PREVENTION MANUAL FOR ANTI LAUNDRY MONEY DISRUPTIVE EXCHANGE S. DE R.L. BY C.V.
This manual is designed to provide Disruptive Exchange S. de R.L. of C.V. (Disruptive Exchange), a leading company in the commercial commission for the purchase and sale of Cryptoactives, a clear and concise guide for the prevention and identification of operations with resources of illicit origin.
I. Background
In the world of Cryptoassets, transparency and integrity are essential. As such, Disruptive Exchange has a responsibility to prevent illegal activities such as money laundering and terrorist financing, while ensuring the integrity of its business operations.
II. Objective of the Manual
This manual seeks to provide Disruptive Exchange with the necessary tools to identify and prevent operations with resources of illicit origin.
On the other hand, this manual will seek to help comply with the legal obligations that we as a company have in Anti-Money Laundering prevention.
Manual Structure
The manual is structured into several chapters, each one dedicated to a specific area of prevention. Each chapter provides an overview of the topic, followed by detailed guidelines on how to implement effective preventative measures and regulatory compliance.
This manual is an extension of our compliance manual and seeks to be a valuable tool for Disruptive Exchange in its fight against money laundering and terrorist financing in the commercial sector in which we operate.
Prevention begins with awareness.
Definiciones
Archive
Set of data and documents that are preserved or stored in printed format or in electronic, optical or any other technology, which will remain complete and unaltered from the moment it was generated for the first time and is accessible for subsequent consultation, with the purpose of integrating, preserving and demonstrating the Operations of Disruptive Exchange.
Beneficiary
The person designated by the Disruptive Exchange Client, so that, in the event of the death of said Client, such person can exercise the rights derived from the account, contract or Order before Disruptive Exchange.
Customer
The natural or legal person who, directly or indirectly, contracts or places any Order with Disruptive Exchange.
Board of directors
The Disruptive Exchange body, in charge of supervision and decision making, composed of independent directors and/or executives, whose role is to provide strategic guidance and supervise the management of the company.
Control
The ability to impose, directly or indirectly, decisions in general meetings of shareholders, partners or equivalent bodies, or to appoint or dismiss the majority of the directors, administrators or their equivalents of a legal entity; or maintaining ownership of rights that allow, directly or indirectly, the exercise of voting with respect to more than fifty percent of the company's share capital, or directing, directly or indirectly, the administration, strategy or main policies of the company. society. Likewise, Control will be understood to be exercised by any natural person who, directly or indirectly, acquires 25% or more of the shareholding composition or share capital of a legal entity.
Criptoactivos
The representation of value recorded electronically and used among the public as a means of payment for all types of legal acts, the transfer of which can only be carried out through electronic means. In no case will Crypto Assets be understood as legal tender in the national territory of Disruptive Exchange, nor foreign currencies. These are a mechanism for the storage and exchange of information, which does not represent the possession of any underlying asset at par and which is univocally identifiable, even fractionally, stored electronically; Therefore, they are not legal tender or foreign currencies; that they do not have the power to release payment obligations nor are they regulated by the Mexican financial authorities; nor are they shares, shares, debentures, bonds, warrants, certificates, promissory notes, bills of exchange and other titles of credit, nominated or unnamed, that are issued serially or en masse and represent the share capital of a legal entity or a part of this, an aliquot part of an asset or the participation in a collective credit or any individual credit right, under the terms of the applicable national or foreign laws; nor securities, contracts or any other legal act whose valuation refers to one or more underlying assets, securities, rates or indices. By virtue of this, since Disruptive Exchange only offers the commission service for the purchase and sale of Cryptoactives, it is not considered by national laws as a financial institution or technological financial institution.
Exchange or Provider
Digital platforms for the exchange of Cryptoassets, outside of Disruptive Exchange, which are suppliers of Disruptive Exchange and operate from abroad.
Corporate governance
It is the set of principles, standards and practices that regulate the management and direction of Disruptive Exchange. Its main objective is to establish an internal and external control framework that promotes transparency, responsibility, ethics and efficiency in decision making within the organization.
Platform
Set of Disruptive Exchange web pages, visible through the electronic address https:/ disruptivex.mx/, its subdomains, mobile application services, clients, APIs or any electronic form of communication developed and authorized by Disruptive Exchange.
Identification and prevention of money laundering in commercial transactions with Cryptoactives
What is money laundering?
Money laundering is an illegal process used to make large amounts of money generated by criminal activities, such as drug trafficking or terrorist financing, appear to have come from a legitimate source. Money from criminal activity is considered “dirty,” and the process “launders” the money to make it appear “clean”.
This process generally follows three stages:
Placement: Injects “dirty money” into the legitimate financial system surreptitiously.
Layer: Hides the origin of money through a series of transactions and accounting tricks.
Integration: In this final step, the money already laundered is removed from the legitimate account to be used for whatever purposes the criminals have in mind.
It is important to highlight that companies like Disruptive Exchange must implement anti money laundering (AML) policies to detect and prevent this activity and thus cooperate with the authorities.
How do we detect possible acts of money laundering?
Detecting money laundering can be challenging due to the sophistication of the techniques used by criminals. However, there are several red flags that may indicate the possibility of money laundering:
Unusual activity: If a customer makes transactions that are inconsistent with their usual patterns, this may be a red flag.
Large cash deposits: Large and frequent cash deposits can be indicative of money laundering, especially if the customer cannot justify where the funds are coming from.
Evasion or defensiveness: If a customer is evasive or defensive when asked about details of their transactions, this may be suspicious.
Discrepancies in the information provided: If the information provided by a client is inconsistent or inaccurate, this can be a red flag.
Large investments by third parties: If third parties are investing large sums of money without a clear explanation, this may be suspicious.
Suspicious recurring transactions: If sums of money move in and out of a customer's account at a rapid pace, this may be indicative of “smurfing,” a money laundering technique that involves dispersing illegal funds. Additionally, we must implement know-your-customer (KYC) and “blacklist” verification techniques, as will be specified in this manual, to assist in the effort to prevent these activities.
It is important to remember that these are only red flags and not definitive evidence of money laundering. Any suspicious activity must be reported to the competent authorities for investigation.
Financial Intelligence Unit
The Financial Intelligence Unit, also known by its acronym UIF or FIU, is a national entity that, as a supervisory authority, centrally receives reports on suspicious operations of money laundering and financing of terrorism provided by institutions. financial companies or any other entity such as Disruptive Exchange that participates in activities considered vulnerable by Law.
The FIU processes, analyzes and converts this information into intelligence, in order to transmit it to the competent authorities in order to combat and prevent illegal activities.
In the specific case of Mexico, the Financial Intelligence Unit (UIF) is an Administrative Unit of the Ministry of Finance and Public Credit in charge of receiving, analyzing and disseminating information related to the prevention, detection and combating crimes of operations with resources of illicit origin (commonly known as money laundering) and financing of terrorism.
Regulatory framework
The Federal Law for the Prevention and Identification of Operations with Resources of Illicit Origin, also known as the Money Laundering Law, was enacted in Mexico with the objective of protecting the financial system and the national economy. This law establishes measures and procedures to prevent and detect acts or operations that involve resources of illicit origin.
The law is applicable throughout Mexican territory and is of public order and interest. Its objective is to collect useful elements to investigate and prosecute the crimes of operations with resources of illicit origin, crimes related to the latter, the financial structures of criminal organizations and prevent the use of resources for their financing.
The law defines “Vulnerable Activities” as the activities carried out by Financial Entities in terms of article 14 and to which article 17 of this law refers. It also establishes the “Notices”, which are those that must be presented in terms of article 17 of said Law.
In addition, the law introduces the concept of “Controlling Beneficiary”, which refers to the person or group of people who obtain the benefit derived from the acts and is the one who, ultimately, exercises the rights of use, enjoyment, exploitation. or provision of a good or service.
In short, this law is a crucial legal instrument in the fight against money laundering and other financial crimes in Mexico. It provides a framework for the identification and prevention of suspicious operations, helping to protect the integrity of the Mexican financial system.
Sanctions for failing to comply with the regulatory framework
At Disruptive Exchange we comply with the Law, not by avoiding sanctions, but by the conviction of legality as one of our fundamental principles; However, it is necessary to have a general overview of the legal risks involved in failing to comply with this legislative mandate.
The penalties for violating the Federal Law for the Prevention and Identification of Operations with Resources of Illicit Origin can be severe. Here we mention some of the possible sanctions:
The authority may impose for each of these infractions, a penalty consisting of a minimum fine of two hundred days of the current minimum wage and a maximum of sixty-five thousand days of the current minimum wage (an amount ranging from $16,898.00 to $5,491,850.00 M.N.), per each breach and/or notice not presented to the authority in a timely manner, or, said information is incomplete or incorrect.
It is important to highlight that failure to comply with obligations could lead to the imposition of various fines by the authority, in addition to revoking, ceasing or canceling permits, patents and/or authorizations, which could at some point become a unsustainable burden for obligated subjects. Therefore, it is necessary to have a correct application of the Legislation on the Prevention of Money Laundering.
What are we obligated to do according to our business model?
The corporate purpose of Disruptive Exchange is the habitual and professional performance, as a commission agent, intermediary, importer and/or exporter in the purchase and sale of Cryptoactives with national and/or foreign suppliers; as well as provide related services; develop, implement, publish and maintain an electronic platform and mobile application to provide our commercial service; and the purchase, sale and maintenance of technological products, software and/or technologies based on blockchain.
Based on this and, in accordance with the Anti-Laundering Law, we have detected that our main activity is substantially considered a vulnerable activity:
This, because the Article 17 of the Federal Law for the Prevention and Identification of Operations with Resources of Illicit Origin of Mexico establishes the activities that are considered vulnerable and, therefore, subject to identification.
In terms of virtual assets (section XVI), the people who carry out the Vulnerable Activity as providers of services related to virtual assets and different from financial entities, such as Disruptive Exchange; We are obliged to inform the Ministry of Finance and Public Credit, when the amount of the purchase or sale operation carried out by each client on a semiannual basis is for an amount equal to or greater than the equivalent of 645 Measurement and Update Units.
The amount of the Unit of Measurement and Update varies every year andIt is published in the Official Gazette of the Federation on February 1.
The current amount of the Unit of Measurement and Update is $103.74, so We are required to report each time the same client exceeds semiannual operations above the threshold of $66,912.30.
This notice must be sent to the authority no later than the 17th day of the month immediately following the month in which the operation that gave rise to it and that is the subject of the Notice was carried out.
It should be noted that when the Bank of Mexico recognizes virtual assets, the people who provide virtual assets must obtain the corresponding authorizations within the deadlines indicated by said Bank of Mexico in the respective provisions.
In this regard, Circular 4/2019 of the Bank of Mexico (Banxico) refers to the general provisions applicable to Credit Institutions and Financial Technology Institutions in the operations they carry out with virtual assets; However, our company is not subject to this regulation because it is not a financial or financial technology institution.
The above is so becauseDisruptive Exchange is limited to offering the commercial commission service for the purchase and/or sale of Cryptoactives on behalf and on behalf of our clients; therefore Disruptive Exchange is in no way a facilitator of any type of business, nor is it a financial or fintech institution; Disruptive Exchange is NOT a portfolio provider, stock exchange, broker, distributor, investment advisor, investment company or company, bank, exchange house, credit institution, creditor, savings institution or company, chamber, confederation, insurer , surety company, fund administrator of any kind, remittance sending company, stock exchange institution, credit auxiliary, savings bank, financial or savings cooperative, financial group, electronic payment fund institution or collective financing institution.
Disruptive Exchange, plays no role in the facilitation, conduct, execution or consummation of any transaction in securities, commodity futures, securities, fiat currencies or foreign currencies.
In no case can our Platform be used to market securities, shares, corporate shares, obligations, bonds, warrants, certificates, promissory notes, bills of exchange and other credit titles, nominated or unnamed, registered or not in the Public Registry, capable of circulating in the securities markets that are issued serially or en masse and represent the share capital of a legal entity, an aliquot part of an asset or participation in a collective credit or any individual credit right, in the terms of applicable national or foreign laws; nor securities, commodities, commodity futures, securities, fiat currencies or foreign currencies.
Nor can our Platform be used to maintain the legal tender currencies or foreign currencies of our clients, nor to exchange them.
Additionally, customers may not use our Services to pay and/or obtain payments for products or services from third parties, collect and/or send money or securities; obtain and/or promote insurance, make investments, obtain and/or grant credit, or send and/ or receive remittances.
Disruptive Exchange, prior to starting its operations, has informed the following authorities what its corporate purpose will be and has requested reports from the Ministry of Finance and Public Credit, the National Banking and Securities Commission, the Bank of Mexico and the National Commission for the Protection and Defense of Users of Financial Services to find out if you are obliged to obtain regulation; In the reports issued by the transparency units of these agencies that Disruptive Exchange has in its possession, none of them have established that the company requires a special license or regulation.
Furthermore, publicly the Bank of Mexico has said that:
“It is important to highlight that, although ITFs or ICs are not authorized to offer operations with virtual assets to the general public, this does not imply that companies other than these cannot offer services related to virtual assets. Such is the case of virtual asset exchange houses that offer the service of buying and selling virtual assets to the public, which, as long as they do not carry out fundraising activities or guard resources in national currency or foreign currencies of their clients, could continue offering its services.”
Which is visible on the official website: https:/www.banxico.org.mx/sistemas-de-pago/6--acciones-regulatorias-po.html
Therefore, by not capturing or custody resources in national currency or foreign currencies of our clients, nor being a credit institution or technological financial institution; We do not have any legal impediment to operate in our business model.
Registered as vulnerable activity
Before Disruptive Exchange begins any operation with its clients in accordance with its corporate purpose as a commission agent in the purchase and sale of Cryptoassets, it must register as a vulnerable activity on the Anti-Money Laundering Site, in accordance with the following steps:
Once the information and documentation has been sent, the SAT will issue the electronic acknowledgment of registration and respective registration with a digital seal and will grant access to the electronic media within the Anti-Money Laundering Portal, through which we will send the corresponding Notices and receive the notifications, reports. or communications.
Identification of our clients (KYC)
In terms of article 18 of the Anti-Laundering Law, we are obliged to identify our clients and users (KYC) and verify their identity based on credentials or official documentation, as well as obtain a copy of their documentation.
When establishing business with our customers, we must request information about the customer's activity or occupation. This information will be based in part on the notices that the client has submitted to the SAT for the Federal Taxpayer Registry, when applicable.
On the other hand, we must ask the client for information about whether they are aware of the existence of the beneficial owner and, if applicable, request official documentation that allows them to be identified, if this is in their possession; Otherwise, it will declare that it does not have it.
Also, we are obliged to guard, protect, safeguard and prevent the destruction or concealment (for five years physically or electronically) of the information and documentation that supports the activity, as well as that which identifies our clients.
In addition, we must provide the necessary facilities to the authorities to carry out verification visits.
We are obliged not to provide service to clients who refuse to identify themselves and this in no way can generate any liability against us, by mandate of Law.
Customer identification policy
Disruptive Exchange will integrate and maintain an electronic identification file for each of its Clients, before they can place an order to purchase and/or sell Cryptoactives, so we will implement a form on the Platform, in order to collect the data and identification documents necessary to provide our services, in accordance with the PROCEDURE TO AVOID MISUSE OF THE PLATFORM.
We must classify our Clients into the following types:
Under no circumstances will we register or establish commercial relationships with public legal entities, embassies, consulates, international organizations, financial institutions, financial technological institutions, or trusts; incorporated in Mexico. In the case of institutions abroad, they will be submitted to the Compliance Officer to examine whether there are any regulatory restrictions in this regard in their country of origin.
When you start filling out a KYC form, you will be registered in our database:
Once the Client specifies the type of person they are, we will proceed to collect the following data and documents:
Mexican Physical Person, temporary resident or permanent resident:
Mexican moral people
Foreign Natural Person
Foreign Moral Person
Once the information has been sent, the SAT will issue the electronic acknowledgment of registration and respective registration with a digital seal and will grant access to the electronic media within the Internet Portal, through which those of us who will send the corresponding Notices and receive the notifications, reports or communications by the SAT, the FIU or the Secretariat, as appropriate.
Every year we must verify, at least once a year, that the Client identification files have all the data and documents and are kept up to date.
If we have indications that any of our Clients request our services on behalf of a third party, we must request the data and documents of representation or beneficiary provided for in this document.
Under no circumstances can we allow our clients to use our services using pseudonyms, aliases or fictitious names.
Client risk level classification
Classifying clients' risk level is a fundamental part of the money laundering prevention process. To do this effectively, you can establish a mechanism that takes into account the consultation of sanction blacklists, the client's profile and their transactional activity. Here is a general approach to creating this mechanism:
Consultation of Sanction Black Lists:
International Sanctions Lists:
Conduct regular checks on international sanctions lists, such as those provided by the Office of Foreign Assets Control (OFAC) in the United States, the United Nations and other relevant entities.
Automate the verification process using updated software tools to ensure customers are not on these lists; as described in the next point.
National Sanction Lists:
Each time one of our clients registers, it will be verified in our database that contains the people sanctioned on the SAT blacklists.
On a weekly basis, an automated system will consult the blacklists and update our database of sanctioned individuals.
FATF Lists
We must also monitor where clients intend to contract our services, restricting operations with those located in jurisdictions that are classified as blacklisted by the Financial Action Task Force and I am very cautious with those who operate from gray lists.
Furthermore, our system monitors constantly the update of these lists.
Client Profile:
Initial Risk Assessment:
Carry out an initial risk assessment of the client at the time of incorporation.
Collect relevant information about the client, such as their trading history.
Client Categorization:
Classify customers into different risk categories, such as low, medium or high, based on factors such as their industry, country of origin, financial history and previous behavior.
Profile Update:
Maintain updated customer profiles throughout the business relationship.
Update the client's profile when significant changes occur in their situation or activity.
Transactional Activity:
Continuous Monitoring:
Implement a system for continuous monitoring of customer transactions.
Set thresholds to identify unusual or suspicious activities.
Transaction Analysis:
Perform transaction analysis to detect unusual patterns or behavior.
Report of Suspicious Transactions:
We must report suspicious transactions in the terms of this Manual.
Risk Evaluation and Classification:
Periodic Evaluation:
Carry out periodic risk assessments of each client based on their profile and transactional activity.
Update risk classification as necessary.
Business Decisions:
Use risk classification to make business decisions, such as assigning transaction limits, further reviewing accounts, or terminating high-risk business relationships.
Classification:
Low Risk Category:
Regulatory compliance:
Adequate compliance with documentation and regulatory requirements. Compliance history without prior sanctions.
Client's profile:
Client with a good reputation in the market and positive track record. Clear and transparent transactions and commercial activities.
Financial History:
Solid and transparent financial history. Financial operations within normal industry parameters.
Source of Funds:
Lawful and well-documented origin of funds used in transactions. Clients who can provide clear evidence of the source of their funds.
Type of Transactions:
Transactions within normal limits for the industry and customer profile. Commercial activities consistent with the client's type of business.
Medium Risk Category:
Regulatory compliance:
General compliance with regulatory requirements, but with some minor deficiencies. Lack of sanctions history, but with certain concerns identified.
Client's profile:
Client with a reasonable history, but with some areas of concern. Transactions and commercial activities that may be opaque in some respects.
Financial History:
Reasonable financial history, but with certain anomalies or fluctuations. Financial operations that may occasionally deviate from the norm.
Source of Funds:
Origin of funds reasonably well documented, but with some gaps. Some difficulties in providing clear evidence of the source of funds in some cases.
Type of Transactions:
Transactions that may be unusual in terms of volume or frequency. Commercial activities that may sometimes be inconsistent with the client's profile.
High Risk Category:
Regulatory compliance:
Significant non-compliance with regulatory requirements. History of sanctions and previous violations.
Client's profile:
Client with a negative or suspicious history. Highly opaque or unusual transactions and commercial activities.
Financial History:
Financial history with significant problems, such as extreme fluctuations or serious irregularities. Financial transactions that are clearly atypical or suspicious.
Source of Funds:
Origin of funds that is difficult to trace or that clearly comes from illicit sources. Lack of proper documentation on the source of funds.
Type of Transactions:
Extremely unusual transactions in terms of volume or frequency. Business activities that are clearly inconsistent with the customer profile and industry. With clients identified at this risk level, we will not establish commercial businesses.
Politically Exposed Persons (PPE)
Definition of PPE:
Politically Exposed Persons (PEP) are individuals who hold or have held prominent public positions or political functions in the country or abroad, as well as their close family members and close associates.
Importance of Identifying PPEs:
Identifying and monitoring PEPs is essential to prevent the risk of money laundering and terrorist financing, as they may be in a favorable position to abuse their resources and positions of power.
Categorization of PPE
Level 1 PPE
Individuals who currently hold high-level political positions, such as heads of state, presidents, prime ministers, government ministers, among others. Your close family members and close associates.
PLevel 2 PPE
Individuals who have held high-level political positions in the past. Your close family members and close associates.
Close Relatives and Close Associates
Includes spouses, children, parents and siblings of PPE, as well as people with close business or financial relationships with them.
PPE Due Diligence Process
PPE Identification
Definition and Classification of PPE:
The company must establish a clear definition of what constitutes PPE in accordance with applicable national and international regulations.
Categorize PPEs based on their level, such as Level 1 PPEs (current high-level office holders), Level 2 PPEs (past high-level office holders), and their close family members and close associates.
Obtaining Client Information:
When entering into a business relationship with a customer, complete and accurate information regarding their identity and occupation must be collected.
Use specific due diligence forms for PPE identification, including fields for personal details, current or past occupation, and close family or business relationships.
Consultation of External Sources:
Implement an automated process to query trusted information sources that may contain PPE data, such as government databases, sanctions lists, and public records.
Establish a periodicity to update PPE information based on changes in its status or activities.
Independent Verification:
Perform independent verification of information provided by the client to confirm their status as PPE.
Use third-party verification tools or conduct additional investigations as necessary.
Registration and Documentation:
Maintain detailed records of information collected on PPE, including the source of the information and the date of verification.
Store documentation related to PPE identification securely and accessible for internal audits and reviews.
Individualized Risk Assessment:
Conduct an individualized risk assessment for each client identified as PPE, considering factors such as their current or past position, the nature of their relationship with the company and geographic location.
Assign a specific risk category to each PPE according to the risk assessment.
Information Update:
Establish a process to update PPE information on a regular basis or when significant changes in status occur.
Update risk categorization as necessary based on updated information.
Risk Assessment:
Conduct an individualized risk assessment for each PPE, considering their profile, current or past position, the nature of their relationship with the company and geographic location.
Enhanced Due Diligence:
Apply enhanced due diligence measures to transactions or business relationships involving Level 1 and 2 PPE, as well as their close family members and close associates.
Obtain higher-level approval before establishing or maintaining business relationships with high-risk PPE.
Continuous Monitoring
Transaction Monitoring:
Establish a system of continuous monitoring of PPE-related transactions. Identify and report any unusual or suspicious activity in a timely manner.
Report of Suspicious Transactions
Reporting Obligation:
Establish clear procedures for reporting suspicious transactions related to PPE to the competent authorities, in the terms of this manual.
Maintain detailed records and relevant documentation to support reports.
Training and Awareness
Staff Training:
Provide regular training to staff so they understand the importance of PPE identification and monitoring.
Train staff in specific due diligence and reporting procedures in cases related to PPE.
Review and Update
Periodic Review:
Conduct regular reviews of PPE-related policies and procedures to ensure they are up-to-date and comply with applicable regulations.
Adaptation to Changes:
Adapt PPE compliance procedures as regulations change or new threats emerge in the anti-money laundering field.
Compliance officer
By Law, we must have a compliance officer designated, in charge of complying with the obligations of the Anti-Laundering Law; Thus, the Board of Directors of the company has made the decision that the Compliance Officer (CO), in this matter, is the one who has the powers of legal representative.
The compliance officer will have the following duties:
To fulfill its obligations, the OC will rely on Disruptive Exchange's external legal and accounting service providers.
Presentation of notices
We are obliged to monitor the operations of each of our clients and account for the total amount of their operations for each semester so that once the thresholds specified in this manual are exceeded, the notices required by the Anti-Money Laundering Law are presented.
The sending of the notices will be done through the Anti-Money Laundering Platform and will be signed electronically with the SAT Disruptive Exchange eSignature.
If we do not carry out vulnerable activities, we must inform you so. When we have indications that the resources used in the services we provide are used or will be used for the commission of Crimes of Operations with Resources of Illicit Origin or those related to these, we must present the Notice to the FIU, through the SAT, within the the following 24 hours counted from when we know said information.
The Notices that we are obliged to present will contain:
Verification visits
Verification visits are an important tool to ensure compliance with tax and anti-money laundering obligations. During these visits, inspectors may review accounting books, financial records, and other documents to verify compliance with legal obligations.
Procedure:
Identification of the inspector: The inspector must properly identify himself before beginning the visit. It is important to verify your identification and make sure you are authorized to visit.
Notification of the visit: The company must be notified of the visit in advance. It is important that the company has an established protocol to receive and respond to these notifications.
Reception of the inspector: The inspector must be received by a representative of the company and must be provided with a suitable place to work.
Accompaniment of the inspector: During the visit, the inspector must be accompanied by a company representative at all times. It is important that the representative is familiar with company procedures and can provide the requested information.
Documentation: The company must have all the necessary documentation available to the inspector to verify compliance with legal obligations. It is important that documentation is organized and easily accessible.
Collaboration with the inspector: The company must collaborate with the inspector at all times and provide the requested information in a clear and precise manner. They are only authorized to request information from us regarding vulnerable activity, the documentation that supports it and the identification files of our clients; Likewise, you can request to consult this manual.
Verification report: At the end of the visit, a verification report must be prepared containing the results of the visit and the inspector's observations. It is important that the company carefully review the minutes and make the necessary observations.
Data reservation
We are obliged to protect the personal data of our clients as provided in our privacy notice. Likewise, to guarantee that the data we store on our server is as least vulnerable as possible, we will apply the following encryption method:
Encryption and data protection flow:
Note: The public and private key of the client and the administrator are not saved in the system but are stored locally on the electronic device of the client and the administrator.
Only the OC will have the administrator profile.
We will never be able to notify or alert our clients of:
Complying with our legal obligations does not mean complying with contracts or privacy provisions.