Manual for the prevention of money laundering and terrorist financing
SARLAFT - Blockcannan S.A.S.

Version 1.0

Blockcannan S.A.S cannot be oblivious to phenomena such as: Money Laundering and Terrorism Financing. As a company we are governed by the principles and regulations of the Colombian State, in addition, we trust the veracity of the data provided by our collaborators, however, we must ensure that each of our collaborators is off the binding lists of organizations outside of the law, but without violating its good name and with comprehensive management for the management of Personally Identifiable Information (PII).

Therefore and according to Article 15 of the Political Constitution of Colombia: “All people have the right to their personal and family privacy and to their good name, and the State must respect and make them respect. Likewise, they have the right to know, update and rectify the information that has been collected about them in data banks and in files of public and private entities”. In addition, all our collaborators have the right to inform and receive truthful and impartial information, this protected in Article 20 of the Political Constitution of Colombia: “Every person is guaranteed the freedom to express and spread their thoughts and opinions, that of inform and receive truthful and impartial information, and that of founding mass media. These are free and have social responsibility. The right to rectification is guaranteed under fair conditions. There will be no censorship”.

As a company we respect the guiding principles of the processing of personal data according to the regulations of the Colombian State, which are as follows:

1. Principle of legality: The data requested by Blockcannan S.A.S for registration and KYR verification (Know Your Risk) are governed by the principle of legality of the Colombian State.

2. Principle of Purpose: The provision of personal data is carried out legitimately and in accordance with the Political Constitution of Colombia.

3. Principle of Freedom: Before our collaborators complete the KYR registration and send their personal data, they expressly authorize in the form that they have not been coerced or forced to provide any personal information that violates their good name or their fundamental rights.

4. Principle of truthfulness or quality: The personal data sent by our collaborators correspond to real situations, with truthful, complete, exact, updated, verifiable and understandable information.

5. Principle of transparency: Each of our collaborators can know at any time and without restrictions, the information about the existence of the data that concerns them.

6. Principle of access and restricted circulation: Access to the personal data of our collaborators is only allowed for the owner or by those who are guaranteed by Colombian law to authorize.

7. Security principle: Blockcannan SAS has the technical, human and administrative measures that provide information security and prevent adulteration, loss or unauthorized or fraudulent access to the data of our collaborators using a database under the blockchain technology of Ethereum.

8. Principle of confidentiality: Blockcannan S.A.S. guarantees the reservation of information that it has in its power of its collaborators and does not disseminate them for profit or any other purpose outside of Colombian regulations.

9. Principle of necessity: The data requested by Blockcannan S.A.S. they are strictly necessary to fulfill the purposes pursued by the database and the PII.

10. Principle of utility: The purpose for which the personal data of our collaborators has been recorded is to create our own verifiable database, with the guidelines registered by Colombian law and confirm the KYR to each of the natural and legal persons who are in the Blockcannan S.A.S. database.

11. Principle of integrity in data management: The management of the database that is in the power of Blockcannan S.A.S. it will always be done in a complete and comprehensive way, to avoid that these data may distort the veracity of the information if they are given partially.

12. Incorporation principle: Blockcannan S.A.S. During the collection of personal information, it does so in its entirety, in such a way that it does not omit information of any kind. Either it is understood as negative for the owner or that otherwise the owner may benefit from the information provided.

13. Expiration principle: At the moment that one of our collaborators decides to cancel the services obtained with us. Blockcannan S.A.S will no longer have them in your possession and you will not be able to access them, and they will be in a repository under a smart contract on the Ethereum blockchain that the code will only be opened when government authorities require to audit them.

According to the Financial Habeas Data Law (Law 1266 of 2008) in which we are governed as a Colombian company; "The information of the owner may not be provided to users or third parties when it ceases to serve the purpose of the data bank." To guarantee the above, we use blockchain technology to shield information through smart contracts.

In addition to the above, the Personal Data Habeas Law (Law 1581 of 2012) indicates the Privacy Notice that we will give our collaborators for the management and use of their personal data: “Verbal or written communication generated by the Responsible, addressed to Holder for the Treatment of your personal data, through which you are informed about the existence of the information Processing policies that will be applicable, the way of accessing them and the purposes of the Treatment that is intended to give the data personal”.

Blockcannan SAS is aware as a company that money laundering and terrorist financing are crimes that have become a great problem for society and for the economies of different countries around the world, and that they can also lead to other actions. such as: kidnapping, extortion, human trafficking, drug trafficking, illicit enrichment, buying and selling on the black market, etc. Therefore, we seek to contribute to stopping these scourges with the appropriate treatment of data and timely reporting to the competent authorities of any anomaly within our databases and PII, with the use of blockchain as a tool for security, honesty and transparency in the information management of our collaborators.

Understanding the above, we have some guidelines for data collection and treatment with an Anti-Fraud Policy (safeguarding the data in smart contracts in the Ethereum blockchain) always seeking to meet the company's objectives and strengthen the reduction of risks that we are exposed to. in our daily tasks, avoiding both internal and external threats, to the treatment of information and databases.

Reason why Blockcannan SAS has built this document that points out the most important points for the treatment and manipulation of data, based on Colombian regulations and laws, also with control and prevention guidelines for the operation of SARLAFT, Anti-fraud program and Integral Program. Personal Data Management (PII).

 

Definitions

Blockcannan / Company: Refers to the company Blockcannan S.A.S.

Early Alerts: It is the set of qualitative and quantitative indicators that allow the timely and / or prospective identification of atypical behaviors of the relevant variables, previously determined by the entity.

Final Beneficiary or Real Beneficiary: In accordance with the provisions of the FATF (International Financial Action Task Force) recommendations, it refers to the natural person (s) that finally owns or controls to a counterparty or to the natural person in whose name an operation or business is carried out. It also includes the person (s) who exercise final effective control over a person or other legal structure or are (are) the owner (s) of 25% or more of their capital, if they are of a corporate nature.

Risk Factors: They are the agents that generate ML / FT risk. The following must be taken into account as a minimum.

Clients / users: They are all those natural or legal persons with whom the Company establishes and maintains a contractual or legal relationship for the provision of a service.

Products: These are the legally authorized operations that the entities under surveillance can carry out by entering into a contract.

Distribution channels: They are all those means that are used to market, distribute your products or services.

Jurisdictions: Territory where services are delivered.

Financing of Terrorism: Corresponds to the set of actions that allow the circulation of resources that are intended to carry out terrorist activities or that seek to conceal assets from such activities. This conduct is considered a crime which is typified in the Colombian Penal Code.

Interest Groups, Interested Parties or Counterparts: They are those third parties with whom the company has a contractual agreement or alliance. The following are part of this interest group: Clients (Massive, SMEs, Corporate), Direct Employees in the Company, Suppliers, Strategic Allies, Outsourcing - Subcontractor Companies, distribution channels, among others.

Money laundering: In article 323 of the Penal Code modified by article 42 of Law 1453 of 2011, this crime is defined as: “Whoever acquires, safeguards, invests, transports, transforms, guards or administers assets that have their origin mediate or immediate in activities of migrant smuggling, human trafficking, extortion, illicit enrichment, extortion kidnapping, rebellion, arms trafficking, crimes against the financial system, the public administration or related to the proceeds of the crimes object of a concert to to commit a crime, related to the traffic of toxic drugs, narcotic drugs or psychotropic substances, or to give the goods derived from said activities the appearance of legality or legalize, conceal or conceal the true nature, origin, location, destination, movement or rights over such property, or any other act is carried out to hide or cover up its illicit origin.

Binding lists: They are those lists in front of which the Company will abstain or seek to end contractual or any other type of relationships, with the natural or legal persons that appear in them.

Publicly / Politically Exposed People (PEP): National or foreign people who, due to their profile or the functions they perform, may expose the entity to the risk of ML / TF, such as people who, due to their position, manage public resources , have some degree of public power or enjoy public recognition. Decree 1674 of 2016.

Risks Associated with Money Laundering and Terrorism Financing (LA / FT): It is the possibility of loss or damage that the Company may suffer due to its propensity to be used directly or through its operations, as an instrument for money laundering and / or or channeling of resources towards the carrying out of terrorist activities, or when the concealment of assets from said activities is intended. Its associated risks are: reputational, legal, operational and contagion.

Compliance risk: An existing or emerging threat related to a breach of law or internal policy, or violation of the code of ethics / conduct, which could result in civil or criminal violations, and generate negative financial consequences, deterioration of the brand image or reputation.

SARLAFT: Acronym that translates the Money Laundering and Terrorism Financing Risk Management System.

Warning Signs: They are all the facts and particular circumstances surrounding the realization of transactions of each third party with which the Company is related, from which it can be preventively identified if they are the subject of a careful and detailed study, therefore they must be classified into:

• Attempted operation: It is configured when the intention of a natural or legal person to carry out a suspicious operation is known, but it is not perfected because whoever tries to carry it out desists from it or because the established or defined controls did not allow it to be carried out.

• Unusual operation: It is that operation that goes outside the normal parameters or that due to its amount and characteristics is not related to the economic or commercial activity of each segment of the interest groups.

• Suspicious operation: It is one that due to its number, quantity or characteristics is not framed in the normal systems and practices of business, of a client, an industry or of a given sector and, furthermore, that according to the customs and customs The activity in question could not be reasonably justified. These operations must be reported solely and exclusively to the UIAF.

Cash transactions: These are the operations carried out by the Company and its related parties in cash.

UIAF: Acronym for Financial Information and Analysis Unit. This entity aims to prevent and detect operations that can be used for ML / FT, and impose reporting obligations on certain economic sectors.

 

General objective

Present the SARLAFT manual, Anti-Fraud Program and the Comprehensive Personal Data Management Program (PII) as open tools for consultation and applicability to our employees, associates, government entities and other collaborators of Blockcannan S.A.S.

 

Specific objectives

1. Shield the personal information and the database of our collaborators using bigdata and blockchain technology, this to avoid possible manipulation of the information, reduce and eliminate fraud events in our databases.

2. Inform and raise awareness about the proper use of data processing, the SARLAFT and the PII, to our collaborators. In addition, the risks assumed by bad practices and / or non-compliance with security protocols in the management of information and databases.

3. Describe to our collaborators the typologies of the crimes of Money Laundering (LA) and Financing of Terrorism (FT), in addition to warning signs to recognize suspicious or unusual actions, in order to avoid or minimize them.

4. Create an organizational culture focused on good practices in the SARLAFT, Anti-fraud Program and PII programs; and our collaborators embrace a philosophy under the regulations and laws of the Colombian State as a culture reflected in each of them.

5. Deliver this document to our collaborators; SARLAFT, PII and the Anti-Fraud Program.

 

Normativity

• Law 663 of 1993
• Law 333 of 1996
• Law 599 of 2000
• Decree 1497 of 2002
• Law 1121 of 2006
• Resolution 285 of 2997 of the UIAF
• Resolution 212 of 2009
• Law 1474 of 2011
• Law 1708 of 2014
• Decree 1674 of 2016
• Law 1266 of 2008
• Law 1581 of 2012
• Decree 1377 of 2013
• Decree 866 of 2014
• Decree 1759 of 2016

Circular

• External Circular 170 of 2002
• External Circular 022 of 2007
• External Circular 026 of 2008
• Basic Legal Circular (C.E. 029/14)
• External Circular Letter 100-0006 of 2018

 

1. Blockcannan S.A.S.'s Policies for the administration of SARLAFT, the PII and the Anti-Fraud Program

Procedures: Execution and development of training and socialization programs for our collaborators to facilitate the expansion of information on risk prevention, methodologies and protocols that facilitate compliance with SARLAFT, the risk of fraud and the PII. In addition, the use of blockchain and big data technologies are essential for the shielding, auditing and non-modification of the information of our collaborators.

 

1.1. SARLAFT Risk

For Blockcannan S.A.S the use of Big data and Blockchain in ML / FT risk management is essential for the verification of the identity of our collaborators in a decentralized and reliable way. Likewise, we support our processes in training our employees in the new technologies already mentioned, adopting simple methodologies taking into account each of the stages and elements of the information and data management system.

Need: For Blockcannan S.A.S. The administration of SARLAFT is of utmost importance to generate risk mitigation processes and always seek to increase the confidence of our employees, partners, allies, government entities and other collaborators. In addition, to seek frequent participation from company employees so that they can share the responsibility for prevention and control with the company.

Objective: To ensure that SARLAFT risk management is done at all levels of Blockcannan S.A.S. making it necessary for all our collaborators to apply prevention and mitigation policies in this matter.

1.2. Fraud Risk

Having an anti-fraud policy puts into operation elements that contribute to and promote good practices and an anti-fraud culture supported by prevention, detection, correction activities, and relying on 4.0 technologies such as Big data and blockchain; The latter are supported by our payment gateway, the DApp "Becannan Pay".

Need: the authorities take advantage of the information we provide from Blockcannan S.A.S. so that the respective audit is done and that the anti-fraud control is under control in our organization.

Objective: apply our policies focused on meeting the objectives of Blockcannan S.A.S.'s Anti-Fraud Program by our collaborators.

1.3. Data Protection Risk

A data protection culture is very important to Blockcannan S.A.S. therefore, from our company we promote a culture of personal data protection to all our collaborators and external entities, making massive use of new technologies (blockchain and big data) that help minimize human error and increase risk protection in our databases. of data and confidential information.

Need: make an appropriate data protection guide in which it is aligned with the commitment, honesty, transparency and security in the information that Blockcannan S.A.S.

Objective: to achieve that the good practices of the IIP that are part of each of the collaborators of Blockcannan S.A.S. In addition, we seek to increase the use of blockchain and big data technologies, to minimize possible human errors and attacks on our information systems.

 

2. SARLAFT: Risk Management, Money Laundering and Terrorist Financing System

2.1. What is Money Laundering?

Also known as corruption, money laundering, money laundering, money laundering or money laundering. It consists of giving the appearance of lawful or lawful to monies obtained in an illegal or unjustifiable manner. In Colombia, this conduct is incorporated in the Penal Code in article 323 (law 599 of 2000). The money laundering resources not only come from drug trafficking, which is the most frequent in Colombia, but also include the following crimes such as:

• Migrant smuggling
• Human trafficking
• Extortion
• Illicit enrichment
• Extortive kidnapping
• Rebellion
• Arms trafficking
• Financing of terrorism and administration of resources related to terrorist activities to armed groups outside the law
• Crimes against the financial system
• Crimes against public administration
• Crimes resulting from a concert to commit a crime

With one or more of the aforementioned activities, what is sought is to link these illegally obtained monies to the financial and economic system of a country. Accordingly, Blockcannan S.A.S. As a legally constituted company in Colombia we find ourselves in the need to combat these criminal practices and the profits derived from them.

Money laundering includes aspects such as; acquire, keep, invest, transform, transport or market illicit goods or money; Then, without knowing it, any person can participate in any of these activities, it is for this reason that as a company we detail in this document the most common forms of money laundering and thus be able to combat them.

2.2. What is Terrorism Financing?

Terrorist Financing (FT) is any form of economic action, aid or mediation that provides financial support to the activities of terrorist elements or groups. Although the main objective of terrorist groups is not financial, they require funds to carry out their activities, the origin of which may come from legitimate sources, criminal activities, or both. In other words, Terrorist Financing (FT) is related to the funds, assets or resources that terrorist or terrorist organizations have access to in order to pay for their activities.

Terrorist activities seek to intimidate or coerce individuals, organizations, and governments to carry out acts outside the law through threats or violence.

2.3. Warning signs Money Laundering and Terrorism Financing

There are several signs that as a company we can take as common alerts or as conclusive alerts depending on the behavior and the provision of information. These warning signs help us to identify unusual or atypical behavior of our collaborators, and thus make a search and subsequent verification of the binding lists allowed in Colombia to rule out any link with organizations that are outside the law. So, it is understood as a conclusive alert if by itself it gives reason to think suspicious behavior and in a certain way it incurs it has incurrence in other aspects, on the other hand, we understand as a common alert to a situation that although it may occur in LA / FT, usually occurs because of a merely casual innocent situation.

2.3.1. Unusual Operations: They are irregular or strange operations in their number, quantity or characteristics that are not framed in the flows with the established normal parameters, which were used for the registration and market rank of the users. In addition to the unusualness in these operations, they are characterized in that the operation cannot be reasonably justified.

2.3.2. Suspicious Operations: These are complex, important, significant operations that do not correspond to habitual transaction patterns and that lack a reasonable economic or legal basis for each type of client in particular, whether due to the type of business, industry or sector determined. , that due to their nature or volume are not justifiable in a reasonable way.

2.3.3. Warning signs to detect unusual and suspicious operations: 1. Transactions whose values are incompatible with professional occupation and the declared financial situation. 2. Unexpected movements in operations and account management. 3. Operations that show a significant oscillation in relation to the volume or frequency of business of the client. 4. Small deposits and transfers that are immediately transferred to accounts in other countries or regions. 5. Operations that show a sudden and objectively unjustified change compared to the customer's history. 6. Operations whose degree of complexity and risk is incompatible with the client's technical qualification.

Understanding the above, it is the responsibility of Blockcannan S.A.S. ensure compliance with the monitoring of warning signals for ML / FT of our collaborators. Therefore, the financial or accounting information must be updated, and it will be verifiable for us as a company and also for auditing entities.

Blockcannan S.A.S. as a company under the Colombian regulatory framework

2.4. Suspicious Operations Report (ROS)

Through the Colombian government's ONLINE REPORT SYSTEM (SIREL) website:
https://reportes.uiaf.gov.co/ReportesFSMCif64/Modules/Home/html/default.aspx

Blockcannan S.A.S. understands as suspicious or unusual operations of our collaborators if something happens that is outside the normal parameters of our clients or our policies.

So; for our external collaborators: 1. That they act on behalf of third parties trying to hide the identity of the real user. 2. That they divide the transactions to avoid documentation requirements and / or presentation of declaration of operations in cash. 3. That they register the same address and / or telephone number with other people with whom they have no apparent relationship. 4. That your income is outside the average income for your type of economic activity, whether it belongs to a specific sector or is independent. 5. Refuse to update basic information. 6. That the forms are incomplete, with illegible or damaged handwriting. 7. That what is declared is outside the deviation standards of any activity or economic sector. 8. That Blockcannan S.A.S. determine any given information as suspicious. For internal collaborators: 1. That they frequently authorize or process operations or exceptions, that evade internal audit controls or approval of certain requirements. 2. That the results produced by the internal audit of our company are outside the standard deviation and the average results of the other legal or natural persons within Blockcannan S.A.S.

2.5. Stages of Money Laundering

We understand that criminal activities incurred by persons or organizations outside the law, are in different ways and each one of them have a different way of operation, therefore, we cannot claim to cover each of However, we can list certain stages of the crime and thus, through blockchain and bigdata technology, we will work to mitigate this scourge.

2.5.1. Obtaining: Taking into account that once the crime ends there is a obtaining of the money, verbigracia; rebellion, kidnapping, extortion, arms trafficking, etc. The link of any user is discarded when it is not registered in any of the binding lists that we provide.

2.5.2. Placement: The introduction of assets or assets to the financial system and / or other entities unjustified or in tax havens. For example: purchase of real estate, unusual deposits in bank accounts, etc.

2.5.3. Diversification: When a large series of financial and / or commercial transactions are carried out with the aim of erasing all traces of the origin of the money.

2.5.4. Integration: When the excessive growth of some business is merged or associated through another smaller business without any reasonable justification.

 

3. Typologies of Money Laundering and Terrorism Financing

The Financial Information and Analysis Unit of the Republic of Colombia (UIAF) describes the most common typologies used by criminal organizations and people who commit illegal actions in ML / FT to give the appearance of legality to funds obtained from actions outside the law and transfer them from one place to another or between people to finance their criminal activities. Now, each of the typologies has in itself some warning signs that must be understood individually and not concurrently, and under the presumption of innocence with the assumption that the detection of an action that could be suspicious or alert about ML / FT is not a guarantee that a crime is being incurred.

3.1. Typologies

3.1.1. Fictitious exports of services: Here we refer to the reimbursement of foreign currency of illicit origin, whose presentation or commercial value in the international market is difficult to verify, quantify or has an explanation of the unreasonable amount, given its intangible nature. Warning Signs: 1. The service is exporting to a country that due to the nature of the market would not have the need to contract it with a local company. 2. Refunds received from countries that have low ML controls. 3. That the income is justified by inconsistencies or there is no relationship with the service. 4. That the money be withdrawn in checks with a list of different clients.

3.1.2. Fictitious foreign investment in a local company: Users or companies that make large investments to companies that are financially in need and do so through various intermediaries to finally convert it into local currency. Then, this company uses this money to make payments, which is generally through checks that are made out to various people. Warning Signs: 1. Foreign investment companies whose economic activity bears no relation to the projects that Blockcannan S.A.S. will develop with your investment. 2. The money is withdrawn from local bank accounts by writing a check to several beneficiaries, who generally endorse them irregularly. 3. Investment of resources in projects to be developed in areas with the presence of illegal armed groups.

3.1.3. Partial money transfers through international wire transfers: When users split large sums of money into several shipments, they can do so between one or more beneficiaries. This payment can be in cash, money exchange or check. Warning Signs: 1. Beneficiary groups that supply the same data, such as; address, telephone, email, etc. 2. People who always receive or send money orders in different places to the registration address. 3. When they do not have a reasonable justification for the origin of the money.

3.1.4. Use of illicit funds to reduce indebtedness or capitalize legitimate companies: In this case, organizations or people who have illegally acquired their money, make a capital investment contribution with the condition of modifying some documents to access the financial statements of the company. Warning Signs: 1. That the foreign company that makes the investment is not legally constituted in any territory. 2. Representative changes in the financial movements of the company. 3. Companies or people who are accused of inflating their financial statements.

3.2. Natural and legal persons who are on binding lists

The binding or restrictive lists are used in Colombia and internationally as a database that collects information, reports and backgrounds of different organizations, dealing with natural and legal persons, who may present suspicious activities, investigations, processes or convictions for laundering crimes. of assets and financing of terrorism. It is for this reason that Blockcannan S.A.S. use them to verify that our collaborators are not in them.

Therefore, Blockcannan S.A.S. It has a verification policy in the binding lists to rule out that our collaborators belong in them.

 

4. Prevention of LA / FT Risk at Blockcannan S.A.S.

4.1. Our SARLAFT

Blockcannan S.A.S. It has an administration for risk prevention, money laundering and terrorist financing (SARLAFT) taking into account the following stages: 1. Identification. 2. Measurement. 3. Control and 4. Monitoring. In addition to these stages, we take into account eight elements to minimize risks and create an anti-fraud and ML / FT prevention culture within our company, as follows: 1. Policies. 2. Procedures. 3. Documentation. 4. Organizational structure. 5. Control bodies. 6. Technological infrastructure. 7. Disclosure of information. 8. Training.

4.2. Risk Factors

Blockcannan S.A.S. takes into account that the risks are associated with different factors such as: Reputational, legal, operational and contagion. In this way, these factors are associated with the customers, products, distribution channels and jurisdiction of our company.

4.3. Organizational Structure

Blockcannan S.A.S. ensures that its policies and company philosophy are impregnated in each of the members of the company and our collaborators. Therefore, we have a basic organizational structure, in which, at each of the operational, administrative and managerial levels, they work as control and prevention agencies.

4.3.1. Board of Directors: It is the highest body that Blockcannan S.A.S. and therefore, the Board of Directors is the entity that has the greatest commitment to ensure the construction, distribution, compliance and transformation of the company's SARLAFT.

4.3.2. CEO / Legal Representative: He is responsible for the entity to ensure the proper functioning in each of the areas of Blockcannan S.A.S., in addition, he is the main executor of SARLAFT.

4.3.3. Area Directors: They are the people in charge of each of the areas of Blockcannan S.A.S. therefore, they have the responsibility of ensuring the proper functioning of the SARLAFT and each of them is the one who reports news to the CEO.

4.3.4. Managers, coordinators, assistants and other collaborators: We understand as a company that it is the responsibility of each of the members of Blockcannan S.A.S. ensure that the operation and income of each of the new members are under Colombian and international regulations and laws. For this reason, each collaborator is in itself an organ of control, verification and minimization of risk, developing activities and following the SARLAFT processes given by the company.

4.4. Binding lists for Colombia, international restrictive and sanctioning lists

In order to safeguard our collaborators from ML / FT risks and comply with Colombian and international regulations, Blockcannan S.A.S. As a company in the ICT sector and governed by Resolution No. 3677 of September 12, 2013 of the Ministry of Information Technology and Communications, we carry out the verification of our collaborators and allies in some of the following International lists that are Binding for Colombia and Local lists according to the company it deems pertinent: OFAC lists (Clinton List), INTERPOL, FBI, IDB, Background of the National Police, Siri Procurator's Office, Judicial Branch, fictitious DIAN providers.

It should be noted that the tools used by Blockcannan S.A.S. seek to minimize ML / FT risk more and more and to achieve this objective we seek to comply with the SARLAFT protocols and mechanisms in which each of our collaborators is part of an organizational philosophy and culture, which is why we abide by a code of ethics and conduct, we have a backup of the documentation in armored databases in blockchain technology, we manage open reports regarding the control of ML / FT risk, we periodically update the information to combat various risk factors, we use internal and external reports, and Lastly, there is training for our employees so that at each of our levels there is a philosophy of ML / FT prevention.

 

5. Blockcannan Anti-Fraud Program

These are the policies that we have as a company to provide security to our collaborators through prevention, detection and correction of possible eventualities. Furthermore, with the use of blockchain and bigdata technologies, we minimize cases of fraud and unusual conduct internally and externally to Blockcannan S.A.S.

5.1. Stakeholders associated with ML / TF

The Company identifies money laundering and terrorist financing risks with the following stakeholders, therefore, it permanently manages and verifies the relationship it maintains with them.

- Customers
- Collaborators
- Members of Boards of Directors
- Suppliers
- Strategic allies
- Shareholders and investors
- PEP´s - Publicly / Politically Exposed Persons

5.2. Due Diligence Interest Groups

It is the appropriate knowledge of each of the members of the Company's interest groups; it involves carrying out an adequate and timely analysis when having or carrying out a commercial or contractual relationship, or when an alert signal is identified; This in order to prevent the Company from being used as a means of executing illicit activities that may lead to incurring any legal, operational, contagion or reputational risk. For this, the procedures defined in accordance with the process being carried out will be used.

5.3. General guidelines

All collaborators must inform the Compliance Officer, through the established channels, of any anomaly or unusual operation that occurs in a real or potential way in the company's processes and that is related to Money Laundering and Terrorism Financing risks.

The appropriate knowledge or due diligence of each of the members of the Company's interest group involves an adequate and timely analysis of personal information, characteristics of economic activities, a review and validation of the fraud control area and participation in the different markets. This must be done, prior to having a commercial or contractual relationship with the third party or when there are warning signs and the need to do so is considered.

The processes must identify, evaluate, control and monitor any risk related to ML / TF (taking into account ML / FT risk factors) and immediately report it to the Compliance Officer and the risk area, so that it is integrated to the Comprehensive Risk Management defined in the Company.

The company must guarantee, through the Compliance Officer, permanent training within the Company in matters of Money Laundering and Assets and Financing of Terrorism, in order to create a culture of prevention against these crimes.

The Compliance Officer must review and update the policies, procedures, mechanisms, methodology and documentation that make up the administration of the Money Laundering and Terrorism Financing Risk System - SARLAFT-, in order to guarantee efficient operation, effective and timely that it is framed within the current regulations and facilitates the fulfillment of the business purpose, strategy, objectives and purposes, both of statutory and legal origin.

Collaborators who do not comply with the provisions of this SARLAFT Manual will be subject to sanctions in accordance with the provisions of the current disciplinary regime, and must put in place the compliance with established standards for the prevention of ML / TF within the company, especially in relation to the achievement of the commercial goals and acquisition of goods and services.

The company is fully committed to collaborating with the competent authorities when they are in the development of Money Laundering and Terrorism Financing investigations, this through the Compliance officer, supplying the information that is available to Blockcannan S.A.S.

The Compliance Officer will be responsible for conducting regular stakeholder consultations on a regular basis. To do this, it will collect the respective information from the different processes.

5.4. Procedures against Money Laundering and Terrorism Financing

The Company has designed and adopted the SARLAFT procedure, which, like this manual, must be known, appropriate by all collaborators and implemented in all processes, in order to prevent Money Laundering and Terrorism Financing with internal activities, relationship with natural or legal persons that are related to these criminal activities.

5.5. Internal reports
5.5.1. Unusual Operations

Unusual operations are the result that through alert signals and control mechanisms allow to know operations, transactions or actions that are not normal within the economic activity, financial statements or any other information provided by the client, supplier or any other interest group, which merits special monitoring by the Compliance Officer.

If this occurs and if there is room for review, clarification of the identified situation should initially be sought with the interest group; which can occur through the presentation of documents that distort and / or justify it. From his analysis, the Compliance Officer determines whether the unusualness is reasonably justified or should continue with monitoring and frames it as a suspicious operation.

All those collaborators of the areas or processes that have contact with each of the stakeholders must inform the Compliance Officer when they learn of any relevant change regarding the data provided in the relationship, such as and without being the only ones, the name, financial information, constant changes in address, telephone number of the natural person, legal entity or legal representatives, changes in business lines and / or company composition.

- The results of the management carried out in the reported period.
- The compliance that has occurred with the sending of reports to the different authorities.
- The compliance and results of the SARLAFT.
- Summary of the requirements and responses given to control entities.
- Improvements to the compliance program, if any.
- Training.

If after the verifications carried out it becomes evident that there is a suspicious Operation, the Compliance Officer must immediately generate the respective report to the UIAF.
https://reportes.uiaf.gov.co/ReportesFSMCif64/Modules/Home/html/default.aspx

5.5.2. Report of the Board of Directors

The Compliance Officer must submit reports to the Board of Directors or whoever substitutes them; the report shall contain at least:

• External reports
• Report of Suspicious Operations

Suspicious Operations Reports (ROS) are carried out by the Compliance Officer, through the mechanisms that the UIAF defines for this purpose; This report must be complete and annex the collected evidence; Today, the body in charge of defining whether or not there is an operation related to ML / FT is the Financial Analysis Unit (UIAF), the report must be made through the WEB page https://www.uiaf.gov.co.

In addition to the immediate report of suspicious operations identified, quarterly, the Compliance Officer must make the report of absence of suspicious operations (AROS), as long as the existence of suspicious operations has not been identified; This report must be made through the UIAF website the first 10 days of the following month.

To make the reports (ROS), it is not required that the entity be certain that it is a criminal activity, nor identify the criminal type or that the resources involved come from such activities.

Cash transactions: The Compliance Officer will report monthly in the first 10 days of the following month, through the UIAF page, cash operations greater than $ 10,000,000 (ten million) Colombian pesos or USD $ 3,000 (three thousand) US dollars, or its equivalent in other currencies.

5.6. Information requirements by authorities

Responses to the information requirements in Money Laundering and Terrorist Financing processes made to the company by the different competent authorities will be coordinated through the Compliance Officer.

The Compliance Officer must evaluate the type of response and the documents that it will send to the control entities. In the case of those controlling entities such as: Internal Audit, UIAF, Superintendency of Companies, they may deliver, according to their criteria, all the information necessary for the review or verification.

5.7. Training

The Compliance Officer and the Human Resources Department of Blockcannan S.A: S, have the obligation to develop training programs for all areas and employees of the Company. It must at least meet the following characteristics:

- Must be part of the induction program for new employees.
- The training plan and the content of each program must be reviewed and updated annually.
- Evaluation mechanisms should be established to measure the effectiveness of training programs.
- Leave written evidence of the programs, methodologies, and procedures to carry out the training.

These programs should highlight, among other topics, the roles and responsibilities defined and approved for the Money Laundering and Terrorism Financing Risk Prevention System, as well as the disciplinary, civil and fiscal consequences derived from their neglect.

5.8. Record keeping and / or evidence

The records that are generated by permanent monitoring or because they are part of the process management, must be kept and guarantee access to the Compliance Officer without restrictions.

The records generated by a special verification must be managed by the Compliance Officer, only collaborators who have the proper authorization of this Directorate or who are related to the development of any function or responsibility within Blockcannan S.A.S.

These files will be kept for 10 years from the date of your last entry. After this time the documents may be destroyed, if the following conditions have been met:

- That there is no request for delivery of these and made by a competent authority.
- That it be kept in an electronic medium that guarantees subsequent reproduction for a future investigation process, as evidential evidence for the competent authority.

5.9. Mechanisms for the prevention of ML / TF

The company has:

- Designed the form for “Report of suspicious operations ROS”, which is available on the Ethics and Compliance portal and the intranet.
- Arranged the email: sarlaft@blockcannan.com to receive all concerns or requests against LA / FT.
- Designed tools for consultation and permanent monitoring in the supply and commercial processes that generate the appropriate alarms, which must be analyzed immediately to avoid any of the risks associated with ML / TF.

 

6. Compliance Officer

Although the responsibility for the prevention of ML / TF risks belongs to all collaborators, some responsibilities are defined according to the level of Government.

Board of Directors

The following are the responsibilities of the Board of Directors:

- Approve the Manual and all documentation with guidelines against the Risk Management System for Money Laundering and Terrorism Financing - SARLAFT.
- Appoint the Compliance Officer.
- Pronounce regarding the reports related to ML / TF presented by the Compliance Officer.
- Follow up on the Company's ML / FT risks.
- Approve the objective criteria for the detection and reporting of Suspicious Operations.
- Provide effective, efficient and timely support to the Compliance Officer.

Legal representative

The following are the responsibilities of the legal representative and current General Manager of the Company:

- Submit the SARLAFT Manual and its updates to the approval of the Board of Directors or the governing body acting in coordination with the compliance officer.
- Take the appropriate measures as a result of the evolution of risk profiles, risk factors and associated risks.
- Guarantee that the databases and the technological platform comply with the criteria and requirements established in the norms that govern the prevention of the risks identified in ML / FT.
- Provide effective, efficient and timely support to the Compliance Officer.
- Approve the criteria, methodologies and procedures for the selection, acceptance, monitoring and / or cancellation of the contracts concluded with the different interest groups, in all matters related to SARLAFT.

Compliance officer

The responsibilities and duties of the Compliance Officer are:

- Verify the timely and strict compliance with the legal regulations established for the prevention of criminal activities in national and international trade.
- Ensure the effective, efficient and timely operation of the SARLAFT.
- Present reports to the Board of Directors.
- Request to the Manager the physical, technological and human resources required to maintain the suitability of the System for ML / FT prevention.
- Implement the established guidelines that you consider appropriate to make effective your work against SARLAFT.
- Carry out the necessary studies to determine if an unusual operation is suspicious.
- Inform Senior Management about possible failures or omissions in controls for the prevention of criminal activities that compromise the responsibility of employees and the Company.
- Evaluate the reports presented by the internal audit or those who perform similar functions or take their place, and the reports presented by the fiscal auditor and adopt the measures of the case against the reported deficiencies.

 

7. Update and disclosure

This SARLAFT Manual must be reviewed and updated at least once a year by the Board of Directors and / or when they must be considered in the new legal or internal regulations.

 

8. Validity

Versión: 1.0
Prepared by: Carlos Esteban Trujillo Jaramillo; Human Resources Director
Reviewed by: Sebastian Restrepo Osorio, CEO Blockcannan S.A.S.
Approved by: Board of Directors
Validity period: May 25, 2020 - April 15, 2021