Anti-Money Laundering (AML) Policy

Principal and its subsidiaries/affiliates are subject to various Anti-Money Laundering (AML) laws and regulations relevant to the specific business and jurisdiction where the business operates. For example, within the U.S., Principal and its U.S.-based subsidiaries are subject to the Bank Secrecy Act, which incorporates the USA PATRIOT Act. This policy recognizes the need for awareness by Principal and its subsidiaries/affiliates to comply with such laws and regulations, as applicable, including customer identification and Know Your Customer (KYC) policies and procedures.

Principal established this AML policy as part of its Corporate Ethics and Compliance Program to help detect transactions that may involve money laundering, terrorist financing, or other illicit activity, and to provide resources for reporting applicable situations as required by applicable law. This policy also helps ensure we satisfy all legal and regulatory requirements and maintain ethical business practices.

The companies of Principal are subject to various AML laws and regulations depending on the nature of the business and the country in which such company is domiciled or conducting business. Entities of Principal outside the U.S. must comply with all requirements of the laws and regulations of relevant jurisdictions applicable to their business, including applicable U.S. laws.

The Chief Ethics and Compliance Officer (CECO) of Principal monitors and supports compliance with the policy and regularly reports to senior management, including the Audit Committee of the Board of Directors. The CECO is supported in these efforts by the Enterprise Head of Financial Crimes Compliance and Investigations (and their staff).

Although each jurisdiction’s AML laws may differ, Principal expects that if the jurisdiction requires the legal entity to have an AML Program, the AML Program will have the following common elements designed in accordance with local jurisdictional requirements:

• All relevant regulatory provisions should be reflected in a written AML Program that is approved by either one of more members of Senior Management or a Board of Directors. The AML officer or Money Laundering Reporting Officer (MLRO) charged with drafting and implementing the AML Program must not approve their own Program to ensure segregation of duties.All processes related to the AML Program should be anchored in written policies and procedures.
• The AML Program should be supervised by a qualified AML Officer or MLRO in accordance with local regulations.
• Relevant AML training will be provided to appropriate employees in accordance with local regulatory expectations.
• The AML Program will be independently tested periodically in accordance with local regulatory expectations.
• Processes will be designed and implemented to:
  • Form a reasonable belief that the Principal subsidiary knows the true identity of customers.
  • Form a reasonable belief that the Principal subsidiary knows the true identity of the ultimate beneficial owners of legal entity customers based on local regulatory requirements.
  • Determine (where appropriate) that the Principal subsidiary knows the nature and purpose of the customer account/policy/contract relationship.
  • Determine (where appropriate) the source(s) of funds that will flow through the customer’s account/policy/contract.
  • Identify higher risk customers (e.g., foreign politically exposed persons) and apply relevant additional due diligence and monitoring of these customers.
  • Identify and report, on a jurisdiction-appropriate form, suspicious activity and/or suspicious transactions.
• The AML Program should incorporate or cross reference appropriate sanctions compliance policies and procedures. At a minimum, the AML Program should cross reference the corporate policy.

Currently, the MLROs or AML Officers for each of the entities required to have an AML program, in consultation with legal and compliance contacts as needed, have developed and implemented AML programs tailored to address the risks and regulations specific to the particular entity’s business and customer base. Each entity’s AML program has been approved by the Board of Directors, senior management of that entity, or as otherwise required by applicable regulations. Further updates to these Programs will be made as needed, and material changes to Programs will result in review and re- approval by the appropriate oversight persons, committees, or boards.

Employees and company representatives are required to report any suspicious behavior and/or transactions, as appropriate for their jurisdiction and/or industry, to their designated MLRO or AML Officer. The designated MLRO or AML Officer will then determine appropriate actions and file reports as applicable. If employees and company representatives are unsure as to how to contact their MLRO or AML Officer, they should escalate the issue to their local compliance or legal contact.

MLROs or AML Officers are responsible for the following:

• Drafting and revising, local jurisdiction- and/or legal entity-specific AML and Sanctions policies or programs.
• Obtaining and documenting appropriate approvals of the local jurisdiction- and/or legal entity-specific policies and programs from senior management and/or Board of Directors on a frequency expected by relevant regulators.
• Collaborating and communicating with senior management, legal, compliance, and/or the Board of Directors, any material AML issues and regulatory changes impacting the legal entity or local jurisdiction in an established form and on a frequency expected by relevant regulators.
• Developing and implementing appropriate compliance procedures designed to achieve appropriate compliance oversight, monitoring, and testing processes within the local jurisdiction- and/or legal entity-specific AML and Sanctions policies and Programs.
• Consulting with appropriate business units to ensure that business unit procedures are effectively designed to comply with Enterprise, local jurisdiction regulations and meet the objectives of legal entity-specific AML and Sanctions policies/Programs.
• Drafting and filing jurisdiction-appropriate regulatory reports to include Suspicious Transaction Reports (“STRs”) and/or Suspicious Activity Reports (“SARs”).
• Ensuring that appropriate training is prepared and delivered to employees and Company representatives.
• Ensuring that local jurisdiction-specific and/or legal entity-specific AML and Sanctions policies/Programs are independently tested in accordance with regulatory expectations.

Senior Management and/or Boards of Directors are responsible to:

• Review and approve local jurisdiction- and/or legal entity-specific AML and Sanctions policies or Programs.
• Provide appropriate oversight and resources as needed to foster the effective implementation of AML and Sanctions policies or Programs within their business.
  • Each Principal subsidiary may be governed differently, and a Board of Directors may play either a partial role (e.g., oversight, but no provision of resources because that is delegated to senior management) or no role at all.

All employees and Company representatives are responsible for knowing and following their applicable AML or Sanctions policies and procedures. They should:

• Be familiar with the Enterprise AML and OFAC/Sanctions policies.
• Be familiar with their local jurisdiction- and/or legal entity-specific AML and Sanctions policies/Programs where business is being conducted.
• Be familiar with their business unit's/area's AML and Sanctions procedures including:
  • Procedures related to customer identification, verification, and due diligence (e.g., Know Your Customer, Customer Due Diligence, Customer Identification Programs, etc.) for opening new accounts/policies/contracts and servicing existing accounts/policies/contracts.
  • Procedures related to identifying, handling, and escalating potentially suspicious activities that may require special attention, have reporting requirements and/or need a leader’s approval, such as cash or cash equivalent (money orders, cashier's checks, wire transfers) transactions or certain cross-border transactions.
  • Relevant procedures related to any other facets of their local jurisdiction- or legal entity-specific AML and Sanctions policies/programs that require business unit operational tasks, reporting, or escalation so that the AML and OFAC/Sanctions policies can operate in practice.
• Know how to identify, escalate, and report potentially suspicious/red flag behaviors and/or transactions to their MLROs or AML Officers.
• Keep STRs or SARs that have been prepared or filed strictly confidential and not reveal any aspect (including the existence of the report itself) of such reports to the customer or the subject of the reports. This includes limiting information regarding such reports only to employees who have a need to know the information (e.g., business relevant compliance or legal contacts).