COSOB Guidelines No. 01-2025 of October 22, 2025, on Procedures for Identifying and Verifying Beneficial Owners (Version 0.2)

Page 1 of 25 People's Democratic Republic of Algeria Guidelines No. 2025/01 Dated October 22, 2025 Relating to procedures for the identification and verification of beneficial owners Version 0.2 October 2025 Commission for the Organization and Supervision of Stock Exchange Operations Commission d’Organisation et de Surveillance des Opérations de Bourse – COSOB -

Page 2 of 25 Introduction These guidelines were prepared within the framework of the COSOB's awareness-raising activities, aimed at enhancing the knowledge of regulated entities of the applicable legal and regulatory provisions regarding the identification and verification of beneficial owners. They provide practical guidance on the procedures for identifying the beneficial owner, particularly by determining those who directly or indirectly own or control the client or his agent, or who exercise effective control over the institution or the transaction, or on whose behalf a transaction is carried out. This framework aims to enhance the ability of regulated entities to align their practices with international standards. These guidelines are primarily based on Recommendation 24 of the Financial Action Task Force (FATF) and Recommendation 10, which deal with customer due diligence for legal persons and arrangements, transparency of beneficial owners of legal persons, and transparency of beneficial ownership of legal arrangements.

Legal and Regulatory References: First • Ordinance No. 66-156 dated June 8, 1966, containing the Penal Code, as amended and supplemented. • Decree No. 93-10 dated May 23, 1993, relating to the Stock Exchange, as amended and supplemented. • Law No. 01-05 dated February 6, 2005, relating to the prevention and fight against money laundering and terrorist financing, as amended and supplemented. • Executive Decree No. 23-429 dated November 29, 2023, relating to the public register of beneficial owners of legal persons subject to Algerian law. • Executive Decree No. 25-101 dated March 12, 2025, relating to procedures for freezing and/or seizing funds. • Executive Decree No. 25-102 dated March 12, 2025, determining the composition, organization, and functioning of the Committee for the Follow-up of Targeted International Sanctions. • Executive Decree No. 25-103 dated March 12, 2025, determining the procedures for inclusion and removal from the National List of Persons and Entities involved in Terrorism. • COSOB Regulation No. 01-24 dated 11 Muharram 1446 corresponding to July 17, 2024, relating to the prevention and fight against money laundering, terrorist financing, and the financing of proliferation of weapons of mass destruction. • COSOB Instruction No. 07-24 dated November 21, 2024, containing the framework for the prevention of money laundering, terrorist financing, and the financing of proliferation of weapons of mass destruction, including customer due diligence measures.

Page 3 of 25 Second: Importance of the Concept of Beneficial Owner The identification and verification of the beneficial owner aims to identify the natural person or persons who ultimately own or control the client or his agent, or on whose behalf a transaction is carried out, and/or the natural person who ultimately exercises effective control over the client. It also includes persons who exercise effective control over the client. This allows for appropriate and effective monitoring to make decisions commensurate with the money laundering, terrorist financing, and financing of proliferation of weapons of mass destruction risks associated with clients and beneficial owners. This procedure also aims to collect accurate information and make it available to competent authorities to prevent and combat these illegal activities, and to apply sanctions provided for in applicable regulations when necessary.

Third: Importance of Information Regarding Beneficial Owners for the Prevention of Money Laundering, Terrorist Financing, and Financing of Proliferation of Weapons of Mass Destruction The absence of accurate and correct information about beneficial owners facilitates money laundering, terrorist financing, and financing of proliferation of weapons of mass destruction through the following means: • Concealing the identity of criminals or suspects; • Concealing the purpose of the account (or instrument) or the ownership of a legal person; • Concealing the source or destination of funds or assets associated with a legal person; • Use of nominees to conceal the beneficial owner by claiming to be legitimate owners of assets or accounts; • Shell companies: Used as a means to pass transactions without owning assets or conducting commercial activities, even if officially registered; • Complex ownership and control structures: Make it difficult to identify the beneficial owner, especially when there are multiple levels of ownership held in the name of other legal persons; • Shares or subscription warrants held by a person holding a share or subscription warrant bearer certificate: The person holding the certificate is presumed to be the owner unless proven otherwise; • Use of legal persons as administrators; • Nominal shareholders: Persons who own or hold shares on behalf of others, which may be formal if allowed by the country's regulations, or informal, when the identity of the actual shareholders or family members is not disclosed; • Use of intermediaries such as lawyers or corporate service providers to conceal their true identities and obscure money flows.

Criminals and criminal groups often exploit legal persons to conceal illegal activities, facilitate money laundering, terrorist financing, and financing of proliferation of weapons of mass destruction. These actors often resort to complex ownership and control structures, making it difficult to trace and identify the beneficial owner who ultimately controls the legal entity. The difficulty increases when these entities are established in multiple and diverse jurisdictions. In this context, the importance of accurately identifying beneficial owners is crucial at both the national and international levels. This procedure allows regulated entities to apply effective anti-money laundering, terrorist financing, and financing of proliferation of weapons of mass destruction measures, and to enhance transparency and traceability of beneficial owner information appropriately, through a risk-based approach that is logical and reasonable. This enables institutions to significantly enhance their capacity to combat these illegal activities.

Note: Under certain commercial laws, it may happen that the legal forms of legal persons are not explicitly mentioned in the law as partners or beneficial owners. In such cases, due diligence procedures must be applied to alternative structures. It is important to consider that such structures may be used to conceal beneficial owners or circumvent regulatory obligations. Regulated entities must identify and monitor risk indicators associated with complex structures, such as offshore institutions, complex structures, or lack of transparency regarding capital flows. They must also establish clear procedures for collecting and verifying information regarding beneficial owners, including strict reporting obligations.

Page 4 of 25 Fourth: Definitions • Legal Persons: These include: • The State, Wilayas, Municipalities; • Public administrative institutions; • Commercial and civil companies; • Associations and foundations; • Waqfs; • Any grouping of persons or assets having legal personality under the law. • Regulated Entities: These include securities brokers, employment bodies, account custodians, intermediaries in stock exchange operations, investment fund managers, securities platforms, investment financing companies, and crowdfunding platforms. • Beneficial Owners: The term beneficial owner refers to the natural person or persons who, ultimately and directly or indirectly:

1. Own or exercise effective control over the client or the client's agent, or the beneficiaries of life insurance or investment contracts; and/or
2. On whose behalf a transaction or activity is carried out;
3. Exercise effective control over a legal person or arrangement under the law. In the absence of beneficial owners meeting the above criteria, the senior managing official may be identified as the beneficial owner, provided that the regulated entity is able to take investigative measures to identify the actual beneficial owner. • Ownership or Control: Direct or indirect ownership by a natural person or persons of a share equal to or exceeding 20% of the capital or voting rights, and exercising, by any means, actual or legal control over the management bodies, the general assembly, or the functioning of the legal person. • Client: • Any person or entity conducting business relations with the Regulated Entity; • Any person or entity conducting occasional transactions exceeding the threshold specified in Article 15 of Regulation No. 01-24, whether executed in a single transaction or multiple transactions appearing to be linked; • Any person conducting occasional transactions in the form of electronic transfers exceeding the threshold specified in Article 22 of Instruction No. 07-24, or multiple transactions below this threshold but appearing to be linked.

Fifth: Identification of the Beneficial Owner Identification of the beneficial owner refers to identifying the natural person or persons who directly or indirectly control the client or benefit from a transaction. This includes the following procedures: • Assessing the ownership and control structure of the client (legal person), as well as agents or beneficiaries of life insurance contracts; • Analyzing transactions carried out and business relationships behind these entities to identify the individuals exercising control; • Verifying control mechanisms over legal persons. This approach aims to ensure transparency and prevent any attempt to conceal identities within business relationships.

5-1. Identification of Beneficial Owners Identifying natural persons who directly or indirectly own or control a legal person involves determining, in accordance with applicable regulations, a shareholding percentage of 20% of the capital or voting rights as sufficient to identify the beneficial owner. If no person owns at least 20% of the ownership, the management and governance structure must be analyzed to identify persons exercising effective control.

5-2. Control through Ownership Structure and Other Means Regulated entities must understand the ownership structure of legal persons and identify their beneficial owners. 5-2-1. Tracking Indirect Ownership and Control Regulated entities must examine cases where ownership or control is exercised indirectly through a third-party company, intermediary, or complex holding mechanisms (such as other entities within the ownership structure). If control is fragmented among several natural or legal persons, the natural person or persons who ultimately exercise effective control over the legal person must be identified.

Page 5 of 25 Complex Cases: Identifying Beyond Ownership Percentage If no individual owns at least 20% of ownership, the Regulated Entity must analyze control mechanisms more deeply, such as: • Contracts, agreements, or decisions having significant influence on the strategic decision-making of the legal person; • Members of the board of directors or managers who have the power to appoint or dismiss management members; • Natural persons exercising control through family ties or close personal relationships; • The ability to block important decisions of the legal person; • The right to receive at least 20% of assets upon the dissolution of the legal person.

5-2-2. Family Companies and Partnerships For family structures or partnerships, the Regulated Entity must take into account implicit agreements between family members or partners who exercise significant control, even if none of them individually owns more than 20% of the legal person. In this case, the Regulated Entity must aggregate their shares to identify the beneficial owner.

5-2-3. Control through Management, Supervisory Bodies, or General Assembly In some cases, it is impossible to identify a beneficial owner solely through the ownership structure. In this case, the Regulated Entity must resort to natural persons who exercise effective control over management, supervisory bodies, or governance bodies, such as: • Executive Directors (such as the CEO, General Managers...) who define strategic directions or make fundamental decisions for the legal person; • Persons exercising executive control over the daily activities of the legal person and who can influence the management and basic operations of the entity; • Supervisory Board members who exercise effective control over management, approve strategic decisions, or can block certain important management decisions; • General Assembly members, especially when they have the power to make or monitor key decisions, such as approving accounts, appointing managers, or amending the statutes.

5-2-4. Persons Acting on Behalf of the Client When a person acts on behalf of the client, it must be verified whether they are acting for their own account or for a third party. In the latter case, the identity of the beneficial owner must be clarified. Beneficial owners are also natural persons who carry out a transaction or activity in their name, whether the client is a natural person or a legal person.

5-2-5. Identification of Beneficial Owners for Non-Profit Organizations In accordance with FATF guidelines, it is necessary to identify the beneficial owner of a non-profit organization clearly. This definition includes any individual who has the ability to direct or influence control, ownership, or other means of control. In this context, if the organization does not generate profits, the ownership structure of the organization must be considered as a legal entity. The Regulated Entity must identify natural persons who exercise significant influence on its activities, such as preventing strategic decisions, or through their management roles, board members, or founders. When an organization has a large number of members, making it difficult to identify beneficial owners, the Regulated Entity must identify senior officials, such as board members or the General Manager, as beneficial owners. This not only enhances transparency within the organization but also facilitates the fight against illegal activities such as money laundering, terrorist financing, and financing of proliferation of weapons of mass destruction. In summary, identifying beneficial owners requires a precise and methodical approach to the specifics of non-profit organizations to ensure a clear understanding of money flows and control relationships within these structures. This procedure enhances the ability of competent authorities to monitor and prevent potential exploitation, especially in cases of high money laundering and terrorist financing risks.

5-2-6. Identification and Verification of Beneficial Owners for Foreign Legal Arrangements, Including Trusts The term "trust" refers to any non-regulated entity under applicable laws, including laws, under the control of another person or under a contract or agreement whereby a person places assets under the control of a trustee for a specific purpose or to achieve a specific objective, with the intention of managing them for the benefit of a specific beneficiary, and transferring control of these movable assets to the person who manages or controls them, without them becoming part of the trustee's estate. Before entering into any occasional business relationship or executing any transaction, including with non-resident legal arrangements or similar structures such as trusts or other foreign legal arrangements, the Regulated Entity must collect the following information: • Full name of the entity; • Country of origin, and founding documents, or any official registration document in the country of origin, including its statutes; • Identity of the Settlor, Trustee, Protector, Beneficiaries or class of beneficiaries, as well as any other natural person exercising effective control over the structure, including control/ownership; • Identity of the ultimate beneficial owners of the entity, including any natural person who owns or controls shares or any other legal instrument; • Powers granted to the persons concerned, as well as names and roles of persons holding administrative or management positions; • Nature and expected purpose of the entity, as well as methods of its management, including the objectives it seeks to achieve, and any information on how decisions are made; • Data related to income and expenses of the commercial movements that will be entrusted to the Regulated Entity, and sources of these movements when necessary; • Registered address, as well as the address of one of the main sites of activity, and the place of residence of the entity's representative, if different; • Additional documents necessary to identify the control/ownership chain, especially when the control structure is complex and involves multiple intermediaries or jurisdictions.

Page 6 of 25 The Regulated Entity must verify the aforementioned information using any document constituting evidence, and retain a copy. Furthermore, the Regulated Entity must take the following measures to identify and verify the beneficial owners of trusts or other foreign legal arrangements: • Collect complete information allowing the identification of every beneficial owner exercising economic, financial, or managerial control over the entity, as well as those who directly or indirectly own shares; • Request additional information on the nature and scope of participation of each beneficial owner, including ownership rights or control/influence exercised, whether direct or indirect; • Verify the identity of each beneficial owner relying on reliable and independent documents, such as official registers, notarized documents, or any other certified document; • Ensure that information regarding beneficial owners is updated regularly, especially in case of significant changes in control or ownership of the entity; • Retain a copy of all documents and information related to beneficial owners; • Identify and verify the identities of beneficial owners to achieve a high degree of diligence, and apply any other measures required.

When the business relationship takes the form of a legal arrangement or trust, the Regulated Entity must identify all parties, including the Settlor (if any), Trustee, and Beneficiaries or class of beneficiaries, taking into account the specifics of trust structures: • The Settlor or person exercising control may differ from the actual Beneficiary; • Some countries' laws allow the same person to be both an agent and a beneficiary at the same time; • Transfer of ownership contracts may affect control of the trust and include provisions granting specific powers to manage the trust. For other types of legal arrangements, the Regulated Entity must identify individuals holding similar or equivalent functions to determine beneficial owners in accordance with due diligence requirements.

5-3. Identification of Beneficial Owners for Natural Person Clients When the client is a natural person, the Regulated Entity must verify their identity by collecting information such as ID card, passport, residence address, source of funds, and wealth, from reliable and independent sources. They must also examine whether other persons exercise influence over the client through powers of attorney, guardianships, or financial accounts, especially nominees. The Regulated Entity must analyze the nature of the relationship with the client to reveal any third parties involved or influencing, especially if the client is associated with politically exposed persons.

5-3. Data to be Collected Regarding the Beneficial Owner The Regulated Entity must collect and verify the following information for each beneficial owner, as a minimum: • Full Name: Must be accompanied by an official document such as a national ID card, passport, or foreign residence card; • Nationalities: Declaration of the beneficial owner's nationality; • Date and Place of Birth: This information must match official identity documents; • Residence Address: Must include permanent address and proof of residence status; • ID Card or Passport; • National Identification Number: Entry of the National ID Number; • Date of Issue and Expiry: For any official document; • Profession and Position: Information regarding the beneficial owner's role within the entity; • Contact Means: Phone numbers and other contact means; • Country of Residence: Determination of the beneficial owner's country of residence; • Ownership Data: Percentage of share owned and voting rights; • Reasons and Means of Control: Clarification of the means by which the beneficial owner exercises control over the legal person; • Intermediaries: Details of persons acting as intermediaries between the beneficial owner and the legal person, and documents necessary to prove these relationships.

Page 7 of 25 Sixth: Risk-Based Approach Law No. 01-05 dated February 6, 2005, relating to the prevention and fight against money laundering and terrorist financing, as amended and supplemented, and Regulation No. 01-24 dated 11 Muharram 1446 corresponding to July 17, 2024, relating to the prevention and fight against money laundering, terrorist financing, and financing of proliferation of weapons of mass destruction, mandate the adoption of a risk-based approach when assessing clients and their beneficial owners. This is mandatory, regardless of the risk level associated with the client. Processing different types of clients (such as legal persons) involves risks different from those associated with natural persons, due to the complexity of ownership structures and the potential for lack of transparency.

6-1. Risk Assessment by Client Type Regulated entities must take into account the money laundering and terrorist financing risks associated with different types of clients. Clients constituted as legal persons may pose different risks due to their potential complex structures, compared to natural persons. It is essential to identify risks resulting from the ownership structure associated with clients and their beneficial owners.

6-2. Risk Assessment Process The risk assessment process must include the following: • Ownership Identification: Ensuring that the entity has clear policies and procedures for identifying ownership and control structure; • Risk Evaluation: Effectively assessing money laundering and terrorist financing risks for clients, taking into account risk assessment results, including legal aspects.

6-3. Due Diligence Procedures for Identifying Beneficial Owners The risk-based approach allows some flexibility in identifying beneficial owners, using data from reliable and independent sources. If the risk assessment reveals high risks, or if the beneficial owner is a politically exposed person, enhanced due diligence measures must be taken. For low-risk cases, simplified due diligence measures may be applied, in accordance with Regulation No. 01-24 dated July 17, 2024, mentioned above. After assessing client risks, the Regulated Entity must apply appropriate due diligence measures, which can be: • Simplified: For low-risk clients. • Enhanced: For high-risk clients, in accordance with Regulation No. 01-24 dated July 17, 2024, mentioned above.

6-4. Enhanced Due Diligence Measures In case of high risks, the Regulated Entity is required to take enhanced due diligence measures towards clients and beneficial owners who are exposed to high risks of money laundering, terrorist financing, or financing of proliferation of weapons of mass destruction. These measures include the following: • Identifying high risks based on national or sectoral assessments or "Know Your Customer" (KYC) analysis; • Taking into account politically exposed persons, persons associated with high-risk countries, and non-residents; • In-depth examination of the country of origin, residence, or activity of the beneficial owner; • Evaluating the products and services provided to the client, as well as the nature and distribution channels used. These enhanced measures may include the following: • Obtaining additional information about the client, and when necessary, about the beneficial owner(s) and/or the nature of the intended business relationship; • Obtaining additional information on the source of funds and wealth; • Applying enhanced monitoring of the business relationship by increasing the number and frequency of controls implemented; • Obtaining approval from the General Management or Board of Directors before establishing or continuing the business relationship. High-risk business relationships must be closely monitored, and any violation or suspicion must be documented and analyzed in real-time.

6-5. Reduction of Monitoring Frequency and Continuous Verification of Operations Regulated entities may, under certain conditions, reduce the frequency of monitoring when it is established that risks are low, provided that they remain vigilant for any new threat appearing during the process and take appropriate measures. In other words, monitoring must be commensurate with the risk level posed by the client or beneficial owner. This must be done while ensuring compliance with applicable regulations. The Regulated Entity is required to have appropriate internal procedures ensuring continuous monitoring throughout the duration of the business relationship.

Page 8 of 25 In reality, the lack of collection of specific information regarding the nature and purpose of the business relationship may lead to risks. This applies to both existing and new relationships. Therefore, it is essential to verify all information correctly, especially regarding clients and beneficial owners.

Seventh: Verification Procedures for Information The Regulated Entity must verify information for all clients and beneficial owners when completing the "Know Your Customer" (KYC) form, before and during the establishment of the business relationship, or when executing transactions for occasional clients. When money laundering, terrorist financing, or financing of proliferation of weapons of mass destruction risks appear low, the Regulated Entity may complete the verification of the client's identity, and when necessary, the beneficial owner(s)' identity, after establishing the business relationship, provided that the following are ensured: • The earliest possible... [Text ends here]