COSOB Guidelines No. 02/2025 of March 27, 2025 on Due Diligence Measures Towards Clients

---

People's Democratic Republic of Algeria

Commission for the Organization and Supervision of Stock Market Operations – COSOB –

Stock Market Operations Organization and Supervision Committee Anti-Money Laundering, Counter-Terrorist Financing, and Counter-Proliferation Financing Cell

Cell for Combating Money Laundering, Terrorist Financing, and the Financing of Proliferation of Weapons of Mass Destruction

GUIDELINES NO. 02-2025 OF MARCH 27, 2025 ON DUE DILIGENCE MEASURES TO BE TAKEN TOWARDS CLIENTS V 1.0

COSOB – MARCH 2025

---

Introduction:

These guidelines are part of a global strategy aimed at strengthening awareness and guidance for entities subject to the control of the Commission for the Organization and Supervision of Stock Market Operations "COSOB," with the goal of ensuring effective and durable compliance with necessary financial due diligence procedures. These measures are closely linked to the prevention and fight against money laundering, terrorist financing, and the financing of the proliferation of weapons of mass destruction.

The objective of these guidelines is to define the necessary measures to implement appropriate due diligence actions, in full compliance with the recommendations of the Financial Action Task Force (FATF), particularly recommendations (10), (11), (16), (18), (19), and (34).

The main purpose of these guidelines is to ensure the effective implementation of these measures, contributing to strengthening financial security against money laundering, terrorist financing, and the financing of the proliferation of weapons of mass destruction through the financial system, in accordance with international standards of best practices in this field.

I. Legal and Regulatory References

• Ordinance No. 66-156 of 18 Safar 1386, corresponding to June 8, 1966, establishing the Penal Code, as amended and supplemented;
• Law No. 05-01 of 27 Dhou El Hidja 1425, corresponding to February 6, 2005, relating to the prevention and fight against money laundering and terrorist financing, as amended and supplemented;
• Executive Decree No. 25-101 of 12 Ramadhan 1446, corresponding to March 12, 2025, relating to the procedure for freezing and/or seizure of funds in the context of the prevention and fight against terrorist financing and the financing of the proliferation of weapons of mass destruction;
• Executive Decree No. 23-429 of 15 Joumada El Oula 1445, corresponding to November 29, 2023, relating to the public register of beneficial owners of legal persons under Algerian law;
• Executive Decree No. 25-102 of 12 Ramadhan 1446, corresponding to March 12, 2025, fixing the composition, organization, and functioning of the committee for monitoring targeted international sanctions;
• Executive Decree No. 25-103 of 12 Ramadhan 1446, corresponding to March 12, 2025, fixing the procedures for inscription and removal from the national list of terrorist persons and entities and the effects resulting therefrom;
• COSOB Regulation No. 24-01 of 11 Moharram 1446, corresponding to July 17, 2024, relating to the prevention and fight against money laundering, terrorist financing, and the financing of the proliferation of weapons of mass destruction;
• COSOB Instruction No. 24-07 of November 21, 2024, carrying due diligence measures towards clients in the context of the prevention and fight against money laundering and the financing of the proliferation of weapons of mass destruction.

---

II- Definition: For the purpose of these guidelines, the following terms are understood as:

The Entities Subject to Obligations: Stock market intermediaries, securities custodians, collective investment schemes in securities, the Algiers Stock Exchange, the central depository (Algérie Clearing), venture capital companies, and managers of crowdfunding platforms;

Client: The natural or legal person who deals with the entity subject to obligations;

Occasional Client: The client who is not linked to the financial institution by a continuous business relationship.

Business Relationship: The relationship established between the Client and any financial institution, linked to any activity.

Beneficial Owner: The natural person(s) who, ultimately:

1. Own or control the client, the client's agent, or the beneficiary of life insurance contracts;
2. The natural person for whom a transaction is carried out or for whom a business relationship is concluded;
3. Persons who, ultimately, exercise effective control over the legal person.

Politically Exposed Person (PEP): Any Algerian, foreigner, elected or appointed official, who has exercised or exercises in Algeria or abroad high legislative, executive, administrative, or judicial functions, as well as senior officials of political parties, and persons who exercise or have exercised important functions within or on behalf of an international organization.

Financial Group: A group constituted by a parent company or another type of legal person holding majority shares and coordinating their functions with the rest of the group to apply or implement control over the group under fundamental principles, jointly with branches and/or subsidiaries subject to anti-money laundering and counter-terrorist financing policies and procedures at the group level.

Entities subject to obligations must comply with the duty of vigilance and, to this end, must implement a written program for the prevention, detection, and fight against money laundering, terrorist financing, and the financing of the proliferation of weapons of mass destruction. They must take into account the commercial dimension and risks associated with money laundering and terrorist financing, which include notably:

• Policies,
• Procedures,
• Internal control.

III. Due Diligence Measures to be Taken Before Establishing a Business Relationship or Executing Transactions

A. Identification of Clients and Their Representatives

• Verification and Confirmation: Entities subject to obligations must verify the identity of the client using a set of reliable official documents (such as national identity cards, passports, business registers, or commercial licenses). They must also verify the identity of the client's representatives or agents using official documents, such as legal powers of attorney.
• Control of Representatives: Entities subject to obligations must rigorously verify persons claiming to act on behalf of clients using independent verification means, such as commercial registers or verification of registered legal powers of attorney.

B. Defining the Purpose and Nature of the Relationship

• Data Analysis: Each client file must include a complete analysis of the purpose of the relationship (is it commercial, investment, or financial?) and expected activities. For example, if a client requests complex financial services, the purpose of this service must be investigated and financial intentions documented.
• Analysis of Future Activities: It is necessary to anticipate the type of transactions expected within the framework of the relationship (are they significant or periodic transactions?).

C. Handling Suspicious Information

• Independent Verification: In case of doubt regarding the accuracy or completeness of information provided by the client, independent investigations must be conducted using reliable means, such as banking data, updated information from financial authorities, or audits conducted by third parties.
• Preventive Measures: In case of persistent doubts after verification, enhanced measures may be taken, such as requesting additional documents or even suspending the business relationship until the situation is clarified.

D. Verification of Compliance of Operations with Legitimate Objectives

• Consultation of Sanctions Lists: Entities subject to obligations must put in place procedures to verify that clients do not appear on national or international sanctions lists related to money laundering, terrorist financing, or the proliferation of weapons of mass destruction.
• Periodic Verification: Names appearing on these lists must be verified regularly.

E. Measures in Case of Suspected Illegal Operations

• Suspension of Operations: In case of doubt regarding an operation related to money laundering, terrorist financing, or the proliferation of weapons of mass destruction, the subject entity must immediately suspend the operation and investigate it.
• Reporting of Suspicion: A suspicion report must be sent to the Financial Intelligence Unit and/or competent authorities in accordance with local laws.

F. Continuous Verification of Data

---

• Regular Updates: Entities subject to obligations must update client information regularly, taking into account the risks associated with each client.
• Frequency of Update: The update must be at least annual, but may be performed more frequently if significant changes occur in the client's activities or associated risks.

IV. Measures Necessary to Identify and Verify Client Identity

A. Basic Measures

• Collection of Detailed Information: It is necessary to collect all required information from the client (whether a natural or legal person) using a validated "Know Your Customer" (KYC) form.

B. Reports and Documents

• Verification of Document Authenticity: The verification of the authenticity of official documents provided by the client must be carried out, using technologies such as biometric analysis or digital verification tools to guarantee the accuracy of information.

V. Collection of Client Information Before Establishing the Relationship

A. Analysis of Information Before the Business Relationship

• Entities subject to obligations must analyze all available data (such as information on business activity, the client's financial situation, sources of funds) and ensure they comply with legal standards.
• Clients must be classified according to the risk level associated with their profile (low, medium, high) before establishing a business relationship.

B. Client Knowledge File

• A complete file must be established for each client, indicating their personal or legal information, the purpose and nature of the relationship, as well as the associated risk level.

VI. Due Diligence Measures for Remote Business Relationships

A. Remote Verification of Information

• Use of Advanced Technologies: The use of video verification, digital interviews, or biometric verification tools is essential to guarantee the accuracy of the client's identity.
• Analysis of Provided Data: It is necessary to compare data provided by the client with that available in public or private databases.

B. Interviews and Examinations

• Online Interviews: In case of doubt, direct interviews via visual communication platforms may be necessary.

---

VII. Updating Client Knowledge and Data

A. Periodic Review of Data

• Entities subject to obligations must update client information based on specific periods according to associated risks. Annual update is the minimum, but for high-risk clients, updates may be required more frequently.

B. Verification of Changes in the Relationship

• Information must be updated in case of modification of the business relationship, such as a change in ownership structure or the addition of new financial services.

VIII. Analysis of Updated Information and Reassessment of Risks

• After updating data, a complete reassessment of the client file must be performed to ensure that associated risks remain low or under control.

IX. Effective Internal Surveillance System for Continuous Verification Entities subject to obligations must put in place a robust internal surveillance system that ensures regular updating of information and integration of this data into approved systems.

X. Measures in Case of Difficulty in Updating

• If the entity cannot update a client's data, it must immediately close the account and inform competent authorities.
• Reporting Procedures: The entity must inform competent authorities, such as the Financial Intelligence Unit, and terminate the business relationship if necessary.

XI. Continuous Vigilance During the Business Relationship

A. Continuous Monitoring of Operations

• Operations carried out during the duration of the relationship must be monitored permanently and in an integrated manner.
• Continuous Review: Operations must be examined regularly, taking into account the updating of client information and adjustments to administrative policies based on risk assessments.
• Automated systems must be used to monitor suspicious or unusual operations.

B. Use of Technological Tools

• If operations are carried out online or remotely, automated systems must be used to quickly detect unusual operations.
• Surveillance tools must be based on reliable and updated information on clients to accurately identify non-compliant transactions.

---

XII. Establishment of Criteria for Atypical Operations

A. Clear Definition of Criteria

• Precise criteria must be established to identify atypical operations, such as high-value operations, complex operations, those carried out under exceptional circumstances, or those presenting economic ambiguities.
• Entities subject to obligations must apply flexible criteria to detect operations likely to be related to money laundering or terrorist financing.

B. Risk-Based Analysis

• Thresholds of significance must be adapted to the nature of the client and the working environment. For example, operations carried out in high-risk countries or zones must be monitored more closely.

XIII. Operation Surveillance System

A. Implementation of Automated Surveillance Systems

• An automated operation surveillance system is preferable, covering all financial activities of the entity, to quickly and effectively detect unusual operations.
• For simple or small-scale operations, manual systems may be used to reduce costs while ensuring surveillance effectiveness.

B. Continuous Review of the System

• The system must be reviewed periodically to evaluate its effectiveness, and the criteria used must be updated to reflect the evolution of business and risks.
• Alert Analysis: In case of detection of an unusual operation, the alert must be examined meticulously to determine if the operation is related to money laundering or terrorist financing.

XIV. Human Resources for Alert Analysis

• The entity must have specialized and well-trained personnel to analyze alerts generated by the operation surveillance system.
• These employees must have access to all necessary internal information to guarantee the effectiveness of the process.

XV. Application of Enhanced Measures for Business Relationships with High-Risk Countries

A. Implementation of Additional Measures for Clients from High-Risk Countries

• Entities subject to obligations must apply enhanced due diligence measures for clients from countries classified as high-risk regarding money laundering and terrorist financing.
• They must follow directives from competent authorities regarding the treatment of these countries, including the collection and analysis of additional data.

---

B. Enhanced Measures

• Risk countermeasures, such as requesting additional information on the client's business activities or conducting more thorough checks on financial transactions, must be applied.
• In-depth Audit: A thorough examination of financial flows must be conducted to identify any suspicious activity.

XVI. Legal Provisions

A. Verification of Foreign Legal Arrangements

• It is necessary to verify the details of legal arrangements such as trusts or foreign entities with complex structures.
• This requires the collection of specific documents concerning the organizational structure, persons controlling the arrangements, and beneficiaries.

B. Verification of Document Authenticity

• The authenticity of documents relating to legal arrangements must be verified using reliable documents, such as official registers or validated documents.

XVII. Strengthening Control of High-Risk Relationships

A. Strict Surveillance of High-Risk Clients

• Clients classified as high-risk must be subject to continuous surveillance, and additional data must be collected on their activities.

B. Management of High-Risk Operations:

• Large-scale operations or those carried out in high-risk geographical zones must be monitored specially.

XVIII. Application of Simplified Measures for Low-Risk Clients

A. Reduction of Due Diligence Level in Case of Low Risk:

• Entities subject to obligations must apply simplified measures when transactions or clients present low risk (for example, licensed financial institutions or publicly traded companies).

B. Clear Definition of Low-Risk Clients

• Clients belonging to specific sectors or countries with effective anti-money laundering systems must be classified as low-risk.

XIX. Document Retention

A. Retention Period:

• Entities subject to obligations must retain documents relating to due diligence measures and transactions executed for at least five years after the closure of the account or the end of the business relationship.

---

B. Quick Access to Documents:

• Documents must be easily accessible by competent authorities when needed, while guaranteeing the confidentiality and security of data.

C. Secure Retention of Records:

• Entities subject to obligations must retain archives securely, including backup copies of data stored in safe locations.

D. Maintenance of Accurate Records:

• Records must be sufficiently detailed to clearly reconstruct transactions if requested by authorities.

XX. Final Provisions

It is essential that procedures relating to appropriate due diligence measures are clear and precise at all levels for entities subject to these rules, in order to ensure effective compliance and avoid any sanction or legal measure in case of non-compliance.