Resolution No. JPRF-V-2022-024: Update of the Anti-Money Laundering Standard with a Risk-Based Approach for the Securities Sector

Resolution No. JPRF-V-2022-024 Page 1 of 31

---

Resolution No. JPRF-V-2022-024 THE FINANCIAL POLICY AND REGULATION BOARD CONSIDERING: That Article 13 of the Organic Code of Monetary and Financial Law, Book I, creates the Financial Policy and Regulation Board, part of the Executive Function, responsible for formulating credit, financial, securities, insurance, and prepaid comprehensive health care service policy and regulation; That numbers 2 and 3 of Article 14 of the Organic Code of Monetary and Financial Law, Book I, state that the Financial Policy and Regulation Board will issue regulations for the national financial system, securities, insurance, and prepaid comprehensive health care services; That the Organic Code of Monetary and Financial Law, Book I, Article 14.1, number 15, literal a), establishes as functions of the Financial Policy and Regulation Board, to establish within the framework of its competencies any measure that helps prevent and seek to eradicate fraudulent practices, including money laundering, the financing of crimes such as terrorism, considering current and applicable international standards; That the unnumbered Article incorporated immediately after Article 6 of the Organic Code of Monetary and Financial Law, Book I, titled "International Best Practices" states that bodies with regulatory, normative, or control capacity will seek to adopt as a reference framework the international technical standards related to the scope of their competence for the issuance of regulations and for the exercise of their functions, strictly adhering to the normative hierarchy established in the Constitution of the Republic of Ecuador; That through the Organic Law on Prevention, Detection, and Eradication of the Crime of Money Laundering and Financing of Crimes, measures are instituted to prevent illegal money or money acquired outside the law from consolidating in the national economy; it determines functions, duties, and responsibilities both for public institutions and for obligated subjects to report; That through Executive Decree No. 1331 of February 24, 2017, the General Regulation to the Organic Law on Prevention, Detection, and Eradication of the Crime of Money Laundering and Financing of Crimes was issued, whose object is the strengthening of the prevention, detection, and eradication of money laundering and the financing of crimes, in its different modalities, reinforcing the operational capacities of obligated subjects to inform and of control bodies, through the implementation of effective policies, procedures, and mechanisms, aimed at remedying the vulnerabilities identified within the framework of the risk diagnosis, contributing in turn to the stability of the economic and financial system, the fight against these crimes, and organized crime; That the Republic of Ecuador is a member of the Financial Action Task Force (FATF), being a commitment of the Ecuadorian State to have a system to prevent money laundering and terrorist financing that complies with international standards, particularly those established in the forty (40) Recommendations made by the FATF, among which stands out the presence of an adequate legal and institutional framework, and the issuance of supervisory regulations that establish preventive due diligence controls by the economic sectors; That it is necessary to update the regulations to prevent money laundering and terrorist financing that govern the securities system, based on the FATF Recommendations and its interpretative notes; and to define the policies, procedures, mechanisms, and methodology with a risk-based approach to be implemented by obligated subjects, in accordance with the international standards of the Risk Prevention System, in concordance with Article 5 of the General Regulation to the Organic Law on Prevention, Detection, and Eradication of the Crime of Money Laundering and Financing of Crimes; That the penultimate paragraph of Article 14.1 of the Organic Code of Monetary and Financial Law, Book I, establishes that the Superintendent of Companies, Securities, and Insurance may propose regulation projects for consideration by the Financial Policy and Regulation Board, with the backing of the respective technical reports;

Resolution No. JPRF-V-2022-024 Page 2 of 31

---

That in compliance with this, the Superintendent of Companies, Securities, and Insurance through Letters Nos. SCVS-INMV-DNFCDN-2022-00017156-O and SCVS-INMV-DNFCDN-2022-00018365-O, dated March 17 and 23, 2022, respectively, sent to the Financial Policy and Regulation Board the technical report, legal report, and annexes that support the proposed resolution project, which contains the reform to Chapter I "Norms to prevent money laundering and the financing of terrorism and other crimes in stock exchanges, securities firms, and fund and trust administrators" of Title XXI "General Provisions", of Book II of the Codification of Monetary, Financial, Securities, and Insurance Resolutions, in order to adapt the money laundering prevention standards in the securities sector to international standards, particularly to the forty (40) recommendations issued by the Financial Action Task Force (FATF); That the Financial Policy and Regulation Board, in an extraordinary session held on April 8, 2022, reviewed the technical report, legal report, and annexes that support the resolution project sent by the Superintendent of Companies, Securities, and Insurance; as well as Technical Report No. JPRF-CT-2022-0020 of April 7, 2022, Legal Report No. JPRF-CJ-2022-0019 of the same date, issued by the Technical Coordination and the Legal Coordination of the aforementioned Board, respectively, and the respective resolution project; and considers it necessary to reform Chapter I "Norms to prevent money laundering and the financing of terrorism and other crimes in stock exchanges, securities firms, and fund and trust administrators" of Title XXI "General Provisions", of Book II of the Codification of Monetary, Financial, Securities, and Insurance Resolutions; and, In exercise of the powers enshrined in the law, RESOLVES: SINGLE ARTICLE: ENTIRELY SUBSTITUTE in Chapter I "Norms to prevent money laundering and the financing of terrorism and other crimes in stock exchanges, securities firms, and fund and trust administrators" of Title XXI "General Provisions", of Book II of the Codification of Monetary, Financial, Securities, and Insurance Resolutions, with the following text:

"TITLE XXI. GENERAL PROVISIONS Chapter I. NORMS TO PREVENT MONEY LAUNDERING AND THE FINANCING OF TERRORISM AND OTHER CRIMES IN PARTICIPANTS OF THE SECURITIES MARKET. SECTION I OBJECT, SCOPE, AND DEFINITIONS ARTICLE 1.- Object.- This Norm has as its object to regulate the policies and procedures to prevent money laundering, terrorist financing, and other crimes, which obligated subjects in the securities market under the surveillance, audit, control, and supervision of the Superintendent of Companies, Securities, and Insurance (SCVS) must observe. ARTICLE 2.- Scope.- This Norm is applicable nationally to obligated subjects under the supervision and control of the Superintendent of Companies, Securities, and Insurance. This Norm does not include non-financial companies of the purely corporate sector under supervision, surveillance, and control of the Superintendent of Companies, Securities, and Insurance, nor insurance companies, reinsurance companies, or prepaid medicine. Also excluded are financial entities of the public and private sectors, and entities of the popular and solidarity financial sector. ARTICLE 3.- Obligated Subjects.- For the purposes of this Norm, obligated subjects are defined as companies under surveillance, audit, control, and supervision of the Superintendent of Companies, Securities, and Insurance, within the scope of the securities market, including stock exchanges, securities firms, and fund and trust administrators. The Financial and Economic Analysis Unit (UAFE) may, within its functions established in the Organic Law on Prevention, Detection, and Eradication of the Crime of Money Laundering and Financing of Crimes, incorporate new obligated subjects that are immersed in the securities market,

Resolution No. JPRF-V-2022-024 Page 3 of 31

---

considering the results of the National Risk Assessment (NRA); or, in light of the Ecuadorian State's public interest in the matter of the securities market. The obligated subject will lose this status when it falls within the following parameters: a) When legal entities have completed their transformation, merger, spin-off; or concluded the dissolution and liquidation process with the respective registration in the Commercial Registry and the Public Cataster of the Securities Market; or, b) By change of activity. For this effect, they must present the reform of the social statute, where the activities that convert them into obligated subjects to report do not appear, and update their activity in the SCVS, through the Updated Single Taxpayer Registry (RUC) before the Internal Revenue Service. When the obligated subject is in one of the aforementioned conditions, it must notify such condition to the UAFE within five (5) days, requesting the inactivation of the assigned registration code. Once the aforementioned inactivation is obtained, within five (5) days it must notify it to the SCVS. ARTICLE 4.- Responsibility of Obligated Subjects.- Obligated subjects must have policies and procedures to prevent money laundering, terrorist financing, and other crimes in accordance with what is established in this Chapter; and, adopt appropriate and sufficient prevention and control measures, oriented to prevent that, in the performance of their activities, they may be used as an instrument to commit the crime of money laundering and/or the crime of terrorist financing and other crimes. Prevention measures will cover all kinds of products or services, regardless of whether the respective transaction is carried out. ARTICLE 5.- Definitions. - For the purposes of this Norm, the following definitions will be considered: ASSETS: Are goods; financial assets; properties of all kinds, tangible or intangible; movable or immovable, regardless of how they were obtained; and documents or legal instruments, whatever their form, including electronic or digital, that accredit ownership or other rights over said goods. ECONOMIC ACTIVITY: Any activity of an entrepreneurial, professional, or individual nature, which implies the coordination on one's own account of the means of production, human resources, or both, with the purpose of intervening in the production or distribution of products or services. FUND AND TRUST ADMINISTRATORS: Are anonymous societies whose corporate object is limited to: a) Managing investment funds; b) Managing fiduciary businesses, defined in the Law; c) Acting as issuers of securitization processes; and, d) Representing international investment funds. BENEFICIAL OWNER: Are natural persons identified as the final owners or recipients of resources, products, or services of an operation or transaction, without necessarily having the status of direct clients, or those who have the final control of a client and/or the person in whose name the operation or transaction is carried out. It also includes those persons who exercise effective control over a legal entity, company, business, or contract, or who are authorized to dispose of them. STOCK EXCHANGE: Are anonymous societies, whose sole corporate object is to provide the services and mechanisms required for the negotiation of securities. They may carry out other related activities that are necessary for the adequate development of the securities market, which will be previously authorized by the Financial Policy and Regulation Board.

Resolution No. JPRF-V-2022-024 Page 4 of 31

---

SECURITIES FIRM: Is the anonymous company authorized and controlled by the Superintendent of Companies, Securities, and Insurance to exercise securities intermediation, whose sole corporate object is the performance of the activities established in the Securities Market Law. CATEGORY: Is the level at which controlled entities place a client based on the risk they represent. CLIENT: Is the natural or legal person, with whom the obligated subject establishes an occasional or permanent contractual, economic, or commercial relationship. OCCASIONAL CLIENT: Is the natural or legal person, who establishes once or sporadically, contractual, economic, or commercial relationships with the obligated subject. PERMANENT CLIENT: Is the person, natural or legal, who habitually establishes contractual, economic, or commercial relationships, with the obligated subject. DUE DILIGENCE: Is the set of policies, processes, and procedures that the obligated subject applies to avoid being used as a means for the commission of the crime of money laundering, terrorist financing, and other crimes, for the knowledge of internal and external clients, and which are the procedures of Know Your Customer; Know Your Employee, Partner/Shareholder; Know Your Market; Know Your Correspondent; and Know Your Supplier, without these being the only ones, as according to its need and risk it can implement others. It comprises the collection, verification, and updating of information, determination of the client's risk profile, detection of unusual, unjustified, or suspicious operations, and management of internal and external reports. EXPANDED OR REINFORCED DUE DILIGENCE: Is the set of policies, control measures, and procedures more rigorous, exhaustive, and reasonably designed, that the obligated subject must apply to internal and external clients based on their greater exposure to risk. SIMPLIFIED DUE DILIGENCE: Is the set of policies, control measures, and procedures less rigorous that the obligated subject applies to internal and external clients when it has identified a low risk of exposure to the crime of money laundering, terrorist financing, and other crimes. RISK-BASED APPROACH (RBA): Is a methodology to carry out an assessment that allows identifying, measuring, or evaluating, controlling, and monitoring the money laundering, terrorist financing, and other crimes risks to which obligated subjects are exposed, and which derive from the products, services, practices, or technologies with which they operate, thus reducing the possibility that these are used as an instrument for the concealment or legalization of assets resulting from money laundering, terrorist financing, and other crimes, considering at least: clients or users, countries and geographic areas, products, services, transactions, and sending channels, linked to the operations of the subjects. RISK FACTORS: Are the elements generating risk that allow evaluating the particular circumstances and characteristics, such as: client profile, type of products and services, characteristics of the transaction, transactional channel; and, jurisdiction where the transaction is carried out, in order to analyze the risk transversally. TERRORIST FINANCING: Activity by which any person deliberately provides or collects funds or resources by any means, directly or indirectly, with the intention that they be used or knowing that they will be used to finance, in whole or in part, the commission of the crimes of terrorism. FINANCING OF CRIMES: Activity by which any person deliberately provides or collects funds or resources by any means, directly or indirectly, with the illicit intention that they be used or knowing that they will be used, in whole or in part, for the commission of crimes. MONEY LAUNDERING: Is the crime committed by a natural or legal person, when directly or indirectly: has, acquires, transfers, possesses, administers, uses, maintains, safeguards, delivers, transports, converts, or benefits in any way, from assets of illicit origin; conceals, disguises, or prevents the real determination of the nature, origin, provenance, or link of assets of illicit origin; provides their name or that of the society or company, of which they are a partner or shareholder, for the commission of the crimes typified

Resolution No. JPRF-V-2022-024 Page 5 of 31

---

in the Law; organizes, manages, advises, participates in, or finances the commission of the crimes typified in the Law; performs, by themselves or through third parties, financial or economic operations and transactions, with the objective of giving an appearance of legality to money laundering activities; enters or exits money of illicit origin through the country's steps and bridges. LAW: When the word Law is mentioned in this Norm, it refers to the Organic Law on Prevention, Detection, and Eradication of the Crime of Money Laundering and Financing of Crimes, unless the context infers that another Law is being referred to. RISK MATRIX: Is a control and management tool, which through the identification and measurement of risk events associated with the business lines and processes of the entity and related to money laundering, terrorist financing, and other crimes, allows determining the inherent risk and implementing the controls and due diligence actions that correspond, leaving as a result the residual risk. METHODOLOGIES: Constitutes the way in which each of the procedures that obligated subjects must use are defined and treated. It is the succession of logical steps, documented, linked together by a verifiable, checkable, operational, and reliable purpose that, based on their clients, products, and services, channels, and jurisdiction, among others, the companies must use to develop and evaluate the AML/CFT Prevention System, identifying clients and their risks, establishing the client's risk profile, applying processes of detecting unusualness, and managing reports. COMPLIANCE OFFICER: Is the employee of the obligated subject, responsible for promoting and developing the specific policies, controls, and procedures for prevention, updating, and mitigation of the risk of money laundering, terrorist financing, and other crimes. OWN OPERATIONS: Are those operations or transactions that shareholders, partners, or directors of the company carry out among themselves, as well as those carried out between related companies or that maintain a parent-subsidiary relationship and imply movements of monetary resources or possession of movable and immovable goods. UNUSUAL AND UNJUSTIFIED OPERATION: Are economic movements, carried out by natural or legal persons, that do not correspond to the economic and financial profile that they have maintained in the reporting entity and that cannot be substantiated. SUSPICIOUS OPERATION: Is the Unusual Operation that, in addition, according to the usages and customs of the activity in question, has not been reasonably justified. ATTEMPTED OPERATION: Is the operation in which a natural or legal person has the intention to carry out a suspicious operation, but this is not perfected because the person intending to carry it out desists, or because the established or defined controls have not allowed them to carry it out. TAX HAVENS: Are territories of low or no taxation that, through specific internal norms, guarantee the opacity of transactions, with the absolute absence of records, formalities, and controls, and that have been classified as such by the Internal Revenue Service; in the case of the Global Forum, countries are classified as collaborating or non-collaborating. CLIENT PROFILE: Are the own and habitual characteristics of the subject of analysis, associated with their general information and with the mode of use of the services and products offered by the company. RISK PROFILE: Is the risk condition presented by the client both by their behavior and by their transactionality, which could expose the entity to the occurrence of events with implications in money laundering and financing of crimes, such as terrorism. POLITICALLY EXPOSED PERSONS (PEP): Are all those natural persons, national or foreign, who perform or have performed prominent public functions in the country or abroad on behalf of the country, their family members, and close collaborators. In Ecuador, they are categorized in the General Regulation to the Organic Law on Prevention, Detection, and Eradication of the Crime of Money Laundering and Financing of Crimes.

Resolution No. JPRF-V-2022-024 Page 6 of 31

---

MONEY LAUNDERING, TERRORIST FINANCING, AND OTHER CRIMES RISK: Is the possibility of loss or damage that an obligated subject may suffer due to its exposure to being used directly or through its operations as an instrument for money laundering and/or channeling resources towards the realization of criminal activities including terrorism, or when the concealment of assets coming from said activities is sought. CONTAGION RISK: Possibility of loss that an obligated subject may suffer, directly or indirectly, by an action or experience of a third party. LEGAL RISK: Is the possibility that a company suffers direct or indirect losses, that its assets are exposed to situations of greater vulnerability; that its liabilities and contingencies may be increased beyond expected levels or that the development of its operations faces the possibility of being negatively affected, due to error, negligence, incompetence, imprudence, or fraud, which derive from the incorrect non-observance or untimely application of legal or normative provisions, as well as general or particular instructions emanating from control bodies within their respective competencies; or, in adverse jurisdictional or administrative sentences or resolutions; or, from the poor drafting, formalization, or execution of acts, contracts, or transactions, including those different from its ordinary business; or, because the rights of the contracting parties have not been clearly stipulated. OPERATIONAL RISK: Is the possibility that losses occur in the obligated subject due to events originating in failures or insufficiency of processes, people, internal systems, technology, and in the presence of unforeseen external events. It includes legal risk, but excludes sis