Peru | Strengthening the hospitality segment through Regulatory Compliance

Peru | Strengthening the hospitality segment through Regulatory Compliance

In Peru’s vibrant tourism scene, where cultural and natural wealth attracts visitors from all over the world, the hotel industry plays a crucial role. However, behind the warmth and hospitality it offers its guests, there is a vital but often underestimated aspect: compliance, understood as the culture of integrity that must govern organizations.

Compliance in the tourism sector is not only a matter of following rules and regulations imposed by the authorities, but, as we said, it is part of an organizational culture that allows building and maintaining customer trust, safeguarding the reputation of companies and, ultimately, foster an environment of fair and sustainable competition.

One of the main challenges facing the Peruvian hotel industry in terms of compliance is the need to quickly adapt to a constantly changing regulatory environment. From tax regulations to health and safety requirements, tourism-related businesses must be aware of a wide range of regulations to operate effectively and ethically.

One of these challenges is presented in its consideration as a subject obliged to have a money laundering and terrorist financing prevention system (splaft), a system that is supervised by the Financial Intelligence Unit (UIF) [ 1] .

To face this scenario, transparency and integrity are essential. Robust compliance programs must be established that address areas such as the prevention of corruption, money laundering and respect for labor rights. Additionally, ongoing staff training is essential to ensure that all employees understand and comply with established policies and procedures.

Importantly, regulatory compliance goes beyond simply following the laws. It is about promoting an organizational culture rooted in ethical principles and solid values. This involves promoting corporate responsibility and commitment to environmental and social sustainability. Companies that take a comprehensive approach to compliance not only minimize the risk of legal sanctions, but also create a competitive differentiator that resonates with increasingly aware consumers.

However, implementing and maintaining a strong compliance program is no easy task. It requires investment of time, resources and, most importantly, genuine commitment from senior management. It is essential that industry leaders recognize the strategic importance of compliance and integrate it into corporate decision making.

Additionally, given the impact of technology on the hospitality industry, companies must be attentive to the cybersecurity and data protection implications. The collection and storage of personal guest information carries great responsibility, and it is crucial that appropriate measures are implemented to protect data privacy and security.

In view of the importance of compliance in the Peruvian tourism industry, it is essential that business leaders understand its strategic value and the need to implement it in their organizations. Only through active commitment to ethical principles and legal standards will tourism companies be able to strengthen their reputation, earn the trust of their clients and remain competitive in an increasingly demanding market.

Therefore, we invite all managers in the hospitality sector to seriously consider implementing compliance in their companies as a long-term investment in the integrity and sustainability of their businesses. Adopting a culture of ethical compliance will benefit not only the company’s internal relations but also its corporate image, contributing to strengthening the growth of the tourism sector in Peru.

[1] Institution dependent on the Super Intendency of Banking and Insurance (SBS).

For more information contact:

Mario Pinatte  | CPB Partner |

Peru | Annual Report of the Compliance Officer (IAOC)

Peru | Annual Report of the Compliance Officer (IAOC)

This February 15, 2024 is the deadline to submit the IAOC, here are the main aspects that must be considered:


It is the report that includes compliance with the policies and procedures of the Money Laundering and Terrorism Financing Prevention System -SPLAFT that the Obligated Subject has implemented during the year prior to its presentation.


Those natural and legal persons who, in accordance with the regulations, have the status of Obligated Subjects, including the following:

  • Companies in the financial system and the insurance system.
  • Credit card issuing companies.
  • Savings and credit cooperatives.
  • Those dedicated to the purchase and sale of vehicles, boats and aircraft.
  • Those who are dedicated to construction activity and/or real estate activity.
  • Real estate agents.
  • Those dedicated to the exploitation of casino games and/or slot machines, and/or remote games using the Internet or any other means of communication, in accordance with the regulations on the matter.
  • Those who are dedicated to the exploitation of remote sports betting using the internet or any other means of communication, in accordance with the regulations on the matter.
  • Those dedicated to the exploitation of lottery games and similar.
  • Customs agents.
  • Notaries.
  • Mining companies.
  • Those dedicated to the trade of jewelry, precious metals and stones, coins, art objects and postage stamps.
  • Laboratories and companies that produce and/or market chemical inputs and controlled goods.
  • Companies that distribute, transport and/or market chemical inputs that can be used in illegal mining, under the control and supervision of SUNAT.
  • Virtual Asset Service Providers (PSAV).


The IAOC must contain the following information:

  • General Information of the Obligated Subject
  • Annual Operations Statistics
  • Main activities carried out to comply with the regulations relating to the Registry of Operations (RO)
    SPLAFT Policies and Procedures
  • Training on issues related to SPLAFT
  • ML/TF Risk Prevention and Management Manual and Code of Conduct for ML/TF Prevention.
  • Others


The IAOC must be reported to the Board of Directors or equivalent body, or to the General Manager.


It must be sent to the FIU through the Portal for the Prevention of Money Laundering and Financing of Terrorism – PLAFT.

In the case of Obligated Subjects that have other supervisory bodies, a copy of the report may be sent to them.


Failure to send the IAOC is considered a serious infraction that can lead to a fine of up to 20 UIT (S/103,000.00 one hundred three thousand soles).

For more information contact:

Mario Pinatte | CPB Partner |

Peru | Strengthening the hospitality segment through Regulatory Compliance

Peru | Law is published that modifies the Healthy Eating Law, to regulate the use of difficult-to-remove adhesives for the consignment of octagons on food

On November 8, 2023, Law No. 31919 was published, which modifies Law 30021 – Law for the Promotion of Healthy Eating for Boys and Girls (hereinafter, “Healthy Eating Law”), regarding the use of adhesives. difficult to remove for the placement of octagons of advertising warnings on processed foods and non-alcoholic beverages imported and/or manufactured by MYPES.

Through this modification to the Healthy Eating Law, the following is contemplated:

  • Advertising warnings placed on the packaging of processed foods and non-alcoholic beverages imported and/or manufactured by MYPES can be posted using adhesives that are difficult to remove.
  • These difficult-to-remove adhesives:
    • They must not cover relevant consumer information on labels, and
    • must comply with the conditions contemplated in a future technical standard (hereinafter, the “Technical Standard”) that will be issued by the National Quality Institute – INACAL (hereinafter, the “INACAL”)
  • Regarding said Technical Standard, INACAL will have a period of 240 business days, counted from the publication of the law, for its formulation, evaluation and approval.
  • Once the Technical Standard is published, importers and MYPES will have a period of 180 business days to adapt to its full compliance.
  • A period of 90 calendar days is granted to the Executive Branch, counted from the publication of the law, to proceed to adapt the Advertising Warning Manual, approved by Supreme Decree 012-2018-SA.

For more information contact:

Mario Pinatte  | CPB Partner |

Peru | Tourism and security: cyber attacks as a growing threat

Peru | Tourism and security: cyber attacks as a growing threat

A few weeks ago, various Hotels and Casinos in Las Vegas reported being victims of a cyber attack that left serious damage to their operations and large losses. Las Vegas is undoubtedly one of the cities with the highest tourist traffic, with an impressive offer of shows and activities that have caused not only the Casinos, but also its hotels to become world references.

The level of engineering and sophistication with which their companies are developed, anyone would imagine, is one of the highest and that is precisely why the cyber attack suffered generated not only surprise but also concern worldwide. According to what was narrated, reservation data was lost, phantom charges were made to guests, rooms that depended on the system were unusable, communications were lost, among other consequences.

This leads us to ask ourselves: Is the tourism sector prepared to face a cyber attack? How protected are our systems? Are we able to detect these attacks in a reasonable time? What do we do once an attack occurs? Who do we turn to? What can we do to protect ourselves?

The Peruvian scenario has not been free of these questions; our legislation has for some time established criminal sanctions to confront computer crimes. For example, anyone who deliberately and illegitimately damages, introduces, deletes, deteriorates, alters, deletes or makes computer data inaccessible is punished with a prison sentence of up to 6 years. However, the success of a criminal investigation will depend largely on the possibility of identifying these hackers, who are experts in hiding the origin of their connections and any other data that may identify them.

What is the answer then? Well, in the face of this growing threat, what we can do is prepare, strengthen our systems, create new policies, train personnel, have accurate diagnoses and seek to be updated.

Only preparation for what could present itself as a crisis is what will allow us to keep safe the data that we protect, that of the company, that of our workers and clients, and provide tourists with what they expect so much, a pleasant experience. no negative surprises.

For more information contact:

Mario Pinatte  | CPB Partner |

Peru | Annual Report of the Compliance Officer (IAOC)

Peru | Congress approves the Opinion of the Law that modifies the Consumer Protection and Defense Code, in order to expand the prohibition of spam communications

On September 15, 2023, the Plenary Session of Congress unanimously approved the Legal Opinion (hereinafter, the “Law”) that modifies sections d) and e) of article 58 of the Consumer Protection and Defense Code (in (hereinafter, the “Code”) in order to reinforce the prohibition of spam communications. It should be noted that the opinion of this norm had been observed by the Executive Branch, which is why it was finally approved at the insistence of Parliament.

In light of the above, with this modification of the Code, the use of call centers, systems for sending text messages to cell phones or systems for mass email sending for advertising purposes is prohibited, with the only exception being their sending to that consumer who has given prior, express, informed, and unequivocal consent. Previously, the legal proposal contemplated the possibility of obtaining such consent only when it was the consumer himself who contacted the company on his own initiative. However, the final wording of the Law allows the use of alternative methods to obtain such consent, such as a first contact communication or initial contact.

Finally, in no case may commercial proposals or visits be made between 8:00 p.m. and 7:00 a.m. or on Saturdays, Sundays and holidays, including those commercial proposals that have been previously consented to.

The approved opinion of the Law will soon be promulgated by the President of Congress and published in the Official Gazette El Peruano, from which it will come into force.

You can access the text of the final opinion of the Law  here. 

For more information contact:

Mario Pinatte  | CPB Partner |