Introduction
During 2021, the Office of Companies of the City of Buenos Aires -“Inspección General de Justicia”- (“IGJ”), issued a series of Resolutions regarding the identification of the ultimate beneficial owner (“UBO”). All these resolutions raise the following questions: Who has access to this information once it has been delivered? Where and for how long will the IGJ store the personal data? Will anyone else be able to have access to it?
Regulatory Aspects
The applicable resolution regulated the issue of the UBO and, more specifically, the way to proceed in cases where there is no beneficial owner (General Resolution of the IGJ 8/2021, dated May 13th, 2021, in its 4th article – currently repealed).
The regulation established that when declaring the non-existence of an UBO, it had to be documented that: (a) all the shares of the last controlling company were listed on the stock exchange; or, (b) the ownership of the shares presented such a degree of dispersion among the natural persons owning such shares, that none of them reached the ownership of the minimum percentage contemplated by the applicable regulations (subsection 6°, of article 510, of General Resolution IGJ No. 7/2015).
However, such regulation was subsequently repealed and, since then, the definition of ultimate beneficial owner is equal to the definition established by the Financial Information Unit (for its acronym in Spanish, “UIF”).
As a consequence of the application of the UIF definition, the minimum shareholding percentage to be identified as ultimate beneficial owner was reduced from 20% to 10%. In addition, in the absence of a beneficial owner that can be identified in the traditional sense, the person responsible for the management, administration or representation of the company, for example, the Chairman of the board of directors, will be considered as the ultimate beneficial owner.
As a result of this amendment, the question as to the treatment that the IGJ will give to the personal data provided on these natural persons arises again.
Personal Data
The information requested is name and surname, identification number, real domicile, nationality, profession, marital status, percentage of shareholding, tax identification numbers CUIT/CUIL/CDI, and date of birth.
The purpose of requiring this information is to prevent money laundering and terrorist financing and, in addition, to report suspicious transactions to the UIF.
In order to comply with the requirements of the IGJ, it is important to examine the regulatory framework of personal data in our country, applicable to both private and government entities (Law No. 25,326 on Personal Data Protection, and Regulatory Decree No. 1558/2001).
It should be noted that it is unlawful to process personal data without the consent of the data owner. However, consent may be dispensed when the data is obtained for the exercise of the functions of the public authority or under a legal obligation. Under these exceptions, it is lawful for the IGJ to request the beneficial owner’s data.
The right to information
The Personal Data Protection Law establishes certain formalities that must be complied with when collecting personal data, to protect the data owner. In this regard, the law requires that the owner of the data must be provided with express and clear information regarding the purpose for which the data is collected, who may be the recipient, whether third parties will have access to such data, the identity of the person responsible for the database, the possible existence of a database, whether it is mandatory or optional to provide the data and the consequences of refusing to do so or of providing inaccurate data, as well as all the rights of the owner of the data (Section 6, Personal Data Law).
Accordingly, Section 4 of Regulatory Decree 1558/2001 also establishes that in order to determine the trustworthiness/and good faith in the collection of personal data, as well as the destination of the data, it must be analyzed the procedure carried out for the collection and, in particular, the information provided to the data owner in accordance with Section 6 of Law No. 25,326.
It would be interesting to explore a mechanism through which the IGJ could provide the information required by the Personal Data Law.
Current status
In January 2022, the IGJ developed an application to generate three different affidavits where the information of the UBO must be included. These affidavits allow to declare the UBOs with direct participation in the legal entity, the UBOs with indirect participation in such legal entity, and, newly, the natural person responsible for the management or representation of the company, who will be considered, for the purposes of the UIF regulations, as UBOs.
However, the question about the care of personal data remains, since the IGJ does not yet informs who the legal keeper of this information is, who may have access to it, nor the legal effect in case personal date is not filed as requested.
This report should not be considered as legal or any other type of advice by Allende & Brea.
1- It should be noted that the Personal Data Law defines personal data as “[i]nformation of any kind referring to natural persons or determined or determinable ideal existence” (art. 2 Personal Data Law), while data processing is defined as “[o]perations and systematic procedures, electronic or not, that allow the collection, conservation, arrangement, storage, modification, relation, evaluation, blocking, destruction, and in general the processing of personal data, as well as its transfer to third parties through communications, consultations, interconnections or transfers” (art. 2 Personal Data Law).
