New technical regulations for risk management of money laundering, terrorist financing and financing of weapons of mass destruction in El Salvador

By: Marcela Zelaya

The purpose of the Anti-Money Laundering Law is to prevent, detect, sanction and eradicate the crime of money laundering, as well as its concealment, expressly stating that financial entities must adopt policies, rules and mechanisms of conduct, as well as develop and implement programs, standards, procedures and internal controls to prevent activities related to the crime of money laundering.

On September 23, 2022, the Standards Committee of the Central Reserve Bank of El Salvador approved the NRP-36 “Technical Standards for the Management of Money Laundering and Asset Laundering Risks, Financing of Terrorism and Financing of the Proliferation of Weapons of Mass Destruction”, which will be effective as of October 10, 2022, repealing the Technical Norms for the Management of Money Laundering and Asset Laundering Risks, and Financing of Terrorism (NRP-08) approved by the Central Reserve Bank of El Salvador through its Norms Committee in Session No. CN-14/2013 dated November 14, 2013. CN-14/2013 dated November 14, 2013. The issuance of such regulations arises from the entry into force of the new Instructions for the Prevention, Detection and Control of Money Laundering (AML), Financing of Terrorism (/FT) and the Financing of the Proliferation of Weapons of Mass Destruction (FPADM), published in the Official Gazette No. 205, Volume 433 dated October 27, 2021, by the Attorney General of the Republic, effective as of June 6, 2022.

The purpose of said Regulation is to provide the minimum guidelines for the adequate management of the risks of money laundering, financing of terrorism and financing of the proliferation of weapons of mass destruction, so that the entities of the financial system prevent risks, detect unusual operations and report operations related to such risks in a timely manner, determining that the policies and procedures for risk management be in accordance with the risk profile of the entity, nature, size, products, services, clients and distribution channels.

The parties required to comply with such regulations are banks incorporated in El Salvador, their offices abroad and subsidiaries, branches and offices of foreign banks established in the country, financial conglomerates, including both their controlling companies and their member companies, pension fund managers, insurance companies and their branches abroad, as well as their branches of foreign companies established in El Salvador and cooperative associations, stock exchanges, brokerage firms, companies specialized in deposit and custody of securities, risk rating companies, institutions engaged in providing auxiliary services in the stock market, specialized agents and general deposit warehouses, cooperative banks, savings and loan companies and the federations, reciprocal guarantee companies and cooperative associations, institutions dedicated to the rendering of auxiliary services in the stock market, specialized agents and general deposit warehouses, cooperative banks, savings and loan companies and federations, reciprocal guarantee companies and counter-guarantee companies, companies that provide complementary services to the financial services of the members of the financial system, companies that administer or operate payment and securities settlement systems, state entities and banks, foreign currency exchange houses, securitization companies and funds that administer them, product and service exchanges; investment fund managers, companies that provide electronic money, entities that send or receive money by any means at national and international level and any other company or institution that due to its line of business or commercial activity, or by legal or future mandate is part of the financial system.

Aspects regulated in the new regulations

Entities must identify risks and the periodicity to evaluate them by means of AML/CFT/ATF/ATFAML risk matrices, and submit to the Superintendence of the Financial System, the report of AML/CFT/ATFAML Risk Management results submitted to the Board of Directors or equivalent body, in compliance with the provisions of the FIU Instructions, as well as consider according to its operation, relevant external and internal parameters such as applicable local and international regulations on AML/CFT/ATF/AMLLL prevention, objectives and strategies of the entity; organizational structure; market characteristics and background of AML/CFT/AML/CFT risks to be evaluated and gaps identified in past evaluations, among other aspects.

Likewise, and as part of risk monitoring, regulated entities must systematically and timely follow up on AML/CFT/ATF/AMLF risk factors through permanent monitoring activities, follow up to determine whether the controls implemented include all sources of potential AML/CFT/AMLF risk events and their operation in a timely, effective and efficient manner; they must have a system of documents and records in a physical or electronic format.

In the case of entities that offer electronic banking services, they must keep a log of access and use of the system that allows recording and tracking transactions made to their customers, being understood as electronic financial transactions all those operations carried out through ATMs, Internet, telephone transactions or any other service that can be carried out by electronic means.

Finally, after the entry into force of these regulations, the Superintendency of the Financial System will send to the entities, within a maximum period of thirty days, the technical details related to the sending of the required information regarding the collection of information, having the entities up to thirty working days from the communication of the technical details by the Superintendency, to implement the necessary mechanisms and comply with the remission of information established in the technical regulations.

Our firm is integrated by a multidisciplinary team to facilitate the due compliance with the aforementioned regulation, do not hesitate to contact us at and to expand on any aspect of the same.