background legal
background legal

Compliance Control Rules in the Fight against Money Laundering (AML) and the Financing of Terrorism.

Last update: December 20, 2023

Article 1. Definitions.

1.1 What is compliance control in the fight against money laundering and terrorist financing?

Compliance control, in the context of the fight against money laundering and terrorist financing, refers to a set of measures and procedures that financial institutions and other entities must implement to ensure they are complying with regulations and laws designed to prevent and detect illicit activities, such as money laundering and terrorist financing.

Money laundering involves the process of converting gains from criminal activities into seemingly legitimate funds, while terrorist financing involves providing funds or resources to carry out terrorist activities. Both are serious crimes and can have significant consequences for national security and financial stability.

Compliance control includes the implementation of policies and procedures that help financial institutions and other entities identify, assess, and mitigate risks associated with money laundering and terrorist financing.

1.2 What is money laundering?

Money laundering, also known as 'capital laundering' or 'asset laundering,' is a process through which gains obtained through illegal activities are made to appear as legitimate funds. The purpose of money laundering is to conceal the illicit origin of funds, making them appear to come from legal activities, which makes it more difficult to trace their source and, therefore, hinders their detection by financial and legal authorities.

Internationally, it is considered a serious crime that undermines the integrity of the financial system and can have ramifications beyond a country's borders. International organizations, such as the Financial Action Task Force (FATF), have established standards and guidelines to combat money laundering globally, urging countries to implement robust compliance control measures to prevent and detect this crime.

In Mexico, money laundering is regulated by the Federal Law for the Prevention and Identification of Operations with Resources of Illicit Origin. According to Mexican legislation, money laundering involves carrying out acts with the knowledge that the resources come from illegal activities and is punished with severe sanctions, including imprisonment and significant fines. Financial institutions and other economic sectors are obligated to comply with regulations and undergo proper customer due diligence processes, as well as report any suspicious transactions to relevant authorities, such as the Financial Intelligence Unit (UIF) in Mexico. These measures aim to prevent the misuse of the Mexican financial system for illegal activities and contribute to the fight against organized crime and corruption.

This involves:

1.2.1 The conversion or transfer of property derived from criminal activities, or property obtained in place of such property, knowing that such property comes from criminal activities or an act of participation in such activities, with the purpose of hiding or disguising the illicit origin of the property or helping any person involved in the commission of such activity to evade the legal consequences of their actions.

1.2.2 The acquisition, possession, or use of property derived from criminal activities, or property obtained in place of such property, knowing, at the time of receipt, that such property comes from criminal activities or an act of participation in them.

1.2.3 The concealment or disguise of the true nature, origin, location, disposition, movement, rights with respect to property, or ownership derived from criminal activities or property obtained in place of such property, knowing that such property comes from criminal activities or an act of participation in such activities.

1.3 What is terrorist financing?

Terrorist financing refers to the provision of financial or material resources with the purpose of planning, carrying out, or supporting acts that are considered acts of terrorism, or to finance the operations and activities of terrorist organizations. This financing can be done in various ways, including the donation of money, the purchase of weapons or supplies, the transfer of funds through financial systems, fundraising through illicit activities, among others.

1.4 What is a high-risk country?

A country specified in the list of high-risk jurisdictions for the purposes of combating money laundering and terrorist financing of the European Union.

1.5 What is the LFPIORPI?

FEDERAL LAW FOR THE PREVENTION AND IDENTIFICATION OF OPERATIONS WITH RESOURCES OF ILLEGAL ORIGIN, The purpose of this Law is to protect the financial system and the national economy by establishing measures and procedures to prevent and detect acts or operations involving resources of illicit origin, through interinstitutional coordination, with the aim of gathering useful elements to investigate and prosecute crimes of operations with resources of illicit origin, those related to these, the financial structures of criminal organizations and prevent the use of resources for their financing.

1.6 What is the company?

BUSINESS SHOP A&A, a company constituted and existing under Mexican laws with registration number A202210061743060894 and registered office at Calle Pargo 500, Costa de Oro, Boca del Rio, between Ave Mantarraya and La Blanquilla streets, Veracruz, C.P 94299

Postal address: Veracruz, 94299, Mexico.

1.7 Who is a customer?

A person or legal entity that uses or has used the services offered by the company.

1.8 What is transaction monitoring?

Each individual investigation conducted by a company on a customer, including the customer knowledge process (KYC) and other measures.

1.9 Who is the ultimate beneficial owner of a legal entity (UBO)?

The ultimate beneficial owner refers to the natural person(s) who ultimately owns or controls a customer and/or the natural person on whose behalf a transaction is conducted. It also includes those persons who exercise ultimate effective control over a legal entity or agreement. The reference to 'ultimately own or control' and 'ultimate effective control' refers to situations where ownership or control is exercised through a chain of ownership or through control other than direct control. This definition should also apply to the beneficial owner or beneficiary under an investment-linked or other type of insurance policy. A UBO is a private individual who owns or controls more than 25% of a legal entity.

1.10 What is the CNBV?

National Banking and Securities Commission of Mexico, is a decentralized body of the Ministry of Finance and Public Credit (SHCP), with powers in the authorization, regulation, supervision, and sanction of the various sectors and entities that make up the financial system in Mexico, as well as over individuals and entities engaged in activities provided for in laws related to the financial system. The Commission is governed by the CNBV Law.

Article 2. Standard Procedure for Customer Identification and Verification.

2.1 The company has an automatic risk management system that helps identify suspicious transactions. The company has the right to identify customers who wish to use the company's services based on their identity (especially if the transaction appears to be suspicious).

2.2 If the customer is an individual, the company has the right to request that they provide:

2.2.1 full name.

2.2.2 personal identification number, date of birth, and place of residence.

2.2.3 if the customer actually represents another individual who is the actual client (under a notarial power of attorney, in the case of inheritance, or in any other way), information on the identification and verification of the right of representation and its scope, and, when the right of representation does not arise from the law, the name of the document that serves as the basis for the right of representation, the date of issuance, and the name of the issuer.

2.2.4 if the customer is a politically exposed person (PEP), a family member of a PEP, or a person known to be a close associate of a PEP.

2.3 The company may request the following valid documents as a basis for identification:

2.3.1 an identity card.

2.3.2 a passport.

2.3.3 a diplomatic passport.

2.3.4 a driver's license if the document shows the name, photo or facial image, signature or image of signature, and date of birth or personal identification number of the holder.

2.4 If the customer is a legal entity, the company has the right to request that they provide:

2.4.1 legal name.

2.4.2 date of incorporation.

2.4.3 place of incorporation and registered address.

2.4.4 description of the nature of the client's business.

2.4.5 documents necessary to demonstrate the legal registration of the company.

2.5 The documents mentioned in section 2.10 can serve as a basis for the identification of the legal entity.

2.6 When identifying an individual, the company may verify the validity of the identity document, ensure that the person matches the information on the document, and verify the person's age. If there is any doubt about the person's identity, the company may request additional information about the person or request additional actions (such as taking a selfie or capturing the wallet screen, or conducting a test transaction). If a document is submitted that does not match the person or is invalid, the company must reject the customer's transaction. If the customer refuses to provide the documents requested by the company, the company has the right to reject the customer's transaction.

2.7 The company has the right to identify ultimate beneficial owners (UBOs) and, for the purpose of verifying their identities, take measures as far as it can to ensure that it knows who the ultimate beneficial owners are and understands the ownership and control structure of the client, or the person participating in the transaction.

2.8 The company verifies the correctness of the information of a legal entity using information from a credible and independent source for that purpose. When the company can verify the information through direct access in this way, the submission of the documents specified in section 2.10 by the customer will not be required.

2.9 If the customer is a legal entity (for example, a company), the company has the right to request that, in addition to the information in sections 2.4 and 2.8, they provide an extract from the Commercial Register (or the Business Register or another similar register, depending on the country of origin) of the legal entity, authenticated by a notary public and/or legalized and/or certified with an apostille, unless otherwise provided in an international agreement, and showing the rights of representation of that legal entity.

2.10 A representative of a legal person must, at the request of the company, for example, when the right of representation does not appear in the documents presented, submit a document certifying their powers (a notarial power of attorney) that has been authenticated by a notary public and/or legalized and/or certified with an apostille, unless otherwise provided in an international agreement.

2.11 The company may request additional information about the customer in case of any suspicion about the customer's identity information or customer behavior. The additional information requested must be relevant to the risks posed, and when obtained, can demonstrate that the risks are explainable.

2.12 The company may also collect information about the customer's email address, phone number, and date of birth and add it to the customer knowledge file (KYC).

2.13 The company may verify the customer through internal and external databases of fingerprints from devices, address, name, email, identification code, and all other available data to detect duplicate records or multiple customer accounts.

2.14 The company may verify the customer through appropriate sanctions lists, including, among others:

  • - OFAC SDN (Office of Foreign Assets Control Specially Designated Nationals List of the U.S. Department of the Treasury)
  • - United Nations Security Council Sanctions List
  • - World Bank List of Ineligible Firms and Individuals
  • - European Union Financial Sanctions List
  • - United Kingdom Financial Sanctions List
  • - Consolidated List of Sanctions of the Australian DFAT
  • - U.S. Bureau of Industry and Security List
  • - Swiss SECO Financial Sanctions List
  • - U.S. Department of State Non-Proliferation Sanctions List
  • - Interpol's Wanted Persons List

These measures are taken to ensure regulatory compliance and identify potential risks associated with customers.

Article 3. Enhanced Due Diligence (EDD) Procedure

3.1 The company may conduct enhanced due diligence (EDD) if there is an increased risk of money laundering or terrorist financing, such as in the following cases:

3.1.1 There are doubts about the truthfulness of the data presented, the authenticity of the documents, or the identification of the ultimate beneficial owner.

3.1.2 The customer is a politically exposed person (except for a locally politically exposed person, their family members, or close associates).

3.1.3 The customer is from a high-risk country or their place of residence, domicile, or the domicile of the beneficiary's payment service provider is in a high-risk country.

3.1.4 The customer is from a risky country or territory considered a low-tax territory.

3.2 Other factors indicating increased risk related to the customer include:

3.2.1 When there are unusual factors in the customer onboarding, or when there are patterns of unusual transactions without a clear economic or legal purpose.

3.2.2 The customer is a legal entity or a legal arrangement engaged in holding personal assets.

3.2.3 The customer is a company that has nominative shareholders or bearer shares, or a company whose affiliate has nominative shareholders or bearer shares.

3.2.4 The ownership structure of the client company appears unusual or excessively complex given the nature of the company's business.

3.3 Other factors relating to increased risk related to the product, service, transaction, or delivery channel include:

3.3.1 Products/services that favor anonymity.

3.3.2 Payments received from unknown or unrelated third parties.

3.4 The company can identify the risks in each particular case and take all appropriate measures to mitigate those risks. Depending on the case, the company may apply one or more of the following due diligence measures:

3.4.1 Verification of additional information presented during the identification of the person based on documents, data, or additional information from a credible and independent source.

3.4.2 Collection of additional information about the purpose and nature of the business relationship, transaction, or operation and verification of the information presented based on documents, data, or information from a reliable and independent source.

3.4.3 Collection of additional information and documents about the actual execution of transactions conducted in the business relationship to rule out the extendibility of transactions.

Article 4. Data Collection and Record Keeping.

4.1 The company has the right to maintain all records about our customers and the behavior of our customers in such a way that they can be presented at any time to inspectors verifying the recorded transactions.

4.2 The company is responsible for maintaining all relevant data.

4.3 The personal data of a customer, the transactions of a customer, and other relevant information may be stored for a period of not less than 7 years after the termination of the business relationship.

4.4 If a customer does not provide all necessary documents and relevant information, or if, based on the documents provided, the company suspects that money laundering or terrorist financing may be involved, the company has the right not to carry out a transaction with that customer and must record as many details of the customer as possible, which will later assist in identifying the customer.

Article 5. Risk-Based Approach.

5.1 When analyzing the customer and their behavior, the company may undertake investigative efforts that are proportionate to the risk and complexity of the case and collect evidence using observations gathered in the case.

5.2 If the company identifies additional risks, it should conduct additional investigations to understand these risks in the context of the case.

5.3 Additional evidence will be needed to support the review and understanding if additional risks are identified.

5.4 The following questions can help determine if a transaction is suspicious or if there is a risk of money laundering or terrorist financing:

5.4.1 Is it inconsistent with the client's known activities?

5.4.2 Is the transaction size inconsistent with the client's normal activities, as determined in the initial identification stage?

5.4.3 Are there other transactions linked to the transaction in question of which our company is aware and that could be designed to disguise money and divert it to other forms of destinations or beneficiaries?

Article 6. Customer Interaction.

6.1 The company may contact the customer at any time to clarify the provided information or request additional information necessary for customer identification or to address case risks.

6.2 The company may refuse to provide a service to customers without requesting additional information from the customer.

Article 7. Transaction Monitoring.

7.1 A transaction monitoring case can be initiated based on a customer behavior trigger or manually by the company. The company has the right to investigate each initiated case.

7.2 The company must determine what the case risks are. Each risk must be addressed and documented.

7.3 The company has the right to conduct a pre-investigation and check whether the customer was reviewed previously and what the previous concerns were.

7.4 The company has the right to conduct a customer investigation to determine the customer's profile and identify the source and origin of funds used in a transaction.

7.5 The company may conduct an investigation of customer activity and determine if it aligns with the customer profile or if the behavior seems suspicious. Activity investigation may include all observations about customer behavior and any alert signals in the activity.

7.6The company has the right to conduct an investigation of all involved parties if applicable in the case.

7.7 The case review may vary based on the evidence needed to be collected about the customer and their activity. The company should use a risk-based approach to address the risks proportionally.

7.8 The company must document all findings about the customer and customer behavior that support the company's decision on closure.

Article 8. Understanding the Customer and their Activity (KYC/AML).

8.1.1 The customer's age.

8.1.2 The customer's location.

8.1.3 The customer's transaction history.

8.1.4 The type of transactions.

8.1.5 Any negative information associated with the customer.

8.1.6 Any factor that makes the customer considered high risk.

8.1.7 Other information that helps understand the customer, customer activity, and their counterparts-

Article 9. Decision-Making.

9.1 After each case review, the company will make a final decision on whether to reject providing a service to the customer or close the case, based on the evidence collected for the case, and provide a conclusion supporting the decision made.

9.2 When making a final decision, the company has the right to:

9.2.1 Conclude the investigation on the customer, customer behavior, and customer counterparts.

9.2.2 Understand the collected evidence and look for indications of unusual activities.

9.2.3 Consider each piece of evidence separately and consider all evidence at the same time.

9.2.4 If two pieces of evidence contradict each other, examine them together.

9.2.5 Identify which pieces of evidence have a greater impact on the analysis.

9.2.6 Identify each piece of evidence that has an impact on its analysis.

9.2.7 Determine which theory is more supported by the evidence.

Article 10. Suspicious and Unusual Transaction Reporting Procedure.

10.1 If the company suspects it may be dealing with a suspicious or unusual transaction, the company can prepare reports with the reason for the case and may include customer identification information.

10.2 The company is not obligated to notify the customer if they are considered suspicious.

10.3 The company may consider each report to determine if it gives rise to suspicion. When such suspicion is determined, a suspicious transaction report may be sent to the Financial Intelligence Unit.

10.4 In case of suspicion of terrorism financing, the company may identify the customer as high risk if the risks associated with a customer cannot be reasonably mitigated or explained.

10.5 Risks of terrorism financing include, but are not limited to:

10.5.1 The individual was born in a high-risk country.

10.5.2 The individual is a citizen of a high-risk country.

10.5.3 The individual has a residence in a risk country or the legal entity is incorporated in a high-risk country.

10.5.4 The natural person is associated with a legal entity or other entity registered in a high-risk country.

Article 11. Violation of the Duty to Record Information and Maintain Records.

Any violation of the duty to record information and maintain records as prescribed by the Federal Law for the Prevention and Identification of Operations with Illicitly Derived Resources, and not limited to the Commercial Code, the Federal Civil Code, the Federal Administrative Procedure Law, the Federal Law on Transparency and Access to Government Public Information, the Federal Law on the Protection of Personal Data Held by Individuals, and other applicable laws.

Article 12. Requests from the Financial Intelligence Unit.

Upon request from a supervisory officer of the Financial Intelligence Unit, the company will provide all necessary documents and information to the inspectors, and customers agree to this.

Persons Responsible for Ensuring Anti-Money Laundering (AML) Compliance:

AML Compliance Officer at BUSINESS SHOP A&A-


Document signed by:

signed

71F48F3237EA4D5

Ivan Eduardo López Martínez

AML Compliance Officer

BUSINESS SHOP A&A

Registration Number A202210061743060894

Calle Pargo 500, Costa de Oro, Boca del Río, between Ave Mantarraya and La Blanquilla Street, Veracruz, C.P 94299.

Tel: +52 (299) 9203324

hola@businessshop.ai

https://www.businessshop.ai