Webcast Series 2009 featuring . . . Operational Considerations on Regulatory Issues

Webcast Series 2009featuring . . .

Operational Considerations on Regulatory Issues

December 8, 2009

WelcomeIntroduction

Craig HollisVice President and AML Officer

Meeting Logistics Keep Webcast to 60 minutes Ask a question

Click on the Q&A window in the lower right hand portion of the screen

Type your question into the dialog box Click the Send button

Following today’s Webcast Redirected to a brief survey Link via email to access a recording of today’s Webcast

If you experience any technical difficulties during the presentation Submit a question through the Q&A Contact WebEx Technical Support at 1 (866) 229-3239

Agenda

PrivacyPrivacyMassachusetts Data Protection LawMassachusetts Data Protection LawFTC Identify Theft Prevention (Red FTC Identify Theft Prevention (Red

Flags Rule)Flags Rule)Data MaskingData Masking

Summary ProspectusSummary Prospectus

International ACH Transactions (“IAT”)International ACH Transactions (“IAT”)

New California Law: State Backup New California Law: State Backup WithholdingWithholding

Joan DowdJoan DowdChief Compliance OfficerChief Compliance Officer Boston Financial Data ServicesBoston Financial Data Services

Jeff CookJeff CookDirector of Regulatory ComplianceDirector of Regulatory Compliance

DST SystemsDST Systems

Massachusetts Data Protection Law

Massachusetts Office of Consumer Affairs and Business Regulation Adopt Standards – September 2008

Original Law Exceeded Authority – Rigid Standards

Multiple Public and Private Hearings

Two Significant Revisions – August 2009

Final Regulation Issued – October 30, 2009

Background

Compliance Date Extended to March 1, 2010


Have a written information security program adhering to promulgated standards

Comply with specified system security requirements

Take “reasonable steps” to ensure third party service provider compliance

For those maintaining or storing “personal information” of Massachusetts Residents:

Requirements

Compliance Date Extended to March 1, 2010


Listened and responded to industry concerns

Built more flexibility into the rules

Still requires each business to have a comprehensive information security program but can now be tailored to the following:

Size, scope, and type of business

Available resources

Amount of stored data

Need for security and confidentiality of consumers and employee information

Must take reasonable steps to ensure their third party providers protect shareholder information, but written certification is no longer required

Revisions to the Law …


Compared the revised MA law with our Security Program

Periodically review our program to ensure compliance with regulations

Annual training and awareness regarding information security

Enhanced due diligence of third party providers/vendors

Daily monitoring

Use multi-factor authentication to provide information for phone inquiries

Encrypt e-mail and secure FTP for file transmission

Provide clients an overview of internal security policies

Our Support Structure

FTC Red Flags Rule

Develop and implement a written Identity Theft Prevention Program

Designed to detect, prevent, and mitigate identity theft

One definition of financial institution is one that has “transaction accounts”

An account from which the account owner can direct payments to third parties

Check-writing; debit cards; wires to third parties

Written or telephone instructions directing money to third parties (or to bank accounts not on file)

Requirements

Enforcement Date Extended to June 1, 2010

Initial program provided in 2008; subsequent updates added

Placed program on Boston Financial Compliance Corner or issued directly to clients

Provide certification as part of our quarterly 38a-1 statement

A file that contains SSN/TIN discrepancies from the CIP verification process to run against the IRS TIN Match Program

A new report that contains only address discrepancies is being created with a procedural workflow to review and analyze for fraud, identity theft is in development

FTC Red Flags Rule


Two Future Program Enhancements

Data Masking

DST TA2000 3270, Desktop, SmartDesk, Vision, and FANWeb screens have been identified and provided to RCAG Steering Committee for review

Reports – FANWeb, Vision, Voice, and DST reports have been identified and masking is ongoing

DST Online Masking Projects

Our Support Structure SSNs have been removed from transcripts, confirmation statements,

and new account welcome kits

Fund, Account and SSN have been removed from correspondence

Encourage not returning original documents to shareholders as these may contain personal information

Validate reports and screens during testing phase

Tax Form Masking

Creates a pilot program allowing the masking of SSNs

For tax years 2009 and 2010 on paper payee statements only

IRS approval is not needed

The notice is effective immediately; masking is voluntary

Applies to paper payee statements (not electronic statements)

Only applies to Form 1098 series, Form 1099 series, and Form 5498 series. Form W-2 is not included

Does not apply to any information return filed with the IRS

Applies to tax forms to individuals only (SSN format only)

Does not apply to accounts registered as entities (those with EIN format of 99-9999999) - paper payee statements for these accounts must include full TIN

IRS Notice 2009-93Requirements

IRS Notice 2009-93

Substitute and composite/combined payee statements are in scope

The identifying number must be truncated by replacing the first five digits of the nine-digit number with asterisks or Xs

For example, a social security number 123-45-6789 would appear on the paper payee statement as ***-**-6789 or XXX-XX-6789)

Entire social security number for individuals and/or tax identification number for entities are still required on files sent to IRS

The Notice is available at http://www.irs.gov/pub/irs-drop/n-09-93.pdf. The IRS is accepting comments until May 1, 2010, with regard to the current notice and go forward strategy

Requirements

IRS Notice 2009-93

We will work to have the TA2000 programming ready for systematic masking the SSNs for tax year 2010

Distinguishing and separating the masking for SSN and EIN formats is necessary

Interfering with the YE platform at this late date is not recommended

Working with DST Output for a 2009 masking solution that will not involve changes to the YE platform


Summary Prospectus

Summary Prospectus

Three or four-page, “plain English” summary

Updated annually

Can be sent in lieu of statutory prospectus

Must be incorporated into the statutory prospectus

Must have Internet availability of compliance materials

Summary Prospectus, statutory prospectus, SAI, and shareholder reports

Must send statutory prospectus if requested

Requirements

3/31/2009: SEC Effective Date (optional)

1/01/2010: Mandatory Filing

International ACH Transactions (“IAT”)


What is IAT?

A new ACH transaction type, International ACH Transaction or “IAT”

This new payment code and record layout will be used to identify an ACH credit or debit that is part of a payment transaction that involves a financial agency's office that is not located within the territorial jurisdiction of the US

It allows for the identification and facilitation of IAT transactions

It enables financial institutions to comply with OFAC obligations regarding international transactions

The territorial jurisdiction of United States includes all 50 states, U.S. territories, U.S. Military bases and U.S. embassies in foreign countries

Effective Date: September 18, 2009

Background

Incoming IATs - project complete

Worked with Banks that have an interface with DST

DST receives ACH file from bank that contains the new code and new record layout

DST created a report that is executed daily that contains ACH transactions with IAT code and transaction information

Operations receives the report and scans information against the OFAC database

If there is not an OFAC hit, transaction is processed same day

If there is an OFAC match the transaction is not processed and operations contact the originating bank

Worked with banks who do not have an interface with DST

Reviewed the bank reports to identify any IAT transactions

Process follows that noted above

International ACH Transactions (“IAT”)Our Support Structure


Outgoing IATs - project underway

All outgoing ACH transactions are run against the OFAC database

A report that identifies outgoing systematic ACH transactions for accounts with foreign addresses is printed daily

Currently DST is developing a systematic solution to include the IAT code and transaction information

Boston Financial/DST are retaining reports until the process is automated

If destination bank contacts Boston Financial/DST, transaction information will be provided



Systematic Solution for Outgoing IAT

Flag outbound ACHs as IAT for all accounts with a foreign address based on country code

Update the ACH layout with the new IAT layout

Provide a front-end method for users to flag the account as IAT when setting up a new ACH

Project was rated as highest priority by RCAG Steering Committee

New California LawState Backup Withholding

New California Law:State Backup Withholding

There is a 7% state backup withholding for California residents on transactions that are subject to federal backup withholding (28%)

Exclusions include:

Those accounts or transactions not subject to federal backup withholding

Money Market Funds – (not subject to withholding)

Interest and dividend payments or release of loans

Accounts with uncertified or missing TINs, and B-Notices, California backup withholding will apply to redemption and long-term capital gains only

Accounts with C-Notices, California backup withholding applies only to long-term capital gains

Signed into law on July 28, 2009

Effective Date: January 1, 2010

Requirements

New California LawState Backup Withholding

We will continue the analysis of the Bill and work to begin identifying potential impacts to determine necessary long-term system changes

Analyzing possible solutions

Efforts involved in taking the withholding automatically on applicable payments, remitting withholding, and reporting to California residents

Due to the short time-frame, a full systematic process will not be available on January 1, 2010

DST programming is developing a short-term solution that will involve minimal manual effort until the long-term systematic solution is available


Craig HollisVice President, AML Officer, Boston Financial

Questions

Thank You

Documents

Webcast Series 2009 featuring . . . Operational Considerations on Regulatory Issues