New special law on money laundering and terrorism financing in El Salvador

BLP Legal - On October 9, the Legislative Decree No. 426 was duly published in the Official Gazette, containing the Special Law for the Prevention, Control, and Sanction of Money Laundering, Terrorism Financing, and the Financing of the Proliferation of Weapons of Mass Destruction ( the "Law"). Its main purpose is to transform El Salvador’s anti-money laundering regime from a merely punitive system into a preventive, coordinated, and technologically strengthened model aligned with international standards.

1- Coordinated National System

The Law establishes the National System for the Prevention, Control, and Sanction of Money Laundering (SINAPLAFT), a network comprised of the Office of the Attorney General, the Financial Investigation Unit (FIU), regulatory superintendencies, ministries, the Central Reserve Bank, and obligated entities.

This system will operate through the Interinstitutional Committee (CIPLAFT), chaired by the Attorney General, who will formulate national policies, coordinate risk assessments, and promote cooperation among authorities.

Key powers include:

• Formulating national prevention strategies and plans.
• Promoting cooperation and information exchange among institutions.
• Recommending legal reforms and regulatory adjustments.
• Proposing the inclusion or exclusion of obligated entities based on risk assessments.

However, such proposals will not take immediate effect — any changes to the list of obligated entities must be approved through a legislative reform, ensuring legal certainty and transparency.

The FIU is strengthened as the national financial intelligence center, with technical and functional autonomy and broad powers to request information from public and private entities.

New FIU powers include:

• Direct access to financial and commercial databases.
• The ability to issue binding technical guidelines to obligated entities.
• Coordination of the National Risk Assessment (NRA).
• Secure information exchange with foreign counterpart units.

2- Obligated Entities: Key Inclusions and Exclusions

The Law redefines the scope of obligated entities, shifting from the broad approach of the previous law to a selective, risk-based model aligned with FATF standards.

Several previously included sectors are now excluded, such as agricultural or vehicle importers/exporters, travel agencies, construction, hotel, and private security companies, pharmaceutical laboratories, business associations, and the general clause covering all private or mixed entities. Pawnshops and lenders will remain obligated only when they systematically and exclusively engage in credit granting.

New obligated entities are added, particularly in the fintech and innovation sectors, including digital asset and bitcoin service providers, electronic money providers, investment fund managers, securitization companies, and cash-in-transit operators. Oversight will also strengthen oversight for political parties and traditional financial institutions.

For non-profit organizations, due diligence and reporting obligations will apply only when they are deemed to have higher exposure to money laundering, terrorism financing, or proliferation risks, based on risk assessments.

This redesigned framework enhances technical, proportional, and effective supervision by focusing efforts on genuinely high-risk sectors.

3- Duties and Rights of Obligated Entities

Unlike the previous law, which emphasized formal compliance and reporting, the new regulation promotes an active prevention role for obligated entities.

Key obligations include:

• Implementing internal, risk-based prevention systems.
• Identifying beneficial owners holding 25% or more of ownership.
• Registering compliance officers and committees with the FIU.
• Reporting suspicious transactions within 24 hours and regulated transactions within five business days.
• Ensuring confidentiality, periodic training, and internal/external audits.

The Law also incorporates inclusion and proportionality principles. It prohibits entities from unjustifiably restricting access to financial services under the guise of compliance ("de-risking"). Instead, it promotes a risk-based approach, striking a balance between crime prevention and legitimate access to financial services.

4- Supervision and Sanctions Regime

Supervision will be sectoral and risk-based, distributed among:

• The Superintendency of the Financial System (SSF) for banks and fintechs.
• The Superintendency of Commercial Obligations (SOM) for non-financial entities.
• The Supreme Court of Justice, Accounting Profession Council, National Digital Assets Commission (CNAD), and Electoral Tribunal for specific sectors.

A new administrative sanctions regime classifies offenses as minor, serious, or very serious, with penalties ranging from fines of up to 1,000 minimum wages to forced dissolution or five-year disqualification of directors.

5- Compliance Office and Compliance Officer

The Law expressly regulates the Compliance Officer as the person responsible for implementing and supervising compliance within obligated entities and serving as the official liaison with the FIU.

Entities supervised by the SSF, CNAD, and Legislative Decree No. 339 of 1986 must establish a compliance office led by a principal and alternate compliance officer. Entities supervised by SOM, the Accounting Council, the Supreme Court, and others may designate officers without establishing a full compliance office.

In financial conglomerates, one compliance officer may oversee several companies in the group, provided such oversight is approved by the parent board and ratified by each entity.

Exceptions:
Natural persons subject to the law (e.g., real estate intermediaries, precious metal dealers, lawyers, notaries, accountants, auditors, cash transporters, and digital asset providers) are not required to appoint a compliance officer; however, they must still implement all preventive controls and report suspicious transactions.

6- Risk-Based Approach

Institutions must identify, assess, and mitigate risks by their size, nature, and client profile, applying differentiated due diligence and documenting their analysis.

7- Repeal

The new Law will repeal the 1998 Anti-Money Laundering Law (Legislative Decree No. 498). However, Executive Decree No. 2 of 2000 Regulation and the Instruction Manual for Prevention and Control of Money Laundering and Terrorism Financing will remain temporarily in force until the new regulation and instruction manual are approved.

The Law took effect on October 21 2025.

blplegal.com