Client Onboarding Policy of

Haitong Bank, S.A.

Approved by the Board of Directors

on 15th September 2020

Version 3.0
 Client Onboarding Policy

TABLE OF CONTENTS

1. PURPOSE AND SCOPE OF APPLICATION ............................................................... 3

2. CLIENT ONBOARDING POLICY ................................................................................. 4
A. Categories ................................................................................................................... 4
B. Classification Rules ..................................................................................................... 4
C. Client Classification Procedure .................................................................................... 7
3. KNOW YOUR CUSTOMER POLICY ........................................................................... 8
4. REVIEW AND UPDATING ........................................................................................... 9

2/9
 Client Onboarding Policy

1. PURPOSE AND SCOPE OF APPLICATION

This Client Onboarding Policy of Haitong Bank, S.A. (hereinafter “the Bank”) falls under the
scope of anti-money laundering and terrorist financing (hereinafter “AML/TF”) mechanisms and
was drawn up pursuant to the provisions of Law no. 83/2017 of 18 August (hereinafter “Law
no. 83/2017”), Notices nos. 5/2008 (hereinafter “Notice no. 5/2008”) and no. 2/2018
(hereinafter “Notice no. 2/2018”), both of the Bank of Portugal, and other related legislation1.

In this sense, the purpose of this document is to set forth the set of criteria and categories that
should guide the whole Group2 in the context of acceptance or refusal of new Clients and
establishment of any business relationships with new counterparties or any other entities
(hereinafter together and without distinction, “Clients”)3, and definition of categories in respect
to Clients' risk assessments at the time of their onboarding.

The standards of conduct set forth in this document are developed and detailed in the rules
laid down on AML/CFT contained in the Bank's Procedure Manual and, without prejudice to
the obligation to read the said rules, must be complied with by all the Bank's employees.

1 By way of example, see also: (i) article 368-A of the Penal Code; (ii) Law no. 36/1994 of 29 September; (iii) Law
no. 5/2002 of 11 January; and (iv) Law no. 52/2003 of 22 August.
2 For the purposes of this document, Group means, within the meaning of article 2(1)(7) of Law no. 83/2017: “a set
of entities formed by: (i) a legal entity or any other undertaking that ultimately controls another legal entity(ies) or
undertaking(s) forming part of the group (parent undertaking), its subsidiary undertakings or other undertakings in
which the parent undertaking or its subsidiary undertakings hold a participation, in particular when one nor more
control indicators occur; or (ii) other undertakings linked to each other by a control relationship, in particular when
one or more control indicators occur”.
3 For the purposes of this document, Client means, within the meaning of article 2(1)(d) of Notice no. 2/2018: "any
individual or legal entity of a corporate nature or otherwise or legal arrangement who/which contacts a financial
institution so that the latter provides a service or product to him/her/it by establishing a business relationship or an
occasional transaction".

3/9
 Client Onboarding Policy

2. CLIENT ONBOARDING POLICY

A classification based on the following rules is hereby laid down for the purposes of onboarding
new Clients:

A. Categories

The following categories are set for individuals and entities4:

I. Unacceptable

II. High Risk

III. Standard Risk

IV. Low Risk

B. Classification Rules

I. Unacceptable

Individuals or entities who/which fall under or present signs of falling under any of the following
types cannot be accepted as Clients and the existence of any relationship, be it merely
prospective or exploratory, with any individual or entity of this nature must be reported
immediately to the Compliance Department:

 individuals or entities mentioned in official lists related to anti-money laundering and

terrorist financing and/or mentioned in the list drawn up by Thomson Reuters (World-
Check Database 5 ) as being associated with illegal activities. For this purpose, the
following official lists published to this end by the European Union , the United Nations
Security Council, the US authorities (OFAC, Office of Foreign Assets Control) and the
Bank of Portugal must cumulatively be taken into account.

 Individuals or entities who/which have any activity whose nature makes it impossible
to confirm the legal origin of their respective income.

 Individuals or entities who/which are not physically present at the time of establishing
the business relationships, save when they are duly represented and without prejudice
to relationships established at a distance in accordance with Schedule I to Notice no.
2/2018.

4 Includes their respective proxyholders, mandataries, agents or other forms of representation.

5 Specialist database subscribed by the Bank to this end.

4/9
 Client Onboarding Policy

 Individuals or entities who/which refuse to provide any information or documentation

requested by the Bank or required by law.

 Individuals or entities who/which perform illegal activities.

 Individuals who lack mental capacity, not duly represented by a person with powers
and authority to such end.

 Individuals or entities who/which clearly lack economic capacity to perform the

proposed transactions.

 Entities which have definitively ceased their business (applies only to new Clients).

 Unauthorised financial or similar entities.

 Entities dissolved or in the course of liquidation (applies only to new Clients).

 Entities which run unauthorised gambling activities.

 Entities terminated (applies only to new Clients).

 Entities whose share capital is represented in whole or in part by bearer shares;

 Shell banks6.

II. High Risk

The following prospective Clients are deemed High-Risk Clients and must, therefore, be
subject to enhanced due diligence procedures:

 Clients classified as such under the Client scoring mechanism in effect in the Bank, for
the purposes of assessment of the money laundering and terrorist financing risk.

 Residents in countries subject to any embargo decreed by the European Union and
the USA (applicable not only to prospective Clients, but also to their respective
representatives or co-owners) stated in the following official lists issued by the
European Union, the United Nations Security Council, the OFAC or as notified by the
Bank of Portugal.

 Residents in territories classified as tax havens, as listed in Ordinance no. 150/2004 or

any provisions substituted therefor.

6 Within the meaning of article 2(1)(g) of Law no. 83/2018, shell bank means:

5/9
 Client Onboarding Policy

 Residents in territories classified as offshore for the purposes of Notice no. 7/2009 of
the Bank of Portugal or any provisions substituted therefor.

 Residents in countries classified as non-cooperative, in accordance with the lists

published by the Financial Action Task Force (FATF).

 Individuals or entities associated with: i) the production or distribution of weaponry and

other military equipment; ii) the production or proliferation of weapons of mass
destruction.

 Politically exposed persons (hereinafter "PEPs") and other senior political or public
officers7.

 Individuals or entities who/which perform activities involving a high risk of being used
for the purposes of money laundering or terrorist financing, their officers, shareholders
or owners, such as, for instance: casinos or duly authorised bookmakers, foreign
exchange firms, pawnbrokers and money transfer firms.

The aforementioned circumstances should be analysed by the Bank's bodies responsible for
approving new Clients and/or transactions before commencing any business relationship with
any entity presenting signs of possibly falling under one of the aforementioned types.

III. Standard Risk

The following prospective Clients are deemed Standard-Risk Clients:

 Clients classified as such under the Bank's Client scoring mechanism.

 Any entities belonging to the Haitong Bank S.A.'s Group or its holding companies.

 Employees and officers of entities belonging to the Haitong Bank, S.A. Group.

IV. Low Risk

The following types of Clients are deemed Low-Risk Clients, provided they are located in
Portugal, in European Union Member States or third countries with effective AML/CFT
systems.

7 PEPs within the meaning of article 2(2)(cc) of Law no. 83/2017 and other senior political or public officers within
the meaning of article 2(2)(gg) of Law no. 83/2017.

6/9
 Client Onboarding Policy

 Management bodies or state-owned companies.

 Financial entities8 (including their branches, provided they comply with the procedures
determined by the holding company), except payment institutions and insurance
brokers.

 Companies whose shares are admitted to trading on a regulated market (including

branches and affiliates subject to their exclusive control, provided such control is
documented) and subject, by virtue of the rules of such market, the law and other
mandatory instruments, to duties to inform that ensure appropriate transparency in
respect of beneficial owners9.

Simplified due diligence procedures10 may be applied to these entities in terms of identification
and due diligence procedures (hereinafter “Know Your Customer” or “KYC”) and monitoring of
transactions.

C. Client Classification Procedure

(i) The Client classification in line with the rules applying to the aforementioned categories
should be calculated upon recording the counterparty in the central database, on the
basis of the data contained in the documentation and instructions received from the
employees of the relevant Front Office area.

(ii) Whenever a Client is classified as “High Risk”, his/her/its file must be forwarded to the
Compliance Department, which will analyse the case and take any additional actions
deemed appropriate in line with the increased risk presented by the Client, duly
documenting its analysis in writing in accordance with the applicable internal template.

(iii) It is expressly prohibited to establish any business relationship (even if merely of an

exploratory or prospective nature) with prospective Clients who/which the Bank is able
to identify as being “Unacceptable”.

(iv) Any contact, even if merely of an exploratory or prospective nature, with prospective
Clients classified as “Unacceptable” must be reported immediately to the Compliance
Department.

8 Within the meaning of Article 3(1) of Law No. 83/2017.

9 In order to identify the regulated markets that ensure appropriate transparency, the Bank must use the information
made available by the supervisory authorities of the sector in question.
10 Within the meaning of article 35 of Law no. 83/2017.

7/9
 Client Onboarding Policy

3. KNOW YOUR CUSTOMER POLICY

 In accordance with the regulations in force, each financial entity is bound to thoroughly
identify its Clients, know their business activities, know their respective ownership and
control structures, as well as to verify whether the relationship with these entities is
consistent with the nature and volume of the business carried out.

 To this end, the KYC procedures laid down in the Procedure Manual must be strictly and
fully adhered to.

 Employees of the Front Office areas are responsible for adhering to the KYC procedures
determined for each category of Client and must ensure that the data collected from
Clients is sufficient, as well as that it truly reflects Clients' circumstances, notably in respect
of their identity, business and financial capacity.

 The employees of the Front Office area responsible for the Client are responsible for
ensuring that all the respective information and documentation are kept duly updated,
meeting the applicable deadlines in line with the money laundering and terrorist financing
risk profile assigned to the Client:

 low AML/CFT-risk Clients – every 5 years;

 medium AML/CFT-risk Clients – every 4 years;

 high AML/CFT risk-Clients – every year.

 The assessment referred to in the preceding paragraph must be periodically updated by

the employee responsible for the business relationship, in line with data gathered from
time to time from the monitoring of the Client, and he/she must periodically ask the Client
for any additional data which proves necessary and/or useful for such assessment.

8/9
 Client Onboarding Policy

4. REVIEW AND UPDATING

 The Bank's Client Onboarding Policy must be reviewed at least annually and whenever
any change to the environment in which the Bank carries out its business so requires or
advises, for instance in the event of: changes to the legal and/or regulatory provisions in
effect, issue of new recommendations by official entities or new circumstances which
may potentially generate increased risks or similar events.

 The Compliance Department is responsible for drawing up and annually reviewing the
Client Onboarding Policy and the Bank's Board of Directors is responsible for its
approval.

 Version Control

Version Date approved Changes made

1.0 February 2015 Original version
2.0 April 2017 Review and updating of the
initial version
2.1 28 November 2017 Updating in line with Law no.
83/2017
3.0 05 February 2019 Updating in line with Notice
no. 2/2018 of the Bank of
Portugal
3.0 15 September 2020 Ratified by the Board of
Directors

Note: The links included in these document are those in effect when this document was updated. Their use at any
particular time presupposes confirmation that they remain current.

9/9