Notice No. 14/2020 of 22 June

PUBLISHED IN THE OFFICIAL GAZETTE, 1ST SERIES, NO. 89, OF 22 JUNE NOTICE NO. 14/2020 SUBJECT: FINANCIAL SYSTEM

• Rules on the Prevention and Combating of Money Laundering, Terrorism Financing and Proliferation Financing Considering the need to align the regulatory framework for Financial Institutions regarding the prevention and combating of money laundering, terrorism financing and proliferation of weapons of mass destruction, taking into account the provisions set out in Law No. 05/20 of 27 January – the Money Laundering, Terrorism Financing and Proliferation Financing Prevention and Combating Law; There is also a need to ensure that existing regulations align with international best practices regarding the conditions for exercising activities, procedures, instruments, mechanisms, application formalities, information reporting obligations and other aspects necessary to comply with the duties of preventing money laundering, terrorism financing and proliferation of weapons of mass destruction, within the scope of activities of Financial Institutions subject to the supervision of the Banco Nacional de Angola; Under the combined provisions of point f) of paragraph 1 of Article 21 and points d) of paragraph 1 of Article 51, both of Law No. 16/10 of 15 July – the Banco Nacional de Angola Law, combined with Article 64 of Law No. 12/15 of 17 June – the Financial Institutions Framework Law. IT IS HEREBY DETERMINED: CHAPTER I Common Provisions Section I General Provisions Article 1. (Object) This Notice establishes the rules on the conditions for the effective implementation of the obligations set out in Law No. 05/20 of 27 January, the Money Laundering, Terrorism Financing and Proliferation Financing Prevention and Combating Law, as well as the conditions for exercising activities, instruments, mechanisms and formalities inherent to the prevention and combating of money laundering, terrorism financing and proliferation of weapons of mass destruction.

CONTINUATION OF NOTICE NO. 14/20 Page 2 of 32 Article 2. (Scope) This Notice applies to Financial Institutions under the supervision of the Banco Nacional de Angola.

Article 3. (Definitions) Without prejudice to the definitions established in Article 3 of Law No. 05/20 of 27 January, for the purposes of this Notice, it is understood that: a) Client - an individual or corporate person, group of individuals or corporate persons, public or private, affiliated or not, acting together, contractually linked to a Financial Institution to which it offers products or services. b) Compliance Officer - responsible for coordinating and monitoring the implementation of the money laundering, terrorism financing and proliferation financing prevention system, including respective internal control procedures, as well as for centralizing information and reporting operations susceptible to money laundering, terrorism financing and proliferation of weapons of mass destruction to the Financial Information Unit and other competent authorities. c) Employee - any individual person who, in the name or interest of the Financial Institution and under its authority or dependency, participates in the execution of any operations, acts or procedures inherent to the activity pursued by that institution, regardless of whether it has a labor-related (internal employee) or non-labor-related (external employee) link with the same.

CONTINUATION OF NOTICE NO. 14/20 Page 3 of 32 d) Suspicious operations - operations that give rise to indications regarding the commission of money laundering, terrorism financing and proliferation of weapons of mass destruction crimes. e) "Foreign Exchange Resident and Non-Foreign Exchange Resident" - as defined in Law No. 05/97 of 27 June – the Foreign Exchange Law.

Section II Risk Assessment Obligation

Article 4. (Review of Risk Assessment)

1. The Financial Institution must carry out risk assessments in accordance with Article 9 of Law No. 05/20 of 27 January and update them at intervals not exceeding 12 (twelve) months.
2. The frequency of total or partial updates to the Financial Institution's risk assessment may be extended up to 24 (twenty-four) months, whenever the nature, size and complexity of the activity pursued by the Financial Institution justify it, and the specific operational reality or business area or product in question presents a lower exposure to money laundering, terrorism financing and proliferation of weapons of mass destruction risks.
3. The Financial Institution must ensure that the risk assessment results referred to in the preceding paragraphs are reflected and effectively implemented in the internal risk management and mitigation policies and procedures established within the Institution.
4. All relevant business units and/or employees must be informed about the policies, procedures and any other risk management and mitigation measures for identified risks.
5. The Financial Institution must carry out, whenever necessary, periodic, regular or extraordinary tests on its risk management and mitigation measures, policies and procedures, as well as be subject to oversight by internal control structures.
6. The deficiencies identified in the instruments mentioned in the preceding paragraph of this article must be brought to the attention of the Compliance Officer for necessary adjustments.

CONTINUATION OF NOTICE NO. 14/20 Page 4 of 32 Article 5. (Information Sources)

1. For the identification, assessment and mitigation of concrete money laundering, terrorism financing and proliferation of weapons of mass destruction risks, the Financial Institution must rely on sound, credible and diversified information sources regarding their origin and nature.
2. To comply with the preceding paragraph, the Financial Institution may rely, among others, on the following sources: a) Information, guidelines or alerts issued or disseminated by the Banco Nacional de Angola, relating to specific or emerging risk typologies and identification methods or suspicion indicators; b) Information, guidelines or alerts from the Financial Information Unit ("FIU") or law enforcement authorities, relating to specific or emerging risk typologies and identification methods or suspicion indicators; c) Information, guidelines or alerts issued by the Government, relating to money laundering prevention and terrorism financing and proliferation of weapons of mass destruction; d) Information resulting from the national risk assessment; e) Lists issued by public bodies, notably regarding politically or publicly exposed functions or their holders, when applicable; f) Analyses and internal documents of the Financial Institution, including information collected during identification and due diligence procedures, as well as internally prepared and updated lists and databases; g) Independent and credible information from civil society or international organizations, such as: i. Corruption indices or specific assessment reports on jurisdictions where the Financial Institution operates; ii. Other publicly disclosed reports or documents on corruption levels and income associated with politically or publicly exposed functions in a given country or jurisdiction; iii. Mutual evaluation reports of the Financial Action Task Force (FATF) or its regional bodies; and iv. Any other listings issued by relevant international organizations. h) Information from the internet and media outlets, provided they are of independent and credible source; i) Information contained in databases, lists, risk reports and other analyses from commercial sources available on the market; j) Official statistical data of national or international origin; k) Relevant academic output; and l) Information provided by other Financial Institutions or institutions of a similar nature, insofar as legally admissible.
3. The Financial Institution must adapt its use of the information sources mentioned in the preceding paragraph to its specific operational reality, taking into account at least the risks identified under paragraph 1 of Article 9 and Article 10, both of Law No. 05/20 of 27 January.

CONTINUATION OF NOTICE NO. 14/20 Page 5 of 32 Article 6. (Tools and Software Applications)

1. For the purpose of assessing, managing and mitigating its risk, the Financial Institution must implement software tools or applications that are instrumental or auxiliary for fulfilling the obligations and duties set out in Law No. 05/20 of 27 January.
2. The software tools and applications referred to in the preceding paragraph must, at least, allow: a) The recording of identifying data and other elements relating to clients, their representatives and beneficial owners, as well as related updates; b) The detection of circumstances susceptible to parameterization that should justify the update of those identifying data and elements; c) The definition and updating of the risk profile associated with clients, business relationships, occasional transactions and operations in general; d) The monitoring of clients and operations against identified risks, including the timely detection of: i. Material changes to a given client's or related group of clients' operational pattern; and ii. Operations or set of operations that exhibit characteristics indicating suspicion. e) The detection of the acquisition of politically exposed person status or holder of another political or public office, as well as any other specific quality that should motivate the intervention of a senior management member or another higher-level element; f) The detection of any persons or entities identified in restrictive measures, notably those arising from United Nations Security Council resolutions, or others; g) The blocking or suspension of establishing or continuing a business relationship, as well as carrying out an occasional transaction or operation in general, whenever dependent on the intervention of a senior management member or another higher-level element; h) The blocking or suspension of carrying out operations or sets of operations, notably when: i. The Financial Institution must refrain from carrying out a given operation or set of operations, in the face of potential suspicions; and ii. The Financial Institution must comply with freezing obligations arising from financial sanctions referred to in point f) of this article. i) The timely extraction of reliable and understandable information supporting analysis and decision-making by relevant internal structures, as well as the exercise of legally mandated reporting and collaboration obligations; and j) The software tools and information systems referred to in the preceding paragraphs, particularly regarding their level of informatization and parameterization, must be proportional to the nature, size and complexity of the Financial Institution's activity, as well as to the risks associated with each business area.
3. Without prejudice to the preceding paragraph, the Financial Institution must also adopt tools and applications that allow: a) Assessing the quality of "holder of another political or public office" before establishing the business relationship or carrying out an occasional transaction, as well as subsequent acquisition of that quality during the course of the business relationship; and b) Permanently identifying the risk level associated with business relationships and occasional transactions, as well as changes to that risk level during the course of the business relationship.
4. Following the cessation of any of the functionalities referred to in the preceding paragraph, the Financial Institution adopts procedures aimed at assessing whether its clients continue to represent an increased risk of money laundering, terrorism financing and proliferation of weapons of mass destruction, based on their profile and the nature of operations conducted before and after said cessation.
5. The Financial Institution ensures that the adoption of software tools and applications is carried out in a manner guaranteeing their full and immediate access, whenever requested by the Banco Nacional de Angola.
6. Depending on financial capacity, business volume, activity risk and mitigation capability, with proof of compliance with obligations regarding money laundering, terrorism financing and proliferation of weapons of mass destruction prevention, non-banking Financial Institutions may request the Banco Nacional de Angola to dispense with implementing software applications as provided in paragraph 1 of this article.

CONTINUATION OF NOTICE NO. 14/20 Page 6 of 32 CHAPTER II Obligations of Financial Institutions Section I Client Identification and Due Diligence Obligation

Article 7. (Collection and Verification of Client Identification)

1. The Financial Institution must collect and retain information regarding clients, their representatives and beneficial owners before the start of the business relationship, requesting at minimum the following elements: a) Individuals: i. Full name and signature; ii. Date of birth; iii. Nationality; iv. Full residential address or, if not possible, any other contacts considered valid by the financial institution; v. Profession and employer, where applicable; vi. Identification document used, identification number, expiry date and issuing authority; and vii. Nature and amount of income. b) Corporate Persons or Entities without Legal Personality: i. Full corporate name of the corporate person or entity without legal personality; ii. Corporate object and business purpose; iii. Registered address, location where management bodies exercise their activity, representative office, permanent establishment; iv. Tax Identification Number (TIN); v. Commercial registry number; vi. Identity of holders of capital and voting rights in the corporate person valued at 20% or more; and vii. Identity of corporate attorneys/proxies and respective mandate. c) Regarding individual traders, the elements necessary to initiate the business relationship include the Tax Identification Number (TIN), corporate name, registered address and corporate object, in addition to the identification elements referred to in point a) of paragraph 1 of this article; d) Regarding real estate condominiums under horizontal property regime and autonomous patrimony, contracted under general legislation, the regime provided for in point b) of paragraph 1 of this article applies, with necessary adaptations; and e) In commercial companies in the process of incorporation, account opening and movement are regulated by applicable legislation.
2. The verification of information must be proven, through presentation of the following valid documents: a) Individuals: i. The identification elements mentioned in points i), ii) and iii), point a) of paragraph 1, must be verified as follows: a. By foreign exchange residents through presentation of the identity card or residence card issued by the competent authority, showing photograph, full name, date of birth and nationality; and b. By foreign exchange non-residents through presentation of the passport, except for Angolan nationality non-residents who may present an identity card showing photograph, full name, date of birth and nationality. ii. The full residential address, profession, respective employer where applicable, must be proven through any document, means or procedure considered valid, sound and sufficient to demonstrate the provided information; and iii. The identification element mentioned in point vii) of point a) of paragraph 1 must be verified through presentation of a salary declaration/receipt, contract or equivalent sound document. b) Corporate Persons or Entities without Legal Personality: i. Regarding resident corporate persons or entities without legal personality, the identification elements mentioned in points i), ii), iii) and v) of point b) of paragraph 1 must be verified through presentation of the commercial registry certificate, issued by the Commercial Registry Office or another public document proving it, namely a copy of the Official Gazette containing the publication of the articles of association or notarized deed of incorporation; ii. Regarding non-resident corporate persons or entities without legal personality, the identification elements mentioned in points i), ii) and iii) of point b) of paragraph 1 must be verified through presentation of proof of commercial registry or another valid public document, duly certified by the competent authorities of the country of residence, and authenticated by the Angolan consular representation in the country of origin; and iii. The identification element mentioned in point iv) of point b) of paragraph 1 must be verified through presentation of the Tax Identification Card or equivalent issued by the National Directorate of Taxes of the Ministry of Finance; the identification elements mentioned in point vi) of point b) of paragraph 1 must be proven through presentation of the constituent general meeting minutes as well as the minutes amending the shareholder or partner structure; and iv. The identification element mentioned in point vii) of point b) of paragraph 1 must be proven through presentation of the identification elements of the attorneys/proxies as well as power of attorney or another legally admissible document to confer mandate. c) When establishing the business relationship in the name of minors who, due to their age, do not hold any of the documents referred to in point a) of paragraph 2, proof of their identification elements must be carried out by exhibiting a personal registration card if they are foreign exchange residents, or an equivalent public document if non-resident, presented by someone demonstrating legitimacy as their legal representative for establishing the business relationship, and their identity must be verified at the start of the business relationship.

CONTINUATION OF NOTICE NO. 14/20 Page 7 of 32 Article 8. (Timing of Identity Verification) In accordance with Article 12 of Law No. 05/20 of 27 January, whenever the verification of identity and information regarding the client is postponed to a moment after the start of the business relationship, it must occur within 15 (fifteen) days, counted from the start of said business relationship.

Article 9. (Occasional Transactions)

1. The Financial Institution must collect and retain information whenever, in person or remotely, a client intends to carry out occasional transactions, whose amount is higher in national currency or another, equivalent to USD 15,000.00 (Fifteen Thousand United States Dollars), regardless of whether the transaction is carried out through a single operation or through several operations that appear to be related.
2. Related operations are considered, among others, those observing one of the following conditions: a) Multiple senders to the same beneficiary; and b) One sender to multiple beneficiaries.
3. At minimum, the following identification elements mentioned in paragraph 1 of Article 7 and respective proof documents stated in paragraph 2 of the same article must be required from the person or entity intending to carry out the transaction, and where applicable to their representatives and beneficial owners, namely: a) Individuals: elements provided in point a) of paragraph 2 of Article 5 of this Notice; b) Corporate Persons: elements provided in point b) of paragraph 2 of Article 5 of this Notice; c) Individual Traders: elements provided in point a) of this article; and d) Real Estate Condominiums under Horizontal Property Regime and Autonomous Patrimony: elements provided in point b) of this article.
4. If occasional transactions are requested in the name of minors who, due to their age, do not hold any of the documents referred to in point a) of paragraph 2 of Article 5 of this Notice, proof of their identification elements must be carried out by exhibiting a personal registration card if they are foreign exchange residents, or an equivalent public document if non-resident, presented by someone demonstrating legitimacy as their legal representative to carry out the occasional transaction, and their identity must be verified at the time of carrying out the occasional transaction.

Article 10. (Mechanisms for Identifying Beneficial Owners)

1. The Financial Institution must require the beneficial owner to provide the same elements and proof documents for identification that it would require from the client, in accordance with point a) of paragraph 1 and point a) of paragraph 2 of Article 7 of this Notice.
2. Appropriate means for determining the identity of the beneficial owner must include, namely: a) Authenticated document confirming the identity of the beneficial owner; b) Copy of the trust agreement or partnership agreement, or other equivalent document; c) Constituent general meeting minutes as well as minutes amending the shareholder or partner structure; and d) Other reliable information, which the financial institution considers relevant.

Article 11. (Simplified Due Diligence Procedures)

1. The Financial Institution may, in accordance with Article 13 of Law No. 05/20 of 27 January, apply simplified due diligence procedures.