Regulation Regulating the Prevention of Money Laundering, Terrorist Financing and Proliferation of Weapons of Mass Destruction in the Dominican Securities Market, Modified by Resolution R-CNMV-2025-04-MV

SC-07-03-04 Edition 2 Page 1 of 60 This document was prepared by the Securities Market Superintendence with the purpose of facilitating the consultation of the current provisions of the Regulation Regulating the Prevention of Money Laundering, Terrorist Financing and Proliferation of Weapons of Mass Destruction in the Dominican Securities Market, approved through the Single Resolution of the National Securities Market Council, Third Resolution of the National Securities Market Council, R-CNMV-2018-12-MV, dated Eleven (11) December two thousand eighteen (2018) and the Fourth Resolution of the National Securities Market Council, R-CNMV-2025-04-MV, dated twenty-five (25) February two thousand twenty-five (2025) (hereinafter, the “R-CNMV-2025-04-MV”); which are published at: https://simv.gob.do/resoluciones/

REGULATION REGULATING THE PREVENTION OF MONEY LAUNDERING, TERRORIST FINANCING AND PROLIFERATION OF WEAPONS OF MASS DESTRUCTION IN THE DOMINICAN SECURITIES MARKET.

TITLE I GENERAL PROVISIONS

Article 1. Object. This Regulation aims to establish provisions to which obligated subjects registered in the Securities Market Registry (hereinafter, the “Registry”) must adhere, in order to mitigate the risk of being used for money laundering, terrorist financing, and the proliferation of weapons of mass destruction.

Article 2. Scope [Modified by Article 1 of R-CNMV-2025-04-MV]. The formalities provided for in this Regulation apply to obligated subjects (natural or legal persons) who, by virtue of Law No. 155-17 against money laundering, terrorist financing, and the proliferation of weapons of mass destruction, which replaces and repeals Law No. 72-02 on money laundering from illicit drug trafficking, dated first (1st) June two thousand seventeen (2017) (hereinafter, the “Law against Money Laundering”), the Regulation for the Application of Law No. 155-17 Against Money Laundering, Terrorist Financing and the Proliferation of Weapons of Mass Destruction approved by Decree No. 408-17, dated sixteen (16) November two thousand seventeen (2017) (hereinafter, the “Regulation of the Law against Money Laundering”), and the Regulation for the Application of Measures Regarding Preventive Freezing of Assets or Properties Related to Terrorism and its Financing and the Financing of the

SC-07-03-04 Edition 2 Page 2 of 60 Proliferation of Weapons of Mass Destruction, in accordance with Resolutions of the United Nations Security Council 1267 (1999), and 1989 (2011) and successive, Resolution 1988 (2011) and successive, Resolution 1373 (2001) and successive, Resolution 1718 (2006) and successive, and Resolution 2231 (2015) approved by Decree No. 407-17, dated sixteen (16) November two thousand seventeen (2017) (hereinafter, the “Regulation for the Application of Measures Regarding Preventive Freezing of Assets or Properties”), have the duty to comply with obligations aimed at detecting and preventing money laundering, terrorist financing, and the proliferation of weapons of mass destruction. For the purposes of this Regulation, the obligated subjects in the securities market shall be those indicated below: a) Securities intermediaries; b) Investment fund management companies, when they manage open-end funds; and, c) Any other participant registered in the Registry determined by the National Committee Against Money Laundering in accordance with the provisions of the Law against Money Laundering.

Paragraph I. Centralized securities depositories, investment fund management companies that only manage closed-end funds, securitization companies, and public offering fiduciary companies shall be considered obligated subjects with restricted duties, applying only the provisions of Title II (Obligated Subjects with Restricted Duties) of this Regulation, except in those cases where the contrary is expressly provided.

Paragraph II. Entities interested in acting as securities market participants, when applying for registration in the Registry, and securities market participants, must comply with what is provided in Article 63 (Control Measures) of this Regulation.

Article 3. Definitions [Modified by Articles 2, 3 and 4 of R-CNMV-2025-04-MV]. In addition to the definitions and concepts indicated in the Law against Money Laundering, for the purposes of this Regulation, the following are established: a) Distribution Channels. [Modified by Article 2 of R-CNMV-2025-04-MV]. Channels used by obligated subjects to link clients and carry out the provision of products and services for which they are authorized;

SC-07-03-04 Edition 2 Page 3 of 60 b) Financial entity with physical presence. [Eliminated by Article 4 of R-CNMV-2025-04-MV]. c) Shell entity. [Eliminated by Article 4 of R-CNMV-2025-04-MV]. d) Money laundering, terrorist financing, and proliferation of weapons of mass destruction risk factors. [Modified by Article 2 of R-CNMV-2025-04-MV]. Circumstances and characteristics inherent, at a minimum, to clients, products, distribution channels, and jurisdictions or geographic zones, which influence the probability that the obligated subject will be used for money laundering, terrorist financing, and the proliferation of weapons of mass destruction. These risk-generating factors allow determining, analyzing, and constructing the respective money laundering, terrorist financing, and proliferation of weapons of mass destruction risk matrix; e) Risk Matrix. [Modified by Article 2 of R-CNMV-2025-04-MV]. Analytical tool of obligated subjects to identify, evaluate, monitor, manage, and mitigate risks in the area of Prevention of Money Laundering and Terrorist Financing, to which the Securities Market Participant is exposed, with the ultimate aim of identifying existing gaps in their current prevention programs, in order to adapt them to their institutional profile, the identified risks, and their risk appetite, supported by the results reflected in the matrix; f) Source of Funds. [Modified by Article 2 of R-CNMV-2025-04-MV]. Economic, productive, industrial, financial, or labor activity or circumstance that constitutes the lawful source, duly accredited, through which the resources that a client intends to invest through the obligated subjects are generated; g) High-risk countries, jurisdictions, and geographic areas. Those countries, jurisdictions, and geographic areas, national or international, where clients reside or from where or to where their operations proceed, and in whose financial transactions business relationships with the obligated subject intervene that warrant special attention and the application of enhanced due diligence for the prevention of money laundering, terrorist financing, and the proliferation of weapons of mass destruction, taking as reference the countries or jurisdictions considered high-risk by FATF and its regional groups;

SC-07-03-04 Edition 2 Page 4 of 60 h) Origin of Funds. [Modified by Article 2 of R-CNMV-2025-04-MV]. Geographic location, natural or legal person from where the funds that a client intends to invest through the obligated subject originate; i) Commercial Related Parties. [Modified by Article 2 of R-CNMV-2025-04-MV]. Natural or legal persons who have a commercial relationship with the obligated subjects, which may be outsourced or subcontracted service providers, as well as any financial or non-financial counterparty with whom contractual obligations are established, even if occasional; j) Records. [Modified by Article 2 of R-CNMV-2025-04-MV]. Documentation and information stored, collected, and processed in physical or digital format, which constitutes the client file and records all their operations, their business relationship with the obligated subjects, and the due diligence performed; k) Money laundering, terrorist financing, and proliferation of weapons of mass destruction risk. Inherent risk that obligated subjects permanently have and face due to the nature of their business, of being used for money laundering, terrorist financing, or the proliferation of weapons of mass destruction, whether consciously or unconsciously; l) Services. All operations that obligated subjects are authorized to perform with their clients and users through the celebration of an agreement that accredits the provision of the service or contracting of the product; m) Occasional Transaction. It is that transaction that is not habitual, which is carried out sporadically; and, n) Users. Those natural or legal persons to whom, without necessarily being their clients, the obligated subjects provide their services. o) Shell Bank. [Included by Article 3 of R-CNMV-2025-04-MV]. Refers to a financial intermediation entity that does not have a physical presence in the country in which it was constituted and licensed, or, having it, does not carry out banking operations with nationals of that jurisdiction, and is not affiliated to a regulated financial group, subject to effective consolidated supervision. For the purposes of this concept, physical presence means that in a given country the chief executive and senior management are located, according to the definition contemplated in the Corporate Governance Regulation, issued by the National Securities Market Council. The existence of a local agent or low-level personnel shall not be considered as physical presence.

TITLE II OBLIGATED SUBJECTS WITH RESTRICTED DUTIES

Article 4. Obligations of centralized securities depositories [Modified by Articles 5 and 6 of R-CNMV-2025-04-MV, particularly in letters f) and g) and paragraphs IV, V, and VIII]. Centralized securities depositories must adopt, develop, and execute a risk-based compliance program, adequate to the organization, structure, resources, and complexity of the operations they perform. In this sense, they must have a manual for the prevention of money laundering, terrorist financing, and the proliferation of weapons of mass destruction in accordance with their operations, subject to the approval of their board of directors. Said manual will include, in an illustrative and not exhaustive manner, the following aspects: a) Policies and procedures to evaluate risks in money laundering, terrorist financing, and the proliferation of weapons of mass destruction and to mitigate them; b) Criteria for the selection and training of their employees; c) Code of ethics and good conduct; d) Regime of disciplinary sanctions; e) Internal and external whistleblowing channel; f) Designation of a person responsible at the managerial level with technical capacity as a compliance officer, in charge of monitoring the strict observance of the compliance program, among other functions assigned by the entity. This official will serve as a liaison with the Financial Analysis Unit (hereinafter, the “UAF”) and the Securities Market Superintendence (hereinafter, the “Superintendence”). In case of temporary absence (leave or vacation), the position of the compliance officer must be filled in accordance with what is provided in Article 17 (On Substitutions) of this Regulation; and,

SC-07-03-04 Edition 2 Page 5 of 60 g) Policies to perform due diligence on their clients and their commercial related parties.

Paragraph I. The methodology implemented by centralized securities depositories must allow, in a timely manner, to identify, measure, control, mitigate, and monitor potential events of money laundering and terrorist financing risks, and must incorporate the following factors: (a) clients; (b) products or services; (c) geographic areas; and, (d) distribution channels.

Paragraph II. The due diligence that, in accordance with their policies and procedures, centralized securities depositories will apply to their clients or potential clients will include, at a minimum: (a) identification of the legal name, tax identification number, legal form, and proof of existence; (b) Identify the person acting on behalf of the professional depositor and their authorization to do so; (c) Identify and verify the beneficial owner; (d) Understand the ownership, property, and control structure of the professional depositor, as well as the names of the persons holding senior management positions; and, (e) the address of the main office or commercial establishment;

Paragraph III. Centralized securities depositories must perform enhanced due diligence when they have identified higher risks of money laundering or terrorist financing. Likewise, they may apply simplified due diligence when they have identified lower risks. Simplified measures must be proportional to the lower risk factors, but are not acceptable when suspicions of money laundering and terrorist financing arise, or specific scenarios of higher risks occur.

Paragraph IV. [Modified by Article 6 of the Fourth Resolution of the National Securities Market Council, R-CNMV-2025-04-MV, dated twenty-five (25) February two thousand twenty-five (2025)]. Centralized securities depositories must submit to the Financial Analysis Unit (UAF) a detailed report of all transactions carried out in the same month by holders who, individually or consolidated, equal or exceed the amount of fifteen thousand dollars (US$15,000.00) or its equivalent in national currency. Said report will have a monthly periodicity and must be submitted within the first ten (10) business days of the following month, in accordance with the conditions and mechanisms enabled by the Financial Analysis Unit (UAF) for the receipt of this information. Likewise, they must submit to the Superintendence a statistical report on these operations with a semi-annual periodicity and within the first ten (10) business days of the following month according to the format approved by the Superintendence, through technical or operational norm.

Paragraph V. [Modified by Article 6 of the Fourth Resolution of the National Securities Market Council, R-CNMV-2025-04-MV, dated twenty-five (25) February two thousand twenty-five (2025)]. Centralized securities depositories must communicate to the Financial Analysis Unit (UAF) the Suspicious Activity Reports (SARs), within the timeframe and conditions established in the Law against Money Laundering, its complementary regulations, and what is provided by the Financial Analysis Unit (UAF).

Paragraph VI. Centralized securities depositories may not open accounts or offer services to persons with false, coded, anonymous, or any other modality names, that conceal the identity of the holder and the beneficial owner, nor initiate or maintain a commercial or professional relationship when it is not possible to identify and verify the identity of their client or counterparty. A Suspicious Activity Report (SAR) must be filed when the potential client or any participant refuses to provide information for identification.

Paragraph VII. All information and documentation obtained by centralized securities depositories about their clients must be preserved in physical or digital format, for at least ten (10) years after the end of the commercial relationship or after the date of the occasional transaction and updated as required for client files in this Regulation, which will always be available to competent authorities.

Paragraph VIII. [Modified by Article 6 of R-CNMV-2025-04-MV]. Centralized securities depositories may not open accounts or offer services to persons with false, coded, anonymous, or any other modality names, that conceal the identity of the holder and the beneficial owner, nor initiate or maintain a commercial or professional relationship when it is not possible to identify and verify the identity of their client or counterparty. A Suspicious Activity Report (SAR) must be filed when the potential client or any participant refuses to provide information for identification.

Paragraph IX. For the purposes of applying this Regulation, only participants of these entities provided for in Article 309 of Law No. 249-17 of the Securities Market, dated twenty-one (21) December two thousand seventeen (2017) (hereinafter, the “Law”) are considered as clients of centralized securities depositories. Therefore, it is the responsibility of securities intermediaries to create and complete the files of their investor clients and to carry out the due procedures aimed at knowing the client stipulated in the Law against Money Laundering and this Regulation.

Article 5. Obligations of closed-end investment fund management companies. [Modified by Article 7 of R-CNMV-2025-04-MV, particularly in letters f) and g) and paragraphs III and IV]. Management companies that only manage closed-end investment funds must adopt, develop, and execute a risk-based compliance program, adequate to the organization, structure, resources, and complexity of the operations they perform. In this sense, they must have a manual for the prevention of money laundering, terrorist financing, and the proliferation of weapons of mass destruction in accordance with their operations, subject to the approval of their board of directors. Said manual will include, in an illustrative and not exhaustive manner, the following aspects: a) Policies and procedures to evaluate the risks of the entity and of the managed investment funds in the area of money laundering, terrorist financing, and the proliferation of weapons of mass destruction and to mitigate them; b) Criteria for the selection and training of their employees; c) Code of ethics and good conduct; d) Regime of disciplinary sanctions; e) Internal and external whistleblowing channel; f) Designation of a person responsible at the managerial level with technical capacity as a compliance officer, in charge of monitoring the strict observance of the compliance program, among other functions assigned by the entity. This official will serve as a liaison with the UAF and the Superintendence; In case of temporary absence (leave or vacation), the position of the compliance officer must be filled in accordance with what is provided in Article 17 (On Substitutions) of this Regulation; and, g) Policies to perform due diligence on their commercial related parties and on the assets or properties, or their owners or beneficial owners, that make up the managed investment funds, if applicable in accordance with the Law against Money Laundering.

Paragraph I. The methodology implemented by closed-end investment fund management companies must allow, in a timely manner, to identify, measure, control, mitigate, and monitor potential events of money laundering and terrorist financing risks to which they are exposed in accordance with their operations and the type of asset of the investment funds they manage.

Paragraph II. All information and documentation obtained by closed-end investment fund management companies must be preserved, in physical or digital format, for at least ten (10) years after the end of the commercial relationship or after the date of the occasional transaction and updated as required for client files in this Regulation, which will always be available to competent authorities.

Paragraph III. [Modified by Article 8 of R-CNMV-2025-04-MV]. Closed-end investment fund management companies may not make investments on behalf of the managed investment funds nor offer services to persons with false, coded, anonymous, or any other modality names, that conceal the identity of the holder and the beneficial owner, nor initiate or maintain a commercial or professional relationship when it is not possible to identify and verify the identity of their client or commercial related party.

Paragraph IV. [Modified by Article 8 of R-CNMV-2025-04-MV]. Closed-end investment fund management companies must communicate to the Financial Analysis Unit (UAF) the Suspicious Activity Reports (SARs), within the timeframe and conditions established in the Law against Money Laundering, its complementary regulations, and what is provided by the Financial Analysis Unit (UAF).

Paragraph V. Closed-end investment fund management companies must carry out an independent external audit every three (3) years responsible for verifying the effectiveness of the compliance program. The report issued by external auditors must be submitted to the Superintendence, before the end of the ninety (90) business days following December thirty-one (31), scheduled for the closing of the fiscal year in question. The external auditors hired for this purpose must be registered in the Registry.

Paragraph VI. The first submission of the report referred to in the previous Paragraph by closed-end investment fund management companies registered in the Registry will be within the ninety (90) business days of the year two thousand twenty (2020).

SC-07-03-04 Edition 2 Page 10 of 60 Article 6. Obligations of securitization companies and public offering fiduciary companies. [Modified by Article 9 of R-CNMV-2025-04-MV, particularly letters f) and g) and paragraphs VI, VII, and XI]. Securitization companies and public offering fiduciary companies must adopt, develop, and execute a risk-based compliance program, adequate to the organization, structure, resources, and complexity of the operations they perform. In this sense, they must have a manual for the prevention of money laundering, terrorist financing, and the proliferation of weapons of mass destruction in accordance with their operations, subject to the approval of their board of directors. Said manual will include, in an illustrative and not exhaustive manner, the following aspects: a) Policies and procedures to evaluate the risks of the entity and of the administered estates in the area of money laundering, terrorist financing, and the proliferation of weapons of mass destruction and to mitigate them; b) Criteria for the selection and training of their employees; c) Code of ethics and good conduct; d) Regime of disciplinary sanctions; e) Internal and external whistleblowing channel; f) Designation of a person responsible at the managerial level with technical capacity as a compliance officer, in charge of monitoring the strict observance of the compliance program, among other functions assigned by the entity. This official will serve as a liaison with the UAF and the Superintendence; In case of temporary absence (leave or vacation), the position of the compliance officer must be filled in accordance with what is provided in Article 17 (On Substitutions) of this Regulation; and, g) Policies to perform due diligence on their commercial related parties and on the assets or properties, or their owners or beneficial owners, that make up the administered estates, if applicable in accordance with the Law against Money Laundering.

Paragraph I. The methodology implemented by securitization companies and public offering fiduciary companies must allow, in a timely manner, to identify, measure, control, mitigate, and monitor potential events of money laundering and terrorist financing risks to which they are exposed in accordance with their operations and the type of asset of the administered estates.

Paragraph II. All information and documentation obtained by securitization companies and public offering fiduciary companies must be preserved, in physical or digital format, for at least ten (10) years after the end of the commercial relationship or after the date of the occasional transaction and updated as required for client files in this Regulation, which will always be available to competent authorities.

Paragraph III. [Modified by Article 10 of R-CNMV-2025-04-MV]. Securitization companies and public offering fiduciary companies may not make investments on behalf of the administered estates nor offer services to persons with false, coded, anonymous, or any other modality names, that conceal the identity of the holder and the beneficial owner, nor initiate or maintain a commercial or professional relationship when it is not possible to identify and verify the identity of their client or commercial related party.

Paragraph IV. [Modified by Article 10 of R-CNMV-2025-04-MV]. Securitization companies and public offering fiduciary companies must communicate to the Financial Analysis Unit (UAF) the Suspicious Activity Reports (SARs), within the timeframe and conditions established in the Law against Money Laundering, its complementary regulations, and what is provided by the Financial Analysis Unit (UAF).

Paragraph V. Securitization companies and public offering fiduciary companies must carry out an independent external audit every three (3) years responsible for verifying the effectiveness of the compliance program. The report issued by external auditors must be submitted to the Superintendence, before the end of the ninety (90) business days following December thirty-one (31), scheduled for the closing of the fiscal year in question. The external auditors hired for this purpose must be registered in the Registry.

Paragraph VI. The first submission of the report referred to in the previous Paragraph by securitization companies and public offering fiduciary companies registered in the Registry will be within the ninety (90) business days of the year two thousand twenty (2020).

Paragraph VII. [Modified by Article 11 of R-CNMV-2025-04-MV]. Securitization companies and public offering fiduciary companies must submit to the Financial Analysis Unit (UAF) a detailed report of all transactions carried out in the same month by holders who, individually or consolidated, equal or exceed the amount of fifteen thousand dollars (US$15,000.00) or its equivalent in national currency. Said report will have a monthly periodicity and must be submitted within the first ten (10) business days of the following month, in accordance with the conditions and mechanisms enabled by the Financial Analysis Unit (UAF) for the receipt of this information. Likewise, they must submit to the Superintendence a statistical report on these operations with a semi-annual periodicity and within the first ten (10) business days of the following month according to the format approved by the Superintendence, through technical or operational norm.

Paragraph VIII. Securitization companies and public offering fiduciary companies may not open accounts or offer services to persons with false, coded, anonymous, or any other modality names, that conceal the identity of the holder and the beneficial owner, nor initiate or maintain a commercial or professional relationship when it is not possible to identify and verify the identity of their client or counterparty. A Suspicious Activity Report (SAR) must be filed when the potential client or any participant refuses to provide information for identification.

Paragraph IX. All information and documentation obtained by securitization companies and public offering fiduciary companies about their clients must be preserved in physical or digital format, for at least ten (10) years after the end of the commercial relationship or after the date of the occasional transaction and updated as required for client files in this Regulation, which will always be available to competent authorities.

Paragraph X. For the purposes of applying this Regulation, only participants of these entities provided for in Article 309 of Law No. 249-17 of the Securities Market, dated twenty-one (21) December two thousand seventeen (2017) (hereinafter, the “Law”) are considered as clients of securitization companies and public offering fiduciary companies. Therefore, it is the responsibility of securities intermediaries to create and complete the files of their investor clients and to carry out the due procedures aimed at knowing the client stipulated in the Law against Money Laundering and this Regulation.

Paragraph XI. [Modified by Article 12 of R-CNMV-2025-04-MV]. Securitization companies and public offering fiduciary companies must designate a person responsible at the managerial level with technical capacity as a compliance officer, in charge of monitoring the strict observance of the compliance program, among other functions assigned by the entity. This official will serve as a liaison with the UAF and the Superintendence. In case of temporary absence (leave or vacation), the position of the compliance officer must be filled in accordance with what is provided in Article 17 (On Substitutions) of this Regulation.