Title: | AML/CFT MANUAL AND POLICIES |
Responsible Unit(s): | Compliance |
Target audience: | Operational Area |
Version: | 2st version |
Reference Number: | |
Procedures and other related documents | |
Duration: | 30/112023 a 30/11/2024 |
AML – CTF UPDATES | ||||
No. of the version | Date | Description of the change | Author | Approver |
01 | 01/07/2023 | Creation of AML/FT MANUAL AND POLICIES | Consultoria Procsy | Rafael Fonseca and Erika Pivetta |
02 | 30/11/023 | Creation of AML/FT MANUAL AND POLICIES | Consultoria Procsy | Rafael Fonseca and Fabio Vasconcellos |
Summary
This Policy serves as an extension of 4ON’s Code of Conduct, specifically outlining 4ON’s stance on Anti Money Laundering and Counter Financing of Terrorism (AML/CFT).
4ON maintains a zero tolerance approach towards money laundering and is fully committed to mitigating the associated risks. We will actively take preventive measures and promptly investigate any suspicions regarding money laundering. The Senior Management at 4ON is dedicated to ensuring the effectiveness and continuous improvement of our AML/CTF Program.
To ensure that 4ON follows best practices, our Global Anti Money Laundering and Counter Financing of Terrorism
Policy undergoes regular review, at least annually. This review process includes;
These sources help us establish rules, policies and procedures necessary for combating money laundering and terrorist financing. In cases where no specific guidance exists, Compliance will seek advice from legal counsel (internal/external) and follow any formal opinions provided.
This Policy is applicable to all individuals employed by 4ON, as well as all products and companies affiliated with 4ON, regardless of their location. This includes;
Furthermore, individuals and companies engaged in business relations with 4ON are also expected to adhere to this Policy
Money Laundering
Money laundering refers to the act of concealing or disguising the origin of funds obtained through illegal activities (also known as predicate crimes/offenses). The purpose is to make these funds appear legitimate by introducing them into the financial system and subsequently circulating or reintegrating them.
Money laundering can involve any resources acquired through illicit activities. For instance, common activities associated with money laundering include;
Money laundering typically involves three distinct stages;
Placement; This initial stage focuses on physically disposing of the initial proceeds obtained through illegal activities.
Layering; The second stage involves further distancing the illicit funds from their source by establishing intricate layers of financial transactions aimed at concealing their origin and ensuring anonymity.
Integration; The final stage aims to give a semblance of legitimacy to the unlawfully acquired wealth. If successful in layering the funds effectively, integration schemes reintroduce laundered proceeds back into the economy as regular business funds with a lawful source.
Based on various laws, regulations and guidance from the Financial Action Task Force (FATF) and international best practices, it is important for 4ON to ensure that all 4on employee and third parties fulfill their legal obligations under AML international regulations. In relation to this, 4ON aims to make sure that our business model is understood and respected by every merchant or customer, preventing any misuse of our services for activities such as tax evasion or other crimes. If there are local regulations that are stricter than
what is outlined in this policy, we must adhere to the stricter standard.
In cases where it is not possible to apply the minimum requirements stated in this policy in a particular country due to conflicts with local law or non legal reasons that prevent enforcement, 4ON must ensure that we do not establish new business relationships, continue existing ones or carry out any transactions there. If there are already existing business relations in that country, we must take steps to terminate those relationships despite any contractual or legal obligations.
Terrorist financing refers to any involvement with resources or property that are intended for use in acts of terrorism, regardless of their origin.For the purpose of this policy, money laundering also encompasses any activities related to financing terrorism.
The Anti Money Laundering and Counter Financing of Terrorism program is developed and overseen by the Compliance department. The Director Compliance reports to the Chief Executive Officer (CEO) of 4ON.
Any local Money Laundering Reporting Officers (MLROs) report directly to the Director of Compliance. The main responsibility of MLROs is to ensure that any information or evidence indicating knowledge or suspicion or reasonable grounds for knowledge or suspicion, regarding money laundering is appropriately disclosed and reported to the relevant authority.
The compliance processes are centralized within Compliance structure based in Brazil. This structure is responsible for establishing general guidelines and implementing AML related procedures. 4ON subsidiary entities (including subsidiaries and affiliates) are required to adhere to these guidelines, including creating specific normative documents tailored to each subsidiary’s business model if necessary. By doing so, 4ON ensures compliance with global management principles while maintaining independence within its compliance segments.
To adhere to AML/CFT laws and global best practices, 4ON Compliance has a dedicated Regulatory Compliance pillar. This pillar is responsible for analyzing legislation and identifying any gaps or areas for improvement.
To ensure the effective implementation of required AML/CFT controls, 4ON Internal Audit conducts annual assessments of the AML/CFT Program. They provide reports to the Compliance department regarding the efficiency of the AML/CFT processes. The reports are then analyzed by 4ON Internal Controls team, who develop action plans to establish effective controls that mitigate AML/CFT risks.
All employees at 4ON must familiarize themselves with this Policy and actively work towards preventing and detecting actions, operations or transactions that exhibit unusual characteristics. The aim is to combat Money Laundering and Counter Financing of Terrorism.
To comply with this Policy, employees are instructed to;
4ON understands the importance of taking a thoughtful and cost effective approach to prevent, manage and mitigate the risks associated with money laundering. In order to achieve this, 4ON will;
Risk assessment plays a crucial role in 4ON’s activities. It helps in designing and implementing effective controls to prevent and manage these identified risks. Additionally, it allows for regular monitoring and improvement of these controls.
When assessing jurisdictional risk factors, 4ON relies on various reputable sources such as;
Please note that business transactions with 4ON are restricted in areas or regions subject to complex financial and commercial sanctions.
4ON will evaluate the risk associated with each individual client by considering factors such as the nature of their relationship, the value of assets involved, the frequency and duration of transactions and other relevant criteria.
The risk assessment will also take into account various factors related to customers, products, services, transactions, delivery channels and geographical locations. Here are some examples;
When evaluating the risk associated with 4ON partners and service providers, we consider factors such as the nature of their business model, their involvement in public interest matters, the purpose of the relationship, the value and regularity of remuneration and the geographical area.
4ON will evaluate the risk associated with its employees based on factors such as their involvement with the public sector, relationships with customers, partners and senior management members, their position within the company, the area of operation and nationality.
Clients, partners, service providers and employees will be categorized into risk categories; high risk, medium risk or low risk. Clients identified with any high risk factors will undergo Enhanced Due Diligence (EDD).
A client refers to any person or organization (whether they are a customer or merchant) who has, is currently or will be receiving services and/or products from 4ON. This definition also includes potential clients.
Anonymous individuals or companies will not be eligible as clients and transactions involving them will not be accepted.
A partner refers to any person or organization (such as suppliers, providers, financial institutions, agents, referrals, freelancers) who supply products and/or provide services to 4ON.
An employee refers to any individual who has an official employment relationship with 4ON.
Before bringing on board new merchants, customers, partners or employees, 4ON is required to conduct a process of proper investigation. In the context of this policy, merchants, end users and partners are considered third parties. Some third parties may pose a higher risk compared to others. To determine the level of risk associated with a third party’s involvement with us, all parties will undergo a standard due diligence process and undergo risk assessment.
The Risk Matrix (Risk Scoring) is created based on various criteria that consider factors such as the third party’s business operations, geographical location risks involved in their operations and financial aspects.
The evaluation of those criteria will categorize the risks as “low,” “medium,” or “high,” with each level being assigned a different score. These criteria help determine the level of risk posed by a third party to 4ON.
The extent of due diligence performed depends on the risk based approach adopted by each business unit. If a third party is deemed to have medium risk, they will undergo Standard Due Diligence. For customers assessed as having higher risk, Enhanced Customer Due Diligence is required.
Third parties with a low and medium level of risk will need to undergo Standard Due Diligence. This involves conducting thorough identification and verification checks on any beneficial owner who holds 25% or more of the company (in the case of a corporate beneficial owner, checks will only be made on the company itself, not the directors). Additionally, adverse news checks will be carried out on all parties involved.
Furthermore, all employees and job applicants at any level within the hierarchy will be subjected to Standard Due Diligence. In cases where the risk factor raises the risk rating, they may also undergo enhanced diligence procedures.
For high risk third parties, in addition to the checks performed for Standard Due Diligence, further measures are required. These include conducting source of wealth checks on shareholders. When dealing with politically exposed persons (PEPs), documentary evidence will be necessary. Full identification and verification checks must also be carried out on all beneficial owners, including directors of companies. Companies registered under an employee’s name must undergo full identification and verification procedures as well. If applicable, measures should also be taken to identify and verify the ultimate beneficial owner while understanding their ownership and control structure.
Additionally, Enhanced Due Diligence procedures must be conducted whenever there are suspicions of money laundering by 4ON or when there is reason to believe that supplied documents or information are outdated or inaccurate.4ON maintains an ongoing monitoring process for all its business relationships involving merchants, end users, partners, service providers and employees.
This means that employees may be required to conduct due diligence or gather additional information from merchants or end users at any given time. It is important that all business activities, transactions and behaviors align with 4ON’s understanding of the merchant or end user, their business operations, risk profile and the source of their funds.
If a third party or employee’s level of risk goes beyond what 4ON deems acceptable for its business
operations, they will not be hired. However, in exceptional cases where a request is considered significant enough and alternative controls are believed to mitigate perceived risks effectively, formal exceptions can be made.
When it comes to onboarding merchants, 4ON has certain restrictions in place. We have a publicly available list of restricted and prohibited products and services that can be accessed through the following lists:
We take sanctions seriously to prevent any involvement with entities linked to the financing of weapons of mass destruction. Therefore, we are required to block merchants, customers and entities originating from countries against sanction programs. We closely monitor jurisdictions with high risks related to money laundering and financial crime as identified by FATF. Additionally, we screen and monitor merchants, end users and partners using a global database that includes multiple sources of sanction lists from around the world.
To ensure compliance, we conduct regular reviews of merchant information such as identification, qualification details and integration data like websites or applications.
This regular evaluation is conducted considering the Risk Level (Risk Score) provided during the onboarding process with 4ON, which are as follows;
Irrespective of the periodic review within these specified timeframes, any changes concerning a Merchant’s legal entity should prompt a Compliance review. It is the responsibility of the Merchant to promptly inform 4ON about any modifications regarding their legal entity, such as ownership and control (directors and UBOs), key controller/signatory (director), sub key signatories (full name, email address and phone number), any adverse data when it becomes evident or known to the client and other relevant information.
Moreover, if the Merchant requests any alterations related to their integration with 4ON. Such as changes or additions to URLs and/or applications. These changes will also be reviewed by the Compliance Department.
4ON is obliged to maintain records of all information collected for identifying Merchants, end users or partners in accordance with regulatory requirements. Detailed records will be kept by 4ON for;
To ensure up to date information, 4ON may periodically review documents according to the following schedule;
4ON needs to regularly monitor clients and transactions in accordance with its Risk Assessment. It is also important to conduct monitoring to ensure that policies and procedures are being implemented correctly. Behaviors or issues exhibited by clients that should serve as warning signs for 4ON to conduct further investigation will be considered Red Flags. Some examples of red flags include;
If any concerning signs emerge during the Client Due Diligence or monitoring processes, employees are required to promptly inform the local Compliance Officer and/or MLRO.
4ON will utilize transactional monitoring to detect any unusual or unexpected behavior that might raise suspicions of money laundering or terrorist financing.
Considering the client’s information available to 4ON, the monitoring will focus on;
4ON will conduct transaction monitoring by assessing value, volume and velocity across its customer base.
To ensure enhanced security measures, we will apply stricter and more thorough alerts to individuals or entities with a higher risk profile, while being relatively lenient with those considered to have lower risk levels. Our goal is to monitor transactions diligently and promptly report any suspicious activities.
Compliance mandates that all new products proposed by 4ON undergo a comprehensive review process. This evaluation aims to identify any potential areas where improvements can be made in order to mitigate risks
effectively.
Termination procedures come into play when 4ON identifies suspicious activities within a business
relationship. In such cases, appropriate actions can be taken to terminate the relationship. However, if there are no suspicions or concerning activities involved, the local Compliance Officer or MLRO may still recommend terminating merchants, partners or third party vendors based on the level of risk they pose.
The FATF Recommendations set out a comprehensive and consistent system of measures that countries should take to combat money laundering and terrorist financing. Countries have different legal, administrative, and operational systems and different financial systems and, therefore, cannot all take identical measures to combat threats. The FATF Recommendations, therefore, set an international standard that countries should adopt through measures tailored to their particular circumstances.
The procedures carried out in 4on’s “Know Your Customer” program are in line with the main national and international laws that deal with money laundering and terrorist financing crimes, as well as with the best corporate governance practices. Below we describe the legal aspects to be considered by 4on in transactions with these countries:
Argentina adopts a legislation similar to the Brazilian one, the crime of money laundering was foreseen in Law 25.246/2000, establishing the preventive and punitive regime of “Encubrimiento y Lavado de Activos de Origen Delictivo”, later reformed by Law 26.087/2006. The Argentine regulations were revised again in 2011, through Law 26,683/2011, which aimed to adapt to the requirements of the FATF.
The main regulatory body in the country with specific AML-CTF competence is the Central Bank of the Republic of Argentina (BCRA), an autonomous entity whose purpose is to promote monetary stability, financial stability, employment, and economic development with social equity. The “Unidad de Información Financera” (UIF) is a centralized national entity responsible for receiving, analyzing, processing, and transmitting strategic information to the competent authorities on economic and financial operations suspected of money laundering and terrorist financing.
In Brazil, KYC is regulated by Law nº 12.683/12, which amends Law nº 9.613/98, which deals with the crimes of “laundering” or concealment of assets, rights, and values, making the law more stringent. The main regulatory body is the Financial Activities Control Council (COAF), which is Brazil’s Financial Intelligence Unit (UIF). Payment Institutions are not part of the National Financial System (SFN) but are regulated and supervised by the Central Bank of Brazil (BCB), in accordance with guidelines established by the National Monetary Council (CMN).
Circular No. 3,978/2020 provides for AML-CTF for institutions authorized to operate by the BCB and further determines that institutions must classify their customers in risk categories to enable the adoption of management and mitigation controls, reinforced for situations of greater risk and the adoption of simplified controls in lower risk situations.
In Chile, the prevention of money laundering is mainly regulated by: a) Law No. 19,913 of 2003, which creates the Financial Analysis Unit (UAF); and b) the corresponding regulations issued by the UAF. The competent authority for PLDFT controls in Chile is the UAF, which is a decentralized public service dependent on the Ministry of Finance and whose purpose is to prevent and prevent the use of the financial system and other sectors of Chilean economic activity to commit crimes money laundering (LA) and terrorist financing (FT).
The aforementioned Law No. 19,913 establishes that the individuals and legal entities indicated are obliged to report suspicious operations verified in the exercise of their activities, likewise, it defines suspicious operation as any act, operation, or transaction that, according to the uses and customs of the activity in question,
whether unusual or without apparent economic or legal justification, whether carried out in isolation or repeatedly.
In Colombia, the Penal Code of the country, in its article 323, Chapter V of Law 599/2000, regulates the crime of money laundering. As in Brazil, Colombian legislation provides for a list of crimes that precede the conduct of “money laundering”; These are countries that adopt, according to doctrine, second-generation legislation, that is, a system that lists hypotheses of crimes originating from and related to the analyzed crime. The most relevant crimes that lead to money laundering and terrorist financing in Colombia are drug trafficking, smuggling, corruption, illegal mining, and extortion, according to the Ministry of Justice.
The Financial Superintendence (“Superintendencia Financiera de Colombia – SFC”) is responsible for supervising that banks, brokers, trust companies and other entities of the financial and insurance system, fulfill their functions in accordance with applicable regulations. Money laundering is punishable under Article 323 of the Colombian Penal Code.
The Financial Information and Analysis Unit (“Unidad De Información Y Análisis Financiero – UIAF”) is the entity in charge of collecting, gathering, centralizing, and analyzing data provided by certain entities and from open sources in order to prevent and find possible money laundering operations, terrorism financing and its source conduct. The UIAF is a specialized department of the Ministry of Finance and Public Credit, regulated by Decree 1068 of 2015.
In Peru, money laundering is punished by Legislative Decree No. 1,106, which sanctions two basic types of commitment: (i) acts of conversion and transfer (article 1); and (ii) acts of concealment and possession (article 2). All banks and financial services are supervised by the “Superintendencia de Banca y Seguros (SBS)”. The “Unidad de Inteligencia Financiera del Perú (UIF)” is in charge of supervising the non-financial sector, in addition to receiving, analyzing, processing, evaluating and transmitting information for the detection of Money Laundering and Financing of Terrorism.
What the law says about money laundering and confiscation of assets in Peru is contained in Legislative Decree No. 1106 which replaced the “Criminal Law against Money Laundering” (Law No. 27.765), although the current includes basically the definition and structure of the crime.
The National System against Money Laundering and Financing of Terrorism of Peru (SNLAFT) is composed of public and private institutions and has the mission of preventing, detecting, investigating, and punishing criminal and terrorist organizations that remain active through the flow of money illicit.
As Brazil, Mexico has money laundering legislation that obliges a number of sectors to report certain transactions to the country’s Financial Intelligence Unit (UIF), subordinate to the Treasury Department of Mexico. The main regulatory body for AML-CTF controls is the “Secretaría de Hacienda y Crédito Publico” (SHCP) which receives reports from all financial institutions. The “Fiscalía General de la República” (FGR) is in charge of prosecuting money laundering activities at the national level, with the support of the SHCP through the FIU. The National Banking and Securities Commission (CNBV) is a decentralized body of the SHCP and is the main supervisor and regulator for banks and other financial entities.
The official law for AML in Mexico came into force in 2013, following the guidelines of the Financial Action Task Force – FATF. The official name of this law is “Federal Law for the Prevention and Identification of Operations with Illicit Source Resources”. The purpose of the law is to protect the financial system and the national economy, establishing rules and procedures to prevent and detect transactions or operations with illegal origin.
In Costa Rica Law No. 8204/2001 or “Ley Antilavado Costa Rica” is the regulatory rule for AML/CTF. This law prevents and investigates crimes on narcotics, psychotropic substances, drugs for unauthorized use, related activities, legitimation of capital and financing of terrorism.
The regulatory bodies for AML/CTF in Costa Rica are SUGEF (Superintendencia general de Entidades Financieras) y CONASSIF (Consejo Nacional de Supervisión del Sistema Financiero). They both indicate the guidelines and standards that each market institution must follow in prevention of money-laundering and terrorism financing practices.
