Compliance to prevent money laundering and terrorist financing crimes (PLDFT) in Brazil has been increasingly required by the Brazilian Central Bank (BCB) of the institutions it supervises.
Banks, Credit Cooperatives, Fintechs, DTVMs, Securitization Companies, among others, must comply with the requirements of BCB Circular N. 3.978/2020, which deals with policy, procedures and internal controls for PLDFT.
Fund Managers, Investment Advisors, among other market players, must also carefully observe their respective PLDFT rules.
Understand below 8 of the main points about the BCB’s regulation on PLDFT that its supervised institutions must observe:
1. Which Institutions Must Comply with the Money Laundering Prevention Policy (PLDFT): All institutions regulated by the BCB, including Banks, Credit Cooperatives, Fintechs, DTVMs, Securitization Companies.
Fund Managers, Investment Advisors, among others, must also comply with their respective PLDFT standards.
2. What Should Include in the Money Laundering and Terrorist Financing (PLD) Prevention Policy? The PLD must include (i) guidelines for responsibilities for complying with the regulation; (ii) procedures for evaluating new products, services, technologies; (iii) internal risk assessment and effectiveness assessment; (iv) verification of compliance with the policy, procedures and internal controls, as well as the identification and correction of deficiencies; (v) promotion of organizational culture related to PLD; (vi) hiring employees and outsourced service providers, observing the PLD; and (vii) training employees on the topic.
The PLD must be compatible with customers’ risk profiles; of the institution; operations, products and services; and employees, partners and third-party service providers.
3. Requirements for Formalization of the Money Laundering and Terrorist Financing Prevention Policy (PLD): The PLD must be (i) documented; (ii) approved by the board of directors or, if non-existent, by the institution’s senior officers; and (iii) kept up to date.
Institutions must (i) have a governance structure to ensure compliance with the PLD and (ii) formally appoint to the BCB the senior officer responsible for its compliance.
4. Carrying out an Internal Risk Assessment in relation to the PLD: Institutions must carry out an internal assessment to identify and measure the risk of using their products and services in the practice of money laundering and terrorist financing.
The internal assessment must consider the risk profiles of (i) customers; (ii) the institution, including the business model and geographic area of operation; (iii) operations, transactions, products and services; and (iv) the activities of employees, partners and outsourced service providers.
4. Procedures for Knowing Your Clients In relation to the PLD: Institutions must implement procedures for getting to know their customers, including (i) identifying the customer’s risk profile; (ii) whether it is compatible with the PLD; and (iii) whether it was subjected to internal risk assessment.
Records must be kept of the operations carried out, products and services contracted, including withdrawals, deposits, contributions, payments, receipts and transfers of resources.
5. Institutions Are Obligated to Report to COAF: Operations or situations suspected of money laundering and terrorist financing must be reported to COAF.
The decision to communicate the operation or situation to COAF must (i) be based on the information contained in the dossier; (ii) be recorded in detail in the dossier; and (iii) be carried out by the business day following the communication decision.
6. What Procedures Institutions Should Implement to Get to Know Employees, Partners and Service Providers: Institutions must implement procedures to get to know their employees, partners and service providers, compatible with the PLD.
7. Preparation of Annual Effectiveness Report: Institutions must annually evaluate the effectiveness of the PLDFT, by issuing an Effectiveness Report.
The Effectiveness Report must be (i) prepared annually, with a base date of December 31st; and (ii) forwarded, for information, by March 31 of the following year to the audit committee, if any; and the board of directors or, if non-existent, the institution’s board of directors.
8. Requirement for the Storage of Documents Related to PLDFT by Institutions: Institutions must keep at the disposal of the BCB, (i) for 5 years, documents related to PLDFT, and (ii) for 10 years, information collected from KYC, employees, partners and service providers; of suspicious transactions and the dossier on suspicious transactions.
Compliance with the prevention of money laundering and terrorist financing crimes will be increasingly required from Banks, Credit Unions, Fintechs, DTVMs, Securitization Companies, as well as Fund Administrators and Managers, Investment Advisors, and more organizations that work with the circulation of resources in Brazil and abroad.
