number

We may need to collect and process these types of Personal Information to provide you with certain requested services including processing volunteering request, job application, and campaign proposals, or because we are legally required to do so. If you do not enter the information that we request, we may not be able to provide you with the requested service.

1. Process of collecting information on this website:

URDA and its service providers may collect Personal Information in several ways, including:

• Through the “Collaborate” services:We may collect Personal Information when you use our Services (e.g., when you sign up to place a donation, submit a solidarity campaign, apply for a job, etc.).
• Offline: We may collect your personal information during offline events such as when you visit us, during fundraisers, phone donations or when contacting any of our offices.
• From other sources:We may collect your personal information from other sources, such as public databases, joint marketing partners, social media platforms and from other third parties. If you choose to connect your social media account to your Services account, certain Personal Information from your social media account will be shared with us, which may include Personal Information that is part of your profile or your friends’ profiles.
• We may use later a third-party payment serviceto process donations made through the website. If you wish to donate through the website, your personal information may be collected by such third party and not by us and you will be subject to the third party’s privacy policy. We have are not responsible for, this third party’s collection, use, and disclosure of your Personal Information.

If you reveal any personal information to us or to our service providers related to other people in connection with the website, you shall represent that you have the authority to do so and to allow us to use the information in accordance with this Privacy Policy.

1. What happens to your information:

We and our service providers may collect and process Personal Information about you for our legitimate business interests, including the following:

• To respond to your inquiries and fulfill your requests, process your donations, send you acknowledgment letters and provide you with related customer service.
• To send administrative information to you, such as changes to our terms, conditions, and policies, and marketing communications that we believe may interest you, such as newsletters, updates and other information regarding our services, events, fundraising efforts, and other matters.
• To personalize your experience on the services by presenting products and offers tailored to you, and to facilitate the functionality of social sharing.
• For our business purposes, such as analyzing data; auditing; fraud monitoring and prevention; developing new products; enhancing, improving or modifying our services; identifying usage trends; determining the effectiveness of our promotional campaigns; and operating and expanding our business activities.

1. How may we disclose your Personal Information?

Your Personal Information may be disclosed:

• To our affiliates for the purposes described in this Privacy Policy.
• To our third-party service providers, which provide services such as website hosting, data analysis, payment processing, donation fulfillment, information technology, and related infrastructure, customer service, email delivery, auditing, and other services.
• To third parties, to permit them to send you marketing communications from like-minded organizations, consistent with your choices (applicable only to US-based individuals).
• By you, on message boards, chat, profile pages, and blogs, and other services to which you can post information and content (without limitation, our Social Media Pages). Please note that any information you post or disclose through these services will become public and may be available to other users.
• To your friends associated with your social media account, to other website users, and to your social media account provider, in connection with your social sharing activity. By connecting your Services account and your social media account, you authorize us to share information with your social media account provider, and you understand that the use of the information we share will be controlled by the social media provider’s privacy policy.
• Note:We do not sell exchange or lend email addresses or phone numbers to third parties.

Other Uses and Disclosures
We may also use and disclose your Personal Information because we believe it’s necessary or appropriate: (a) to comply with applicable law (which may include laws outside your country of residence), to respond to requests from public and government authorities (which may include authorities outside your country of residence), to cooperate with law enforcement or for other legal reasons; (b) to enforce our terms and conditions; and (c) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.

In addition, we may use, disclose or transfer your information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).

Statutory obligations and verification of your Personal Information
To comply with anti-money laundering, terrorism and sanctions laws and regulations, there are times when we need to confirm (or reconfirm) the name, date of birth, address and other details of our donors and business partners (including their directors, officers, board members, owners, shareholders, authorized representatives, and affiliates). We may need to do this whether you are applying to be a new donor or business partner or have been one for some time. This information may be shared with third-party service providers for this purpose. We may also collect publicly available information to verify the details of donors and business partners. Some laws and regulations oblige us to disclose information to certain bodies with statutory powers. If at any time you do not provide us with the information about you or your circumstances that are required to comply with these laws and regulations, we may not be able to accept your donation or accept you as a business partner. It is important that you give us accurate information. We will check your details and if you give us false or inaccurate information and we suspect crime or fraud, we will record this and pass this to organizations involved in the prevention of crime and fraud.

1. How do we protect your Personal Information?

We seek to use reasonable organizational, technical and administrative measures to protect Personal Information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Who do I contact with question or comments about this Privacy Policy?” section below.

The Websites use secure socket layer (SSL) encryption to protect the transmission of any Billing Information that you submit to us via the Websites when you use our secure online donation forms, and the Billing Information you provide to us is stored securely according to Payment Card Industry Data Security Standards (PCI-DSS).

1. How long do we retain your Personal Information?

We will retain your Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained. We will keep your Personal Information:

• For as long as we have an ongoing relationship with you (determined by such variables as the delivery of products or services, an online account, and receiving our newsletter);
• As required by a legal obligation to which we are subject; or
• As advisable and considering our legal position (as determined by applicable statutes of limitations, litigation, audit or regulatory/government investigations).

1. Where do we transfer your Personal Information?

Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Services you agree to the transfer of information to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.

1. What rights and choices do you have?

Your choices regarding our use and disclosure of your Personal Information
We give you choices regarding our use and disclosure of your Personal Information for marketing purposes. You may opt-out from:

• Receiving electronic communications from us: If you no longer want to receive marketing-related emails from us, you may opt-out by clicking “email preferences” in any of our emails and editing your preferences or contact us with your request directly at either [email protected].
• Our sharing of your Personal Information with affiliates for their direct marketing purposes: If you would prefer that we not share your Personal Information with our affiliates for their direct marketing purposes, you may opt-out of this sharing by contacting us with your request directly at either [email protected]or at +961 5 807 046 EXT: 47/48. In addition, first-time donors by mail have the option to opt-out on the reply device by checking the box on the mailing. All other donors by mail have the option to opt-out on a reply device, once a year, by checking the box.
• Our sharing of your Personal Information with unaffiliated third parties for their direct marketing purposes: If you would prefer that we not share your Personal Information with unaffiliated third parties for their direct marketing purposes, you may opt-out of this sharing by contacting us with your request directly at either [email protected]or at +961 5 807 046 EXT: 47/48.

We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages, from which you cannot opt-out.

How you can access, change or suppress your Personal Information
If you would like to review, correct, update, suppress, restrict or delete Personal Information that you have previously provided to us, or if you would like to receive an electronic copy of your Personal Information for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by applicable law), you may contact us at [email protected]. To ensure secure transfer, please do not email changes to your Billing Information. Rather, if you wish to update or delete any of your Billing Information, please contact us at [email protected]

In your request, please make clear what Personal Information you would like to have changed, and whether you would like to have your Personal Information that you have provided to us suppressed from our database. For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.

Please note, however, that certain Personal Information may be exempt from such access, correction and deletion/suppression requests, pursuant to applicable data protection laws or other laws and regulations. Also, please note that we may need to retain certain information for record-keeping purposes and that some residual information may remain within our databases and other records and will not be removed.

1. Do we collect Personal Information from children?

No. The Website is not directed to persons below 16 years of age, and individuals under such age must not use the Website or submit any Personal Information in any way. The Union of Relief and Development Associations does not knowingly collect Personal Information from children under age 16.

1. Do we use “cookies” on the Website?

Yes. We use cookies.

1. How do we respond to “Do Not Track” Signals?

We do not track users over time and across third-party websites to provide targeted advertising, and therefore we do not respond to Do Not Track (DNT) signals. Third parties cannot collect personally identifiable information about your online activities over time and across different websites when you use the Website.

1. Do we collect any server statistics or other passive data via the Website?

Yes. We may collect general statistics to track user trends on the Website, and we may collect statistics using ad-serving technology. These statistics include but are not limited to, hits to our servers, the types of browsers used to access the Website, page views, ad views, and navigational patterns. In addition, our web servers automatically collect and store non-Personal Information, such as the name of the domain and host from which you access the internet, the internet protocol (“IP”) address of the computer you are using, the browser software you use and your operating system, the date and time you access the Website, and the internet address of the site from which you linked directly to the Website. We may also use “web beacons” to help identify when emails or other electronic communications sent by us to you have been received and read. Any of this information may be subject to disclosure pursuant to a subpoena or other legal process.

1. What happens to feedback or other information that you submit or post to the Website?

Certain features of the Website may enable you to submit communications, suggestions, ideas, comments, questions or other information to us (collectively, “Feedback”) as well as post information to the Website for review by all users of the Website (“Posted Information”). Feedback and Posted Information becomes public information and is submitted at your discretion. When you submit Feedback or Posted Information, you expressly consent to our collection, use, and disclosure of such information in any manner, and agree that such Feedback and Posted Information remains subject to the Website Terms and Conditions.

1. What rules apply if you click over to third-party websites?

The Website may be linked to other sites that are not maintained by The Union of Relief and Development Associations, including, but not limited to, third-party application stores, mobile software platforms, on-line gaming platforms, social networking services and payment providers (collectively, “Third-Party Websites”). Third-Party Websites are subject to their own separate terms and conditions and privacy policies and are not covered by this Privacy Policy. By clicking on any of these links or otherwise accessing Third-Party Websites, you acknowledge and agree that you are leaving the Website.  The Union of Relief and Development Associations assumes no liability and is not responsible for the content or practices of any Third-Party Websites. The inclusion of any link to a Third-Party Website does not imply endorsement by The Union of Relief and Development Associations of such Third-Party Website or any product, service, content, materials or information available through such Third-Party Website.  URDA makes no representations regarding any third-party Website that may be accessed by a link from the Website.

1. What happens when we update this Privacy policy?

We may change this Privacy Policy. The “Updated” legend at the top of this Privacy Policy shows when the latter was last revised. Any changes will become effective when we post the revised Privacy Policy on the Services. Your use of the Services following these changes means that you accept the revised Privacy Policy.

1. Whom do I contact with question or comments about this Privacy Policy?

If you have any questions about this Privacy Policy or the practices of the Website, you can contact:

The Union of Relief and Development Associations 
International Road – behind Al-Rammal supermarket
Al Anwar Building – Ground floor
Call: +961 5 807 046 Extensions: 6010
Email: [email protected]

Conflict of Interest

URDA employees are not allowed to get involved, financially or otherwise, directly or indirectly, with individuals or organizations that might adversely affect their duties within URDA.

In case an employee is not sure about whether any situation may result in a conflict of interest, he/she is to consult the GM and request permission to conduct the intended task or duty.

Professionalism

All employees must show a commitment to professional work and to representing URDA in a positive manner within and outside URDA offices. In addition, staff members must be responsible for solving any problem and ready to deal with critical situations whether with donors or refugees, even if it were beyond their scope of responsibilities.

Dress Code

All employees must dress in an elegant and professional manner to reflect a positive picture of the organization.

Employees must also act professionally in all encounters whether with donors and the public or internally with managers and colleagues.

Visiting URDA offices

Employees are not allowed to host outside visitors in their offices without prior coordination and approval from their direct manager and the Administrative Director.

Similarly, it is not allowed to take out any URDA assets outside the premises without previous approval from the direct manager.

Personal Belongings:

It is preferable not to get any personal possessions to the office unless they are necessary to complete work-related tasks.

Also, it is not recommended to leave valuable personal belongings unattended inside the premises.

URDA shall not be held liable for any damage or loss of personal belongings and under any circumstances. 

Phone and fax:

Using the work phone and fax provided by URDA for personal matters not related to work duties is considered a violation.

It is very important for the employee to answer all phone calls and respond to any request in a professional manner.

In case the employee had to make a personal phonecall using the phones provided by URDA, he/she shall be held responsible for paying the dues.   

Any misuse of the phones provided by URDA will subject the employee to disciplinary actions.   

Computer, Email, & Internet Use

All URDA employees will be provided with laptops or computers to conduct their daily work. They will also have access to an email address and to the internet to facilitate their daily tasks. Employees must not abuse those facilities and use them in any manner that it is not work-related.

Internet use within URDA is monitored by the IT department. As such, employees are strictly prohibited from accessing any websites that are not related to their work.

Employees are not allowed to download any software on the URDA provided laptops or computers.

Employees are to use their URDA e-mail addresses exclusively to communicate work-related emails. They should never use this e-mail for personal manners or their personal email addresses for work-related issues.

Smoking at the Workplace

Employees are prohibited from smoking inside URDA offices because of the harm it causes to their colleagues and them violates URDA’s internal regulation and Lebanese laws.

URDA is a smoke-free workplace.

Confidentiality

All URDA employees are expected to sign a confidentiality agreement when they are recruited.

Any release or misuse of work-related information is considered a violation because it is one of the fundamental work conditions at URDA to preserve the information related to employees, donors, and all work documents. Thus, it is restricted to spread or discuss information considered confidential with an external party including media.

Reporting in case of theft, fraud, or illegal acts:

Employees must always show readiness and alert to possible theft, fraud, or any illegal acts that might target URDA, whether inside or outside the office.

If any suspicious activity is observed by any employee, he/she should report it immediately to [email protected] and the report will be dealt with in total confidentiality.

Failure to comply with URDA policies may result in disciplinary action against the concerned employees. Such measures may include suspension of the employee, issuing warnings, end of service and possible referral to the relevant government authorities to take the necessary legal action.

Receiving Gifts

An employee must show a high level of integrity during his work performance. Thus, he/she shall not seek or accept any gift, tangible or financial, from any party that may directly or indirectly affect his / her work performance.

If for any reason, he/she cannot refuse the gift, he/she must report the incident to his / her direct manager, the HRD and the GM.

Reporting in case of receiving a gift shall include the following information:

• Description the gift and its value.
• Name of the gift provider and recipient.
• Reason for receiving the gift.

Change of Personal Information

It is important that URDA’s personnel files contain valid and updated data.

As such, employees must notify the HRD whenever any changes in their personal information take place. These changes may be related to their:

• Name
• Marital Status
• Address
• Contact details (home phone number, mobile number, and email.
• Exams passed / qualifications obtained by the employee
• Training courses attended
• Emergency contact number
• Criminal record: criminal case, prosecution or conviction

Reporting in case of theft, fraud, or illegal acts:

Employees must always show readiness and alert to possible theft, fraud, or any illegal acts that might targeting URDA, whether inside or outside the office.

If any suspicious activity is observed by any employee, he / she should report it immediately to [email protected] and the report will be dealth with in total confidentiality.

Failure to comply with URDA policies may result in disciplinary action against the concerned employees. Such measures may include suspension of the employee, issuing warnings, end of service and possible referral to the relevant government authorities to take the necessary legal action.

Computer, Email, & Internet Use

All URDA employees will provided with laptops or computers to conduct their daily work. They will also have access to an email address and to the internet to facilitate their daily tasks. Employees must not abuse those facilities and use them in any manner that it is not work-related.

Internet use within URDA is monitored by the IT department. As such, employees are strictly prohibited from accessing any websites that are not related to their work.

Employees are not allowed to download any software on the URDA provided laptops or computers.

Employees are to use their URDA e-mail addresses exclusively to communicate work-related emails. They should never use this e-mail personal manners or their personal email addresses for work-related issues.

Professionalism

All employees must show a commitment to professional work and to representing URDA in a positive manner within and outside URDA offices. In addition, staff members must be responsible for solving any problem and ready to deal with critical situations whether with donors or refugees, even if it were beyond their scope of responsibilities.

What is a CPP?

A Child Protection Policy (CPP) is adopted as an institutional pledge to prevent intentional and non-intentional harm to children by setting guidelines and procedures. It is a commitment by an organization to create a positive environment for children where all members act consistently to preserve and promote the wellbeing of children.

Developing a CPP is a process that will allow your organization to identify possible risks to children in the insti- tution, and, to clarify acceptable behaviors when communicating with children. It will specify recommendations for training staff members on their responsibilities as well as how to detect and react to signs of child abuse. The referral process will be clearly defined in the CPP, staff members will know how to confidentially report and refer any identified cases of child abuse as per national guidelines. To demonstrate commitment to the CPP and deter violations, organizations should agree upon clear penalties. Finally, the CPP will offer recommendations for the screening of resumes and interviewing candidates to ensure that the staff best suited to work with children are hired.

The CPP will be adapted to your context by taking into consideration operations, existing policies, organizational structures and the input of community members.

Elements of a CPP:

The CPP aims to develop guidelines and procedures for:

• Creating a child-friendly environment
• Raising awareness on child wellbeing
• Communication and behavior with children
• Detection and referral of child abuse
• Management structures and procedures for policy implementation
• Consequences of policy violations
• Recruitment and training of staff

Why should you have a CPP?

We believe you should adopt a CPP for CEDAR:

Confidence:
Being transparent and committing to child protection will increase the confi- dence of the community in your opera- tions with children.

Endorsement
Adopting the CPP guarantees himaya’s affiliation with URDA, which in turn will provide you with access to resources and experts in child pro- tection.

Donors and accreditation bodies:
Organizations with a CPP are increasingly prioritized by donors and accreditation bodies.

Awareness:
Becoming a child protection actor by ensuring the rights of children in your institution, which will also raise awareness on child protection in your community.

Reputation:
An effective policy can protect your reputation by giving you guidelines to act in an informed and unbiased way during a crisis.

Requirements for a successful policy:

Commitment of Management
The key to successfully implementing a CPP is for an organization’s management to commit to child protection as a key focus in operations. This internal commitment to managerial leadership will drive a change in organizational culture leading to a successful child-safe organization.

Consultation and Transparency
At the preparation stage, it is important to invest time and resources in consultations with stakeholders, communication between teams and the modification of existing procedures. Involving community members in the development process builds ownership as their expectations and concerns can be addressed early on, which ultimately makes the procedures adapted and relevant.

Monitoring and Evaluation:
Upon adoption of the CPP, organizations should be pre- pared to internally monitor implementation of the policy and to review the content regularly to ensure it stays comprehensive and relevant to protecting children in the organization.

A CPP is a ‘means to an end and not an end in itself
Having a CPP does not guarantee the comprehensive protection of children, it is one of many actions that or- ganizations can take. Organizations should go beyond the CPP and take an active role in their community as child protection actors in order to prevent and reduce child abuse.

Implementing a Child Protection Policy

Design Phase
At the preparation stage it is important to invest time and resources in consultations with stakeholders, communication between teams and the modification of existing procedures. Involving community members in the development process builds ownership as their expectations and concerns can be addressed early on, which ultimately makes the procedures adapted and relevant.

1. Situation analysis and data collection
   • Conduct initial meeting with management
   • Identify existing policies, structures and procedures
   • Identify key stakeholders
   • Identify child protection specialist(s)
   
   
2. Key stakeholder discussions
   Organize focus group discussions with identified stake- holders in order to:
   • Identify organizational risks
   • Discuss preventive measures
   • Gather recommendations
   
   
3. Drafting the policy
   • Deliver draft of CPP for management review
   • Present CPP to staff members
   • Finalize CPP based on comments

Implementation Phase

     4. Implementation of the policy
        •Train staff on applying the CPP
        • Conduct specialized training for assigned child protection specialists in organization
        • Give awareness sessions to children and parents (when applicable)

     5. Dissemination of policy
        • Publish CPP on internal and external channels e.g. server or website
        • Present the CPP to parents through conferences

     6. Monitoring and Evaluation
        • Conduct follow-up meetings with child protection officer(s) and administration
        • Review the reporting procedure
        • Verify the implementation of the CPP components

GLOSSARY

• AML: Anti-Money Laundering BSA  Bank Secrecy Act
• FinCEN: Financial Crimes Enforcement Network (U.S. Treasury Dept.) OFAC   Office of Foreign Assets Control (U.S. Treasury Dept.) RMLO  Residential Mortgage Lenders and Originators
• SAR: Suspicious Activity Report
• SDN: Specifically Designated Nationals and Blocked Person List

I. Introduction

[URDA] is committed to a comprehensive anti-money laundering (“AML”) program. It is the policy of URDA to comply fully and completely with all applicable governmental requirements that have been designed to prohibit and prevent both actual and potential money laundering, as well as other activities that facilitate money laundering and the funding of terrorists and/or other criminal activity, including mortgage fraud.

URDA intends that these AML Policy and Program Procedures (“the Policy”) will be reviewed at least annually and updated from time to time as necessary to keep up with changes in applicable law and changes in URDA’s operations. The Policy is intended to be supplemented by the training of all URDA’s non-construction employees and any volunteers who perform administrative duties (“designated volunteers”). The Policy is solely for the use of and is binding upon, URDA’s employees and designated volunteers. Willful or grossly negligent failure of an employee or designated volunteer to follow this AML Policy and Program Procedures Policy and such additional procedures as shall be issued to implement this policy may be grounds for discipline, up to and including termination, and may in certain circumstances expose the employee or designated volunteer to criminal prosecution, fines, and/or imprisonment.

II. Money Laundering, Terrorist Financing and Mortgage Fraud

A. Money Laundering

“Money laundering” is generally defined as engaging in acts designed to conceal or disguise the nature, control, or true origin of criminally derived proceeds so that those proceeds appear to have been derived from legitimate activities or origins or otherwise constitute legitimate assets. Generally, money laundering occurs in three stages:

1. Stage 1 – Placement: Cash generated from criminal activities is “placed” in the financial system or the retail economy, often by converting the cash into monetary instruments, such as money orders or securities or investing it in real estate, commodities, or high-end consumer products (e.g., automobiles, boats, jewelry). Illegally obtained money is most vulnerable during the “placement” stage, because, over the years, regulators and law enforcement authorities have imposed a variety of reporting requirements and have required financial institutions, including residential mortgage lenders and originators (“RMLOs”), to train their employees to look for suspicious transactions.
   To disguise the placement of unlawful funds, money launderers will often use a technique called “Structuring.” Structuring involves the breaking up of a transaction that would normally have to be recorded or reported into smaller transactions at dollar amounts below the recording/reporting thresholds.
2. Stage 2 – Layering: Funds are transferred or moved into other financial institutions to further separate the money from its criminal origin.
3. Stage 3 – Integration: Funds are reintroduced into the financial system and then integrated into the economy by purchasing legitimate assets or funding legitimate businesses or other criminal activities.

B. Terrorist Financing

Unlike money laundering, terrorist financing is typically motivated by ideological, rather than profit-seeking concerns, and often may not involve the proceeds of criminal conduct.
Money laundering is frequently an important component of terrorist financing, and the methods used are often similar or identical to those used by money launderers. Large sums are not necessarily involved, and the original funds may well be legitimate rather than illegally obtained. The goal of terrorist financing is to establish flexible and mobile sources of funding for the purchase of products and services that will be used to further or commit terrorist acts.

C. Mortgage Fraud

Mortgage fraud is a crime in which the intent is to materially misrepresent or omit information on a mortgage loan application to obtain a loan or to obtain a larger loan, or a loan on different terms, than would have been obtained had the lender or borrower known the truth. Lenders or borrowers involved in mortgage fraud engage in conduct including the following: providing false financial information in the mortgage loan application, providing false information regarding occupancy, using nominees for the purchase of the property, falsifying documents (such as tax returns and verifications of income or deposits) and failing to disclose material information.

Government officials are increasingly focusing on mortgage fraud, and concerns regarding mortgage fraud contributed to the expansion of AML program requirements to RMLOs such as URDA. The detection and prevention of mortgage fraud are important goals of URDA’s AML program.

III. AML Compliance Officer Designation and Duties

A. Designation of Compliance Officer

As required under the Bank Secrecy Act (“BSA”) (1970), the USA PATRIOT Act (2001), and FinCEN’s Anti-Money Laundering (“AML”) Program and Suspicious Activity Report Filing Requirements for Residential Mortgage Lenders and Originators, URDA hereby designates an AML Compliance Officer (the “Compliance Officer”) for URDA. The Compliance Officer, or any of his or her authorized designees (hereinafter, a “Designee”), is responsible for ensuring (1) URDA’s ongoing compliance with all state and federal AML laws, including monitoring compliance by the URDA’s employees and designated volunteers with their obligations under URDA’s AML program; (2) that URDA’s AML Program is updated as necessary; and (3) that all non-construction employees and designated volunteers receive trainingon AML requirements before conducting business on behalf of URDA and, thereafter, on an ongoing basis as needed.

Appendix

URDA NAME [INSERT FULL NAME] ADDRESS [INSERT FULL ADDRESS]

DESIGNATION OF AML COMPLIANCE OFFICER

Compliance Officer: [INSERT NAME OF COMPLIANCE OFFICER]

Date:

Approved by:

[PERSON APPROVING MUST SIGN, THEN FILL IN NAME OF PERSON APPROVING THE DESIGNATION AND TYPE IN TITLE OF PERSON APPROVING THE DESIGNATION]

B. Compliance Officer Duties and Responsibilities

The duties and responsibilities of the Compliance Officer include, but are not limited to, the following:

• Maintain a thorough knowledge of all state and federal statutes pertaining to anti-money laundering with respect to URDA’s operations, including OFAC requirements and detecting and addressing Red Flags and SAR requirements.
• Supervise the development and periodic updating of policies and procedures related to compliance with all applicable federal and state statutes regarding anti-money laundering and related requirements.
• Supervise the execution of an AML/BSA/OFAC risk assessment within a regular 18-month cycle and more frequently if circumstances dictate.
• Schedule and coordinate annual employee training seminars regarding anti-money laundering and related requirements.
• Supervise the development of training procedures to ensure compliance with the applicable state and federal statutes regarding anti-money laundering and related requirements.
• Supervise the proper completion, timely submission, and complete and accurate recordkeeping with respect to government filings pertaining to anti-money laundering and related requirements, including but not limited to Suspicious Activity Reports (“SARs”), which are filed with FinCEN.
• Serve as liaison with law enforcement and regulatory agencies regarding matters of compliance/examinations/reports pertaining to anti-money laundering and related requirements.
• Supervise the monitoring of statutory examinations conducted by any government agency pertaining to anti-money laundering and related requirements.
• Supervise the maintenance of a record related to any documents requested by law enforcement and/or regulatory agencies pursuant to a subpoena, summons, or other administrative or court documents pertaining to anti-money laundering or related requirements.
• Cooperate with periodic Independent Audits of the AML program (see Section X below).

IV. Risk Assessment

The development and implementation of an effective AML Program must be based on a risk assessment. For this reason, URDA is required to conduct an AML/BSA/OFAC risk assessment of its business, customers, products, and the geographic location in which it operates, in accordance with a standard risk assessment methodology.

The Compliance Officer must determine the AML vulnerabilities of URDA’s products/services, the AML risks associated with the geographies in which it operates, and the AML risks of the customers with whom it deals. The Compliance Officer must also assess the effectiveness of URDA’s controls to manage and mitigate the AML risks. The selection of risk categories and the weights given to risk categories in a money laundering risk assessment vary depending on the circumstances.

In order to provide a framework for identifying AML risks, the Compliance Officer shall conduct a money laundering risk assessment by first determining inherent money laundering risk, then reviewing mitigating controls, and in consideration of the inherent risk and mitigating controls, determine the overall residual money laundering risk. The results of the risk assessment and any recommendations for control improvements must be provided to senior management for review and approval. Results of the money laundering risk assessment, the methodology, the analysis, and any supporting documentation of each will be maintained for at least three years.

URDA’s money laundering risk assessments must be updated on a regular basis, generally at least every 18 months. URDA’s AML/BSA/OFAC risk assessment must also be updated whenever material changes occur to products, services, customers or geographies that would materially impact the risk assessment. Any new product or sales activity or a new line of business must undergo an AML risk assessment as described in this Section.

V. Checking Office of Foreign Assets Control (“OFAC”) Lists

URDA must comply with the Office of Foreign Assets Control (“OFAC”) regulations, which prohibit transactions involving certain individuals, entities, or countries that are subject to sanctions or other special concerns. In connection with mortgage loan origination and lending activity (including but not limited to: accepting mortgage loan applications, processing mortgage loan applications and closing mortgage loans), we will routinely check to ensure that a customer does not appear on the United States Department of the Treasury’s OFAC Specifically Designated Nationals and Blocked Persons List (the “SDN List”) and is not from, or engaging in transactions with people or entities from, countries and regions subject to economic sanctions or embargo that are listed on the OFAC website (see www.treas.gov/offices/enforcement/ofac/sdn/index.html ). We will regularly check the list and subscribe to receive updates when they occur. We may, if deemed necessary by the Compliance Officer and concurred in by the Board, access these lists through various software programs to ensure speed and accuracy.

If there is no potential match with the OFAC lists, the transaction may proceed. If, however, our checking indicates a potential match, we will perform additional due diligence to ascertain whether the match is actual or a false positive vis-à-vis the name on the OFAC lists.

In the event that we determine a customer, or someone for whom the customer is transacting, is on the SDN List, or is from or engaging in transactions with a person or entity located in an embargoed or sanctioned country, we will reject the transaction or block the customer’s assets, as appropriate under OFAC regulations, and file a blocked assets or rejected transaction form with OFAC. We may also call the OFAC Hotline: 1-800-540-6322.

As part of URDA’s SAR filing process (which is described in Section VIII.A. below), any blocking reports sent to OFAC will be reviewed to determine whether anything contained therein constitutes suspicious activity. Not all transactions, accounts, or customers identified in a blocking report constitute suspicious activities that require the filing of a SAR.

VI. Customer Identification and Verification

URDA will collect certain minimum customer identification information from each mortgage loan applicant and compare customer identification information with government- provided lists of suspected terrorists as mentioned above in Section V.

A. Required Customer Information – Minimum ID Requirements

Prior to engaging in any activity which potentially may involve money laundering, URDA will collect the following information for all customers:

• Name
• Address (residential or business street address for an individual; for armed services personnel, an Army Post Office (“APO”) or Fleet Post Office (“FPO”) number). If necessary, address will be confirmed by a current utility bill mailed to the customer at the address in question.
• Date of Birth (verifiable via an unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguards, such as a government-issued passport or driver’s license)
• Government-issued identification number, which will be a Social Security number or other taxpayer identification number (for U.S. persons) or one or more of the following: passport number and country of issuance, alien identification card number or number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photograph or other similar safeguard (for non-U.S. persons). All such documents must be unexpired. We will refuse any transaction in the event that a customer has applied for, but has not received a taxpayer identification number and cannot prove his/her identity to our satisfaction.

B. Customers Who Refuse To Provide Information

If any customers have questions regarding the necessity of providing identification, we will inform them it is required by federal regulations. If, however, a potential or existing customer refuses to provide the information described above when requested, or appears to have intentionally provided misleading information, we will not complete the transaction with the customer, and if, after consultation with the Compliance Officer or Designee, it is determined to be required, URDA will file a SAR.

C. Verification of Information

To the extent reasonable and practicable, at the time a customer relationship is established, URDA will ensure, based on our assessment of the AML-related risks posed by the customer’s location, nationality, and overall profile, that we have sufficient information to form a reasonable belief that we know the true identity of our customers. In verifying customer identity, we will analyze any logical inconsistencies in the information we obtain such as through documentary evidence.

The customer’s identity will be verified using the information set forth in Section VI.A. above. We are not required to take steps to determine whether any document that the customer has provided to us for identity verification has been validly issued, and we may rely on a government-issued identification as verification of a customer’s identity. However, if we detect that the document evidences some form of fraud or other irregularities, we will consider that factor in determining whether we can form a reasonable belief that we know the customer’s true identity.

If a customer’s identity cannot successfully be validated based on the information in URDA’s possession, URDA may, in its sole discretion, contact the customer and request that the customer provides via facsimile (i) a true and correct copy of the customer’s unexpired, government-issued identification card with photograph, and (ii) a copy of any current utility bill where the name and mailing address on the bill match the information provided by the customer.

If we find information that indicates possible suspicious activity such as money laundering, terrorist financing activity, or other criminal activity, including mortgage fraud, we will, after consultation with the Compliance Officer or Designee, file a SAR, if that is deemed necessary or appropriate by the Compliance Officer or Designee.

D. Lack of Verification
When we cannot form a reasonable belief that we know the true identity of a customer with respect to transactions requiring customer identification, we will do the following: (i) not perform the transaction; and (ii) if deemed necessary or appropriate by the Compliance Officer or Designee, file a SAR.

E. Recordkeeping

We will document our verification, including all identifying information provided by a customer, the methods used and results of verification, and the resolution of any discrepancy in the identifying information. We will maintain records confidentially containing a description of any document that we relied on to verify a customer’s identity, noting the type of document, any identification number contained in the document, the place of issuance, the date of issuance if any, and expiration date. These records must be retained for at least five (5) years following termination of the customer relationship or dormancy of an account. All such records may be retained in electronic form.

F. Comparison with Government Provided Lists of Terrorists, Other Criminals and Debarred or Excluded Individuals

URDA may receive notice that a federal government agency has issued a list of known or suspected terrorists. Within a reasonable period of time after receipt, we will determine whether a customer appears on any such list of known or suspected terrorists or terrorist organizations issued by any federal government agency and designated as such by the U.S. Department of the Treasury. We will follow all federal directives issued in connection with such lists.

We will continue to comply with OFAC rules prohibiting transactions with certain foreign countries or their nationals as mentioned in Section V.

VII. Monitoring for Suspicious Activity

We will monitor a sufficient amount of mortgage loan origination activity to permit the identification of suspicious activity, such as the “red flags” identified in Section VII. A. below. The Compliance Officer or Designee will be responsible for this monitoring, will document when and how it is carried out and will report suspicious activities to the appropriate authorities. We will create employee guidelines with examples of suspicious money laundering activity and conduct an appropriate investigation before a SAR is filed.

A. Detecting Red Flags

Red Flags can arise at any time, including during the application process and throughout the customer relationship. An individual red flag can be business- or industry-specific or can apply more broadly to all businesses and industries in which our customers are active. Various governmental and quasi-governmental web sites, both domestic and international, contain lists of red flags. Examples include the OECD’s Financial Action Task Force, www.fatf-gafi.org, and the Federal Financial Institutions Examination Council, www.ffiec.gov/bsa.

Red Flags that signal possible money laundering include, but are not limited to:

• The customer exhibits unusual concern about URDA’s compliance with government reporting requirements and URDA’s AML policies (particularly concerning his or her identity or type of business), or is reluctant or refuses to reveal any information concerning business activities, or furnishes unusual or suspicious identification or documents.
• A fraud or activity alert is included with a consumer report obtained with respect to the consumer.
• A consumer reporting agency provides a notice of credit freeze in response to a request for a credit report.
• A consumer reporting agency provides a notice of address discrepancy.
• The customer wishes to engage in a transaction that appears to lack sense.
• The information provided by the customer that identifies a legitimate source for funds is false, misleading, or substantially incorrect.
• Upon request, the customer refuses to identify or fails to indicate any legitimate source for his or her funds and other assets.
• The customer (or a person publicly associated with the customer) has a questionable background or is the subject of news reports indicating possible criminal, civil, or regulatory violations.
• The customer exhibits a lack of concern regarding transaction costs.
• The customer has difficulty describing the nature of his or her business.
• The customer asks for exemptions from URDA’s AML policies.
• The customer requests that a transaction be processed to avoid URDA’s normal documentation requirements.

URDA’s unique mortgage products and practices greatly reduce the likelihood of mortgage fraud occurring. Red Flags that signal possible mortgage fraud in the broader mortgage industry include, but are not limited to:

• The customer appears to be acting as an agent for an undisclosed principal, but declines or is reluctant, without legitimate reasons, to provide information or is otherwise evasive regarding that person or entity.
• Title to the subject property is held by virtue of an unrecorded deed.
• A loan on the proposed security property was recently paid off.
• The real estate sales contract provides for a large seller allowance which may signal that the allowance is a method for the seller to funnel down payment funds to the buyer.
• The brokers or other agents are receiving excessive commissions.
• The sales price of the property exceeds fair market value.
• A party requests that the loan be used to pay debts not secured by the property or required by the lender to be paid off.
• The file contains more than one contract with significant differences in price.
• The buyer’s check indicates another to be the provider of funds and no gift letter is presented.

B. Grand Jury Subpoenas

We understand that the receipt of a grand jury subpoena concerning a customer does not in itself require that we file a SAR. When we receive a grand jury subpoena, we will conduct a risk assessment of the customer subject to the subpoena, as well as review the customer’s file and activity. If we uncover suspicious activity during our risk assessment and review, we will elevate that customer’s risk assessment and file a SAR in accordance with the SAR filing requirements. We understand that none of our officers, employees, volunteers or agents may directly or indirectly disclose to the person who is the subject of the subpoena its existence, its contents or the information we used to respond to it. To maintain the confidentiality of any grand jury subpoena we receive, we will process and maintain the subpoena by retaining such communications in secure locations. If we file a SAR after receiving a grand jury subpoena, the SAR will not contain any reference to the receipt or existence of the subpoena. The SAR will only contain detailed information about the facts and circumstances of the detected suspicious activity.

C. Responding to Red Flags and Suspicious Activity

When an employee or volunteer of URDA detects any red flag, he or she will immediately contact the Compliance Officer or Designee to see whether further investigation should be undertaken. Any such investigation would take place only under the direction of the Compliance Officer or Designee and might include gathering additional information internally or from third-party sources, including the applicant. Ultimately, information obtained in such an investigation may lead to the Compliance Officer contacting the government or authorizing the filing of a SAR (see Section VIII, below). SAR logs will be maintained by the Compliance Officer or Designee and will be used to track the auditing of accounts that may be subject to SAR filing. All accounts subject to SAR filing will be documented and will include information such as SAR date, reported dollar amounts, FinCEN submission date, and tracking number used in the SAR Log.

VIII. Suspicious Transactions and BSA Reporting

A. Filing a SAR

URDA will file SARs for any activity conducted or attempted through a URDA location involving (or in the aggregate) $5,000 or more of funds where we suspect, or have reason to suspect, that

• the transaction involves funds derived from illegal activity or is intended or conducted in order to hide or disguise funds or assets derived from illegal activity

  as part of a plan to violate or evade federal law or regulation or to avoid any transaction reporting requirement under federal law or regulation;

• the transaction is designed, whether through structuring or otherwise, to evade the requirements of the BSA regulations;
• the transaction has no apparent business or lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and, after examining the background, the possible purpose of the transaction, and other facts, we have found no reasonable explanation for the transaction; or
• the transaction involves the use of URDA to facilitate criminal activity.

URDA will report suspicious transactions by completing an SAR, and we will collect and maintain supporting documentation as required by the BSA regulations. We will file a SAR no later than thirty (30) calendar days after the date of the initial detection of the facts that constitute a basis for filing a SAR. If no suspect is identified on the date of initial detection, we may delay filing the SAR for up to an additional thirty (30) calendar days, or a total of sixty (60) days after the date of initial detection of the facts, pending identification of a suspect.

We will retain copies of any SAR filed and any supporting documentation for at least five
(5) years from the date of filing. We will identify and maintain supporting documentation and make such information available to FinCEN, any other appropriate law enforcement agencies, or federal or state regulators, upon request.

B. SAR Confidentiality

URDA will maintain as strictly confidential any SAR and its supporting documentation.
We will NOT notify any person involved in the transaction that the transaction has been reported, except as permitted by the BSA regulations. In general, disclosure of the fact that a SAR filing is contemplated or has been made is a violation of federal law. Any URDA employee or volunteer who is subpoenaed or required to disclose a SAR or the information contained in the SAR will report the existence of that subpoena or requirement immediately to the Compliance Officer and prior to the disclosure of the SAR or the information contained in the SAR. Except where disclosure is requested by FinCEN or other appropriate law enforcement or regulatory authority, as determined by the Compliance Officer, URDA and the employee will decline to produce the SAR or to provide any information that would disclose that a SAR was prepared or filed.

C. Maintaining SARs

Every SAR and copies of any supporting documentation will be maintained separately from all other books and records of URDA in order to avoid inadvertent disclosure of SAR filings. Every SAR and copies of any supporting documentation will be kept in a secure location. As noted above, the Compliance Officer or Designee will handle all subpoenas or other requests for SAR information.

The Compliance Officer or Designee will be responsible to ensure that AML records are maintained properly and that any SARs are filed as required.

D. Records Required

URDA will create and maintain SARs and relevant documentation on customer identity and verification as part of URDA’s overall AML compliance program. We will also maintain the required records related to customers listed on the OFAC list. We will maintain all BSA-related records and their documentation for at least five (5) years.

IX. Training Programs

Under the leadership of the Compliance Officer, we will develop and provide ongoing training of our employees and any volunteers who perform administrative duties. Training will occur on at least an annual basis. The training offered will include, at a minimum, the following:

• How to identify “red flags” and signs of money laundering;
• What to do after the risk is identified;
• The employee’s role in URDA’s compliance efforts;
• URDA’s record retention policy related to AML compliance; and
• Disciplinary consequences (including civil and criminal penalties) for non- compliance with the BSA.

The training program offered will include maintenance of records to indicate which persons received training, the dates of training, and the subject matter of the training.

Training may also include educational pamphlets, videos, intranet systems, in-person training, and explanatory memos, as necessary to effectuate full compliance with AML laws and regulations and URDA policy.

New hire non-construction employees/volunteers shall receive AML training within [INSERT DEADLINE, BUT NO LATER THAN 2 MONTHS AFTER START DATE] of
commencing employment with URDA.

Periodically, we will review our operations to see if certain employees or volunteers require specialized additional training. For example, we may offer additional or refresher training to employees returning from leaves of absence (including family medical, maternity, and military) as needed upon their return to work. Our written procedures will be updated to reflect any such changes.

X. Independent Audit of AML Program

Independent testing of our AML program will be performed by an outside, independent, qualified third-party or internally by a qualified member of our staff who is totally independent

from URDA’s AML compliance team. If an outside party is chosen, we will conduct the necessary due diligence to select the company that will perform the audit. The independent testing will test compliance with this Policy, the BSA/AML regulations and SAR requirements and will include a review of:

• How suspicious activity is monitored and identified;
• Whether all identified suspicious activity was reviewed and appropriately handled; and
• Whether the suspicious activity was properly reported.

Upon completion of the audit, the auditor will issue a report of all findings to the Compliance Officer, and that report will be shared with URDA’s senior management and board of directors. URDA will address and respond to each of the resulting recommendations.

XI. Vendor Management

[YOU MAY DELETE THIS SECTION IF YOU DO NOT USE ANY THIRD PARTIES DIRECTLY RELATED TO FAMILY SELECTION, MORTGAGE ORIGINATION OR MORTGAGE SERVICING]

At this time, URDA utilizes outsourcing arrangements relating to, among other things, [OFAC, CIP, employment and occupancy screening and additional services as necessary, including loan servicing]. URDA understands it cannot contract out its regulatory responsibilities and therefore remains responsible for the anti-money laundering systems and controls in relation to the activities outsourced.

In all instances of outsourcing, URDA bears the ultimate responsibility for the duties undertaken in its name. Therefore, URDA will take the following steps to ensure the service provider performs its activities in accordance with reasonable policies and procedures designed to detect, prevent, and mitigate the risk of money laundering, terrorist financing or other crimes, such as mortgage fraud: (a) require, by contract, that service providers have policies and procedures designed to detect, prevent, and mitigate the risk of money laundering, terrorist financing or other crimes, such as mortgage fraud; and (b) require, by contract, that service providers review URDA’s AML Policy and Program Procedures and report any Red Flags to the Compliance Officer or Designee.

XII. Monitoring Employee Transactions

Employee’s transactions will be subject to the same AML policies and procedures as are applicable to non-employee customers.

XIII. Additional Areas of Risk

URDA will periodically review all areas of its business to identify potential money laundering risks, terrorist activity or terrorism financing risks, and risks of other criminal activity, including mortgage fraud, that may not be covered in the program described above and will continually work to improve its AML compliance program.

XIV. Board Approval

[EACH BOARD MEMBER MUST SIGN BELOW (ADD ADDITIONAL SIGNATURE BLOCKS AS NEEDED). – OR– IN LIEU OF SIGNATURES, AFFILIATE WILL NEED A BOARD RESOLUTION WHICH INCLUDES LANGUAGE STATING THAT ALL BOARD MEMBERS HAVE REVIEWED AND APPROVED THE POLICY.]

By signing below, each board member approves this AML program as reasonably designed to achieve and monitor URDA’s ongoing compliance with the requirements of the Bank Secrecy Act, the USA PATRIOT Act, and FinCEN’s Anti-Money Laundering Program and Suspicious Activity Report Filing Requirements for Residential Mortgage Lenders and Originators and the implementing regulations under it.