Agreement 2-2017 Modifying Articles of Agreement 6-2015 on AML/CFT Prevention

REPUBLIC OF PANAMA SUPERINTENDENCY OF THE SECURITIES MARKET Agreement 2-2017 (February 1, 2017) "Modifying Articles 7, 8, 9, 17, 18, 19, 20, 23, 25, and 37 of Agreement 6-2015 of August 19, 2015, regarding provisions related to the prevention of money laundering, terrorist financing, and financing of the proliferation of weapons of mass destruction, and adding other provisions."

THE BOARD OF DIRECTORS

In exercise of its legal powers and

CONSIDERING:

That through Law 67 of September 1, 2011, the Superintendency of the Securities Market (hereinafter the "Superintendency") was created as an autonomous entity of the State, with legal personality, own assets, and administrative, budgetary, and financial independence, with exclusive competence to regulate and supervise issuers, investment companies, intermediaries, and other participants in the securities market in the Republic of Panama.

That pursuant to Article 121 of Law 67 of 2011, the National Assembly issued the Single Text comprising Decree-Law No. 1 of 1999 and its reforming laws, and Title II of Law 67 of 2011, reformed by Law 12 of April 3, 2012, and Law 56 of October 2, 2012 (hereinafter "Securities Market Law").

That Article 3 of the Securities Market Law establishes that the general objective of the Superintendency is the regulation, supervision, and oversight of securities market activities developed in or from the Republic of Panama, promoting legal certainty for all market participants and guaranteeing transparency, with special protection of investors' rights.

That Article 10 of the Securities Market Law establishes that it is within the powers of the Board of Directors to "Adopt, reform, and revoke agreements that develop the provisions of the Securities Market Law."

That numeral 20 of Article 10 of the Securities Market Law establishes that it is within the powers of the Board of Directors to exercise other attributions assigned to it by other legal frameworks, in this case, Law 23 of April 27, 2015.

That Law 23 of April 27, 2015, "Adopting measures to prevent money laundering, terrorist financing, and financing of the proliferation of weapons of mass destruction, and issuing other provisions," establishes powers for the Superintendency of the Securities Market, as the supervisory body, to regulate said Law.

That pursuant to the foregoing, the Superintendency of the Securities Market issued Agreement 06-2015 of August 19, 2015, promulgated in Official Gazette No. 27853 of August 25, 2015, with the objective of issuing provisions applicable to Financial Obligated Entities supervised by the Superintendency of the Securities Market, regarding the prevention of money laundering, terrorist financing, and financing of the proliferation of weapons of mass destruction.

That pursuant to the note dated September 24, 2015, and meetings with the Advisory Council of the Board of Directors of the Superintendency of the Securities Market, as well as meetings held internally within the Superintendency, it is necessary to proceed with the modification of Agreement 6-2015 of August 19, 2015, in order to facilitate compliance with obligations regarding the adequate identification of clients with a risk-based approach, origin and source of resources, and clear due diligence measures that regulated financial obligated entities supervised by the Superintendency of the Securities Market must apply.

That this Agreement has been submitted to the Public Consultation procedure contained in Title XIV "Administrative Procedure for the Adoption of Agreements," specifically in Articles 323 and following, whose term was from November 21, 2016, to December 14, 2016, as recorded in the public access file held at the offices of the Superintendency.

That pursuant to the foregoing, the Board of Directors of the Superintendency of the Securities Market, in exercise of its legal powers,

AGREES:

ARTICLE FIRST: MODIFY Article 7 of Agreement 6-2015 of August 19, 2015, which shall read as follows:

Article 7: (Identification and verification of client identity - Natural Person). For the purposes of identification and verification of client identity as indicated in numeral 1 of Article 27 of Law 23 of 2015, Financial Obligated Entities must take, at a minimum, the following measures, and request and obtain the following information or documentation, before the opening of the account or commencement of the commercial relationship:

1...

2. Copy of the ID card or passport of the person(s) requesting the product or service and the beneficial owners; and perform the corresponding cross-check. For the purposes of the suitable identity document, when it concerns a natural person of Panamanian nationality, it will be the valid personal identity card; it will also be the valid passport when it concerns a Panamanian national residing abroad.

When it concerns a foreigner, the suitable identity document will be the valid passport; in case of not having it valid or not possessing it, the valid personal identity document of their country of residence may be accepted.

For the purposes of the valid passport, only proceed to cross-check the copy of the page(s) where the client's photograph, signature, and general information appear, and the page where the entry stamp to the national territory is affixed.

In the case of clients contacted through visits abroad, or by entities affiliated with the economic group, the requirement for the copy of the passport page containing the entry stamp to Panama will not apply.

At all times, the client's identification document must be valid and updated for the acquisition of the product, service, or commencement of the commercial relationship. For the purposes of verification and updating, the use of the Electoral Tribunal database or local or international public or private information bases accessible to the financial obligated entity will be accepted as valid.

4. At least one bank reference. The financial obligated entity will accept bank references issued by entities that are related parties to the natural person.

5. Source and origin of resources or assets: The source and origin of resources or assets refers to written support, such as, without limitation, employment letters, bank reference letters, salary payment stubs, tax returns, contracts for the purchase and sale of assets, regarding the provenance of funds used to carry out a specific transaction or for obtaining the product or service.

6...

7...

The prevention manual of the financial obligated entities must establish the measures, policies, information, or additional documentation implemented by the financial obligated entity that it will request from clients representing higher risk.

ARTICLE SECOND: MODIFY Article 8 of Agreement 6-2015 of August 19, 2015, which shall read as follows:

Article 8: (Identification and verification of client identity - Legal Person). For the purposes of requesting certifications evidencing the constitution and validity of legal persons and the identification and verification of dignitaries, directors, attorneys-in-fact, signatories, and legal representatives of legal persons, as indicated in numeral 1 of Article 28 of Law 23 of 2015, Financial Obligated Entities must, at a minimum, take the following measures; and request and obtain the following information or documentation, before the opening of the account or commencement of the commercial relationship:

1...

2..

4. Identification, verification, and request for a copy of the valid ID card or passport of the dignitaries, directors, legal representatives, or those performing equivalent functions. For verification purposes, this may be done through local or international public or private information bases accessible to the financial obligated entity.

5. Identification and verification of signatories, attorneys-in-fact, or those performing equivalent functions, of the legal persons. For such purposes, only a copy of their valid personal identity document is necessary. In the case of attorneys-in-fact, a copy of the power of attorney accrediting them must be requested. For verification purposes, this may be done through local or international public or private information bases accessible to the financial obligated entity.

7...

8. At a minimum, one bank reference. The financial obligated entity will accept bank references issued by entities that are part of the banking or financial economic group of the legal person wishing to open the account. In case the legal person has no operations, bank references of the beneficial owner(s) will be sufficient, for which the same acceptance criteria of Article 7 regarding due diligence for natural persons will apply.

9. Substantiation of the origin of funds. The source and origin of the funds, resources, or assets of the client refers to written support, such as, without limitation, tax returns of the legal person, contracts for the purchase and sale of assets, audited financial statements accompanied by a certification from the external auditor, regarding the provenance of those used to initiate or carry out a specific transaction.

11...

The prevention manual of the financial obligated entities must establish the measures, policies, information, or additional documentation implemented by the financial obligated entity that it will request from clients representing higher risk.

ARTICLE THIRD: ADD Article 8-A to Agreement 6-2015 of August 19, 2015, which shall read as follows:

Article 8-A. Verification of the Constitution and Validity of Legal Persons. The provisions of Article 8 of this Agreement regarding the verification of the constitution and validity of legal persons will be fulfilled through obtaining a simple copy of the social pact in the case of a Panamanian legal person, or its equivalent in the case of a foreign legal person.

In the case of Panamanian legal persons, verification and updating will be done through the database of the Panamanian Public Registry, evidencing the existence and constitution data of the legal person.

In the case of foreign legal persons, verification and updating may be done through international public or private information bases accessible to the financial obligated entity. In case of not having access to such databases, incorporation must be verified through the submission of documentation duly authenticated under the apostille system or consular processing, evidencing its constitution and validity.

ARTICLE FOURTH: MODIFY Article 9 of Agreement 6-2015 of August 19, 2015, which shall read as follows:

Article 9. (Identification and verification of the Beneficial Owner). For the purposes of this Agreement, the beneficial owner will be understood as any natural person or persons who owns, controls, or exercises significant influence over the account relationship, contractual or business relationship, or the natural person in whose name or benefit a transaction is carried out, which also includes natural persons who exercise final control over a legal person, trusts, and other legal structures.

For the purposes of identification and verification of the beneficial owner as indicated in numeral 4 of Article 27 and numeral 2 of Article 28 of Law 23 of 2015, Financial Obligated Entities must, at a minimum, take the following measures, and require and obtain the following information or documentation:

1. Declaration of the beneficial owners of the legal person. In the case of persons or legal structures where their beneficial owners cannot be identified through shareholding, a declaration must be obtained detailing the natural persons who are holders or have rights or benefits equivalent to those that would grant ten percent (10%) or more of the issued and outstanding shares of a legal person. In all cases, the administrators, representatives, attorneys-in-fact, and signatories of the legal person must be identified. In the case of Private Interest Foundations, members of the Foundation Council, Founder, and Protector are considered to perform equivalent functions. When it concerns trusts, the trustee and the settlor of the trust are considered to perform functions equivalent to the dignitaries and directors of anonymous societies.

2. Conduct due diligence process on the beneficial owners, as established in Article 1 of this Agreement.

In the case of other legal persons or legal structures, the financial obligated entity must ensure obtaining sufficient information about the beneficial owner, and this must be detailed in its policies and procedure manuals.

When the obligated entity has not been able to identify the beneficial owner, it shall refrain from initiating or continuing the business relationship or carrying out the transaction if doubt persists regarding the identity of the client or the beneficial owner.

ARTICLE FIFTH: ADD Article 12-A to Agreement 6-2015 of August 19, 2015, which shall read as follows:

Article 12-A. Use of New Technologies. Financial obligated entities must identify and evaluate money laundering, terrorist financing, and financing of the proliferation of weapons of mass destruction risks that may arise regarding the development of new products and new business practices, including, without limitation, the use of new technological platforms, new forms of product and service offering, new forms of delivery or distribution channels, implementation of new technologies for the development or marketing of products or services, both new and existing, establishing the following minimum measures in prevention matters:

1. Identify, evaluate, and establish risk mitigation measures prior to the launch of new products, adoption of new business practices, or the use of new technologies for the development, marketing, or offering of products.

2. Effectively implement procedures that allow for the confirmation of the requested product or service, assurance, registration, and confidentiality of information.

3. Review the adopted Prevention Manual, including its procedures, so that they contain identified, evaluated, and mitigated risks inherent to the operation, products, or services offered, including, without limitation, the type of client, product, or service required or offered, client's geographic area, and investor's risk and financial profile.

4. Review, modify, and update the risk matrices adopted by financial obligated entities, so that risks related to the use of new technologies, new forms of offering, development, marketing, and delivery of information on the products and services offered are included among their factors.

5. Effectively implement new procedures, policies, and strategies for the mitigation of potential risks of money laundering, terrorist financing, and financing of the proliferation of weapons of mass destruction, as a result of the risk assessment performed due to the use of new technologies, development of new products, or new business practices.

6. Any other measure instructed by the Superintendency of the Securities Market or established by consideration of the financial obligated entity itself.

Financial obligated entities may not agree on limiting clauses of their responsibility derived from their relationships with third parties linked in the provision of services that comprise new products, new business practices, or the use of new technologies.

The implementation of new distribution channels for the marketing of products or services, new business practices, or the use of new technologies does not exempt the obligated entity from the responsibilities imposed on it in the provisions of this Agreement.

TRANSITORY PARAGRAPH: (ADAPTATION PERIOD) Financial Obligated Entities will have a period of ninety (90) calendar days, from the entry into force of this Agreement, to adapt their mechanisms, policies, and methodologies with a risk-based approach, specifically regarding the use of new technologies for the development or marketing of products or services, in accordance with what is established in this article.

ARTICLE SIXTH: MODIFY Article 17 of Agreement 6-2015 of August 19, 2015, which shall read as follows:

Article 17. (Enhanced or reinforced due diligence measures). When it concerns clients or activities classified as high risk, financial obligated entities supervised by the Superintendency of the Securities Market must establish and apply additional measures to those already established in Articles 7 to 10 of this Agreement, which will include the following:

1. Obtain the approval of Senior Management to initiate, establish, or continue any activity or business relationship.

2. Update the profiles of existing clients, including the registration of their information and documentation, at least once every twelve (12) months. In case the client's profile changes, such update must be carried out immediately, without the need to wait for the periodic review.

3. Any other measure determined by Senior Management or the body acting on its behalf within the financial obligated entity.

The enhanced or reinforced due diligence measures, as well as the procedure for the effective implementation of said measures, must be recorded in the Prevention Manual of the Financial Obligated Entities.

ARTICLE SEVENTH: MODIFY Article 18 of Agreement 6-2015 of August 19, 2015, which shall read as follows:

Article 18: (Approval). The opening of an account, or the initiation of commercial or business relationships for those clients or activities that may be classified or represent a high risk for the financial obligated entity, and to which enhanced or reinforced due diligence measures must be applied, must be approved by Senior Management.

For the purposes of what is established in this Agreement, Senior Management will be understood as any person or group of persons, with responsibilities to direct, execute, and supervise the operations of a financial obligated entity, consistent with business strategy and its administration, evaluating prevention risk, with the responsibility for the execution of effective policies and practices.

ARTICLE EIGHTH: MODIFY Article 19 of Agreement 6-2015 of August 19, 2015, which shall read as follows:

Article 19: (Ethics and Compliance Committee). Financial Obligated Entities must form an Ethics and Compliance Committee to review the opening of accounts or the initiation of business relationships for clients or activities to which enhanced or reinforced due diligence measures must be applied; as well as for the monitoring, suspension of relationship, or any other necessary measure or instructed by competent authorities or the Financial Analysis Unit for these types of clients or activities.

The Ethics and Compliance Committee must have the following characteristics:

1...

2. In the case of Securities Houses, Investment Managers, Pension and Retirement Fund Investment Managers, and Severance Fund Investment Managers and Administrative Service Providers, it must be composed, at a minimum, of two (2) members of the Board of Directors and the Compliance Officer in their capacity as a member with the right to voice and vote. In the case of Investment Advisors, it must be composed at a minimum, by the Compliance Officer with the right to voice and vote, the Principal Executive, and one (1) member of the Board of Directors, or it may form its Ethics and Compliance Committee following the model established in this article for entities with Securities House Licenses. Financial obligated entities may incorporate an Independent Director as a member of the Ethics and Compliance Committee, whose election and independence criteria will be made in accordance with the provisions established in Agreement 12-2003 of November 11, 2003, and its present or future reforms.

3...

4...

5...

6..

ARTICLE NINTH: MODIFY Article 20 of Agreement 6-2015 of August 19, 2015, which shall read as follows:

Article 20. (Operation of the Ethics and Compliance Committee). The Ethics and Compliance Committee must plan, coordinate, and ensure compliance with current legislation, the Securities Market Law, and regulations adopted by the Financial Obligated Entity in matters of prevention of money laundering, terrorist financing, and financing of the proliferation of weapons of mass destruction.

The Ethics and Compliance Committee will function as a collegial body responsible for:

1...

2...

3...

4...

6...

7. Review, at a minimum, once every twelve (12) months, the mechanisms, policies, and methodologies to prevent money laundering, terrorist financing, and financing of the proliferation of weapons of mass destruction. Similarly, such review will be carried out when there are observations as a result of internal audit, when normative changes arise affecting policies and procedures, or when new products or services are implemented.

ARTICLE TENTH: MODIFY Article 23 of Agreement 6-2015 of August 19, 2015, which shall read as follows:

Article 23. (Examination of transactions and operations). In addition to measures for knowing the nature of the client's business and continuous follow-up of the business relationship and its transactions, securities houses, investment managers, pension fund managers, severance fund managers, self-administered investment companies, and administrative service providers of the securities market must execute, at a minimum, the following measures during the examination of clients' operations and transactions:

a. Know the nature of the client's business, including their economic and financial activities.

b. Keep a record of transactions, by client and