In Paraguay, the banking sector is primarily regulated by two laws, Law No 861/96 “General Law of Banks, Financial Entities and other Credit Entities”, and Law No 5787/16 “On the Modernization and Strengthening of the Regulations Governing the Operation of the Paraguayan Financial System.”

The entity responsible for the supervision of financial institutions is the Superintendency of Banks, which operates under the Central Bank of Paraguay (Banco Central del Paraguay, BCP). Furthermore, if the financial institution is a listed entity that issues bonds or shares, it will be supervised by the Superintendency of Securities, which also operates under the Central Bank of Paraguay.

The authorisation regime in Paraguay is governed by Law No 861/96 and by Resolution No 24, Act 75 dated 11 November 2010, issued by the Board of Directors of the BCP.

Law 861/96 establishes that entities conducting financial operations must be formed as limited companies (sociedad anonima), with their capital represented by registered shares. These entities must have a minimum paid-in capital of PYG67,830,000,000 for banks and PYG33,915,000,000 for other financial institutions.

Resolution No 24 establishes three steps for the authorisation process and distinguishes between the authorisation for the opening of new banks and the opening of branches of foreign banks.

First Step

Promoters must be appointed to initiate the authorisation process. These promoters, who must be natural persons of recognised competence and economic solvency, will also serve as founding shareholders of the bank.

The promoters are responsible for submitting the application to the Superintendency of Banks, which must include:

• the name of the entity, legal and actual address, and contact information;
• a list and identification of shareholders;
• a proposed social charter;
• an investment project;
• criminal and judicial records of the shareholders;
• sworn declarations of shareholders’ assets and income; and
• a list of individuals who will hold positions on the board or administrative bodies, judicial and police records of these individuals, along with the CVs and sworn statements of their financial situation.

Second Step

Once the application is submitted, the Superintendency of Banks will analyse the documentation submitted, including the participation of other areas of the BCP for the relevant study on monetary policy, management, and competence. If any missing or additional documents are required, they will be requested to be submitted within 90 days. Once all documents are submitted, the BCP will have 90 days to decide on the application. If the application is complete, it will be published in two widely circulated newspapers three times over fifteen days. If there are no third-party objections within that period, the Superintendency of Banks will submit an evaluation report with its favourable opinion for authorisation and submit it to the Board of Directors of the BCP.

Third Step

The Board of Directors of the BCP will issue the resolution for the authorisation of the opening of the banking entity, ordering the registration of the by-laws, and setting a one-year deadline for the entity to commence operations.

The legal representative of the entity must deposit the required minimum capital in a financial institution within 48 hours of being notified of the resolution.

For foreign entities seeking to open branches in Paraguay, the application must include certified and apostilled documents translated into Spanish. These documents include:

• the incorporation act of the head office and a resolution authorising the opening of the branch;
• board of directors’ minutes indicating approval for the branch;
• a power of attorney indicating the list of individuals authorised to manage the branch’s opening;
• balance sheets, income statements, and annual reports for the last five years;
• details of capital assigned to the branch;
• service report determining solvency, management, and asset valuation;
• authorisation from the supervisory body of the country of origin;
• a risk rating granted by an international rating agency; and
• a shareholder chain leading to the controlling natural person.

Transactions involving the integration, purchase, or transfer of shares in financial institutions are regulated by Resolution No 08, Act 51, dated 28 October 2021, issued by the Board of Directors of the BCP.

According to this Resolution, transactions that exceed the threshold of 5% or more of the voting share capital in the company must be authorised by the Superintendency of Banks. To this end, an application for authorisation must be submitted, providing details of the resources used, which must be held within the banking system unless they are of a different nature, along with supporting documentation verifying their origin.

The Superintendency of Banks must issue a decision on the authorisation request within 30 calendar days from the moment the required documentation is completed. If this period elapses without a decision from the Superintendency of Banks, the request will be automatically rejected.

The Superintendency of Banks may request at any time, regardless of the amount of the transaction or percentage of shares acquired or transferred, any additional information it deems necessary to verify the source of the funds.

For calculating the threshold, each transaction or sum of current transactions will be considered along with prior transactions, representing a direct or indirect holding or participation, either individually or jointly with affiliated parties, in a proportion equal to or greater than 5% of the voting capital in the supervised entity.

Resolution No 16, Act 04, dated 20 January 2022 (the “Resolution”), establishes the minimum standards for corporate governance applicable to financial institutions. The guidelines set forth by this Resolution are mandatory for banks.

According to this Resolution, members of the board of directors must be qualified to perform their duties, clearly understand their mission, their functions within the framework of corporate governance, dedicate sufficient time to their roles, and be capable of exercising independent judgement in matters concerning the supervised entity.

To this end, they must:

• understand each type of financial and commercial activity that the supervised entity intends to undertake;
• have the necessary experience to govern the supervised entity and monitor compliance by all members of the institution; and
• make decisions independent of any natural or legal persons, whether or not linked to the supervised entity, that involve or could involve conflicts of interest; no director shall exert, directly or indirectly, undue influence over the board of directors or executive management as a whole;
• implement a structure that includes the establishment of auxiliary committees appropriate to the volume and complexity of the activities of the supervised entity, ensuring participation from the various sectors involved in significant decisions; the Superintendency of Banks or the Superintendency of Insurance, as applicable, may require the establishment of specific committees;
• engage in continuous training, where applicable, in banking, finance, economics, regulation, accounting, risk management, information technology, communication, or other related areas; and
• seek advice from specialised committees when necessary.

The Resolution imposes the following restrictions on board members:

• Board members may not hold management or administrative positions in entities of another financial economic group supervised by the BCP, the National Securities Commission, the National Institute of Cooperativism, or others deemed appropriate by the Superintendency of Banks or Insurance.
• Board members may not hold executive or managerial positions in more than three entities, unless an exemption is granted by the Superintendency of Banks and Insurance, as determined in the application guidelines.
• Board members cannot simultaneously serve as general manager or hold other positions in executive management, except in cases approved by the relevant superintendencies, taking into account the complexity of the entity’s operations and services and the sector to which they belong.
• A director may chair no more than three committees, provided this does not result in conflicts of interest or involve committees overseeing strategic areas of the entity, in accordance with the limitations and requirements established in the specific regulations governing the supervised entity.
• Each supervised entity must annually evaluate whether its board members are devoting sufficient time to their roles.

The Resolution establishes the duty of the board of directors to promote and foster a corporate culture that demands, and incentivises, ethical conduct, avoids or minimises potential conflicts of interest, and promotes a culture of control within the organisation.

With respect to confidentiality, directors, administrative and oversight bodies, and employees of financial institutions are strictly prohibited from disclosing any information regarding client operations, except with the client’s explicit written authorisation.

According to the Banking Law, the board of a financial institution must consist of no less than four regular members who demonstrate the necessary probity, suitability, and experience to carry out their responsibilities effectively.

The following persons are prohibited from serving as president, directors, managers, or syndics of banking entities:

• those disqualified or deemed ineligible under the Civil Code for company management and representation;
• those who hold positions as directors, managers, syndics, accountants, or employees in other entities subject to the supervision of the Superintendency of Banks and their subsidiaries;
• those who hold positions in branches of government, except for teaching positions and consultative or technical advisory roles;
• those who have been declared bankrupt;
• those who are insolvent and those who have debts under judicial collection;
• those who have been convicted of intentional criminal offences;
• executives and officials of the BCP, unless they:
1. have obtained authorisation from the Executive Power to hold positions in public entities supervised by the BCP; or
2. are elected as president and representatives by official banks to the Retirement and Pension Fund for Banking Employees and their companies, in accordance with and to the extent provided in Article 1 of Law No 2226/03, which amends Article 29 of Law No 489 of 29 June 1995 (Organic Law of the BCP);
• those barred from operating a bank account while the sanction is in effect;
• those who have been sanctioned by regulatory and supervisory financial entities, whether local or international, due to professional misconduct in the performance of their duties;
• those who hold a shareholding equal to or greater than that determined by the BCP in another entity subject to its supervision; and
• those who perform one or more functions that may create conflicts of interest or undermine the sound management of the entity, according to the criteria established by a reasoned general resolution issued by the Board of the BCP.

Both the election and any changes to the composition of the board of a financial institution must be communicated to the Superintendency of Banks within a mandatory period of three working days, accompanied by the following documents:

• authenticated copy of the individual’s identity card and/or passport;
• academic degree certificate;
• police record, or authenticated copy thereof;
• signature registration;
• sworn statement certifying that the individual is not disqualified from holding such a position and satisfies the relevant eligibility criteria as per Article 36, Law No 861/96 and Article 18, Law No 2794/05;
• certificate issued by the Public Records Office stating that the individual has not been declared bankrupt or requested a meeting of creditors;
• certificate confirming the individual is not under interdiction;
• criminal record certificate issued by the Judiciary; and
• certificate of tax compliance, or an authenticated copy thereof;

The documents must be submitted within a maximum of ten working days.

The Superintendency of Banks will have a period of ten working days to object to the designation of the directors, starting from the day after the receipt of the communication. If a board member becomes ineligible to hold such a position in accordance with the relevant eligibility criteria, the Superintendency of Banks may enforce their removal at any time.

Regarding the compensation policy of the entity, according to Resolution No 16, Act 04, dated 20 January 2022, it is the responsibility of the board of directors to oversee the general implementation of the remuneration system by management across the entity. This oversight and implementation may be delegated to a compensation committee, but this does not imply the delegation of responsibility.

The compensation policy for the board of directors must be approved by the general assembly of shareholders.

The board of directors or the compensation committee, as applicable, must annually review the compensation plans, their processes and outcomes, and assess whether the remuneration system implemented in the entity is creating the desired incentives to manage the risks associated with that system. The board of directors must approve the compensation of the members of the executive team and oversee the development and functioning of policies, as well as the compensation systems and related control processes.

For employees in control functions (ie, risk, compliance, and internal audit), remuneration must be determined independently of any supervised business line, and performance measures should primarily be based on the achievement of their own objectives to avoid compromising their independence.

In Paraguay, Law No 1015/97 regulates the obligations, actions, and procedures to prevent and impede the use of the financial system for acts aimed at legitimising money or assets that come, directly or indirectly, from criminal activities.

This law imposes the obligation on financial entities to identify, register, and verifiably ascertain the identity of clients, whether regular or not, at the moment of establishing business relationships, as well as of individuals who intend to conduct transactions with the entities.

Additionally, all operations of every client must be clearly and accurately identified and registered, and the records must be maintained for a minimum period of five years, including documents, files, and correspondence.

In the event that the financial institution detects any signs or suspicions related to money laundering or asset laundering, it must report immediately to the Secretariat for the Prevention of Money Laundering or Assets (SEPRELAD).

For client identification, transaction registration, and signs of suspicious transactions, the Resolution of SEPRELAD must be applied, which approves the Regulation for Prevention Based on the Risk Management System for Obligated Subjects Supervised by the Superintendency of Banks (Resolution No 349/2013)

The Deposit Guarantee Fund in Paraguay was created by Law No 2334/03, with the aim of partially protecting the public’s savings within the national financial system.

The Deposit Guarantee Fund is administered and accounted for by the BCP, without forming part of the capital of the BCP; it may only be used for the purposes of partially protecting public savings. The use of resources from the Deposit Guarantee Fund will be based on the principle of cost minimisation. The BCP determines the investment management and liquidity policies of the Deposit Guarantee Fund, ensuring they align with its objectives and functions.

Covered by this fund are natural or legal persons who hold deposits eligible for the guarantee.  Deposits protected by the fund include total cash deposits, regardless of modality or denomination, held by private entities in the national financial system. The coverage limit is capped at the equivalent of 75 monthly minimum wages for unspecified activities in the capital city (Asunción), equivalent to approximately USD28,000.

The Deposit Guarantee Fund is financed through both public and private contributions. The Paraguayan state contributed an amount equivalent to USD50,000,000 at the time of the fund’s establishment. Private contributions consist of mandatory quarterly contributions from financial intermediation entities, which will be calculated based on the average balance of deposits maintained by the financial entity during each quarter. A quarterly contribution rate of 0.12% will be applied to the average quarterly balances of deposits in both local and foreign currencies.

As of October 2023, the deposits covered by the guarantee reached PYG22 trillion, representing 16.4% of total deposits and 6.9% of the estimated GDP for the year.

In Paraguay, banks are required to maintain minimum capital adequacy levels, primarily regulated by Law No 861/96 and regulations issued by the BCP. While Paraguay has yet to fully adopt Basel III standards, the BCP has implemented some of its principles to strengthen financial stability and risk management within the banking sector.

Capital Requirements

Banks are required to maintain a minimum paid-in capital. Additionally, they must ensure adequate levels of capital buffers based on the BCP’s guidelines to mitigate operational and market risks. The capital adequacy ratio is periodically monitored by the Superintendency of Banks, which requires banks to keep a set proportion of capital against risk-weighted assets.

Liquidity Requirements

Paraguayan banks must comply with liquidity requirements designed to ensure they can meet short-term obligations. These include maintaining a specific level of liquid assets relative to liabilities, as mandated by BCP regulations. The BCP periodically adjusts these requirements depending on economic conditions.

Risk Management

Banks are required to implement robust risk management systems that cover credit, market, operational, and liquidity risks. These systems must be regularly assessed and reported to the Superintendency of Banks to ensure compliance and address any vulnerabilities.

Systemically Important Banks

While there is no specific classification for systemically important banks in Paraguay, larger institutions are subject to more stringent oversight and may be required to maintain higher capital and liquidity levels to mitigate the risk of financial instability.

The framework for insolvency, recovery, and resolution of banks in Paraguay is primarily governed by Law No 861/96, which grants the BCP powers to intervene in distressed financial institutions to protect financial stability.

Resolution Mechanisms

The BCP can implement various resolution mechanisms for failing banks, including intervention, administration, or liquidation, depending on the severity of the bank’s financial issues. During intervention, the BCP assumes control to manage and stabilise the institution, while liquidation involves orderly closing the institution and settling obligations.

FSB Key Attributes

Paraguay has not fully implemented the Financial Stability Board’s (FSB) Key Attributes of Effective Resolution Regimes. However, local laws provide a framework for the BCP to take early intervention measures and resolve failing institutions to maintain financial stability.

Insolvency Preference Rules

In cases of insolvency, Law No 2334/03 establishes a hierarchy for the payment of obligations, referred to as the "exclusion balance." This priority order ensures that certain creditors are paid before others based on the nature of their claims. The obligations are divided into three levels of priority:

• First-order obligations:
1. Guaranteed deposits: Private depositors and public funds from the social security system. If funds are insufficient to cover all deposits, a minimum guaranteed amount per depositor is prioritised, and any remaining amounts are distributed using a linear increment method, prohibiting proportional allocation based on deposit size.
2. Cash mandates and tax revenues: This includes funds held in trust, tax collections, and similar amounts registered in the entity’s financial statements before the resolution process begins, particularly when owed to private entities.
3. Public entity deposits with guarantees: These are treated similarly to private deposits, following the same rules for minimum guarantees and linear distribution if funds are limited.
• Second-order obligations: These include financial debts owed by the entity to the Central Bank.
• Third-order obligations:
1. non-financial obligations to the Central Bank;
2. claims by the Deposit Guarantee Fund (FGD), stemming from its contributions to securitisation mechanisms; and
3. tax obligations owed by the insolvent entity.

This framework ensures that depositors have preferential access to any recoverable assets, protecting their funds in case of a bank’s insolvency.

Resolution No 8, Act 78, of 22 November 2018 outlines the guidelines for managing ESG risks for financial entities. The guidelines offer a comprehensive framework for integrating ESG considerations into banking practices, creating a system for monitoring and addressing potential ESG-related risks. The key aspects of this resolution are:

• Risk identification and classification: The guidelines mandate that financial institutions must identify, measure, evaluate, and control ESG risks. These risks are categorised into three levels: high, medium, and low, based on the potential environmental and social impacts of the financed activities.
• Due diligence and risk assessment: A comprehensive due diligence process is required before extending credit. This includes assessing the client’s understanding and management of ESG risks, verifying compliance with environmental and social regulations, and identifying potential areas for improvement. The process should encompass all stages of credit operations – from selection and analysis through approval, monitoring, and review.
• Risk management system (SARAS): Financial institutions must implement a SARAS, a comprehensive risk management system. This system is designed to integrate ESG considerations into all aspects of lending and credit processes. A key element of SARAS is an ESG policy defining the institution’s commitment to environmental and social responsibility.
• Reporting and transparency: Regular reporting on ESG risk management is mandated. This includes periodic reports detailing risk identification, mitigation strategies, and outcomes. The level of detail and reporting frequency will vary depending on the risk profile of the client and the specific transaction.
• Internal and external oversight: The guidelines emphasise the importance of internal audits to verify compliance with ESG risk management policies. The Superintendency of Banks will also periodically review the performance of financial institutions against these guidelines.
• Legal and regulatory compliance: Financial institutions are responsible for ensuring full compliance with all relevant national and international environmental and social laws and regulations. Obtaining the necessary permits and licenses is also a prerequisite for financing activities with potential significant environmental and social impacts. The process of obtaining an Environmental Impact Declaration is specifically mentioned in the context of obtaining financing.

In Paraguay, there are no regulatory requirements related to DORA matters; however, Resolution 10, Act No 43, dated 28 July, regulates the use of cloud computing services for banking and covers several areas that indirectly relate to the overall goals of DORA, namely enhancing the operational resilience of financial institutions. The overlap lies in the regulation’s focus on:

• Third-party risk management: The regulation stresses the importance of managing risks associated with third-party service providers, including those offering cloud computing services. This aligns with DORA’s emphasis on managing risks from ICT third-party providers. The regulation mandates due diligence on cloud providers, requiring specific certifications and robust contractual agreements.
• Cybersecurity and data protection: The document includes detailed requirements for cybersecurity, including data encryption, access control mechanisms, incident response plans, and compliance with data protection laws. These provisions mirror DORA’s focus on ensuring the security and resilience of ICT systems.  Specific standards, such as ISO 27001, are mentioned.
• Business continuity and disaster recovery: The regulation emphasises the need for robust business continuity plans that include cloud services. This directly supports DORA’s requirement for institutions to have effective ICT incident response capabilities and business continuity plans.
• Incident reporting and transparency: The document mandates reporting cloud service usage to the Central Bank. This is similar to DORA’s reporting requirements for ICT incidents, although not as comprehensive.
• Oversight and supervision:  The document clearly lays out the supervisory role of the BCP, demonstrating a mechanism for monitoring and enforcing compliance. Similar oversight capabilities are crucial for the effective implementation of DORA in the EU.

The BCP is developing a regulatory environment for the purpose of facilitating financial inclusion. As part of this process, the BCP has announced a Basic Accounts Regulation for MSMEs and launched the Digital Economy Pilot Program.

Through this programme, the aim is to support MSMEs with the goal of advancing the modernisation and optimisation of financial transactions by reducing the use of traditional payment methods in favour of digital systems that facilitate accessibility and a diversity of payment methods such as QR codes, debit, and credit cards, which will significantly contribute to the modernisation of business practices and financial inclusion.

Moreover, it is expected that the BCP will regulate the IT security systems that financial institutions must have to mitigate the risk of digital fraud, such as phishing or SIM swapping, which have increased in recent months. This regulation would aim to unify and standardise the security systems of the regulated entities.

Finally, the Superintendency of Securities is working on a new Securities Market Law, which will have a direct impact on the Paraguayan banking system. This law seeks to encompass the entire regulatory ecosystem of public offerings. Additionally, a bill to regulate crowdfunding is under consideration by the National Congress.