Anti-Money Laundering and Counter-Terrorism Financing (AML/CFT) Policy
MSPX Brazil
CHAPTER I
PRELIMINARY PROVISIONS
Article 1. Object and Legal Basis
This Internal Regulation establishes the guidelines, procedures, and controls to be observed by MSPX Brasil (Company), its administrators, and members, with the objective of preventing the use of its services and structure for the practice of crimes of money laundering or concealment of assets, rights, and values, and the financing of terrorism (AML/CFT). This policy is based on and elaborated in strict accordance with Law No. 9,613, of March 3, 1998, Circular No. 3,978, of January 23, 2020, of the Central Bank of Brazil (BCB), and the recommendations of the Financial Action Task Force (FATF).
Article 2. Scope and Coverage
This policy is mandatory and applies to all administrators, directors, employees, interns, and service providers (“Members”), as well as business partners and correspondents, acting on behalf of or for the benefit of MSPX Brazil, in all operations, products, and services offered.
Article 3. Definitions
For the purposes of the ANTI-MONEY LAUNDERING AND COUNTER-TERRORIST FINANCING POLICY (AML/CFT), the following definitions apply:
I. AML/CFT: Anti-Money Laundering and Counter-Terrorist Financing.
II. Client: Any individual or legal entity with which the Company maintains a business relationship, even occasionally.
III. Beneficial Owner: The natural person who, ultimately, directly or indirectly, owns, controls, or significantly influences a legal entity.
IV. Politically Exposed Person (PEP): A natural person who holds or has held, in the last 5 (five) years, relevant public positions, jobs or functions, in Brazil or abroad, as well as their representatives, family members and close associates.
V. COAF: Council for the Control of Financial Activities, Brazil's financial intelligence unit.
VI. Risk-Based Approach (RBA): Methodology that consists of identifying, assessing and understanding the specific AML/CFT risks of the Company's operations, in order to apply proportionate and effective preventive measures.
CHAPTER II
ON THE RISK-BASED APPROACH AND "KNOW YOUR CUSTOMER" (KYC) PROCEDURES
Article 4 - KYC Principle
MSPX Brasil will not initiate or maintain any business relationship without the complete and satisfactory identification and qualification of its clients, partners and beneficial owners, and is prohibited from maintaining relationships with structures that aim to conceal the identity of the beneficial owner.
Article 5 Due Diligence Procedures
Know Your Customer (KYC) procedures will be applied based on the ABR and will include, at a minimum:
I. Identification and Qualification: Collection, verification, and validation of information and documents, including, but not limited to: a) Individual: Photo identification document, CPF (Brazilian taxpayer ID), proof of residence, income and asset declaration. b) Legal Entity: CNPJ (Brazilian company tax ID), articles of incorporation (contract/bylaws), financial statements, and complete identification of administrators and attorneys-in-fact.
II. Identification of the Ultimate Beneficial Owner: Due diligence to identify the natural person who holds control or significant influence over the corporate client, this being a condition that prevents the commencement of the relationship if identification is not possible.
III. Politically Exposed Persons (PEPs): Application of enhanced due diligence procedures for clients identified as PEPs, which includes obtaining approval from a higher hierarchical level to initiate the relationship and continuous and intensified monitoring of their transactions.
CHAPTER III
MONITORING, ANALYSIS AND COMMUNICATION OF TRANSACTIONS
Article 6 Continuous Monitoring
The Company will maintain systems and processes for the continuous monitoring of operations and transactions carried out by its clients, in order to detect operations that show signs of atypicality. Special attention will be given to, among others: I. Operations whose values are incompatible with the economic activity, risk profile or declared economic and financial capacity of the client. II. Fractional operations, with the apparent purpose of circumventing control or communication limits. III. Operations involving individuals or entities located in high-risk jurisdictions, with strategic AML/CFT deficiencies, or considered "tax havens." IV. Operations that, after analysis, do not present an apparent economic or legal basis.
Article 7. Internal Risk Assessment
The Company will conduct, at least annually, an Internal Risk Assessment (IRA) with the objective of identifying and measuring the risk of its products and services being used in money laundering and terrorist financing.
§ 1. The Internal Risk Assessment will be mandatorily reviewed and updated whenever significant changes occur that may impact risk profiles, such as the introduction of new products and services, operations in new geographic areas, or relevant changes in the business model.
§ 2. For risk identification, the assessment will consider, at a minimum, the following profiles:
I. Customer Risk Profile, analyzing the characteristics of the individuals and legal entities with which the Company maintains business relationships;
II. Institutional Risk Profile, considering the business model, geographic areas of operation, governance structure, and distribution channels;
III. Risk Profile of Operations, Transactions, Products, and Services, encompassing all channels used, including the use of new technologies; and
IV. Risk Profile of Activities performed by Members, Partners, and Outsourced Service Providers.
Article 8. Communication to COAF
Any operation or proposed operation that, after analysis, shows evidence of the occurrence of money laundering or terrorist financing crimes, shall be communicated to COAF, through the SISCOAF system, within a maximum period of 24 (twenty-four) hours from the reporting decision.
§ 1. The communication shall be carried out with absolute confidentiality. In strict observance of the legal duty of secrecy, the Company and its Members shall refrain from disclosing such act to any person, including the person to whom the information refers, as expressly commanded by Article 11, item II, of Law No. 9.613/98.
§ 2. The decision to communicate or not a transaction to COAF shall be duly justified.
CHAPTER IV
GOVERNANCE AND RESPONSIBILITIES
Article 9 Responsible Director
Senior management will designate a statutory director responsible for compliance with this policy and AML/CFT regulations, whose responsibilities will include, among other duties, implementing procedures, approving policies, and liaising with supervisory bodies.
Article 10 Training and Capacity Building
MSPX Brazil will promote periodic and mandatory training programs for all Members, with the aim of disseminating the AML/CFT culture and enabling them to identify and address risk situations, with special attention to new types of financial crimes.
CHAPTER V
REGISTRATION AND CONSERVATION OF DATA
Article 11 Conservation of Documents and Records
In strict accordance with Article 67 of BCB Circular No. 3,978, of January 23, 2020, the Company shall keep all documents, information and records available to the Central Bank of Brazil, preserving them for a minimum period of 10 (ten) years, observing the following milestones for the start of the counting of the term:
I. Customer Information (KYC): For information and documents collected in the "Know Your Customer" procedures, the term will be counted from the first day of the year following the termination of the relationship with the customer.
II. Information on Employees, Partners and Outsourced Companies: For information and documents collected in the "Know Your Employees, Partners and Outsourced Companies" procedures, the term will be counted from the date of termination of the respective contractual relationship.
III. Operations Records, Analyses, and Communications: For information and records relating to the monitoring, selection, analysis of suspicious transactions, and communications to COAF, the deadline will be counted from the first day of the year following the year in which the transaction took place.
IV. Effectiveness Assessment Dossier: Each version of the dossier containing the effectiveness assessment of the AML/CFT policy will be kept for a minimum period of 10 (ten) years, counted from the first day of the year following the date of its formal approval by the board of directors.
CHAPTER VI
FINAL PROVISIONS
Article 12 On Compliance with Sanctions and Asset Freezing
The Company undertakes to comply with and give effect, immediately, in accordance with Article 6 of Law No. 13.810/19, to all resolutions of the United Nations Security Council (UNSC) that determine the unavailability of assets of persons and entities sanctioned for involvement with terrorism, its financing, or the proliferation of weapons of mass destruction.
§ 1. For the purposes of this article, the Company will continuously monitor the lists of sanctioned persons and entities, as published by the UNSC and consolidated by the competent Brazilian authorities. Therefore, it will continuously monitor existing business relationships and transactions.
Article 13 Review and Update
This policy will be reviewed at least annually, or whenever there are legislative, regulatory changes or changes in the Company's risk assessments, ensuring its continued effectiveness and timeliness.