CONFIDENTIAL
{Insert Target Logo}
Cannabis Banking
Onboarding, Audit & Compliance Execution
Prepared by Safe Harbor
{Insert Date}
1
EXECUTIVE SUMMARY
{Name of FI} operates a cannabis banking program and has identified opportunities to strengthen scalability in support of continued, efficient growth and geographic expansion.
This proposal outlines how Safe Harbor can enhance {Name of FI} cannabis banking program by assuming responsibility for the execution-intensive and resource-demanding components of onboarding and audit preparation under {Name of FI}-approved policies and procedures. This approach allows {Name of FI} internal teams to remain focused on approvals, risk acceptance, oversight, and overall program governance, while increasing operational capacity and strengthening audit readiness.
2
ABOUT SAFE HARBOR
1st
US Cannabis Banking Platform
Established in 2015 as the first compliant cannabis banking platform
11
Years Operating
Continuous operation since 2015 with no program interruptions
$26B
Processed
Over $26 billion processed through compliant cannabis banking programs
SHFS
Public Company
NASDAQ-listed organization providing enhanced transparency, financial controls, and oversight
25+
Examinations
Support for more than 25 federal and state regulatory examinations
41
States & Territories
Currently operates in 41 U.S. states and territories
Safe Harbor pioneered compliant cannabis banking in 2015 when viable solutions for cannabis-related businesses did not exist. We have operated continuously through multiple regulatory cycles, enforcement shifts, and market expansions.
We serve as a non-depository execution partner to financial institutions and do not hold deposits, control accounts, or assume regulatory authority.
Our role is to deliver the people, process discipline, technology, and execution infrastructure required to operate cannabis banking programs at scale—expanding institutional capacity without transferring regulatory responsibility or disrupting existing frameworks.
3
{FI NAME} STATED OBJECTIVES
Based on discussions with the {Name of FI} team, this engagement is focused on:
Operational Efficiency
Reducing the operational burden associated with cannabis onboarding
Timeline Acceleration
Shortening onboarding timelines and account opening cycles
Audit Readiness
Improving audit trail consistency and defensibility
Scalable Growth
Scaling the cannabis program without proportional internal headcount growth
Geographic Expansion
Supporting efficient multi-state expansion
This proposal is designed to address these objectives without altering {Name of FI} existing governance model or regulatory ownership.
4
EXECUTION FRAMEWORK & SERVICE TIERS
Safe Harbor supports cannabis onboarding, monitoring, and audit execution through dedicated compliance teams operating under {Name of FI}-approved policies and procedures, reinforced by structured systems that ensure consistency and audit readiness.
Our model is designed to scale operational capacity while preserving {Name of FI} full regulatory authority and internal control.
How the Service Tiers Work
Each service tier reflects a defined allocation of execution responsibility. Scope increases by tier and may be supplemented with defined add-on services.
This structure enables {Name of FI} to:
- Scale onboarding capacity
- Improve audit consistency
- Support multi-state expansion
- Maintain full regulatory ownership and approval authority
At all times, {Name of FI} retains:
- Final account approval authority
- Risk acceptance decisions
- SAR decisioning and filing authority
- Examiner and regulator relationships
- Lead generation and internal controls
Customer acquisition support is available across tiers and may generate qualified cannabis leads for partner institutions.
The table below compares Safe Harbor’s execution capabilities across onboarding, monitoring, audit support, and program administration against software-only platforms.
5
SERVICE TIERS: COMPARISON TABLE
6
TIER 1: ONBOARDING EXECUTION SUPPORT
Safe Harbor provides execution support for cannabis onboarding and related compliance activities under {Name of FI} approved policies and procedures using your existing software solution.
Scope Includes:
Applicant coordination
Ongoing applicant communication, document follow-up, interviews, and issue resolution
File assembly
Assembly of complete, audit-ready onboarding files for {Name of FI} review and approval
Timeline support
Execution activities intended to improve onboarding timelines and audit trail consistency
Alert investigation support
Transaction alert investigation support and documentation preparation, performed as execution support only
Audit & examination support
Examination preparation and audit support activities identified as shared responsibility
Source of Funds Validation
Validation of funds on hand or transferring from another Financial Institution
Compliance Add-ons: Compliance specific additional features that can be added as requested for specific task assistance such as CTRs and SAR narrative creation.
7
TIER 2: CO-MANAGED PROGRAM (CMS)
Safe Harbor provides execution support for cannabis onboarding and related compliance activities under {Name of FI}-approved policies and procedures using Safe Harbor's Compliance Management System (CMS), which replaces 's existing onboarding and compliance software.
Scope includes:
Safe Harbor CMS – Co-Managed
Safe Harbor’s CMS is an examiner-aligned platform that standardizes onboarding, documentation, monitoring, and audit support. Replaces {Name of FI} existing onboarding and compliance software.
Monitoring Workflows
Safe Harbor is responsible for managing monitoring workflows by combining trained banking professionals with CMS-enabled processes to support enhanced due diligence, BSA/AML, and KYC compliance under {FI Name}-approved policies and procedures.
Validation Enablement
The CMS supports validation by automatically populating relevant data elements used in source-of-funds and ongoing monitoring reviews.
Alert Generation
The CMS generates alerts related to defined risk and monitoring thresholds. Resolution support may be provided by Safe Harbor as a separately scoped add-on compliance service, where applicable.
Timeline Support
Safe Harbor provides workflow management, including recommended and customizable due dates and deadlines for CMS-generated tasks, to support timely completion and audit trail consistency.
Audit and Examination Support
The CMS includes audit functionality for internal use and an examiner-facing audit view that allows reviewers to follow due diligence workflows. Safe Harbor is available to support examiner walkthroughs and review of CMS workflows and documentation, as requested.
Compliance Add-ons: Compliance specific additional features that can be added as requested ranging from front office and issue resolution to specific task assistance.
8
TIER 3: FULLY MANAGED PROGRAM (CMS)
The Fully Managed Program represents Safe Harbor’s most comprehensive execution model. Under this structure, Safe Harbor assumes full operational responsibility for the cannabis banking program, including Safe Harbor CMS administration managed fully by our banking team, onboarding, ongoing compliance operations, audit support, program administration, and day-to-day client servicing and relationship management on behalf of your institution.
Safe Harbor operates at all times in accordance with your approved policies and procedures. You retain final account approval authority, risk acceptance decisions, SAR decisioning and filing responsibility, examiner and regulator relationships, and control over lead generation and internal controls.
Scope includes:
Safe Harbor CMS – Fully Managed Administration
Safe Harbor’s CMS is an examiner-aligned platform that standardizes onboarding, documentation, monitoring, and audit support. Replaces {FI Name} existing onboarding and compliance software.
Alert Investigations
Safe Harbor is responsible for investigating and resolving generated alerts in accordance with {FI Name}-approved policies and procedures.
Monitoring Workflows
Safe Harbor performs ongoing monitoring activities, including annual due diligence, onsite reviews, change of ownership reviews, and expanded monitoring support services.
Validation Enablement
The CMS supports validation by automatically populating relevant data elements. Safe Harbor banking professionals perform validation reviews and assessments using CMS-enabled workflows.
Audit and Examination Support
Safe Harbor provides CMS audit functionality for internal use and an examiner-facing audit view that allows reviewers to follow due diligence workflows. Safe Harbor also supports examiner walkthroughs and examination activities related to CMS workflows and documentation.
Compliance as a Service
Safe Harbor's BSA officer and compliance audit teams are available to support compliance-related inquiries and issue resolution, where {FI Name} elects to continue using the CMS.
Front-Line Client Servicing
Safe Harbor provides front-line client servicing through designated relationship bankers who act as representatives on {Name of FI} behalf, following institution-approved policies and procedures. Client support is available beyond standard banking hours.
BSA Officer Support
Quarterly training and ongoing Bank Secresy Act support are provided to support program compliance.
SAR and CTR Assistance
Preparation of Suspicious Activity Report narratives and Currency Transaction Report narratives for{Name of FI} review and filing.
Annual Risk Analysis
Client-level risk analysis is conducted annually. Safe Harbor utilizes a proprietary risk assessment methodology to evaluate and compare elevated risk factors within the cannabis market.
9
PRICING: BY SERVICE TIER
Onboarding Execution Support
Safe Harbor provides operational execution and documentation support that complements {Name of FI} existing onboarding and compliance software platform.
Pricing
- $1,000 per onboarded account (billed only when/if funded).
- No cost for onboarded accounts that never fund.
Core Pricing Attributes
- Performance-based pricing aligned to funded accounts.
- No platform, licensing, or software fees.
Co-Managed Program (CMS)
Safe Harbor migrates {Name of FI} from its existing onboarding and compliance software to Safe Harbor's Compliance Management System and co-manages onboarding and compliance execution in tandem with {Name of FI} teams.
Pricing
- $1,000 per onboarded account (billed only when/if funded).
- $175,000 annual CMS platform fee, billed monthly (20% discount for annual prepayment)
- $26,000 annual maintenance fee (15% of the billed platform fee).
- Implementation and integration services billed at $250 per hour, as needed, typically under 100 hours, covering system configuration, integrations, implementation support, and training.
Core Pricing Attributes
- Combines fixed CMS access with variable onboarding fees.
- Replaces third-party cannabis banking software while preserving program ownership and control.
- Includes support for up to 41 U.S. states and territories. Adds execution capacity without proportional internal staffing growth.
Fully Managed Program (CMS)
{Name of FI} elects to fully outsource the management of day-to-day cannabis banking execution to Safe Harbor. Safe Harbor serves as the primary operational and client-facing execution partner under {Name of FI} approved policies and procedures.
Pricing
- 1.25% of deposits (AUM) up to $100 million ($20,000 monthly minimum)
- 1.00% of deposits (AUM) above $100 million
Core Pricing Attributes
- Deposit-based pricing aligned to active balances supported by Safe Harbor workflows.
- Eliminates the need for internal cannabis compliance staffing and software administration.
- No per-account onboarding fees, platform fees, or maintenance fees.
- Aligns Safe Harbor compensation directly with program growth and operational performance.
Pricing aligned to funded performance, operational execution, and long-term program growth.
10
ADDED VALUE SERVICES
Deposit Acquisition, Retention & for CRB Success
The ability to attract new clients, retain existing relationships, and maximize lifetime customer value is directly influenced by the strength, stability, and breadth of a cannabis banking program. Safe Harbor's added value services are designed to support CRB operational success while reinforcing deposit retention and long-term program durability for partner financial institutions. Some of the services described below may overlap with capabilities you already provide or sources through existing partners and can be utilized selectively where they add value.
Customer Acquisition Support
Customer acquisition support is included with each tier. Safe Harbor actively engages with the cannabis community through digital channels and industry events, generating qualified leads that are shared with and/or onboarded for partner financial institutions.
Managed Banking Migration Support for CRBs
Operational CRBs with existing deposits at other financial institutions often encounter significant friction when migrating accounts, which can delay funding and introduce operational, fraud, and change-management risk. Safe Harbor provides structured banking migration support to reduce these barriers and accelerate the transition of active accounts to your institution. Services include end-to-end change management, coordination of customer and vendor communications, payroll and payment integrations, and alignment with third-party providers, with the goal of minimizing disruption and shortening the time required for migrated accounts to become fully funded.
CRB Treasury and Wealth Management
Safe Harbor supports CRB treasury and liquidity management through 13-week cash flow forecasting, customer and vendor payment coordination, and access to capital. Capital sources include financial institution partners that lend to CRBs, as well as private equity firms and family offices. Available capital solutions may include accounts receivable factoring, purchase order financing, credit support services, and collections assistance.
CRB Human Resource Management Solutions
Safe Harbor supports CRB human resource management needs through access to compliant employment and benefits solutions, including multiple employer 401(k) programs, health and welfare benefits, payroll administration, benefits administration, and employee claims management.
Curated Partner Network to Support CRB Business Operations
Safe Harbor leverages a curated network of trusted partners to provide CRBs with specialized services and resources. This network offers comprehensive support for operational efficiency, compliance adherence, and strategic growth, connecting your clients with best-in-class solutions beyond banking.
Cannabis Lending
Safe Harbor has supported cannabis lending since inception through its financial institution partners, backed by an internal loan committee, dedicated underwriting team, and loan syndication capabilities across multiple institutions. In 2025, Safe Harbor expanded its ecosystem to include private equity and family office capital. If you elect to lend, Safe Harbor can source and vet opportunities aligned with its credit criteria; if not, alternative capital partners may support CRB clients while you retain deposit relationships.
CRB Professional Support Services
Safe Harbor provides CRBs with cannabis-focused bookkeeping, legal, accounting, tax, and strategic advisors to support regulatory compliance and operational performance.
Dispensary Management Solutions
Safe Harbor works with established dispensary solution providers to make available integrated, turnkey operational solutions that support daily dispensary operations. These solutions are offered to Safe Harbor clients at preferential pricing.
Inter-Institution Transfer Network (“Zelle” for Cannabis)
Safe Harbor's secure transfer network is designed to enable fast, compliant bank-to-bank transfers between participating financial institutions serving regulated cannabis markets.
11
REPORTING
Audit-ready reporting, delivered at an agreed cadence, ensures continuous visibility into operational performance, financial activity, and regulatory compliance.
Operational Reporting
- Open and closed account status
- Inactive and negative balance monitoring
- Deposit activity reporting
- Fee tracking and reconciliation
Compliance & Audit Reporting
- CTR activity reports
- SAR reporting support
- Audit view of compliance software
- Missed deadline or outstanding items report
12
TECHNOLOGY (CMS)
Safe Harbor's Compliance Management System (CMS) supports disciplined execution, operational consistency, and audit readiness, while preserving financial institution authority over approvals and risk decisions. CMS deployment varies by engagement tier.
- In our Co-Managed program, the CMS is administered jointly by Safe Harbor and {Name of FI}.
- In the Fully Managed Program, the CMS is administered fully by Safe Harbor. I
Core Capabilities
- Structured workflow orchestration and task routing
- Centralized document tracking and retention
- Ownership and entity relationship mapping
- Approval tracking and evidence capture
- Time-stamped audit trails
- License tracking
- Client interaction logging
- Escalation and quality-control workflows
- Support for transaction alert workflow tracking and documentation
- Vendor and fee tracking
These capabilities support transparency, repeatability, ad audit readiness across onboarding, compliance, monitoring, and examination support activities.
Illustrative Screen Shot Examples
13
CLIENT TESTIMONIALS
Partner Colorado Credit Union
Doug Fagan, CEO
“When we launched our cannabis banking program in 2015, there was no established playbook for how to operate it at scale while maintaining regulatory discipline and compliance. From the beginning, Safe Harbor has been deeply involved in the day-to-day execution of our program supporting onboarding, compliance workflows, and ongoing member servicing under our policies and oversight.
Over time, that execution support has allowed our internal teams to focus on approvals, risk management, and examiner engagement, while maintaining consistent documentation and defensible files across the program. The continuity of the relationship has been particularly valuable as regulatory expectations and market conditions have evolved.
Safe Harbor’s experience, operational rigor, understanding of examiner expectations, and openness to evolving risk management practices have been instrumental in helping us operate a durable cannabis banking program over multiple regulatory cycles.”
Guardians Credit Union
Kim, Compliance Manger
"We launched our cannabis banking program in 2019, and Safe Harbor was there from the very beginning to guide us in the right direction. At a time when clear banking regulations and industry standards were still evolving, their expertise and leadership were invaluable.
They provided thorough training on proper procedures and have consistently supported us through audits, ensuring we remain well-prepared and compliant. Whenever questions arise, their team is responsive, knowledgeable, and always willing to assist. Their partnership has given us the confidence and structure needed to operate a strong, compliant cannabis banking program."
14
THANK YOU
Thank you for the opportunity to work with you as you continue to grow your cannabis banking program with Safe Harbor. We believe our team can help you scale onboarding capacity, retain deposits, strengthen your compliance program, and protect your brand as you expand.
If this proposal aligns with your needs, we would welcome the opportunity to move forward together. Please let us know a convenient time to review any remaining questions, finalize scope and timing, and discuss next steps toward implementation. We look forward to partnering with you to help your customers bank, borrow, operate, and grow with confidence.
Amanda McComb
SVP Bank Services
Amanda.mccomb@shfinancial.org
720-254-7297
15
Addendum Table of Contents
16
Addendum A
About Safe Harbor
1st
US Cannabis Banking Platform
Established in 2015 as the first compliant cannabis banking platform
11
Years Operating
Continuous operation since 2015 with no program interruptions
$26B
Processed
Over $26 billion processed through compliant cannabis banking programs
SHFS
Public Company
NASDAQ-listed organization providing enhanced transparency, financial controls, and oversight
25+
Examinations
Support for more than 25 federal and state regulatory examinations
41
States & Territories
Currently operates in 41 U.S. states and territories
Safe Harbor pioneered compliant cannabis banking in 2015 in response to the absence of viable banking solutions for cannabis-related businesses and has since operated continuously through multiple regulatory cycles, enforcement environments, and market expansions.
Safe Harbor operates as a non-depository execution partner for financial institutions. At no time does Safe Harbor hold customer deposits, control accounts, or assume regulatory authority.
Safe Harbor provides the people, process discipline, technology, and execution infrastructure required to operate cannabis banking programs at scale. This operating model allows financial institutions to access specialized cannabis execution capabilities without outsourcing regulatory responsibility or dismantling existing internal frameworks.
17
Addendum B
Corporate Overview & Governance
Safe Harbor is a cannabis-focused financial technology and services company founded in 2015 to support financial institutions that elect to bank cannabis-related businesses under existing BSA/AML frameworks. The organization was established to address the execution complexity inherent in cannabis banking, particularly around onboarding, documentation, and compliance workflows that are difficult to scale within traditional FI operating models.
Safe Harbor operates exclusively as a non-depository execution partner. At no time does Safe Harbor hold customer deposits, control accounts, or assume regulatory authority. All accounts, deposits, BSA/AML responsibility, SAR authority, and examiner relationships remain fully with the partner financial institution.
Since inception, Safe Harbor has operated continuously through multiple regulatory cycles, enforcement environments, and market expansions. Execution methodologies have been refined through repeated regulatory examinations, internal audits, and examiner feedback across jurisdictions.
Public Company Governance and Oversight
Safe Harbor is publicly traded on NASDAQ (ticker: SHFS). As a public company, Safe Harbor is subject to:
- Independent board oversight
- Audit committee governance
- SEC reporting and disclosure obligations
- Internal control requirements over financial reporting
- Quarterly and annual external audits and reviews
These governance requirements impose operational discipline, documentation rigor, and transparency standards that directly reduce counterparty and execution risk for partner financial institutions.
Regulatory and Examination Track Record
- Cannabis banking programs supported continuously since 2015
- More than 25 federal and state regulatory examinations supported (NCUA, FDIC, OCC)
- Examinations conducted by NCUA, state regulators, and joint supervisory teams
- Repeated examiner review of onboarding files, beneficial ownership analysis, source-of-funds validation, and ongoing documentation practices
Execution standards and workflows described in these addendums reflect practices that have been examined, challenged, and refined in real regulatory settings.
19
Addendum C
Organizational Structure and Staffing
Safe Harbor was built to be "compliance first," focused. Our BSA Compliance team reports directly to the Chief Executive Officer and the Audit Committee. Our Bank Services team is functionally separated (segregation of duties) between the front of the house relationship managers, and back of the house compliance professionals. This ensures that client pressure doesn't result in compliance issues. Every member of our Bank Services team is BSA certified, and multiple members are CAM certified.
In addition, we employ an internal BSA officer who is supported by BSA compliance specialist and internal auditors. These professionals serve as a second line of compliance defense. Any matters that are not resolved at this level are escalated to the Chief Executive Officer, the Audit Committee Chair, or our outside legal counsel as appropriate.
We further leverage external auditors to independently assess our program and provide suggestions for further enhancement based on best practices.
Safe Harbor maintains a purpose-built organizational structure designed to support your compliance with regulatory standards, preserving segregation of duties, escalation compliance discipline, and customer satisfaction while providing our FIs the ability to monitor our performance.
20
Meet The Team
Terry Mendez
CEO & Director
Mr. Mendez leads Safe Harbor as CEO and Director. He previously held CEO/CFO roles in cannabis businesses via Amos Advisory Solutions and VP roles at Hitachi Vantara and Arrow Electronics. A CPA and CGMA, he holds a B.S. in Economics from Wharton.
Amanda McComb
SVP of Services
Amanda has been with Safe Harbor since its 2015 launch, bringing expertise in BSA/AML compliance and client service. She oversees onboarding and client support, holding certifications from CU National Association and ACAMS.
Kimberly Seefried
Chief of Staff, Transformation
Kimberly leverages 20+ years of credit union experience and deep cannabis banking knowledge. An early team member, she helped launch Safe Harbor Services in 2017 and manages financial institution relationships. She is CAMS certified.
Margaret Williams
Vice President, Compliance
Margaret is a compliance executive with over 30 years in BSA/AML and regulatory strategy. She leads Safe Harbor's enterprise-wide compliance, auditing, and risk mitigation, holding CUCE and BSACS certifications.
Cassandra Douglass
Sr. Manager Client Experience & Onboarding
Cassandra specializes in cannabis banking, supporting client onboarding and relations. With a decade of experience, she's an expert in compliance, operations, fraud prevention, and state-specific licensing frameworks.
21
Board of Directors
Fred Niehaus
Chairman of the Board
Fred is Managing Partner of Interactive Global Solutions, with extensive experience in government relations and business development, including global SVP roles at First Data and Western Union. He also served as a Special Assistant for Economic Development to Colorado Governor Roy Romer.
Sundie Seefried
Director
Sundie is the founder and former CEO of Safe Harbor Financial. She previously led PCCU and Eagle Legacy Services, and served on the Colorado Division of Financial Services board. She holds an MBA from Regis University.
Richard Carleton
Independent Director
Richard has been CEO of the Canadian Securities Exchange since 2011, leading its role in public capital for entrepreneurial companies and advocating for the cannabis industry. He also directs Tetra Trust Company and Blue Ocean ATS.
Skip Braun
Independent Director
Francis serves as a consultant and senior advisor to several firms, and is a director and audit committee chairman at Crown Bank. A financial expert with 40 years in public accounting, he previously was a Partner at Grant Thornton LLP.
22
Addendum D
Onboarding Execution Workflow
This addendum describes the onboarding execution framework used by Safe Harbor when supporting partner financial institutions. The processes outlined below are designed to promote consistent documentation, disciplined due diligence, and the creation of examiner-ready onboarding files. All onboarding activities are executed under financial-institution-approved policies and procedures. Final account approval authority, risk acceptance, and regulatory ownership remain with the financial institution. This section is intended to provide transparency into execution practices and control points that support auditability and regulatory review.
Initial Inquiry and Intake
Once an inquiry is submitted, an onboarding interview is scheduled. The prospective client is logged into the onboarding tracking system, and preliminary due diligence begins using various sources related to the business and its principals. If the applicant elects to proceed, their status is updated in the tracking system, and interview preparation begins.
Applicant Interview
An onboarding specialist schedules an interview to discuss business operations, and clarify ownership, licensing, and financial activity. Interview notes are documented directly within a questionnaire to ensure consistency and efficiency.
Secure Document Collection
A secure document collection environment is established for each applicant using a standardized folder structure to ensure consistency across onboarding files. The structure includes bank forms and onboarding checklists, client disclosures and agreements, applicant-uploaded documentation, and downloaded and validated materials. Documents are reviewed daily as they are received, and onboarding progresses as completeness thresholds are met.
Quality Control Reviews
Once document collection is complete, the onboarding file is submitted for quality control review by the Onboarding Underwriting Manager. Then a secondary reviewer on the Banking Services team validates completeness and documentation accuracy before the file is marked ready for financial institution review and decisioning.
Applicant Follow-Up and Issue Resolution
If an applicant resists document requests or demonstrates limited cooperation, this is treated as a potential risk indicator and escalated as appropriate. The onboarding process is used to assess transparency and establish expectations for the ongoing banking relationship.
Document Storage and Tracking
A standardized file structure is applied across all onboarding files to support audit, examination, and internal review. A due diligence tracker is maintained to log required documentation, identify outstanding items, and support coordination across reviewers. The tracker is tailored by business type and complexity.
EIN Verification
Applicants are required to provide official IRS EIN documentation. Where original letters are unavailable, alternate IRS-accepted documentation may be used. EINs are independently verified using third-party systems to confirm accuracy and entity alignment.
Initial Deposit and Source-of-Funds Validation
Initial funds are evaluated to determine whether balances are reasonable based on historical performance, reported sales, tax filings, and operational activity. Validation may include review of historical sales and tax records, state reporting data, POS or general ledger records, investor documentation and capital infusion records, and asset sale documentation. Funds that cannot be reasonably validated are treated as unvalidated and require resolution prior to account opening.
Outstanding Documents and Account Transfer
Non-critical outstanding documents may be tracked post-opening with defined suspense periods. Once onboarding is complete and applicable fees are collected, the account is transferred to the financial institution for final approval and account opening.
Additional Account Onboarding
For enterprises opening additional accounts, onboarding execution may be centralized to ensure consistency across entities and maintain documentation standards.
23
Addendum E
Audit Process
This addendum outlines the audit and control framework supporting onboarding, transaction monitoring, and post-opening compliance activities. The processes described below are designed to support regulatory expectations for documentation, segregation of duties, and defensible audit trails. All activities are executed under financial-institution-approved policies, with regulatory ownership, SAR authority, and examiner relationships retained by the financial institution.
Account Opening and Post-Opening Tasks
Bank Services responsibilities are structured across front office, back office compliance professionals, and portfolio management functions to improve audit outcomes and workload balance. Following account approval, the back office opens the account and completes a standardized post-opening checklist.
Front Office responsibilities:
Include client review forms, relationship manager assignment in CMS, client profile setup, limit increase and system updates, client documentation preparation, introductory communications, and completion of virtual or physical onsite visits.
Back Office compliance responsibilities:
Include ChexSystems and OFAC checks, credit pulls, account opening, field of membership transfers, BSA Calculator creation, profile updates, and site verification completion.
Wire Transaction Due Diligence
Wire activity is treated as a higher-risk transaction category due to fraud, regulatory, and reputational exposure. Relationship Managers conduct due diligence on all outgoing wires and on incoming wires. Verbal confirmation is obtained from an authorized signer or owner, and supporting documentation is collected to substantiate the purpose of the wire. Completed documentation is forwarded to the Back Office team for validation, filing, and execution.
Currency Transaction Reports (CTR)
CTR filings are reviewed for proper completion and timely submission. All reportable cash transactions are captured, aggregated, and filed in accordance with BSA requirements. Quality control checks are performed to ensure accuracy and compliance with regulatory guidelines.
Ongoing Monitoring and Alert Disposition
Automated transaction monitoring systems generate alerts for suspicious activity. These alerts are reviewed and investigated by trained compliance professionals. Disposition decisions are documented, and suspicious activity reports (SARs) are filed when necessary, following financial institution policies.
Validation and Monitoring Procedures
Regular validation of monitoring systems and procedures ensures their effectiveness in detecting and reporting suspicious activities. This includes periodic testing, model validation, and ongoing assessment of risk parameters to adapt to evolving threats and regulatory expectations.
Audit Scope
The audit scope for onboarding and compliance activities covers all relevant policies, procedures, systems, and controls. It includes a review of customer due diligence, transaction monitoring, reporting mechanisms, and the overall effectiveness of the BSA/AML program.
Internal Audit Executive Summary
An executive summary provides key findings, conclusions, and recommendations from internal audits. It highlights areas of strength, identifies deficiencies, and outlines action plans for remediation to ensure continuous improvement and compliance with regulatory standards.
24
Addendum F
Examiner and Audit Interaction Detail
Onboarding Interviews
Examiners frequently request walkthroughs of onboarding interviews to assess documentation quality and interview methodology.
Beneficial Ownership Analysis
Examiners review how ownership structures are documented, validated, and maintained throughout the account lifecycle.
Source-of-Funds Validation
Examiners assess the process for validating initial deposits and ongoing source-of-funds documentation.
Document Completeness Tracking
Examiners review systems and processes for tracking document requests, follow-up, and file completeness.
Escalation and Refusal Decisions
Examiners evaluate how risk indicators are identified, escalated, and resolved, including account refusal decisions.
Safe Harbor supports these walkthroughs by presenting standardized documentation and demonstrating consistent execution methodology across accounts.
Examiner walkthroughs are supported by time-stamped execution records demonstrating when documents were requested, reviewed, approved, and escalated.
25
Addendem G
Cybersecurity
Safe Harbor Financial maintains a mature, defense-in-depth cybersecurity program designed to protect customer data and critical systems. Our security posture combines modern cloud-based controls, continuous monitoring by trusted third-party security partners, and strong identity and access management across our environment. Cybersecurity governance is enforced through formal policies, ongoing employee security training, and regular internal and external audits, with oversight provided by executive management and the Board of Directors.
Protecting customer and client data is foundational to how we operate. All sensitive information is encrypted both at rest and in transit using widely accepted, industry-proven cryptographic standards. Secure key management practices, strong authentication mechanisms, and trusted digital certificates are used to ensure that only authorized systems and users can access data. These encryption and access controls are subject to formal review, exception management, and continuous improvement as technologies and threat landscapes evolve.
Client and customer data within Safe Harbor Financial’s Compliance Management System (CMS) is logically segregated in a multi-tenant environment at the application layer. All data records are associated with a specific client or company profile and are accessed only within the context of that client record. CMS enforces role-based access controls, requiring users to be authenticated and authorized prior to accessing system resources, with permissions granted based on job role and assigned client responsibilities. Users are only able to view and manage data for clients to which they have been explicitly granted access.
CMS is hosted on shared cloud infrastructure; however, confidentiality is maintained through logical access restrictions, client-scoped data models, encryption of data at rest and in transit, and formal access provisioning, modification, and periodic access review processes. Together, these controls ensure that customer and client data is protected from unauthorized access and is not accessible across clients. This approach aligns with recognized security and regulatory frameworks.
26