Instruction COSOB No. 24-09 of November 27, 2024, on the Annual Report on the Anti-Money Laundering, Counter-Terrorist Financing, and Counter-Proliferation Financing Framework

Instruction COSOB No. 24-09 of November 27, 2024, on the Annual Report on the Framework for the Prevention and Fight Against Money Laundering, Terrorist Financing, and the Financing of Proliferation of Weapons of Mass Destruction.

Art. 1: This instruction aims to define the content of the annual report on the framework for the prevention and fight against money laundering, terrorist financing, and the financing of proliferation of weapons of mass destruction, in accordance with the provisions of Article 39 of COSOB Regulation No. 24/01 of July 17, 2024, relating to the prevention and fight against money laundering, terrorist financing, and the financing of proliferation of weapons of mass destruction.

Art. 2: Regulated entities must transmit to COSOB an annual report on the framework for the prevention and fight against money laundering, terrorist financing, and the financing of proliferation of weapons of mass destruction, within a period of three months from the closing of each fiscal year.

Art. 3: This report must be prepared by an authorized person designated by the regulated entity. It must be signed by said authorized person, who attests to the accuracy and completeness of the information provided. Furthermore, the report must bear the official seal of the regulated entity, thereby guaranteeing its authenticity and validity.

Art. 4: The report must cover the evaluation of the effectiveness of programs, policies, information systems, and procedures, as well as vigilance and internal control measures put in place by the regulated entity within the framework of the duty of vigilance and the fight against money laundering, terrorist financing, and the financing of proliferation of weapons of mass destruction.

Art. 5: The report must include the following elements:

• Governance of the framework for the prevention and fight against money laundering, terrorist financing, and the financing of proliferation of weapons of mass destruction;
• Internal regulatory framework;
• Operational framework;
• Technical means;
• Control program;
• Training and awareness;
• Key figures and analyses;
• Action plan.

A model report is attached to this instruction to serve as a guide.

Art. 6: Any failure to meet these requirements may result in legal and regulatory consequences for the concerned regulated entity.

Art. 7: This instruction enters into force as of its date of signature.

Done in Algiers, on November 27, 2024 The President BOUZENADA Youcef

Annex Report Model

Table of Contents Introduction 1- Presentation of the Regulated Entity 2- Presentation of Money Laundering, Terrorist Financing, and Financing of Proliferation of Weapons of Mass Destruction (ML/TF/FP) risks to which the regulated entity is exposed

I- ML/TF Governance

1. Role and involvement of decision-making bodies (board, specialized committees...)
2. Organization of the ML/TF/FP function
3. Appointment of managers

II- Internal Regulatory Framework:

1. Description of the ML/TF/FP policy
2. Procedures in force
3. Latest updates to internal standards

III- Operational Framework:

1. Due diligence upon establishing a business relationship (identification, verification, PEP detection...)
2. Ongoing vigilance measures (re-evaluations, enhanced monitoring...)
3. Criteria and scenarios for detecting atypical operations
4. Process for additional analysis and qualification of suspicions
5. Reporting modalities to the CTRF (Financial Intelligence Unit)

IV- Technical Means

1. Dedicated tools
2. Databases used
3. Interfaces with other applications
4. ML/TF IT projects of the past year

V- Control Program:

1. Permanent controls
2. Periodic audit missions carried out
3. Main failures and recommendations
4. Control and audit plan for the coming year

VI- Training and Awareness

1. ML/TF/FP training plan
2. Assessment of training provided
3. Internal communications and awareness actions
4. E-learning materials and documentation

VII- Key Figures and Analyses

1. Statistics on business relationships, suspicion reports...
2. Year-over-year (N/N-1) comparison and analysis of developments
3. Particular cases or typologies of detected operations

VIII- Action Plan

1. Main ML/TF/FP projects and initiatives ongoing and upcoming
2. Strategic axes for strengthening the framework
3. Dedicated resources (human, budgets...)

Annexes

1. Extract of the ML/TF/FP risk map
2. Organizational chart of the operational framework
3. Audit and control reports (extracts)
4. KYC Model

Introduction

1. Presentation of the Regulated Entity: a) Identification of the Regulated Entity: Name of the regulated entity, legal form, registered office, and contact information. The regulated entity must also mention relevant registration information, such as the registration number in the commercial register and others. b) Description of Activity: A clear summary of main activities, highlighting specific services offered by the regulated entity that place it under the ML/TF/FP regulatory regime. This could include, for example, portfolio management, investment advisory services, securities trading, etc. c) Organizational Structure: An overview of the regulated entity's structure, including main departments or divisions, with particular emphasis on those playing a role in ML/TF/FP risk management (such as the compliance department). d) Legal and Regulatory Framework: Details on authorizations, qualifications, and specific regulatory obligations framing the regulated entity's activities, particularly in relation to ML/TF/FP.

2. Presentation of ML/TF/FP Risks to which the Regulated Entity is Exposed: a) Client-related Risks: Identification of client categories representing a higher risk level (e.g., politically exposed persons, companies in high-risk jurisdictions). b) Product and Service-related Risks: Detail of financial products or services that may be susceptible to increased ML/TF/FP risks (such as products facilitating transaction anonymity).

I- ML/TF Governance 1- Role and Involvement of Decision-Making Bodies (Board, Specialized Committees...): a) Board of Directors: Role of the board in:

• Defining the organization's global ML/TF policy,
• Approving major strategies and policies,
• Ensuring the adequacy of resources allocated to the ML/TF function,
• Supervising the effectiveness of implemented policies and procedures. b) Specialized Committees: Cite existing committees such as the Audit Committee, Risk Committee, or a specialized ML/TF Committee and their role in more specifically supervising compliance activities.

2- Organization of the ML/TF Function a) Hierarchical Reporting: The hierarchical reporting line of the anti-money laundering and counter-terrorist financing function within the company or structure. b) Staffing: Details regarding the staff dedicated to the anti-money laundering and counter-terrorist financing function within the company or structure. More precisely:

• The total number of employees;
• Staff distribution;
• Qualifications and skills;
• Resource needs;
• Recent developments. c) Qualifications: Details regarding the qualifications of the members of the team in charge of the anti-money laundering and counter-terrorist financing function, notably:
• Qualifications;
• Professional experience;
• Continuous training;
• Specific skills.

3- Appointment of Managers a) Compliance Officer (CTRF Correspondent): Detailed information concerning this manager, specifying:

• Name;
• Position;
• Powers and responsibilities;
• Qualifications and Experience;
• Specific training received.

II- Internal Regulatory Framework: 1- Description of the ML/TF Policy: a) Scope: Clearly define the areas of activity and parts of the company or structure covered by the ML/TF policy; b) Guiding Principles: State the fundamental principles guiding actions and decisions in the field of ML/TF such as integrity, transparency, accountability, and adherence to applicable laws and regulations, etc. c) Dissemination: Describe how the policy is communicated within the company or structure. Such as mandatory training sessions for all employees, availability of the policy on the company intranet, and regular summaries or bulletins to keep personnel informed of relevant developments.

2- Procedures in Force: a) KYC (Know Your Customer): Explain the customer due diligence procedures put in place, including measures to identify and verify client identity, understand the nature of their activities, and assess their ML/TF risk. b) Vigilance: Detail of ongoing monitoring measures of transactions and business relationships to detect suspicious or unusual activities. Include details on automated systems used, if applicable. c) Analyses: Description of the risk analysis processes associated with clients, products, services, and geographies. Mention how these analyses are used to adjust monitoring and control levels. d) Reporting: Specify the procedures for reporting suspicious activities to the CTRF. Include information on the internal decision-making process to move from detection to reporting.

3- Latest Updates to Internal Standards a) Regular Updates: Provide details on the latest revisions of the ML/TF policy and procedures, specifying dates and reasons for updates. Mention how these updates are integrated into the organization's daily practices. b) Response to Regulatory Evolutions: Explain how changes in legislation or regulation have been integrated into the internal regulatory framework. c) Feedback and Improvements: Discuss internal feedback mechanisms, such as internal and external audits, compliance reviews, and employee satisfaction surveys, which can influence updates to policies and procedures.

III- Operational Framework: 1- Due Diligence upon Establishing a Business Relationship (Identification, Verification, PEP Detection...) a) Identification and Verification: Describe measures taken to formally identify all new clients, including the collection of valid identity documents and other relevant information according to the client's risk profile. b) Detection of Politically Exposed Persons (PEPs) and Beneficial Owners: Explain the specific process for identifying PEPs, which requires heightened vigilance due to their position and potential high risk of being involved in corruption or money laundering activities. The same applies to beneficial owners.

2- Ongoing Vigilance Measures (Re-evaluations, Enhanced Monitoring...): a) Periodic Re-evaluations: Discuss the frequency and circumstances under which client profiles are re-evaluated, notably based on their risk classification. b) Enhanced Monitoring: Detail the conditions and processes for implementing enhanced monitoring for categories of clients, transactions, or geopolitical situations presenting a higher risk.

3- Criteria and Scenarios for Detecting Atypical Operations: a) Definition of Atypical Operations: Clarify the criteria used to identify an operation as atypical, based on thresholds, patterns, frequencies, volumes, etc. b) Detection Scenarios: Enumerate and explain the different scenarios or models of transactional behaviors that are systematically monitored to detect potentially suspicious activities.

4- Process for Additional Analysis and Qualification of Suspicions: a) Analysis Steps: Describe the process followed once an atypical operation is detected, including initial assessment, more in-depth investigation, and qualification of the activity as suspicious or not. b) Qualification Criteria: Detail the specific criteria used to decide if an operation should be classified as suspicious and reported to competent authorities.

5- Reporting Modalities to the CTRF: a) Reporting Process: Present the formal steps to be followed for reporting suspicious activities, including formats, communication channels, and deadlines to be respected. b) Internal Coordination: Explain how information flows between different departments (such as compliance, operations, security) to ensure consistent and effective reporting. c) Data Protection and Confidentiality: Mention measures taken to protect sensitive information throughout the reporting process.

IV- Technical Means 1- Dedicated Tools (Filtering, Profiling, Operation Monitoring...): a) Filtering: Description of systems used to filter transactions and clients against watchlists, including sanctions lists and suspicious transaction watchlists. b) Profiling: Explanation of the use of profiling tools to identify abnormal transaction behaviors or increased risks based on historical client behavior or predefined models. c) Operation Monitoring: Detail of systems in place for continuous monitoring of financial operations, enabling real-time detection of suspicious activities and generation of alerts.

2- Databases Used (Internal Lists, External Lists...): a) Internal Lists: Presentation of internal databases developed to track and manage information on clients, suspicious transactions, and past investigations. b) External Lists: Discussion on the use of lists provided by third parties, including international sanctions lists, PEP lists, and other critical databases for verifying client and associated party backgrounds.

3- ML/TF IT Projects of the Past Year a) Improvements Made: Summary of upgrades and improvements made to existing tools to increase their effectiveness and coverage. b) New Deployments: Presentation of new tools and technologies adopted during the year to respond to evolving money laundering and terrorist financing threats.

V- Control Program: 1- Permanent Controls (Tracks, Managers, Methodology): a) Control Tracks: Detail of processes and procedures followed to continuously monitor suspicious activities. b) Managers: Identification of persons or departments responsible for applying controls, including details on their role and responsibilities. c) Methodology: Description of methods and techniques used to conduct controls, including the use of computer systems, data analysis, etc.

2- Periodic Audit Missions Carried Out: a) Frequency and Type of Audits: Specify how many times audits were conducted and whether they were internal or external. b) Main Findings: Summary of main observations made during audits. c) Actions Taken: Describe measures taken in response to audit results.

3- Main Failures and Recommendations: a) Identified Failures: List of main weaknesses discovered in ML/TF controls during the year. b) Recommendations: Advice or suggestions on how to improve existing controls, based on observed failures and sector best practices.

4- Control and Audit Plan for the Coming Year a) Strategic Objectives: Define clear objectives for improving control and audit processes. b) Audit Planning: Calendar of audits to be conducted, including their nature (internal or external) and frequency. c) Training Initiatives: Programs planned to improve employee awareness and competence in ML/TF.

VI- Training and Awareness 1- ML/TF Training Plan (Modules, Target Population): a) Training Modules: Detail of the different modules or courses composing the training program, briefly explaining the content of each. b) Target Population: Identification of employee groups required to undergo these trainings, based on their role or exposure to ML/TF risk.

2- Assessment of Training Provided (Topics, Participants, Formats) a) Topics Covered: List of subjects treated during trainings (e.g., identification of suspicious behaviors, reporting procedures, etc.). b) Participants: Number and profile of employees who participated in trainings. c) Formats: Description of training methods used (online, in-person, workshops, webinars, etc.).

3- Internal Communications and Awareness Actions: a) Regular Communications: Information on bulletins, emails, or internal announcements related to ML/TF. b) Special Events: Details on events organized by the company to promote ML/TF awareness, such as awareness days, seminars, etc. c) Employee Feedback and Engagement: How employees are encouraged to provide feedback or actively participate in the compliance culture.

4- E-learning Materials and Documentation a) E-learning Materials: Details on online learning platforms used for ML/TF training, including interactive features or knowledge tests. b) Documentation: List of manuals, guides, standard operating procedures (SOPs), and other documents supporting staff training and awareness on ML/TF.

VII- Key Figures and Analyses 1- Statistics on Business Relationships, Suspicion Reports… a) Business Relationships: Number of new business relationships established during the year, possibly broken down by client type or sector. b) Suspicion Reports: Total number of suspicion reports filed during the year, possibly with a breakdown by type of suspicion or department. c) It is also useful to include statistics on other relevant indicators, such as monitored transactions, alerts generated by monitoring systems, or cases transmitted to regulatory or judicial authorities.

2- Year-over-Year (N/N-1) Comparison and Analysis of Developments: a) Trends and Developments: Compare current year figures with previous year figures to highlight significant trends, increases, or decreases. b) Cause Analysis: Explain possible reasons for observed changes, whether related to regulatory changes, market evolution, technological improvements, or internal initiatives.

3- Particular Cases or Typologies of Detected Operations a) Particular Cases: Detail some examples of cases that were particularly significant, complex, or unusual. Explain the context, how they were detected and managed, and lessons learned. b) Operation Typologies: If new money laundering methods or patterns were identified during the year, describe them in detail to illustrate the organization's ability to adapt to new threats.

VIII- Action Plan 1- Main ML/TF Projects and Initiatives Ongoing and Upcoming a) Ongoing Projects: Present projects or initiatives currently under development or implementation, explaining their objective, progress status, and expected benefits for the ML/TF framework. b) Upcoming Projects: List projects planned for the following year, specifying their scope, specific objectives, and how they fit into the global ML/TF fight strategy.

2- Strategic Axes for Strengthening the Framework a) Improvement of Monitoring Systems: For example, integration of new data analysis technologies or AI-based solutions to improve detection of suspicious activities. b) Training and Awareness: Detail of programs aimed at strengthening employee knowledge and vigilance regarding ML/TF. c) Collaboration and Information Exchange: Initiatives to improve collaboration with other financial entities, regulators, or law enforcement. d) Revision of Policies and Procedures: Plans for updating internal policies to ensure they remain compliant with the most recent laws and regulations.

3- Dedicated Resources (Human, Budgets…) a) Budgets: Provide information on the budget allocated to ML/TF initiatives, including planned increases to support new projects or improvements to existing systems. b) Technology Investments: Describe specific investments in advanced technologies that will help strengthen ML/TF detection and risk management capabilities.

Annexes:

1. Extract of the ML/TF Risk Map
2. Operational Framework Flowchart
3. Audit and Control Reports (Extracts):
4. KYC Model: