Licks Attorneys' Government Affairs & International Relations Blog

Doing Business in Brazil: Political and economic landscape

Licks Attorneys' COMPLIANCE Blog

Compliance in the financial market

No items found.

Ordinance BACEN 3,978 of January 23, 2020, which was created for the purpose of regulating the policy, procedures and internal controls to be adopted by institutions authorized to operate by the Central Bank of Brazil (BACEN) with a view to preventing the use of financial system for the practice of crimes of “laundering” or concealment of assets, rights and values, as set out in Law 9,613, of March 3, 1998, and of terrorism financing, provided for in Law 13,260, of December 16, March 2016, would come into force on July 1, 2020. However, Ordinance BACEN 4,005, dated April 16, 2020, changed the effective date to October 1, 2020.

In view of the above, October 2020 begins with a new compliance scenario for financial institutions in Brazil, considering that despite BACEN regulation, they will have to establish their set of policies and procedures, in addition to establishing its effective internal controls in preventing money laundering and terrorist financing.

The Ordinance begins by stating that financial institutions must implement and maintain a policy formulated based on principles and guidelines that seek to prevent their use for money laundering and terrorist financing practices, making the risk profiles of (i) clients, (ii) institution, (iii) operations, transactions, products and services; and (iv) outsourced employees, partners and service providers.

This policy should basically establish the following:

GENERAL GUIDELINES
1. The definition of roles and responsibilities for the fulfillment of the obligations introduced by the Ordinance;
2. The definition of procedures aimed at the evaluation and prior analysis of new products and services, as well as the use of new technologies, in view of the risk of money laundering and terrorist financing;
3. Internal risk assessment and effectiveness assessment of: a. use of its products and services in the practice of money laundering and terrorist financing and b. the policy, procedures and internal controls introduced by the Ordinance;
4. The verification of compliance with the policy, procedures and internal controls referred to in this Ordinance, as well as the identification and correction of the deficiencies found;
5. The promotion of an organizational culture to prevent money laundering and the financing of terrorism, including employees, partners and outsourced service providers;
6. The selection and hiring of employees and outsourced service providers, in view of the risk of money laundering and terrorist financing; and
7. Training of employees on the topic of preventing money laundering and terrorist financing, including employees of correspondents in the country who provide assistance on behalf of institutions authorized to operate by BACEN.
GUIDELINES FOR IMPLEMENTING PROCEDURES
1. Collection, verification, validation and updating of registration information, aiming to get to know customers, employees, partners and outsourced service providers;
2. Registration of operations and financial services;
3. Monitoring, selection and analysis of suspicious operations and situations; and
4. Communication of operations to the Finance Activities Control Council – COAF. Financeiras (Coaf).
COMMITMENT TO HIGH MANAGEMENT
1. Effectiveness and continuous improvement of the policy;
2. Effectiveness and continuous improvement of procedures; and
3. Effectiveness and continuous improvement of internal controls.

This policy must be approved by the institution's Board of Directors, or, failing this, by its Board of Directors.

The creation of a governance structure to ensure compliance with said policy is now required, and the director responsible for complying with the new obligations introduced by this Ordinance must be appointed to BACEN.

1. Risk Assessment

It establishes the obligation to establish the risk assessment of financial institutions' products and services, regarding the possibility of money laundering and terrorist financing.

The identified risks must be analyzed in terms of the probability of occurrence and the magnitude of their impact, and risk categories must be defined that enable the adoption of management and mitigation controls for situations of higher risk or simplified controls in situations of lower risk. The risk assessment must be documented and approved by the director responsible for complying with the compliance program provided for in this circular and forwarded to the risk committee, audit committee and board of directors; in the absence of the latter, the institution's board of directors.

2. KYC (know your client) - Know your Client

It is necessary to establish the client's risk profile, with reinforced measures being adopted for clients classified in higher risk categories.

To this end, initially, financial institutions must adopt procedures that allow the identification and validation of the client's identity, including comparing their information with those available in public and private databases. The following information must be collected:

Individual (i) full name, (ii) home address and (iii) taxpayer number - CPF.
Legal Entity (i) company name, (ii) headquarters address and (iii) taxpayer number - CNPJ.

In case the customer resides or is headquartered abroad, in addition to items (i) and (ii) above, the number and type of the travel document, and the company identification or registration number, respectively, must be obtained.

The qualification of clients must be based on the risk profile and the nature of the business relationship, including whether they are politically exposed persons. Therefore, information must be collected to assess their financial capacity, understood as such income and billing, for the case of natural and legal persons, respectively. Such qualification must be reassessed periodically.

For the defect of this Ordinance, those listed below are considered politically exposed, and this condition shall prevail for up to 5 (five) years after the date on which the person ceased to fall into such categories:

PEOPLE POLITICALLY EXPOSED IN BRAZIL
1. Holders of elective mandates from the Executive and Legislative Powers of the Union;
2. Occupants of office, in the Executive Branch of the Union, of:
a) Minister of State or equivalent;
b) Special Nature or equivalent;
c) President, vice-president and director, or equivalent, of entities of the indirect public administration; and
d) Senior Management and Advisory Group (DAS), level 6, or equivalent.
3. The members of the National Council of Justice, the Supreme Federal Court, the Superior Courts, the Regional Federal Courts, the Regional Labor Courts, the Regional Electoral Courts, the Superior Council for Labor Justice and the Council of Federal Justice;
4. The members of the National Council for the Public Prosecution, the Attorney General of the Republic, the Deputy Attorney General of the Republic, the Attorney General of Labor, the Attorney General of Military Justice, the Deputy Attorneys General of the Republic and the Attorneys General of Justice of the States and the Federal District;
5. The members of the Federal Audit Court, the Attorney General and the Deputy Attorneys General of the Public Prosecution Service before the Federal Audit Court;
6. Presidents and national treasurers, or equivalent, of political parties;
7. Governors and Secretaries of State and of the Federal District, State and District Deputies, the presidents, or equivalent, of entities of the state and district indirect public administration and the presidents of Courts of Justice, Military Courts, Courts of Accounts or equivalent of the States and the Federal District;
8. Mayors, Councilors, Municipal Secretaries, Presidents, or equivalents, of entities of the municipal indirect public administration and Presidents of Courts of Auditors or equivalent of the Municipalities; and
9. Senior managers of public or private international law entities.
PEOPLE POLITICALLY EXPOSED ABROAD
1. Heads of state or government;
2. Senior politicians;
3. Occupants of senior government positions;
4. General officers and members of higher levels of the Judiciary;
5. Senior executives of public companies;
6. Political party leaders; or
7. Senior managers of public or private international law entities.

The qualification of the corporate client must include the analysis of the corporate ownership chain until the identification of the individual featured as its final beneficiary, and the financial institutions must establish a minimum reference value of equity interest for the identification of the final beneficiary based on risk and cannot exceed 25% (twenty-five percent), considered, in any case , direct and indirect participation.

The Ordinance also contains 2 (two) very important definitions:

FAMILY
The relatives, in the straight or collateral line, up to the second degree, the spouse, the companion, the companion, the stepson and the stepdaughter.
STRICT COLLABORATOR
1. Natural person known for having any kind of close relationship with a person exposed politically, including by:
a. having joint participation in a private legal entity;
b. appearing as an agent, even if by a private instrument of the person mentioned in item 1; or
c. having joint participation in arrangements without legal personality.
2. Natural person who has control over legal entities or arrangements without legal personality, known to have been created for the benefit of a politically exposed person.

In addition to the identification and qualification of customers, there is also their classification, based on the information obtained in the customer's qualification procedures, especially if you are a representative, family member, close collaborator or politically exposed person.

No business relationship should be initiated until the customer identification and qualification procedures are completed.

3. Registration of Operations

With respect to the registration of transactions, financial institutions must register all transactions carried out, products and services contracted, including withdrawals, deposits, contributions, payments, receipts and transfers of funds.

For each operation, the type, amount, date of realization, name and number of the CPF or CNPJ and the channel used must be registered. In the case of a natural person abroad, name, type and number of the travel document and the respective issuing country and international body of which he is a representative for the exercise of specific functions in the country, if applicable. In the case of a legal entity abroad, company name and company identification or registration number in the respective country of origin.

The identification of the origin and destination of the resources, in addition to the transfer or payment instrument, must be added in the case of transactions relating to payments, receipts and transfers of resources. This includes:

1 - name and registration number in the CPF or CNPJ of the sender or drawer;
2 - name and registration number with the CPF or CNPJ of the recipient or beneficiary;
3 - identification codes, in the payment settlement or fund transfer system, of the institutions involved in the operation; and
4 - numbers of facilities and accounts involved in the operation.

If the operation is carried out with a financial institution not authorized to operate by BACEN, the participating institution must stipulate in the contract the right of access to the identification of the final recipients of the funds, for the purpose of preventing money laundering and the financing of terrorism.

In the case of registration of operations in kind, the following must be observed:

Value Registry Inclusion
Individual over R$ 2,000.00 – Name
– CPF (from the carrier of the resources)
Individual equal to or greater than R$ 50,000.00 – Name and CPF or CNPJ (from the owner of the resources)
– Name and CPF (from the carrier of the resources)
– The origin of the funds deposited or contributed

If there is a refusal to inform the origin of the funds, this fact must be registered by the institution.

In the case of withdrawal operations, with an individual value equal to or greater than R$ 50,000.00, the drawers, customers or not, must be instructed to communicate the withdrawal 3 working days in advance, in order for the provisioning to be made and institutions should include in the registry:

I - the name and respective registration number with the CPF or CNPJ, as the case may be, of the recipient of the funds;
II - the name and the respective registration number with the CPF of the holder of the funds;
III - the purpose of the withdrawal; and
IV - the number of the customer service protocol or the non-customer drawer, in which the value of the operation must be informed, the dependency in which the withdrawal must be made and the scheduled date for withdrawal.

4. Monitoring, Selection, Analysis of Operations and Suspicious Situations

Financial institutions must implement procedures for monitoring, selecting and analyzing transactions and situations, within a period not exceeding 45 days from the date of the transaction or the situation, in order to identify and pay special attention to suspected money laundering and financing of terrorism, in particular:

A. THE OPERATIONS CARRIED OUT AND THE CONTRACTED PRODUCTS AND SERVICES THAT, CONSIDERING THE PARTIES INVOLVED, THE VALUES, THE WAYS OF PERFORMANCE, THE INSTRUMENTS USED OR THE LACK OF ECONOMIC OR LEGAL BASIS, MAY CONFIGURE THE EXISTENCE OF MONEY LAUNDERING INDICATORS FINANCING OF TERRORISM, INCLUDING:
1. The operations carried out or the services provided that, due to their habituality, value or form, constitute a device that aims to circumvent the identification, qualification, registration, monitoring and selection procedures provided for in the Ordinance;
2. Deposit operations or contributions in kind, withdrawals in kind, or requests for provisioning for withdrawals that show signs of concealment or concealment of the nature, origin, location, disposition, movement or ownership of goods, rights and values;
3. The operations carried out and the contracted products and services that, considering the parties and the amounts involved, are incompatible with the client's financial capacity, including income, in the case of natural persons, or billing, in the case of legal entities, and equity;
4. Transactions with politically exposed persons of Brazilian nationality and with representatives, family members or close collaborators of politically exposed persons;
5. Operations with politically exposed foreigners;
6. Customers and transactions for which it is not possible to identify the final beneficiary;
7. Operations originating from or destined for countries or territories with strategic deficiencies in the implementation of the recommendations of the Financial Action Group (Gafi); and
8. situations in which it is not possible to keep the registration information of its customers up to date.

A manual must be prepared and approved by the institution's board containing:

a. The criteria for defining the frequency of execution of the monitoring and selection procedures for the different types of operations and situations monitored; and
b. The parameters, variables, rules and scenarios used in the monitoring and selection for the different types of operations and situations.

It is important to note that for the analysis of operations and suspicious situations, it is forbidden to hire third parties to perform them (although it is allowed to contract auxiliary services to the analysis), as well as to perform it abroad.

5. Communication to COAF

The communication decision on the part of the financial institutions to report to COAF operations or situations suspected of money laundering and terrorist financing, must take place within the 45-day period assigned for the analysis. Communication must take place by the business day following the communication decision.

With respect to operations in kind, financial institutions must report to COAF by the business day following the day on which the operation or provisioning occurs:

- Deposit or cash contribution or cash withdrawal in an amount equal to or greater than R$ 50,000.00 (fifty thousand reals);
- Operations related to payments, receipts and transfers of funds, by means of any instrument, against payment in kind, with an amount equal to or greater than R$ 50,000.00 (fifty thousand reals); and
- The request for provisioning of cash withdrawals of R$ 50,000.00 (fifty thousand reals) or more.

These communications must specify whether the person who is the subject of the communication is:

a. politically exposed person or representative, family member or close collaborator of that person;
b. person who is known to have committed or attempted to commit terrorist acts or participated in or facilitated their acts; and
c. person who owns or controls, directly or indirectly, resources in the institution, in the case of item b above.

6. Knowledge of Employees (KYE), Partners (KYP) and Outsourced Service Providers

Financial institutions must implement procedures designed to get to know their employees, partners and outsourced service providers, including identification and qualification procedures, always with a focus on preventing money laundering and terrorist financing.

Therefore, the activities carried out by its employees, partners and outsourced service providers must be classified in the risk categories defined in the internal risk assessment and this classification must be kept up to date.

Financial institutions that enter into contracts with financial instructions based abroad must:

1. obtain information about the contractor that allows you to understand the nature of your activity and your reputation;
2. verify whether the contractor has been the subject of an investigation or action by a supervisory authority related to money laundering or terrorist financing;
3. certify that the contractor has a physical presence in the country where he is incorporated or licensed;
4. know the controls adopted by the contractor regarding the prevention of money laundering and the financing of terrorism;
5. obtain the approval of the holder of a position or function of a higher level than that of the person responsible for hiring; and
6. inform the director established by this Ordinance of the partnership contract.

On the other hand, if financial institutions conclude contracts with

third parties not subject to authorization to operate by the Central Bank of Brazil, participants in a payment arrangement in which the institution also participates, must:

1. obtain information about the third party that will enable them to understand the nature of their activity and their reputation;
2. verify whether the third party has been the subject of an investigation or action by a supervisory authority related to money laundering or terrorist financing;
3. certify that the third party has the license of the arrangement's creator to operate, when applicable;
4. know the controls adopted by the third party regarding the prevention of money laundering and the financing of terrorism; and
5. inform the director of the partnership established by this Ordinance.

7. Monitoring and Control Mechanisms

Financial institutions must establish monitoring and control mechanisms, periodically tested by the internal audit in order to ensure the implementation and adequacy of the policy, procedures and internal controls introduced by this Ordinance, including:

1. the definition of processes, tests and audit trails;
2. the definition of appropriate metrics and indicators; and
3. the identification and correction of any deficiencies.

8. Evaluation of Effectiveness

Financial institutions must evaluate the effectiveness of the policy, procedures and internal controls, preparing a specific report under the following conditions:

- It must be prepared annually, with a base date of December 31;
- It must be sent, for awareness, by March 31 of the year following the base date, to the auditor committee and the board of directors or, in the absence of the latter, the institution's board of directors;
- It must contain: (i) the methodology adopted in the evaluation of effectiveness, (ii) the tests applied, (iii) the qualification of the evaluators and (iv) the identified deficiencies;
- It must evaluate at least: (i) the procedures designed to meet clients, including the verification and validation of client information and the adequacy of registration data, (ii) the procedures for monitoring, selection, analysis and communication to COAF, including the evaluation of the effectiveness of the parameters for selecting operations and suspicious situations, (iii) the governance of the policy to prevent money laundering and the financing of terrorism, (iv) the measures to develop the organizational culture aimed at preventing money laundering. money and the financing of terrorism, (v) periodic staff training programs, (vi) procedures for getting to know employees, partners and outsourced service providers; and (vii) actions to regularize the notes arising from the internal audit and supervision of the Central Bank of Brazil.

If deficiencies are identified, an action plan must be drawn up to address them by assessing effectiveness, with a follow-up report being prepared to document the remediation of the deficiencies, both documents having to be forwarded by June 30 of the following year the base date of the report, for the authorship committee, the board of directors and the board of directors of the institution.

9. Documentation

The following documents must remain available to the Central Bank of Brazil; and the documents in items 5, 8, 9, 10, 11, 12, 13 and 14 must be available for a minimum period of 5 years:

1. The policy to prevent money laundering and terrorist financing;
2. The minutes of the meeting of the board of directors or, in its absence, of the institution's board of directors, in the event that the option of a policy of prevention of money laundering and the financing of single terrorism by a prudential conglomerate and cooperative system is formalized credit;
3. The report justifying the impediment or limitation, in the event of impediment or legal limitation to the application of the policy to the institution's unit located abroad;
4. The internal risk assessment document;
5. Contracts with third parties not subject to authorization to operate by the Central Bank of Brazil, participants in a payment arrangement in which the institution also participates;
6. The minutes of the meeting of the board of directors, or failing this, of the executive board that approved (i) internal risk assessment, (ii) the monitoring and selection procedures, (ii) the analysis procedures, (iv) communications of suspicious transactions and situations and communications of transactions in kind, (v) the effectiveness assessment report, all centrally in the institution of the prudential conglomerate and the cooperative credit system;
7. The effectiveness assessment report;
8. Previous versions of the internal risk assessment;
9. The manual on procedures for getting to know customers;
10. The manual on procedures for monitoring, selecting and analyzing suspicious operations and situations;
11. The document related to the procedures aimed at knowing employees, partners and outsourced service providers;
12. Previous versions of the effectiveness assessment report;
13. The data, records and information related to the monitoring and control mechanisms; and
14. The documents related to the action plan and the respective monitoring report.

The following documents must be kept at the disposal of the Central Bank of Brazil, for a minimum period of 10 years:

1. The information collected in the procedures designed to get to know customers;
2. The information collected in the procedures aimed at knowing employees, partners and outsourced service providers.
3. Information and records of all operations carried out, products and services contracted, including withdrawals, deposits, contributions, payments, receipts and transfers of funds; cash transactions with an individual value above R$ 2,000.00; deposit or cash transactions of an individual value equal to or greater than R$ 50,000.00; withdrawal operations with an individual value equal to or greater than R$ 50,000.00; in addition to receipt of payment slip paid with funds in kind;
4. The dossier on the procedures for analyzing selected operations and situations through the procedures for monitoring and selecting operations that may indicate suspicion of money laundering and terrorist financing.

Finally, this Ordinance amends Ordinance 3,691,of December 16, 2013, which regulates Resolution 3,568, of May 29, 2008, which,in turn, regulates the foreign exchange market, in order to increase preventivemeasures to face money laundering and terrorist financing in such operations,through performance evaluation, commercial procedures and financial capacity.

No items found.