KYC.IO

Global Regulations and Requirements for KYC Onboarding
(powered by KYC-Chain)

KYC to onboard domestic persons

invoice numbernationalityemailphone number

KYC to onboard international persons

invoice numbernationalityemailphone number

corporate requirements

entity name commercial registry numberprofession/degreeinvoice numberaddressemailphone number

National ID card name

Cedula de Identidad

National ID Photo

back of national id photo back

Does the country have Esignature Laws?

Law on Electronic Commerce, Electron signatures and Data Messages (2002)

E-sig law files

What year did the relevant AML laws and regulations become effective?

2005

Further details on AML regime

2005. Regulation to Prevent, Detect and Eradicate Money Laundering and Financing of Crimes (hereinafter Law to Prevent Money Laundering - LPML) which should be complied by entities pertaining to the financial system and insurance sector to report financial transactions above the established thresholds. In 2007 the Superintendence of Banks of Ecuador issued resolutions that govern the activities to prevent money laundering, terrorism financing and other crimes on a risk oriented approach. 2010 The LPLM regulation added other controlled entities to the list included in the LMPL that must adhere when reporting to the Regulator. In Jul 2014, the Superintendence of Companies, Securities and Insurance issued standards to prevent money laundering and terrorism financing, which are managed through the National Entity for Money Laundering Prevention. In addition to the Regulation to Prevent, Detect and Eradicate Money Laundering and Financing of Crimes, there are currently two set of laws that regulate two groups of companies: i. Stock exchanges, brokerage houses, and fund managers and trusts; and ii. Credit unions, foundations and NGO´s; retailing of vehicles, crafts, ships, and aircrafts; security transportation services, postal packages services, parallel postal services; travel agencies and tourism companies; real estate intermediaries and construction services, casinos and betting houses, slot machines and racetracks; pawnbrokers; pawn shops, jewelry dealers, precious gems; traders of antique and art pieces; notaries and property registrants.

Who is the regulator for AML controls for Banking

companies comprising the financial sector are regulated by the “Superintendencia de Bancos del Ecuador”, SBE and the other companies by the “Superintendencia de Compañías, Securities and Insurance del Ecuador”

Link to site

http://www.sbs.gob.ec

Other financial Services

the primary regulator for financial institutions and the non-financial sector is denominated “Unidad de Análisis Financiero” (“UAF”)

Website of Regulator

http://www.uaf.gob.ec/

Financial Sector regulator

https://sislaft.uaf.gob.ec/sislaft

Practical Guidance for AML

Yes. Please refer to the legislation mentioned in A1.

Is there a requirement to verify the identity of customers retroactively?

No.

Retroactive details

No.

Has the country been the subject of FATF mutal evaluation in the last 3 years?

Yes. Ecuador is a member of the Financial Action Task Force on Money Laundering in South America (“GAFISUD”). The last mutual evaluation was carried out in 2011

Are there minimum transaction thresholds (Y/N)

Yes

More details on minimum transaction thresholds.

According to requirements of the Superintendence of Banks, customers who carry out transactions above USD5,000 must fill in a questionnaire regarding the legal origin of funds for deposits made for individuals; and, in case of any stockholder bearing more than 6% of shares of a financial institution, such individual must file a statement on the legal origin of resources used for such transaction. It should be mentioned that for transactions amounting USD10,000 or more within a 30-day period on behalf of the same customer, control mechanisms should be enabled. While the groups of companies under the controller of the Superintendence of Banks, Securities, and Insurance (detailed on A1.) are regulated by different policies and thresholds by type of activity

What are the requirements for customer identification information for individuals

a) individual; b) Ecuadorian sole commercial registry number (RUC as in Spanish); c) entity economic activities; d) invoice number; e) residency; and f) e-mail and phone number.1111

Details to be Collected on Corporates

a) name of the entity b) Ecuadorian sole commercial registry number (RUC as in Spanish) c) individual’s profession or degree d) invoice number e) address in Ecuador or in country of origin and f) e-mail and phone number.

What are the high level requirements around beneficial ownership (identification and verification)?

A copy of annual tax return or income certificate is required from customers as a proof of their income source. In case of variations in their customers’ income or property, these instances should be monitored

What circumstances are enhanced customer due diligence measures required?

Due diligence and KYC procedures are mandatory on: a) individuals and members included in the UN sanctions list; b) PEP’s (approval should be performed at Management level); c) electronics transfers (transferor’s information); and d) non-cooperative counties/jurisdictions/territories and tax heavens (transactions back and forth must be reviewed and communicated to UAF)

How should FI's deal with Politically exposed persons

When PEP’s are involved, institutions of the financial sector should implement the following due diligence procedures: a) set forth risk management systems to establish whether or not a prospective customer, a customer or an ultimate beneficiary is a PEP; b) senior management approval is mandatory prior to initiating relationships with a PEP; c) appropriate measures should be implemented to establish the customer’s income and funds source and ultimate beneficiaries of wealth if they have been identified as PEP’s; and d) continuous due diligence measures and procedures should be implemented upon existing relationships with a PEP.

What enhanced due diligence must be performed for correspondent banking relationships?

Institutions comprising the financial system should implement policies and carry out procedures to prevent or detect unusual and suspicious operations performed among domestic and/or international legal

Are relationships with banks who might be considered a 'shell' and without substance permitted?

In accordance with Resolution No JB-2012-2146 no correspondent relationships may be entered into between local institutions and shell banks.

In what circumstances is additional due diligence required for non face-to-face transactions and/or relationships?

Entities should set forth certain procedures to carry out KYC for non-face-to-face transactions, also these customers’ transactions must be followed up/traced.

To whom are SAR's made? (suspicious activity reports)

UAF of Ecuador

Link to website of SAR reporting

http://www.uaf.gob.ec/

Other Suspicious or unusual transactions obligations.

Yes, all suspicious activities must be reported, as well as transactions considered suspicious and unusual.

Are there any de-minimis thresholds below which transactions do not need to be reported?

Transactions performed within the financial system according to the amounts mentioned in A8 must be reported, as well as transactions considered suspicious and unusual.

Are there any penalties for non compliance with reporting requirements e.g. tipping off?

Yes. An infraction arises from the lack of compliance on reporting in accordance with UAF requirements, and sanctions may be imposed on individuals and entities involved.

Are there any requirements (legal or regulatory) to use automated Suspicious Transaction monitoring technology?

No. Entities are entitled to develop or use their own technological resources to keep up monitoring in accordance with KYC policies.

Is there a requirement to obtain authority to proceed with a current/ongoing transaction that is identified as suspicious?

In the case of a transaction is performed, involved entity must report the correspondent customer’s data and operation.

Does the local legislation allow transactions to be monitored outside the jurisdiction?

No specific mention about this subject is included in AML regulation.

Is there a legal requirement for a bank’s external auditor/other external organisation to report on the bank’s AML systems and controls?

The appropriate operation of the risk management system should be reviewed by the external auditor and its report should be submitted to the correspondent authority

If an external report on the bank’s AML systems and controls is required: a) how frequently must the report be provided?

The external auditor conducts an annual review

To whom should the report on AML systems be submitted?

The results are submitted to the Board of Directors

Is an AML system part of the financial statement audit?

The final opinion is part of the financial statements audit.

What are the requirements for the content of this external report on a bank’s AML systems and controls? Does it require: a) sample testing of KYC files? b) sample testing of SAR reports? c) examination of risk assessments?

The assessment that risk management system meets all requirements established in the regulation is performed by the external auditor, who applies its judgment to design necessary tests to assure an

Data Protection Laws And Personal Data

according to the Constitution on Freedom Rights chapter, the right to the protection of personal data, which includes the access and decision on this type of data, as well as its correspondent protection. The gathering, filing, processing, distribution or publishing of this data or information will require the owner’s authorization or a legal request

Data Protection for Corporate Data

The Coding of the Superintendence of Banks on right to protection establishes in its Art.14 that the user will be entitled to receive protection and demand the adoption of effective measures to guarantee the security of financial operation, customer’s advocate from the Superintendence of Banks and Insurance and other pertinent administrative or legal acts

Data protection for "sensitive Data" and additional protections.

according to the Constitution Art 11. The right to maintain the reserve about his convictions. Nobody may be obliged to declare on them. In no case will it be required or used without the owner’s or its actual representatives authorization, any personal or third party’s data on their religious believes, political affiliation or opinion; or their health status and sexual life, unless for medical attention purposes

Do any restrictions on the transfer of credit reports exist?

According to Art. 11 of the Constitution: In no case will it be required or used without the owner’s or its actual representatives authorization, any personal or third party’s data on their religious believes,

Regulator Acronym

UAF

Year of last FATF mutual evaluation

N/A

National ID card details

Mandatory

Compulsory?

National ID source

http://www.adipiscor.com/como/168/Como-renovar-la-cedula-de-ciudadania-Quito

Passport Photo

practical Guidance yes / no

Is there a risk based approach

Legal Requirement

Yes

Requirement to proceed

Yes

requirement to use automated suspicious transaction tools

Who are SARS made to?

UAF-Ecuador

shell banks

EDD for correspondent banking

PDF of case law

Minimum transactions

USD 5,000.00

Min transaction USD

5000

Data Protection for Corporates

If the AML laws and/or regulations became effective in the last 2 years, what were the requirements of the previous AML regime?

The primary characteristics of the LPML request the implementation of KYC procedures to oversight transactions, follow up unusual transactions and report to correspondent authorities in case of arising any

Non financial sector (e.g. casinos, high value goods etc.)

the main regulator for AML controls is UAF which uses the SISLAFT system to prevent asset laundering and terrorism financing (“SISLAFT”)

Does the country have a risk based approach?

Yes, the new regulation is risk based oriented in connection to AML

Where copies of identification documentation are provided, what are the requirements around independent verification or authentication?

Institutions of the financial sector should apply appropriate procedures to ensure that data supplied by customers is actual and accurate; otherwise, no commercial relationship may be entered to a report of suspicious operation should be submitted to UAF. Likewise, the Superintendence of Banks, Securities, and Insurance establishes required documentation related to customers and suppliers.

Is there case law, other constitutional law or any other laws or regulations that may impact upon the transfer of information to this jurisdiction?

List of case law, constitutional law or any other laws or regulations that may impact upon the transfer of information.