General policies

The Company’s employees are obliged to follow internal guidelines and adopt behaviors that reveal strict compliance with the law and especially those that refer to the prevention of ML/FT/FPADM risk.

• All employees of the Company must have upright, ethical and diligent behavior in compliance with the regulations on prevention and control of money laundering, financing of terrorism and financing of the proliferation of weapons of mass destruction according to those established by current legislation and those determined within the Company.
• SAGRILAFT is mandatory for members of the Company.
• There will not be a commercial or employment relationship with natural or legal persons that have any link with illegal operations or activities, according to the report published by the authorized entities, that may affect The Company.
• The Company’s employees will put observance of ethical principles before achieving economic and commercial goals, generating a culture of ML/FT/FPADM risk prevention.
• In order to prevent The Company from being exposed to legal, reputational, operational and contagion risk; Controls will be implemented to avoid, initiate or maintain commercial or contractual relationships with people or companies included in international lists whether or not binding for Colombia (UN and OFAC SDN List, Interpol, FBI, DEA, among others).

Specific policies

In accordance with current regulations, regarding the implementation of a SAGRILAFT, the Company has written procedures that aim to achieve a good knowledge of customers, suppliers, employees and shareholders and will be complemented or adjusted in accordance with what is described in this Manual on ML/TF/FPADM risk prevention.

The most important aspects to take into account when capturing the information that makes up the knowledge of a counterparty are:

• ID.
• Completion of formats.
• Request for supporting documents.
• Verification of the validity and validity of the documents received.
• Verification of recorded information.
• Consultation of binding, restrictive control lists, national entities and public means.
• Update of data and documents.

Know Your Customer Policy

• The Company will not bind or negotiate with natural or legal persons when elements are presented that lead to well-founded doubts about the legality of the operations or legality of the resources.
• Contractual and/or commercial relationships may not be initiated with natural or legal person clients who have not fully complied with the requirements demanded by The Company.
• Clients may not be linked or a commercial relationship maintained, whether natural or legal persons, when binding lists are found in the databases.
• A declaration of origin of the resources will be requested from all new clients, a natural or legal person who has a relationship with the Company. In any case, intensified due diligence activities will be carried out in cases where the law establishes it and as established in the numeral 8.
  All linking documents required for client creation and verification will be kept in digital form.
• When dealing with Politically Exposed Persons (PEP) clients, intensified due diligence measures will be required; therefore, the procedure set forth later in this Manual will be carried out. In all cases, authorization must be requested from the Shareholders’ Assembly to link a counterparty qualified as a PEP.
• When the Company has a commercial relationship with clients located in a territorial jurisdiction with restrictions or who are located in areas with the influence of groups outside the law, intensified due diligence must be carried out, complying not only with the procedure established for the knowledge of the client. If not, each of your operations with the Company must be constantly monitored.

Supplier knowledge and linkage policy

• Contractual and/or commercial relationships may not be initiated with natural or legal person suppliers who have not fully complied with the requirements demanded by the Company.
• Suppliers may not be linked or maintain a contractual relationship, whether natural or legal persons, who are on binding lists.
• All natural or legal persons who are on lists binding for Colombia will be reported to the UIAF.
• The selection criteria for new suppliers will be based on evaluation criteria related to price, timeliness in pricing, information about the product and the company, and quality of service. Aspects such as market experience, reputation, location and economic situation will be taken into account.
• In compliance with due diligence, all supplier relationships will undergo the verification process, which will also include verification of the origin of their resources. Without exception, a review of the supplier linkage form, analysis and review of each of the attached documents will be carried out.
• The operations must be supported by commercial contracts, purchase orders, invoices and/or quotes.
• Verification in restrictive and binding lists of legal or natural persons will be carried out for all new Suppliers, through the technological tool contracted by The Company. All natural or legal persons who are on binding lists will be reported to the UIAF.
• In the case of PEP quality suppliers, intensified due diligence measures will be required and the procedure established later in this Manual will be carried out. In all cases, authorization must be requested from the Shareholders’ Assembly to link a counterparty qualified as a PEP.

Shareholder knowledge policy

If new shareholders are admitted, the following will be fulfilled:

• They must fill out the knowledge form provided by The Company for this purpose. The form must be completely completed; In the event that a field is not applicable to the risk source, it must be stated in this way (N/A). Likewise, it must include the documentation defined in the format.
• The linking of legal entities must include the specification of their partners or shareholders with a participation equal to or greater than 5% of the share capital, for the purposes of being verified in restrictive and binding lists, it will also be carried out with respect to Legal Representatives and the Board of Directors.
• Natural or legal persons who are on binding and/or restrictive lists and other ML/TF risk lists cannot be linked.
• The involvement of a person classified as a PEP (Politically Exposed Person) will require written authorization from the Shareholders’ Assembly along with intensified due diligence.
• The linking of a new shareholder will be carried out once the origin of their resources is verified according to the analysis of the information provided along with the knowledge form.
• To know the origin of funds, a Declaration of origin of resources will be requested from all shareholders who have a relationship with the Company, in any case, intensified due diligence activities will be carried out in cases in which transactions that are outside the line of business are identified. ordinary course of business, when the negotiation amount is considered significant for the Company, when it is an unusual transaction or a warning signal is identified.

Internal Reports

• Reporting of unusual operations: Employees and personnel linked to the Company, in compliance with their duties, must be vigilant to detect and report all warning signs, unusual operations and reports that are generated or detected on the occasion of the controls implemented. in accordance with this Manual.

  All employees of the Company have the duty to notify the Compliance Officer of operations or events that may be classified as unusual, as well as events or circumstances that may give rise to criminal activities, both by clients, suppliers and the other employees of the company.

  1. The Company’s employees must put compliance with regulations regarding the prevention and control of ML/TF above the particular interests of an area, department or personal interests.
  2. When the employee and personnel linked to The Company have grounds, evidence or reasonable doubts regarding sources of risk that could be using The Company for money laundering and terrorist financing, they must report to the Compliance Officer.

External Reports

Suspicious operations report (ROS): The Compliance Officer, through monitoring or evidence of the reports made, in the event of detecting an unusual operation within the Company to give the appearance of legality to resources linked to ML/FT or to finance practices associated with this phenomenon, will determine the conducive action after carrying out their analysis and will communicate it to the reporting area and will carry out, if pertinent, the immediate report to the UIAF. It is not necessary for the Compliance Officer to be certain that it is a criminal activity, to identify the criminal type or to investigate suspicious operations, it is enough to report to the competent entity that you are delivering the respective supports if they exist.

The STRs must be delivered solely and exclusively in the records designed for this purpose by the UIAF through the WEB tool (Online Reporting System – SIREL). The Compliance Officer has total autonomy and reservation not to communicate the content of these reports to The Company.

Under no circumstances will the risk sources (Counterparties or third parties) be notified of the causes that gave rise to the implemented control, which has been the subject of internal analysis and reporting to the competent authority.

Report of absence of suspicious operations (AROS): In the event that no suspicious operations are reported, the Compliance Officer will report this fact to the UIAF, as a report of absence of suspicious operations, which will be carried out quarterly, within ten ( 10) first calendar days at the expiration of the respective quarter, according to the calendar established by the UIAF.

Internal and external reports must be duly documented, the documents that support them must be filed chronologically, and confidentiality must be maintained regarding the information that is in the custody of the Compliance Officer.

Provision of information to the competent audits: In the event of a suspicious operation, the Compliance Officer will make the report to the competent authority, for this purpose, before the UIAF. If an authority requests the provision of information, it will be delivered as long as the legal provisions on the matter are complied with.

If a conflict of interest arises, because the spouse, permanent partner, relatives within the second degree of consanguinity, second degree of affinity or first civil relationship of the Compliance Officer are linked or involved in these situations; The legal representative must be informed so that he can take charge of the procedure in accordance with the stipulations of this Manual.

The Compliance Officer will be in charge of delivering the information required by the requesting entities, prior to completing the legal requirements.