Group Legal Compliance Policy

Group Compliance Division January, 2017

2 Group Legal Compliance Policy| Group Compliance Division - BLOM Bank S.A.L.

Contents

1. Introduction ..................................................................................................................................... 3

1.1 Objectives ............................................................................................................................... 3

1.2 Scope ....................................................................................................................................... 3

2. Regulatory System .......................................................................................................................... 4

2.1 Overview ................................................................................................................................. 4

2.2 The legal and institutional Framework ................................................................................... 4

2.3 Compliance Goals ................................................................................................................... 5

2.4 Requirements of the Group Compliance Division .................................................................. 5

2.5 Legal Entity Identifier ............................................................................................................. 6

3. Legal Compliance Function ............................................................................................................ 7

3.1 Regulatory Unit ....................................................................................................................... 7

3.2 Foreign Tax ........................................................................................................................... 11

3.3 Banking Relation .................................................................................................................. 11

3.4 Compliance Control .............................................................................................................. 12

3 Group Legal Compliance Policy| Group Compliance Division - BLOM Bank S.A.L.

1. Introduction

1.1 Objectives

The BLOM Bank Group, its local and foreign branches and subsidiaries, all together referred

to “BLOM Group”, is committed to set out the Compliance policies and procedures operated

by BLOM Group in order to ensure its Compliance with the Financial Services, Central

Banks and any related body’s laws, circulars and Regulations (“the Regulators”).

These policies and procedures have been prepared to fit the size, type and complexity of the

operations of the Bank, on the basis of the permitted financial services and activities and will

be updated from time to time to reflect any change in line with international and local legal

and regulatory requirements.

Any changes to these policies and procedures will be approved by Compliance Board

Committee before implementation.

1.2 Scope

BLOM Bank S.A.L, called hereafter (BLOM Bank) together with its subsidiaries and

associated undertakings, (collectively “BLOM Group”) provides trade finance, commercial,

corporate, Islamic, retail, private and investment banking services in seven markets in the

Middle East, namely Lebanon, Jordan, Egypt, Qatar, Saudi Arabia, UAE and Iraq. Outside

the Middle East, BLOM Group have branches and subsidiaries in London, France,

Switzerland, Cyprus and Romania. BLOM Bank is headquartered in Beirut, Lebanon.

The Group Compliance Division is responsible for overseeing BLOM Bank’s systems and

controls for compliance with legislation applicable in Lebanon and the countries where

branches and subsidiaries operate.

The Group Compliance Division has unrestricted access to all relevant records. In addition,

the Head of Group Compliance Division has direct reporting line to the Chairman and the

Compliance Board Committee.

The Group Compliance Division shall monitor the activities of any other internal function,

which may from, time to time, determine falls within the scope of its responsibilities.

4 Group Legal Compliance Policy| Group Compliance Division - BLOM Bank S.A.L.

2. Regulatory System

2.1 Overview

The Lebanese banking industry is financially sound and stable. It plays key roles in the

Lebanese economy where banks continue to dominate the financial system of the country and

are major providers of credit to individuals and businesses.

Banks and other financial institutions in Lebanon fall under the jurisdiction of Banque Du

Liban (BDL), the country's central bank, which is BLOM Bank regulatory authority. BDL

controls the Banking industry, defines the scope of banking activities and sets prudential

regulations and codes of practice for banks.

The Banking Control Commission of Lebanon (BCCL), established in 1967, is the bank

supervisory authority. It is responsible for supervising banking activities and ensuring

Compliance with the various financial and banking rules and regulations.

The Special Investigation Commission (SIC), established in 2001, Lebanon’s Financial

Intelligence (FIU), receives, analyzes, investigates suspicious transaction reports (STRs) and

ensures compliance with the AML/CFT regulations.

The Capital Markets Authority (CMA), established in 2012, regulates and develop the

Lebanese Market and creates an appropriate investment environment, boost confidence and

reinforce transparency and disclose standards, moreover protect the investors and dealers

from illegal acts in the market.

Overall banking activities are also subject to both the Code of Commerce (1942) and the

Code of Money and Credit (1963).

2.2 The legal and institutional Framework

BLOM Bank is authorized by the Central Bank of Lebanon (BDL) and governed by the

Lebanese Laws and statutes. As BLOM Bank is registered, authorized and based in Lebanon,

therefore its legal compliance follows the BDL circular No. 128 dated 1st of January 2013

which applies to all branches and related affiliations situated within the Lebanese borders.

Subsidiaries, related entities and foreign branches are subject to a different regulatory regime

depending on the country in which the subsidiary or branch are regulated.

5 Group Legal Compliance Policy| Group Compliance Division - BLOM Bank S.A.L.

2.3 Compliance Goals

BLOM Group maintains an independent Compliance function, including the following:

- Ensure Compliance with applicable requirements and standards under the

Regulatory System linked to International and local laws and regulations in force

and;

- Reduce, so far as possible, the risk that BLOM Group may be used for criminal,

fraudulent or dishonest purposes including insider dealing, market abuse or

handling the proceeds of crime

2.4 Requirements of the Group Compliance Division

The Group Compliance Division must meet the following requirements:

- Work and activities are totally independent from the other activities of BLOM Group and

any of their departments and units, including the Internal Audit and the Legal, provided no

executive tasks or any other mission within BLOM Group is assigned to the Group

Compliance Division Staff.

- Staffed with the proper employees whose number and qualifications are commensurate with

the size of BLOM Group, the diversification of the activities and the complexity of the

operations.

- The employees have diversified qualifications and expertise, in line with their mission,

along with a thorough understanding of banking and financial laws and regulations.

- Granted sufficient powers to be able to perform its duties, particularly in terms of

preventing the breach of laws and regulations in force.

- Have access to any officer or unit / department in BLOM Group, and to the necessary files

and information, so as to enable its staff to fulfill their duties properly.

- Its Compliance heads have access to the Senior Management and the Board of Directors.

- Its Compliance heads attend the meetings held by specialized committees and Board

committees, in order to be informed of the BLOM Group strategic planning and prospective

activities and products, so as to provide an early counseling.

- Its Compliance heads have direct access to the officers in charge in Central Bank, the

Financial Intelligence Unit and any other specialized body, in order to inquire, whenever

needed, about any issue relating to compliance with laws and regulations in force.

6 Group Legal Compliance Policy| Group Compliance Division - BLOM Bank S.A.L.

2.5 Legal Entity Identifier

As per the Financial Stability Board (FSB) endorsed by G-20 in collaboration with SWIFT

applied on financial services firms aimed to achieve a unique worldwide identification of

parties to financial transactions and creating a common system of identifiers, Therefore,

BLOM Bank SAL together with its subsidiaries and associated undertakings must obtain a

Legal Entity Identifier Number by a self-registration based on the below:

The Legal Entity Identifier (LEI) is an alphanumeric code that consists of 20-character

reference code to uniquely identify legally distinct entities that engage in financial

transactions and associated reference data. The reference data stored on the LEI data base for

each entity includes:

The official name of the legal entity;

The address of the headquarters of the legal entity;

The address of legal formation;

The date of the first LEI assignment;

The date of last update of the LEI;

The date of expiry, if applicable;

For entities with a date of expiry, the reason for the expiry should be recorded, and if

applicable, the LEI of the entity that acquired the expired entity;

The official business registry where the foundation of the legal entity is mandated to

be recorded on formation of the entity, where applicable;

The reference in the official business registry to the registered entity, where

applicable.

ENTITIES LEI

BLOM Bank SAL 549300ERAZEQ2KEJ8L86

BLOMINVEST Bank SAL 5493009OYFGGCKNUED05

BLOM Development Bank SAL 5493006RVNNQ4VVP1V75

BLOM Bank (Switzerland) SA 5493006FFXSAIC08WD49

BLOM BANK FRANCE 9695007EQZDL89LUW373

Blom Bank S.A.L. - Branch (JO) 54930066X06YD4ZNGA14

BLOM Bank Egypt SAE 549300TMW8J2530CEN05

BLOM BANK FRANCE SA PARIS

SUCURSALA ROMANIA

315700Y6DVCKDWJ1EO95

BLOM Bank Qatar 549300CEYDGRIHEM9C63

AROPE Insurance S.A.L 549300TWDBBG1KOY1139

Blom Bank France - Branch (AE) 5493005ZHVPXIYM46X73

7 Group Legal Compliance Policy| Group Compliance Division - BLOM Bank S.A.L.

3. Legal Compliance Function

3.1 Regulatory Unit

Our banking activity (BLOM Group) is governed by different legislations that place a range

of obligations on BLOM Group and its employees throughout the world. Consequently,

BLOM Group manages its business responsibly and in compliance with the statutory and

regulatory requirements of the countries in which it operates. The Regulatory unit formally

affirms the bank’s commitment to the regulatory law and establishes a legal compliance

framework to proactively support and assist the bank and its personnel to more confidently

manage the obligations imposed by law that impact on the bank’s activities. Its main duty is

to ensure that any non-compliance is readily identified, documented, reported and promptly

acted upon. Any breaches reported in the course of compliance monitoring are documented

for the purpose of reviewing trends and amending, if necessary, the relevant procedures.

The primary role of the Legal Compliance function is to monitor BLOM Bank’s compliance

with the legislation applicable in Lebanon and countries where subsidiaries and branches

operate and to report any breach to the General Management and Board of Directors through

a reporting mechanism and the Board Compliance Committee. The legal compliance is

responsible for advising and assisting the Board of Directors, General Management and

Board Compliance Committee in the design and implementation of appropriate Compliance

policies, procedures, systems and controls.

The Legal Compliance verifies that necessary licenses, authorizations and consents are

obtained; oversee the submission of periodic reports and returns; and provide information

upon request.

The legal compliance framework is a three steps process that:

Identification Prevention Work

Program

8 Group Legal Compliance Policy| Group Compliance Division - BLOM Bank S.A.L.

The legal compliance function is designed so as to cover the below:

The legal compliance register

Compliance Verification Checklists with the laws, regulations, procedures and directives

issued by the Central Bank, Banking Control Commission, Capital Markets Authorities, the

Financial Intelligence Unit and any other relevant body across the legislations of the Group.

Internal Administrative Instruction register

Assess the efficiency of the procedures and internal administrative instructions applied by

BLOM Group to detect any violation or breach and supervise that the mechanism in place

appraises the developments at the Group. Ensure that operational compliance risk is managed

in an appropriate and integrated manner across the Group.

New products/services

Identify and assess non-compliance risks associated to the activities BLOM Group,

particularly non-compliance risks linked to new products and activities.

In general, a bank’s compliance risk exposure is increasing when a bank engages in new

activities or develops new products; enters unfamiliar markets; implements new business

processes or technology systems. The Bank should ensure that its compliance control

infrastructure is appropriate at inception and that it keeps pace with the rate of growth of, or

change to, products activities, processes and systems.

New laws and circulars

Update regularly the legal compliance register with the new laws and regulations in force and

notify the concerned unit/entity of the latest developments (e.g. Rules, standards,

recommendations and practices in the market place).

Identification Identification and classification of legislation that impacts and affects

the bank – Maintain the legislation Database.

Prevention Provide advice and guidance to all areas on regulatory compliance

matters; Provide high-level regulatory compliance education and

framework training where appropriate.

Work

Program

Administer the legal compliance register and reporting system;

Monitor all identified and potential regulatory compliance matters and

ensure that an action plan is implemented.

Annual Compliance verification checklists sent to all Bank area

activities.

9 Group Legal Compliance Policy| Group Compliance Division - BLOM Bank S.A.L.

Training and testing

Prepare efficient compliance training program for BLOM Group employees and written

directives in the form of a compliance guide that instructs the employees on the

implementation of the laws and regulations in force.

In accordance with the Legal Compliance Unit / Department, the Human Resources Division

will perform adequate tests to verify compliance by the BLOM Group employees with the

policies & procedures and administrative instruction in addition to the above compliance

guide.

All records and materials are kept at the Human Resources Division’s premises.

Agreement and Contract

Any agreement or contract signed by BLOM Group are reviewed by the Legal Compliance

Unit / Department in order to tackle any breach of a non-compliance risk with banking

practice, laws and regulations that might lead the bank to a potential Legal Compliance Risk.

Bank’s Policies & Procedures

BLOM Group Policies & Procedures are reviewed by the Legal Compliance Unit/

Department in order to check and detect any breaches along with any weaknesses in the

implementation of laws and regulations in force; and reflect in case the need of setting or

developing additional Policies & procedures necessary for the activities of the Group.

Moreover, the regulatory unit assesses the efficiency of the procedures applied to detect any

violation or breach.

Customer Complaints

BLOM Group has set a clear mechanism to ensure that claims are handled and settled in a

short timely manner. The claim could be submitted in different ways (personally, claim box,

ordinary mail, email, website, telephone or any other means) and directly transferred to the

concerned unit/ department.

A copy of all complaints will be sent to the Group Compliance Division.

Reporting Mechanism

The Legal Compliance Unit / Department should ensure that its reporting mechanism is

comprehensive, accurate, consistent and actionable across business lines and products as per

the BDL Basic Circular number 128. A half-yearly periodic report must be submitted by the

Legal Compliance Unit / Department to the Senior Management, concerning the performed

assessment and follow-up missions, the corrective steps taken and the proposed

recommendations that limit occurring violations.

An immediate report will be submitted to the Senior Management and the Compliance Board

Committee on any important violation or breach of the laws and regulations in force.

10 Group Legal Compliance Policy| Group Compliance Division - BLOM Bank S.A.L.

The Legal Compliance Department must cooperate, coordinate, and exchange information

and reports of the identification of gaps in the banking and financial services, with all

directorate parties such as Group Internal Audit, Group Risk Management.

In parallel, the Legal Compliance Department must identify all aspects in the Compliance

Register Matrix which consists on identifying all banks functions and responsibilities by

regulator, circular, topic and function controller. The aim of this matrix is to emphasis the

risk of non-compliance by these functions and their penalties. The evaluation of the matrix

will lead the scope of work which consists of: tests methods, frequency of testing (monthly,

quarterly, semiannual, annual) and the corrective action plan along with the timeframe work

given.

The frequency of reporting reflects the legal risks involved and the nature of changes. The

results of monitoring activities should be included in the regular management and board

reports. All findings are classified and reported as per the below:

Impact and probability

Control owner

Risk rating

Test method

Last testing date

Test result

Corrective action

Next testing date

All high risk findings are reported immediately to the upper management. However,

the remaining findings are reported through the quarterly compliance board

committee and the semi-annual report.

In addition, the Group Compliance Division is responsible to oversee BLOM Bank Group, its

local and foreign branches and subsidiaries. Therefore, a reporting mechanism within the

group is well implemented as per the below.

Group Compliance Divion

Report directly to the General Manager

Half-Yearly Report to the Senior Management

Quarterly Report through the Board

Compliance Committee

Notify Immediately the Board of Directors about the high risk deficiencies

11 Group Legal Compliance Policy| Group Compliance Division - BLOM Bank S.A.L.

Each entity (local or abroad branch, subsidiaries or related entity), by its representative as

mentioned above (e.g. compliance officer, compliance representative, compliance manager

…) should submit a quarterly report to the Head of Group Compliance summarizing all Legal

Compliance and AML/CFT issues and concerns. This report should reflect any deficiencies

in the compliance program and breaches in the laws, regulations and internal administrative

instructions. Moreover, the report should refer to the whole compliance work program for the

current year and the correction action plan against the detected deficiencies. All reports

issued by those entities addressed either to the management, board of directors or the

competent authorities in addition to the reports issued by the internal / external audit and the

regulator should be attached along with the quarterly report. The Group Compliance Division

will submit these documents to the Compliance Board Committee on a quarterly basis.

3.2 Foreign Tax

BLOM Group in line with all major banking institutions worldwide, complies with the terms

and conditions of the Foreign Account Tax Compliance Act “FATCA” regarding tax evasion;

which was enacted in March 2010 as part of the Hiring Incentive to Restore Employment Act

(HIRE Act 2010) and with Standard for Automatic Exchange of Financial Information for

Tax Matter or Common reporting standards “CRS”.

3.3 Banking Relation

Due Diligence for Banks and Financial Institutions is recognized internationally, it is BLOM

Group responsibility to ensure that adequate controls and procedures are put in place for new

and existing banks relationships. In reference to BDL Basic Circular number 126, the Legal

Compliance Unit / Department must be fully informed of the laws and regulations governing

their correspondent banks abroad, and deal with the latter in conformity with the laws,

BLOM BANK S.A.L.

Head of Group Compliance

Domestic branches

Compliance Officers

Foreign Branches

Cyprus Branch

Compliance Officer

Iraq Branches

Compliance Representati

ve

Jordan Branches

Compliance Manager

Subsidiaries

BLOMINVEST BANK S.A.L.

Compliance Officer

BLOM ASSETS MANAGEMEN

T Co. S.A.L.

Compliance Officer

BLOM DEVELOPMENT

BANK S.A.L.

Compliance Officer

AROPE INSURANCE

S.A.L.

Compliance Officeer

AROPE LIFE INSURANCE - EGYPT S.A.E.

Compliance Officer

AROPE INSURANCE

OF PROPERTIES

& RESPONSIBI

LITIES - Egypt S.A.E.

Compliance Officer

BLOM BANK FRANCE S.A.

Compliance Manager

Romania Branches

Compliance Officer

London Branch

Compliance Officer

UAE Branches

Compliance Officer

BLOM BANK EGYPT S.A.E.

Compliance Manager

BLOM EGYPT SECURITIES

S.A.E.

Compliance Manager

BLOM BANK QATAR L.L.C.

Compliance Manager

BLOMINVEST SAUDI ARABIA

Compliance Manger

BLOM BANK (SWITZERLAND

) S.A.

Compliance Manger

12 Group Legal Compliance Policy| Group Compliance Division - BLOM Bank S.A.L.

regulations, procedures, sanctions and restrictions adopted by international legal

organizations or by the sovereign authorities in the correspondents’ home countries.

An annual due diligence review is performed in relation to cross-border correspondent

banking and other similar relationships.

Part of the Legal Compliance Unit / Department, is responsible for exchanging and disclosing

information requested by the Correspondent Banks’s Legal Compliance Department,

whenever a periodic compliance review is conducted or a transaction / client is under

investigation.

It is the responsibility of the Legal Compliance Unit / Department to ensure that the

respondent institution is fully compliant with local and international laws and regulations,

and if it adheres to international standards of banking practices. In this context, the Legal

Compliance Unit / Department gather all information about the respondent institution, to

check all publicly available information. All legal documents (Bank License, Articles of

Association, Certificate of Incorporation, Suitable IRS Forms etc.); are reviewed from a legal

perspective, all documentary verification must show the legal existence of the entity. All

information related to sanctions compliance programs (including a summary of due diligence

policies, procedures and controls) of the entity are also reviewed. In addition, a reputational

review is conducted to the extent reasonable, reviewing publicly available information to

determine whether the Foreign Bank has been the subject of a money laundering or other

criminal investigation, criminal indictment or conviction, any civil enforcement action based

on violations of international laws or regulations or any investigation, indictment, conviction

or civil enforcement action relating to financing of terrorists. The Legal Compliance Unit /

Department will inquire into the local market reputation of the bank by media reports or by

other means.

The Legal Compliance Unit / Department will obtain approval from the Senior Management

before establishing new correspondent relationships.

3.4 Compliance Control

The Legal Compliance Unit / Department performs the adequate tests to verify compliance

with the policies set by the bank and laws or regulations issued by the competent authority

(the Central Bank, Banking Control Commission, Capital Markets Authority etc…) by

conducting regular onsite visits to the Bank’s entities (departments, branches, subsidiaries

etc.). The Legal Compliance Unit / Department scope of work will be defined by the legal

compliance register/compliance function in addition to other compliance issues.

The Legal Compliance Unit / Department must verify that the required corrective measures

are applied upon the detection of any violation resulting from non-compliance specially the

identification of non-compliance risks associated to the activities of the bank.