LEVEL 3 COLOMBIA ANTI-MONEY LAUNDERING AND COUNTER TERRORISM FINANCING POLICY (AML / CTF) ALL AREAS DOCUMENT NUMBER AML/CTF - 01 REVISION NUMBER 1 ISSUE DATE 3/12/2014 Approval Name Position/Role Signature Date Prepared Sandra Legal & 4/12/2014 by Monroy Compliance Approved by Approved by Approved by Suárez Jaime Peláez Espinosa Valeria Plastino Neil Eckstein Director Cluster Legal Representative Level 3 Colombia S.A VP General Counsel Latin America Chief Compliance Officer 4/12/2014 5/12/2014 5/12/2014 Number of Amendment POLICY AMENDMENTS Doccument of Amendment Date 1 Board of Directors Meeting 160 June 3 th, 2015
LEVEL 3 ANTI-MONEY LAUNDERING AND COUNTER TERRORISM FINANCING POLICY (AML / CTF) 1 PRELIMINARY PART Section 1.01 INTRODUCTION (a) Money laundering and the financing of terrorism are major threats to economic development and corporate governance. As a consequence, on the 25th of June 2014, the Superintendence of Corporations of Colombia issued the Policy Document (Circular) 100-00005, making mandatory for companies with an annual turnover higher than 160,000 minimum monthly wages to adopt and implement anti-money laundering and counter terrorism financing policies. The mentioned Policy Document also provides the guidelines for developing such policy on the basis of OECD and FATF recommendations. (b) It is LEVEL 3 policy and ethic guidelines to comply with all applicable laws, including those relating to anti-corruption, anti-money laundering and those prohibiting terrorism financing and to ensure that those with whom it does business do the same. It is also a commitment of all the companies of the LEVEL 3 group to prevent any practice related to or consider as money laundering or terrorist activities financing. (c) This policy is specific to LEVEL 3 COLOMBIA S.A. (Level 3 Colombia). Although it focuses primarily on Anti-Money Laundering and Counter Terrorist Financing, this Policy must be read together with existing LEVEL 3 Policies and particularly with its code of conduct. (d) This policy is based on Level 3 values of responsibility, integrity, performance, respect, service and teamwork. Section 1.02 RELATED DOCUMENTS: (a) Policy Document (Circular) 100-000005/2014 (b) Worldwide Business Code of Conduct of Level 3 (c) Business Conduct Code of Level 3 (d) Personally Identifiable Information Section 1.03 ACRONYMS AND ABBREVIATIONS AML CTF CECO FIAU FATF KYC OECD MLRO Anti-Money Laundering Counter Terrorist Financing Chief Ethics and Compliance Officer Officer Financial Information Analysis Unit Financial Action Task Force Know Your Customer Organisation for Economic Co-operation and Development Money Laundering Reporting Officer
PEP Politically Exposed Person Section 1.04 DEFINITIONS (a) Suspicious Operation: Any operation that due its number, amount or characteristics do not suit the kind of transactions expected for a company of a specific market, and no reasonable justification has been provided for such a transaction. Suspicious Operations must be reported by the MLRO to FUIA. (b) Unusual Operation: Any operation not suiting the amount or characteristics of the business activity of the customers, or due its frequency, amount or characteristics do not suit the regular transactions of Level 3 Colombia. Unusual Operations must be reported to MLRO. Section 1.05 OBJECTIVES OF THIS POLICY (a) To ensure that Level 3 Colombia complies with Colombian laws regarding AML and CTF, including but not limited to Policy Document (Circular) 100-000005 issued by the Colombian Superintendence of Corporations. (b) To prevent Level 3 Colombia and its employees contracted staff and agents from inadvertently committing or favouring money laundering and terrorist financing offences or from failure in operational controls. (c) To avoid reputational damage to Level 3 Colombia and Level 3 by having consistent controls in place that deter abuse of Level 3 Colombia services or products by money launderers and those involved in financing terrorism activities. 2 SCOPE AND RESPONSIBILITIES Section 2.01 SCOPE (a) The policy sets the minimum standards and applies to all Level 3 Colombia staff (including permanent and contracted staff) and business partners, customers, suppliers or agents providing services to Level 3 Colombia. Section 2.02 ACCOUNTABILITY (a) According to Policy Document (Circular) 100-000005/2014, the legal representatives of Level 3 Colombia are responsible for implementing this AML - CTF policy. However, all Level 3 employees or contracted staff must apply the procedures as described in this policy. Breaching this policy may cause disciplinary sanctions. (b) The legal representative shall report to the Board of Directors on the implementation of this policy at least once a year and in any case on the
first meeting of each year. The Board of Directors may request the Legal Representative for additional reports during the year. (c) The auditor of the company shall review and assess the implementation of this policy as part of its annual report. (d) The MRLO shall apply this policy as provided in Section 3.01. 3 APPOINTMENTS AND ESTABLISHMENT OF PROCEDURE MANUALS Section 3.01 MONEY LAUNDERING REPORTING OFFICER (a) On or before 31 st December 2014, the Board of Directors will appoint a MLRO. This individual will be charged with the responsibility of: (i) (ii) (iii) (iv) (v) (vi) Communicating the policy to Level 3 Colombia employees, customers, agents and contractors. Verifying continuously that Level 3 Colombia AML CFT policy complies with the Colombian law and meets international standards. Proposing to the legal representative any amendments to the policy that may deem necessary. Receiving and deciding on any report made by any employee, member of the staff, customer, contractor or agent. Reporting to the FIAU any suspicious operation (intended or completed) when adequate. Analysing any Unusual Operation or Suspicious Operation reported by any employee, member of the staff, customer, contractor or agent. (b) The MLRO will be suitably senior, with a degree of independence from the business. 4 CONTROLS Section 4.01 AVOIDING HIGH-RISK TRANSACTIONS (a) As part of this policy, all members of the staff, customers, contractors and agents shall avoid high-risk transactions. (b) For the purposes of this policy, the following transactions are considered as high-risk for AML/CFT:
(i) Signing contracts with unidentified or not fully identify persons or companies, as provided in Section 4.03. (ii) Doing transactions involving significant amounts of cash other than those permitted by Level 3 as provided in Section 4.06(c). (iii) Purchasing goods or services for a notably lower price than the market value. (iv) Including new shareholders without previously and duly screening the origin of their funds. (v) Failing to adequately document any contract or transaction. (vi) Making transactions involving shell banks, as they are defined in Section 313 (a) of the Patriot Act of the United States or financial companies based abroad without any representation in Colombia. (vii) Any conduct that facilitates the use of Level 3 services for illicit acts or involve the company in money laundering or terrorism financing activities. Section 4.02 AML/CF CONTROL SYSTEM (a) Marketing department shall verify the identity and source of funds of customers and obtaining additional KYC information as appropriate. (b) In first instance, the Procurement Department shall verify the vendors identification documents and origin of the vendors funds, as well as obtain additional KYC information as applicable. A new vendor shall be previously approved by the MRLO at Level 3 Colombia S. A. (c) Financial Department shall monitor Level 3 transactions with customer to identify activity that may be linked to money laundering or financing of terrorism. (d) IT department shall maintain appropriate records of customer identification and transactions. (e) MLRO shall train Level 3 Colombia employees and contractors about this policy. (f) Other due diligence measures described in Section 4.06 shall be applied by the responsible area as required. Section 4.03 KNOW YOUR CUSTOMER (a) All prospective customers wishing to use Level 3 services must have their identity verified using reliable, independent documentary evidence.
(b) The acceptable forms of evidence may vary from time to time according to the changes in regulation, but the verification must take place prior to an account being opened. When evidence cannot be produced, the application must be declined. (c) For the purposes of registering an Level 3 customer the following is the list of acceptable forms of identification: (i) Corporations 1) For Colombian Companies: Certificate of incorporation issued by the Chamber of Commerce 2) For foreign companies: Certificate of good standing issued by the designed authority of the country. (ii) Persons 1) ID Card (Cédula de Ciudadanía for Colombians) 2) Passport (d) The following information must be provided for all new and existing customers. If the information is not included in the identity documents mentioned in Section 4.03(c), additional support documents shall be provided. Sales Department is responsible for this obligation. (i) Corporations 1) Registered address 2) Auditor (if any) 3) Shareholding (ownership and control) structure. For share companies or public listed companies, indicate whether any shareholder controlling society. If the company belongs to a business group, indicate the name of the group and the parent company. 4) Name and ID numbers of legal representatives and directors. 5) Source of funds. (ii) Persons 1) Occupation 2) Residence 3) Source of funds. (e) The origin of the funds may be supported with a statement of the legal representative of the company or the individual, declaring none of the
funds is related to or derived from any illicit activity including terrorism, or operation that may be consider as money laundering (Annex 1). (f) Appropriate identification and verification checks should be conducted at least once a year. (g) All customers should be screened against relevant sanction lists, prior to commencing business. The sanction lists to be used for screening are: (i) United Nations (ii) US Office of Foreign Asset Control (OFAC) (iii) Any other list required by local legislation. (h) All existing customers should be screened against the above lists at least annually, and records maintained of this action. (i) If the first approach with the customer is carried on a virtual basis, either by phone, email, tele-conference or similar, identity verification must include enhanced procedures to verify the identity of the customer. (j) Level 3 Colombia will not proceed with any transaction with sanctioned individuals and any existing accounts identified in the name of sanctioned individuals must be immediately closed and the relevant authorities notified. Section 4.04 KNOW YOUR SUPPLIER (a) Any company or individual intended to be a supplier of Level 3 Colombia, will submit same documentation as required in Section 4.03. (b) In addition, the intended supplier shall provide: (i) Information regarding the origin of the goods offered to Level 3. (ii) Customs information regarding the offered goods, if there is any reasonable doubt about it. (iii) Information regarding licences, intellectual property or any permit or authorisation required for commercialising the product. (c) The origin of the funds may be supported with a statement of the legal representative of the company or the individual, declaring none of the funds is related to or derived from any illicit activity including terrorism, or operation that may be consider as money laundering (Annex 1). Provisions under section 4.04 shall not be applied to those vendors offering restaurant and food services Section 4.05 (a) This section applies to: INDIVIDUALS MEETING THE DEFINITION OF A POLITICALLY EXPOSED PERSON (PEP).
(i) PEPs, defined as individuals, who are or have been appointed as civil servants with the power to decide on public expenditure, or entrusted with prominent public functions in any country, for example Heads of State or of government, members of parliament (congressmen), senior government, judicial or military officials, senior executives of state owned corporations, important political party officials. (ii) Family members of PEPs. (b) Transactions with individuals meeting the criteria set in Section 4.05(a), or from companies whose directors or relevant shareholders meet that criteria require approval of the MLRO and VP General Counsel Latin America of Level 3. (c) Approved transactions with PEPs require enhanced KYC checks and transaction monitoring, and should be logged on a central database. Section 4.06 OTHER DUE DILIGENCE ACTIVITIES (a) New shareholders: Any new shareholder will be subject to the same checks as provided in Section 4.03. (b) Employees and contractors: (i) Prior starting an employment contract or acting as Level 3 Colombia contractor, all individuals must provide the same information required in Section 4.03. (ii) Employees and contractors information shall be updated once a year. (iii) If any unusual or suspicious behavior is detected, it shall be reported to Human Resources and the MRLO. (c) Suppliers must be paid by bank transfer. No cash will be used to pay any supplier, except for petty cash, which must be properly documented and reported as prescribed in the Level 3 Treasury Policy. (d) As part of the business case of any new product or service Level 3 Colombia is intended to launch in Colombia, an AML/CFT risk assessment shall be included. Section 4.07 TRANSACTION MONITORING (a) In order to identify Unusual Operations with Level 3, monitoring of transactions and account activity should be carried out using a riskbased approach.
(b) Transactions of customers meeting the criteria set forth in Section 4.05(a) should be subject to enhanced monitoring. (c) Every transaction, including contract signing, amendments, purchase orders and communications, shall be recorded and documented as required in Level 3 Code of Conduct. Section 4.08 SUSPICIOUS ACTIVITY REPORTING (a) The MLRO shall be responsible for the receipt, investigation and disclosure (where appropriate) of related suspicious operations or Unusual Operations reports from staff. (b) Any staff member or contractor of Level 3 who considers any transaction completed or intended- may be an Unusual Operation or a Suspicious Operation must report it using one of the following alternatives: (i) Reporting the issue to the line manager, who shall inform the MLRO, the VP of the concerning area and the CECO. (ii) Reporting the issue directly to the CECO. (iii) Reporting the issue directly to the MLRO. (iv) Reporting the issue anonymously to the phone number +1 8773336947 in the United states or to the email latamhr@level3.com (c) The MLRO must then conduct a full investigation into the suspect's activity including a review of any accounts, contracts or purchase orders between Level 3 Colombia and the suspect. (d) A report of an intended operation must be submitted to the FIAU when: (i) The operation under investigation was not concluded, and (ii) The operation may be considered as a suspicious operation, or (e) A report of a Suspicious Operation must be submitted to the FIAU when the MLRO verifies its occurrence or reasonably believes it has happened. (f) The MRLO will submit to Level 3 Chief Ethics and Compliance Officer: (i) A monthly report of the cases analysed. (ii) A report on any case considered to be reported to FIAU. (g) Suspicious Operations or Unusual Operations reports made internally to the MLRO or externally to the authorities must not be disclosed to employees, customers, contractor or any other third party. (h) When a customer has been the subject of more than one validated suspicious activity report, a decision should be made as to whether the contract should be unilaterally finished. This decision should be made
Section 4.09 by the MLRO and a legal representative. A clause shall be included in the contracts. RECORD RETENTION (a) A record of all registered KYC, KYS information (ID records and transaction history) and all other information required by this policy must be kept for five (5) years after the relationship with Level 3 has ended. (b) All the records must fulfil regulation on data protection. (c) Records of suspicious activity reports made internally to the MLRO and externally to the Financial Intelligence Unit must be kept for five (5) years after the report is made. This should include details of the investigation carried out and the grounds of to the MLRO and/or the Chief Compliance Officer decision. (d) All of the above mentioned records must be stored securely and be easily accessible to the MLRO and/or the Chief Compliance Officer. Section 4.10 STAFF TRAINING (a) All new staff, including temporary and contract staff, and all agents that come into contact with Level 3 Colombia, must complete induction training within 30 days of their start date and complete refresher training at least once a year. Staff members are required to demonstrate awareness by passing a knowledge test. (b) On-going records of all staff AML training must be maintained and kept for five (5) years after a member of staff has left employment. Section 4.11 POLICY MEASUREMENTS & IMPROVEMENT (a) The MRLO will report and certify annually on the implementation of this policy. The report mentioned in Section 2.02(b) will include the MRLO reports as Annexes. (b) The annual MLRO Report will also give an overall assessment of the effectiveness of the AML - CFT controls mentioned in chapter 4 of this document, and highlight any recommendations for improvement based on external audit report. Section 4.12 BREACH OF THIS POLICY (a) Any member of the staff shall report any breach of this policy or the law. (b) To report such circumstances, the same alternatives mentioned in Section 4.08(b) will be available for staff members.
(c) The MLRO must then conduct a full investigation into the employee or contractor behaviour in complete coordination with the HR Department and/or CECO. (d) Any procedure must comply with local labour laws and must guarantee the right of defence of the employee or contractor. (e) Disciplinary sanctions prescribed in the Business Code of Conduct of Level 3 and in Level 3 Colombia Working Regulations shall apply whenever an employee breaches this policy. 5 LOCAL EXCEPTIONS AND ADDITIONS (a) Where Colombian laws and regulations require lower levels of compliance than Level 3 policies, Level 3 Colombia will in addition to the local standards, apply the Level 3 policies.