Facebook-f X-twitter Instagram Linkedin-in Youtube
Transparency Portal

Annual Report Mailbox

Use Cases:

In exercising its powers as Supervisor of the digital asset ecosystem, this Commission fulfills the role of ensuring compliance with the regulations derived from the LEAD. In this case, reference is made to Articles 19 and 21 of the RPSAD, which establish that DASPs must maintain a program against ML/TF/PFADM, as well as a framework for risk management. Among these risks, those that may be considered include liquidity, credit, counterparty, market, interest rate, operational, technological, reputational, legal, and others, depending on the particular business model of each DASP.

Therefore, as part of the supervision of these aspects, all DASPs registered with the CNAD are required, annually within the first 20 business days of January, to submit through this form a Technical Evaluation Report of their Comprehensive Risk Management, attaching approval by their Board of Directors or equivalent body. At a minimum, this report must include the following:

1.1. Minimum structure of the report.

  • The organizational structure for comprehensive risk management: must include the organizational chart of the risk unit, listing its members with full name, position, and distribution of functions. Additionally, it must indicate the organizational chart of the compliance office, along with the specified details.

  • Details of the main risks assumed by their business model, according to the services and products provided.

  • Description of the methodologies, systems, and tools used for the management of each of the risks (ML/TF/PFADM risks, liquidity, credit, counterparty, market, interest rate, operational, technological, reputational, legal, among others).

  • Results of the evaluations carried out on comprehensive risk management: since efficient risk management implies proper measurement and quantification, results of internal measurement tools must be included along with a summary of management elements based on those results.

  • Projects related to risk management to be developed in the fiscal year following the one being reported. For example: changes in the organizational structure, implementation of new tools, policies, manuals, changes of key providers, etc.

1.2. Documents to be attached to the report.

  • Updated documents of all policies, manuals, and internal regulatory procedures for risk management (liquidity, credit, counterparty, market, interest rate, operational, technological, reputational, legal, among others) and prevention of ML/TF/PFADM. As part of good practices, DASPs must review their internal regulatory framework at least annually and submit the most recent revised version of each document.

It should be noted that this report is intended to reflect the quality and robustness of the implementation of their risk management framework carried out during the year, and therefore this requirement must be met diligently and in a timely manner.

Go to the annual report mailbox