Panama -- AML/CFT Compliance Regulatory Overview

**Law 23 of April 27, 2015 (Ley 23 de 27 de abril de 2015):** This is the foundational AML/CFT law in Panama. It adopted measures to prevent money laundering, financing of terrorism, and financing of the proliferation of weapons of mass destruction. It established the Financial Analysis Unit (UAF) and defined "obligated subjects" (sujetos obligados), which, through subsequent interpretations and amendments, have come to include VASPs. This law sets general obligations for customer due diligence, suspicious transaction reporting, and record-keeping.

**Executive Decree 44 of April 15, 2016 (Decreto Ejecutivo N° 44 de 15 de abril de 2016):** This decree complements Law 23, providing detailed regulations for its application, including specific procedures for due diligence, risk assessment, and internal controls for obligated subjects.

**Law 1 of January 5, 2024 (Ley No. 1 de 5 de enero de 2024):** This is the most crucial and recent piece of legislation specifically for virtual assets. It amends Law 23 of 2015 and other related laws to define virtual assets and virtual asset service providers (VASPs), establish a licensing and supervision regime, and explicitly subject VASPs to AML/CFT obligations under the supervision of the Superintendency of Banks of Panama (SBP). This law ensures Panama's compliance with FATF Recommendation 15 on new technologies and VASPs.

**Superintendencia de Bancos de Panamá (SBP) - Superintendency of Banks of Panama:**

**Role:** With the enactment of Law 1 of 2024, the SBP is now the primary regulatory and supervisory authority responsible for the licensing, authorization, and oversight of VASPs in Panama. This includes ensuring their compliance with AML/CFT requirements, operational standards, and consumer protection.

**Unidad de Análisis Financiero (UAF) - Financial Analysis Unit of Panama:**

**Role:** The UAF is Panama's Financial Intelligence Unit (FIU). It is responsible for receiving, analyzing, and disseminating suspicious transaction reports (STRs) and other relevant financial intelligence to combat money laundering, terrorism financing, and the financing of the proliferation of weapons of mass destruction. VASPs, as obligated subjects, must report suspicious activities directly to the UAF.

**For Individuals:** Obtaining and verifying the identity of the customer and beneficial owner (if different from the customer) using reliable, independent source documents, data, or information (e.g., government-issued ID, passport, proof of address).

**For Legal Entities/Arrangements:** Obtaining and verifying the legal name, legal form, proof of existence, powers that regulate and bind the entity, names of relevant persons (directors, partners), and the identity of beneficial owners (those ultimately owning or controlling more than a specified percentage, typically 10% or 25%).

**Understanding the Purpose and Nature of the Business Relationship:** Gathering information on the customer's financial activities, expected transaction types, and the source of funds/wealth.

**Ongoing Monitoring:** Continuously monitoring the business relationship and transactions to ensure consistency with the VASP's knowledge of the customer, their business, and risk profile. This includes scrutinizing complex, unusual large transactions, and all unusual patterns of transactions that have no apparent economic or lawful purpose.

**Enhanced Due Diligence (EDD):** Applying EDD measures for high-risk customers, business relationships, or transactions, which include:

Politically Exposed Persons (PEPs) and their family members and close associates.

Customers from high-risk jurisdictions identified by FATF or local authorities.

Transactions involving new or developing technologies that might favor anonymity.

Obtaining additional information on the customer, beneficial owner, source of funds/wealth, and reasons for intended transactions.

Obtaining senior management approval for establishing or continuing high-risk relationships.

**Simplified Due Diligence (SDD):** Permitted in clearly defined low-risk scenarios, provided there is sufficient information to justify such an approach.

**Obligation to Report:** VASPs are legally obligated to report any suspicious transaction or activity to the UAF, regardless of the amount. A transaction is suspicious if the VASP has reasonable grounds to suspect that it may be related to money laundering, terrorism financing, or other illicit activities.

**No Tipping-Off:** VASPs, their employees, and officers are prohibited from disclosing to the customer or any third party that an STR has been or will be submitted.

**Content of Report:** STRs must include all relevant information available to the VASP, such as customer identification details, transaction specifics, and the grounds for suspicion.

**Duration:** Records must typically be kept for at least **five (5) years** after the business relationship has ended or after the date of the transaction.

All customer identification and verification data obtained through CDD/EDD processes.

Transaction records, including the amount, currency, date, and parties involved (including "Travel Rule" information for virtual asset transfers).

Records of analysis undertaken for suspicious transactions.

Internal policies, procedures, and training materials.

**Risk Assessment:** Conducting a comprehensive risk assessment of their business, customers, products, services, and geographical areas of operation to identify, assess, and understand their ML/TF risks.

**Designated Compliance Officer:** Appointing a qualified AML/CFT compliance officer at a senior management level, responsible for overseeing the implementation and effectiveness of the AML/CFT program.

**Internal Policies and Procedures:** Developing and implementing clear internal policies, procedures, and controls to mitigate identified risks and ensure compliance with AML/CFT obligations.

**Training:** Providing regular and ongoing AML/CFT training to all relevant employees to ensure they understand their obligations and can identify and report suspicious activities.

**Independent Audit:** Establishing an independent audit function to periodically test the effectiveness of the AML/CFT program.

**"Travel Rule" Compliance:** As per FATF recommendations, VASPs must transmit required originator and beneficiary information (name, account number, physical address, national ID number, customer ID number, date and place of birth, etc.) for virtual asset transfers above a certain threshold (typically equivalent to USD 1,000) to the beneficiary VASP, and vice versa.

**Classification of Stablecoins (E-money/Payment Tokens/Securities):**

**No explicit classification:** Due to the lack of specific stablecoin legislation, Panama has not explicitly classified stablecoins as e-money, payment tokens, or securities under a dedicated framework.

**Potential interpretation under existing laws:**

**E-money/Payment Tokens:** If a stablecoin is pegged to a fiat currency (e.g., USD) and primarily functions as a means of payment or value transfer, it *could* potentially be interpreted as an electronic payment instrument or a form of e-money, bringing it under the purview of the **Superintendencia de Bancos de Panamá (SBP)**, which regulates banks and financial institutions. This would necessitate compliance with existing banking and payment services regulations.

**Securities:** If a stablecoin's structure involves an expectation of profit from the efforts of others (e.g., through staking rewards, a share in the issuer's profits, or specific investment features), or if it represents an ownership interest in a pool of assets, it *could* be classified as a security. In such cases, the **Superintendencia del Mercado de Valores (SMV)** would likely assert jurisdiction, requiring compliance with securities laws.

**Commodity/Other:** If a stablecoin is backed by a commodity or has other unique characteristics, its classification would be assessed on a case-by-case basis.

**No specific stablecoin reserve requirements:** As there is no dedicated stablecoin regulation, there are no specific reserve requirements for stablecoin issuers.

**Potential requirements if classified otherwise:** If a stablecoin issuer were to be classified as a bank, e-money issuer, or financial entity under the SBP's jurisdiction, then the existing capital, liquidity, and reserve requirements for those regulated entities would apply. This would typically involve holding sufficient liquid assets (fiat currency, government bonds) to cover liabilities.

**No specific stablecoin issuer license:** Panama does not have a specific license for stablecoin issuers.

**Potential licensing if classified otherwise:**

If the stablecoin activity is deemed banking or e-money issuance, the entity would likely need a banking or financial services license from the **Superintendencia de Bancos de Panamá (SBP)**. Obtaining such a license is a rigorous and lengthy process.

If the stablecoin is deemed a security, the issuer and any platforms facilitating its trading would need to comply with the licensing requirements of the **Superintendencia del Mercado de Valores (SMV)** for securities issuers, brokers, or exchanges.

**AML/CFT Registration:** All entities dealing with financial transactions, including those potentially involving crypto assets, are subject to the **Financial Analysis Unit (UAF - Unidad de Análisis Financiero)** regulations regarding AML/CFT. Even in the absence of a specific crypto license, entities involved in facilitating crypto transactions would need to comply with reporting obligations.

**No explicit stablecoin redemption rights legislation:** There are no specific laws in Panama mandating redemption rights for stablecoin holders.

**Reliance on general contract law/terms of service:** Redemption rights would primarily be governed by the terms and conditions set forth by the stablecoin issuer and the smart contract (if applicable). General consumer protection laws or contract law could provide a basis for disputes, but a specific framework for stablecoins is absent.

**None:** Given the lack of a basic regulatory framework for even fiat-backed stablecoins, there are no specific rules or prohibitions regarding algorithmic stablecoins in Panama. Such assets would likely face even greater scrutiny if they were to achieve significant traction, given their inherent volatility risks.

**Exploration Phase:** Panama's central bank (National Bank of Panama - BNP) has publicly indicated an interest in exploring Central Bank Digital Currencies (CBDCs), but it is primarily in the research and study phase. There are no concrete plans for issuance or specific policies on how a Panamanian CBDC would interact with private stablecoins.

Currently, there is no direct regulatory interaction or framework defined for private stablecoins in relation to a potential Panamanian CBDC, as the latter is still conceptual.

**Ley No. 697 de 2022 (Vetoed in part):** This law attempted to establish a comprehensive framework for crypto assets. While ultimately vetoed in significant parts, it represents the most direct legislative effort concerning cryptocurrencies.

*Reference:* Gaceta Oficial Digital, No. 29541-A (May 2022). (Finding a direct official URL for the fully passed and vetoed version can be challenging due to the dynamic nature; often news sources provide summaries.)

*Example News/Analysis of the Veto:*

Panama's Presidency Veto Statement (Spanish): Search "Comunicado de Prensa de la Presidencia de la República de Panamá Veto Ley de Criptoactivos" (Specific URL may vary).

**Superintendencia de Bancos de Panamá (SBP):**

Regulates banking and financial institutions. Relevant if stablecoins are deemed e-money or deposit-like.

**Superintendencia del Mercado de Valores (SMV):**

Regulates securities markets. Relevant if stablecoins are deemed securities.

**Unidad de Análisis Financiero (UAF):**

Panama's Financial Intelligence Unit, responsible for AML/CFT regulations and reporting. All financial sector participants must comply.

**FATF (Financial Action Task Force):** Panama's ongoing efforts to comply with FATF recommendations heavily influence its approach to financial regulation, particularly concerning new technologies like crypto assets.