On April 23, the Executive branch published the Official Gazette corresponding to April 21, in which the National Superintendence of Crypto Assets and Related Activities published the Norms related to the Administration and Control of Money Laundering, Financing of Terrorism and Proliferation of Weapons of Mass Destruction applicable to the Integral System of Crypto Assets. Starting April 21, a period of 90 days for its entry into force began to run.
Below you may find some of the most relevant provisions:
- The regulation applies to virtual asset service providers and persons and entities that provide products and services through activities involving virtual assets in the Integral Crypto Assets System.
- The regulated entities must formulate, adopt, implement and develop a Comprehensive Risk Management System for Money Laundering, Financing of Terrorism and Financing of the Proliferation of Weapons of Mass Destruction (SIAR AML/CFT/FPADM), supported by IT solutions and technological tools that, among other aspects, allow the management and analysis of large volumes of data, for decision making involving virtual assets or crypto-assets.
- The regulated entities must annually design an Annual Operational Plan for the Prevention and Control of AML/CFT/FPADM (POA PC AML/CFT/FPADM), which will include all those activities to be developed during the fiscal year. Its purpose shall be to ensure compliance with the policies, standards and internal controls regarding AML/CFT/FPDM. Said plan shall be prepared during the last quarter of the year prior to its execution and shall be available to the Superintendence during the first 15 working days of the year it is in force.
- The policies adopted by the regulated entity must comply, at least, with the following requirements:
- Indicate the guidelines to be adopted by the regulated entity with regard to risk factors and associated AML/CFT/FPADM risks.
- Guarantee the confidentiality of the information of the reported persons.
- Enforce the requirement for officers and employees to put compliance with AML/CFT/FPADM risk management regulations before the achievement of business goals.
- The methods and actions of the regulated entity in this matter must comply at least with the following requirements:
- Identify the evolution of the risk profiles of transactions, clients, businesses, products and services, economic activity and virtual assets involved in the operations.
- Implement methodologies for the detection and analysis of unusual and suspicious transactions and establish the process for timely reporting to the competent authorities.
- Establish the processes to carry out an effective, efficient and timely knowledge of current and potential customers, being that such processes must be supported by secure technological solutions that allow to identify customers remotely, as well as to verify the information provided and its corresponding supports.