Press Room

1 December, 2021

Fintech sector in LATAM: a comparative law review.

Latin America represents an attractive region for the global Fintech sector due to the gradual y daily adjustments of the bank services and technology, from which the population benefits.

Likewise, Fintech industry in LATAM represents a great benefit for the region, since it promotes financial inclusion, and thus, the economic development of several growing economies.

Although the Fintech industry had been growing considerably in the region, the Covid-19 pandemic brought even greater scalability in this sector due to the need to use technology on a day-to-day basis aiming to overcome the global crisis caused by the contingency, which has resulted in multiple business opportunities for the sector.

Due to the presence of Fintech sector companies in their markets, various LATAM countries have found necessary to adapt their legislations and regulate those companies, to promote their inclusion in the financial system and provide legal certainty to their users.

In view of the above, the #EcijaTeam of Argentina, Brazil, Chile, Colombia, El Salvador, and Mexico, prepared this review with the aim of sharing the general and comparative aspects of the legal treatment of the Fintech sector to this date, in each one of these LATAM countries.

Does the country have specific legislation on Fintech?


Here is no comprehensive and exhaustive regulation for the Fintech sector.

Therefore, there are Fintech verticals that are regulated, others are in regulatory process and there are others without regulation. For example, the following:

  • Equity Crowdfunding or capital: regulated by Law 27.349 for Entrepreneurial Capital Support 1 (the “Entrepreneurial Capital Support Law”).
  • Crowdlending: It is not
  • Crowdfactoring: It is not
  • Payment Services Providers (PSP): the Central Bank of the Argentine Republic (CBAR) issued Communications “A” 6859/2020 and 6885/2020 and their amendments and supplements 6929/2020, 7163/2020, 7164/2020 and 7226/2020 (currently having an ordered text). These are the first CBAR’s regulations that are aimed at directly regulating the activities of the Fintech companies, provided they fit within the PSP’s
  • Non-Financial Credit Providers: Applicable to, legal entities that, without being financial entities, regularly offer credit to the public, regulated by Communication A CBAR 5593 and amendments, with updated orderly
  • Factoring: regulated in article 1.421 and subsequent articles of the Civil and Commercial Code 99.


The Brazilian financial sector is highly regulated by laws and regulations issued by the sector’s regulatory authorities, such as the National Monetary Council (NMC), the Central Bank of Brazil (CBB) and the Transferable Securities Council (TSC). The financial area requires legal certainty to generate confidence in consumers; therefore, similarly, a series of measures and rules also govern the operation of Fintech companies in the country.

The first regulation of Fintech companies in the country was Law 12,865, of 2013, which created the Brazilian Payment System (SPB) that comprises two Fintech categories: payment arrangement institutions and payment institutions. The latter are institutions that conduct payment activities other than financial institutions. This law also granted to the National Monetary Council and to the Central Bank of Brazil the power to issue rules to regulate these companies.

Even though Fintech companies have existed in Brazil since the beginning of 2010, it was only from April 2018 that those companies became subject to specific legislation.

The NMC issued the following 3 resolutions that establish the two categories of Fintech companies and regulate their operation:

  1. Resolution 4,656 of April 2018: Defines the Direct Credit Companies (DCC) and the Interpersonal Credit Companies (ICC), including the Fintech companies in their regulations. The resolution also establishes prohibitions for the ICC, and a limit of R$ 15,000.00 (fifteen thousand reais) for transactions between a mixed creditor and debtor in the same Company. It also establishes the requirements and proceedings to obtain an authorization to operate, transfer corporate control, for corporate reorganization and for the cancellation of authorization for both ICC and DCC.
  2. Resolutions 4,657 and 4,658 of April 2018. Allow the conduction of operations such as custody, sale of credit orders and securitization without the need of mediation of a bank, and establish the measures and information security standards applicable to Fintech companies for the protection of the data treated.

According to the resolutions mentioned above, the following two Fintech categories were established:

  • Direct Credit Company (DCC): It is a Financial Institution with the purpose of granting loans, financing and acquisition of credit rights exclusively through a digital platform, using financial resources that have its own capital as the only
  • Interpersonal Credit Company (ICC): It is a Financial Institution with the purpose of conducting loan and financing operations between persons (i.e. “peer-to-peer lending”) exclusively through an electronic platform.


There is no comprehensive and exhaustive regulation for the Fintech sector. However, in 2018, at the initiative of the Commission for the Financial Market (CFM), the first draft of the Fintech Law for the securities market was created, with the ultimate objective of correcting the legal vacuum that existed up to that moment. Since then, the bill has gone through several stages, including a public consultation, and recently was sent to Congress for its discussion.

The bill aims to regulate the new financial business models emerging in the market in order to ensure legal certainty, determining which entities and/or services shall be subject to the regulations and the specific requirements to be met for the conduction of their activities.


There are multiple regulations applicable to Fintech companies.

As a general rule, the same regulation that applies to traditional banking applies as well to FinTech and digital banking, according to the following:

  • Political Constitution: regulates financial activity in its articles 335 and 150 section 19 subsection d.
  • Organic Statute of the Financial System (OSFS): it is the most important legal regulation on the

• Laws 1328 of 2009, 1266 of 2008, and 2009 of 2019.

  • Law 1430 of
  • Decree 2555 of 2010, sole regulation for the financial and insurance sector.

• Basic Legal Circular -BLC- of the Financial Superintendence of Colombia -FSC-.

Likewise, specific regulations have also been issued to promote innovation within a legal framework that guarantees compliance with safety and risk management standards, as well as the protection of consumers’ rights, according to the following:

•  Article 166 of the National Development Plan – Law 1965 of 2019.

  • Law 1735 of 2014, issued for the purpose of bolstering the transactional and low-value payment sectors in

• Decree 222 of 2020.

  • Decree 1234 of 2020, which amends the regulation of the regulatory Sandbox of the
  • InnovaSFC Financial and Technological Innovation Working Group of the FSC Investigations Directorate, in charge of the regulation, inspection, surveillance and control of Fintech
  • Decree 2443 of 2018, regulating mobile banking, which authorizes credit institutions to invest in investment and financial technology companies, which will not be allowed to provide financial
  • Decree 1235 of 2020 (complementary to Decree 1357 of 2018), regulatingDecree 1692 of 2020, transactional strengthening of the economy.
  •  External Circular 029 of 2014.

E L  S A L V A D O R

There is no special regulation for the Fintech sector. However, the following legislation exists:

  • Law to Facilitate Financial Inclusion, which was approved by the Salvadoran Congress in accordance with Legislative Decree 72, published in the Official Gazette 160 Volume 408 dated September 3, 2015; it has been amended on two occasions: by Legislative Decree 592, which was published in the Official Gazette 37 Volume 414 dated February 22, 2017; and, by Legislative Decree 464, published in the Official Gazette 219 Volume 425 of February 20, 2019; it sought to regulate the incorporation and operation of the Companies that provide services to supply Electronic

•   Law for the Supervision and Regulation of the Financial System.

  • Law for Cooperative Banks and Savings and Credit

•  Technical standards for internal auditing for the Financial System members (NRP-15).

  • Standards for the Management of Operational Risk of Financial Institutions (NPB4-50).

•    Technical Standards for Comprehensive Risk Management of Financial Institutions (NRP-20).

  • Technical Standards for the Management of the Risks of Money and Asset Laundering and Terrorism Financing (NRP-08).

•  Bitcoin Law.

  • Bitcoin Law’s

•  Electronic Commerce Law.

  • Consumer Protection


here is specific legislation for the Fintech sector, according to the following:

  • Law to Regulate Financial Technology Institutions in Mexico, also known as the Fintech Law: whose purpose is to regulate financial services provided by innovative means, as well as the organization, operation and functioning of those
  • Secondary provisions issued by the regulatory authorities within the scope of their responsibilities, for instance, the following:
  • Provisions regarding article 58 of the Fintech Law: concerning anti-money laundering for financial technology

– Sole Circular for Financial Technology Institutions:

concerning financial technology institutions.

  • EPFI Circular of the Bank of Mexico: regarding electronic payment fund institutions (EPFI).
  • Circular 4/2019 of the Bank of Mexico (Virtual Assets): applicable to credit institutions and financial technology institutions in transactions involving virtual
  • Circular 5/2019 of the Bank of Mexico (Innovative Models): applicable to innovative
  • Circular 6/2019 of the Bank of Mexico: applicable to collective financing institutions in transactions made in foreign
  • Circular 8/2019 of the Bank of Mexico: regarding the participants of the interbank electronic payment

What general requirements must be met to operate as Fintech companies?


To the date of this review there is no comprehensive and exhaustive regulation for the Fintech sector, therefore, it is not possible to provide the general requirements to operate as a Fintech company.


To operate as a Fintech company, whether as a (Direct Credit Company (DCC) or Interpersonal Credit Company – ICC), an authorization must be granted by the Central Bank of Brazil (CBB).

The CBB, in addition to requesting information about its partner members, shall verify the origin and the respective financial movement of the resources used in the Fintech company by the controllers and verify if there is compatibility of the economic-financial capacity with respect to the size, nature and purpose of the company.

In compliance with art. 25 of resolution 4656/2018, DCCs and ICCs must be incorporated as stock companies and observe the minimum limit of R$ 1,000,000.00 (one million reais) in relation to the paid- in capital and the accounting capital.

According to article 29 of the mentioned resolution, the requirements to apply for an authorization to operate as DCC or ICC consist of:

  • The company must be incorporated in compliance with current legislation;
  • The share capital shall be integrated and paid to the CBB in accordance with Law 4,595 of 1964; and
  • The members of statutory bodies shall be elected or appointed, subject to current

Additionally, the application to operate as DCC or ICC must be filed with the project guidelines, in accordance with article 31 of resolution 4595/64.


The Fintech Law draft indicates that entities and or services must be subject to the regulations and that will be subject to the supervision of the Financial Market Commission (FMC). These entities are: crowdfunding platforms; alternative transaction systems; credit counseling services; investment services; custodial services; order routing services; and financial instrument brokerage services.

For the provision of each of the services, it will be necessary, first, that the legal entities incorporated are registered at the Financial Services Providers Registry that will be held by the FMC and, second, that they have as their exclusive business the provision of those services. Some entities will be exempt from this obligation, including stock exchanges and intermediaries that provide services as collective financing platforms and alternative transaction systems, or banks and securities intermediaries that provide order routing and financial instrument intermediation services.

In addition, those aiming to provide the services regulated by the Fintech Law must prove to the FMC that they have met the requirements associated with the level of risk of each service provided. Among others, it will be necessary to prove that they have the systems and procedures necessary to comply with the information and dissemination obligations to their clients determined by the law or demonstrate that they have sufficient operational capacity, expertise and guarantees to provide their services.

Furthermore, it is important to highlight that those providing financial instruments intermediation services, routing of orders or custody of financial instruments, must lodge a guarantee to compensate those contracting their services for any potential damages caused by their actions.


Normally, if the corporate purpose of the company that is going to operate in Colombia involves the activities regulated by article 335 -massive collection of resources from the public or those established therein- of the Constitution, then it must have a legal authorization in accordance with the OSFS and the BLC of the Financial Superintendence of Colombia (FSC),

i.e. to be incorporated as a company supervised by the FSC. However, some Fintech companies that do not conduct these types of activities may be covered by other types of authorizations such as those of the Specialized Companies in Electronic Deposits and Payments (SCEDP), as well as those of payment services providers such as payment gateways. Additionally, there are special legal authorizations to conduct financial activities such as those of the decrees that regulate crowdfunding.

In accordance with article 166 of Law 1955 of 2019, those who “intend to implement innovative technological developments to conduct activities corresponding to the entities supervised by the Financial Superintendency” are authorized to incorporate an entity and operate temporarily according to the conditions and requirements that are defined in prudential standards. Thus, the National Government, with the endorsement of the Republic’s Congress, enabled special conditional licenses for Fintech companies aiming to conduct an activity subject to the surveillance and control of the FSC.

E L      S A L V A D O R

The services to be provided, whether as an entity regulated or not regulated by the Financial System Superintendency (FSS), must be provided directly through a legal entity. Normally, Public Limited Companies will be used, whether they have a fixed capital or a variable capital.

In such companies, the provision of financial services must be stipulated within their business line, which must be expressly stated in order to be punctual, therefore, any activity related to the provision of financial services through information technologies is included in the ordinary course of business of the company.

Some of these Companies will have to be incorporated under the scope of Fixed Capital (all those companies engaged in raising funds from the public, including the provision of electronic money services), or, under the scope of Variable Capital in order to avoid setbacks while obtaining permits required by the public administration (as applicable).

Within the specific requirements for each of the service providers, generally speaking, they must comply with the provisions of each of the applicable regulations of the FSS, Central Reserve Bank (CRB), the Assets and Money Laundering Law, Bitcoin Law and their applicable regulations, among others.


An authorization must be obtained from the National Banking and Securities Commission (NBSC), which requires to meet the following requirements:

To be incorporated as a Stock Corporation, to include in its name the type of Financial Technology Institution (FTI) for which authorization is requested, to establish in its corporate purpose any of the activities regulated by the Fintech Law, to expressly submit to the provisions of the aforementioned law, establish its domicile in Mexican territory, set a minimum capital that may be differentiated by activities or risks, and have the necessary governing bodies and corporate structure.

In addition, it must have policies on accounting separation, disclosure of risks, responsibilities to its clients, operational risks control, information security, client’s identification control, solution of possible conflicts of interest, prevention of frauds and transactions involving illegally – sourced funds and terrorism financing.

Does the Fintech regulation follow a rigid model, that is, with limited margin to adapt to the changes taking place, or is it a flexible model that allows it to readjust to this very dynamic industry?


In Argentina, the position of the legislator and of the control agencies has been to hold on, observe and accompany the development of the technology finance “Fintech” industry. It has grown rapidly, gaining enormous importance for providing readiness and competition to the financial sector, and forcing traditional players to keep up the pace towards innovation.

In recent years, both the Central Bank of the Argentine Republic (CBAR) and the National Securities Commission (NSC) have issued various regulations that impact the financial services industry. Most of these regulations are not specifically directed to the Fintech industry, but rather focus on the type of activity (loans, financial intermediation, insurance, capital markets agents, brokers, collective financing, etc.) without discriminating whether those activities are carried out through digital platforms (Fintech) or if it is carried out by traditional companies. One of the exceptions where a Fintech-focused regulation has been seen is in the segment of payment means, more specifically in relation to payment system providers: the recent Communication “A” 7328 issued by the CBAR establishes security measures on “Electronic Wallets” aiming to prevent frauds to the users of these financial services.

The CBAR, which created an innovation bureau to discuss developments and new technologies that are incorporated into the financial sector regulations, is very active and new regulations are expected to be issued in the coming months. A statement has been released anticipating the new standard on Transfers 3.0, regarding the interoperability of QR codes.


Recently, the Brazilian authorities (TSC and CBB) have expanded the possibilities of action and conformation of DCCs, allowing them to conduct operations, not only with their own resources, but also with resources from public development banks. In addition to offering the payment account through the issuance of electronic currency, DCCs will be able to issue credit cards and other post-payment instruments to their customers, increasing the products available, as well as assigning their credits to different types of investment funds. The regulation also exempted DCCs from the authorization requirement of the CBB for some modalities of issuance of post-payment instruments.

The Open Banking process itself and the implementation of “PIX” (instant payments platform and exchange of data between institutions) embody a never seen before dynamism in the national market of payment methods and financial institutions, even though the regulatory burden is still considerable for agents.

While the speed of innovation and disruption involving Fintech companies require that the laws regulating them to be are flexible and generic, in order not to miss their purpose with the rapid changes in the digital financial market, these characteristics also make governmental supervision even higher.

For this flexibility to be possible with all the security required by the regulations, it is necessary for all companies operating in this market to implement customized programs to Financial and Data Protection Compliance regulations. Compliance risk prevention measures are fundamental, without prejudice, obviously, of compliance with other applicable regulations.

Within the Compliance universe, one of the main topics is Anti-Corruption and PALTF Compliance (Prevention of Asset Laundering and Terrorism Financing).

In 2019, the TSC authority published TSC Instruction No. 617, which establishes the policy for the anti- asset laundering and terrorism financing, in addition to establishing the internal risk evaluation and presenting rules, proceedings and internal controls in this subject-matter.

Within the framework of the Central Bank of Brazil, in 2020 Circular No. 3978 was published, establishing the Compliance Policy of institutions authorized by the Central Bank. According to Circular 3978, the institutions must have, as a minimum: i) the guidelines for the definition of roles and responsibilities for the fulfillment of the obligations referred to in the Circular; ii) the definition of proceedings aimed at the evaluation and prior analysis of new products and services, as well as the use of new technologies, considering the risk of money laundering and financing of terrorism.

In addition, CBB’s Circular Letter No. 4001 of 2020 contributes to Financial Compliance since it includes a list of operations and situations that may constitute evidence of the occurrence of money laundering or financing of terrorism.

Finally, for Data Protection Compliance, there is a requirement to comply with the new General Law for Data Protection (Law 13.709/2018 – GLDP) which establishes a series of duties on companies in general to guarantee the privacy rights of interested parties, including rules for obtaining consent for the processing of personal data.

Furthermore, Fintech companies must also comply with Cyber Security regulations. The Resolution 4658 of 2018 of the CBB defines the cybersecurity policy (CSP) and the requirements and proceedings for contracting processing and cloud data storage and computing services to be observed by financial institutions.


The Fintech Law bill in Chile is based on five basic pillars: proportionality, neutrality, comprehensiveness, modularity and flexibility. It is the latter pillar which aims for the new regulation to allow the coexistence of different business models and technological innovations and that the changes that are gradually taking place do not require to constantly adapt the basic regulations.

To achieve this objective, it is necessary that the Fintech Law becomes the general framework standard for the development of subsequent technical or administrative standards. Under this scheme, necessary changes or updates would be applied to the rules supplementing the law, allowing the system to have greater flexibility and efficiency.


Financial regulatory authorities in Colombia have sought a design that allows them to dynamically adapt to the changes and innovation within the Fintech ecosystem. The Financial Superintendence of Colombia (FSC), as the highest inspection, surveillance, and control authority of the financial activity, has various instruments that give flexibility and dynamism to its intervention on the market, its agents and the new business models that have arisen in financial matters within the framework of the impact of Information and Communications Technologies (ICT) in the sector. Likewise, the legislation has sought the participation of more players in the various financial markets, encouraging innovation through various types of special authorizations for agents aiming to participate in financial activities, for example, through the aforementioned recent special authorization for Fintech.

Among the instruments of the FSC for the dynamic management of the changes and innovation occurring in the financial sector, it has those of the InnovaSFC group, which include: 1) the Hub as a “space that serves as contact point with the FSC for those interested in the Fintech environment … seeks to have a close dialogue with companies in the sector that need some kind of support, advice, guidance or feedback … “, 2) Regtech, which is an “initiative to meet developers to leverage innovation within the FSC, optimizing internal processes and reducing operational burdens for the sector”, 3) the Sandbox as “… a specific framework defined by the FSC to conduct tests of technological and financial innovations in a controlled and supervised space.

E L     S A L V A D O R

Local legislation is rigid and, therefore, it will be the legislator who, through the law-making process, will have to issue, reform, or repeal the laws on this subject-matter that are no longer functional.


The Fintech Law establishes the foundation and a minimum regulation that must govern the Financial Technology Institutions. It leaves the regulatory development to the secondary provisions to have greater flexibility and for the legal framework to adapt to the constant dynamism of this highly innovative sector.

The Fintech regulation creates room for innovation in technological financial services through “Novel Models”, also known as “Sandboxes” that promotes disruptive services in a controlled manner.

The growth of financial technology companies in Mexico in the last three years is proof that Fintech regulations have resulted in a flexible and adaptable model for a cutting-edge sector, and have served to integrate technological financial services, providing them with greater legal certainty.

What legal gaps exist in Fintech regulations?


As described in the previous sections, certain aspects have been covered by regulation in Argentina, there are verticals currently in the regulatory process and others that do not have a specific regulation. Currently, there are many gaps and it is expected that the regulator can provide an effective response to promote the development of the sector. An issue directly linked to the operation of Fintech companies that grant loans is the lack of equality of the electronic signature to the digital signature, or that the electronic signature is not being considered as “sufficient” to summon a debtor to acknowledge it. This brings practical consequences and claims of the sector since under current regulations the courts are considering that loans signed with the electronic (not digital) mode are not suitable to enable executive proceedings, and must therefore be processed through the ordinary course, with the complexities and delays it may imply and that prolong the credit recovery.


The regulations issued by the Central Bank of Brazil (CBB) on payment arrangements and institutions follow an exclusion criterion, which means that companies that fall under the limits defined by CBB or, alternatively, those that do not comply with its criteria, fall outside of this regulation.

In general terms, the CBB and the National Monetary Council are always alert to the impacts of Fintech operations on the economy and, if they identify any risk, they intervene as oversight authorities.


The Fintech Law bill does not clarify some specific aspects such as the course of business or the means of payment. Nor does it adequately define the suitability of companies to provide these types of services, which could cause uncertainty when analyzing whether an entity meets the minimum requirements.

It would be advisable for the future law to clarify the regime for companies providing different types of services, some considered Fintech and others not. Will all services be subject to the requirements of the Fintech standard and to the FMC’s supervision, or only those identified as such?

Lastly, the Fintech Law bill does not regulate crypto assets.


Although Colombia has made progress in Fintech regulation on various aspects, including, the InnovaSFC program, as well as the issuance of sectoral regulations such as crowdfunding decrees and investment in fintech companies; “… it is necessary to provide greater regulatory scalability to the sandbox and strengthen inter-institutional coordination between the entities that regulate the Fintech activities, in order to follow good international practices in this subject-matter.” Thus, the challenge of the sandbox is to allow the supervisor to have a perspective that switches the focal point and facilitates regulatory flexibility through the temporary exemption of financial regulation, always within the framework of inter-institutional cooperation. If the latter does not exist, there is a risk of not taking into account all the regulatory aspects applicable to innovation in the sector.

As will be further explained, the country does not have a clear legislation regarding the regulation of crypto assets and/or cryptocurrencies.

E L  S A L V A D O R

The Congress shall legislate subjects such as Fintech, likewise, it shall take into account financing models such as “crowdfunding”, and the possibility of incorporating the so-called regulatory sandboxes. The latter, will allow within specific areas (Fintech, electronic signature, etc.), to be able to take advantage of the fact that [national or international] players from the FinTech, InsurTech, RegTech environments may have the option to start providing services, with a looser regulatory regime for a set period of time, in order to stimulate investment in specific industries.


The “Robo Advisor”, understood as financial advice via automated mechanisms based on artificial intelligence and predictive models, is not regulated by Fintech regulations, but in an “outdated” manner in the Securities Market Law.

The Fintech regulations do not authorize the exchange of cryptocurrencies amongst the public at large, only banks and Financial Technology Institutions can conduct such activity internally with the authorization of the Bank of Mexico in accordance with circular 4/2019 issued by the same authority, which turns out to be inaccurate. The above has caused this sub-segment to migrate to other countries, e.g. to El Salvador that recently approved its “Bitcoin Law” granting it the status of legal currency.

Furthermore, it is relevant to note that “Reg-tech” and “Insur-tech” are not covered by the Fintech regulations. Insurance technology is addressed only in the amending circular 5/19 of the Sole Circular of Insurances and Bonds issued by the National Banking and Securities Commission, which is also vague.

Is Open Banking (availability of clients’ financial information to develop and offer new financial services) regulated in the country? If so, is this regulation included within the Fintech regulations or separately?


The Open Banking model regulated by law today does not exist in Argentina. However, there have been cases of its use in the market that take certain characteristics from Open Banking and that provide the final user with a similar experience. One of the pioneers in laying the first foundations in pursuit of moving towards a more open and collaborative ecosystem is the case of the INDB (Industrial Bank).

The Argentine market kept advancing in regulatory matters as well as in infrastructure. The new regulations greatly favor interconnectivity between banks and the rest of the financial ecosystem (Fintechs among others), in turn, products were generated that will facilitate the implementation of Open Banking in the future.

The Central Bank of the Argentine Republic and the ecosystem have worked hard on interoperability: the uniform virtual key (UVK), immediate transfer, payments with transfers and the interoperable QR, are developments that position Argentina at the forefront in the region in terms of infrastructure of payments. Especially considering the possibility of interoperating between a bank account and a uniform virtual key of a PSP.

In sum, nowadays, Argentina does not have regulation nor standardization of the APIs that could allow to approach to an European-style Open Banking model.


In 2020, the National Monetary Council and the Central Bank of Brazil (CBB), issued several rules on Open Banking Financial System.

The Resolution issued by the National Monetary Council 1/2020 defines Open Banking as the standardized exchange of data and services through the opening and integration of systems in the financial market.

Circular 4.032 of the CBB defines the initial structure responsible for the governance of the implementation process of the Open Banking in Brazil, establishing a Deliberative Council, Technical Groups and a Secretariat responsible for the management and implementation of the Open Banking Financial System.

On the other hand, CBB’s Circular nº 4015 regulates the scope of the data that will be shared by the Open Banking system. Institutions authorized to operate by the Central Bank of Brazil, from November 2020, may participate in the Instant Payments System (IPS) established by CBB’s Circular No. 4,027; a centralized infrastructure for the settlement of instant payments.

Finally, through an innovative initiative in the Brazilian market, the Monetary Values Commission (MVC), through Normative Instruction 626/2020, created a Regulatory Sandbox for Fintech companies. It consists of an environment structured and controlled by the MVC, which allows the experimentation of new business models in a supervised environment within the standards and security required by the MVC. In the Regulatory Sandbox, the Fintech companies receive a specific authorization to develop a regulated activity in a different regime than that provided by the law, with the purpose of creating new solutions and encouraging innovation.


Indeed, the Fintech Law bill incorporates in the same text the concept of Open Banking and regulates its basic principles. The main purpose of this regulation is to generate the exchange of information in the financial system in a way that influences the type of services that reach potential users. The main consequence of the above is that large customer databases that can be managed by banks or insurance companies can be shared, with prior authorization from the data owners, to create new financial services with them.


The Financial Regulation Unit (FRU) of the Ministry of Finance and Public Credit of Colombia is working on the Open Banking regulations and in 2020 issued the working document “Open Banking and portability in Colombia”. In the document, the entity indicates:

“In order to accelerate financial digitization, innovation and the promotion of electronic payments, the Financial Regulation Unit (FRU) proposes to adopt a voluntary regulation of Open Banking in Colombia, for which a methodology of public-private discussion is proposed that will be developed in 2021 and that nourishes the definition of the regulatory framework required for the secure exchange of information.”

The FRU defined the following work plan: first stage

-first semester of 2021- “… workshops and exploration desks between the authorities and the industry” and the implementation model will be defined as well as the implementation roadmap. The second stage -second semester of 2021- aims to issue the necessary regulation for implementation depending on the model to be used, as well as to develop such implementation phase.

E L  S A L V A D O R

Personal Data protection has not yet been regulated; however, their Consumer Protection Law orders that any profiling that can be carried out through data processing must be based on the informed consent granted by the owner of the data. Likewise, good practices based on European regulations such as the General Data Protection Regulation of the European Union [GDPR], must also be supported by “privacy by design” systems. This means that the data treatment shall be based on the informed consent of the data owner regarding its collection, insertion and/ or exclusion, cancellation, or its transfer between related or unrelated companies.


The Fintech Law provides guidelines for “Open Banking”, providing that Financial Technology Institutions have the obligation to establish standardized computer application programming interfaces (APIs), which enable the exchange of open, aggregated, and transactional financial data, in accordance with circular 2/2020 issued by the Bank of Mexico.

The definition of the technical specifications of the APIs is limited to clearing houses, banks and credit reporters and to one of the data segments, the open ones (for example, number of branches, location, services offered, interest rates, etc.). The other segments are aggregate data (for example, statistics on cash withdrawals, credit applications, etc.) and transactional data (for example, customer balances, investments, operations, etc.).

Are crypto assets somehow regulated?


Currently, there is no specific regulation on crypto assets, which, although indirectly recognized, are not accepted as legal tender in Argentina as has happened in other countries. However, according to subsection 4) of article 2 of Income Tax Law No. 27430, and its amendments, cryptocurrencies are subject to taxes. Furthermore, Resolution No. 300/2014 of the Financial Information Unit (FIU), included transactions with cryptocurrencies in the list of transactions that must be reported by those legally bound (settlement and clearing agents; private exchanges are not being comprised as those obliged to).

In Argentina there is no legislation that prohibits financial entities from having, trading, or exchanging cryptocurrencies as intermediaries.


The first cryptocurrency regulation in Brazil officially became effective on May 3, 2019. This is the Normative Instruction of Federal Income 1.888 later amended by the Normative Instruction 1889 of July 2019, which provided that each brokerage firm that trades cryptocurrency, whether Bitcoins or any Altcoin, shall have the obligation to inform the tax authorities of the data of all the transactions of its customers.

The use of cryptocurrency and Blockchain technology in Brazil, still represents an intense debate between the government and society. In this respect, the Bill 2303 of 2015 is still under analysis and many court decisions had been issued with various criteria related to these subject matters.


One of the latest developments in the Fintech Law bill is the introduction of crypto assets within the definition of financial instruments. The text defines them as the digital representation of exchange units of money, goods, or services.

Even though until now, no regulation in Chile prohibits these digital assets, there is no direct regulation for them, and such are not yet backed by banks or public entities.


Although it is true that the Colombian Congress has not fully regulated Crypto assets and Cryptocurrencies, there are some regulations that grant some tax benefits to companies dedicated to the development of technological added value – i.e. the Law 1943 of 2018 –. Various bills have been filed with the purpose of providing a regulation on the subject-matter as it is the case of number 139 of 2021, that is currently in the Sixth Commission or of Transportation and Communications of the House of Representatives of the Congress of the Republic of Colombia. It has the purpose of “… defining the general aspects of the operation and functioning of the Services Providers of Crypto assets Exchange in the Colombian territory through the Crypto assets Exchange Platforms (CEP).”

Entities such as the Bank of the Republic – as the highest authority on monetary and exchange policy in Colombia –, the FSC, the Superintendency of Companies, and the National Tax and Customs Directorate (NTCD) have addressed these subject- matters through concepts or circulars.

According to the FSC, in Circular Letter 29 of 2014, the FSC recalled that virtual currencies are not regulated by law, nor are they subject to the control, surveillance and inspection of the Financial Superintendence of Colombia. And in another instrument, the Circular Letter 52 of 2017, it stated that financial entities “are not authorized to guard, invest, broker, or operate with these instruments, and shall not allow the use of their platforms to conduct operations with virtual currencies.”

Additionally, the Bank of the Republic has indicated through Concept 20348 of 2016 that crypto assets are not considered currencies and do not have the back-up of the Central Bank; therefore banks are not allowed to make transactions with cryptocurrencies. In contrast, the National Tax and Customs Directorate has issued concepts that allow to conclude that crypto assets “are legal assets within Colombian territory”. However, if income is received – for example derived from crypto-asset mining – in the form of services and commissions, these must be accounted for as income and as income and property tax generating events. Likewise, they have been considered as share capital contributions.

E L      S A L V A D O R

El Salvador is the first country in the world to adopt a crypto asset such as Bitcoin as legal tender, consequently, the following regulatory bodies have been issued:

  • Bitcoin Law, approved by Legislative Decree number 57 of June 8, 2021, which was published in the Official Gazette number 110 Volume 431 dated June 9,
  • Executive Decree number 27 dated August 27, 2021, published in the Official Gazette 163 Volume 432, containing the Regulation of the Bitcoin Law.
  • Technical Standards to facilitate the application of the Bitcoin Law, issued by the Central Reserve Bank on August 17, 2021.


The Fintech Law regulates operations with virtual assets, understood as representations of value registered electronically and used by the public as a means of payment for all types of legal acts, and whose transfer can only be made through electronic means.

Financial Technology Institutions can only operate with virtual assets authorized by the Bank of Mexico in accordance with the afore-mentioned circular.

Is there a specific entity responsible for monitoring compliance with Fintech regulations?


Currently, there is no special and specific authority or agency for the supervision of Fintech companies. Nonetheless, different control authorities such as the Central Bank of the Argentine Republic, the National Securities Commission or the Financial Information Unit are responsible for ensuring compliance with certain regulations that are applicable to these companies depending on the type of business and legal structure involved.


Oversight on compliance with regulations applicable to Fintech companies is conducted by the Central Bank of Brazil (CBB), the National Monetary Council (NMC), the Transferable Securities Council (TSC), the Federal Reserve Authority and the National Data Protection Authority of Data (NDPA).


The Fintech Law bill provides that the Financial Market Commission (FMC) is the entity responsible of supervising compliance with those regulations in Chile.

The FMC is a decentralized public service, of a technical nature, endowed with legal standing and its own assets, which is regulated by Law 21,000. Its main purpose is to ensure the proper functioning, development, and stability of the financial market. Among its duties, it shall supervise that certain individuals or entities that operate in the financial market, comply with the laws, regulations, statutes and other provisions governing them.


The Financial Superintendence of Colombia (FSC), as a technical authority attached to the Ministry of Finance and Public Credit, is the highest inspection, control and surveillance authority over those conducting financial, stock market or insurance activities and any other related to the management, use or investment of resources raised from the public. Its purposes are to supervise the Colombian financial system and ensure its stability, security, and trust, among others.

In light of the above, if the respective Fintech conducts any of these activities, it will be subject to the oversight and control of the FSC. In some cases, although the company is not an entity subject to the monitoring of the FSC, there may be provisions within the BLC regulating its activity, as in the case of payment gateways.

E L      S A L V A D O R

The Financial System Superintendency (FSS), the Central Reserve Bank (CRB), the Commercial Obligations Superintendency (COS), the Consumer Protection Agency, and the Financial Unit of the Attorney General’s Office are the entities in charge of ensuring compliance with the applicable regulations.


The oversight and compliance with the Fintech Law and of provisions deriving from it, correspond to the Ministry of Finance and Public Credit, the National Banking and Securities Commission, and the Bank of Mexico.