Resolution JPRFM-2026-023-T Approving the Reform of Chapter I on the Administration of Money Laundering and Other Crime Financing Risk

RESOLUTION No. JPRFM-2026-023-T THE BOARD OF FINANCIAL AND MONETARY POLICY AND REGULATION

CONSIDERING:

That, Article 226 of the Constitution of the Republic of Ecuador stipulates that public servants and persons acting under state authority shall exercise only the competencies and powers attributed to them in the Constitution and the Law;

That, Article 227 ibid states that Public Administration constitutes a service to the community governed by principles of efficiency, quality, hierarchy, coordination, planning, among others;

That, the first paragraph of Article 303 of the Constitution of the Republic of Ecuador determines that the formulation of monetary, credit, exchange, and financial policies is the exclusive prerogative of the Executive Branch and will be implemented through the Central Bank of Ecuador;

That, on October 13, 2025, the Organic Reform Law of the Organic Monetary and Financial Code was published in the Sixth Supplement of the Official Register No. 142;

That, Article 13 of the Organic Monetary and Financial Code creates the Board of Financial and Monetary Policy and Regulation, part of the Executive Branch, as an organ with functional, technical, and institutional autonomy, and in its decisions, responsible for the formulation of monetary, credit, financial, securities, insurance, and prepaid comprehensive health care services policy and regulation. The Board of Financial and Monetary Policy and Regulation will be the highest governing body of the Central Bank of Ecuador;

That, Article 17 of the aforementioned Code, in its pertinent part, determines that: "(...) For the fulfillment of these functions, the Board will issue regulations in matters within its competence, without being able to alter legal provisions. The Board of Financial and Monetary Policy and Regulation may issue regulations by segments, economic activities, and other criteria. It may even reform or repeal regulations from the former Board of Monetary Policy and Regulation, the Board of Financial Policy and Regulation, or the Board of Monetary and Financial Policy and Regulation.

RESOLUTION No. JPRFM-2026-023-T Page | 2 All norms and policies issued by the Board of Financial and Monetary Policy and Regulation in the exercise of its functions, duties, and powers must be backed by duly substantiated technical and legal reports (...)";

That, Article 24 ibid provides that the acts of the Board of Financial and Monetary Policy and Regulation enjoy the presumption of legality and will be expressed through resolutions that will have mandatory force, which will govern from their publication in the Official Register, or from the date of their issuance when so determined by the Board, in accordance with the subject matter;

That, Article 25.2 ut supra determines that the Technical Secretariat of the Board of Financial and Monetary Policy and Regulation is exercised by the Central Bank of Ecuador, and Article 25.3 establishes as its functions the preparation of technical and legal reports supporting regulatory proposals, providing technical and administrative support to the Board of Financial and Monetary Policy and Regulation, and any others assigned by said Board;

That, General Provision Twenty-Ninth ibid states: "In current legislation where mention is made, indistinctly, of the Board of Monetary and Financial Policy and Regulation, the Board of Monetary Policy and Regulation; or the Board of Financial Policy and Regulation, replace and understand as 'Board of Financial and Monetary Policy and Regulation'";

That, the Financial Action Task Force (FATF) issues the "International Standards on Combating Money Laundering and the Financing of Terrorism and Proliferation," through its 40 Recommendations, recognized as the international reference framework for the design of money laundering and crime financing prevention systems, whose principles constitute best practices that it is pertinent to consider in the development of institutional policies in this matter;

That, the Organic Law on Prevention, Detection, and Combating of the Crime of Money Laundering and the Financing of Other Crimes establishes the legal framework applicable for the prevention, detection, and combating of money laundering and other crime financing risks, as well as the obligation to implement prevention, control, and reporting systems oriented to mitigate such risks;

That, through Executive Decree No. 298 of January 30, 2026, the Constitutional President of the Republic issues the General Regulation to the Organic Law on Prevention, Detection, and Combating of the Crime of Money Laundering and the Financing of Other Crimes, which stipulates that the Board of Financial and Monetary Policy and Regulation will establish the special regime applicable to the Central Bank of Ecuador to comply with the aforementioned Law;

That, through Letter No. T.233-SGJ-25-098 of September 5, 2025, signed by the Constitutional President of the Republic, addressed to the President of the National Assembly, the list of candidates for the designation of the Members of the Board of Financial and Monetary Policy Regulation was sent; as well as, the temporality of their stay within the initial period;

That, the Plenary of the National Assembly, on September 16, 2025, designated and swore in the members of the Board of Financial and Monetary Policy and Regulation, in the persons of: Gustavo Estuardo Camacho Dávila; Silvia Daniela Moya Arteta; Roberto Javier Basantes Romero; and, María Isabel Camacho Cárdenas;

That, the Board of Financial and Monetary Policy and Regulation, in Ordinary Session No. 013-2026, under hybrid modality, on May 27, 2026, reviewed the resolution proposal sent via Memorandum No. BCE-BCE-2026-0233-M, of May 22, 2026, by the General Manager of the Central Bank of Ecuador to the President of the Board of Financial and Monetary Policy and Regulation; as well as, Technical Report No. BCE-GR-2026-043 / BCE-SC-2026-043, of May 22, 2026; and, Legal Report No. BCE-GJ-057-2026, of May 22, 2026; and,

In exercise of its functions and in attention to Article 24 of the Organic Monetary and Financial Code, the Board of Financial and Monetary Policy and Regulation:

RESOLVES:

Sole Article. - Substitute Chapter I "Norm for the Administration of Money Laundering and Other Crime Financing Risk" of Title III "On the Prevention, Detection, and Combating of the Crime of Money Laundering and the Financing of Other Crimes", Book V "Common Application Norms for Regulated Sectors" of the Codification of Monetary, Financial, Securities, and Insurance Resolutions, with the following text:

"CHAPTER I. - NORM FOR THE ADMINISTRATION OF MONEY LAUNDERING AND OTHER CRIME FINANCING RISK SECTION I. - OBJECT, SCOPE, AND DEFINITIONS

RESOLUTION No. JPRFM-2026-023-T Page | 4 Art. 1.- Object. - This norm aims to regulate and establish the processes, procedures, mechanisms, and methodologies for the detection, prevention, mitigation, and administration of money laundering and other crime financing risks, which must be observed by financial obligated subjects in accordance with the current legal framework.

Art. 2.- Scope of application. - This norm will be applicable to all financial obligated subjects determined in the Organic Law on Prevention, Detection, and Combating of the Crime of Money Laundering and the Financing of Other Crimes and by the Financial and Economic Analysis Unit.

Art. 3.- Responsibility of financial obligated subjects. - Financial obligated subjects must detect, prevent, mitigate, and manage risks associated with the crime of money laundering, terrorism financing, and the proliferation of weapons of mass destruction, in accordance with what is established in this norm.

Detection, prevention, and mitigation measures will be applied in the performance of their activities, as well as to any product or service offered regardless of whether the transaction is carried out or not.

Art. 4.- Definitions. - For the purposes of the application of this norm, the following glossary of terms is established:

ASSETS. - Are goods; financial assets; properties of all kinds, tangible or intangible; movable or immovable, regardless of how they were obtained; and, documents or legal instruments, whatever their form, including electronic or digital, that evidence ownership or other rights over said goods.

RISK APPETITE. - Is the level of exposure to money laundering and other crime financing risk that the financial obligated subject is willing to assume, accept, or tolerate in the development of its activities and operations, in order to achieve its strategic objectives; in accordance with the maximum acceptable risk level; that is, the degree of deviation that generates an additional risk that it can support with respect to the risk level defined by the Board or statutory administrative body acting in its place according to planned risk.

SENIOR MANAGEMENT. – Refers to the official, employees, or collegiate governing bodies that possess a level of authority and hierarchy sufficient within the organizational structure of the financial obligated subject to make strategic decisions that affect its exposure to money laundering and other crime financing risks.

This condition does not depend exclusively on a job title, but on the effective function of authority, which includes, in a non-limiting manner, the following powers and responsibilities: risk approval, resource allocation, governance, and accountability.

For the purposes of this norm, members of the Board of Directors or Administrative Council, as the case may be, the Compliance Officer, and the Legal Representative are also considered part of Senior Management of the entity.

SCREENING BANK. - Entity that carries out activities related to financial intermediation through the management of flows and risks that does not have authorization and is not regulated and supervised in the country or abroad.

BENEFICIAL OWNER. - Is the natural person(s) who owns or receives, directly or indirectly, resources or goods or has control over a client, and/or the natural person in whose name the transaction is carried out. This also includes natural persons who exercise final effective control over a person or legal structure. In the case of partnerships, all its members will be considered beneficial or effective owners.

CHANNELS. - Refer to all ways or forms through which clients or users can make inquiries or transactions with financial obligated subjects, physically, electronically, or digitally.

CLOSE ASSOCIATES. - Are those people close to the politically exposed person within their professional exercise, such as, their work collaborators, advisors, consultants, and personal partners.

COUNTERPARTY. - Is any natural or legal person, national or foreign, with whom the financial obligated subject has commercial, business, contractual, or legal ties of any order; they may be, depending on the legal structure of the financial obligated subject, associates, partners, employees, clients, contractors, and suppliers.

RISK CRITERIA. - Are the characteristics of the different risk factors, such as: client profile, employee, counterparty, executive, supplier, correspondent, type of product or service provided, transactional channel, and geographic zone where the activity or operation is carried out.

DUE DILIGENCE. - Is the set of measures, processes, and procedures that financial obligated subjects apply to know their counterparties, their

RESOLUTION No. JPRFM-2026-023-T Page | 5 businesses, activities, operations, products, and the volume of their transactions, in order to detect, prevent, and mitigate the risk of money laundering, terrorism financing, and proliferation of weapons of mass destruction. As an essential element of due diligence, the financial obligated subject must always identify the beneficial owner.

ENHANCED / INTENSIFIED DUE DILIGENCE. - Is the set of additional, more rigorous, exhaustive, and reasonably designed processes and procedures that the financial obligated subject must apply to its counterparties, based on a high exposure to money laundering and other crime financing risks, to mitigate and/or reduce them, as established by the control body.

RISK-BASED APPROACH (RBA). - Is a set of prudential regulation and supervision methodologies that allows identifying, measuring or evaluating, controlling, and monitoring money laundering and other crime financing risks to which financial obligated subjects are exposed. This approach evaluates the systemic importance of each financial obligated subject and its risk profile, considering factors such as products, services, practices, technologies, counterparties, countries, and geographic areas, transactions, and channels; thus reducing the possibility that these are used as an instrument for the concealment or legalization of illicit assets, linked to their activities and operations.

LEGAL STRUCTURE. - A legal structure is considered to be autonomous patrimony or any other economic unit that lacks legal personality; this definition includes patrimonies constituted abroad with an administrator, fiduciary agent, protector, or any other equivalent form.

RISK EXPOSURE. - Is the level of risk that the financial obligated subject has before applying controls, mitigating and/or reducing the risk, upon the realization of events associated with money laundering and other crime financing.

CONTROL LISTS. – Are the following:

1. National and international information lists. - Used primarily by compliance officers, they contain information from various sources about natural or legal persons. This information contributes to the financial obligated subject having a broader knowledge of the legal background of its counterparties.
2. Tax Haven. - Is the territory or state of null or low taxation, frequently used to lower, distort, evade, or optimize the tax burden of individuals or companies and is characterized by having lax tax and control legislations.
3. Politically Exposed Persons (PEP). - Is the list of natural persons, national or foreign, qualified as such, based on the Politically Exposed Persons (PEP) Guide issued by the Financial and Economic Analysis Unit.

RISK MATRIX. - Is a control and management tool that, through the identification and measurement of risk events associated with the business lines and processes of the financial obligated subject or entity and related to money laundering and other crime financing, allows determining the risk and implementing the corresponding due diligence controls and actions.

SIMPLIFIED MEASURES. - Is the set of measures applied by the financial obligated subject of lower rigor and requirement in due diligence, when a low exposure to money laundering and other crime financing risks has been identified, as detailed by the control body.

GOVERNING BODIES. - Are the formal and legally constituted structures, responsible for strategic direction, supervision, and key decision-making within a financial obligated subject. These bodies, such as the shareholders' meeting, general assemblies, or boards of directors, have the function of establishing institutional policies, approving plans and budgets, supervising management, and ensuring compliance with organizational objectives.

COUNTERPARTY BEHAVIORAL PROFILE. - Are the inherent and usual characteristics of the subject of analysis, associated with their general information and with the way of using the services and products offered by the financial obligated subject for its clients, partners, and other counterparties.

RISK PROFILE. - Is the risk condition presented by counterparties both by their behavior and by their transactionality, which may expose the financial obligated subject to the occurrence of events with implications in money laundering and other crime financing.

COUNTERPARTY TRANSACTIONAL PROFILE. - Is the parameter that indicates the financial and operational capacity that counterparties have to transact with the financial obligated subject. The calculation of its value or range is carried out through methodologies of recognized technical value, which consider variables such as their income, assets, economic activity, products and/or services, historical transactionality, and

RESOLUTION No. JPRFM-2026-023-T Page | 6 channels used.

POLITICALLY EXPOSED PERSONS (PEP). - Is the quality acquired by natural persons, national or foreign, who perform or have performed hierarchical public functions in the country or abroad, or to whom prominent functions in an international organization have been conferred; the same treatment will be extended to this quality to their family members and associates in accordance with the current legal framework, as follows:

1. Heads of State or government;
2. High-ranking politicians;
3. High-ranking government, judicial, or military officials;
4. Senior executives of state-owned companies;
5. Political party executives;
6. Members of senior management; directors; sub-directors, or equivalent functions; and,
7. Others determined by resolution of the Financial and Economic Analysis Unit.

PROGRAM FOR THE DETECTION, PREVENTION, MITIGATION, AND ADMINISTRATION OF MONEY LAUNDERING, TERRORISM FINANCING, AND WEAPONS OF MASS DESTRUCTION PROLIFERATION FINANCING RISKS (PARLAFT).- Is a system for the detection, prevention, mitigation, and administration of money laundering and other crime financing risks, composed of internal policies, processes, procedures, controls, mechanisms, and risk management methodologies, information, and reporting, developed and implemented by the financial obligated subject.

TECHNOLOGICAL REGULATION. - Also known as RegTech, it corresponds to the implementation of technology to support financial obligated subjects or entities in complying with their regulatory obligations.

SUSPICIOUS OPERATIONS REPORT (SOR). - Is the instrument of information of a reserved and secret nature, constituted by unusual and unjustified operations and/or transactions that, in addition, according to the usages and customs of the activity in question, could not be reasonably justified, and are presumed to have an illicit origin, so they must generate alert signals and be reported to the Financial and Economic Analysis Unit.

MONEY LAUNDERING AND OTHER CRIME FINANCING RISK. - Is the possibility of loss or damage that a financial obligated subject may suffer due to its exposure to being used directly or through its operations as an instrument for money laundering and/or channeling resources towards the commission of criminal activities, or when the concealment of assets from said activities is sought.

ASSOCIATED RISKS. - Are those through which money laundering and other crime financing risk materializes, which can be: legal, reputational, operational, and contagion risks.

INHERENT RISK. - Is the level of exposure to risk inherent to the activity, without taking into account the effect of implemented controls.

RESIDUAL RISK. - Is the resulting level of risk exposure of the activity, after having implemented risk controls.

SEGMENTATION OF RISK FACTORS. - Process by which risk factors are separated into homogeneous groups internally and heterogeneous between them. The separation is based on the recognition of significant differences in their characteristics.

MARKET SEGMENTATION. - Are relevant criteria by which active, passive, and neutral operations can be grouped. Its main objective is to analyze a client's operations to define whether they are unusual or not.

ALERT SIGNALS. - Are signs of early detection, referential, and expressed in facts, situations, events, amounts, quantitative and qualitative indicators, financial ratios, and other information, based on experiences or typologies, from which the possible existence of a money laundering and other crime financing risk can be inferred timely and/or prospectively.

FINANCIAL OBLIGATED SUBJECTS. - Are natural or legal persons that constitute the first control in the detection, prevention, mitigation, and administration of money laundering and other crime financing risks, that are established as such in accordance with the current legal framework.

TECHNOLOGICAL SUPERVISION. - Also known as SupTech, it is understood as the use of technologies to support the supervision processes in charge of the corresponding control bodies.

UNUSUAL AND UNJUSTIFIED ECONOMIC OPERATIONS OR TRANSACTIONS. - Movement carried out by natural persons, legal persons, and/or legal structures that does not correspond in amount, frequency, or recipient, to their economic and behavioral profile or that the origin and destination of resources have not been justified.

SECTION II.- IMPLEMENTATION OF THE PROGRAM FOR THE DETECTION, PREVENTION, MITIGATION, AND ADMINISTRATION OF MONEY LAUNDERING, TERRORISM FINANCING, AND WEAPONS OF MASS DESTRUCTION PROLIFERATION FINANCING RISKS (PARLAFT)

Art. 5.- Program for the detection, prevention, mitigation, and administration of money laundering, terrorism financing, and weapons of mass destruction proliferation financing risks (PARLAFT).- The financial obligated subject must design, develop, and implement a program for the detection, prevention, mitigation, and administration of money laundering risk, its predicate crimes, and the financing of other crimes (PARLAFT), which is the system that will be composed of internal policies, processes,

RESOLUTION No. JPRFM-2026-023-T Page | 7 procedures, controls, mechanisms, and methodologies established by the subject or entity, aimed at identifying, measuring, evaluating, controlling, and monitoring the risks of money laundering and other crime financing to which it is exposed, in accordance with the risk-based approach.

The PARLAFT program must include, at least, the following components:

1. Internal policies and procedures for the prevention, detection, and reporting of money laundering and other crime financing.
2. Risk assessment methodology, including the identification and evaluation of inherent risks and the design and implementation of controls to mitigate residual risks.
3. Customer due diligence (CDD) procedures, including the identification and verification of the identity of clients and beneficial owners, as well as the understanding of the nature of the business relationship.
4. Enhanced due diligence (EDD) procedures for high-risk clients, such as Politically Exposed Persons (PEPs), clients from high-risk jurisdictions, and complex legal structures.
5. Simplified due diligence (SDD) procedures for low-risk clients, as permitted by the control body.
6. Ongoing monitoring of business relationships and transactions to detect unusual or suspicious activities.
7. Reporting of suspicious operations to the Financial and Economic Analysis Unit.
8. Training programs for employees on money laundering and other crime financing risks and the obligations of the financial obligated subject.
9. Independent audit or review of the effectiveness of the PARLAFT program.
10. Appointment of a Compliance Officer responsible for the implementation and supervision of the PARLAFT program.

Art. 6.- Risk Assessment. - The financial obligated subject must conduct a periodic risk assessment to identify and evaluate the money laundering and other crime financing risks to which it is exposed. The risk assessment must consider the following factors:

1. The nature, scope, and complexity of the financial obligated subject's activities.
2. The types of products and services offered.
3. The channels used for transactions.
4. The geographic areas where the financial obligated subject operates.
5. The types of clients and counterparties.
6. The legal and regulatory framework applicable to the financial obligated subject.

The risk assessment must be updated whenever there are significant changes in the risk factors or in the financial obligated subject's activities.

Art. 7.- Customer Due Diligence (CDD). - The financial obligated subject must apply customer due diligence measures to all clients and counterparties before establishing a business relationship or carrying out occasional transactions above the threshold established by the control body. CDD measures must include:

1. Identifying the client and verifying their identity using reliable, independent source documents, data, or information.
2. Identifying the beneficial owner and taking reasonable measures to verify their identity, so that the financial obligated subject is satisfied that it knows who the beneficial owner is.
3. Understanding the nature and purpose of the business relationship.
4. Obtaining information on the source of funds and source of wealth.

Art. 8.- Enhanced Due Diligence (EDD). - The financial obligated subject must apply enhanced due diligence measures to clients and counterparties that present a high risk of money laundering or other crime financing. EDD measures must include:

1. Obtaining additional information on the client and beneficial owner.
2. Obtaining information on the purpose and intended nature of the business relationship.
3. Conducting enhanced ongoing monitoring of the business relationship, including the scrutiny of transactions.
4. Obtaining the approval of senior management for establishing or continuing the business relationship.

Art. 9.- Simplified Due Diligence (SDD). - The financial obligated subject may apply simplified due diligence measures to clients and counterparties that present a low risk of money laundering or other crime financing, as determined by the control body. SDD measures must be proportionate to the low risk and must not compromise the ability of the financial obligated subject to detect and report suspicious transactions.

Art. 10.- Ongoing Monitoring. - The financial obligated subject must conduct ongoing monitoring of business relationships and transactions to ensure that transactions are consistent with the financial obligated subject's knowledge of the client, their business, and risk profile. The monitoring must include:

1. Scrutiny of transactions to ensure they are consistent with the financial obligated subject's knowledge of the client.
2. Updating client information and documentation.
3. Identifying and reporting suspicious transactions.

Art. 11.- Reporting of Suspicious Transactions. - The financial obligated subject must report to the Financial and Economic Analysis Unit any transaction that is suspected to be related to money laundering, terrorism financing, or the proliferation of weapons of mass destruction. The report must be made without delay and without tipping off the client.

Art. 12.- Record Keeping. - The financial obligated subject must keep records of all transactions, as well as all documents obtained through customer due diligence measures, for at least ten years from the end of the business relationship or the date of the occasional transaction.

Art. 13.- Training. - The financial obligated subject must provide regular training to its employees on money laundering and other crime financing risks, the obligations of the financial obligated subject, and the procedures for detecting and reporting suspicious transactions.

Art. 14.- Independent Audit. - The financial obligated subject must conduct an independent audit of the effectiveness of its PARLAFT program at least once every two years or whenever there are significant changes in the risk factors or in the financial obligated subject's activities.

Art. 15.- Compliance Officer. - The financial obligated subject must appoint a Compliance Officer responsible for the implementation and supervision of the PARLAFT program. The Compliance Officer must have sufficient authority, resources, and independence to perform their duties.

Art. 16.- Sanctions. - The financial obligated subject must establish internal sanctions for employees who fail to comply with the PARLAFT program.

Art. 17.- Entry into Force. - This norm will enter into force upon its publication in the Official Register.

Given in the City of Quito, on May 27, 2026.

BOARD OF FINANCIAL AND MONETARY POLICY AND REGULATION

Gustavo Estuardo Camacho Dávila President

Silvia Daniela Moya Arteta Member

Roberto Javier Basantes Romero Member

María Isabel Camacho Cárdenas Member