Visa Inc. Anti-Money Laundering and Anti-Terrorist Financing (AML/ATF) and Sanctions Policy

1.0 Purpose

The Visa Inc. Anti-Money Laundering and Anti-Terrorist Financing (AML/ATF) and Sanctions Policy (the "Policy") establishes the AML/ATF and Sanctions Program that defines how Visa Inc. complies with applicable laws and regulations, including the provisions of the USA PATRIOT Act as implemented in the Code of Federal Regulations Title 31: Money and Finance: Treasury Part 1028 Rules for Operators of Credit Card Systems, sanctions designated by the U.S. Office of Foreign Assets and Controls (OFAC), and export controls administered by the Commerce Department’s Bureau of Industry and Security (BIS). The Policy also takes into consideration recommendations from supranational bodies that promote international AML/ATF standards such as the Financial Action Task Force (FATF).

2.0 Scope

The Policy applies to Visa Inc. and its subsidiaries (“Visa” or the “Company”) and applies to Visa as a payment system operator and as an Operator of a Credit Card System as defined by the USA PATRIOT Act, as well as to Visa initiatives, businesses, products, services and applicable subsidiaries. The Policy shall apply to all directors, officers, employees, and contingent workers of Visa (“Visa staff”).

3.0 Policy Statement

Visa shall maintain a global AML/ATF and sanctions policy and implementing procedures (also known collectively as the “Program”) reasonably designed, within the context of applicable laws and regulations, to prevent its network, initiatives, businesses, products and services from being used to facilitate money laundering or the financing of terrorist activities and to ensure compliance with applicable sanctions and export controls.

Visa shall conduct its business in compliance with the economic sanctions and export control laws of the United States and other applicable sanctions laws worldwide.

4.0 Accountability

The Visa AML/ATF and Sanctions Officer, as the Policy Owner, administers the Policy and develops a policy framework that includes procedures, tools, training and communication to implement this Policy and achieve its objectives.

The Audit and Risk Committee of the Visa Inc. Board of Directors (ARC) is responsible for overseeing the Program and shall be notified of any material Policy exceptions. As such, Visa's AML/ATF and Sanctions Officer shall provide periodic reports to the ARC on the implementation of the Program.

The Corporate Risk Committee (CRC) provides governance oversight for this Policy. The CRC is responsible for overseeing implementation of the Program, and its responsibilities include, but are not limited to:

• Appointing the Visa AML/ATF and Sanctions Officer;
• Approving the Policy and any amendments;
• Approving lawful exceptions to the Policy; and
• Overseeing management's administration of the Program.
  

The Visa AML/ATF and Sanctions Officer has overall responsibility for the design and implementation of the Program. Specifically, he/she is responsible for:

• Developing and maintaining global procedures that implement the Policy;
• Implementing the Program and providing periodic reports to the ARC and CRC;
• Developing internal quality control testing to ensure related procedures, processes, systems and tools are functioning as intended;
• Conducting and maintaining a periodic AML/ATF and Sanctions Risk Assessment;
• Conducting periodic validation of legal/regulatory requirements;
• Conducting job-specific AML/ATF and Sanctions and Export Control training to ensure business and operations teams understand requirements, tools, and systems; and
• Reviewing the Policy at least annually to confirm that it remains relevant and is effective in meeting the stated business objectives, and recommending updates as needed to the CRC.

Visa’s Legal Department (“Legal”) is responsible for advising the Visa AML/ATF and Sanctions Officer of legal and regulatory developments. Additionally, Legal is responsible for reviewing and approving all changes to the Policy and Procedures to ensure compliance with applicable regulatory requirements.

5.0 AML/ATF and Sanctions Standards

The Program is comprised of the following standards:

5.1.1 AML/ATF and Sanctions Officer

A Visa AML/ATF and Sanctions Officer shall be designated by the CRC and is responsible for developing, implementing, and monitoring adherence to the Program, and updating it as necessary in response to changes in regulatory requirements or risk conditions.

5.1.2 Internal Procedures and Controls

Internal procedures and controls must be documented to:

• Comply with applicable laws and regulations, including sanctions and export controls;
• Establish risk-based due diligence on issuers and acquirers that contract with Visa to access its payment system;
• Conduct sanctions screening on issuers and acquirers, as applicable, to ensure no prohibited services or transactions are provided to sanctioned entities;
• Establish risk-based due diligence programs and conduct sanctions screening for other Visa business partners, as appropriate;
• Perform risk-based reviews of Visa products and/or services to enable compliance with any AML/ATF, sanctions or export control law requirements and help protect Visa from potentially illicit activities;
• Maintain controls, including screening when necessary, for applicable Visa initiatives, businesses, products and services, and subsidiaries;
• Establish clear responsibilities and accountability for the execution of the various Program components throughout Visa;
• Ensure appropriate action is taken, in accordance with applicable law, in the event that suspicious activity is identified, including actions specified by the U.S. Treasury Department and other regulators; and
• Develop controls and processes to ensure compliance with applicable recordkeeping requirements.
  

5.1.3 Training and Education

Training and education of appropriate Visa staff shall be provided periodically to help ensure staff’s awareness of their responsibilities under Visa's AML/ATF and Sanctions Program.

5.1.4 Independent Review

The AML/ATF and Sanctions Program and the execution of its various components throughout Visa shall be subject to periodic independent reviews conducted by Internal Audit and/or a qualified third party. The Program also shall be subject to periodic independent compliance testing.