Peru -- AML/CFT Compliance Regulatory Overview

**Ley N° 27693 - Ley que crea la Unidad de Inteligencia Financiera del Perú (UIF-Perú) y modifica la Ley N° 26702, Ley General del Sistema Financiero y del Sistema de Seguros y Orgánica de la Superintendencia de Banca y Seguros:**

This is the foundational law establishing the Financial Intelligence Unit of Peru (UIF-Perú) and giving it powers to combat money laundering and terrorist financing.

*Date:* Enacted April 12, 2002 (with subsequent modifications).

**Decreto Supremo N° 020-2017-JUS - Reglamento de la Ley N° 27693, Ley que crea la Unidad de Inteligencia Financiera del Perú:**

This Supreme Decree provides the detailed regulations for implementing Law N° 27693, specifying the obligations of obliged entities, reporting mechanisms, and other operational aspects of the AML/CFT regime.

*Date:* Enacted August 24, 2017.

**Resolución SBS N° 893-2019 (and its preceding/subsequent modifications):**

**This is the key resolution that explicitly designates Virtual Asset Service Providers (VASPs) as obliged entities.** It modifies the General Regulations for Risk Management of Money Laundering and Terrorism Financing, issued by the Superintendencia de Banca, Seguros y AFP (SBS). This resolution aligns Peru's framework with the Financial Action Task Force (FATF) Recommendations, particularly Recommendation 15 (R.15) and its Interpretive Note, which mandate the regulation of VASPs.

*Date:* Enacted March 1, 2019 (modifying prior regulations).

**What it means for VASPs:** VASPs are now required to implement an AML/CFT compliance program, appoint a compliance officer, and report to the UIF-Perú.

**FATF Recommendations:** As a member of the Financial Action Task Force of Latin America (GAFILAT/FATF-LAC), Peru is committed to implementing the FATF Recommendations. FATF Recommendation 15 specifically calls for countries to regulate and supervise VASPs for AML/CFT purposes, and to apply the FATF standards to them. Peru's regulatory moves reflect this commitment.

**Individuals:** Obtain and verify identity using reliable independent source documents (e.g., national ID, passport). This includes full name, date of birth, place of birth, nationality, address, and national identification number.

**Legal Entities:** Obtain and verify legal name, legal form, address of main place of business, names of directors/partners, legal representative, and evidence of legal existence (e.g., articles of incorporation, business registration).

**Beneficial Ownership:** Identify and verify the natural person(s) who ultimately own or control the customer, or on whose behalf a transaction is being conducted.

**Purpose and Intended Nature of Business Relationship:** Understand the customer's activities and the intended purpose and nature of the business relationship or transaction.

**Ongoing Monitoring:** Continuously monitor the business relationship and transactions to ensure they are consistent with the VASP's knowledge of the customer, their business, and risk profile. This includes monitoring for unusual or suspicious transaction patterns.

**Simplified CDD:** May be applied in situations of lower risk, provided the VASP has sufficient information to determine that the risk is low.

**Enhanced Due Diligence (EDD):** Required for higher-risk customers, business relationships, or transactions. This includes:

Politically Exposed Persons (PEPs) and their family members/close associates.

Transactions involving significant amounts of virtual assets.

Transactions with unusual patterns or no apparent economic or lawful purpose.

Collecting additional information on the customer, beneficial owner, source of funds/wealth, and the reasons for the intended transactions.

Obtaining senior management approval for establishing or continuing relationships with such customers.

**Reporting Threshold:** There is no minimum transaction amount for reporting suspicious activities. Any transaction or attempted transaction, regardless of value, that a VASP suspects to be linked to money laundering or terrorist financing must be reported.

**What to Report:** Any funds, virtual assets, or activities that are suspected of being derived from criminal activity or intended for the financing of terrorism. This includes unusual or illogical transactions, inconsistencies in customer information, or refusal to provide requested information.

**Reporting Mechanism:** Reports must be submitted electronically to the UIF-Perú through their secure reporting system.

**Timeliness:** STRs must be filed promptly, typically within a few days of detecting the suspicious activity, and in some urgent cases, immediately.

**No Tipping-Off:** VASPs and their employees are strictly prohibited from disclosing to the customer or any third party that a STR has been filed or that an investigation is underway.

**Customer Identification Records:** All documents and information obtained during the CDD process (identification documents, beneficial ownership information, business purpose).

**Transaction Records:** Details of all virtual asset transactions, including dates, types of virtual assets, amounts, parties involved (originator and beneficiary information), virtual asset addresses, and payment instructions.

**Records of Analysis:** All internal reports, analysis, and supporting documents related to suspicious activity, and the decision-making process for filing (or not filing) an STR.

**Duration:** These records must generally be kept for a minimum period of **five (5) years** after the business relationship has ended or after the date of the transaction.

**Unidad de Inteligencia Financiera del Perú (UIF-Perú):**

The UIF-Perú is part of the **Superintendencia de Banca, Seguros y Administradoras Privadas de Fondos de Pensiones (SBS)**.

The SBS is the regulatory and supervisory body of the financial, insurance, and private pension fund systems in Peru. The UIF-Perú operates within the SBS to receive, analyze, and disseminate financial intelligence to combat ML/TF.

**Official Website (SBS, which houses UIF-Perú):** https://www.sbs.gob.pe/

**No Specific Crypto Custody Law:** Peru does not have a specific law or regulation defining or governing digital asset custody as a distinct financial service with its own licensing or operational requirements.

**Focus on AML/CFT:** The main regulatory intervention concerning cryptocurrencies comes from the Superintendency of Banking, Insurance and Private Pension Fund Administrators (SBS) through its Financial Intelligence Unit (UIF), primarily focused on preventing money laundering and terrorist financing.

**Central Bank Stance:** The Central Reserve Bank of Peru (BCRP) has consistently stated that cryptocurrencies are not legal tender, are volatile, and carry significant risks, discouraging their use by regulated financial entities.

**No Dedicated Custody License:** There is no specific "custodial license" for digital assets in Peru.

**VASP Registration for AML/CFT:** However, entities that offer virtual asset services, including custody, are considered Virtual Asset Service Providers (VASPs) under Peruvian AML/CFT regulations and must comply with registration and reporting obligations.

**Regulation:** **Resolution SBS N° 00194-2020** (amending Resolution SBS N° 789-2018 and Resolution SBS N° 070-2017) defines VASPs and requires them to register with the UIF-Peru and implement AML/CFT measures. This includes:

Customer Due Diligence (CDD) procedures.

Reporting of suspicious transactions (STRs) to the UIF.

Implementing risk management systems for ML/TF.

**Resolution SBS N° 00194-2020:** Modifica el Reglamento de Gestión de Riesgos de Lavado de Activos y Financiamiento del Terrorismo y otros. (Amends the Regulation of Risk Management of Money Laundering and Terrorism Financing and others).

**UIF-Peru Website:** Provides general information on ML/TF prevention and reporting entities. https://www.sbs.gob.pe/uif

**No Specific Mandates:** There are no explicit regulatory mandates in Peru specifically requiring the segregation of client digital assets from the custodian's operational assets for non-bank entities.

**Best Practice vs. Regulation:** While industry best practices strongly recommend asset segregation for security and to protect client funds in case of custodian insolvency, this is not a legal requirement for crypto custodians in Peru.

**Traditional Finance:** In traditional finance, regulated entities (banks, broker-dealers) are subject to strict asset segregation rules. However, traditional financial institutions in Peru are largely discouraged from dealing with crypto assets, so these rules do not extend to crypto.

**No Specific Mandates:** There are no specific regulatory requirements for insurance or bonding for cryptocurrency custodians in Peru.

**Risk Mitigation:** Custodians operate without a regulatory safety net in this regard, meaning clients bear the full risk of loss due to hacks, operational failures, or insolvency.

**No Regulatory Mandates:** Peruvian regulations do not mandate the use of cold storage (offline storage of private keys) for digital assets.

**Industry Best Practice:** Cold storage is widely recognized as a critical security measure in the crypto industry to protect against cyber theft, and reputable custodians typically employ it. However, it's not a legal requirement.

**No Definition:** There is no specific regulatory definition of a "qualified custodian" for digital assets in Peru.

**Traditional Context:** In other jurisdictions (e.g., the U.S. under SEC rules), a "qualified custodian" typically refers to a regulated bank, trust company, or broker-dealer that meets certain capital, audit, and operational requirements. Since regulated financial institutions in Peru are largely outside the crypto space, this concept has not been applied to digital assets.

**Ongoing Discussions:** There have been several legislative initiatives in the Peruvian Congress aiming to regulate digital assets and fintech.

**Proyecto de Ley (Draft Law) N° 1083/2021-CR and subsequent similar projects:** This particular project, among others, has sought to create a legal framework for crypto assets, including potential provisions for licensing, consumer protection, and operational requirements for VASPs. While it hasn't passed, it indicates an interest in formalizing regulation.

*Status:* These projects are often debated, amended, and can sometimes stall or be replaced by new initiatives. As of late 2023/early 2024, no comprehensive framework has been enacted into law.

**Peruvian Congress Website:** https://www.congreso.gob.pe/ (Navigate to "Leyes y Proyectos de Ley").

**UN Sanctions:** As a member state of the United Nations, Peru is obligated to implement sanctions imposed by the UN Security Council. These resolutions are binding and typically target individuals, entities, and regimes involved in terrorism, proliferation of weapons of mass destruction, and other threats to international peace and security.

**Compliance Requirement:** VASPs in Peru must screen their users, transactions, and wallets against the UN Consolidated Sanctions List.

**Legal Reference:** UN Security Council Resolutions (e.g., various resolutions under Chapters VI and VII of the UN Charter). While Peru incorporates these into its legal framework, the direct legal mandate comes from its UN membership.

**UN Security Council Consolidated List:** https://www.un.org/securitycouncil/content/un-sc-consolidated-list

**OFAC Sanctions (U.S. Department of the Treasury's Office of Foreign Assets Control):** OFAC sanctions have a broad extraterritorial reach, particularly for any entity or individual that uses the U.S. financial system, transacts in U.S. dollars, or has any U.S. nexus. Even if a VASP in Peru doesn't directly operate in the U.S., engaging in transactions with OFAC-sanctioned individuals, entities, or jurisdictions can lead to secondary sanctions, blocking of funds, and severe penalties.

**Compliance Requirement:** VASPs in Peru handling international transactions, especially those involving USD or U.S. persons/entities, are strongly advised to screen against OFAC's Specially Designated Nationals and Blocked Persons (SDN) List and other OFAC sanctions lists.

**Legal Reference:** U.S. federal laws and Executive Orders.

**EU Sanctions (European Union):** Similar to OFAC, EU sanctions are legally binding on EU member states and apply to EU persons and entities worldwide. For VASPs in Peru that have any connection to the EU (e.g., serving EU citizens, having EU partners, using EU-based service providers), compliance with EU sanctions is essential to avoid reputational damage, financial penalties, and disruption of services.

**Compliance Requirement:** VASPs with an EU nexus should screen against the EU Consolidated List of persons, groups, and entities subject to financial sanctions.

**Legal Reference:** Various EU Regulations and Decisions.

**EU Sanctions Map (Consolidated List):** https://www.sanctionsmap.eu/#/main

**FATF Recommendations for VASPs:** While not a sanctions list directly, the FATF sets the global standards for AML/CFT, including specific guidance for virtual assets and VASPs. Peru is a member of the FATF-style regional body (GAFILAT) and generally adheres to FATF recommendations.

**FATF Recommendation 15** specifically states that countries should regulate VASPs for AML/CFT purposes, subjecting them to all relevant FATF recommendations, including customer due diligence (CDD), record-keeping, and suspicious transaction reporting (STR/SAR).

**Implication for Sanctions Compliance:** This means that even without explicit Peruvian crypto legislation, the UIF-Perú expects VASPs to implement robust AML/CFT controls, which inherently include sanctions screening, as part of a risk-based approach to prevent money laundering and terrorism financing.

**FATF Standards - International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation:** https://www.fatf-gafi.org/publications/fatfrecommendations/documents/fatf-recommendations.html

**Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers (FATF, March 2021):** https://www.fatf-gafi.org/publications/fatfrecommendations/documents/guidance-rba-virtual-assets-2021.html

**Ley N° 30367 - Ley que protege al denunciante de actos de corrupción y sanciona el lavado de activos y el financiamiento del terrorismo (Law that protects the whistleblower of acts of corruption and sanctions money laundering and terrorism financing):** This is the principal law against money laundering and terrorism financing in Peru. While it doesn't explicitly list "VASPs," it defines "obligated parties" (sujetos obligados) to include a wide range of financial and non-financial entities.

**UIF-Perú's Stance:** The UIF-Perú, as the implementing authority, expects all entities engaging in financial transactions that could be susceptible to ML/TF risks to have appropriate controls, including sanctions screening. The absence of specific crypto legislation does not exempt entities from these broader AML/CFT obligations, especially given the high inherent risk associated with virtual assets.

**Resolution SBS N° 789-2018:** This resolution approves the "Regulation for the Management of the Risk of Money Laundering and Financing of Terrorism," which is broad and applies to obligated parties under SBS supervision. It references FATF standards and the need to address new technologies and financial products. This provides the framework for applying AML/CFT measures, including sanctions compliance, even to newer unregulated sectors where risk is identified.

**Ley N° 30367:** Available on official Peruvian government legal portals (e.g., El Peruano).

**Resolution SBS N° 789-2018:** Available on the SBS website: https://www.sbs.gob.pe/normativa/normas-generales (search for the resolution number).

**Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD):** VASPs are expected to conduct CDD on all customers, including identity verification, and to apply EDD for higher-risk customers or transactions. Sanctions screening is a critical component of CDD/EDD.

**Transaction Monitoring:** Continuous monitoring of transactions for unusual patterns, including those involving sanctioned jurisdictions or potentially sanctioned individuals/entities, is essential.

**Source of Funds/Wealth:** For large or suspicious transactions, VASPs should seek to understand the source of the virtual assets or funds.

OFAC Specially Designated Nationals (SDN) List and other relevant OFAC lists.

Any other relevant national or international lists identified through a comprehensive risk assessment.

**Automated Screening Solutions:** Due to the volume and dynamic nature of sanctions lists, VASPs are expected to utilize robust, frequently updated automated screening software to check against these lists in real-time or near real-time, both at onboarding and throughout the customer lifecycle.

**Prohibit Transactions with Sanctioned Jurisdictions:** Avoid engaging in any transactions directly or indirectly involving individuals, entities, or governments in countries subject to comprehensive sanctions (e.g., Cuba, Iran, North Korea, Syria, certain regions of Ukraine).

**Implement IP Blocking and Geofencing:** While not always foolproof, using technological measures to restrict access to services from sanctioned geographies is a best practice.

**Exercise Caution with High-Risk Jurisdictions:** Beyond officially sanctioned countries, VASPs should apply enhanced scrutiny to transactions involving jurisdictions identified as high-risk for ML/TF by FATF or other international bodies.

**Ley N° 30367 (Money Laundering and Terrorism Financing Law):**

**Imprisonment:** Individuals found guilty of money laundering or financing terrorism can face significant prison sentences, often ranging from **8 to 15 years**, and even higher for aggravated circumstances.

**Fines:** Substantial fines are also imposed, often calculated as multiples of the amount laundered or involved in the illicit activity.

**Fines:** The UIF-Perú, under the SBS, has the power to impose administrative fines on obligated parties (and potentially entities acting as VASPs due to the broad interpretation) for non-compliance with AML/CFT regulations, even if no actual money laundering or terrorism financing occurred. These fines can be significant.

**Reputational Damage:** Non-compliance can lead to severe reputational damage, loss of business, and difficulty in accessing traditional financial services.

**Interruption of Operations:** In extreme cases, authorities could order the cessation of operations.

**Secondary Sanctions (for OFAC/EU violations):** While not direct Peruvian penalties, the consequences of failing to comply with OFAC or EU sanctions can be devastating for a Peruvian VASP:

Prohibition from engaging with the U.S. or EU financial systems.

Inability to conduct transactions in USD or EUR.

Inclusion on sanctions lists itself.

**OFAC Specially Designated Nationals (SDN) List and other OFAC lists.**

**No Specific Legal Classification:** Currently, Peru **does not have a specific legal classification** for stablecoins as e-money, payment tokens, or securities.

Peru has a **Ley de Dinero Electrónico (Law No. 29985)** and its regulations (Decreto Supremo No. 003-2015-EF) which govern electronic money. However, stablecoins are generally **not classified as e-money** under this law because e-money in Peru typically refers to a monetary value represented by an electronic claim on a regulated financial entity (like a bank or an e-money issuer licensed by the SBS), denominated in Peruvian Soles (PEN), and redeemable at par. Most stablecoins are issued by foreign entities and are not subject to Peruvian e-money issuer licensing requirements.

While they function as payment tokens, they lack formal designation as such under Peruvian law.

**Securities:** The Superintendencia del Mercado de Valores (SMV) could potentially classify certain stablecoins as securities if they meet the definition of an investment contract or other financial instruments under the Ley del Mercado de Valores (Law No. 30050). However, there has been **no specific ruling or guidance from the SMV** classifying stablecoins as securities to date.

**No Specific Framework for Stablecoins:** Since there's no specific classification or dedicated stablecoin law, there are **no specific reserve requirements, issuer licensing mandates, or guaranteed redemption rights** directly applicable to stablecoin issuers *as stablecoin issuers* under Peruvian law.

**E-money Issuer Requirements (If Applicable):** If an entity were to issue a stablecoin denominated in PEN and operate as a licensed electronic money issuer under Law No. 29985, then it would be subject to:

**Issuer Licensing:** Obtain authorization from the SBS.

**Reserve Requirements:** Hold an equivalent amount of funds in a segregated account at a financial institution to back the e-money.

**Redemption Rights:** Ensure users can redeem their e-money for fiat at par.

**No Specific Rules:** Peru **does not have any specific rules or regulations for algorithmic stablecoins**. Given the general lack of a comprehensive stablecoin framework, algorithmic models fall under the same "unregulated" umbrella concerning their specific mechanics and risks.

**BCRP Exploration:** The Banco Central de Reserva del Perú (BCRP) has been actively studying the feasibility and implications of issuing its own Central Bank Digital Currency (CBDC).

**Project Mariana:** The BCRP participated in "Project Mariana," a joint experiment with the Bank for International Settlements (BIS) and other central banks (Bank of France, Monetary Authority of Singapore, Swiss National Bank) to explore the cross-border wholesale CBDC use. This indicates a serious interest in digital currencies.

**Status:** As of now, the BCRP is in the **research and evaluation phase** and has not announced a timeline for launching a CBDC.

**Interaction with Stablecoins:** The potential introduction of a Peruvian CBDC could significantly impact the stablecoin landscape by providing a state-backed, regulated digital alternative to private stablecoins. While a CBDC could offer benefits in terms of financial stability and payment efficiency, the BCRP has not yet established how a CBDC would directly interact with or regulate private stablecoins.

**SBS Resolution No. 3319-2023 (formerly Resolution No. 789-2018):** This is the crucial piece of legislation. The SBS, through its **Reglamento para la Prevención y Gestión de los Riesgos de Lavado de Activos y del Financiamiento del Terrorismo aplicable a los sujetos obligados bajo supervisión de la SBS** (Regulation for the Prevention and Management of Money Laundering and Terrorism Financing Risks applicable to obligated entities under SBS supervision), **includes Virtual Asset Service Providers (VASPs)** as obligated entities.

**Virtual Asset Service Providers (VASPs)** are defined broadly to include entities that conduct activities such as exchange between virtual assets and fiat currencies, exchange between one or more forms of virtual assets, transfer of virtual assets, safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets, and participation in and provision of financial services related to an issuer's offer and/or sale of a virtual asset.

This means that cryptocurrency exchanges, wallet providers, and other platforms that deal with virtual assets, including stablecoins, are required to implement **Know Your Customer (KYC)** procedures, report suspicious transactions to the Unidad de Inteligencia Financiera del Perú (UIF-Perú), and comply with other AML/CFT obligations.

**Regulatory Reference:** **Resolución SBS N° 3319-2023.**

**De jure (Specific Legislation):** The FATF Travel Rule (Recommendation 16) has **not yet been formally adopted through specific, dedicated legislation** in Peru.

**De facto (Existing AML/CFT Frameworks):** However, Peruvian authorities, primarily the **Superintendencia de Banca, Seguros y AFP (SBS)**, which oversees financial institutions, and the **Unidad de Inteligencia Financiera del Perú (UIF-Perú)**, the financial intelligence unit, have indicated that **Virtual Asset Service Providers (VASPs) are considered "obliged subjects"** under existing AML/CFT laws. This means they are expected to apply AML/CFT measures, including customer due diligence (CDD) and suspicious transaction reporting (STRs), similar to traditional financial institutions.

**Key Reference:** **Resolución SBS N° 789-2018**, published by the SBS, established the "General Framework for the Management of Money Laundering and Terrorism Financing Risk," and importantly, it included *virtual asset exchange platforms* and *digital wallet providers* within its scope of entities that must implement AML/CFT measures. While not explicitly the Travel Rule, it brought these entities under AML/CFT scrutiny.

**In Progress (Draft Legislation):** There are **draft legislative proposals** aimed at regulating crypto assets and service providers more comprehensively, which are expected to explicitly include the FATF Travel Rule requirements.

**Key Reference:** **Proyecto de Ley N° 1827/2021-CR** (and subsequent discussions/revisions, e.g., Proyecto de Ley N° 5716/2023-CR) "Ley Marco para la Comercialización de Criptoactivos," has been debated in the Peruvian Congress. This draft law aims to establish a regulatory framework for crypto assets and VASPs, and it is anticipated to incorporate the FATF Travel Rule's provisions requiring information exchange for transactions above a certain threshold.

**For existing AML/CFT obligations:** VASPs have been considered obliged subjects under the framework established by **Resolución SBS N° 789-2018** (and prior general AML/CFT laws like **Ley N° 27693 - Ley que crea la Unidad de Inteligencia Financiera del Perú** and its subsequent modifications) since their respective publication dates.

**For explicit Travel Rule implementation:** This will come into effect **once the proposed specific legislation (like Proyecto de Ley N° 1827/2021-CR or its final version) is approved by Congress, promulgated, and published in the official gazette.** As of late 2023/early 2024, this has not yet occurred.

**Currently (Under existing AML/CFT):** There are no specific Travel Rule thresholds explicitly defined for VASPs as the dedicated legislation is pending. However, existing AML/CFT regulations typically establish thresholds for **reporting suspicious or large cash transactions** that might indirectly apply.

**Anticipated (Once adopted):** Based on FATF guidance, the Travel Rule applies to transactions involving virtual assets above **USD/EUR 1,000 (or equivalent)** for cross-border transfers and **USD/EUR 3,000 (or equivalent)** for domestic transfers (though many jurisdictions opt for the lower $1,000 for both for simplicity and greater coverage). It is highly likely that any specific Peruvian legislation will adopt these FATF-recommended thresholds.

Under **Resolución SBS N° 789-2018**, the following are broadly considered within scope:

**Virtual asset exchange platforms (plataformas de intercambio de activos virtuales)**

**Digital wallet providers (proveedores de billeteras digitales)**

Once specific legislation is enacted, it is expected to cover all types of Virtual Asset Service Providers (VASPs) as defined by FATF, including:

Custodians (wallet providers, especially custodial ones)

Issuers of new crypto assets (ICO/STO platforms, if they facilitate transfers)

Potentially, any entity facilitating the transfer, exchange, or safekeeping of virtual assets for or on behalf of customers.

**Currently:** Since there isn't dedicated Travel Rule legislation, there are no specific technical implementation requirements mandated by Peruvian law. VASPs operating in Peru are expected to have internal AML/CFT policies and procedures, including robust customer identification and verification (KYC) processes.

**Anticipated (Once adopted):** If the draft law passes, VASPs would be required to implement technical solutions to collect, hold, and transmit the required originator and beneficiary information, which includes:

Originator's Account Number (or wallet address used to process the transaction)

Originator's Physical (Geographic) Address, OR National ID Number, OR Customer ID Number, OR Date and Place of Birth.

Beneficiary's Account Number (or wallet address used to process the transaction)

Common technical solutions for this include protocols based on the **InterVASP Messaging Standard (IVMS 101)**, such as TRISA, OpenVASP, Sygna, or other peer-to-peer or centralized solutions.

**Currently (Under existing AML/CFT):** VASPs, as "obliged subjects," are subject to the general penalties for non-compliance with AML/CFT regulations in Peru, as enforced by the SBS and UIF. These can include:

**Fines:** Significant monetary penalties based on the severity and recurrence of the infraction.

**Administrative sanctions:** Orders to cease certain operations, suspension or revocation of licenses (if applicable to a regulated entity), and administrative intervention.

**Reputational damage:** Public disclosure of non-compliance.

**Criminal charges:** In cases involving actual money laundering or terrorist financing, individuals and entities can face criminal prosecution under Peruvian penal codes.

**Anticipated (Once adopted):** The proposed specific legislation (Proyecto de Ley N° 1827/2021-CR) is expected to define clear and specific penalties for non-compliance with its provisions, including those related to the Travel Rule. These penalties would likely be substantial to ensure deterrence and align with international standards.

**Superintendencia de Banca, Seguros y AFP (SBS):**

(Search for Resolución SBS N° 789-2018 and related AML/CFT regulations on their site.)

(Search for guidance on obliged subjects and virtual assets.)

**Congreso de la República del Perú (for draft laws):**

(Search for "Proyecto de Ley N° 1827/2021-CR" or "Proyecto de Ley N° 5716/2023-CR" or "Ley Marco para la Comercialización de Criptoactivos" in their parliamentary documentation.)

FATF Guidance for VAs and VASPs: https://www.fatf-gafi.org/publications/fatfrecommendations/guidance-r15-vasp.html (This is the foundational document for the Travel Rule).