Money Transmitters and Payments
Corporate changes, control, governance and the Compliance Officer
In a registered entity, a corporate closing does not end with the share ledger. The transfer, the practical change of control, the composition of the governing body, the continuity of the Compliance Officer and the regulatory credentials form a single critical path.
Contents: ten microblogs
- Map of notices for corporate changes in a transmitter
- Regulatory due diligence when buying a money transmitter
- Revocation and appointment of the Compliance Officer
- Independence and certification of the Compliance Officer
- When and how to set up the Communication and Control Committee?
- CCC minutes as evidence of implementation
- SITI account and credentials during a change of Compliance Officer
- Cap table and indirect control: what must be kept up to date
- Post-closing regulatory plan for an acquired transmitter
- Entity without operations: governance and AML do not go on pause
Map of decisions and controls
| Topic | Risk it resolves | Minimum evidence |
|---|---|---|
| Map of notices for corporate changes in a transmitter | Each change must be analyzed by triggering event: share transfer, amendment to the bylaws, change of domicile, management, control or registry information. | Create an event-deadline-channel-evidence matrix. |
| Regulatory due diligence when buying a money transmitter | The review must cover the validity of the registration and the technical opinion, supervision history, reports, Compliance Officer, CCC, systems, agents, contracts and operational reality. | Condition closing on critical regulatory documents. |
| Revocation and appointment of the Compliance Officer | The transition requires a resolution of the competent body, acceptance, verification of requirements, notice through the applicable channel and a controlled handover of functions and credentials. | Approve revocation and appointment in sequence. |
| Independence and certification of the Compliance Officer | Suitability is not exhausted by holding a certificate. | Document the reporting and escalation line. |
| When and how to set up the Communication and Control Committee? | Applicability and composition must be reviewed against the DCG and the specific structure of the entity. | Issue an applicability memo. |
| CCC minutes as evidence of implementation | The minutes must make it possible to reconstruct what information the committee received, what it analyzed, what it decided, who was made responsible and when it will be verified. | Identify annexes by name, version and hash. |
| SITI account and credentials during a change of Compliance Officer | The corporate date and the date of effective access must be coordinated. | Inventory accounts, tokens, emails and certificates. |
| Cap table and indirect control: what must be kept up to date | The file must show percentages, share classes, voting rights, shareholder agreements and the indirect chain, not just a list of shareholders. | Reconcile the ledger, share certificates, cap table and bylaws. |
| Post-closing regulatory plan for an acquired transmitter | Day one requires continuity of reports, Compliance Officer, systems, contracts, bank accounts, agents and response to requirements. | Define a freeze period for critical controls. |
| Entity without operations: governance and AML do not go on pause | Not operating reduces certain data, but does not eliminate corporate upkeep, validity of the registration, governance, training, applicable reports and the ability to demonstrate the zero state. | Approve a pre-operational policy and start-up criteria. |
Implementation method
Use an event matrix with four columns: corporate resolution, regulatory notice, system update and evidence of implementation. The zero date must be the fact that triggers the obligation, not the date on which the legal department received the document.
Map of notices for corporate changes in a transmitter
Decision point
A share transfer may trigger the corporate ledger, a notice, an update of beneficial owners and a review of powers of attorney. The triggering event and the percentage must be set precisely; the signature date does not always coincide with the corporate recordation or the effectiveness of the change. The file must show the chain before and after.
Checklist
- Create an event-deadline-channel-evidence matrix.
- Record the date of the triggering fact.
- Obtain the acknowledgment and update the master file.
Observed pattern
In an anonymized transition plan, a single corporate transaction generated tasks with different dates; the risk arose from treating them as a single closing deliverable.
How to put it into practice
Identify the act that produces the transfer and do not confuse signature, payment, recordation and notice. The percentage is calculated against the paid-in capital applicable at the relevant time. Compare the structure before and after, including controlling beneficial owners and special rights. If there are conditions precedent, indicate when they were met and who certified it. The file must join contract, ledger, minutes, share certificates and proof of the notice. That sequence makes it possible to defend both the timeliness of the report and the accuracy of the new structure.
Stress test
In a purchase subject to conditions, the signature and the change of control may fall on different days. The matrix must show which act legally modifies the holding, when the ledger was updated and what deadline runs from that point. An isolated proof of payment does not replace minutes, contract, share certificates, acceptance and acknowledgment; all must narrate the same corporate sequence.
Legal basis
- General Law of Auxiliary Credit Organizations and Activities (text in force) — articles 81-A Bis, 81-B, 81-D, 86 Bis and 95 Bis, depending on the topic.
- Requirements to obtain registration as a money transmitter — RECC-TD portal and official list of requirements.
Regulatory due diligence when buying a money transmitter
Decision point
The purchase must review the validity of the registration and the technical opinion, supervision files, sanctions, reports, agents, contracts, the system and the capacity of the Compliance Officer. It then tests whether the buyer's model fits within the documented operation. Findings are separated into closing condition, indemnity and post-closing remediation.
Checklist
- Condition closing on critical regulatory documents.
- Separate pre- and post-closing remediation.
- Test the compatibility of the future model.
Observed pattern
In an anonymized change-of-control file, the most relevant gap appeared between the model described in historical documents and the architecture the buyer planned to implement.
How to put it into practice
Select samples of reports, alerts and files, not only policies. Review whether the systems allow evidence to be exported and whether the credentials belong institutionally to the company. Critical contracts must show termination, audit and portability. Classify each finding according to whether it prevents closing, requires a price holdback or admits later remediation. The buyer must also test its future model on the existing infrastructure. A useful corporate license may lose value if it depends on personnel, a bank or a provider that will not continue after closing.
Stress test
Include in the sample an open alert, a submitted report, an incomplete reconciliation and a technology contract about to expire. Those four objects reveal whether the operation can continue after acquiring the company. The analysis must separate correctable documentary defects from dependencies that change the price or prevent closing, and assign a responsible party, cost and date to each committed remediation.
Legal basis
- General Law of Auxiliary Credit Organizations and Activities (text in force) — articles 81-A Bis, 81-B, 81-D, 86 Bis and 95 Bis, depending on the topic.
- Legal provisions applicable to money transmitters — DCG derived from article 95 Bis and its amendments.
Revocation and appointment of the Compliance Officer
Decision point
The departure and entry of the Compliance Officer are a single continuity process. The competent body must set effective dates, receive the acceptance and order the handover of cases, calendars, files and access. The notice and the update of credentials are coordinated to avoid a period without an operational responsible party.
Checklist
- Approve revocation and appointment in sequence.
- Document acceptance and effective date.
- Execute the handover of cases, files and access.
Observed pattern
An anonymized set of minutes showed that appointing the successor was only one part: the case inventory, the calendar, the SITI account and the access evidence were missing.
Frequent risk
Impeccable minutes are not enough if the successor cannot submit reports or consult files from their first day.
How to put it into practice
The effective date must appear identically in the minutes, the acceptance, the notice and the access matrix. Prepare an inventory of open alerts, upcoming reports, requirements and pending committee agreements. The outgoing responsible party hands over that inventory with evidence of receipt, while the incoming one confirms that they can operate the portals. Access revocations occur after the successor's positive test, not before. If a gap arises, document who covers each function and under what authority until the transition is complete.
Stress test
Simulate that the appointment of the new officer has already been approved, but the platform still recognizes the previous one. Keep a temporary matrix of powers, access and handovers, with an alternate expressly authorized for each deadline. The evidence must show when the incoming user was tested, when the outgoing one was revoked and who handled alerts or requirements during the interval.
Legal basis
- Legal provisions applicable to money transmitters — DCG derived from article 95 Bis and its amendments.
- General Law of Auxiliary Credit Organizations and Activities (text in force) — articles 81-A Bis, 81-B, 81-D, 86 Bis and 95 Bis, depending on the topic.
Independence and certification of the Compliance Officer
Decision point
Exclusivity and independence are proven with an organizational chart, functions, conflicts, workload and direct access to the governing body. The certification credentials a professional requirement; it does not replace resources or internal authority. It is advisable to document who evaluates the officer's performance and how they can object to commercial decisions.
Checklist
- Document the reporting and escalation line.
- Verify the validity and support of professional requirements.
- Approve budget, personnel and access.
Observed pattern
In an anonymized assessment, the risk was not curricular: the Compliance Officer depended operationally on the area whose alerts they were supposed to question and lacked direct access to data.
Frequent risk
Appointing a certified person who depends on the area whose alerts they review weakens the control even if the curricular file is complete.
How to put it into practice
Examine the Compliance Officer's daily activities, not only their job description. Quantify entities served, alerts, committees and deliverables to assess real availability. Review economic or hierarchical relationships that may limit an objection. The channel to the board must be usable without authorization from the commercial area. Keep the certificate and experience, but add budget, access and calendar. Independence is best demonstrated when there is a case in which the Compliance Officer escalated a disagreement and the body responded in a documented manner.
Stress test
Independence may be strained when the officer reports administratively to the area they must question. Examine a concrete case in which an alert affects a commercial target: who could close it, what information reached the board and whether there was retaliation or blocking. Certification and résumé credential capacity; budget, direct access and a decision contrary to the business show that this capacity can be exercised.
Legal basis
- Legal provisions applicable to money transmitters — DCG derived from article 95 Bis and its amendments.
- General Law of Auxiliary Credit Organizations and Activities (text in force) — articles 81-A Bis, 81-B, 81-D, 86 Bis and 95 Bis, depending on the topic.
When and how to set up the Communication and Control Committee?
Decision point
The setting up of the Committee depends on the regulatory scenario and the structure of the entity. Members, alternates, quorum, conflicts, secretary, advance information and follow-up must be defined. When a function corresponds to another body, that assignment must be as clear as the one a formal committee would have.
Checklist
- Issue an applicability memo.
- Keep composition and positions up to date.
- Align the manual, the minutes and the powers matrix.
Observed pattern
In an anonymized review, the manual described a committee that the minutes did not reflect; that difference made the authority to decide cases uncertain.
Frequent risk
Copying into the manual a committee that never meets leaves high-risk decisions without demonstrable authority.
How to put it into practice
Issue an applicability note that cites size, structure and the relevant provision. If a committee is appropriate, document why each member meets the requirements and how alternates are resolved. The calendar must consider reports and high-risk reviews, not only monthly sessions. Provide information in advance and record which annexes each member received. When another body assumes functions, adapt the agenda and minutes to cover them expressly. Formal existence is not enough if decisions continue to be made outside the designated forum.
Stress test
If the number of members changes during the year, reconstruct session by session the valid composition and the quorum. An annual list does not detect that a decision was made with a vacancy or a conflict. For each high-risk matter, relate the convocation, the advance materials, attendance, vote, agreement and follow-up, and explain how the alternate body acted when the entity was not required to set up a committee.
Legal basis
- Legal provisions applicable to money transmitters — DCG derived from article 95 Bis and its amendments.
- General Law of Auxiliary Credit Organizations and Activities (text in force) — articles 81-A Bis, 81-B, 81-D, 86 Bis and 95 Bis, depending on the topic.
CCC minutes as evidence of implementation
Decision point
The minutes must identify the exact version of the manual, the changes discussed, the effective date and the implementation tasks. Approving a document does not demonstrate that rules, training or system have changed. Annexes and pending agreements are reviewed in the following session.
Checklist
- Identify annexes by name, version and hash.
- Record votes, abstentions and conflicts.
- Review pending agreements in the following session.
Observed pattern
In anonymized minutes, the adoption of best practices only became verifiable once the document version, the technical owner and the deployment date were added.
Frequent risk
A generic approval resolution loses value if several versions exist with the same name and no one can point to which one was deployed.
How to put it into practice
The agreement must describe the approved change and not merely mention the entire manual. Attach a comparison or list of modified sections, together with the impact on training and system. Assign different dates for approval, communication and deployment when they do not occur simultaneously. A later sample must attest that the new rule was applied. If the committee imposes conditions, keep them open until compliance is verified. In this way the minutes demonstrate effective governance and not merely the circulation of documents.
Stress test
Use a modification of thresholds as a sample. The minutes must identify the previous rule, the new one, its basis, the systems affected and the deployment date. Then, select transactions on both sides of the threshold and verify the result. If only the entire manual was attached, it cannot be known what the members understood or whether the approved condition actually reached production.
Legal basis
- Legal provisions applicable to money transmitters — DCG derived from article 95 Bis and its amendments.
- General Law of Auxiliary Credit Organizations and Activities (text in force) — articles 81-A Bis, 81-B, 81-D, 86 Bis and 95 Bis, depending on the topic.
SITI account and credentials during a change of Compliance Officer
Decision point
The SITI account is an institutional asset, not a personal credential of the Compliance Officer. The change requires an inventory of users, email, tokens, certificates, permissions and the upcoming calendar. First it is validated that the successor can upload, sign and download acknowledgments; then previous access is revoked and the test is documented.
Checklist
- Inventory accounts, tokens, emails and certificates.
- Revoke previous access after validating the successor.
- Test upload, signature and acknowledgment download.
Observed pattern
In an anonymized handover, the regulatory calendar was up to date but the account depended on a personal email of the outgoing responsible party.
Frequent risk
Sharing credentials to salvage the transition prevents attribution of actions and opens an additional security problem.
How to put it into practice
Use an institutional email and register secondary administrators to reduce personal dependence. The inventory must include profile, permissions, token, certificate and last access. Carry out a controlled test that covers upload, validation, signature and acknowledgment download. Compare the delivery calendar with the date of the change to identify critical operations. The revocation of the previous user is documented with a timestamp. If the platform is slow to reflect the appointment, keep the communication and contingency plan without sharing passwords.
Stress test
A complete SITI test does not end at logging in. It must upload a controlled file, show validations, sign it with the corresponding institutional credential and retrieve the acknowledgment. Record the profile of each user and the custodian of the token. During a replacement, the file distinguishes the enrollment request, the effective activation and the subsequent revocation to prevent periods without access or with duplicated privileges.
Legal basis
- Legal provisions applicable to money transmitters — DCG derived from article 95 Bis and its amendments.
- Requirements to obtain registration as a money transmitter — RECC-TD portal and official list of requirements.
Cap table and indirect control: what must be kept up to date
Decision point
The cap table must reconcile ledger, share certificates, bylaws, agreements and notarial annexes. Economic ownership and control are modeled separately in order to identify vetoes, appointment rights or voting agreements. Each update preserves the previous snapshot and explains the transaction that produced the change.
Checklist
- Reconcile the ledger, share certificates, cap table and bylaws.
- Model ownership and control separately.
- Record the cutoff date and the source of each data point.
Observed pattern
In a private review, two tables added up to one hundred percent but differed on voting rights; the ledger and the shareholders' agreement resolved the discrepancy.
Frequent risk
Replacing the historical record with a new sheet may erase the traceability of who was in control at the time of a notice or decision.
How to put it into practice
Reconciling the cap table requires reviewing the number of share certificates, classes, votes and paid-in capital, not only percentages. Add a column for rights that modify control and another for documents pending recordation. The notarial annexes must correspond to the same transaction and date. Keep the previous and subsequent versions with an explanation of the movements. If there is an option or a trust, analyze its current and potential effect. The update concludes when the corporate ledger and the regulatory reports show a consistent structure.
Stress test
Introduce a call option and a class with enhanced voting into the reconciliation exercise. Even if the economic percentage remains stable, the reading of control may vary. The cap table must be recalculable from share certificates and ledger, while a separate column explains contingent rights. The version sent to the authority is frozen with a date and linked to the act that supports each movement.
Legal basis
- General Law of Auxiliary Credit Organizations and Activities (text in force) — articles 81-A Bis, 81-B, 81-D, 86 Bis and 95 Bis, depending on the topic.
- Requirements to obtain registration as a money transmitter — RECC-TD portal and official list of requirements.
Post-closing regulatory plan for an acquired transmitter
Decision point
The post-closing plan protects reports, accounts, Compliance Officer, providers, system and response to official communications during the integration. Changes are classified by regulatory impact and reversibility; brand, bank or platform must not be migrated together without tests. A transition committee approves the sequence and keeps evidence of each go-live.
Checklist
- Define a freeze period for critical controls.
- Keep the obligations calendar without interruption.
- Approve model changes through a product committee.
Observed pattern
In an anonymized plan, continuity was protected by separating reversible changes from those that affected source accounts, KYC data or alerting rules.
Frequent risk
Accelerated integration may break reconciliations or alerting rules before a stable alternative exists.
How to put it into practice
Design day one around obligations that cannot be interrupted. Keep alternate responsible parties for bank, reports, alerts and response to the authority. Brand changes can wait; a blocked reconciliation or list cannot. Test each migration with controlled data and a rollback plan. The transition committee's decisions must identify the accepted risk and the follow-up condition. The plan ends when the new operation generates complete evidence without depending on the selling team, not simply when management is changed.
Stress test
Frame day one with an alert about to expire, a bank return and an authority request. Each event needs an authorized responsible party, an available system and a decision path before migrating brand or secondary processes. The transition is considered stable when the buyer executes a full day, reconciles results and keeps evidence without resorting to credentials, personnel or repositories controlled by the seller.
Legal basis
- General Law of Auxiliary Credit Organizations and Activities (text in force) — articles 81-A Bis, 81-B, 81-D, 86 Bis and 95 Bis, depending on the topic.
- Legal provisions applicable to money transmitters — DCG derived from article 95 Bis and its amendments.
Entity without operations: governance and AML do not go on pause
Decision point
An inactive entity maintains obligations of governance, registration, training and reports that are applicable. Zero responses are prepared with a single cutoff and are supported by banks, databases, contracts and technology environments. The subsequent start of operations requires a formal decision based on tests of the complete journey.
Checklist
- Approve a pre-operational policy and start-up criteria.
- Maintain periodic obligations and zero-state evidence.
- Revalidate the manual and system before activating customers.
Observed pattern
In an anonymized questionnaire, the zero responses only proved solid when accompanied by banking, technological and corporate support from the same cutoff.
Frequent risk
Confusing not operating with suspending compliance leaves gaps precisely in the period that the authority may ask to explain.
How to put it into practice
The zero-state cutoff must cover platform, banks, providers and accounting. Explain any capital movement, expense or test that does not constitute a transaction with a user. Maintain training and manual review even if there are no transactions; the risk changes as the launch approaches. The governing body must approve concrete criteria to activate production. Before doing so, run scenarios of enrollment, rejection, alert, return and report. The entity demonstrates control when it can explain both its inactivity and the subsequent decision to begin.
Stress test
The absence of customers is not equivalent to the absence of events. Separate capital contributions, payments to providers, technical tests and user transactions by means of accounting and operational codes. The board must receive that reconciliation and approve objective launch conditions. Before opening, test rejection, blocking, return and report; in this way the first real movement does not function as an improvised test of the control framework.
Legal basis
- Legal provisions applicable to money transmitters — DCG derived from article 95 Bis and its amendments.
- General Law of Auxiliary Credit Organizations and Activities (text in force) — articles 81-A Bis, 81-B, 81-D, 86 Bis and 95 Bis, depending on the topic.
Legal basis
- General Law of Auxiliary Credit Organizations and Activities (text in force) — articles 81-A Bis, 81-B, 81-D, 86 Bis and 95 Bis, depending on the topic.
- Legal provisions applicable to money transmitters — DCG derived from article 95 Bis and its amendments.
- Requirements to obtain registration as a money transmitter — RECC-TD portal and official list of requirements.
Next step
SVA.LAW can review Corporate changes, control, governance and the Compliance Officer within the specific model and turn the analysis of Money Transmitters and Payments into decisions, responsible parties and evidence of implementation. Start a conversation.