U.S. Bank National Association Service Organization Control 1 Report Description of the Trust & Custody Account Transaction Processing System For the period from October 1, 2014 to September 30, 2015, with Independent Service Auditor’s Report, including tests performed and results thereof TABLE OF CONTENTS I. Assertion of U.S. Bank National Association ................................................................ 1 II. Independent Service Auditor’s Report ..................................................................... 3 III. Description of US Bancorp Trust & Custody Account Transaction Processing Scope of this Report .................................................................................................... 6 Overview of Services Provided ................................................................................... 6 Control Environment ................................................................................................. 13 Risk Assessment ........................................................................................................ 17 Information and Communication .............................................................................. 18 Monitoring and Control Activities ............................................................................ 19 Description of Transaction Processing System ......................................................... 20 Information Systems Control Environment ............................................................... 34 Control Objectives and Related Controls .................................................................. 42 Complementary User Entity Controls ....................................................................... 42 IV. Description of Control Objectives, Controls, Tests, and Results of Tests Testing Performed and Results of Tests of Entity-Level Controls ............................ 43 Testing Performed and Results of Tests When Using the Work of Internal Audit ........................................................................................... 43 Control Objectives, Controls, Tests, and Results of Tests ........................................ 44 1502-1404605 V. Other Information Provided by the Service Organization Business Continuity and Disaster Recovery .............................................................. 74 U.S. Bancorp Corporate Profile................................................................................. 76 Lines of Business ...................................................................................................... 76 VI. Glossary of Terms ................................................................................................... 77 1502-1404605 I. ASSERTION OF U.S. BANK NATIONAL ASSOCIATION  The procedures, within both automated and manual systems, by which those services are provided, including by which transactions are initiated, authorized, recorded, We have prepared the accompanying Description of the Trust & processed, corrected as necessary, and transferred to the Custody (T&C) Account Transaction Processing System (Description) reports presented to user entities. of U.S. Bank National Association (U.S. Bank or the Bank) Wealth Management & Securities Services (Service Organization) for users of  The related accounting records, supporting information, the system during some or all of the period from October 1, 2014 to and specific accounts that are used to initiate, authorize, September 30, 2015 (user entities), and their independent auditors who record, process, and report transactions; this includes the have a sufficient understanding to consider the Description, along with correction of incorrect information and how information other information, including information about controls implemented is transferred to the reports prepared for user entities. by user entities themselves, when assessing the risks of material misstatements of user entities’ financial statements. We confirm, to the  How the System captures and addresses significant events best of our knowledge and belief, that: and conditions, other than transactions. • The Description fairly presents the T&C Account Transaction  The process used to prepare reports or other information Processing System (System) made available to user entities during provided to user entities. the period from October 1, 2014 to September 30, 2015, for processing their transactions. The Service Organization uses  Specified control objectives and controls designed to various subservice organizations to provide certain services as achieve those objectives. described in Section III. The Description includes only the controls and related control objectives of the Service Organization and  Controls that, in designing the System, we contemplated excludes the control objectives and related controls of the would be implemented by user entities in order to achieve subservice organizations. The criteria we used in making this the specified control objectives (Complementary User assertion were that the Description: Entity Controls). • Presents how the System made available to user entities was  Other aspects of our control environment, risk assessment designed and implemented to process relevant transactions, process, information and communication systems including: (including the related business processes), control activities, and monitoring controls that are relevant to the  The types of services provided, including the classes of services provided, including processing and reporting transactions processed. transactions of user entities. 1502-1404605 1  Does not omit or distort information relevant to the scope • The controls identified in the Description would, if operating of the System, while acknowledging that the Description as described, provide reasonable assurance that those risks is prepared to meet the common needs of a broad range of would not prevent the control objectives stated in the user entities and their independent auditors, and may not, Description from being achieved. therefore, include every aspect of the System that each individual user entity and its independent auditor may • The controls were consistently applied as designed, including consider important in the user entity’s own particular whether manual controls were applied by individuals who environment. have the appropriate competence and authority. • The Description includes relevant details of changes to the System during the period from October 1, 2014 to September 30, 2015. • The controls related to the control objectives stated in the U.S. Bank National Association Description, which together with the complementary user entity Dale R. Smith controls and the subservice organizations’ controls referred to Executive Vice President above if suitably designed and operating effectively, were suitably November 16, 2015 designed and operated effectively throughout the period from October 1, 2014 to September 30, 2015, to achieve those control objectives. The criteria we used in making this assertion were that: • The risks that threaten the achievement of the control objectives stated in the Description have been identified by the Service Organization. 1502-1404605 2 Ernst & Young LLP Tel: +1 612 343 1000 Suite 1400 Fax: +1 612 339 1726 220 South Sixth Street ey.com Minneapolis, MN 55402-4509 II. INDEPENDENT SERVICE AUDITOR'S REPORT subservice organizations. Our examination did not extend to controls of The Board of Directors and Management the carved out subservice organizations. U.S. Bank National Association The information in the accompanying “Other Information Provided by the SCOPE Service Organization” is presented by management of the Service We have examined U.S. Bank National Association’s (U.S. Bank or the Organization to provide additional information and is not part of the Bank) Wealth Management & Securities Services (Service Organization) Service Organization’s Description. Such information has not been accompanying description of the Trust & Custody Account Transaction subjected to the procedures applied in our examination, and accordingly, Processing System for processing user entities’ transactions throughout we express no opinion on it. the period from October 1, 2014 to September 30, 2015 (Description) and the suitability of the design and operating effectiveness of controls U.S. BANK’S RESPONSIBILITIES described therein to achieve the related control objectives stated in the The Service Organization has provided the accompanying assertion titled Description. The trust and custody services are provided by the Wealth “Assertion of U.S. Bank National Association” (Assertion) about the Management & Securities Services (WM&SS) and Consumer and Small fairness of the presentation of the Description and suitability of the design Business Banking business lines of the Bank. U.S. Bank National and operating effectiveness of the controls described therein to achieve Association is a wholly owned subsidiary of U.S. Bancorp (the Parent). the related control objectives stated in the Description. The Service The Description indicates that certain control objectives specified in the Organization is responsible for preparing the Description and Assertion, Description can be achieved only if complementary user entity controls including the completeness, accuracy, and method of presentation of the contemplated in the design of the Service Organization’s controls are Description and Assertion, providing the services covered by the suitably designed and operating effectively, along with related controls at Description, specifying the control objectives and stating them in the the Service Organization. We have not evaluated the suitability of the Description, identifying the risks that threaten the achievement of the design or operating effectiveness of such complementary user entity control objectives, selecting the criteria stated in the Assertion, and controls. designing, implementing, and documenting controls to achieve the related control objectives stated in the Description. The Service Organization uses subservice organizations to provide certain services as described in Section III. The Description includes only the controls and related control objectives of the Service Organization and excludes the control objectives and related controls of the carved-out 1502-1404605 3 A member firm of Ernst & Young Global Limited SERVICE AUDITOR’S RESPONSIBILITIES INHERENT LIMITATIONS Our responsibility is to express an opinion on the fairness of the The Description is prepared to meet the common needs of a broad range presentation of the Description and on the suitability of the design and of user entities and their independent auditors and may not, therefore, operating effectiveness of the controls described therein to achieve the include every aspect of the System that each individual user entity may related control objectives stated in the Description, based on our consider important in its own particular environment. Because of their examination. We conducted our examination in accordance with nature, controls at a service organization may not prevent, or detect and attestation standards established by the American Institute of Certified correct, all errors or omissions in processing or reporting transactions. Public Accountants. Those standards require that we plan and perform Also, the projection to the future of any evaluation of the fairness of the our examination to obtain reasonable assurance about whether, in all presentation of the Description, or conclusions about the suitability of the material respects, the Description is fairly presented and the controls design or operating effectiveness of the controls to achieve the related described therein are suitably designed and operating effectively to control objectives is subject to the risk that controls at a service achieve the related control objectives stated in the Description throughout organization may become ineffective or fail. the period from October 1, 2014 to September 30, 2015. OPINION An examination of a description of a service organization’s system and In our opinion, in all material respects, based on the criteria described in the suitability of the design and operating effectiveness of the service the Assertion of U.S. Bank National Association: organization’s controls described therein to achieve the related control objectives stated in the Description involves performing procedures to • The Description fairly presents the Service Organization’s System obtain evidence about the fairness of the presentation of the Description that was designed and implemented throughout the period from and the suitability of the design and operating effectiveness of those October 1, 2014 to September 30, 2015. controls to achieve the related control objectives. Our procedures included assessing the risks that the Description is not fairly presented • The controls related to the control objectives stated in the Description and that the controls were not suitably designed or operating effectively were suitably designed to provide reasonable assurance that the to achieve the related control objectives. Our procedures also included control objectives would be achieved if the controls operated testing the operating effectiveness of those controls that we consider effectively throughout the period from October 1, 2014 to necessary to provide reasonable assurance that the related control September 30, 2015, and if user entities applied the complementary objectives were achieved. An examination engagement of this type also user entity controls contemplated in the design of the Service includes evaluating the overall presentation of the Description, the Organization’s controls and if subservice organizations applied the suitability of the control objectives, and the suitability of the criteria controls contemplated in the design of the Service Organization’s specified by the Service Organization and described in the Assertion. We controls throughout the period from October 1, 2014 to believe that the evidence we have obtained is sufficient and appropriate to September 30, 2015. provide a reasonable basis for our opinion. 1502-1404605 4 A member firm of Ernst & Young Global Limited • The controls tested, which, together with the complementary user entity controls and subservice organizations’ controls referred to in the scope paragraph of this report if operating effectively, were those necessary to provide reasonable assurance that the control objectives stated in the Description were achieved, operated effectively throughout the period from October 1, 2014 to September 30, 2015. DESCRIPTION OF TESTS OF CONTROLS The specific controls tested and the nature, timing, and results of those tests are listed in the accompanying “Description of Control Objectives, Controls, Tests, and Results of Tests” (Description of Tests and Results). RESTRICTED USE This report, including the description of tests of controls and results thereof in the Description of Tests and Results, is intended solely for the information and use of the Service Organization, user entities of the Service Organization’s system during some or all of the period from October 1, 2014 to September 30, 2015, and the independent auditors of such user entities, who have a sufficient understanding to consider it, along with other information, including information about controls implemented by user entities themselves, when assessing the risks of material misstatements of user entities’ financial statements. This report is not intended to be and should not be used by anyone other than these specified parties. November 16, 2015 Minneapolis, Minnesota 1502-1404605 5 U.S. Bank National Association Trust & Custody Services III. Description of the Trust & Custody Account Transaction Processing System SCOPE OF THIS REPORT FINANCIAL STATEMENT ASSERTIONS This report describes certain controls related to the processing of Financial statement assertions potentially affected by Trust and Custody transactions for the Trust & Custody Services of U.S. Bank National account transaction processing for user entities may include: Association (U.S. Bank or the Bank), supported by Trust Technology & • Completeness – Valid transactions are recorded and reported Support Services (TT&SS) and collectively referred to herein as the (transactions are complete). Service Organization The Service Organization represents certain Trust & Custody business units of the Bank’s Wealth Management & Securities • Valuation and allocation – Valid transactions are recorded and Services (WM&SS) and Community Banking and Branch Delivery reported at the proper amounts (transactions are accurate). (Community Banking) divisions. • Existence and occurrence – Valid transactions are recorded and Included in the scope of this report are certain controls over: reported in the proper period (transactions are valid and timely). • Securities and trade processing • Rights and Obligations – Valid transactions are recorded and reported for the appropriate investor. • Account administration functions provided to the clients of Institutional Trust & Custody, Fund Custody in support of Fund This list does not represent a comprehensive set of financial statement Services, municipal trustee businesses of Global Corporate Trust assertions at user entities. Other financial statement assertions not listed Services that utilize the custody services of the Service Organization, above are not applicable to the Trust & Custody account transaction and personal trust and corporate trust accounts that subscribe to the processing system. services of U.S. Bancorp Asset Management, Inc. (USBAM), a registered investment adviser affiliate of the Bank The account transaction processing service results in the recording of cash and investment transactions in the accounting records. These • Related transaction processing, securities movement and transactions may affect related transactions in the user entity’s financial safekeeping, trust accounting, and technology support functions statements, investment accounts, unrealized gains and loss accounts, provided by TT&SS payable and foreign exchange valuation accounts in the accounting records. These transactions affect similar accounts in the user entity’s This report is designed to provide information for use by institutional and financial statements. municipal user organizations and their independent auditors who audit the financial statements of an entity that uses the Service Organization as a OVERVIEW OF SERVICES PROVIDED service organization. The Global Structured Finance, Collateral Debt Obligation, and Corporate Trustee areas of the Global Corporate Trust The Bank provides a full range of fiduciary and investment services to business unit are out of scope of this report. institutional, corporate, nonprofit, and individual clients. Offices are 1502-1404605 6 U.S. Bank National Association Trust & Custody Services III. Description of the Trust & Custody Account Transaction Processing System located in Alabama, Arkansas, Arizona, California, Colorado, debt and structured finance transactions. The structured finance Connecticut, Delaware, District of Columbia, Florida, Georgia, Idaho, transactions include asset-backed securities, mortgage-backed Illinois, Indiana, Iowa, Kansas, Kentucky, Massachusetts, Michigan, securities, commercial mortgage-backed securities, and collateralized Minnesota, Missouri, Montana, Nebraska, Nevada, New Jersey, New debt obligations. The group operates a network of 50 domestic Mexico, New York, North Carolina, North Dakota, Ohio, Oregon, offices and two international locations in London (England) and Pennsylvania, South Carolina, South Dakota, Tennessee, Texas, Utah, Dublin (Ireland). Virginia, Washington, Wisconsin, and Wyoming, and internationally in London, Buenos Aires, and Dublin (Ireland). • Wealth Management: Through the Private Client Reserve, Asset Management Group, Ascent Private Capital Management, and Trust The Trust & Custody units are business lines at the Bank, a wholly owned Advisory Centers, Wealth Management delivers sophisticated and subsidiary of U.S. Bancorp (the Company). WM&SS and the Trust units customized financial solutions targeted at clients in the affluent, high within Consumer Banking are organized into the key business lines that net worth, and ultra-high net worth segments, including individuals are described below: and families, corporate executives, legal and health care professionals, business owners, and charitable organizations. Wealth • Institutional Trust & Custody (IT&C): Provides trust, custody, and Management provides financial planning, private banking, personal investment management services to corporations, employee benefit trust, investment management, investment advisory services, and plans, foundations and endowments, public and governmental retail brokerage services. entities, insurance companies, financial institutions, registered investment advisors (RIAs) and broker/dealers, unions, and some • The Private Client Group in Community Banking: Provides foreign clients. Primary roles within the markets include Relationship personalized wealth management services to affluent and high net Management (primary client contact). Account Management (daily worth clients, including individuals, business owners, and charitable administration) and Sales Management (new business development). organizations in more than 60 Community Banking locations across Institutional trust and Custody client portfolios include a broad range the U.S. Bancorp footprint through dedicated relationship managers of institutional relationships. Support groups include a broad range of specializing in personal trust administration, private banking, and institutional relationships. Support groups include: Sales support, financial planning services. Relationship managers provide a Product Management, Risk Management, Payment Services and significant level of service to clients through regular and systematic Asset Management Group for those accounts where the Bank has communication, and they enhance and expand relationships by investment discretion. creating and implementing customized financial solutions for clients. • Global Corporate Trust Services: Provides trustee, custodial, and • U.S. Bancorp Asset Management, Inc. (USBAM): Is a subsidiary of agency services to a client base that includes corporate, municipal, U.S. Bank N.A. and is a registered investment advisor with the and special-purpose entities that issue a broad spectrum of traditional Securities and Exchange Commission (SEC). The primary function 1502-1404605 7