This provision, published in the Official Gazette on 27th March 2025, supersedes previous regulations from 2021, which already indicates an update and, therefore, an "innovation" in the regulatory framework.

Summary of the Regulatory Framework 

The primary objective of these norms is to establish a comprehensive regulatory framework that obliges natural and legal persons participating in the Venezuelan securities market to adopt and implement continuous and permanent policies, mechanisms, instruments, measures, and procedures to identify, assess, prevent, and effectively manage risks associated with Money Laundering (ML), Terrorism Financing (TF), Financing of the Proliferation of Weapons of Mass Destruction (FPADM), and Other Illicit Acts, using a risk-based approach. The National Superintendency of Securities (SUNAVAL) is the entity responsible for controlling, monitoring, supervising, inspecting, and sanctioning obliged entities to prevent them from being used as instruments for these crimes.

The central system for achieving this is the Comprehensive Risk Management System (SIAR ML/TF/FPADM and Other Illicit Acts). This system must be formulated, adapted, implemented, and developed by each obliged entity, considering their organisational structure, investors, participants, businesses, suppliers, products or services, volume of operations, distribution channels, technologies used, markets, and regions where they operate. Key definitions provided in the documents include:

  • Terrorist Acts: These include attacks against life or physical integrity, kidnapping, mass destruction of infrastructure, seizure of means of transport, use of firearms or explosives, release of dangerous substances, and disruption of the supply of fundamental resources, provided they endanger human lives or cause significant economic harm.
  • Ultimate Beneficial Owner: The natural person on whose name or behalf a transaction is conducted, including those who exercise final control over a legal entity.
  • Due Diligence: A set of mechanisms to reasonably know the investor, participant, ultimate beneficial owner, suppliers, shareholders, directors, employees, issuers, and their representatives, paying special attention to those sensitive to ML/TF/FPADM crimes.
  • Terrorism Financing (TF): Providing, contributing, safeguarding, managing, collecting, or raising funds or assets, directly or indirectly, with the purpose of their being used by a terrorist or terrorist organisation to commit terrorist acts.
  • Money Laundering (ML): The process of hiding or giving the appearance of legality to capital, goods, and assets originating from illicit activities.
  • Politically Exposed Person (PEP): A natural person who is or was a high-level political figure, a person of trust or related, or their closest relatives, or their immediate circle of collaborators.
  • Unusual Operation: A transaction whose complexity, amount, number, periodicity, or characteristics deviate from the parameter of normality, or generate suspicion of being involved with ML/TF/FPADM.
  • Suspicion: An appreciation founded on conjectures or semblances of truth that leads to distrust or doubt about an operation or person, even if the law does not define exact criteria.

Are These Stricter Provisions? Yes, the regulations present stricter provisions and a much more rigorous approach than the previous regulation. This is evidenced in several key points:

  • Continuous Updating and Improvement: The preamble establishes the obligation to update prudential regulations to adapt them to new laws, conventions, agreements, provisions, technologies, trends, recommendations, standards, and international best practices. This implies constant review and tightening of measures.
  • Intensified Risk-Based Approach: The application of intensified due diligence measures is required for jurisdictions considered high-risk by the FATF (Financial Action Task Force). Furthermore, the application of simplified measures is expressly prohibited when there is any suspicion of ML/TF/FPADM risk.
  • Exhaustiveness in "Know Your Customer" Policies: The regulations detail very thoroughly the requirements for "Know Your Investor", "Know Your Participant", "Know Your Shareholder", "Know Your Supplier", and "Know Your Employee" policies. This includes detailed requirements for the identification and verification of natural persons, legal entities, cooperatives, and trusts, with the obligation to update client information at least once a year.
  • Enhanced Handling of Politically Exposed Persons (PEPs): Enhanced due diligence measures are required for PEPs, their close relatives, and associates. Board approval is required to initiate or continue relationships with PEPs, and there is an obligation to establish the origin and destination of funds. Additionally, the creation of PEP databases without their consent is permitted, and enhanced measures must continue for two years after they leave their positions.
  • Monitoring and Detection of Unusual/Suspicious Operations: Emphasis is placed on the need for continuous monitoring systems to detect atypical behaviours and unusual or suspicious operations. The definition of "suspicion" is broad, based on experience and analysis, not requiring certainty of criminal activity.
  • Rapid Reporting of Suspicious Activities (SAR): Obliged entities must report suspicious activities to the National Financial Intelligence Unit (UNIF) quickly and expeditiously, within a period not exceeding 24 hours from the determination of suspicion. Even attempted transactions must be reported.
  • Mandatory and Professionalised External Audit: The contracting of a Qualified Independent Compliance Third Party (QICTP) is required to conduct annual audits of the compliance programme. The QICTP must be authorised and registered by the SNV. If a report is considered deficient, the obliged entity must change QICTP. An unfavourable report may lead to direct SNV inspections and the imposition of administrative sanctions.
  • Prohibition of Anonymity and New Technologies: Special attention is required for products or operations that favour anonymity and the use of new technologies that hinder identity verification, with proportional measures to prevent their illicit use. It is prohibited to provide services to insufficiently identified, anonymous, or fictitiously named persons.
  • Preventive Fund Freezing: The immediate and without delay application (maximum 24 hours) of preventive freezing measures for funds, goods, or other assets related to persons or entities designated by the United Nations Security Council or under consideration for designation, is mandatory, in order to prevent terrorist acts or the financing of the proliferation of weapons of mass destruction.
  • Strict Confidentiality and Non-Applicability of Secrecy: Employees are prohibited from warning investors about verifications or notifications to authorities. Banking or professional secrecy is not enforceable against information requests from authorities.

How Companies Must Adapt to Avoid Criminal Risks To avoid criminal risks and comply with these regulations, companies subject to SNV regulation must adopt a proactive and robust approach:

  1. SIAR Implementation and Strengthening:
    • Formulate, adapt, implement, and develop an SIAR ML/TF/FPADM and Other Illicit Acts that is proportionate to the complexity, scope, and risk profile of the company, including its investors, products, services, and distribution channels.
    • Constitute the SIAR team, including the Board of Directors, the President, the Compliance Officer (with exclusive dedication and a high hierarchical level), the Risk Management Unit (RMU), and the Compliance Officers for each sensitive area. The Board of Directors must approve the designation and ensure sufficient resources.
  2. Policies, Norms, and Procedures (PNP) Manual:
    • Prepare a detailed manual that consolidates all risk management mechanisms, considering the specific characteristics of the company and its products/services.
    • Include methodologies for the identification, segmentation, analysis, and evaluation of risks, procedures for the detection and reporting of unusual or suspicious operations, and lists of alert signals.
    • Ensure that all personnel know and adhere to this manual, keeping written record of it in their files. The manual must be updated periodically and submitted to the SNV.
  3. Rigorous Application of Due Diligence and "Know Your X" Policies:
    • Establish procedures for the verifiable identification and verification of investors, participants, shareholders, and suppliers, including their ultimate beneficial owner and economic activities.
    • Conduct the initial risk level assessment of all clients from the beginning of the relationship and update it at least annually, or when there are significant changes in the transactional profile.
    • Implement enhanced measures for PEPs, including board approval for any commercial relationship and continuous monitoring of their transactions.
    • For employees, implement a "Know Your Employee" policy that includes data verification, references, probity, and monitoring of their conduct and standard of living in relation to their remuneration.
  4. Continuous Training and Development Programmes:
    • Design, finance, and implement an Annual Training and Development Programme (ATDP) for all personnel (management, executive, employees, etc.), adjusted to the identified risks.
    • Ensure induction on risk matters for new hires and specialised training for personnel in sensitive or high-risk areas.
    • Provide training on new criminal trends, typologies, and legislative changes.
    • Document all training and development activities, including attendance and a signed declaration of knowledge by participants.
  5. Annual Operating Plan (AOP):
    • Design and execute an AOP for ML/TF/FPADM and Other Illicit Acts risk management that establishes objectives, activities, responsible parties, units of measurement, goals, inputs, costs, and execution times.
    • This plan must be approved by the board of directors and submitted to the SNV within the first fifteen business days of the execution year. The Compliance Officer will prepare quarterly execution reports.
  6. Code of Ethics and Corporate Governance:
    • Design and adopt a mandatory Code of Ethics for all personnel, which includes aspects of ML/TF/FPADM risk management.
    • The board of directors must individually sign a written institutional commitment to ML/TF/FPADM risk management.
    • Develop and approve a good corporate governance manual.
  7. Technological Systems and Monitoring:
    • Invest in technological tools that allow for the tracking of trends, changes in financial profiles, and unusual activities.
    • Implement mechanisms for client identification and safeguarding their identity on technological platforms, especially in decentralised markets.
  8. Report Management and Collaboration with Authorities:
    • Ensure that Suspicious Activity Reports (SARs) are prepared and submitted to the UNIF in a timely (24 hours) and complete manner, including the necessary documentation.
    • Fully cooperate with investigative bodies and competent authorities, attending to information requirements without invoking banking or professional secrecy.
    • In case of suspicion, the company may refuse to provide services and must immediately inform the UNIF.
  9. Audit and Constant Review:
    • Engage a QICTP for the annual audit of the compliance programme and ensure that the report is favourable and complete.
    • Implement the observations and recommendations resulting from internal and external audits, as well as SNV inspections. The SNV will apply administrative sanctions for non-compliance with these observations.

By following these guidelines, companies can significantly mitigate their exposure to risks of money laundering, terrorism financing, and the proliferation of weapons of mass destruction, which in turn reduces the probability of incurring criminal, civil, and administrative liabilities arising from non-compliance with these regulations. Proactivity and the commitment of the entire organisation are essential for effective risk management.