The compliance function at the bank operates independently, as a second line of defense within the corporate governance of risk management, and is an integral part of the bank’s organizational culture. The compliance function is responsible for assisting senior management in effectively managing the compliance risks facing the bank.
To facilitate compliance with all requirements, the bank has appointed a Chief Compliance Officer responsible for overseeing the bank's AML/CFT program and ensuring the implementation of the group compliance policy in Israel and abroad.
The Bank has implemented AML and CFT compliance programs, within its group compliance policy, which also apply to its branches and subsidiaries worldwide.
Compliance and adherence to the bank group’s policy are the responsibility of all employees. The bank requires its employees and managers to adhere to high standards and to stringently maintain the regulations on matters of compliance. It is the policy of the bank to take appropriate steps to prevent individuals engaged in money laundering, terrorism financing, fraud, tax offences, or other financial crimes from exploiting the bank's networks, products, and services.
 

The bank has developed and implemented written, risk-based AML/CFT policies, procedures, internal controls, and systems, which include but are not limited to the following:

• A customer identification program and procedures;
• Customer due diligence and enhanced due diligence based on risk approach methodology;
• Monitoring of customer transactions and activity;
• Screening of names and relevant information against watch lists;
• Reporting of suspicious activity;
• Record retention; 
• Training.

Every account must be opened at one of the branches of the bank, in the presence of the customer (or someone with power of attorney from the customer). A banker conducts an introductory face-to-face session with the potential customer, in order to determine the type of account and the banking products that are suitable for the customer and the purpose of the account.
Account opening procedures at the bank include several methodological steps encompassing customer identification and verification; a mandatory KYC questionnaire (with additional questions for specific categories of customers); in certain circumstances, supporting references regarding the customer's source of funds, in general, and specifically the funds that will be deposited or transferred to the account; receiving a declaration of beneficiaries and controlling persons (for entities); checking the customer’s name against various sanction lists (OFAC, EU, UN, and Israeli); receiving self-certification for FATCA and CRS purposes (on a Hebrew form or relevant W-8 Form for Israeli individuals and entities, and on the relevant W-8 Form for foreign customers); and comparing the KYC information with the self-certification (the comparison is performed by the bankers for some of the information, and by IT systems for other parts of the information). While methodologically separate, these steps form an integrative process. 
The banker asks the customer to provide specific documentary evidence to verify their identity: for individuals, an Israeli identity card in the case of an Israeli resident, or a passport and another formal supporting document in the case of a non-resident; for entities, a certificate of incorporation, extracts from the Israeli Companies Registrar or official company register in another country, a copy of articles of incorporation or association, or other organizational documents. Non-Israeli entities are required, in addition, to supply a Letter of Good Standing from an attorney from the entity’s jurisdiction, and to translate all required documents into Hebrew or English. All corporations are required to present a resolution by the board of directors to open an account with the bank.
Under the bank's policies and procedures, the banker is required to understand who the ultimate beneficial owners or the ultimate controlling persons are in every account that is an entity rather than a natural person, to receive a declaration of beneficial owners and controlling persons, and to confirm their identity.

The Bank's KYC policy implements a risk-based approach requiring different levels of in-depth review of customers and activity.

• Prior to opening an account for a customer, an adequate KYC process must be carried out. A risk-based approach in implementing KYC account opening procedures is intended, among other matters, to enable the bank to understand the purpose of the account and the expected activity, to determine the customer profile, and to assess the risks associated with the customer.
• In determining risk levels, various factors are considered, such as geographical location, anticipated balance or activity, PEP status, etc.
• An enhanced due diligence procedure is carried out for high-risk customers, according to the bank's risk model.
• KYC questionnaires, at the minimum, include questions regarding the following issues: reason and purpose for opening the account; expected activity, type, and frequency; sources of capital and wealth; occupation of the customer; whether the customer holds a senior public position (PEP) in Israel or abroad; and whether the customer had been refused service by any bank in Israel or abroad for regulatory reasons.

• As detailed above, the bank strives to obtain information sufficient to develop an understanding of normal and expected activity for the customer, as well as to understand and verify that it is reasonable under the circumstances.
• During the life of the account, the bank regularly maintains follow-up checks, applies controls, and updates information in order to verify that the activities carried out in the account match the information in the possession of the bank, from the standpoint of business profile as well as the source of the funds.

• Determination of the source of funds prior to opening an account or processing transactions is necessary in order to prevent the placement and introduction of unlawful or illegitimate funds to the bank, and as such plays a key role in the framework of AML and combat against terrorism financing.
• The bank exercises appropriate caution when there is any concern regarding the origin of the funds, and acts to prevent the abuse of its services, products, and systems for money laundering and terrorism financing.

• The bank performs enhanced due diligence when opening an account that is rated high risk. This process includes an in-depth and comprehensive analysis of the customer and of the current and the expected activity, as well as requiring corroborating documentation.
• Enhanced due diligence is also performed for accounts whose risk rating is changed to high risk.

The bank carries out periodic reviews of all of its customer accounts. The account's risk rating determines the frequency of the review. High-risk rated accounts are reviewed annually.

The Bank serves walk-in customers and monitors their activity. In respect to such customers, the banker is required to adhere to the following guidelines:

• The banker shall inquire about the essence and reason for the requested service or transaction; for cash transactions, the banker is required to question the customer regarding the source of the funds and obtain supporting evidence, to the extent available.
• It is required to identify the customer face-to-face, based on an official identification card or certificate, and keep records of the customer’s identity and the details of the transaction; a foreign resident will be identified using two identifying documents.
• For a cash transaction exceeding NIS 5,000, or any other transaction or activity exceeding NIS 50,000, it is required to retain a copy of the customer’s identification card or certificate.
• For any transaction or activity exceeding NIS 50,000 (which are required to be reported as CTR), it is also required to obtain a written declaration from the customer regarding any beneficiaries and holders of controlling interest (in case of a corporation).

The bank's systems scan and screen customer names and transaction data (e.g. account owners, authorized persons with power of attorney in the account, and beneficial owners) to ensure that a person or company does not transact business with, on behalf of, or for the benefit of individuals who are the target of various law-enforcement agencies, through the various local and international watch lists such as the Israeli Terrorist List, OFAC, EU, UN, and any other watch list as determined by the Chief Compliance Officer or to which the subsidiary or branch is obligated according to local law.

The Bank Hapoalim Group will not invest in corporations that maintain a direct or indirect business link with Iran or North Korea, and will not provide them with credit, as part of the international effort to thwart Iran and North Korea’s ability to develop unconventional arms that constitute a threat to the world and to the existence of the State of Israel.
Without derogating from the aforesaid, the bank will not engage or transact with entities on international lists published by the Money Laundering Prohibition Authority that are declared as entities involved in or assisting Iran’s nuclear program. In order to implement the aforesaid, these entities will be entered into a declared entities screening system.
 

• The bank detects and reports potentially suspicious transactions that flow through the bank. According to statute, there is an obligation to report to the relevant authority any activity of a customer which, in light of the information held by the bank, is perceived by the bank to be irregular or suspect with regard to the prohibition of money laundering and/or terrorism financing.
• Irregular or suspicious activity is defined according to the requirements of local laws, best practice, and directives of the Chief Compliance Officer.
• The bank also automatically submits Currency Transaction Reports (CTR) to the Anti Money Laundering Authority, according to the definitions of the relevant provisions of the law (i.e. for each deposit, withdrawal, or exchange of currency of more than NIS 50,000).