KYC.IO

Global Regulations and Requirements for KYC Onboarding
(powered by KYC-Chain)

KYC to onboard domestic persons

nameplace of birthidentification numbertelephone numberaddress

KYC to onboard international persons

namedate of birthplace of birthidentity documentsaddresstelephone numberoccupationsource of incomesurname

corporate requirements

company name established date;Telephone numbertax identification numberregistry number volume of incomeshareholders and ultimate beneficial owners.

National ID card name

Cedula de Identidad

National ID Photo

back of national id photo back

Does the country have Esignature Laws?

eSignature Legality Summary

E-sig law files

What year did the relevant AML laws and regulations become effective?

2009

Further details on AML regime

a) 2009 – Law No. 18.494 – introduced several modifications to Law 17.835; b) 2004 – Law No. 17.835 – system controls and prevention of money laundering and financing of terrorism; and c) 1998 – Law No. 17.016 – standards with regard to the misuse of public power (corruption). Previously, Uruguayan AML Laws focused on the illicit traffic of narcotic drugs but have been gradually extended to other crimes.

Who is the regulator for AML controls for Banking

Uruguayan Central Bank (“UCB”)

Link to site

http://www.bcu.gub.uy/

Other financial Services

Internal Audit of the Nation

Website of Regulator

http://www.ain.gub.uy/

Financial Sector regulator

N/A

Practical Guidance for AML

Yes, the Unit of Financial Information and Analysis (“UIAF”) of the UCB has issued guidance with regard to suspicious or unusual transactions in order to assist the parties required to report these transactions in the detection of unusual or suspicious patterns in customer behaviour. Although the published guidelines are not exhaustive, they constitute a collection of types or patterns of transactions that could be linked to money laundering operations from criminal activities or terrorist financing

Practical guidance PDF's

Default.aspx

Is there a requirement to verify the identity of customers retroactively?

Yes

Retroactive details

Yes, the UCB, supervisor of the financial system, established the requirement to periodically update information on existing clients, especially in the case of high risk customers.

Has the country been the subject of FATF mutal evaluation in the last 3 years?

The country has not been subject to review in the last three years. The UIAF participate in Grupo de Acción Financiera de Sudamérica (“GAFISUD”) and in the Egmont Group.

Are there minimum transaction thresholds (Y/N)

Yes

More details on minimum transaction thresholds.

Yes, customer due diligence is not required on transactions below USD3,000 with occasional customers.

What are the requirements for customer identification information for individuals

a) name and surname; b) date and place of birth; c) identification document; d) marital status; e) address and telephone number; f) main activity or occupation; and g) volume of income (salary and other earnings). `

Details to be Collected on Corporates

a) company name; b) established date; c) address and telephone number; d) tax identification number; e) bylaws and other information on the entity as registry number etc.; f) main activity; g) volume of income (on financial statements); and h) shareholders and ultimate beneficial owners.

What are the high level requirements around beneficial ownership (identification and verification)?

Financial institutions must implement procedures in order to identify the ultimate beneficial owner of each transaction, verify their identity and register their names.

What circumstances are enhanced customer due diligence measures required?

Enhanced customer due diligence measures are required for ‘permanent customers’. Institutions must analyse each customer and classify them according to their activity, residence and risk profile. Institutions must obtain, evaluate and register additional information about the financial situation, in order to justify the customer’s transactions and the origin of funds for those customers classified as high risk and those with transactions over a certain limit.

How should FI's deal with Politically exposed persons

Financial institutions should apply additional due diligence procedures in the case of PEPs, their relatives and their associates. Financial institutions should: a) rely on procedures that allow them to determine whether a client is a PEP; b) get senior management approval upon establishing a new relationship with this type of client; c) take reasonable measures in order to determine the origin of the funds; and d) carry out a special and permanent assessment of the customer’s transactions.

What enhanced due diligence must be performed for correspondent banking relationships?

For correspondent banking relationships, local institutions must obtain the following information in relation to foreign institutions: a) the nature of their business; b) management details; c) reputation; d) principal activities and location of the premises; e) account purpose; f) regulation and supervision in their country; g) political context; and h) procedures applied in order to prevent being used for laundering of assets or financing of terrorism.

Are relationships with banks who might be considered a 'shell' and without substance permitted?

Yes, it is not permitted to perform any type of business with financial institutions established in jurisdictions that do not require physical presence. It is also not permitted to establish a relationship with foreign institutions which allow shell banks to open accounts.

In what circumstances is additional due diligence required for non face-to-face transactions and/or relationships?

Financial institutions must implement special procedures to verify the relevant identity and to control non face-to-face transactions such as non-resident or e-banking transactions.

To whom are SAR's made? (suspicious activity reports)

UIAF, established by the Uruguayan Central Bank

Link to website of SAR reporting

http://www.bcu.gub.uy/

Other Suspicious or unusual transactions obligations.

By the above mentioned Circular No. 1722 of UCB dated 21 Dec 2000, transactions considered suspicious can be conducted on a periodic basis or isolated, and that according to the customs of the activity concerned, are unusual, with no apparent economic or legal justification, or of unusual or unjustified complexity. Subjects required to report must immediately inform the UIAF regarding transactions covered by this where there is evidence or suspicion of involvement in the legitimisation of assets derived from criminal activities. In addition, financial intermediation institutions must notify the UCB and provide information regarding physical or legal persons carrying out the following transactions: a) operations consisting of coins, currency conversion, foreign cheques, precious metals, bank deposits, shares or other securities which are easy to redeem, for amounts in excess of USD10,000 or its equivalent in other currencies; b) receiving and sending of money orders and transfers (including international transfers) for amounts in excess of USD1,000 or its equivalent in other currencies, regardless of the mode of operation used for execution. Transfers and money orders are exempted from the obligation to be reported if they are made between bank accounts in cases where both the account of origin and destination are based in local financial intermediaries; and c) purchase or sale, exchange or arbitration of foreign currency or precious metals for an amount over USD10,000 or its equivalent in other currencies, where the counterpart is made in cash.

Are there any de-minimis thresholds below which transactions do not need to be reported?

USD10,000

Are there any penalties for non compliance with reporting requirements e.g. tipping off?

Yes, fines and penalties from Uruguayan Central Bank and National Internal Audit Office.

Are there any requirements (legal or regulatory) to use automated Suspicious Transaction monitoring technology?

Yes

Is there a requirement to obtain authority to proceed with a current/ongoing transaction that is identified as suspicious?

After a certain time, if there is no a response from UCB regarding the reported transaction, the institution should consider if it is appropriate to proceed with the transaction with the customer

Does the local legislation allow transactions to be monitored outside the jurisdiction?

Is there a legal requirement for a bank’s external auditor/other external organisation to report on the bank’s AML systems and controls?

The Communication 2010/254 issued by the CBU on 21 Dec 2010 defined that banks must have an audit report referring to the consideration of reasonable assurance regarding the design and operations of policies, procedures and monitoring mechanisms adopted to prevent the bank from being used for money laundering and terrorist financing.

If an external report on the bank’s AML systems and controls is required: a) how frequently must the report be provided?

annually

To whom should the report on AML systems be submitted?

directors and shareholders of the Bank

Is an AML system part of the financial statement audit?

What are the requirements for the content of this external report on a bank’s AML systems and controls? Does it require: a) sample testing of KYC files? b) sample testing of SAR reports? c) examination of risk assessments?

a) yes; b) yes; and c) yes. The procedures to be performed include: a) inquiry corroborating the description of policies, procedures and control mechanisms established by the Bank; and b) verification that the policies, procedures and control mechanisms are in accordance with the provisions of the regulation and its effective implementation by the auditor's judgment samples.

Data Protection Laws And Personal Data

data protection Law (No. 18331)

Data Protection for Corporate Data

data protection Law (No. 18331)

Data protection for "sensitive Data" and additional protections.

The country has a separate definition of "sensitive data", defined as: the data and personal information referring to origin, ethnic, politic, religion, health and sexual life and preference.

Do any restrictions on the transfer of credit reports exist?

The response is affirmative; there are credit reports, banking information, and criminal information (only local Authorities and Interpol) that are prohibited from being transferred. Medical information is protected by secrecy

Regulator Acronym

UCB

Year of last FATF mutual evaluation

N/A

Field 67

financial institution face-to-face transactions e-banking transactions.

National ID card details

Mandatory

Compulsory?

National ID source

http://www.identity-cards.net/record/uruguay

Passport Photo

practical Guidance yes / no

Is there a risk based approach

Legal Requirement

Yes

Requirement to proceed

Yes

requirement to use automated suspicious transaction tools

Yes

Who are SARS made to?

UIAF

shell banks

EDD for correspondent banking

Yes

Minimum transactions

UYU 84,164

Min transaction USD

3000

Personal Data protection

Data Protection for Corporates

key restrictions

One should be cautious of transactions that must be notarized or that relate to real estate.

Summary

Yes, the law allows the parties to agree privately to the form of signature. Summary of law The law is somewhat unusual in that it allows the parties to challenge consent after it has been given. That is, the parties may agree to transact business electronically and sign the document electronically, but this will not stop either party from challenging that consent at a later date. On the other hand, there is evidence that electronic signatures are used commonly in Uruguay and are submitted in court filings.

Are e-signatures acceptable

If the AML laws and/or regulations became effective in the last 2 years, what were the requirements of the previous AML regime?

N/A

Non financial sector (e.g. casinos, high value goods etc.)

N/A

Does the country have a risk based approach?

Yes, the UCB has established that the supervision process must be proactive and integrity orientated, focused on risks and performed on a consolidated basis. The Corporate Governance and Internal Control System Regulations which are in force (UCB Circular 1987) establish that institutions must have a risk framework according to the nature, size and complexity of their transactions. An AML framework is specifically required.

Where copies of identification documentation are provided, what are the requirements around independent verification or authentication?

Notary certification and signature verification are required to certify the validity of the documents provided. Each institution also has its own policies and procedures to verify the documents and its copies.

Is there case law, other constitutional law or any other laws or regulations that may impact upon the transfer of information to this jurisdiction?

Yes, the international transfer of data is regulated by Law and limited upon requirements (e.g. consent, adequate protection, International law regulation, etc.) and it is controlled by the public authorities.

List of case law, constitutional law or any other laws or regulations that may impact upon the transfer of information.

In Uruguay there are secrecy regulation laws, such as banking secrecy, professional secrecy, court data, and other specific regulations.