The Bitcoin Law (Decree No. 57) published in the Official Gazette of June 9, 2021, entered in force on September 7, 2021. Furthermore, the Regulation of the Bitcoin Law (Decree No. 27) which was published in the Official Gazette of August 27, 2021, shall entered into force on September 8, 2021.
The entry into force of the Bitcoin Law implies that Bitcoin will be used as legal tender in El Salvador alongside the US dollar.
But what should companies do to become a legal Bitcoin Service Provider?
Pursuant to the Regulation of the Bitcoin Law, companies that wants to offer their services as a Digital wallet, Digital Exchange Houses, Payment services, and any other agent involved in the products or services, such as: custodians and technology providers related to bitcoin, would not be required to establish and maintain a local regulated entities in El Salvador.
However, pursuant to Article 3 of the Regulation of the Bitcoin Law, to become legal Bitcoin Service Provider companies will be required to obtain a registration in the Registry of Bitcoin Service Providers of the Salvadoran Central Reserve Bank (“Banco Central de Reserva” or BCR), and must submit to the BCR within 20 business days after the entry into force of the regulation of the Bitcoin Law: (i) the Registration Form and (ii) a digital copy of the corporate constitutional documentation and ID´s (e.g., Passport) of its shareholders and legal representative.
Companies would also be required to comply with the following Standards of Conduct established by Article 4 of the Regulation of the Bitcoin Law:
- Maintain a Anti Money Laundering (AML) program in accordance with the Salvadoran Anti-money Laundering Law (Decree N°948) and the best international practices articulated by the Financial Action Task Force (FATF),
- Uphold the clients' assets with a high degree of care through the implementation of policies and procedures designed to prevent their loss, theft or damage,
- Keep books and records that accurately reflect the assets, liabilities and equity of the Bitcoin Service Provider, as well as records of the customers’ accounts that reflect the data obtained from each customer and the relevant information for each transaction
- Keep a record of complaints, which shall include the name of each customer, the nature of the complaint, any solution or remedy and its date,
- Publish on its website and in the User terms, the contact information of the Superintendence of the Financial System (“Superintendencia del Sistema Financiero” or SSF) in order to be contacted in case of any unresolved complaints,
- Maintain a cybersecurity program tailored to the measure of the services offered,
- Maintain a physical security program (PHYSEC) and a disaster recovery plan (DRP) tailored to the measure of the services offered,
- Maintain a solution plan that provides an efficient liquidation of the Bitcoin Service Provider in the event of insolvency, and
- Maintain a policy of limits for the transactions carried out through its platforms in accordance with customer due diligence programs, Risk management, AML and other financial crimes.
In line with the above, in compliance with the Bitcoin Law, the BCR has issued the "Technical standards to facilitate the participation of financial institutions in the bitcoin ecosystem" (hereinafter the “Technical Standards”), and the “Guidelines for the authorization of the operation of the technological platforms for bitcoin and USD” (hereinafter the “Guidelines”), which are intended to regulate the operation of the Bitcoin services.
- Banks,
- Cooperative Banks,
- Credit and Savings Entities, and
- Electronic money providers
To provide services as a third-party provider, companies shall have in place a contract for services with a subject obliged pursuant to the terms and conditions established in the Technical Standards (hereinafter the “Service Contract”).
The Service Contract for third-party providers of services must include, at least, the following terms and conditions:
- Nature of the service provided and its description,
- Term of the Service Contract,
- Frequency, structure and technical specifications of the services to be provided,
- Commissions and other compensation involved in the business agreement,
- Any service provided,
- agreements that the third-party provider complies with the Law and will operate in accordance with the Law,
- Statement that the subject obliged may have access to the service provider records,
- Process for addressing customer complaints and delivering the information to customers,
- services Insurance coverage,
- the security measures and human resources capability to carry out the bitcoin and dollar exchange operations and services,
- liability of the third-party provider to cooperate in conjunction with the subject obliged if there is an inspection by the SSF or another authority,
- the liability and prohibitions for each party,
- Each parties’ duties for the operation of the business,
- Compensation methods that establish the distribution of risks between the parties, and
- Other elements that are considered necessary for the service contract.