On 16th June 2017, the Financial Information Unit  (UIF in the Spanish acronym) passed Resolution 30-E/2017 revoking Resolution 121/2011 on anti-money laundering and the financing of terrorism (AML/FT).

Purpose

Resolution 30-E/2017 remains faithful to the spirit of the resolution it is replacing: anti money-laundering and the financing of terrorism (AML/FT), but it updates the criteria for managing AML/FT risk and the minimum requirements that regulated entities must meet when managing procedures and controls.   

Regulated entities

The Resolution’s amendments do not affect the classification of regulation entities. This is covered in Art. 20 of Law 25.246.

AML/FT systems

The text makes it mandatory for institutions to implement an AML/FT system that has been prepared by the Compliance Officer and approved by its board of directors.

Institutions must draw up a technical document laying out their methodology for internally identifying and assessing risk, to be submitted to the UIF by 30th April every year. This self-assessment will evaluate a number of AML/FT risk factors, such as customers, products and/or services, distribution channels and geographical area.

As well as identifying and assessing their risks, institutions must set up mechanisms to mitigate them and form an AML/FT committee to support the Compliance Officer.  

The regulation requires there to be an annual training plan to instruct staff about all norms and procedures for the AML/FT system. It also provides for the approval of a Code of Conduct, designed to ensure that the system is working properly, the writing of an AML/FT Manual and the review of the system in place at two levels: both external and internal.

The board of directors or the institution’s highest authority, if different, will be responsible for this prevention system.

Policy of identifying and knowing your customer (KYC)

In chapter III of the Resolution, institutions are required to have policies and procedures that enable them to know their customers, verify the information supplied by them and monitor their transactions. These stages, known as standards of due diligence, must be carried out according to the risk profile assigned to each client. In other words, the procedures are followed depending on AML/FT risk classifications, which have three levels: high, medium and low. Each of these levels has different degrees of due diligence measures that have to be kept updated at all times, at least every 5 years for low-risk customers, and every 1 or 2 years, for high-risk and medium-risk customers, respectively.

Transaction monitoring and reporting regime

One of the changes introduced since the 2011 Resolution is that of carrying out transaction monitoring. This requires institutions to create a prospective transaction profile for each customer, based on the institution’s own risk analysis, which allows it to detect unusual and suspicious transactions.

Another important new feature is a reporting regime under which institutions are obliged to make three types of online reports systematically: on high figure* cash transactions, international transactions and a systematic annual report on their own institution.

Furthermore, the regulation requires suspicious** transactions to be reported to the UIF, provided that there are reasonable grounds for classifying them as such, as well as mandating that specific criteria should be borne in mind in the case of electronic transfers and cash deposits.

Finally, provisions are made for sanctions in the case of non-compliance with the requirements of the resolution, specified in article 23 of Act 25.246, with financial penalties commensurate with the value of the goods involved in the crime.