Electronically Signed By:
Rafael Jara
Compliance Monitoring Program Guidelines Organization: Fintable, Inc. Owner: Board of Directors Approved by: Rafael Jara Approval Date: 2025 October 1 Review Cadence: Annual or upon material change 1) Purpose The purpose of these Compliance Monitoring Program Guidelines is to define a consistent and disciplined approach for overseeing Fintable, Inc.’s adherence to applicable laws, regulations, internal policies, and ethical standards. This document establishes the structure, scope, and methodology of compliance monitoring activities that ensure the company maintains a sound compliance framework in accordance with expectations set forth by the Federal Financial Institutions Examination Council (FFIEC), the Gramm-Leach-Bliley Act (GLBA), the Consumer Financial Protection Bureau (CFPB), and other relevant authorities. 2) Scope These Guidelines apply to all Fintable departments, subsidiaries, and affiliates that conduct regulated activities, manage client data, or support core operations. The Program encompasses all areas subject to regulatory, contractual, and ethical obligations, including but not limited to data privacy, information security, consumer protection, and third-party oversight. Every employee, manager, and executive has a duty to support compliance monitoring and to cooperate fully with assessments, reviews, and audits conducted under this Program. 3) Governance Structure The Board of Directors holds ultimate oversight authority for Fintable's compliance posture and ensures that sufficient resources are dedicated to maintaining an effective program. It may perform its own evaluations or appoint a team with tasks to ensure compliance procedures including testing, sampling, and control validation activities. 4) Program Objectives The Compliance Monitoring Program aims to identify and assess compliance risks across all business operations, evaluate the design and performance of internal controls, detect potential violations, and ensure that corrective measures are implemented promptly. The Program promotes an organizational culture that values accountability, transparency, and ethical conduct, recognizing that effective compliance is essential to Fintable's integrity and reputation. 5) Risk-Based Approach The Program operates under a risk-based model that prioritizes monitoring efforts according to the level of regulatory exposure, operational dependency, and data sensitivity. Monitoring frequency and depth are guided by the results of the annual Compliance Risk Assessment, which evaluates inherent risks, control effectiveness, and emerging regulatory developments. Factors considered in determining risk include the complexity of applicable regulations, volume and sensitivity of transactions, history of prior findings, and potential impact on clients or business continuity. 6) Monitoring Methodology 6.1) Planning and Scoping The Compliance Department develops an annual monitoring plan that defines objectives, timelines, and resource assignments. Each review is scoped according to identified risks and regulatory requirements. 6.2) Fieldwork and Testing The Compliance Monitoring Team conducts testing using sampling, data analysis, interviews, and process walkthroughs. Findings are documented with sufficient evidence to support conclusions about control design and operational effectiveness. 6.3) Issue Identification and Rating Each issue identified is rated as high, moderate, or low severity based on its regulatory impact, frequency, and underlying cause. This rating determines the level of oversight required for remediation and escalation. 6.4) Reporting Upon completion of testing, the Compliance Monitoring Team prepares a formal report detailing the scope, methodology, findings, root causes, and management action plans. Reports are shared with relevant business owners, senior leadership, and the Executive Compliance Committee. 6.5) Remediation and Follow-Up Business owners are responsible for implementing corrective actions within the timelines established in their remediation plans. The Compliance Department tracks completion and verifies closure. Unresolved or delayed high-risk items are escalated to the CCO and the Executive Compliance Committee for further action. 7) Continuous Monitoring and Data Analytics Fintable employs ongoing surveillance supported by data analytics to identify anomalies, control gaps, or emerging risks. The Compliance Department uses automated monitoring tools to review transactional data, identify potential breaches, and ensure consistency between policy and practice. Results from continuous monitoring inform future compliance testing cycles. 8) Documentation and Record Retention All documentation related to compliance monitoring, including reports, test results, remediation evidence, and correspondence, must be securely retained for no less than seven years or for a longer period if required by law or contract. Access to such records is restricted to authorized personnel only. 9) Training and Awareness All Compliance Monitoring staff must receive regular training in applicable regulatory requirements, risk assessment techniques, root cause analysis, and effective reporting. Business units receive targeted compliance training based on observed risk trends and monitoring outcomes to promote awareness and accountability across the organization. 10) Reporting and Escalation Any material compliance breach, recurring issue, or incident with potential regulatory or reputational impact must be reported immediately to the CCO. The Executive Compliance Committee receives quarterly summaries of monitoring results, remediation progress, and risk trends, which are then shared with the Board of Directors as part of its oversight responsibilities. 11) Review and Continuous Improvement Fintable shall ensure annual reviews to ensure efficacy and regulatory compliance including through internal audits with recommendations to ensure the efficacy and strength of compliance methodology, testing scope, and oversight mechanisms. Approved By: Rafael Jara Vice President
Electronically Signed By:
Rafael Jara