Member Article

On 5 March, the CMVM published Regulation 2/2020 on the Prevention of Money Laundering and Terrorist Financing, to provide the regulations under Law 83/2017 of 18 August. The CMVM did this as the sector regulator responsible for supervising financial entities including investment companies, investment fund management companies, venturecapital companies, and securitisation companies.

The Regulation also applies to entities of a financial nature whose supervision is shared with Banco de Portugal, and to auditors, whether companies or individual practitioners. The official publication of the Regulation completes the process that began on 1 February 2019, the date on which the CMVM published the draft Regulation on the prevention of money laundering and terrorist financing. This Regulation now sets out the regulations under Law 83/2017, as done previously by Banco de Portugal in its Notice 2/2018, which was addressed to the entities subject to its supervision. The Regulation clarifies the scope of the rules applicable to the entities subject to CMVM regulations in accordance with the specific characteristics of their activity.

The financial institutions subject to supervision shared with Banco de Portugal can establish procedures and systems for common control among the different sectors of activity. They can also give shared duties to the same people, provided this does not have an adverse impact on effectiveness of its measures to combat money laundering and terrorist financing.

Indeed, the Regulation introduces a set of solutions in line with those already adopted by Banco de Portugal in its Notice 2/2018, in particular, for the procedures to identify customers 1 and beneficial owners, to assess situations with a risk of money laundering and terrorist financing, and to detect apparently related occasional transactions.

The Regulation gives obliged entities a broad margin of discretion as to the internal control mechanisms they use to comply with the duties imposed and procedures to be adopted for this purpose. Each entity’s mechanisms must take into account the specific risks they face in their operations and relationships with customers.

In particular, the Regulation provides that financial entities must include the items required in Law 83/2017 in their policies, procedures and controls. The emphasis here is on the procedures to be adopted to obtain information about the origin and destination of the funds transferred by customers when the risk profile of the customer or the characteristics of the operation with financial instruments warrant it.

The Regulation also provides that obliged entities must review their internal control systems at 12-monthly intervals. However, if justified on the basis, among others, of the nature, size and complexity of the activities carried on, an interval of up to 24 months can be defined.

To read the article in full, go here