On 3 March, the Banking, Insurance & Pension Fund Management Authority, the SBS, published the anti-money laundering and combating the financing of terrorism (AML/CFT) regulation applicable to regulated entities supervised by Peru’s Financial Intelligence Unit (UIF).

The regulation applies to entities who, pursuant to Acts 29038 and 27693 (which we discussed in Progreso 13), are required to report the following information to the UIF about transactions they have conducted: date and time, amount and transaction type, data about the person reporting, account number, currency, among others.

Under the terms of SBS resolution 789-2018, a regulated entity is understood to be a natural person with a business or a legal person engaged in the activities regulated under the resolution: realtors, machinery sales; trading in jewelry, metals, gems and coins; mining companies, currency exchange, trader of vehicles,  embarkations and aircraft; construction and/or real estate, trading in objets d’art and philately; hippodromes, lotteries, certain non-governmental organizations (NGOs) and entities engaged in lending or pawning. The most important areas to be regulated are described below:

Anti-money laundering and combating financing of terrorism system (AML/CFT system)

By virtue of the regulation, a system to prevent money laundering and the financing of terrorism (AML/CFT) must be set up by managing AML/CFT risk exposure. This should consist of the policies and procedures established by the regulated entity for reporting, in line with the regulation. These should imply, at least:

• Approval of policies and procedures for managing AML/CFT risk
• Appointing a compliance officer
• Approving due diligence policies
• Conducting internal and external AML/CFT system audits
• Approving procedures to prevent, detect and communicate to UIF-Peru all suspicious transactions that might have a link to AML/CFT, through a Register of Suspicious Transactions (RST).   
• Issuing the Compliance Officer’s annual report on the AML/CFT situation.
• Implementing mechanisms to handle requests for information made by UIF-Peru and the corresponding authorities.

Compliance Officer

A natural person appointed by the regulated entity who, as well as being in charge of the appropriate implementation and operating of the AML/CFT system, is the liaison between the regulated entity and the supervisory body. If the regulated entity is a natural person, (s)he can take on this role as well.

There is exhaustive regulation on the requirements that must be met in order to be a compliance officer: how the post is nominated, removed and when there is a vacancy. The different hierarchies are specified too: the alternate compliance officer who is the substitute for the incumbent officer, and the corporate compliance officer, appointed by regulated entities who are members of the same economic group.

Register of transactions (RT) and reporting suspicious transactions (RST)

Regulated entities will be required to have records in electronic format of the transactions made by their clients and keep a security copy.  They will also have to report to UIF-Peru, through their compliance officer, the transactions they consider to be suspicious within 24 hours, independently of the monetary sum involved.

Other important issues:

• Internal standards for regulated entities: it will be obligatory to have a manual and a Code of Conduct on AML/CFT preventative measures and risk management.
• Identification and assessment of AML/CFT risks: considering risk factors by client, products and services, and geographical area
• Standards that are specific to the regulated entity in question
• Preserving information: information relating to the AML/CFT system must be stored for at least 5 years

This new legislation includes a Final Additional Provision regulating, among other matters, the time-limits for adapting to the regulation.  Regulated entities -apart from those engaged in currency exchange- will have 6 months in which to apply the new stipulations regarding the Registry of Transactions, while those who are authorized to have a corporate compliance officer will have 2 months to comply with the provisions of the regulation.