LATIN AMERICA
tolerance declaration (article 6) as well as a risk self-assessment technical report (article 5). The risk self-assessment report should consider at least the following risk factors (article 6): a. ML/FT risks related to Customer background, activity, behavior, volume, or materiality of transactions at the beginning of and during the entire commercial relationship, and considering at least the following elements: residence, nationality, business, and politically exposed person condition. b. ML/FT risks related to products and/or services offered by Obligated Entities, both during the design or development stage as well as during their effective operation. c. ML/FT risks related to the different means and/or modalities of placing bets, collecting prizes, making withdrawals and purchases, and/or converting valuables at venues where the customer is physically present, online games, use of devices for the conduct of remote transactions, gambling activities or transactions, among others. d. ML/FT risks related to the geographic areas where products and/or services are offered at the national and international level, taking into account economic- financial and social-demographic characteristics and the provisions and guidelines issued by the competent authorities or the Financial Action Task Force with respect to such jurisdictions. The risk self-assessment technical report needs to be updated every 2 years, unless a change in the risk level of the Obligated Entity occurs in a shorter period of time, and should be filed with the UIF along with the methodology used and the risk tolerance declaration on or before April 30 of the year when the filings are due. The initial deadline is April 30, 2026 4 . Obligated Entities now need to appoint a deputy AML compliance officer (article 11). Furthermore, it is required that UIF be informed whenever the deputy AML compliance officer replaces the AML compliance officer. This communication must be submitted to UIF no later than 24 hours following the replacement of the AML compliance officer, and should also include the reasons for the replacement and the term during which the deputy AML compliance officer will be in office. The removal of the AML compliance officer must also be reported to the UIF, and the appointment of a new AML compliance officer and deputy AML compliance officer should occur no later 4 The initial self-assessment should comprise years 2024 and 2025
than 15 days following the removal of the previous officers. The Resolution now provides for the appointment of a single AML compliance officer and deputy AML compliance officer for entities that are part of the same group (article 13). For the purposes of the Resolution, a group is two or more Obligated Entities included in section 20 of Law No. 25,246 sharing a control relationship or belonging to the same business and/or corporate organization (article 2(f)). It is worth noting that the appointment of a group AML compliance officer and deputy AML compliance officer does not avoid the obligation to report at the level of each Obligated Entity. In other words, entities that are part of a Group will still need to report individually even if they have appointed a single AML compliance officer and deputy AML compliance officer. From this perspective, the convenience of appointing a group AML compliance officer and deputy AML compliance officer appears to be limited at the very least. Obligated Entities relying on third party services to perform KYC and due diligence measures on customers (article 16). In this case, the Obligated Entities, to be able to rely on third parties, must ensure (i) to immediately obtain the information necessary referred to in the paragraph above; (ii) to implement proper measures to ensure that the third party shall supply, whenever so requested and without delay, a copy of identification data and other relevant documents; (iii) to ensure that the third party abides by the rules and is subject to supervision as to the requirements relating to due diligence and record keeping; and has implemented any such measures as may be required to ensure compliance with this obligation; (iv) to document that the Obligated Entity depends on such a third party; and (v) to establish any such measures as may be required to ensure the protection of personal data and compliance with the duty of confidentiality all in conformity with the specific applicable laws. Reliance on third parties does not preclude the Obligated Entities’ liability for complying with KYC and due diligence on customers. The term for record keeping remains ten years (article 17). The Resolution allows documents to be kept in digital format and be specially protected against unauthorized access and a backup thereof shall be kept in digital format as well. The obligation to conduct annual training courses for personnel is retained (article 18). The Resolution brought some changes, namely: • stipulating that the contents of the training should be
PAGE 34
IMGL MAGAZINE | JANUARY 2024
Made with FlippingBook flipbook maker