Chile -- Custody Regulations Regulatory Overview

Chile has made significant progress in regulating cryptocurrency and digital asset services, including custody, with the enactment of its Fintech Law (Ley N° 21.521). This law, officially titled "Ley N° 21.521 que Promueve la Competencia e Inclusión Financiera a través de la Innovación y Tecnología en la Prestación de Servicios Financieros" (Law No. 21,521 that Promotes Competition and Financial Inclusion through Innovation and Technology in the Provision of Financial Services), was published on January 16, 2023.

The Ley Fintech establishes a regulatory framework for various financial services provided through technological means, including those related to "Virtual Assets" (Activos Virtuales) and "Virtual Asset Service Providers" (Proveedores de Servicios sobre Activos Virtuales - VASP). Custody of virtual assets is explicitly recognized as a regulated service.

It's crucial to note that while the Ley Fintech provides the overarching legal framework, many of the specific operational details and requirements are being developed and issued through secondary regulations (reglamentos y normas de carácter general) by the Financial Market Commission (CMF - Comisión para el Mercado Financiero) and the Central Bank.

Here's a breakdown based on your request:

1. Custodial License Requirements

• Regulation: Ley N° 21.521, Title II, Articles 4-22.
• Requirements: Any entity intending to provide virtual asset custody services in Chile must register with the Financial Market Commission (CMF) as a Virtual Asset Service Provider (VASP).
  • Authorization and Registration: Providers of virtual asset services, including custody, must obtain authorization and be registered with the CMF.
  • Corporate Governance: Robust corporate governance structures are required.
  • Risk Management: Implement comprehensive risk management policies, including operational, technological, and cybersecurity risks.
  • Capital Requirements: Meet minimum capital requirements, which will be specified in the CMF's secondary regulations.
  • Operational Requirements: Adhere to operational standards ensuring the security and integrity of services.
  • Technology and Cybersecurity: Implement strong cybersecurity measures and IT infrastructure to protect client assets and data.
  • Anti-Money Laundering (AML) / Counter-Terrorist Financing (CTF): Comply with existing AML/CTF regulations, aligned with FATF recommendations, which are enforced by the Financial Analysis Unit (UAF) in Chile.
• Reference:
  • Ley N° 21.521: https://www.bcn.cl/leychile/navegar?idNorma=1189025 (Official source: Biblioteca del Congreso Nacional de Chile)
  • CMF Fintech Law Information: https://www.cmfchile.cl/portal/principal/605/w3-propertyvalue-8594.html

2. Segregation of Client Assets Rules

• Regulation: Ley N° 21.521, Article 19.
• Requirements: The Ley Fintech explicitly mandates the segregation of client assets from the VASP's own assets.
  • Prohibition of Commingling: Entities providing custody services for virtual assets are prohibited from mixing client assets with their own proprietary assets.
  • Identification: Client assets must be clearly identified as belonging to clients and separated from the VASP's balance sheet.
  • Protection in Insolvency: This segregation aims to protect client assets in case of the VASP's insolvency or bankruptcy.
  • Specifics: The detailed operational rules for segregation will be further developed in the CMF's secondary regulations.
• Reference:
  • Ley N° 21.521, Article 19: https://www.bcn.cl/leychile/navegar?idNorma=1189025

3. Insurance/Bonding Requirements

• Regulation: Ley N° 21.521, Article 18.
• Requirements: While the Ley Fintech does not explicitly mandate "insurance" in the traditional sense for all services, it does establish requirements for guarantees and own capital for regulated entities.
  • Capital and Guarantees: Regulated entities, including VASPs offering custody, must maintain adequate own capital and provide guarantees to back their operations and cover potential liabilities. These requirements are intended to protect clients and ensure the stability of the service provider.
  • Risk Mitigation: The amount and type of capital and guarantees will be determined by the CMF through secondary regulations, taking into account the specific risks associated with each service, including the custody of virtual assets.
• Reference:
  • Ley N° 21.521, Article 18: https://www.bcn.cl/leychile/navegar?idNorma=1189025

4. Cold Storage Mandates

• Regulation: Ley N° 21.521, Article 16 (General principles), and anticipated secondary regulations.
• Requirements: The Ley Fintech does not explicitly mandate "cold storage" as a specific technical requirement in the primary law. However, it establishes a strong emphasis on cybersecurity, operational security, and robust risk management.
  • Cybersecurity and IT Infrastructure: VASPs are required to implement adequate cybersecurity policies, procedures, and IT infrastructure to ensure the integrity, confidentiality, and availability of information and the security of client assets.
  • Risk Management: Comprehensive risk management frameworks must address all relevant risks, including those related to the storage and security of virtual assets.
  • Expected in Secondary Regulations: It is highly anticipated that the CMF's secondary technical norms will include detailed requirements regarding the secure storage of virtual assets, which would implicitly or explicitly lead to the adoption of best practices like cold storage for a significant portion of assets, multi-signature wallets, hardware security modules (HSMs), and robust key management practices.
• Reference:
  • Ley N° 21.521, Article 16: https://www.bcn.cl/leychile/navegar?idNorma=1189025

5. Qualified Custodian Definitions

• Regulation: Ley N° 21.521, Article 3 (Definitions) and Article 4 (Regulated Entities).
• Definition: The Ley Fintech defines "Activo Virtual" (Virtual Asset) as "any digital representation of value or rights that can be digitally transferred, stored, or traded, and used for payment or investment purposes, excluding fiat currency, securities, and other financial instruments already regulated by the CMF."
  • It defines "Proveedor de Servicios sobre Activos Virtuales" (Virtual Asset Service Provider - VASP) as any natural or legal person that, in the course of business, performs one or more of the following activities for or on behalf of another natural or legal person: exchange between virtual assets and fiat currencies, exchange between one or more forms of virtual assets, transfer of virtual assets, custody and/or administration of virtual assets or instruments enabling control over virtual assets, and participation in and provision of financial services related to an issuer's offer and/or sale of a virtual asset.
• "Qualified Custodian": In the Chilean context, a "qualified custodian" for digital assets would be an entity that has obtained authorization and is registered with the CMF as a VASP providing custody services, and that complies with all the requirements established by the Ley Fintech and its forthcoming secondary regulations.
• Reference:
  • Ley N° 21.521, Articles 3 and 4: https://www.bcn.cl/leychile/navegar?idNorma=1189025

6. Any Pending Custody Legislation

• Current Status: The Ley Fintech (N° 21.521) is already enacted and in force. This is the foundational law for crypto custody regulation.
• Pending Regulations: The primary pending "legislation" (in the sense of detailed rules) are the secondary regulations (reglamentos, normas de carácter general) that the CMF is actively developing and issuing to implement the Ley Fintech. These regulations will provide the specific operational, technical, and prudential requirements, including those for virtual asset custody.
  • The CMF has been conducting public consultations on various aspects of the Ley Fintech. For example, in late 2023 and early 2024, it has been working on regulations for open finance, payment interfaces, and the general framework for financial innovation. Specific norms for VASPs and virtual asset custody are part of this ongoing process.
  • Impact: These secondary regulations will detail aspects such as precise capital adequacy, cybersecurity standards (which will likely address secure storage practices), outsourcing rules, governance, and specific reporting requirements for VASPs.
• Monitoring Progress: Stakeholders interested in the detailed custody requirements should closely monitor the CMF's official website for updates on these regulations and public consultation processes.
• Reference:
  • CMF Fintech Law Information (will be updated with new regulations): https://www.cmfchile.cl/portal/principal/605/w3-propertyvalue-8594.html

In summary, Chile has established a clear legal basis for regulating cryptocurrency custody through its Ley Fintech. While the framework is in place, the practical, detailed implementation rules are still being developed by the CMF, making it a dynamic regulatory environment.