The growth of the fintech sector has brought innovation and accessibility to the financial market, but it has also increased the need for effective mechanisms for anti-money laundering (AML) and combating the financing of terrorism (CFT) AML/CFT. Increasingly stringent regulations require these companies to adopt robust compliance policies, transaction monitoring, and customer due diligence.
But how can fintechs structure an efficient AML/CFT program and ensure regulatory compliance? In this article, we explore the best practices and requirements to strengthen financial security and avoid legal risks.
Content:
- What is the crime of money laundering?
- What is AML/CFT?
- What are the main AML regulations – Anti-Money Laundering Program for Fintechs?
- What are the penalties for non-compliance with AML/CFT obligations?
- What are the necessary steps to implement an AML – Anti-Money Laundering Program for Fintechs?
- Why is the AML/CFT – Anti-Money Laundering Program for Fintechs important?
What is the crime of money laundering?
Money laundering involves financial or commercial activities that disguise the illegal origin of funds. The goal is to transform this money into seemingly legal assets, allowing its use without exposing those responsible for the crime.
This process occurs in stages. First, the money is separated from its illicit origin. Then, its movements are concealed, making tracking difficult. Finally, it is reintegrated into the financial system as if it were “clean.”
Therefore, the methods most employed in the money laundering process theoretically consist of three distinct phases, which can often happen simultaneously. See below:
Placement: This refers to the introduction of money into the economic system, whether through deposits, investments, acquisition of negotiable instruments, or purchase of goods, with the aim of hindering the identification of the capital’s origin. To achieve this goal, criminals employ sophisticated and increasingly dynamic methods, such as dividing the amounts circulating through the banking system and using commercial establishments that normally deal with cash.
Layering: This involves preventing the accounting tracking of illicit funds, with the aim of breaking the chain of evidence in the event of investigations into the origin of the money. Criminals seek to transfer it digitally, sending funds to anonymous accounts – preferably in countries protected by bank secrecy laws – or making deposits into accounts opened in the name of “straw men” or using fictitious or shell companies.
Integration: The assets are formally integrated into the economic system through investments in companies that simplify their operations. These companies can offer reciprocal services, carried out by criminal organizations, because once the chain is established, it becomes increasingly simple to legalize illicit money.
Based on this, it can be inferred that financial and payment institutions, as well as companies that serve as payment intermediaries, can be used by criminals to commit money laundering crimes.
What is AML?
Anti-money laundering (AML) is a subject that has gained global notoriety by being linked to the fight against crimes such as drug trafficking and its financing. In 1988, the Vienna Convention was signed, representing a milestone in this process, addressing the fight against illicit traffic in narcotic drugs and psychotropic substances. This gave rise to a global effort to establish specific laws to help reduce the risks associated with these crimes.
Brazil’s accession to the Vienna Convention occurred in 1991, and shortly thereafter, in 1998, Law No. 9,613 was enacted. This legislation established rules to prevent the use of the National Financial System (SFN) for illegal activities and established the Council for Financial Activities Control (COAF), a central entity responsible for supervising such practices.
To strengthen supervision, the legislation established a set of individuals and entities that are subject to stricter control rules. These groups were selected because they have a high risk of involvement in money laundering activities and because they possess information that enables the detection of suspicious financial transactions.
Among the main references are financial institutions, card managers, insurers, lotteries, companies and professionals involved in the promotion of real estate or in the transaction of buying and selling properties. Also included are those who deal with jewelry, precious stones and metals, works of art, antiques, and luxury items, among others. This supervision is essential to prevent these actions from being used as a means for illegal activities.
Anti-Money Laundering mechanisms, now known as prevention mechanisms, include: customer identification and regular reviews of registration data; the recording of all transactions carried out, whether in local or foreign currency; reporting suspicious money laundering transactions to COAF, without informing the parties involved in carrying out the operation; and the implementation of policies, processes, and internal controls with the aim of ensuring compliance with the mechanisms established herein.
Based on this legislation, COAF established specific rules for the obligations of individuals subject to the aforementioned controls. In the case of fintechs, the Central Bank of Brazil (BCB) established the responsibilities that these institutions must fulfill.
What are the main AML regulations – Anti-Money Laundering Program for Fintechs?
Currently, the most relevant regulations related to the AML – Anti-Money Laundering Program for fintechs are those established by COAF and BCB. The Control aims to regulate all individuals subject to the controls established in Law No. 9,613/98. It is worth highlighting the two main regulations published on this subject, which are:
COAF Resolution No. 40, of November 22, 2021: establishes guidelines to be followed in relation to politically exposed persons;
COAF Resolution No. 36, of March 10, 2021: regulates the implementation of policies, processes, and internal controls to prevent money laundering, the financing of terrorism, and the proliferation of weapons of mass destruction.
Therefore, both regulations are fundamental pillars for the elaboration of the Anti-Money Laundering Program for fintechs.
It is worth noting that COAF linked politically exposed persons, also referred to in the market as ‘PEPs’, to prevention controls. This is because the context of political power is linked to the practice and execution of illegal money laundering acts, which must therefore be monitored.
Regarding financial and payment institutions, the Central Bank of Brazil issued Circular No. 3,978, of January 23, 2020, which establishes the guidelines, procedures, and internal controls that the institutions under its supervision must implement to prevent money laundering.
In summary, it determined that supervised entities must establish an Anti-Money Laundering Policy, which discusses the institution’s guidelines regarding the procedures to be followed for the evaluation of products and new services, recruitment and hiring of new employees and suppliers, customer identification, transaction recording, monitoring of suspicious transactions, among others.
The Central Bank of Brazil also defined the compliance and corporate governance structure to be implemented by supervised institutions, with the purpose of making the guidelines defined in the AML Policy effective. Therefore, it was established that supervised institutions also need to have a manual for the following topics: internal risk assessment, customer identification, monitoring of suspicious operations, and identification of employees and service providers.
In addition, Circular No. 3,978/20 presents several guidelines that direct supervised entities on the internal controls they must implement, in compliance with a regulatory requirement.
What are the penalties for non-compliance with AML obligations?
To ensure compliance with obligations, Law No. 9,613/98 establishes penalties applicable to individuals subject to such obligations by regulatory authorities, such as the Central Bank and the Securities and Exchange Commission, in addition to COAF.
It is important to note that sanctions can also reach the entity’s managers under the aforementioned law, in addition to the possibility of penalties for the institution itself as a subject entity. The penalties established in Law No. 9,613/98 range from warnings, pecuniary fines, temporary disqualification, and license revocation for operation or functioning, as detailed below:
Warning: if there is non-compliance with customer registration obligations and the registration of transactions carried out in national currency.
Pecuniary fine: The value of the operation can range from 1% to double, or up to 200% of the profit obtained or expected to be obtained from the execution of the operation, or a penalty of up to R$200,000. This penalty applies in cases of warning, as well as if the institution does not correct the detected irregularity after the warning, fails to report suspicious transactions, and fails to comply with requests made by COAF.
Temporary disqualification: This is the prohibition, for a period of 10 years, for individuals to act as managers of legal entities subject to the law, which only applies in situations of severe or repeated infractions.
Revocation of operating license: applicable in situations of repeated infractions related to non-compliance with requests made by COAF.
Despite these being the penalties established by Law No. 9,613/98, considering that such sanctions must be applied by the regulatory body responsible for supervising and inspecting the subject entities, the Central Bank of Brazil published BCB Resolution No. 131/2021, which establishes the guidelines for the administrative sanctioning process and the application of penalties to the institutions it supervises.
The text establishes what can be considered a serious violation of the obligations provided for by law. Among these infractions are situations that distort the purpose of the instruments and operations used in the activities supervised by the Central Bank; harm the image of the institution or the sector in which it operates; cause indiscipline in the financial market or affect the stability and proper functioning of the National Financial System, Consortiums, or the Brazilian Payments System; seriously compromise the continuity of operations or activities in these systems; and encourage irregular behavior within the segment of activity.
In this case, the BCB establishes a limit for the amount of the fine for companies at: 25% of the share capital, calculated in the last balance sheet available at the Central Bank of Brazil; 50% of the minimum required capital, when applicable; or 25% of the Net Equity (PL), calculated in the last balance sheet.
For individuals, the amount of the penalty is limited to R$5 million.
What are the necessary steps to implement an AML – Anti-Money Laundering Program for Fintechs?
Therefore, to ensure compliance with anti-money laundering obligations by institutions operating in the financial or payment sector, the implementation of an AML program is essential, with the purpose of defining internal guidelines and procedures.
For the execution of the Anti-Money Laundering Program, it is necessary to elaborate the fundamental documents required by BCB Circular No. 3,978/20, starting with the AML policy, which must have, at least, guidelines related to: identification and qualification of customers; identification and certification of employees, suppliers, and partners; internal risk analysis, focusing on money laundering, which mainly involves the development of new products and customer relationship processes; monitoring of operations that may indicate money laundering, with the aim of notifying COAF and complying with Law No. 9,613/98 and the Council’s guidelines; and relationship with politically exposed persons.
The manuals provided for and required in BCB Circular No. 3,978/20 must also be developed and applied internally, as described:
Internal Risk Assessment Manual: establish procedures for the institution’s assessment of money laundering risks in relation to its operations, products and services, contracts, among others.
Customer Identification Manual: also called “Know Your Customer” or “Know Your Client,” the manual sets out the procedures that the supervised institution must follow to identify the customer, collecting, at a minimum, data such as full name and CPF for natural persons and company name and CNPJ for legal entities.
Suspicious Transaction Monitoring Manual: deals with the actions implemented by the supervised institution to qualify the customer, collecting data such as residential address and monthly income of natural persons and the location of the headquarters and average revenue of the last 12 months for legal entities. Along with qualification, it is necessary to define the criteria that will allow the supervised institution to assess whether a financial transaction carried out by its customer may or may not be seen as suspicious and, therefore, should be reported to the Council.
Employee and Service Provider Identification Manual: also known as “Know Your Employee” or “Know Your Partner and Supplier,” the manual establishes the procedures that the supervised institution must follow to identify its employees and suppliers, in addition to implementing access control to information and risk assessment, taking into account the sensitivity and operations to which this individual is subject to perform their tasks or services.
To ensure the effectiveness of the implementation, in addition to preparing the minimum required documents, the organization needs to promote an internal culture of anti-money laundering. This includes conducting training and raising awareness of the procedures to be followed, according to the prepared manuals, as well as keeping such documents accessible for consultation by the employees involved.
As a fundamental process, the institution needs to implement internal controls that guarantee adherence to anti-money laundering regulations. This includes monitoring the publication of new laws or regulations from the Central Bank of Brazil, as well as the effectiveness in the execution of the defined and established procedures.
Why is the AML/CFT – Anti-Money Laundering Program for Fintechs important?
Based on the above, it is concluded that fintechs need to consider this topic with extreme importance and relevance, as their operation is highly susceptible to the possibility of illegal acts occurring, and they can be used by criminals for the practice of money laundering crimes.
Therefore, the Central Bank maintains close monitoring of supervised institutions in relation to this matter, conducting regular inspections and being able to initiate administrative sanctioning processes against institutions that are not complying with the rules as they should.
It is important to note that punitive administrative processes apply not only to companies but also to their administrators.
If you would like to know more about how to develop the documents that we suggested in the body of this article for your company, implement such processes, and raise employee awareness through training, the Silva Lopes Advogados team can help you!
For further information regarding our services, get in touch:
