Norm Regulating Trust Operations Conducted by Financial Institutions

Page 1 of 10 Resolution No. CD-SIBOIF-1144-1-DIC5-2019 Dated December 5, 2019

NORM THAT REGULATES TRUST OPERATIONS CARRIED OUT BY FINANCIAL INSTITUTIONS

The Board of Directors of the Superintendent of Banks and Other Financial Institutions

CONSIDERING

SOLELY

That Article 10, numeral 1), of Law No. 316, “Law of the Superintendent of Banks and Other Financial Institutions,” published in La Gaceta, Official Gazette No. 196, of October 14, 1999; Article 62, letter b), of Law No. 741, “Law on the Trust Contract,” published in La Gaceta, Official Gazette, No. 11, of January 19, 2011; and Articles 17, numeral 2), 20, 25, numeral 3), 30, letter a) and 47, of Law No. 977, “Law Against Money Laundering, Terrorism Financing and Financing of the Proliferation of Weapons of Mass Destruction,” published in La Gaceta, Official Gazette No. 138, of July 20, 2018, hereinafter Law 977 or Law Against ML/TF/P; legal frameworks contained in Law No. 974, Law of the Nicaraguan Legal Digest on Banking and Finance Matters, published in La Gaceta, Official Gazette No. 164, of August 27, 2018, and its update (Law of the Legal Digest); empower this Board of Directors to issue general norms to regulate trust operations carried out by financial institutions authorized and supervised by the Superintendent of Banks and Other Financial Institutions.

THEREFORE

In exercise of its powers,

HAS ISSUED

Resolution No. CD-SIBOIF-1144-1-DIC5-2019

The following,

NORM THAT REGULATES TRUST OPERATIONS CARRIED OUT BY FINANCIAL INSTITUTIONS

Article 1. Concepts.- For the application of this norm, the concepts indicated in this article, both in uppercase and lowercase, singular or plural, shall have the following meanings:

Page 2 of 10

a) Ultimate Beneficiary: According to Law 977, in the case of trusts, it is the natural person or persons who ultimately own or control a trust, including the natural person or persons who exercise ownership or control of the trust through a chain of ownership or other means of control other than direct control, and also the natural person or persons in whose name a trust operation is carried out. b) Trust: According to Law 741, it refers to the operation by virtue of which the settlor transmits ownership of a specific asset or set of assets or rights to the trustee, who undertakes to administer them for the benefit of the beneficiary and transmit them to the trust beneficiary or the settlor when a term, condition, or other cause of extinction of the obligation is met. c) Settlor: Natural or legal person, private, public, or mixed, national or foreign, or entities endowed with legal personality with the capacity to transmit ownership of the assets or rights subject to the trust, as appropriate. d) Trustee: Natural or legal person to whom ownership of the trust assets or rights is transferred and who is in charge of executing what is agreed upon in the trust contract to achieve its purposes. e) Trust Beneficiary: Person to whom the rights, fruits, and benefits obtained from the execution of the trust are destined. f) Investment Fund: Investment fund, financial or non-financial, as referred to in the Capital Markets Law and the regulations governing the matter on management companies and investment funds. g) Securitization Fund: Securitization fund as referred to in the Capital Markets Law and the regulations governing the matter on management companies and securitization funds. h) Risk Management: Set of objectives, policies, procedures, and actions implemented to identify, measure, monitor, limit, control, mitigate, report, and disclose the different types of risks to which financial institutions are exposed. i) Group of Economic Interest: Related parties, significant linkages, and indirect manifestations of the financial institution, as referred to in Article 55 of Law 561, General Law of Banks, Non-Bank Financial Institutions, and Financial Groups, and the regulations governing the matter on concentration limits. j) Institution or Financial Institution: Banks and non-bank financial institutions; stock exchanges; as well as, securities clearinghouses, management companies for investment funds, and management companies for securitization funds, that carry out trust operations. These last three entities, exclusively, in the case that such operations are related to their corporate purpose and business scope. k) General Banking Law: Law No. 561, General Law of Banks, Non-Bank Financial Institutions, and Financial Groups, published in La Gaceta No. 232, of November 30, 2005, contained in Law No. 974, Law of the Nicaraguan Legal Digest on Banking and Finance Matters, published in La Gaceta, Official Gazette No. 164, of August 27, 2018, and its reforms.

Page 3 of 10

l) Law 741: Law on the Trust Contract, published in La Gaceta, Official Gazette, No. 11 of January 19, 2011, contained in Law No. 974, Law of the Nicaraguan Legal Digest on Banking and Finance Matters, published in La Gaceta, Official Gazette No. 164, of August 27, 2018, and its reforms. m) Capital Markets Law: Law 587, Capital Markets Law, published in La Gaceta, Official Gazette, No. 222 of November 15, 2006, contained in Law No. 974, Law of the Nicaraguan Legal Digest on Banking and Finance Matters, published in La Gaceta, Official Gazette No. 164, of August 27, 2018, and its reforms. n) Law 977 or Law Against ML/TF/P: Law No. 977, Law Against Money Laundering, Terrorism Financing and Financing of the Proliferation of Weapons of Mass Destruction, approved on July 16, 2018. Published in La Gaceta Official Gazette No. 138 of July 20, 2018, contained in Law No. 974, Law of the Nicaraguan Legal Digest on Banking and Finance Matters, published in La Gaceta, Official Gazette No. 164, of August 27, 2018, and its reforms. o) GPR-ML/TF/P Norm: Resolution No CD-SIBOIF-980-1-ENE18-2017 “Norm for the Management and Prevention of Terrorism Financing Risks; and, of the Financing of the Proliferation of Weapons of Mass Destruction (GPR-ML/TF/P Norm), dated January 18, 2017, published in La Gaceta No. 27 of February 08, 2017; and its reforms. p) AML/TF Norm: Norm for the Management and Prevention of Money Laundering, Assets or Activities; and Terrorism Financing Risks, contained in Resolution No. CD-SIBOIF-524-1-MAR5-2008 of March 5, 2008 and published in La Gaceta, Official Gazette No. 63, 64, 65, 66 and 67, of April 4, 7, 8, 9 and 10, 2008, respectively; and its reforms. q) AML/TF/P: Prevention of money and/or assets laundering and/or terrorism financing and/or financing of the proliferation of weapons of mass destruction risks. These same risks may also be referred to as PLA/TF/P. r) Trust Risks: The risk resulting from incurring losses caused by the trustee's fault or negligence in the administration of the trust assets and/or being involved in ML/TF/P activities, due to the trustee's failure to comply with its legal and regulatory obligations regarding AML/TF/P. s) Superintendent: Superintendent of Banks and Other Financial Institutions. t) Superintendent: Superintendent of Banks and Other Financial Institutions.

Article 2. Object and Scope.- This norm aims to establish the responsibilities and general guidelines that financial institutions must comply with to manage the coverage of risks inherent to trust operations in which they participate as trustees.

Article 3. Responsibilities of the Board of Directors in Risk Management.- The Board of Directors of the financial institution shall be responsible for approving the objectives, guidelines, and written policies that allow for adequate management of risks associated with trust operations in which it participates. Likewise, it shall be its responsibility to ensure compliance with said objectives, guidelines, and policies, which must be implemented by the senior management of the institution.

In particular, the Board of Directors shall be responsible for ensuring that the following aspects are met, at least:

a) That its risk management and internal control policies are coherent with the strategic orientation of the institution and proportional to the magnitude of identified risks; and constitute an adequate framework to evaluate, manage, and monitor risks derived from the designation of third parties for the execution of certain trust operations. b) That its policies on conflicts of interest are clear and include actions among the different participants in the trust; as well as, the actions of the institution's officials and employees, service providers, and other external participants. c) That its policies, strategies, and internal controls implemented in its trust operations are examined periodically. d) That the human resources assigned to its trust operations have knowledge and work experience appropriate to the exercise of the functions and responsibilities derived from the institution's participation in such operations, which must also be congruent with the complexity of the types of trusts in which it participates and the different risks associated with them. e) That there is a systematic process to stay informed about the institution's performance and the risks it faces in its trust operations. f) That the financial institution acts preventively, prudently, and diligently in its trust operations. g) That policies, procedures, monitoring systems, and controls necessary to manage the prevention of ML/TF/P risks through trust operations carried out in its capacity as trustee are established, including alert signals for their monitoring and early detection of suspicious operations, analysis, escalation, documentation, and reporting to the competent authority as appropriate, in accordance with the regulations issued by said authority. h) That regarding the settlor, information about their professional or business activity and the origin of the funds contributed to the trust is obtained and verified. In all cases, it must determine if the settlor has or has had the status of a politically exposed person, is a national or resident of a country, territory, or jurisdiction of risk, or is subject to financial sanctions by competent international organizations in matters of AML/TF/P. i) That in the case of trust beneficiaries or, when these are still pending designation, the category of people for whose benefit the trust was created or operates, or in the case of beneficiaries designated by characteristics or classes, the necessary information is obtained to establish the identity of the beneficiary at the latest at the time of payment or when the beneficiary intends to exercise the conferred rights.

Page 5 of 10

j) That the financial institution gives continuous follow-up to the business relationship of the trust, for which it must review operations to guarantee that they coincide with the risk profile of the trust; as well as, guarantee that documents, data, and information related to the trust and its beneficial owners obtained in the due diligence process are preserved for the period established in Law 741, and that the aforementioned documentation and information is updated and available to the competent authority. k) That the financial institution does not establish business relationships nor execute trust operations when it cannot apply the legally and regulatorily required due diligence measures, particularly when it cannot obtain documentation and information from any of the intervening parties congruent with the risk thereof; in which case, it must consider filing a suspicious operation report with the competent authority in accordance with the provisions of the relevant law and current regulations issued by that Authority. l) That the financial institution establishes mechanisms to inform its status as trustee, prior to establishing business relationships or intervening in any operations with another obligated party supervised by this Superintendent, within the framework of the respective trust contract according to Law 741. m) That the financial institution establishes mechanisms to terminate the business relationship and/or to not intervene and/or not continue in any type of operations with another financial institution supervised in those cases where the latter is acting in its capacity as trustee and has not declared that it is acting in that capacity, but rather determined it through its own due diligence measures and risk management controls, in which case it must proceed to terminate the business relationship with said institution, conducting a complete review of its relationships and presenting, based on the results, a suspicious operation report to the competent authority.

Article 4. General Guidelines.- Financial institutions must take into account the following minimum general guidelines in establishing their objectives, policies, and procedures to manage risks inherent to their trust operations:

a) Separation of strategic activities: Financial institutions must establish a clear separation between their strategic and risk-taking activities, with respect to those processing and transaction recording activities; as well as, the analysis of possible risks derived from the following scenarios:

1. In the case of groups of economic interest to which the trustee, the settlor, or the trust beneficiary of the same trust belong, the financial institution must guarantee that there is clear disclosure of these relationships to all involved parties.
2. In the case of acting as trustee, the financial institution must guarantee the complete separation of the trust assets, with respect to its own assets, for which it must keep accounting that records operations derived from the trust assets, separately from its own accounts.

Page 6 of 10

b) Human, technological, and logistical resources: Financial institutions acting as trustees must have human, financial, technological, and logistical resources commensurate with the nature, responsibilities, size, and complexity of the trusts they administer, with the purpose of mitigating the risk of losses or contingencies due to fault or negligence in the administration of the trust assets or by the failure to prevent, detect, and/or timely report suspicious ML/TF/P activities through them to the competent authority, in accordance with the law and regulations issued by said authority. c) Organic and functional segregation: Financial institutions must create an organic and functional structure segregated from their other structures, for the specific handling of trust operations in which they participate, establishing the functions they must perform to manage risks associated with these operations, including a clear identification and establishment of the functions they must perform to manage risks in matters of prevention, detection, and reporting of suspicious ML/TF/P operations, which must be included in the respective job descriptors. d) Outsourcing of services: When certain acts or functions inherent to trust operations can be subject to subcontracting or outsourcing, the financial institution must proceed in accordance with the regulations governing the matter on the contracting of service providers. In such contracting, the responsibilities of the trustee and the subcontracted persons must be clearly delimited, so as to enable an effective environment for the control and monitoring of trust operations. In accordance with what is established in Article 8, letter c), of the AML/TF Norm; and Article 40 of the GPR-ML/TF/P Norm, and except for what is provided in Article 41 of the same, the financial institution under no modality may delegate or outsource any stage or activity of the integral Due Diligence process for customer knowledge, as well as, for transaction monitoring and list filtering. e) Conflicts of interest: Financial institutions must establish the necessary internal controls that allow identifying, mitigating, and following up on potential conflicts of interest between the different participants in the trust operations they carry out. f) Monitoring mechanisms: Financial institutions must establish monitoring mechanisms for the internal controls implemented to mitigate risks associated with their trust operations, in congruence with the objectives, nature, complexities, and particularities of each trust. In matters of prevention of ML/TF/P risks, this monitoring must be in line with what is provided in the AML/TF Norm and the GPR-ML/TF/P Norm.

CHAPTER IV TRUST RISK MANAGEMENT

Article 5. Trust Risk Management.- Financial institutions acting in the capacity of trustees must specifically comply with the provisions established in this Chapter, in order to adequately manage the risks associated with their trust operations.

Article 6. Obligations and Responsibilities of Financial Institutions.- Without prejudice to the obligations and responsibilities provided in Law 741, financial institutions shall have the following specific obligations and responsibilities:

Page 7 of 10

a) They must act in strict adherence to the instructions of the settlor, or whom the latter designates. The activities they carry out will be at the account and risk of the trust, and cannot entail any responsibility for the institution, except for losses caused by their fault or negligence in the administration of the trust assets. b) They must observe the prohibitions established in Article 7 of this norm. c) They must identify the risks associated with their trust operations as established in Article 8 of this norm. d) They must permanently value the risks that affect the continuity of the trust. In the event that institutions determine the existence of reasons or circumstances that make the fulfillment of the trust impossible, they must inform the settlor immediately to proceed in accordance with what is provided in Law 741 and the respective contract. e) They must implement the AML/TF controls established in Article 9 of this norm, as well as in the relevant legislation, the AML/TF Norm, GPR-ML/TF/P Norm; and applicable regulations on report submission issued by the competent authority. f) They must observe the regulations on the administration in trust of investment funds and securitization funds, established in Article 10 of this norm. g) They must guarantee that the credits, guarantees, or sureties they grant to the trusts they administer are authorized under market conditions, that is, that they do not differ from the conditions applicable to any other client of the institution in comparable operations. h) The financial institution must apply enhanced due diligence measures proportional to the risks, business relationships, services, and operations they initiate, maintain, or execute in relation to the constitution of trusts as they are empowered by Law 741 and the fiduciary mandate received, whose settlors and/or trust beneficiaries or beneficiaries and/or trust assets are from or located in countries that do not apply measures completely or sufficiently in accordance with standards against ML/TF/P revealed in their mutual, official, and published evaluations on the website of the competent body. j) Financial institutions must apply enhanced due diligence measures proportional to the risks, business relationships, services, and operations they initiate, maintain, or execute in relation to the constitution and management of trusts, from or located in countries that do not completely or sufficiently apply standards against ML/TF/P. k) Financial institutions, in addition to the records indicated in the legislation and regulations on AML/TF/P applicable to them, must maintain or preserve for a period of no less than five (5) years, from the end of the relationship, information about the settlor, the trust beneficiaries, the ultimate beneficiaries, and any other natural person who exercises control over the trust, as well as, those who provide services for the latter, such as advisors or investment managers, accountants, and tax advisors, without this enumeration being limiting. The aforementioned records must be kept in good condition, whether physical or electronic, and must be adequate and sufficient to be able to reconstruct transactional links with the client at any time and be available to the competent authorities.

Page 8 of 10

Article 7. Prohibitions.- In addition to the prohibitions established in Law 741, financial institutions cannot, in the exercise of their activities as trustees:

a) Assume risks or commitments of the trust on their own account. b) Carry out, through the trust, and at their own account and risk, activities or operations that are prohibited to them or for which they are not authorized. c) Respond in their own name for the results of the trust, for the partial or total loss of the trust assets, except that the loss was caused by their fault or negligence in the administration of the trust assets. d) Guarantee in any way to the settlor or the trust beneficiary the result of the trust or the operations, acts, and contracts they carry out with the trust assets. e) In the case of trusts administered in a discretionary manner, grant them credits, guarantees, or sureties, nor sell them securities issued by the institution or by any member of its group of economic interest. They also cannot sell them movable or immovable assets, or their representative titles. f) Carry out operations, acts, or contracts with the trust assets for the benefit of its shareholders, directors, chief executive, spouses, and relatives up to the second degree of consanguinity or affinity.

[End of provided text]