Uruguay

**BCU Stance:** The BCU has issued communications clarifying its position. While it acknowledges virtual assets, it has explicitly stated that they are **not considered legal tender** in Uruguay and virtual asset activities generally **do not fall under the traditional financial intermediation framework** (e.g., banking law) unless they involve activities that would traditionally require BCU authorization (e.g., taking public deposits, issuing e-money as a payment institution). The BCU monitors the sector and indicates the possibility of future, more specific regulation.

**UIAF Role:** The UIAF is the key authority for AML/CFT oversight of VASPs. VASPs are required to **register with the UIAF** and comply with AML/CFT regulations.

**Requirement:** **Registration with the UIAF** is mandatory for virtual asset exchanges operating in Uruguay. They are considered "obligated subjects" under AML/CFT law.

**Nature:** This is an AML/CFT registration, not a financial license from the BCU to operate an exchange *per se*.

**BCU Consideration:** If an exchange offers services that cross into traditional financial activities (e.g., offering interest-bearing accounts in fiat, acting as a payment institution for fiat, issuing regulated financial instruments), it would likely require specific authorization from the BCU in addition to UIAF registration.

**Nature:** Similar to exchanges, this is an AML/CFT registration.

**BCU Consideration:** Purely virtual asset custody is not currently under BCU licensing. However, if the custody provider also offers regulated financial services or manages client funds in a way that falls under existing financial laws, BCU authorization would be required.

**If processing payments exclusively in Virtual Assets (e.g., crypto-to-crypto payments, or facilitating payments where the merchant receives crypto directly):**

**Requirement:** Likely fall under the VASP definition and require **registration with the UIAF** for AML/CFT purposes.

**If processing payments involving Fiat Currency (e.g., facilitating fiat deposits/withdrawals, enabling merchants to accept crypto but receive fiat):**

**Requirement:** This might require **BCU authorization** as a **Payment Service Provider (PSP)** or **Electronic Payment Institution (Institución de Pagos Electrónicos - IPE)**, in addition to UIAF registration if they also handle virtual assets.

**Nature:** This is a full financial license from the BCU, which involves more stringent capital, operational, and regulatory compliance requirements. The BCU regulates these entities under its general framework for payment services.

**For UIAF Registration (VASPs):** There is **no specific minimum capital requirement** directly tied to UIAF AML/CFT registration for VASPs.

**For BCU Authorization (e.g., IPEs/PSPs):** If an entity's activities fall under the BCU's existing regulatory framework for financial institutions (like Payment Service Providers or Electronic Payment Institutions), then **significant minimum capital requirements** apply. These are determined by BCU regulations for those specific activities and can be substantial (e.g., tens of thousands to hundreds of thousands of USD equivalent, depending on the scope of activities).

**Risk Assessment:** Develop and implement a robust, risk-based AML/CFT program.

Identify and verify the identity of customers (KYC - Know Your Customer).

Understand the purpose and nature of the business relationship.

Ongoing monitoring of transactions and relationships.

Enhanced Due Diligence (EDD) for high-risk customers or transactions.

**Suspicious Activity Reporting (SARs):** Report suspicious transactions to the UIAF without delay.

**Record-Keeping:** Maintain records of customer identification, transactions, and AML/CFT analysis for at least five years.

**Internal Controls:** Establish internal policies, procedures, and controls to prevent money laundering and terrorist financing.

**AML Officer:** Appoint a designated AML/CFT Compliance Officer responsible for overseeing compliance.

**Training:** Provide ongoing training to staff on AML/CFT regulations and policies.

**Required:** Yes, entities operating as VASPs in Uruguay are generally expected to be **legally incorporated in Uruguay** or have a registered branch/office within the country. This facilitates regulatory oversight and enforcement.

**AML Officer:** The designated AML/CFT Compliance Officer should typically be based in Uruguay or readily accessible to the UIAF.

**Legal Incorporation:** Establish a legal entity (e.g., SA, SRL) in Uruguay.

**AML/CFT Manual:** Develop a comprehensive AML/CFT manual detailing policies, procedures, and internal controls in compliance with Uruguayan law and UIAF circulars.

**Appoint AML Officer:** Designate an AML/CFT Compliance Officer.

**UIAF Registration:** Register as an obligated subject with the UIAF. This often involves submitting an online application through the UIAF's portal, providing company details, AML officer information, and a summary of the AML/CFT manual and procedures.

**Ongoing Compliance:** Once registered, the VASP must continuously monitor transactions, conduct CDD, report SARs, and submit any other required reports to the UIAF.

**Ley N° 19.926 (Law on the Prevention of Money Laundering and Terrorism Financing):** This is the primary AML/CFT law in Uruguay, which defines "obligated subjects" to include VASPs.

URL (Search for Ley 19.926): https://www.impo.com.uy/ (Official Gazette - search functionality is best here)

**Comunicación del BCU No. 2021/169 (Communication from the BCU on Virtual Assets):** This key communication outlines the BCU's position, defines virtual assets, and clarifies that they are not legal tender, while also indicating the BCU's monitoring role.

URL (BCU Communications): https://www.bcu.gub.uy/Comunicaciones/Paginas/Comunicaciones.aspx (Search for "169" or "virtual assets")

**Circulars and Regulations from UIAF on VASPs:** The UIAF issues specific circulars detailing the AML/CFT obligations for VASPs, including registration requirements, CDD procedures, and reporting. These are updated periodically. You would need to check the UIAF's official website for the latest applicable circulars (e.g., related to obligated subjects and specific sectorial guidelines).

URL (UIAF Normativa - Check for latest circulars on VASPs): https://www.uiaf.gub.uy/uiaf/normativa (You'll need to browse for circulars specifically addressing "activos virtuales" or "proveedores de servicios de activos virtuales").

**BCU Regulations for Electronic Payment Institutions (IPEs) or Payment Service Providers (PSPs):** If activities extend to traditional fiat payment processing, consult BCU regulations for these entities (e.g., Recopilación de Normas de Regulación Financiera).

URL (BCU Normativa): https://www.bcu.gub.uy/Sistema-Financiero/Normativa/Paginas/Recopilacion-de-normas-de-regulacion-financiera.aspx (Look for chapters related to Payment Institutions, Electronic Money, etc.)

**Law No. 18,627 (Securities Market Law):** This law defines what constitutes a "security" or "financial instrument" in Uruguay. A key aspect is the expectation of economic return and the reliance on a third party's efforts. Securities are broadly defined as any negotiable instrument, including shares, bonds, investment fund units, and other instruments that grant the holder rights to a portion of capital, income, or other economic benefits.

**Law No. 19,996 (Virtual Assets Law):** While this law primarily defines "Virtual Assets" and regulates Virtual Asset Service Providers (VASPs), it explicitly states that if a virtual asset, by its nature, structure, or rights it grants, falls within the definition of a "security" or "financial instrument" under the Securities Market Law, then it will be subject to the regulations governing the securities market, in addition to the virtual asset regulations.

**BCU Circulars and Regulations:** The BCU has issued regulations (e.g., Communication 2022/247, and further decrees implementing Law 19,996) that clarify the scope and application. These documents emphasize analyzing whether the token represents:

An **expectation of profit** derived from the efforts of a common enterprise or third party.

A **right to income, dividends, interest, or similar distributions**.

A **share in an enterprise, debt, or other traditional financial instrument**.

A **right to future economic benefits** or participation in a pooled investment.

**Security Tokens:** These are explicitly designed to represent traditional financial instruments digitally. Examples include:

**Equity Tokens:** Tokens representing shares or ownership interests in a company.

**Debt Tokens:** Tokens representing bonds, debentures, or other forms of debt.

**Real Estate Tokens:** Tokens representing fractional ownership or economic rights in real estate properties, where the value is derived from the property's performance managed by a third party.

**Revenue Share Tokens:** Tokens that grant holders a right to a portion of the revenue or profits generated by a project or company.

**Investment Fund Tokens:** Tokens representing units in a collective investment scheme.

**Tokens with Investment Characteristics:** Even if not explicitly marketed as traditional securities, tokens sold with an explicit or implicit promise of investment returns, and where the value is primarily derived from the entrepreneurial or managerial efforts of others, could be classified as securities. This is often the case for some "utility tokens" if they are sold primarily for speculative investment purposes rather than immediate utility, or if their functionality is not yet developed.

**Payment/Currency Tokens:** Cryptocurrencies like Bitcoin (BTC) or pure stablecoins used primarily for transactional purposes, without an underlying common enterprise promising returns.

**True Utility Tokens:** Tokens that grant access to a specific product or service within an ecosystem, where their value is directly tied to their utility rather than an expectation of passive investment return from the issuer's efforts. The key here is immediate utility and lack of passive investment expectation.

Issuers must register the security token and themselves with the BCU.

A prospectus (folleto informativo) detailing the offering, the issuer, the token's characteristics, risks, and financial information must be submitted and approved.

Ongoing disclosure requirements apply (periodic financial reports, material events).

This ensures investor protection, transparency, and market integrity.

**Exemptions:** Uruguayan securities law typically provides exemptions from full public offering registration for:

**Private Placements:** Offerings made to a limited number of qualified or institutional investors.

**Small Offerings:** Offerings below a certain monetary threshold (specific limits are defined in regulations).

**Offerings to Employees:** Certain offerings to employees or directors.

Issuers seeking to rely on an exemption must still ensure compliance with the specific conditions for that exemption, which might include specific disclosure obligations or restrictions on resale.

**Virtual Asset Service Provider (VASP) Registration (Separate but Overlapping):**

Regardless of whether a token is a security, any entity involved in the issuance, exchange, transfer, custody, or administration of "virtual assets" (as defined by Law 19,996) must register as a VASP with the BCU.

This VASP registration is primarily for AML/CFT compliance, operational robustness, cybersecurity, and consumer protection for all virtual assets, not just those classified as securities. Therefore, an issuer of a security token would likely need both to comply with securities law for the token and VASP regulations for its service.

**Regulated Exchanges:** Trading platforms facilitating the secondary market for security tokens would generally need to be authorized as securities exchanges or other regulated market intermediaries by the BCU.

**Market Intermediaries:** Entities facilitating the buying and selling of security tokens (e.g., brokers, dealers) must be registered and licensed by the BCU as securities market intermediaries, complying with capital requirements, fit-and-proper person tests, and market conduct rules.

**Transparency and Investor Protection:** Secondary markets for security tokens are subject to rules on price transparency, market manipulation prevention, investor protection (e.g., best execution, client asset segregation), and disclosure.

**AML/CFT:** All secondary trading of virtual assets, whether securities or not, is subject to the comprehensive AML/CFT framework for VASPs.

Investigate offerings of virtual assets.

Issue cease-and-desist orders for unregistered security token offerings.

Impose fines and other sanctions on issuers or platforms that violate securities market laws.

Require compliance with registration and disclosure requirements.

**Law No. 19,996 (Ley de Regulación de Activos Virtuales - Virtual Assets Regulation Law):**

*Search Term:* "Ley N° 19.996 activos virtuales"

*Example source (Diario Oficial):* https://www.impo.com.uy/bases/leyes/19996-2021 (This link points to the official publication from December 2021, which was later signed into law)

**Law No. 18,627 (Ley de Mercado de Valores - Securities Market Law):**

*Search Term:* "Ley N° 18.627 Mercado de Valores"

**Banco Central del Uruguay (BCU) Regulations and Communications:**

The BCU's official website is the primary source for circulars, communications, and decrees. Look for the "Normativa" (Regulations) section.

From there, navigate to "Normativa" -> "Regulación de Activos Virtuales" or "Mercado de Valores." Specific communications like "Comunicación 2022/247" and subsequent decrees implementing Law 19,996 will be found here as they are published.

*Example source (Diario Oficial):* https://www.impo.com.uy/bases/leyes/18627-2009

**Ley N° 19.574 (Integral Law Against Money Laundering and Terrorism Financing), dated December 20, 2017:** This is the cornerstone legislation that established the general AML/CFT regime, identified obligated subjects, and set out the core requirements for prevention, detection, and punishment of money laundering and terrorism financing.

**Decreto N° 379/020 (Regulation of Non-Financial Obligated Subjects and Activities Regulated by Law N° 19.574), dated December 23, 2020:** This crucial decree explicitly includes **"providers of virtual asset services"** (proveedores de servicios de activos virtuales) as **obligated subjects (sujetos obligados)** under the AML/CFT framework. This brought VASPs directly under the regulatory scope, requiring them to comply with the same AML/CFT obligations as traditional financial institutions and other designated non-financial businesses and professions (DNFBPs).

Exchange between virtual assets and fiat currencies.

Exchange between one or more forms of virtual assets.

Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets.

Participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.

**For Individuals:** Obtain and verify the client's full name, date of birth, nationality, identification number (e.g., national ID, passport), address, and other relevant contact details.

**For Legal Entities:** Obtain and verify the legal name, registration number, legal form, address of the registered office, names of directors and senior management, and the ownership and control structure (including ultimate beneficial owners - UBOs).

**Beneficial Ownership:** Identify and take reasonable measures to verify the identity of the beneficial owner(s) behind any legal entity, trust, or other legal arrangement. This involves understanding the control structure and identifying individuals who ultimately own or control more than a certain percentage (e.g., 25%) of the entity.

**Purpose and Intended Nature of the Business Relationship:** Understand the purpose and intended nature of the business relationship or occasional transaction.

**Source of Funds and Source of Wealth (SoF/SoW):** Especially for high-risk customers or transactions, VASPs must take reasonable measures to establish the source of funds or source of wealth involved.

**Ongoing Monitoring:** Continuously monitor the business relationship and transactions to ensure they are consistent with the VASP's knowledge of the customer, their business, and risk profile. This includes reviewing transactions for suspicious activity and updating customer information periodically.

**Enhanced Due Diligence (EDD):** Apply EDD measures for high-risk customers, relationships, or transactions. This includes, but is not limited to:

Complex or unusual transactions or structures.

Transactions involving new technologies or products where the ML/TF risks are higher.

**What to Report:** Any transaction, attempted transaction, or operation, regardless of the amount, that the VASP suspects or has reasonable grounds to suspect is related to money laundering, terrorism financing, or underlying criminal activity.

**To Whom:** Reports must be submitted to the **Secretaría Nacional para la Lucha contra el Lavado de Activos y el Financiamiento del Terrorismo (SEGPRE)**, Uruguay's FIU.

**No Tipping-Off:** VASPs and their employees are prohibited from disclosing to the customer or third parties that a suspicious transaction report has been or will be submitted, or that an investigation is being conducted.

**Customer Identification Data:** All documents and information obtained during the CDD process (e.g., copies of identification documents, corporate registration documents, beneficial ownership information).

**Transaction Data:** Records of all transactions, including amounts, currencies, dates, types of virtual assets, parties involved (originator and beneficiary information), and any other relevant details.

**Analysis and Decision-Making:** Records of the analysis undertaken for suspicious activity and the decisions made regarding reporting or non-reporting.

**Retention Period:** Records must be retained for at least **five (5) years** from the date of the last transaction or the end of the business relationship, whichever is later.

**Secretaría Nacional para la Lucha contra el Lavado de Activos y el Financiamiento del Terrorismo (SEGPRE)**

**Role:** SEGPRE acts as the Financial Intelligence Unit (FIU) and is responsible for developing national AML/CFT policy, receiving and analyzing STRs, disseminating financial intelligence, and supervising the compliance of non-financial obligated subjects (which now include VASPs) with AML/CFT regulations.

**AML/CFT Law 19,574 (2017):** This is the primary AML/CFT law in Uruguay, establishing obligations for various reporting entities.

**Reference:** Law 19,574 - Prevención y Combate del Lavado de Activos y el Financiamiento del Terrorismo (Official Spanish Text)

**Law 19,996 (2021):** This law further strengthens the AML/CFT framework and explicitly includes virtual assets (defined broadly as "property") within the scope of illicit activities covered by the AML/CFT regime. It designates VASPs as obligated subjects for AML/CFT purposes.

**Reference:** Law 19,996 - Modificaciones a la Ley N° 19.574, de 20 de diciembre de 2017 (Official Spanish Text)

**BCU Circular No. 2,427 (2022):** The BCU clarified that virtual assets and related activities require supervision, aligning VASPs with existing financial intermediaries in terms of AML/CFT obligations. It explicitly states that entities offering virtual asset services must apply CDD, risk management, and report suspicious transactions to SENACLAFT.

**Reference:** Comunicación No. 2022/247 - Marco de Supervisión de Activos Virtuales (Official Spanish Text)

**SENACLAFT Guidelines:** SENACLAFT, as Uruguay's Financial Intelligence Unit (FIU), issues specific guidelines and recommendations for reporting entities, including those handling virtual assets, regarding their AML/CFT obligations, which encompass targeted financial sanctions.

**Implementation:** Uruguay implements UN sanctions through national decrees. These decrees mandate the freezing of assets and prohibition of transactions with individuals and entities designated by the UN Security Council.

**Decree 379/014 (2014):** Establishes the procedures for the implementation of UN Security Council resolutions related to the freezing of assets associated with terrorism and proliferation.

**Reference:** Decreto 379/014 - Medidas relativas a la prevención del lavado de activos y el financiamiento del terrorismo y la proliferación de armas de destrucción masiva (Official Spanish Text)

**Decree 208/022 (2022):** Updates and strengthens the regulatory framework for TFS, aligning with FATF recommendations and addressing virtual assets. It explicitly requires reporting entities (including VASPs) to check their client lists against the UN sanctions lists *immediately* upon their publication.

**Reference:** Decreto 208/022 - Marco Regulatorio de Sanciones Financieras Dirigidas (Official Spanish Text)

**Sanctioned Entity Screening:** VASPs must screen all customers (during onboarding and ongoing), beneficial owners, and transactions against the UN Consolidated Sanctions List, which includes:

ISIL (Da'esh) & Al-Qaida Sanctions List

DPRK (North Korea) Sanctions List

Other country-specific sanctions regimes (e.g., Libya, Mali, Somalia, Yemen, etc.)

**Asset Freezing:** Immediately freeze any virtual assets or funds belonging to or controlled by sanctioned individuals or entities.

**Reporting:** Report any matches or frozen assets to SENACLAFT without delay.

**Deal with U.S. Persons or Entities:** This includes U.S. citizens, permanent residents, entities organized under U.S. law, or persons/entities located in the U.S.

**Utilize U.S. Dollar-Denominated Transactions or U.S. Financial Infrastructure:** Many crypto exchanges and financial services providers rely on U.S. correspondent banking relationships or process transactions in USD. Non-compliance can lead to de-risking by financial partners or direct OFAC enforcement.

**Have a Nexus to the U.S. or EU:** This could include servers located in these jurisdictions, U.S./EU investors, employees, or significant business operations.

**Engage in Activities within the U.S. or EU Financial System:** Any transaction that touches the U.S. or EU financial system, even indirectly, could fall under their jurisdiction.

**Proactive Screening:** Best practice dictates that VASPs in Uruguay screen against OFAC's Specially Designated Nationals (SDN) and Blocked Persons List, other OFAC sanctions lists (e.g., SSI, CAPTA), and the EU Consolidated List of persons, groups, and entities subject to EU financial sanctions.

**Prohibited Transactions:** Prohibit any direct or indirect transactions involving sanctioned individuals, entities, or jurisdictions as designated by OFAC or the EU.

**Risk Management:** Implement robust risk-based compliance programs that account for the potential impact of OFAC and EU sanctions on their operations and client base.

**Perform Customer Due Diligence (CDD):** Identify and verify the identity of their customers and beneficial owners.

**Ongoing Monitoring:** Continuously monitor customer transactions and relationships for any suspicious activity or changes in sanctions status.

**Sanctions Screening:** Screen all new and existing clients, as well as the counterparties to transactions, against applicable sanctions lists (UN, OFAC, EU as appropriate) using reliable screening software.

**Record Keeping:** Maintain records of all CDD, monitoring, and screening activities.

**UN:** North Korea (DPRK), Iran (proliferation-related).

**OFAC:** Cuba, Iran, North Korea, Syria, Venezuela (certain sectors/entities), parts of Ukraine (Crimea, Donetsk, Luhansk regions).

**EU:** Similar to OFAC, with specific focus on North Korea, Iran, Syria, Russia (post-invasion of Ukraine), Belarus.

**SENACLAFT Role:** SENACLAFT is responsible for disseminating updated consolidated lists of individuals and entities subject to targeted financial sanctions (primarily derived from UN lists) to reporting entities in Uruguay. While SENACLAFT doesn't create *new* independent lists distinct from UN ones, it ensures their timely and effective national implementation.

The Central Bank (BCU) or SENACLAFT can impose substantial administrative fines on VASPs for deficiencies in their compliance programs, failure to report suspicious transactions, or failure to implement sanctions screening. Fines can be significant, calculated as a percentage of gross income or a fixed amount.

Individuals and entities involved in facilitating money laundering, terrorist financing, or proliferation financing can face criminal prosecution, leading to imprisonment and confiscation of assets.

Sanctions evasion, particularly concerning UN-mandated prohibitions, can be treated as an underlying predicate offense for money laundering or financing of terrorism.

Violations can severely damage a VASP's reputation, leading to loss of customers, banking relationships, and investor confidence.

Financial institutions (both traditional and crypto-native) may terminate services to VASPs perceived as high-risk or non-compliant with international sanctions, making it difficult for them to operate.

**Develop a Robust AML/CFT & Sanctions Compliance Program:** This includes written policies and procedures, risk assessments, internal controls, and independent audits.

**Implement Comprehensive CDD:** Identify and verify all customers and beneficial owners.

**Conduct Sanctions Screening:** Screen all customers and counterparties against the UN Consolidated Sanctions List, OFAC SDN List, and EU Consolidated List.

**Monitor Transactions:** Continuously monitor transactions for red flags indicative of sanctions evasion, money laundering, or terrorist financing.

**Train Staff:** Provide regular and comprehensive training to all relevant staff on AML/CFT and sanctions compliance requirements.

**Report Suspicious Activity:** File suspicious activity reports (SARs) with SENACLAFT promptly when required.

**Stay Updated:** Monitor updates from the BCU, SENACLAFT, UN, OFAC, and EU regarding sanctions lists and regulatory guidance.

**Law N° 19.996 – Ley de Fomento a la Innovación Financiera (Financial Innovation Promotion Law):** Enacted in 2021, this law establishes a regulatory sandbox (Espacio de Innovación Financiera) to test new technologies and business models, and mandates the BCU to classify "digital assets."

Link to Law N° 19.996 (Spanish, parliamentary site)

**Electronic Money (E-Money) / Payment Tokens:**

**Decreto N° 360/011 (Regulation of Electronic Money Services):** Defines electronic money and outlines the requirements for Electronic Money Issuers (EMIs).

Link to Decreto N° 360/011 (Spanish, official)

**Comunicación N° 2013/058 del BCU (Regulations for Payment Service Providers – PSPs):** Further details the licensing and operational requirements for PSPs that issue electronic money.

Link to Comunicación N° 2013/058 (Spanish, BCU site)

**BCU's View:** The BCU has been cautious, stating that while some crypto assets *could* potentially function as a form of electronic money, they generally do not meet the stringent regulatory, prudential, and consumer protection standards required for financial services.

**Law N° 18.627 (Ley del Mercado de Valores – Securities Market Law):** Regulates public offerings of securities.

Link to Law N° 18.627 (Spanish, parliamentary site)

**Law N° 16.749 (Ley de Sociedades Administradoras de Fondos de Inversión – Investment Fund Management Companies Law):** Could apply if the stablecoin represents units in a fund.

Link to Law N° 16.749 (Spanish, parliamentary site)

**Regulator:** The Superintendencia de Servicios Financieros (SSF) within the BCU supervises the securities market.

**Other Digital Assets / Utility Tokens:**

**If classified as Electronic Money:** Yes, EMIs in Uruguay are subject to strict reserve requirements. They must maintain backing (generally 1:1) for all electronic money issued, typically in highly liquid assets (e.g., segregated bank accounts, government bonds) to ensure full convertibility and redemption at par. The BCU would set specific rules for the quality and location of these reserves.

**If classified as Securities:** Reserve requirements would depend on the nature of the security. If it's a debt instrument, it would follow standard corporate finance rules; if it's a share in a fund, the fund's investment policies would dictate asset allocation.

**If not E-Money or Security:** Currently, there are no specific reserve requirements for stablecoins operating outside of these classifications, though this could change with new legislation.

**If classified as Electronic Money:** Issuers must obtain a license as a Payment Service Provider (PSP) from the Central Bank of Uruguay (BCU) and comply with all regulations pertaining to EMIs (Decreto 360/011, Comunicación 2013/058). This includes capital requirements, corporate governance, risk management, and consumer protection.

**If classified as Securities:** Issuers offering stablecoins classified as securities to the public would need to register the offering with the SSF (within the BCU) and comply with securities market regulations. Intermediaries (brokers, exchanges) would also require specific licenses.

**Regulatory Sandbox:** Entities wishing to issue stablecoins under novel models can apply to the Financial Innovation Space (sandbox) established by Law N° 19.996. This allows for controlled testing with temporary, modified regulatory requirements, but still requires BCU authorization.

**AML/CFT Registration:** Even if not falling under the e-money or securities classifications for prudential purposes, entities dealing with stablecoins (e.g., exchanges, custodians) are typically considered "virtual asset service providers" (VASPs) and must register with the BCU and comply with AML/CFT regulations.

**If classified as Electronic Money:** Users have clear and explicit redemption rights. EMIs must redeem electronic money at par, in fiat currency, upon request, without undue delay or disproportionate fees. This is a fundamental principle of e-money regulation.

**If classified as Securities:** Redemption rights would be defined by the specific terms of the security (e.g., prospectus, bond covenants).

**If not E-Money or Security:** Redemption rights would be governed by the terms and conditions agreed upon between the issuer and the user, essentially a private contract. There would be no specific regulatory guarantee of redemption from the BCU.

Given their inherent volatility and reliance on complex algorithms rather than full fiat collateral, they are highly unlikely to be classified as electronic money.

They could potentially be classified as **securities** if their design involves investment-like features or if they fail to maintain their peg, leading to speculative activity.

The BCU would likely view them as higher-risk digital assets, requiring careful scrutiny within the sandbox or under general consumer protection and financial stability considerations.

**e-Peso Pilot Project (2017-2018):** The BCU conducted a successful pilot program for a retail CBDC, the "e-Peso," making it one of the first countries to do so. The pilot demonstrated the technical feasibility of issuing a digital version of the Uruguayan peso for general use.

Link to BCU's information on the e-Peso pilot (Spanish)

**Current Status:** While the pilot concluded successfully, the BCU decided against full implementation of a retail CBDC at that time, stating that the project confirmed the technical feasibility but further analysis was needed regarding its real benefits, costs, and potential impact on the financial system.

**Interaction with Private Stablecoins:** If Uruguay were to launch a CBDC, it would likely serve as a safe and regulated digital alternative to private stablecoins, potentially limiting their widespread adoption as a primary means of payment. A CBDC would be a direct liability of the central bank, carrying no credit or liquidity risk, unlike private stablecoins. The BCU continues to monitor international developments and assess the implications of CBDCs for financial stability and monetary policy.

**Law N° 19.574 (Ley Integral de Lavado de Activos – Comprehensive Anti-Money Laundering Law):** Extends AML/CFT obligations to "virtual asset service providers" (VASPs).

Link to Law N° 19.574 (Spanish, parliamentary site)

**BCU Regulations:** The BCU issues specific circulars and communications detailing AML/CFT requirements for financial institutions and VASPs, including customer due diligence (CDD), record-keeping, and suspicious transaction reporting (STR).

**Initial Framework:** The foundational legislation bringing VASPs under the AML/CFT regime, **Law No. 19.940** (Ley de Prevención de Lavado de Activos y Financiamiento del Terrorismo en el Sector de Activos Virtuales) and **Decree No. 379/021**, were published in **2021**. These mandated the registration and supervision of VASPs by the BCU.

**Travel Rule Specifics:** The BCU issued **Circular No. 240/2021** (and subsequent amendments like Circular 245/2021 and 247/2021), which details the AML/CFT obligations for VASPs, including the Travel Rule. While the framework was in place in 2021, full compliance with the Travel Rule data transmission requirements for VASPs was generally expected to be in force by **August 2022**.

**VASP-to-VASP Transfers:** For virtual asset transfers between a Uruguayan VASP and another VASP (domestic or international), the Travel Rule applies to transactions equal to or exceeding **USD 1,000 (or its equivalent in other currencies/virtual assets)**.

**VASP-to-Unhosted Wallet Transfers:** For transactions where a Uruguayan VASP sends or receives virtual assets to/from an unhosted (private, self-custodied) wallet:

If the transaction is equal to or exceeds **USD 3,000 (or its equivalent)**, the VASP must collect the relevant information from its own customer (originator or beneficiary) as if it were a VASP-to-VASP transfer. The VASP must also assess the risks associated with unhosted wallets.

The FATF's updated guidance (2023) encourages all VASPs to manage the risks of unhosted wallets, even below thresholds.

Name (natural person) or legal name (legal entity).

National identity number (e.g., CI, Passport number, Tax ID).

Customer identification number (assigned by the VASP, if applicable).

This information must be transmitted **securely** and **immediately** along with the virtual asset transaction, or within a reasonable timeframe if immediate transmission is technically impossible.

VASPs are required to **store this information** for a period of five years, readily available to competent authorities.

While the BCU mandates the data points, it **does not prescribe a specific technical solution or protocol** (e.g., TRISA, Sygna, Travel Rule Protocol, etc.). VASPs are expected to adopt a solution that effectively enables them to comply with the information collection and transmission requirements.

**Fines:** Substantial monetary fines can be imposed, calculated based on the severity and recurrence of the infraction. Fines can range up to significant amounts (e.g., up to 20,000,000 Indexed Units – UI, which is a considerable sum).

**Suspension of Operations:** Temporary suspension of VASP activities.

**Revocation of Registration/License:** In severe or repeated cases of non-compliance, the BCU can revoke a VASP's registration, effectively barring them from operating in Uruguay.

**Reputational Damage:** Non-compliance can lead to public censure and damage to a VASP's reputation.

**Criminal Charges:** In cases involving money laundering or financing of terrorism, individuals and legal entities can face criminal prosecution, imprisonment, and asset forfeiture.

**Law No. 19.940 (Ley de Prevención de Lavado de Activos y Financiamiento del Terrorismo en el Sector de Activos Virtuales):** Establishes the legal framework for AML/CFT for VASPs.

**Decree No. 379/021:** Regulates Law 19.940, detailing definitions, scope, registration, and supervision.

**BCU Circular No. 240/2021:** Establishes specific AML/CFT obligations for VASPs, including the Travel Rule requirements.

**BCU Circular No. 241/2021:** Defines the registration process for VASPs with the BCU.

**BCU Circular No. 245/2021 and 247/2021:** Subsequent amendments that further clarify or modify aspects of Circular 240/2021. These are usually linked from the main BCU circulars page.

**Issuing warnings and general guidance:** Advising the public on risks and clarifying that virtual assets are not legal tender.

**Developing a regulatory framework:** The BCU presented a preliminary proposal for regulating Virtual Asset Service Providers (VASPs) in 2021, and work is ongoing.

**Applying existing AML/CFT rules:** Emphasizing that entities dealing with virtual assets are subject to existing anti-money laundering and counter-terrorist financing (AML/CFT) regulations, even without specific crypto legislation.

**Regulator Name:** Banco Central del Uruguay (BCU)

**Entity Targeted:** All financial institutions, virtual asset service providers (VASPs), and the general public operating in the virtual asset space.

**Violation Type:** Primarily aimed at preventing non-compliance with existing AML/CFT regulations and consumer protection issues arising from unregulated activities.

**Penalty Amount:** Not applicable for a general communication.

**Date:** Issued November 29, 2021 (and subsequent communications).

**Outcome:** Established the BCU's initial position on virtual assets, clarified that they are not legal tender, warned about risks, and reiterated that existing AML/CFT obligations apply to entities dealing with VAs. It also announced the start of a regulatory framework development process. This communication serves as a foundational "warning" and "guidance" for the market.

**Significance:** This is the most significant official statement from the BCU regarding virtual assets, informing the market of its stance and future direction. Any future enforcement would directly reference these principles.

BCU Communication (Comunicación No. 2021/200): https://www.bcu.gub.uy/Comunicados/comunicado200211.pdf

BCU Press Release on Virtual Assets (Spanish): https://www.bcu.gub.uy/Comunicados/Paginas/Comunicado%20de%20prensa.aspx?p=64

**Regulator Name:** Unidad de Información y Análisis Financiero (UIAF - Financial Information and Analysis Unit, part of the BCU)

**Entity Targeted:** Financial institutions, designated non-financial businesses and professions (DNFBPs), and potentially VASPs (under existing AML definitions).

**Violation Type:** Non-compliance with anti-money laundering and counter-terrorist financing (AML/CFT) regulations.

**Penalty Amount:** Varies depending on the severity of the non-compliance. Specific amounts for crypto-related cases are not publicly detailed for Uruguay.

**Date:** Ongoing (UIAF is continuously monitoring and enforcing AML/CFT).

**Outcome:** The UIAF's mandate includes monitoring and investigating suspicious transactions, including those involving virtual assets. While specific cases against crypto firms aren't widely publicized, the UIAF would be the body to investigate and refer for prosecution any AML/CFT violations in the crypto space. They issue guidelines and requirements that apply.

**Significance:** This represents the ongoing, fundamental enforcement mechanism for financial crimes, which *includes* the use of cryptocurrencies.

UIAF's Official Page (Spanish): https://www.bcu.gub.uy/Sistema-Financiero/Paginas/UIAF.aspx