Financial Intelligence Unit Regulates Obligations of Virtual Asset Service Providers as Reporting Entities

Following the entry into force of Law 27739, which includes Virtual Asset Service Providers (VASP) in the list of reporting entities, on March 25, 2023, the Financial Intelligence Unit (UIF) issued Resolution 49/2024, establishing obligations that VASP must comply with to manage and mitigate the risks of money laundering, financing of terrorism, and financing of mass destruction weapons proliferation (ML/TF/PF), in accordance with the standards, good practices, guides, and international guidelines currently in force, and pursuant to the Recommendations issued by the Financial Action Task Force.

The Resolution defines “VASP” as those individuals or legal entities that carry out as business one or more of the following activities or transactions for or on behalf of another individual or legal entity:

• Exchange between virtual assets and legal tender currencies (fiat currencies).
• Exchange between one or more types of virtual assets.
• Transfer of virtual assets.
• Custody and/or administration of virtual assets or instruments that allow control over them.
• Participation and provision of financial services related to the offering of an issuer and/or the sale of a virtual asset.

Here, "virtual assets" are understood as the digital representation of value that can be traded and/or transferred digitally and used for paying or investing.

Therefore, within the framework of the Resolution, VASP must implement a ML/FT/FP Prevention System, with a risk-based approach, including all policies, procedures, and controls to identify, evaluate, monitor, manage, and mitigate the ML/FT/FP risks to which they are exposed, among them:

1. Registering before the UIF as reporting entities.
2. Drafting an ML/FT/FT/FP Prevision Manual, which must be reviewed every year.
3. Appointing regular and alternative compliance officers, in accordance with Law 25246.
4. Establishing a Code of Conduct.
5. Preparing a Risk Self-Assessment Technical Report contemplating, at least, the following risk factors: client, offered services, distribution channels and geographic locations, information provided by the UIF or other authorities about ML/TF risks, and all situations that may affect the ML/TF risk. The Technical Report must be self-sufficient. It must be updated every year and filed before the UIF and the CNV before April 30.
6. Carrying out an annual independent external review. The report issued after this review must be submitted before the UIF within 120 days as from the deadline to submit the Technical Report.
7. Complying with the provisions in force of the UIF Resolution regarding PEPs on the matter.
8. Submitting an Annual Systematic Report including general information (name, address, and activity), accounting and corporate information, types and number of clients, among others.
9. Segmenting clients according to the risk assigned to each one and applying due diligence measures accordingly.
10. Carrying out ongoing due diligence on all clients and updating their identification files according to the risk level assigned to them.
11. Detailing the information that, as a minimum, the Register of Unusual Operations and the Suspicious Transaction Reports must include.
12. Using red flags alert signals to determine whether a Suspicious Transaction Report should be filed, for example when sequential transactions or simultaneous transfers of Virtual Assets are carried out without economic grounds, when the transaction involves Virtual Assets that seek to prevent their traceability or to obtain greater anonymity, among others.

The Resolution is in force as from March 26, 2024. However, certain obligations will be required before specific dates:

1. The first Risk Self-Assessment Technical Report and the assessment method used must be submitted by April 30, 2025.
2. The first independent external auditor's report must be submitted by August 31, 2025.
3. The first Annual Systematic Report must be submitted between January 2 and March 15, 2025.