AML and CFT Manual

Our Money Laundering and Terrorism Financing Prevention Manual outlines strict measures to protect against illicit activities, ensuring a compliant and trustworthy trading platform.

Introduction

This manual is designed to prevent money laundering (AML) and terrorism financing (CFT), which involves having appropriate systems and controls in place to mitigate the risk of the company being used to facilitate financial crime. This AML Policy establishes the minimum standards that must be met and includes:

        • The appointment of a person who is capable of identifying Money Laundering activities (MLRO), with sufficient capacity and responsibility to oversee compliance with relevant legislation, regulations, standards, and industry guidance.
        • Establishing and maintaining a Risk-Based Approach (RBA) to assess and manage the risks of money laundering and terrorism financing for our company.
        • Establishing and maintaining Due Diligence, identification, verification, and Know Your Customer (KYC) procedures based on risk, including manual and enhanced Due Diligence for higher-risk clients, such as Politically Exposed Persons (PEP).
        • Establishing and maintaining risk-based systems and procedures to monitor ongoing customer activity.
        • Procedures for internally reporting suspicious activities and reporting to relevant government authorities as appropriate.
        • Maintaining appropriate records for prescribed minimum periods.
        • Due Diligence, Training, and awareness for all employees of the company.
        • Combating Terrorism Financing (CFT).
        • The Company adopts a risk-based approach when adopting and implementing Counter Financing Terrorism (CFT) measures and conducting AML risk assessments.

International Sanctions Policy (ISP): Our company is prohibited from conducting transactions with individuals, companies, and countries that are on recognized sanctions lists.

Compliance Officer:

The Compliance Officer will be responsible for proposing and developing Anti-Money Laundering (AML) policies within the company and evaluating compliance with these policies through the analysis of the procedures adopted for this purpose. The tasks of the Compliance Officer include:

a. Evaluating the effectiveness of the anti-money laundering system in accordance with current regulations and best practices in the field.

b. Proposing Anti-Money Laundering policies and procedures within the company.

c. Promoting the adoption of best practices for anti-money laundering and terrorism financing prevention.

d. Assigning prevention functions to primary responsible parties based on the type of operations they manage.

e. Reporting anomalies or non-compliance to the board for necessary corrective actions and suggestions.

f. Ensuring that the company maintains files of customer identification records.

g. Presenting to the board, for decision-making purposes, all reports of unusual operations received from the finance department that are considered suspicious after analysis.

h. Analyzing the conclusions reached through the auditing procedures and presenting their opinion to the Committee.

i. Being responsible for responding to any information request from the Financial Intelligence Unit, subject to the Committee’s intervention.

Compliance Officer’s Powers: In order to carry out the functions assigned, the Compliance Officer shall have the following powers:

a) Proposing to the obligated person the programs, norms, procedures, and internal controls that must be adopted, developed, and implemented to prevent the improper use of their services and products in money laundering or other asset-related activities.

b) Informing the personnel of the obligated person about all legal and regulatory provisions, as well as existing internal procedures in relation to the prevention and detection of money laundering or other assets.

c) Coordinating with other instances of the entity, the implementation of programs, norms, procedures, and internal controls established by the Law and ensuring their compliance.

d) Preparing and documenting the information to be sent to the corresponding entity, through the Intendancy, regarding the data and documentation referred to in the Law, particularly reports of suspicious transactions detected in the entity.

e) Maintaining a constant technical and legal update on the subject of prevention and detection of money laundering or other assets, as well as establishing channels of communication and cooperation with compliance officers, or those performing such functions, in other obligated persons, regarding training and patterns of money laundering or other assets while always ensuring the confidentiality of information established in the Law.

f) Organizing the training of personnel on aspects related to the prevention and detection of money laundering or other assets and sending a semi-annual report of said training to the corresponding entity.

g) Documenting the efforts made by the institution in money laundering or other asset prevention matters.

h) Presenting quarterly reports to the board of administration of the obligated person on the effectiveness of internal control mechanisms implemented in their institution, related to the compliance program.

i) Any other powers established by the laws in the matter.

Programs: Obligated persons must adopt, develop, and execute suitable programs, norms, procedures, and internal controls to prevent the improper use of their services and products in money laundering or other asset-related activities. These programs will include, at a minimum:

a) Procedures to ensure a high level of integrity of personnel and knowledge of personal, employment, and patrimonial backgrounds of employees.

b) Ongoing training for personnel and instruction regarding the responsibilities and obligations derived from this law. The training must also cover knowledge of techniques that enable employees to detect operations that may be linked to money laundering or other assets and the procedures to follow in such cases.

c) Establishment of an auditing mechanism to verify and evaluate compliance with programs and norms.

d) The formulation and implementation of specific measures to know and identify customers.

Additionally, obligated persons must appoint managerial officials responsible for supervising compliance with programs and internal procedures, as well as compliance with the obligations established by this law, including maintaining and sending adequate records and reporting suspicious and unusual transactions. These officials will serve as liaisons with the competent authorities.

Updating AML and CFT Standards

Annually.

Trainings / Monitoring / Compliance Reminders

Employees must familiarize themselves with the content of this Policy and participate in the courses and training sessions related to it; failure to comply within the established deadlines will be considered a violation and may result in disciplinary action.

External Audit

To reinforce the achievement of the proposed objectives in preventing money laundering and terrorism financing, external audits are conducted regularly every 6 months. The results of the applied audit procedures will be communicated to the Compliance Officer, who will inform the Committee.

Audit Programs: Obligated persons who have internal audits must include as part of their procedures the mechanisms to verify and evaluate the effectiveness and compliance with the programs, norms, and procedures for the prevention and detection of money laundering or other assets.

Policies for Not Contracting Services from "Shell Banks"

As per the company’s policies, no business relationships should be established with banks or financial institutions that do not have physical presence in any country, known as Shell Banks.

Detection and Monitoring of Unusual or Suspicious Activities General Aspects:

Current regulations require that once operations susceptible to being reported are detected, they should be analyzed and handled in accordance with the provisions of this Manual. Analysis of Operations: The Compliance Officer must analyze the reported operations that appear unusual and are not within the parameters of regularity and report to the Compliance Officer with a well-founded opinion. For this purpose, the following guidelines must be followed:

          • Verify the overall situation of the clients, analyzing available information and related statistics on the transactions performed.
          • Analyze the transactions carried out based on the information obtained and, accordingly, determine the feasibility of requesting and/or obtaining additional data, information, and/or documentation.
          • Observe the client’s willingness to provide requested information, the level of satisfaction with the information provided, whether it is insufficient, misleading, or difficult to verify.
          • Document the procedures carried out.

Reporting of a Suspicious Operation in the event of detecting unusual operations, further analysis should be conducted to obtain additional information that corroborates or reverses the unusual nature, documenting in writing the conclusions reached and the supporting documentation verified, keeping a copy of the same.

Moreover, the reporting should not be limited only to suspicious operations that have been effectively carried out but also attempted operations, i.e., those maneuvers that could not be completed due to various reasons but still raise suspicion of illegality.

The report of suspicious operations must be well-founded and include a description of the circumstances that lead to considering the operation as having such a character.

Due Diligence of Clients and Enhanced Due Diligence

The due diligence measures consist of knowledge and control procedures adopted by obligated entities concerning their clients.

Developing an effective customer knowledge policy is a useful tool for identifying risky clients and detecting unusual or suspicious transactions.

Implementing due diligence procedures allows for the correct identification of clients based on data collection about their identity, activities, transaction frequency, and the legitimacy of the origin and destination of funds used or resulting from their operations. It also enables the acquisition of knowledge elements about their behavior, such as their willingness to provide requested information.

In this regard, the experience and expertise of personnel in direct contact with clients are a source of crucial knowledge.

The manner in which clients are engaged -occasionally or habitually-, the way they operate or acquire assets, the frequency with which they do so, among other aspects, allow for the detection of irregularities, requiring a more thorough monitoring of the client and, if necessary, reporting to the Compliance area.

Examples of the above are as follows:

          • A client whose handling of resources is disproportionate to their economic capacity.
          • A client seeking to make cash deposits/withdrawals of large volume.
          • An individual conducting transactions on behalf of third parties.
          • Detection of altered information provided by clients.
          • Bribery or attempted bribery of an employee.
          • Clients transacting exceeding TEN THOUSAND DOLLARS without supporting funds.
          • Clients providing false identification.
          • Clients attempting to conduct transactions without registration.
          • Clients asked to identify themselves but refuse to do so at the time of the transaction.
          • Clients inquiring about the amount of money they can operate without the need for registration.

Moreover, certain profiles of individuals -combined with the handling of large sums of money- also raise the need for increased scrutiny due to the possibilities that the money may come from illicit activities or be used to finance terrorism.

Special attention should be given to individuals acting on behalf of others, citizens or persons domiciled in countries that do not apply or inadequately apply the recommendations of the INTERNATIONAL FINANCIAL ACTION TASK FORCE, countries or regions considered “tax havens,” and individuals listed as terrorists.

Know Your Customer (KYC)

Customer knowledge is the cornerstone upon which the entire process of detecting unusual or suspicious transactions is based, based on the internationally known “know your customer” policy.

This means that the obligated entity must have specific knowledge of the individuals or companies with whom it maintains business relationships: what they do, how they generate their earnings, and their regular cash flow, among other aspects.

Customer knowledge involves paying special attention to their behavior and willingness to provide information.

The customer knowledge policies in any entity should be an organized effort to collect relevant information that allows for the detection and analysis of suspicious transactions. All efforts by obligated entities to know their customers have three general purposes:

          • Serve as a deterrent to keep financial crime away from the entity.
          • Prevent the establishment of business relationships with customers who cannot be identified or refuse to be identified.
          • Enable the detection of unusual transactions and the determination of suspicious operations, which must be reported to the authorities.

Customer Registration: For the purposes of the registration, obligated persons, when initiating business relationships or relationships related to their normal or apparent business operations with a customer, particularly when opening new accounts, or executing bank transactions exceeding the amount of TEN THOUSAND DOLLARS, must establish the necessary mechanisms to have the minimum information required in the form that the corresponding entity will prepare for this purpose, to which they may add other information they consider relevant. Obligated persons must ensure that the registration referred to in this paragraph is kept up to date.

With the purpose of fulfilling the objectives of the Law, obligated persons may not carry out any transaction with customers who do not provide the required information and documentation in a timely manner.

Obligated persons must establish the procedures they consider appropriate to verify the information provided by their customers. Likewise, they must provide written records of the applied procedure.

Records: Obligated persons must keep a record on forms of individuals or legal entities with whom they establish business relationships or relationships related to their normal or apparent business operations, whether these are occasional or habitual customers, and the transactions carried out with them, particularly with regard to the opening of new accounts, or executing bank transactions that exceed the amount of TEN THOUSAND DOLLARS.

They must also thoroughly verify the identity, business name or denomination of the person, age, occupation or corporate purpose, marital status, address, nationality, representation, legal capacity, and personality of the individuals referred to in the preceding paragraph. In the case of foreigners, obligated persons must require irrefutable proof of their entry and legal residence in the country, as well as their migratory status, and when they are not residents in the country, the identity of the person who will legally represent them.

Identity of Third Parties: Obligated persons must adopt the necessary measures to obtain, update, verify, and retain information about accounts suspected of being used for the benefit of third parties. Under no circumstance will the obligated person open an account that is being used to benefit third parties, and in case of identifying the existence of one it shall be immediately shut down until proved otherwise.

Updating and Preservation of Records: The records must be updated during the term of the business relationship and retained for at least five years after the completion of the transaction or after the account has been closed. Likewise, obligated persons must keep records that allow the reconstruction of transactions that exceed the amount of TEN THOUSAND US DOLLARS for at least five years after the conclusion of the transaction.

Daily Record Obligation: Obligated persons must maintain a daily record, on forms, of all bank transactions, whether occasional or habitual, in national or foreign currency, that exceeds the amount of TEN THOUSAND US DOLLRAS or its equivalent in national currency. Multiple bank transactions, whether in national or foreign currency, that in their entirety exceed the amount established in this paragraph will be considered as a single transaction if they are carried out by or for the benefit of the same person during one day.

Identity: What documents and information are verified.

A process of identification must be prepared for those clients who carry out transactions with the obligated person.

a) Full name;

b) Date and place of birth;

c) Identity document;

d) Marital status (if married, name and identity document of the spouse);

e) Address;

f) Profession, occupation, or main activity;

g) Volume of income.

Customer Knowledge and Identification: In compliance, obligated persons must formulate, implement, and maintain programs with specific measures to know and identify their customers.

For transactions, obligated persons must obtain general information from their customers.

Obligated persons must review and, if necessary, update the data of the customers at least once a year, providing written evidence of the date on which such a review and/or update is carried out.

Programs: Obligated persons must adopt, develop, and implement programs, rules, procedures, and appropriate internal controls to prevent the misuse of their services and products for money laundering or other asset-related activities. These programs must include, at a minimum:

  1. Procedures to ensure a high level of integrity of personnel and knowledge of personal, work, and financial backgrounds of employees.
  2. Ongoing training and instruction for personnel regarding the responsibilities and obligations arising from this law. The training should also cover techniques to enable employees to detect transactions that may be linked to money laundering or other assets and how to proceed in such cases.
  3. Establishment of an audit mechanism to verify and evaluate compliance with programs and rules.
  4. The formulation and implementation of specific measures to know and identify customers.

Obligated persons must also designate managerial officials responsible for overseeing compliance with internal programs and procedures, as well as compliance with the obligations imposed by the law, including maintaining and submitting appropriate records and reporting suspicious and unusual transactions. These officials will serve as liaisons with the competent authorities.