Legal affairs

National regulatory framework regarding AML and effective date of the regulations

• Strengthens AML obligations for supervised entities (banks, cooperatives, etc.).
• Requires KYC, recordkeeping, internal controls, and reporting to UIF Bolivia.

• Criminalizes financing of terrorism and provides investigative measures.

• Addresses anti-corruption and illicit enrichment; defines predicate offenses relevant to AML.

• Updates AML offenses and predicate crimes (e.g., drug trafficking, tax evasion, corruption).

• Technical norms for financial and non-financial entities (banks, insurance, lawyers, casinos, etc.).
• Key duties: KYC, Suspicious Transaction Reports (STRs), Currency Transaction Reports (CTRs), 10-year recordkeeping, and risk-based monitoring.

• DNFBPs (real estate, luxury goods dealers, lawyers) must also implement AML compliance programs.

National regulator or relevant authority for AML controls

• Acts as Bolivia’s Financial Intelligence Unit (UIF).
• Receives, analyzes, and disseminates financial intelligence on money laundering and terrorism financing.
• Supervises both financial institutions and Designated Non-Financial Businesses and Professions (DNFBPs) for AML compliance.
• Issues binding resolutions and guidelines (KYC, risk-based monitoring, reporting obligations).
• Coordinates with the Public Prosecutor (Fiscalía), ASFI, and international enforcement agencies.

• Collect and analyze Suspicious Transaction Reports (STRs) and Currency Transaction Reports (CTRs).
• Conduct inspections, audits, and investigations.
• Impose administrative sanctions for AML/CFT non-compliance.
• Provide training and technical assistance to obligated entities.

Customer Due Diligence

Conduct of a typical KYC identification process

• Valid ID: Cédula de Identidad (CI) for Bolivians, foreigner ID, or passport with residency documents.
• Required data: full name, birth date/place, nationality, occupation, contact details.
• Photocopy of ID and possibly an institutional photo.

• Required documents: NIT (tax ID), company incorporation deed, and power of attorney of legal representative.
• Beneficial Owners (UBOs) must be identified under AML rules.

• Documents are verified with SEGIP (civil registry), SERECI, internal databases, and UIF watchlists.
• For businesses, checks may involve Fundempresa (commercial registry) and SIN (tax authority).

• Customers are classified as low, medium, or high risk based on:
• Type of client (individual or corporate).
• Geography (domestic or foreign).
• Frequency/type of transactions.
• Source of funds.

• Regular monitoring of transactions to detect suspicious activity.
• KYC data updated every 1–3 years or when red flags arise.
• Suspicious Transaction Reports (STRs) must be sent to UIF when anomalies are detected.

• Applied to Politically Exposed Persons (PEPs), high-risk jurisdictions, and large or complex transactions.
• Requires:
• Extra documentation on the source of funds.
• Senior management approval.
• More frequent and detailed monitoring.

Possibility to meet customer due diligence requirements by relying on third parties who are obliged by law themselves to comply with AML regulations

• The third party must also be subject to Bolivian AML obligations.
• A formal written agreement or arrangement must be established.
• The third party must provide immediate access to relevant CDD records and documents upon request.

• Ensuring the third party’s competence and reliability.
• Conducting periodic reviews of the third party’s AML compliance and reporting.
• Maintaining access to records for a minimum of 10 years in accordance with Bolivian law.

• Complete outsourcing of the AML program, including risk classification, transaction monitoring, and STR filing.
• Reliance on unregulated third parties (such as informal agents or unlicensed FinTechs) is prohibited.

• Banks or cooperatives regulated by ASFI.
• Insurance companies under Bolivian regulation.
• Stock brokerage firms supervised by the SPVS (Superintendencia de Pensiones, Valores y Seguros).
• Notaries and real estate companies classified as Designated Non-Financial Businesses and Professions (DNFBPs) under UIF oversight.

Possibility to outsource customer due diligence by contract to other third parties who are not obliged by law to meet AML regulations and rely on these (e.g., WebID, IDnow, PostIdent)

• Outsourcing technical components of Customer Due Diligence (CDD) — such as identity verification via video ID, facial recognition, or biometric checks — to unregulated third-party service providers is permittedin a limited and highly controlled manner.
• However, the legal responsibility for CDD and AML compliance always remains with the regulated financial institution.

• UIF Bolivia and ASFI emphasize that the regulated entity must maintain full accountability for AML compliance, including risk assessment, transaction monitoring, and suspicious transaction reporting (STR).
• These core AML functions cannot be delegated or outsourced.

• The unregulated third party acts strictly as a technology or service provider under a formal contract.
• The contract must include data protection, confidentiality, and audit provisions.
• The financial institution must retain full access to all CDD data and documentation for at least 10 years.

• If the provider is foreign or outside Bolivian jurisdiction, the institution must ensure compliance with Bolivia’s Ley N° 164 on data protection, including:
• Adequate safeguards for cross-border data transfers.
• Encryption and security of data.
• Accessibility of data to Bolivian authorities upon request.

• UIF Bolivia or ASFI may require prior notification or formal approval when engaging unregulated third parties for parts of the CDD process, especially if it affects the integrity of identity verification or risk classification.

• Treating unregulated third parties as if they were regulated AML entities.
• Outsourcing core AML functions, including:
• Risk classification and profiling
• Transaction monitoring
• Suspicious transaction reporting (STR)

Presence of a license or registration requirement for the third party in case of outsourcing customer due diligence

Further questions

Entities that could be relied on specifically by law as a third party to comply with AML regulations (regardless of outsourcing)