A Guide To Money Laundering Compliance In El Salvador

The key challenges of AML compliance in Latin America and the Caribbean

Whether conducting risk assessments or reviewing client due diligence, it is vital to understand the risks and responsibilities of money laundering challenges for different jurisdictions.

In this article, VinciWorks considers the key AML challenges and laws in El Salvador, and what organisations should consider when assessing customer, geographic or matter risk.

For more on the key AML risks and challenges in Latin America and the Caribbean, download our free guide to compliance.

Click here to download a free copy.

Key risks

  • Dollar economy – the country uses the dollar as its main currency, alongside Bitcoin, which opens the door for bulk cash smuggling. However any currency in El Salvador can be considered legal tender if mutually agreed upon, which makes it easier to launder foreign cash.
  • Cryptocurrency – President Bukele has driven investment in cryptocurrency, making Bitcoin legal tender and announcing plans to build a geo-thermal powered bitcoin mining facility at the base of a volcano. The dramatic fluctuations in the currency’s value present financial stability concerns, along with regulatory concerns given that financial institutions in the country must accept Bitcoin. 
  • Chinese influence – significant Chinese investment in the country has driven key corruption and money laundering risks, as there has been an influx of investment in construction and trade, resulting in increased vulnerabilities for layering.
  • Political interference – despite the anti-corruption rhetoric of the Bukele administration, the government has terminated cooperation with the OAS anti-corruption body and prohibited banks from closing accounts of people being investigated for financial crimes, perceived as a way to protect corrupt government officials. 
  • Extortion – the country is riven by gang violence, although the murder rate has dropped by as much as 60% after the Bukele administration reached a non-aggression pact with gangs. Extortion costs businesses as much as $756 million a year, about 3% of GDP.
  • Potential grey listing – the FATF has warned the country could be grey listed if it does not demonstrate more AML progress.

Criminal proceeds

An estimated $378 million – $946 million is laundered every year in El Salvador.

AML policy summary

The country is seen as having weak implementation of AML laws, and suffers from rampant political impunity from prosecution. 

Legal summary

The country is considering significant reforms to its AML regime given serious concerns raised by the international community on its effectiveness. The FATF has warned El Salvador about grey-listing due in large part to the Bitcoin law. Enforcing Bitcoin as legal tender means there are at least 27 FATF regulations regarding virtual-asset transactions which cannot be conducted by businesses in El Salvador. For instance, it will be very difficult for a business to undertake proper KYC requirements when forced to accept Bitcoin for any transaction. It can also make it far easier for criminals with the digital currency to exchange it into hard currency or launder it through other goods or real estate.

The US has banned dozens of El Salvadorians from the United States for corruption reasons, several of which are senior members of President Bukele’s administration. Some have also been indicted for money laundering and accepting bribes. President Bukele shows no sign of stepping back from his controversial reforms, however, and has previously used the military to force legislation through congress and has ousted five supreme court judges who ruled against him. If grey listed, the country could then be blacklisted by the FATF, joining only Iran and North Korea. 

El Salvador’s main money laundering laws are:

  • The Law on Money and Asset Laundering
  • The Special Law Against Acts of Terrorism
  • The Banking Law
  • The Law on Citizen Participation
  • The Law on Access to Public Information
  • The Bitcoin Law

Weaknesses

The need for rapid updates to the country’s AML regime but the lack of political will to do so is a major weakness for El Salvador. Additionally, regulatory and compliance difficulties around the Bitcoin law and KYC procedures threaten the country’s international reputation and could result in grey listing by the FATF.

There is a lack of beneficial ownership transparency, and anti-corruption efforts are being rolled back. Investigations and prosecutions by the country’s authorities are woeful. Around 90% of financial crime and corruption cases referred to the country’s prosecutor will not result in any action.

Strengths

El Salvador works closely with the US in training judges and improving efficiency in the judicial process. The US also offers assistance and development to El Salvadoran municipalities. The government has requested technical assistance from the World Bank to develop a regulatory framework for Bitcoin. 

More information

VinciWorks has created a guide designed to support businesses that currently operate in Latin America and the Caribbean, or are planning to, or seeking to expand to new countries in the region. This guide provides an overview of some of the key AML challenges and issues and includes a country-by-country assessment of AML risks and laws. 

Click here to download a free copy.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.