On 5 November, the Insurance and Pension Funds Supervisory Authority approved Regulatory Standard no. 10/2024-R, which adapts the legal obligations regarding the prevention of money laundering and terrorist financing to the specificities of the supervised sectors, regulating Law no. 83/2017. Among the new features are requirements for risk management policies and procedures, periodic assessment of the effectiveness of the measures implemented, designation of those responsible for regulatory compliance and new rules for identifying clients and beneficial owners. The Standard also introduces a new duty to report annually to the ASF and repeals the old Regulatory Standard no. 10/2005-R, coming into force in 30 days, with transitional arrangements for some provisions.
On 5 November last, the Portuguese Insurance and Pension Funds Supervisory Authority (ASF) approved Regulatory Standard 10/2024-R on the prevention of money laundering and terrorist financing (AMLTF).
The legislation now approved seeks to adapt the obligations provided for within the current national and European legislative framework to the specifics of the sectors supervised by the ASF, thus regulating Law no. 83/2017 of 18 August (Law 83/2017).
The following obligations stand out from the specifications introduced by the Regulatory Standard:
- Obliged entities subject to the supervision of the ASF should draw up policies, procedures and controls appropriate to the effective management of money laundering and terrorist financing risks (MLTF) in compliance with legal standards (cf. Articles 5 and 6). For this purpose, entities should consider the risk factors identified in Annex I for situations that may raise a low risk of MLTF, and in Annex II for situations that may contribute to an increase in risk;
- The obligation to carry out periodic evaluations of the effectiveness of AMLTF policies and procedures is also laid down in the Regulatory Standard, which may waive certification and the opinion of a statutory auditor on the content of such evaluations when they have been carried out by an external auditor (cf. Article 7(4)). In the context of carrying out efficacy assessments, it should also be noted that the frequency with which they are to be carried out differs according to the type of entity concerned (cf. Article 7(2) and (3);
- The Regulatory Standard establishes the obligation to appoint a member of the management body to be responsible for the implementation of the legal and regulatory rules on AMLTF. This obligation is applicable to pension fund management companies, insurance companies based in Portugal engaged in business activities under the Life branch, branches of insurance companies based in another EU Member State engaged in business activity on Portuguese territory under the Life branch, and branches of insurance companies from a third country engaged in business activity on Portuguese territory under the Life branch (cf. Article 8);
- At the same time, a compliance officer is required to be appointed, and this obligation must be fulfilled not only by the entities listed in the previous point, but also by insurance intermediaries and branches of insurance intermediaries that meet certain criteria relating to their size (cf. Article 9). In this respect, entities should pay particular attention to the requirements set out in the Regulatory Standard on the professional qualifications and accumulation of functions of the person designated as compliance officer;
- Specifics are also introduced into the fulfilment of the duties of identification and diligence provided for in Law 83/2017. It is specifically established that checking the identity of the client and its representatives can only be completed after the start of the business relationship when (i) the requirements set out in Article 26(3) of Law 83/2017 are met, (ii) data obtained, as a minimum, on the client's full name or name and civil and tax identification numbers, proved through official documents suitable for this purpose, and (iii) entities expressly warn the client or its representatives that this conclusion of the identification and due diligence procedures is subsequently subject to the provision of documents or the provision of information, which may not exceed 14 (fourteen) days after receipt of the proposal from the policyholder or the potential taxpayer, failing which the operation will be refused (Article 16);
- As for the identification of the beneficial owner by a simple statement issued by the customer, the Regulatory Standard clarifies that this cannot occur in situations where the beneficiary of an insurance or life insurance operation, or the beneficiary of a pension fund in the event of the death of a shareholder, are (i) legal persons that are not credit institutions, or (ii) natural persons who do not have family legal relationships up to the second degree in the direct or collateral line with the policyholder, subscriber or shareholder (Article 17);
- Entities are also required to inform the ASF of suspicious practices reported to the authorities which, by their nature or size, may affect their solvency or reputation (cf. Article 22);
- A new annual reporting obligation is established to the ASF whereby entities should report systematically information about the policies, tools and procedures implemented (cf. Article 29). Reporting shall follow the report template included in Annex III to the Regulatory Standard and shall be submitted by 15 April, with reference to the previous year, through the ASF Portal available via the link www.asf.com.pt. The information relating to 2024 shall be provided by 30 June 2025 (cf. Article 34(2)).
The Regulatory Standard approved herein revoked the old Regulatory Standard 10/2005-R of 19 July, as well as Circular no. 11/2005 of 29 April (cf. article 35).
This Standard will come into force within 30 (thirty) days and certain provisions will benefit from a transitional regime (cf. Article 36). In particular, we note that the function of regulatory compliance can be adapted within 1 (one) year (cf. Article 34(1)).
