The Colombian Government wants to establish anti-corruption measures, as set out in a number of proposed regulations that are going through their readings in Congress.

Specifically, to prevent corruption in the private sector, legal persons in private law can now be charged with criminal liability, in addition to the criminal liability of natural persons already existing under law.

Criminal liability applicable to legal persons, as distinct from the liability of natural persons, may be transferred across companies even if they are merged, broken up or taken over, and will entail penalties such as disbarment from certain activities, removal of board directors, senior managers or legal representatives, and the shutting down of the legal person, or fines. Furthermore, companies will be required to adopt compliance models and to put in place crime-prevention measures such as financial-resource management models designed to prevent felonies from being committed, and, in the event of non-compliance with the policies that have been rolled out, disciplinary arrangements to apply commensurate penalties.

To this end, the Bill supports the creation of a corruption-prevention network; adjustments to the disciplinary structure, including disbarment for up to 20 years from hiring the individuals or companies responsible for the disciplinary breaches; reductions in penalties for those being disciplined if they cooperate in the disciplinary actions; raising the corporate veil from companies involved in corrupt acts (which is different from the criminal liability applying to legal persons); the adoption by state institutions of a system for preventing, controlling and mitigating the risk of corruption, and implementing business-ethics programs.

The intention is also to put in place transparency mechanisms for public-sector employees, such as the requirement to prepare statements of the goods acquired by civil servants in the previous five years, which must be submitted to the tax authorities; and the restriction of direct procurement (ie, purchases not subject to the public tender process) to ten per cent (10%) of public institutions’ budgets.

The Bill also proposes introducing new procedural instruments to improve efficiency and provide more opportunities for investigating crimes relating to acts of corruption.

On 21 September, the Financial Authority issued Circular 60/2018 authorizing the Special Leave to Remain (SLR) as a valid identity document for opening and/or onboarding financial products and services. This provision provides mechanisms to make the migration process easier and enable Venezuelan citizens to remain in Colombia legally.

The Circular recognizes the Special Leave to Remain (SLR) document when it is supported by a Venezuelan identity card or passport, as legitimate and sufficient identification for acquiring financial products and/or services in Colombia.

The Special Leave to Remain (SLR) will be valid for ninety days (renewable for the same period of time up to a maximum of two years) and is only given to Venezuelan nationals who meet the following requirements: they were in Colombia on 2nd February 2018, having entered the country through a Migration Control Post with a passport; they have no criminal record, whether domestic or international, and there are no expulsion or deportation orders in force over them.

Colombia’s Financial Authority has on numerous occasions urged regulated institutions to accept the Special Leave to Remain (SLR) as legitimate and sufficient identification, if supported by the corresponding Venezuelan identity card or passport, for acquiring financial products and/or services in Colombia.

In any event, for linkage of Venezuelan nationals, regulated institutions must ensure that risk management systems are properly followed and particularly that they comply with Know Your Customer instructions.

The Agricultural Finance Fund (FINAGRO) has amended its Service Manual on risk management instruments in the agricultural sector, publishing these changes in Circular P-29/2018.

The Manual regulates agricultural and rural credit; this circular introduces amendments to the sixth clause, on risk management instruments in the agricultural sector:

1. It updates the sum available in 2018 for incentivizing agricultural insurance through subsidies on premiums, which is part of the Annual Agricultural Risk Management Plan, bringing it up to about EUR 9,144,000.
2. Insurance companies must submit a digital copy to FINAGRO of the cover-page of their policies and the appendices to these.
3. Any amendments to policies should be explained and accounted for by the insurance company, using the appendices available for this purpose.
4. The deadline for FINAGRO to pay the agricultural insurance Incentive (ISA) has been changed, to take into account the availability of effective resources in the National Agricultural Risk Fund’s accounts.

With these new stipulations, FINAGRO will continue to support the development of Colombia’s rural sector and to provide resources in favorable conditions to other financial institutions, so that they can originate credits for productive programs.

Colombia’s Congress has passed Bill 054/2018 requiring entities authorized to take deposits from the public and charge handling fees on the service, to provide a minimum pack of free financial products and/or services linked to savings accounts and debit/credit cards.

Free financial products and services

The Bill’s provisions are the same as those contained in the previous draft, discussed in Progreso 9. It includes the composition of the minimum package which must be offered at no further cost to holders of savings accounts, debit or credit cards, as well as those doing transactions over other touchpoints.

The minimum package will provide access to at least three of the pre-established products or services, depending on the product that the customer has chosen. These free-to-the-user packages are as follows:

• Savings account: checkbook or bank passbook for savings accounts, domestic deposits, counter withdrawals using checkbook or passbook at branches other than the one where the account is held, paper copy of bank statement, banking certificates and issuance of cashier’s checks
• Debit cards: withdrawals from the institution’s own proprietary or third-party teller network, inquiries using the institution’s proprietary or third-party teller network, banking certificates and domestic deposits
• Credit cards: withdrawals against the credit account from the same institution or others, withdrawals of credit over the counter in the branch office, balance inquiries in the proprietary teller and replacement as a result of wear and tear

The Bill also forbids charging for failed ATM transactions and establishes the requirement on entities covered by this law to inform users of the products and services contained in the minimum package, and to inform them that they will be able to use this pack at no further cost in the corresponding month.

Legislative Decree 1388 modifying the Law against tax evasion and encouraging the formal economy was published in September.

The changes include the obligation to use certain payment systems (account deposits, money orders, fund transfers, payment orders, debit and credit cards issued in the country, together with checks that are non-negotiable, non-transferable, non-bearer or equivalent, etc.) for the following transactions:

a) Transactions completed by means of paying sums above PEN 3,500.00 or USD 1,000.00, even when these are effected by partial payments of smaller amounts,

b) Paying in or returning sums of money under the heading of consumer loans, independently of the amount involved in the contract, and

c) Payment of sums of money for the following transactions for amounts equal to or more than 3 tax units (UIT):

• Constitution or transfer of real rights over real estate,
• Transfer of ownership or constitution of real rights over vehicles, new or used, whether these are for air, sea or land transport, and
• Acquisition, expansion and reduction of stakes in the capital of a legal person.

In addition, the Decree makes provisions for the duty of regulated entities to prove the payment systems used in the corresponding legal act and/or legal instrument drawn up. If the client refuses to comply with this requirement, the duty of the regulated entity is to refrain from completing the transaction, with the obligation of considering whether to make a report of suspicious activity to Peru’s Financial Information Unit.

In the case of foreign trade transactions, payment systems must be used for the international trading of merchandise for import for consumption whose FOB value is above PEN 7,000.00 or USD 2,000.00.

The amendments will come into force once the Decree changing the table of sanctions applicable to the breaches stipulated in the General Customs Law enters into effect.

The Peruvian government has published Legislative Decree 1385, imposing criminal sanctions on acts of corruption affecting normal commercial relations and fair competition between companies.

In articles 241-A and 241-B, the Decree makes provisions for the penalties to be imposed in cases of corruption in the private sector. Specifically, they apply to those parties* that directly or indirectly accept, receive or demand any kind of wrongful donation, promise or other advantage or benefit of any kind, whether for themselves or for a third party, to carry out or refrain from carrying out an action that favors another party in the acquisition or marketing of goods or merchandise, in the hiring of commercial services and in commercial relations. The provision above also applies in the event of these types of action being taken with the intent of harming the legal person.

For the situations described above, the parties will be given custodial sentences of up to four years and professional disbarment, pursuant to paragraph 4, article 36, of the Penal Code.

On 10th October, the Securities Market Authority published its provisions regulating clause c) of article 51 of the Securities Market Law.

We should remember that this article 51.c sets out that it is incumbent on the Board of Directors to authorize beforehand those actions or contracts involving at least 5% of the issuing company’s assets, those undertaken with natural or legal persons with links to their board members, directors, and those involving shareholders who represent, whether directly or indirectly, more than 10% of the company capital; as well as putting the terms of the transactions out  for review by an external auditing company to the issuing company, in cases where the parties doing the legal business are subject to the same controlling shareholder.

Scope of application

The resolution applies to all companies having at least one type of share that entitles holders to voting rights in proportion to the equity capital filed in the Public Securities Market Register. This can include listed companies set up abroad whose securities are treated as though they were domestic, unless they report their decision not to be subject to the regulation.

Related parties and control

The Resolution defines the scope of “linkage” to the listed company’s board directors, senior managers and shareholders and refers back to the Regulation on Indirect Ownership, Linkage and Control, passed under Resolution SMV 019-2015-SMV/02, determining indirect ownership and control.

Prior authorization from the Board of Directors

In addition, it specifies those actions or contracts that require prior authorization from the Board of Directors, which include:

• Those undertaken with natural or legal persons with links to the listed company’s board members, directors or shareholders
• Those in which the listed company’s controlling shareholder is also the legal person involved as the counterparty

In the above scenarios, those board members with links to the counterparty in the action or contract should refrain from taking part in the deliberation and from voting in the session held to decide whether to enter into the legal business in question. If it is not possible for the Board of Directors to come to a decision about the action or contract and it needs to be decided, it will be brought up for consideration at the General Shareholders Meeting.

External auditors

Turning to the regulations over the participation of external auditors, the law indicates that auditing companies that are registered and licensed in any of Peru’s Professional Chartered Accountants’ Colleges may act as such. They must be chosen by the listed company’s board of directors, who will verify that they meet the requirements established in the law. Similarly, the external auditors will produce a report with their reasoned opinion, laying out the analysis, form of practice or methodology used to measure and evaluate the assets, liabilities or other matters in the action or contract. This report must take a position as to whether the price or the consideration is made at fair value.

Approval by the Board of Directors or the General Shareholders Meeting to enter into an action or contract, the choice of the external entity and the receipt of their report should all be reported in Relevant Event filings.

Four years have gone by since the Official Journal of the European Union published EU Directive 2014/95, 22 October 2014, about the disclosure of non-financial information and diversity by major corporations and certain business groups. A very important piece of legislation that, as we have noted in previous editions of Progreso 13, aimed to improve institutional transparency and sustainability and raise levels of trust among investors, consumers and wider society.

Royal Decree 18/2017 was passed in November 2017 and a year later it is the turn of this bill, which definitively transposes the European Directive into Spanish law, putting Spain at the vanguard of business transparency.

The Bill amends the Code of Commerce, the Corporate Enterprises Act and the Auditing Act, furthermore setting out several reforms to the Collective Investment Institutions Act, covered in the first additional provision.

Although the Bill’s contents are similar to those of the Decree, the new regulation introduces provisions that were not covered in such detail either in the decree or in the EU Directive:

Non-financial information statement

As well as establishing which companies are required to include a non-financial information statement in their management report, the Bill specifies what it should contain:

• A short description of the group’s business model, including its business environment, organization and structure, the market in which it operates, its aims and strategies and the main factors and trends that could affect its future development.
• A description of the Group’s policies, especially due diligence processes used to identify, assess, prevent and mitigate significant risks and impacts, including the measures adopted.
• The results of these policies, which should include key non-financial result indicators so that any progress can be tracked and assessed; these indicators should make it easier to compare across companies and sectors.
• The main risks inherent to the group’s activities, with an explanation of the procedures in place to identify and assess them and also information about the impacts detected, with a list of these and of the key short, medium and long-term risks.
• Key non-financial results indicators relating to the business’ own activity, that satisfy comparable, material, relevant and reliable criteria, using widely applied standards that comply with European Commission guidelines and those of the Global Reporting Initiative. Each of the sections in the non-financial information statement must give their non-financial results.

The regulation specifies that the consolidated non-financial information statement will also have to include significant information about: i) environmental issues (pollution, circular economy and waste prevention and management, sustainable use of resources, climate change and protection of biodiversity); ii) social issues and those affecting staff (employment, work scheduling, health and safety, social relations, training, universal access to those with disabilities and equality); iii) respect for human rights; iv) the battle against corruption and bribery; and v) societal issues (the company’s commitment to sustainable development, its policy on outsourcing and suppliers, questions affecting consumers and fiscal information).

It also stipulates that the management report be made available to the public free of charge and should be easily accessible on the company website within six months after the end of the financial year, and for a period of five years.

New responsibilities for the board of directors

The project lays out the following new responsibilities for the board of directors:

• To strive to make the selection procedures facilitate diversity in terms of age, gender, education and professional experience, and for these procedures to promote the selection of female board members in sufficient numbers as to reach a balance between men and women.
• To supervise the process of drawing up and presenting the financial information and the management report, the second of which should include the non-financial information statement, to ensure that it is complete and accurate.

Annual corporate governance report

The bill also specifies that the annual corporate governance report that companies have to publish should contain a description of their diversity policy as it applies to their board of directors and support committees, and to the management body, including: aims, measures taken and how they are applied, procedures to include on the board enough women to encourage a balanced gender mix on this body, and the company’s results for the period covered by the reports. Entities must provide clear, reasoned explanations if no specific diversity policy exists.

Companies will also have to state in this annual report whether they have informed shareholders about their diversity criteria and targets, in the event of appointing or renewing members of the board, the support committees or management.

Application

The amendments brought in by the bill will apply to the financial periods after 1 January 2018, for those companies filing consolidated accounts and meeting the following requirements:

• Having on average during the period more than 500 workers employed by the companies in the group
• Being considered institutions of public interest under the auditing legislation, or otherwise meeting at least two of the following circumstances for two consecutive financial periods, and on the end-date of both periods:
  • Total consolidated asset items above EUR 20 million
  • Net consolidated annual turnover above EUR 40 million
  • More than 250 workers employed on average over the period

Three years after the law comes into force, it will be mandatory for companies with more than 250 workers to present a consolidated non-financial information statement. It will also be mandatory for institutions of public interest within the terms of the auditing legislation, and for those meeting at least one of the following criteria for two consecutive periods and on the end-date of both periods:

• Total assets above EUR 20 million
• Net annual turnover above EUR 40 million

On 19 September the Argentine Executive passed the new Personal Data protection Law, which replaces the 25.326 Act and its amending regulations, the 26.343 Act.

The regulation brings in many new features to adapt to the new international personal data protection environment and to bring it up to date with new technology. The areas with the greatest impact on regulated entities’ governance systems are highlighted below:

Purpose and scope of application

The law provides complete protection over personal data to ensure that title owners can exercise their rights fully. The law excludes from its scope of application data processing when this is carried out by a natural person for purely private or family use and it does not protect legal persons, since these are not viewed as title owners of fundamental rights.

In line with the latest international trends, and in particular with the European Parliament and Council’s General Data Protection Regulations, of 27 April 2016, the law is also applicable in those cases where the data processing controller is not located in national territory, thus giving title owners greater protection.

New concepts and principles

New concepts have been included, such as biometric data, genetic data, data anonymity and security incident with personal data, while some existing concepts, such as personal data*, sensitive data and database, have been redefined.

Special importance is given to the principles of accuracy, transparency, safety and conservation period of data, and to the principle of data processing permission, including a new focus on the principles of data minimization and of proactive responsibility. For these effects, it is worth drawing attention to:

• Conservation period: personal data will not be stored beyond the time that is strictly necessary to satisfy the purpose of the processing. Data may be stored for longer periods provided that they are processed for the purposes of public interest archive, research or for statistical reasons.
• Proactive responsibility: such actions as are necessary to comply with proactive responsibility are set out, among them: the obligation to adopt privacy policies or to adhere to binding self-regulation mechanisms. Adhesion to these mechanisms is voluntary and can be materialized in codes of conduct, good practice codes, binding company standards, trustmarks and certifications.
• Permissions: the law contains exhaustive regulation on the data owner’s consent although, unlike the latest European regulation, tacit consent is allowed in certain scenarios. There is also a specific provision for processing the data of minors; their consent is valid when it is applied to processing data linked to their use of online services that are specifically designed for them. In these cases, consent will be lawful if the minor is at least 13 years old. If not, processing will only be lawful if the consent is granted by the minor’s parents or guardians.

Rights of title owners and obligations of data processing controllers

The law regulates the basic rights of access, rectification, objection and removal. It acknowledges the inclusion of the right to be forgotten as part of the right of removal, and considers the newly acquired right of data portability.

In terms of obligations, the law includes the data processing controller’s duty to inform the data owner of the purposes of the processing, the identity and contact data of the processing controller, the means available to them to exercise the rights listed above, data transfers both domestic and potential international ones, the right to withdraw consent and file a complaint, among others.

The new provisions introduced by the law are:

• Data protection by design and by default: the data processing controller must use technological and organizational means before and during data processing to guarantee, furthermore, that only such personal data as is necessary for each of the purposes of the processing is actually processed.
• Carrying out an impact study: before processing data which, by its very nature and scope is likely to involve a high risk of affecting the rights of the data owners. This assessment will be obligatory for automated data processing or profiling and for processing sensitive big data or data relative to criminal convictions.

Data Protection Officer

In line with international trends, the Argentinian law introduces the figure of the data protection officer; this position must be filled when the data processing controllers are public-sector bodies, are processing sensitive data or data in bulk.

This figure, which can also be appointed on a voluntary basis, will carry out their functions with independent criteria and will report only to the highest level of the organization; the person must meet the vetting requirements and be shown to have the capability and specific skillset to perform their duties.

This law will not come into force until two years after its publication in the Official Gazette.

The draft of the Consolidated Text of the Securities Market Law, pursuant to Royal Decree 14/2018 passed in September, has been published recently. This transposes into Spain’s body of law the provisions of EU Directive 2014/65/ (MiFID II) and its Delegated EU Directive 2017/593, which had been awaiting adaptation.

The Bill contains several provisions regulating the system for authorizing and supervising service companies and investment activities and those granting new supervisory powers to the National Securities Market Commission (CNMV); it also makes significant additions to the rules of conduct that these companies must follow to guarantee investor protection. Even though many of them were covered in the previous EU Directive 2004/39 (MiFID I), these requirements represent reinforced duties of customer reporting and of monitoring transactions that trigger conflicts of interest.

Some of the most important features are highlighted below:

General organization, conduct and information duties

The regulation lays down general minimum requirements for internal organization and operating, and some general duties that companies must adhere to in the best interests of their clients and other stakeholders, having the duty of acting honestly, impartially and professionally.

Specifically, companies are obliged to adopt such measures as might be necessary to prevent, detect and manage potential conflicts of interest between their clients and the company or group itself.

It stipulates that they must keep their clients informed at all times in an appropriate, impartial, clear and trustworthy manner, and identify, where applicable, information that is of an advertising nature. They should also provide clients with a report on the service provided, in a durable format. This report should cover the regular reporting that has been carried out, explaining the type and complexity of the financial instruments in question and the nature of the service, and noting the cost of the transactions and services performed against the client’s account.

Furthermore, companies must ensure at all times that they have all the information on their clients that they need and must assess the suitability and need of the investment services or portfolio management they offer, so that they are commensurate with clients’ risk tolerance and capacity to withstand losses.

The board of directors

Consistent with the regulatory developments of the last few years, the Bill reinforces the relevance of the board of directors, conferring on it the duty of defining, approving and supervising the following matters:

• The company’s organization, the knowledge, skills and experience required of its staff, its resources and procedures, and the provisions applicable depending on the nature, scale and complexity of its activities
• Its strategy for the services, activities, products and transactions it offers, matched to its risk tolerance, as well as clients’ profiles and needs
• The remunerations policy of the people providing services to clients, and their inclination to incentivize responsible business conduct, fair treatment of clients and avoidance of conflicts of interest

This body will also be in charge of regularly monitoring and assessing the institution’s corporate governance system and the appropriateness and application of its strategic goals.

Likewise, it will be responsible for the risks taken on by the institution and should spend enough time on considering issues relating to these, as well as on regularly approving and reviewing the strategies and policies around assuming, managing, supervising and reducing risks. The regulation requires companies to set up a risk committee, unless they are exempted under the regulations from this obligation.

Vetting the board of directors

Turning to the profile of the board of directors and its members, the regulation stipulates that the board should collectively have enough knowledge, skills and experience to understand the institution’s activity and its key risks, as well as to ensure that decisions are taken independently and freely.

The members of this body and of Senior Management should also individually meet the following vetting requirements*: i) being known to be trustworthy, honest and of integrity; ii) possessing enough knowledge, skill and experience; iii) acting with independent criteria and iv) being in a position to exercise good governance over the institution.

Companies will have to make sure that their board members and senior management comply at all times with the vetting requirements specified above, to which end it is important that internal units and procedures are in place to carry out selections, re-elections and succession planning.

The CNMV will also review the suitability of those occupying these positions. To this end, the Bill has added new requirements (honesty and professional integrity, skills, independent criteria and good governance) to those listed in the earlier law, such that non-compliance with any of these could result in the CNMV taking measures to remedy the shortcomings noted. These measures could be: i) revoking the company’s license, on an exceptional basis, or ii) requiring the person to be temporarily suspended or permanently dismissed, or else for the deficiencies to be rectified.

A new feature is that these requirements must also be satisfied by the consolidated groups of which the companies form part, the members of the board and the senior management of the parent companies, when these are holding companies or mixed-activity holding financial companies; they must also be satisfied by those in charge of internal control functions, financial directors and other key positions in the companies who have been chosen for the daily running of the business.

The Bill also includes a reference to diversity in the make-up of the organ of governance, stipulating that selection procedures must tend towards diversity of experience and knowledge, encourage the selection of women, achieve a balanced presence on the governing body and, in general, avoid unconscious bias that leads to any form of discrimination.

Appointments and remuneration committee in significant institutions

The bill requires institutions that are classified as significant to set up a nominations committee made up of non-executive members of the board. The CNMV will decide the maximum number of posts which board members and senior managers can occupy at the same time in these institutions.

The CNMV can also decide whether a significant company should have a dedicated remuneration committee, a joint nominations & remunerations committee, or whether it is exempted from this obligation.

The category of “significant” will be defined in the regulation, bearing in mind: i) the minimum amount of all the asset items, ii) total minimum annual turnover and iii) the average minimum number of employees over the course of the financial period.

Remuneration policy and managing conflicts of interest

The Bill specifies that the remuneration policy should be commensurate with the nature, scale and complexity of the company’s business, and in any case consistent with promoting solid and effective risk management, and with managing possible conflicts of interest in its service provision to clients.

An additional requirement for licensing, revocation of license and penalization

In conformity with corporate governance regulations, a further requirement has been added to those already needed to obtain an operating license. Such criteria will be taken into account when revocation of a license is being considered:

• When the CNMV is not informed of the identity of shareholders or significant partners in the institution, and the value of their stakes, or if they are not considered fit and proper for the role.
• When the CNMV finds that the members of the board of directors do not meet the criteria of trustworthiness, knowledge, skills, experience or time availability to discharge their duties, or when there are objective and demonstrable reasons to believe that this body or the individuals managing the companies may represent a threat to the entity’s effective, appropriate and prudent management or to the market’s integrity.
• When there are serious conflicts of interest between the posts, responsibilities or functions of the board of directors or the person at the head of the company.

Furthermore, repeated and serious failure to respect corporate governance duties, to select and assess members of the Board, senior management and advisors, or to perform duties in the areas of remuneration or organizational requirements will be considered a very serious breach.

Reporting to the CNMV

Finally, there are new duties of reporting to the supervisory body. As well as the mandatory reporting of new board appointments before they take up their positions, the CNMV must now be informed when there are changes to the posts in charge of internal control, new financial directors and any other position that is key to the daily running of the business, both in subsidiary companies and in their parent institutions**, when the latter are:

• significant entities reporting as consolidated groups
• significant institutions that form part of a group, when the consolidated investment services company is not a significant entity
• significant entities that are not part of a group

Royal Decree 1268/2018, setting out the conditions regulating the concession of subsidies to rural women’s enterprises throughout the country was published on 11 October.

This legislation regulates economic aid disbursed to women’s entities that carry out training activities supporting the participation of this grouping in the development of the areas where they live, contributing to the improvement of their working and living conditions.

Given that rural women throughout the country face a common set of issues and conditions, the Royal Decree stipulates, on a one-off basis for 2018, that the subsidies will be managed centrally.

The main points of the Royal Decree, which subsidizes activities relating to the role of rural women in the economic development of the rural environment and, specifically, activities which they can access in the same conditions as men, are as follows:

Beneficial entities: requirements and duties

The entities eligible for subsidies are associative groupings of rural women that comply with the requirements stipulated in the Royal Decree. They must: be legally constituted as such and filed on the corresponding national public register, be not-for-profit, be up to date with their fiscal obligations and have regular projects promoting rural women, among others.

Amount

No single beneficiary may apply for more than 20% of the entire amount available in the tender.

Activities eligible for subsidies

Enterprises applying must present a single project containing the proposal of activities designed to achieve the goals in the regulation:

• Entrepreneurship and inclusion of women in economic activity in the rural environment
• Opportunities offered by the Common Agricultural Policy (CAP) for involving young women in agricultural activity and access to the other measures in rural development programs
• Greater uptake of shared ownership of farming businesses
• Access by women to the governing bodies of institutions linked to agricultural activity and rural development

The activities eligible for subsidies will consist of holding training sessions on subjects relating to these goals. These must be face-to-face sessions lasting at least 4 hours a day and be attended by at least 15 people, at least 80% of whom must be women. This 80% must fit within further ratios of the attending women’s ages: 15% should be women under 41 and 30% should be women over 65.

Other points covered

The regulation also sets out the assessment criteria for accepting applications, expenses that can be subsidized, compatibility and threshold of the funds available, among other administrative and procedural matters.

On 1 October the Entrepreneurs’, Small & Medium Enterprises’ Secretariat (SEPyME) published Resolution 149/2018 regulating the Monitoring & Competitiveness Council for Micro, Small & Medium-sized Enterprises (MSME), set up under Act 27.264, 13 July 2016, to promote MSMEs, as we discussed in Progreso 9.

The Resolution, passed pursuant to article 56 of the Act, regulates key aspects of how the MSME Monitoring & Competitiveness Council works:

Functions

• To analyze the current regulatory framework applying to MSMEs and prepare proposals for its improvement
• To formulate policies and mechanisms to strengthen the competitiveness, productivity and financing of MSMEs and help them do international business
• To analyze and assess the administrative and bureaucratic burden, the impact of foreign trade on the domestic production and employment in MSMEs
• To encourage the creation, integration and efficiency of productive value chains

Composition

The Council will be made up of public- and private-sector stakeholders and will meet at least three times a year. There will be a representative from SEPyME and another from the Ministry of Production & Work, depending on the issues being covered; as well as representatives from the Argentine Industrial Union, the General Employers’ Confederation of the Argentine Republic and the Limited Agricultural Confederation of Cooperatives, together with someone from the Argentine Chamber of Medium-sized Companies and from the Chamber of Commerce & Services.

The regulations also make provisions for the participation of all those public bodies, public/private institutions, trade chambers and confederations that SEPYME convenes in the capacity of guests.

In previous issues of Progreso we have discussed the new European Directive amending Directive 2007/36/EC, 11 July 2007, on the exercise of certain rights held by shareholders in listed companies. The reform was designed to correct the shortcomings noted in large enterprises’ corporate governance system and in particular those putting obstacles in the way of shareholders exercising their rights.

The Directive contained new requirements on identification of shareholders, disclosure of information and the exercise of their rights, focusing attention on the intermediaries* and their duty to cooperate in this identification process. This is the background to the publication of these Implementing Regulations, which endeavor to avoid the uneven application of the European Directive’s stipulations and, as a result of the former, the creation of incompatible national standards, increased risks and costs of cross-border transactions and additional charges for intermediaries.

The Appendix to the Regulation specifies the minimum requirements that must be met in these areas, but also suggests that intermediaries and other market participants add to this information according to their needs.

Standard formats, interoperability and type of language

To make it easier for shareholders, to exercise their rights, the Regulation encourages the use of technology in communicating with them and between issuers** and intermediaries; for example, the use of standard, machine-readable formats that are interoperable between operators and enable automated processing from start to finish.

Furthermore, the issuer will have to publish the information in the language in which they publish their financial reports and use commonly accepted international finance terminology throughout.

Information disclosure

On the matter of the request to disclose information about shareholders and the response that should be given, the Regulation stipulates that the minimum requirements should ensure a consistent, automated and speedy application of the issuer’s right to know who their shareholders are.

General Meeting of Shareholders

Table 3 of the Appendix lays out the minimum information contents that must be given to shareholders when convening general meetings: content of the message, information about the issuer, information about the meeting, the agenda, ways of participating and deadlines, etc.

The Regulation obliges the final intermediary to confirm shareholders’ rights, on request, either to the shareholder or third party nominated by them, by providing them the authorized positions that appear in their records entitling them to exercise their rights at the general meeting. Table 4 of the Appendix lists the minimum requirements on the type of information and data that must be included in the voting document.

To enable shareholders to exercise their rights themselves or else appoint a third-party proxy to do this, it will again be the intermediaries that must send the issuer the notification of their holding, if the issuer so demands, once the shareholder has asked for it. Minimum requirements on the type of information and data points that should be covered in this notification are set out in Table 5 of the Appendix.

Tables 6 and 7 of the Appendix set out the minimum information that must appear in the confirmation of the votes cast online and the confirmation of the registration and voting recount by the issuer to the shareholder or their proxy.

Company documents and other matters

The Regulation also provides for the information that the issuer must provide to intermediaries about company documents other than the general meetings, indicating the sequence of information exchange, dates and time frames that issuers and intermediaries should abide by on these matters and in the procedures to identify shareholders.

Security measures

When issuers and intermediaries are transferring information to shareholders or their proxies, they must apply appropriate measures, both technology-based and organizational, to guarantee the security, confidentiality and authenticity of the information provided.

Furthermore, the intermediary receiving a request from the issuer or their proxy to disclose shareholders’ identities, or any other communication covered in the Regulation, must verify that the application or the information received really comes from the issuer.

Application

The Regulation will be obligatory and directly applicable in every member state from 3 September 2020.

The State of California has published the SB 826 Act, a pioneering law in the United States to promote gender diversity in listed companies, in September.

The preamble of this piece of legislation explains that having more women on boards will boost California’s economy and promote opportunities for women in the workplace. The law follows the practice already existing in some European countries such as Germany, Norway and Italy, which have gone beyond mere recommendations to requiring minimum quotas of women on the boards of directors of listed companies.

The regulation specifies that listed companies domiciled in California, whether they are US companies or not, must have at least one female board member by the end of 2019. It also stipulates that by 2012: i) in companies with four or fewer board members, at least one must be a woman; ii) companies with five board members must have at least two women on the board, and iii) in those with six or more board members, at least three should be women. Failure to comply with these provisions can trigger fines of between USD100,000 and USD300,000.

Finally, the law states that by 1 July 2019 at the latest, the Secretary of State must publish on its website a report disclosing the number of companies domiciled in California that have at least one woman on their boards.

Furthermore, by 1 March 2020 at the latest, and thereafter every year, the Secretary of State will have to report, through the same channel, the number of companies that: i) comply with the provisions of this law, at least in the preceding twelvemonth; ii) have moved their HQ out of the state of California, at least during the preceding year, and iii) were required to comply with this law but are no longer listed on the Stock Exchange.

The Royal Decree transposing, among others, the European Parliament and Council’s EU Directive 849/2015 of 20 May (hereinafter “Directive 849/2015”) was published at the beginning of September. It contained many amendments to the anti-money laundering and financing of terrorism Act 10/2010 of 28 April. We analyze below the main legislative changes:

Regulated parties

Those persons who, on behalf of third parties, act as secretaries on the Boards of Directors while not being members, and external advisors to an entity, will be considered regulated parties.

Reinforced due diligence

Regulated parties will be required to apply reinforced due diligence measures on any countries showing strategic deficiencies* in their AML/FT prevention systems. Likewise, in any scenarios which are classified under the regulations as presenting a high risk of money laundering or financing of terrorism, as well as all those situations which by their very nature might present a higher risk, in those cases where they concern private banking activities and transactions involving money transfers or exchange of foreign currency over the thresholds set out in the regulations.

Reinforced diligence will also be applied to publicly exposed persons; in these cases, authorization from a superior will be needed in order to establish or maintain business relationships with them. The institution’s internal procedures will determine the specific level of responsibility needed to grant authorization, depending on the risk inherent to the transaction or the client. Furthermore, this authorization may only be given by those who are sufficiently aware of the regulated party’s level of exposure to the risk of money laundering or the financing of terrorism.

Conserving documents

There is no change in the duty of keeping for ten years the documents attesting to compliance with legal obligations, although there is an amendment from the previous law; after this period the documents must be destroyed.

After 5 years have elapsed since the business relationship or the execution of the one-off transaction, the documents stored should only be accessible to the institution’s internal control bodies and, if applicable, to those in charge of its legal defense.

Internal whistleblowers

It will be mandatory to have an internal channel so that employees, managers or agents can, anonymously if they wish, report potential non-compliance in the area of anti-money laundering and the financing of terrorism. This channel may also be incorporated in another channel if one already exists within the institution for reporting other behavior and non-compliance incidents unrelated to AML/FT.

In any event, regulated parties will have to adopt the necessary measures to ensure that employees, managers or agents reporting infractions are protected against possible reprisals, discrimination or unfair treatment.

Internal control body

Regulated parties will now have to appoint as their representative to the Commission’s AML/FT Executive Service an individual who is resident in Spain and who is a Director or senior manager of the institution concerned. In the case of groups with several regulated parties, a single person can be appointed to represent all of them, provided this person is a Director or senior manager in the parent company.

Institutions, meanwhile, will have to establish an appropriate internal control organ to take charge of compliance with due diligence policies and procedures, information, conservation of documents, internal control, risk assessment and management, together with communication, to prevent and impede transactions relating to money laundering and the financing of terrorism.

This body should meet as often as stipulated in the internal control procedure and will produce meeting minutes specifically to record the resolutions it adopts. Furthermore, it will be functionally separate from the company’s internal auditing unit.

This body will be reviewed every year by an external expert, and the results of this examination will be given in a written report assessing its operating efficacy and proposing, if needed, rectifications and improvements. This report may be replaced by a follow-up report issued by an independent expert during the two years following the issuance of the report in question.

In any event, the report will be presented to the company’s board of directors or equivalent body so that it can adopt measures as needed to solve the deficiencies detected.

Service providers’ register

Natural or legal persons who as professionals or businesses provide those third-party services that are listed in article 2.1o) of the Companies and Trustees Act**, are required to file on the Companies’ Register corresponding to their address, before starting work.

If they are already engaged in these activities, they have a year’s grace in which to register; and those who were already registered will have the same period during which to file a statement in the Registry to the effect that they are subject to the regulations pursuant to this law, together with another statement about who the beneficial owners are, in the event of their being legal persons.

Non-compliance with these obligations will be treated as a minor infraction.

Penalties

Finally, the penalties for minor, serious and very serious infractions have been increased, and new sanctions added, in particular for those persons liable for the infraction who hold posts as directors or senior managers, or as external experts, in the regulated company.

In the case of very serious infractions:

• A fine of between sixty thousand and ten million euros, together with a public warning, is imposed on each person
• Removal from the post and disqualification from holding directorships or senior management positions in any company that is regulated under this law, for a maximum of ten years
• These penalties will also be accompanied by a requirement on the offender to put a stop to their behavior and not repeat it
• In the case of serious infractions
• A fine of at least three thousand euros and up to five million euros, together with a public or private warning
• Removal from the post and disqualification from holding directorships or senior management positions in any company that is regulated under this law, for a maximum period of five years

* Countries with strategic deficiencies will be listed in the decision adopted by the European Commission, pursuant to article 9 of Directive 849/2015.

** Professionals who, according to the specific regulation applicable to them, provide the following third-party services: setting up companies and other legal persons; carrying out the functions of senior management or non-voting company secretaries on the board of directors or external advisory for a company, partner of an association or similar roles relating to other legal persons, or who instruct another person to carry out these functions; providing a registered, commercial or postal address and other services associated with a company, association or any other legal instrument or person; carrying out the functions of a trustee in a trust or a similar legal instrument or instructing another person to exercise these functions; or carrying out the functions of a proxy shareholder. Exemptions apply to companies listed on a market that is regulated in the European Union and that are subject to information reporting requirements in line with EU law or equivalent international regulations ensuring appropriate transparency of information about ownership, and to such companies instructing another person to exercise these functions.