ARGENTINA: Financial Information Unit’s New AML Regulations for Financial Institutions

By DLA Piper on July 12, 2017

Posted in Argentina, Finance, Regulatory and Government Affairs

Guest post by Hernán D. Camarero, Partner in Richards, Cardinal, Tützer, Zabala & Zaefferer, an independent law firm

Argentina’s Financial Information Unit (FIU) – the authority that enforces the law on prevention of money-laundering activities and terrorism financing Nr. 25,246, as amended (the AML Act)[1] – has issued Resolution Nr. 30-E/2017 for financial institutions (FIs) and foreign exchange entities as obliged subjects –FIU’s reporting agents – under the AML Act.[2] Res. 30 replaces and abrogates former FIU Resolution Nr. 121/11. It represents another important move by Argentina in its further integration into the international financial and banking systems.

Res. 30, issued on June 16, 2017, sets forth new mandatory minimum guidelines for risk management around money-laundering (ML) and terrorism financing (TF), introducing a risk-based approach as per the 2012 Financial Action Task Force (FATF) recommendations[3] in lieu of the formalities-based approach stated in former Res. 121.

Changes introduced by Res. 30 should be progressively implemented by FIs pursuant to the schedule set forth thereby; ultimately, the law will come into force on September 15, 2017.

Res. 30’s new distinctive aspects are as follows:

AML/TF prevention system: FIs should implement an AML/TF prevention system based on two components: (a) AML/TF risk management: risk oversight policies, procedures and controls in light of the FI’s understanding of its own risks, based on its own risk self-assessment; and (b) compliance: policies, procedures and controls pursuant to the AML Act, its related rules and regulations. Such system should at the least satisfy and comply with the minimum requirements and standards set forth in Res. 30.
External auditor’s report: The AML/TF prevention system’s quality and effectiveness should be assessed on a yearly basis by an independent external auditor, who should issue a corresponding report.
Risk self-assessment: FIs should implement a risk identification and assessment method in accordance with the nature and volume of its commercial activity, considering the different risk factors of each of their lines of business. This method and its conclusions should be reviewed and updated on a yearly basis.
Corporate compliance officer: FIs may appoint a CCO insofar as the daily tools for the FI’s operational management and control allow her/him access to all necessary information. This new function may be practical for multinational FIs or corporate groups.
AML/TF prevention committee: Corporate groups may also appoint a single AML/TF prevention committee if the risk management is performed in a proven integrated way. In any case, FIs should apply to transnational transactions the “most stringent standard” between the applicable foreign and local law.
Outsourcing of back-office or support administrative tasks: the system’s support functions may be outsourced by FIs subject to certain requirements (e.g. securing data protection) but excluding customers’ continuing due diligence tasks.
Customers’ classification: Within each FI’s KYC duty, customers should be classified in accordance with the risk associated to each of them (risk profile). Customers shall be segmented as per the risk classification. Based on customers’ documentation and information, FIs shall set an ex ante customer profile, to be updated from time to time. The criterion of “frequency of customer’s operations” (habitualidad) included in former Res. 121 is therefore abandoned by Res. 30.
Customers’ due diligence: CDD is to be performed in accordance with customer’s associated risk; high-risk customers require a reinforced due diligence; mid-risk customers require a due diligence; simplified due diligence may be performed on low-risk customers.
Customers’ files update: as a general principle, files may not be left without update for a term in excess of five years. In case of high-risk and mid-risk customers, such term may not exceed one and two years, respectively.
Customers’ identification: e-documentation is allowed in order to identify human and legal persons. Identification and acceptance of customers without physical presence is allowed under certain conditions.
Customers’ record-keeping: Res. 30 expressly allows electronic storage of electronic records and files.
Reciprocity agreements: entities of the same corporate group bound by AML/TF rules issued by the FIU may execute reciprocity agreements to share customers’ files under strict confidentiality commitments.
SARs: The term for issuing ML suspicious activity reports is reduced to 15 calendar days (before, it was 30 days). SARs date may not exceed 150 calendar days as from the date of performance or attempt to perform the suspicious activity.
Definition of private banking: private banking relationships are defined as those (a) which balance amount is ARS 10 million (circa US$570,000) or more; (b) to which a manager is assigned to handle the account; and (c) which services accessible by clients are not generally available to the public in the FI’s branches’ network. Private banking transactions are subject to the FI’s reinforced due diligence measures.
New reporting regimes: (a) high-amount cash transactions report; (b) international transfers report; and (c) systematic yearly report (due every March 15).
Sanctions: in certain cases, prior to the application of the statutory sanctions, the FIU may order appropriate and proportional corrective measures or actions necessary to cure challenged FIs procedures or behaviors.
Representative offices: although the representatives of foreign FIs not authorized to operate in Argentina are not FI under the Financial Institutions Act Nr. 21,526 as amended, they should comply with several provisions of Res. 30 (compliance aspects and SARs).

Res. 30 sets forth the following implementation schedule:

December 31, 2017: method of risks’ identification and assessment completed and documented
March 31, 2018: technical report with results of implementation of such method completed and ready
June 30, 2018: existing KYC/AML policies and procedures updated to Res. 30, based on the FI’s self-risk assessment, ready
All aspects for which implementation was not expressly deferred shall apply as from September 15, 2017.

Res. 30 is a major challenge for FIs. Incorporating the new changes to their current ML/TF prevention system will demand substantial effort by the FI and its external advisors. However, it is worth noting the FIU was wise enough to include FIs and foreign exchange entities in the discussions of the draft, to ensure a smoother implementation process.

Please do not hesitate to contact the author at Richards, Cardinal, Tutzer, Zabala & Zaefferer s.c. –Abogados-, an independent law firm in Argentina, www.rctzz.com.ar for further information at camarero@rctzz.com.ar.

Hernán D. Camarero, Partner in Richards, Cardinal, Tützer, Zabala & Zaefferer’s Corporate/M&A, FX Controls, Banking and Finance practices

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[1] § 5, AML Act.

[2] § 20, Pars. 1 and 2, AML Act.

[3] “… Based on that assessment, countries should apply a risk-based approach (RBA) to ensure that measures to prevent or mitigate money laundering and terrorist financing are commensurate with the risks identified. This approach should be an essential foundation to efficient allocation of resources across the anti-money laundering and countering the financing of terrorism (AML/CFT) regime and the implementation of risk- based measures throughout the FATF Recommendations. Where countries identify higher risks, they should ensure that their AML/CFT regime adequately addresses such risks. Where countries identify lower risks, they may decide to allow simplified measures for some of the FATF Recommendations under certain conditions …” see this site, page 10.