Body
The know your customer or know your client (KYC) guidelines and regulations for financial services require that professionals try to verify the identity, suitability, and risks involved with maintaining a business relationship.
Legal affairs
National regulatory framework regarding AML and effective date of the regulations
The AML and KYC requirements apply to different industries of the market such as payment services before 2002. However, in 2002 the Peruvian Financial Intelligence Unit - UIF was created. Today, this authority is part of the SBS (starting on 2008). The Law # 27693 started the labor of the UIF.
National regulator or relevant authority for AML controls
The SBS. It has an internal department called Financial Intelligence Unit which supervises the non-banking sectors on AML and KYC.
Customer Due Diligence
Conduct of a typical KYC identification process
We have minimum standards to identify the client/customer/representatives/ultimate beneficial owner: legal information, ID, handwritten signature, validation of PEP condition, client screening with international blacklists.
In addition to those steps, entities must perform risk profiling, transaction monitoring, and ongoing customer due diligence (CDD). For legal entities, it is mandatory to identify ultimate beneficial owners (UBOs), and all data must be retained for 5 to 10 years, depending on the type of operation.
Possibility to meet customer due diligence requirements by relying on third parties who are obliged by law themselves to comply with AML regulations
KYC outsourcing is legal; however, the providers shall meet all minimum requirements. The financial institution remains ultimately responsible for compliance and must ensure that the third party applies equivalent AML standards and provides access to all documentation and verification data.
Possibility to outsource customer due diligence by contract to other third parties who are not obliged by law to meet AML regulations and rely on these (e.g., WebID, IDnow, PostIdent)
Yes, it is possible. KYC outsourcing is legal; however, the providers shall meet all minimum requirements. Such outsourcing must be formalized by contract. In addition, entities must assess data protection risks and ensure technological safeguards are in place.
Presence of a license or registration requirement for the third party in case of outsourcing customer due diligence
No license is required nor registration to provide such outsourcing services. Data protection rules need to be followed. Confidential agreements are highly recommended.
Further questions
Entities that could be relied on specifically by law as a third party to comply with AML regulations (regardless of outsourcing)