Costa Rica | Comptroller General of the Republic publishes Reform to the Endorsement Regulation

Costa Rica | Comptroller General of the Republic publishes Reform to the Endorsement Regulation

The Comptroller General of the Republic has reformed the Regulations on the Endorsement of Public Administration Contracts. This reform defines the responsibilities of the Comptroller’s Office in relation to the enactment of the General Public Procurement Law. The obligation to migrate to electronic endorsement through the Unified Digital System (SICOP) is highlighted, and deadlines and procedures are established for the endorsement of contracts by the Comptroller’s Office and the internal endorsement of the institutions. The Comptroller’s Office will only be in charge of approving the contracts as a requirement of effectiveness. The reform also specifies the contracts subject to endorsement and the cases in which the price adjustment or review mechanism will be analyzed as part of the endorsement process.

Among the main elements that are modified in the Regulation, the following can be pointed out:

  • It is clearly defined that the function of the Comptroller’s Office, when it comes to endorsements that fall within its competence, will only be to approve the contract, constituting a requirement of effectiveness and not an inspection or annulment of the award; as well as the scope of its review.
  • It is exhaustively defined which contracts are subject to endorsement by the Comptroller’s Office.
  • It also provides in which cases the Comptroller’s Office will analyze the price readjustment or review mechanism, as part of the endorsement process.
  • The deadlines for resolving the endorsement request are established, as well as its suspensions.
  • Those contracts that require internal endorsement from the Administration are listed, establishing the procedure for this.
  • Finally, through transitory I, it establishes guidelines for the endorsement of contracts derived from public bidding and abbreviated bidding, with signature award acts as of December 1.

The reform to the Regulation can be consulted at the following link:

For more information contacto to:




Juan Carlos Tristán | Partner BLP |

United States | Five Takeaways From FinCEN’s First Enforcement Action Against a Trust Company

United States | Five Takeaways From FinCEN’s First Enforcement Action Against a Trust Company

The Financial Crimes Enforcement Network (FinCEN) recently announced its first enforcement action against a trust company for willful violations of the Bank Secrecy Act (BSA) and its implementing regulations. The BSA imposes compliance and reporting obligations on “financial institutions,” which includes among other entities, any “commercial bank or trust company,” to help detect and prevent money laundering. And yet, until last month, FinCEN had not brought an enforcement action against a trust company.


On April 2023, FinCEN announced a $1.5 million civil penalty against the Kingdom Trust Company (Kingdom Trust or the Company) for willful violations of the BSA stemming from the Company’s failure to have sufficient controls around filing Suspicious Activity Reports (SARs).

According to the Consent Order, Kingdom Trust is a trust company organized under South Dakota law that operates the majority of its trust services business out of Kentucky. Though its primary offering is custody services to individuals with self-directed IRAs, during the relevant time period, Kingdom Trust also provided account and payment services to foreign securities and investment firms and money services businesses in high-risk circumstances. Specifically, in 2014, Kingdom Trust began a business relationship with a consulting group that worked with broker-dealers in Argentina and Uruguay that had difficulty establishing bank accounts in the United States. Through this business relationship, Kingdom Trust provided accounts to the foreign firms to custody fixed income securities and to hold cash. As a result, Kingdom Trust processed more than $4 billion in transactions.

Among the other shortcomings identified, FinCEN characterized Kingdom Trust’s process for identifying and reporting potential suspicious transactions as “severely underdeveloped and ad hoc.” According to the Consent Order, prior to December 2018, the Company had no standalone process to screen for, identify, and report suspicious transactions. Rather, staff were instructed to simply flag potentially suspicious activity identified in the ordinary course of performing their duties. After December 2018, Kingdom Trust created a process to identify potentially suspicious activity but relied upon a single compliance employee with no prior anti-money laundering (AML) or BSA experience to conduct a daily review of a large volume of transactions. The daily transaction review did not include relevant contextual information about the customer or counterparty beyond their name. In 2020, Kingdom Trust hired a compliance analyst with AML experience. However, given the manual nature of the review process among other shortcomings, the Company filed only four SARs between February 2020 and March 2021.

In addition, Kingdom Trust maintained correspondent bank accounts for customers at other financial institutions – and at least 11 of those other financial institutions closed the accounts maintained by Kingdom Trust. In response, Kingdom Trust management questioned whether to continue with the foreign custody business and engaged a third party to conduct a BSA/AML audit. The audit identified deficiencies related to Kingdom Trust’s high-risk customers, but the Company did not exit the high-risk customer relationship, make meaningful changes to its controls, or file SARs.

Five Key Takeaways

  1. Heightened Scrutiny of U.S.-based Trust Companies by FinCEN: In a press release accompanying the enforcement action, FinCEN’s Acting Director, Himamauli Das underscored that the instant matter “is an important statement that we will not tolerate trust companies with weak compliance programs that fail to identify and report suspicious activities, particularly with respect to high-risk customers whose businesses pose an elevated risk of money laundering.” It is still too early to know whether the enforcement action against Kingdom Trust signals that FinCEN will more actively investigate and initiate actions against U.S. trust companies, and many of the services offered by Kingdom Trust are similar to those offered by traditional banks (i.e., providing accounts to foreign brokerage firms to custody fixed income securities, including U.S. government bonds, and to hold cash). Nevertheless, in light of FinCEN’s Consent Order and public statements, all trust companies (including those that provide only administrative trust services) should consider whether its AML program is sufficient to address the level of risk that accompanies the services it offers. This includes private trust companies without a federal functional regulator (i.e., an oversight agency such as the Office of the Comptroller of the Currency (OCC) or the U.S. Securities and Exchange Commission (SEC)), which, as of March 2021, are no longer exempt from certain BSA requirements.
  2. Compliance Resources Must Track an Evolving Risk Profile: According to the Consent Order, even after Kingdom Trust expanded into a new line of business offering services to customers that involved heightened risks of money laundering, the Company failed to recruit sufficient personnel with AML compliance experience and relied on manual processes to monitor thousands of transactions daily. As a company’s risk profile grows (whether because of new service/product offerings, new market entry, or otherwise), it is critical that the resources dedicated to complying with BSA requirements track the heightened risk profile. For example, most entities subjected to the BSA’s requirements find that implementing automated transaction monitoring software to flag suspicious behavior and to monitor daily cash flows for potential signs of illegal activity is far more efficient and effective than manual reviews. Furthermore, if all transaction-facing employees (not just the compliance team) are trained to spot red flags of money laundering and other atypical transactions, there is a higher likelihood that the institution will identify and timely report suspicious activity. This is particularly important in companies with a limited number of compliance team members.
  3. Check-the-Box Compliance Activities are Not Sufficient: FinCEN acknowledged that Kingdom Trust undertook certain AML efforts but highlighted significant shortcomings. The Consent Order indicated that Kingdom Trust provided AML training, but noted that training presentations were not tailored to the Company’s risk mitigation activities. For example, training presentations included red flags – such as “customer requests for anonymity, customer attempts to open an account without identification, and an account opened with a nominal balance that subsequently increased rapidly and significantly” – that employees could not have identified based on a review of the daily transaction reports alone. The order also notes that after financial institutions began closing correspondent accounts that Kingdom Trust maintained, Kingdom Trust engaged a third party to conduct a BSA/AML audit. The audit identified deficiencies related to Kingdom Trust’s high-risk customers and their transactions. However, according to FinCEN, Kingdom Trust did not exit relationships with high-risk customers, failed to make “meaningful changes” to its controls, and failed to file any SARs related to the high-risk business line. These examples serve as an important reminder that firms covered by the BSA’s requirements should engage in compliance-related activities that not only “check the box” but that drive firms and their personnel to actually mitigate risks posed.
  4. The Role of Cooperation: Kingdom Trust did not voluntarily disclose the violations, but the order reveals that the company “provided substantial cooperation to FinCEN” and cooperated with federal law enforcement regarding certain of the Company’s high-risk customers. However, the BSA’s SAR reporting obligations serve as proactive, ex ante cooperation, and the order makes clear that post-investigation cooperation cannot make up for failing to meet such preemptive obligations.
  5. Hiring of an Independent Consultant: In addition to agreeing to pay a $1.5 million civil penalty, Kingdom Trust undertook to hire an independent consultant, subject to FinCEN’s approval, (1) to conduct a SAR Lookback Review related to certain of the Company’s transactions; and (2) to test the effectiveness of Kingdom Trust’s AML program though an AML Program Review and to provide recommendations for enhancements. The independent consultant must submit written reports of the activities to FinCEN. The requirement to hire an independent consultant, like other forms of corporate monitorships, can be costly and create administrative burdens. Companies can seek to avoid such requirements by taking proactive measures to assess the effectiveness of its AML program, rather than waiting for enforcement authorities to mandate such assessments.

For more information contact:

Jeffrey Lehtman | Parner Miller & Chevalier |

Compliance Latam | The importance of regulatory compliance on Human Rights in companies in Latin America and the United States

Compliance Latam | The importance of regulatory compliance on Human Rights in companies in Latin America and the United States

At present, respect for human rights in business has become an issue of increasing importance throughout the world and is already part of the central core of business activity that must be aligned with principles of environmental, social and governance standards. (IS G). Regulatory compliance plays a critical role in protecting human rights and promoting ethical business practices. This article focuses on analyzing the relevance of compliance in Latin America and the United States and its relationship with Human Rights.

Regulatory compliance in companies not only refers to compliance with laws and regulations, but also to respect for and promotion of Human Rights. Companies have a responsibility to carry out due diligence to ensure that their operations do not contribute to violations of fundamental rights, both within their own facilities and in their supply chain. This implies adopting measures to prevent and address cases of discrimination, forced labor and child exploitation, among others.

In Latin America, the relationship between compliance and human rights presents particular challenges. The region is characterized by the presence of industrial sectors that present greater risks both related to corruption and Human Rights. These risks exist in the extractive industries, which include mining and oil, and which are often associated with negative impacts on local communities and the environment or agriculture that features a greater presence of informal or child labor. In this context, Compliance plays a crucial role in ensuring that companies comply with environmental and social regulations, and respect the rights of neighboring communities, in response to the multiple considerations that have been adopted internationally by various countries.

There are certain factors that have contributed to the increase in importance of this topic. Several Latin American countries have enacted stricter laws and regulations to promote regulatory compliance with positive impacts on the promotion and respect of Human Rights, for example, in defense of the environment, decent wages and the protection of children. In this same context, civil society and non-governmental organizations have contributed to the surveillance and denunciation of irresponsible business practices, thus focusing on a greater commitment to Human Rights.

“In Chile, the promotion of Human Rights in the business context has been reinforced with regard to the work that different industries have carried out to achieve international compliance. This has not only meant an ethical commitment to the promotion of Human Rights, but also an improvement in the reputation and sustainability of companies”, explains Jaime Viveros, associate of the firm AZ de Chile.
Aligned with these trends, more and more countries have converted into law the United Nations Guiding Principles on Business and Human Rights, due diligence in the field of human rights (DDHR) and hold companies accountable for infringing human rights with their activity. abroad. In this context, one can mention France with its “loi sur le devoir de vigilance” or Germany with its recent law on due diligence in the value chain “LkSG”. The European Union, in turn, has its project for a Directive on due diligence of companies in terms of sustainability, which will unify the standards of all member countries in terms of human rights and the environment and will globally require suppliers of European companies, including those from Latin America and the US, to comply with the new legal requirements.

In the United States, Human Rights compliance has gained prominence in recent years, promoting its application in other jurisdictions. Indeed, the Law for the Protection of Human Rights Abroad and the Supply Chain Transparency Law require companies to report on their measures to prevent human trafficking and forced labor. Another important Law on import restriction is the Uighur Forced Labor Prevention Act (UFLPA), which has been in force since 2022 and prohibits the importation of goods extracted, produced, manufactured in whole or in part in the People’s Republic of China, especially in the Xinjiang Autonomous Region or by any other entity within the UFLPA List.

However, there are challenges in the effective implementation of these laws and in the supervision of business practices, since globalization and the complexity of supply chains make it difficult to identify and eradicate practices that violate Human Rights. In this regard, it is essential to strengthen compliance mechanisms and promote collaboration between the private sector, government, and civil society to address these challenges.
From a business perspective, while Human Rights due diligence has many similarities to traditional due diligence in business compliance programs, there are some important differences to consider. The main differences are: (i) the need to analyze the risks from the perspective of the rights holders (eg, the people affected by the negative impacts) and not only from the perspective of the company’s risks; and (ii) placing greater emphasis on stakeholder engagement and transparency, with the expectation that the company should share information with a broader range of stakeholders (eg, employees, community members), should seek their feedback. and reactions and publicly report the efforts made.

Regulatory compliance and the protection of Human Rights are interdependent aspects that must be addressed jointly in Latin America, the United States and throughout the world. Only through a comprehensive and committed approach can we ensure that companies act ethically, respect and promote with integrity the fundamental guarantees of people in all their business activities.

Costa Rica | Compliance programs to reduce the criminal liability of legal persons for acts of corruption

Costa Rica | Compliance programs to reduce the criminal liability of legal persons for acts of corruption

According to the “Law on the Liability of Legal Entities on Domestic Bribery, Transnational Bribery and other Crimes” (“Law”), legal entities (domestic or foreign), and other commercial figures (such as trusts, associations and foundations), they will be criminally responsible for their acts of corruption. Similarly, the parent companies for actions of their subsidiaries and affiliates. The foregoing, without prejudice to the individual criminal responsibility of individuals for the commission of said crimes.

The Law imposes criminal sanctions such as: (i) Fines between 1,000 and up to 10,000 base salaries (approximately between US$715,000.00 and US$7,150,000.00); (ii) Loss or suspension of state benefits or subsidies for a period of 3 to 10 years; (iii) Disqualification from participating in contests or public tenders for a period of 3 to 10 years; (iv) Total or partial cancellation of the operating or operating permit, the concessions or contracts obtained as a result of the crime; and (iv) Dissolution of the legal entity.

Among the Law’s innovations, there is an incentive for companies to implement an “Optional Organization, Crime Prevention, Management and Control Model” (“ Model ”); which will serve as a mitigation of their sanctions up to 40%.

For this reason, on August 26, 2021, the Regulations to the Law were published in the Official Gazette, with the aim of regulating and guiding the minimum content required for the Model -and thus opt for the benefits of the Law- (“ Regulations ”). The Model is optional to adopt, and can work both independently or as part of other models and local or global programs of the companies.

Some aspects to note about the Model, according to the requirements of the Regulation:

  • Risk Assessment:  The first stage for the implementation of the Model should be the assessment of risks derived from the geographic and business context of the company. The Regulation includes the parameters and methodology that must be followed for risk assessment (and its subsequent management). The risk assessment tool must contain the deadlines for its update.
  • Due Diligence:  The Model must include a due diligence mechanism for business partners that present a medium or high level of risk or exposure. The Regulations indicate the minimum items to be considered during the due diligence process. There is an obligation to maintain updated information on said business partners. The review can be done internally or with external resources.
  • Communication:  The Model and the tools that make up the prevention policy must be made available to all levels of the hierarchical structure of the company, its relational entities, and, if possible, its counterparts.
  • Compliance Agent:  The company must designate a person or entity, internal or external, that has sufficient means and powers to perform their duties, which will be in charge of supervising the operation and compliance with the Model. The person in charge must have functional autonomy from senior management.
  • Monitoring:  The adoption of the Model must be verifiable and of sustained application over time. Its operation must be monitored and evaluated in order to detect failures, weaknesses, opportunities for improvement, or any other element that may add to its proper functioning.
  • Audit:  The company must carry out an external audit of the Financial Statements maximum every three years. Likewise, you must carry out an internal audit as a crime prevention method, at least once a year.
  • Complaint Mechanisms : The company must have clear complaint channels, well-established investigation procedures, and guarantees of protection for whistleblowers.

In Chapter IV of the Regulation, the minimum requirements for the SMEs Model are expressed, in a differentiated way – which are more accessible to comply with.

In general terms, the company must develop the necessary regulatory tools, internal control systems, programs and/or management models – always considering its own characteristics, its line of business, size, complexity, nature and particularities of action. Among the behaviors to regulate, there is the granting of gifts, hospitality, entertainment, representation expenses, client trips, entertainment, political contributions, donations for charitable purposes and sponsorships; as well as the risks of committing crimes of corruption.

For more information you can contact:




Juan Carlos Tristan | BLP Partner |

Janelle Christie | BLP Associate |

Compliance Latam | The importance of regulatory compliance on Human Rights in companies in Latin America and the United States

Ecuador | Extension of deadlines for compliance with obligations with the SRI

Through Resolution No. NAC-DGERCGC23-00000008, the SRI extended the term for the presentation of annexes and tax declarations due in March 2023, without generating fines and interest, according to the following:

Natural persons, undivided estates and companies belonging to the General Regime, whose ninth digit of the RUC is 2 and 3, may submit and/or pay their Income Tax return corresponding to fiscal year 2022, as well as the annexes and returns for other obligations that mature in March 2023, according to the following schedule:

Likewise, the taxpayers belonging to the RIMPE popular businesses and entrepreneurs, whose ninth digit of the RUC is 1, 2, 5, 8 and 9, may present and/or pay their Income Tax return corresponding to the fiscal year 2022, as well as the annexes and declarations for other obligations whose maturity is in March 2023, according to the following calendar:

Finally, taxpayers obliged to present the declaration of the Contribution destined to the financing of comprehensive cancer care, whose due date is March 13 and 14, may present the declaration and payment until March 28, 2023.

*Reference: This Resolution has been in force since March 13, 2023, the date it was signed.

For more information contact:

Maria Rosa Fabara  | Partner Bustamante Fabara |