The new legal and regulation system promotes competition and financial inclusion through innovation and technology in financial services in Chile. The law, known as the Fintech Law, represents a significant evolution in the fintech market over the past 12 months. Key developments include the following.

• The Fintech Law establishes a comprehensive framework for fintech activities, including platforms for collective financing, alternative transaction systems, credit and investment advisory, financial instrument custody, and order routing.
• The Law introduces the concept of Sistema de Finanzas Abiertas (Open Finance System), enabling secure and standardised data sharing between financial institutions with customer consent. This aims to foster competition and innovation.
• Inclusion of virtual assets: the law defines virtual financial assets or crypto-assets, recognising their role in the financial ecosystem.
• Supervision and registration: entities providing fintech services must register with the Comisión para el Mercado Financiero (CMF) and meet specific operational, governance and risk management requirements.

The gradual rollout of the Open Finance System (now underway) will require significant technological and operational adjustments by financial institutions. The CMF is responsible for issuing relevant regulations and overseeing the system’s implementation.

Ensuring compliance with data privacy and cybersecurity standards will be critical, especially as institutions exchange sensitive customer information.

Fintech companies will need to integrate advanced technologies, such as blockchain and AI, to remain competitive.

International fintech companies operating in Chile must establish a local presence, which could impact market dynamics.

AI is increasingly used in fintech for credit scoring, fraud detection, personalised financial advice, and automated trading. AI models can analyse large datasets to improve decision-making and customer experiences.

The regulation outlines several fintech business models (“verticals”) that are regulated in Chile, promoting competition and financial inclusion through innovation and technology. These verticals include both new and legacy players, reflecting the diversity of the fintech ecosystem.

Fintech Business Models (Verticals)

• Platforms for collective financing: these platforms connect individuals or entities seeking funding for investment projects or financial needs with those willing to provide resources. They facilitate the materialisation of financing operations, either physically or virtually.
• Alternative transaction systems: these systems allow participants to quote, offer or trade financial instruments or public offering securities outside traditional stock exchanges.
• Credit advisory: services that evaluate or recommend the creditworthiness or payment capacity of individuals or entities for obtaining, modifying or renegotiating loans.
• Investment advisory: services that provide evaluations or recommendations on the suitability of specific investments, financial instruments or projects.
• Custody of financial instruments: entities that hold financial instruments, money or foreign currencies on behalf of clients, ensuring their safekeeping and facilitating transactions.
• Order routing and intermediation: services that channel orders for buying or selling securities or financial instruments to alternative transaction systems, brokers or intermediaries.

Legacy financial institutions, such as banks and insurance companies, are increasingly adopting fintech models to remain competitive. They focus on the following.

• Digital banking: offering online banking services and mobile apps.
• Payment solutions: expanding into digital payment systems and e-wallets.
• Investment platforms: providing automated investment tools and advisory services.

Start-ups and tech-driven companies dominate the newer fintech verticals, leveraging innovation and technology to disrupt traditional financial services. They focus on the following.

• Platforms for trading and custody of crypto-assets.
• AI-powered solutions: credit scoring, fraud detection and personalised financial advice.
• Utilising the Open Finance System introduced by the Fintech Law to create interoperable services.

Chile’s regulatory regime for fintech industry establishes a comprehensive framework for various fintech business models (“verticals”). Below is a detailed description of the regulatory regime applicable to the main verticals, highlighting the requirements and oversight mechanisms.

Platforms for Collective Financing

Platforms must register with the CMF and comply with governance, risk management and information disclosure requirements.

The systems must provide clear information about investment projects or financing needs.

Platforms must disclose any potential conflicts of interest and comply with cybersecurity and data protection standards.

Exemptions

• Intermediaries of securities and brokers of products regulated under other laws may operate without obtaining a new registration.

Alternative Transaction Systems

These systems must be registered with the CMF and meet operational, governance and transparency standards.

The systems must have operational capacity to process transactions securely, establish internal regulations to ensure fair, competitive and transparent markets, and implement risk management and cybersecurity measures.

Exemptions

• Stock exchanges and product exchanges regulated under other laws are not required to obtain a new registration.

Credit Advisory

Entities providing credit advisory services must register with the CMF and demonstrate the technical capacity and knowledge required for their operations.

Key requirements

• Objective and consistent evaluation methods.
• Disclosure of conflicts of interest.
• Compliance with governance and risk management standards.

Exemptions

• Credit rating agencies regulated under Capital Markets Law are exempt from registration under the Fintech Law.

Investment Advisory

Investment advisors must register with the CMF and meet standards for technical knowledge, governance and risk management.

They are required to provide transparent disclosure of risks and methodologies used for recommendations, avoid conflicts of interest, and comply with cybersecurity and data protection regulations.

Exemptions

• Banks, insurance companies, and fund administrators regulated under other laws are exempt from registration under this system.

Custody of Financial Instruments

Custodians must register with the CMF and comply with operational, governance and risk management requirements.

Key requirements

• Secure systems for safekeeping financial instruments and funds.
• Guarantees to ensure compliance with obligations.
• Minimum capital requirements based on business volume.

Exemptions

• Banks and other entities regulated are exempt from registration.

Order Routing and Intermediation

Entities providing these services must register with the CMF and meet operational and governance standards.

Key requirements

• Systems must ensure secure and efficient routing of orders.
• Disclosure of conflicts of interest.
• Guarantees and minimum capital requirements.

Exemptions

• Banks, brokers, and fund administrators regulated under other laws are exempt from registration under this system.

General Regulatory Framework

The CMF oversees compliance with the Fintech Law and has the authority to issue regulations, conduct audits and impose sanctions.

Compliance with Chile’s data protection laws is mandatory.

Entities must adhere to AML regulations.

Chile’s fintech regulatory framework is centralised under one national law, ensuring uniformity across the country. There are no conflicts between local and national laws in this context.

Industry participants in Chile’s fintech sector are allowed to use various compensation models to charge customers, either directly or indirectly. These models are subject to regulatory oversight by the CMF and must comply with specific disclosure requirements to ensure transparency and protect consumer rights.

Permitted Compensation Models

Direct charges to customers

• Fees for services: industry participants can charge customers for services such as investment advisory, credit advisory, custody of financial instruments, and transaction facilitation.
• Subscription models: fixed periodic fees for access to platforms or services.
• Transaction-based fees: charges based on the volume or value of transactions executed.
• Spread-based compensation: participants may earn revenue from the difference between buying and selling prices in transactions (eg, trading platforms).
• Third-party commissions: revenue from commissions paid by third parties, such as issuers of financial instruments or lenders, for facilitating transactions or providing advisory services.
• Performance-based fees: compensation tied to the success of investments or financial outcomes (eg, percentage of profits generated).
• Incremental costs: institutions may request reimbursement for direct incremental costs incurred in providing services, such as handling high volumes of data requests in the Open Finance System.

Participants must provide clear and transparent information to customers regarding compensation models. The following disclosures are mandatory.

• Nature of charges: a detailed explanation of the type of fees or charges.
• Amount and calculation: disclosure of the exact amount or percentage charged, or the formula used to calculate fees.
• Disclosure of any potential conflicts of interest arising from indirect compensation, such as commissions from third parties.
• Explanation of how these conflicts are managed to ensure unbiased service.
• Information on risks associated with the compensation model, particularly for performance-based fees.
• Terms and conditions governing the fees, including refund policies or penalties for early termination.

Specific Rules for the Open Finance System

No direct charges for data access

Institutions participating in the system cannot charge customers for accessing their financial data. However, they may request reimbursement for incremental costs incurred due to high data request volumes, as defined by the CMF.

Institutions must disclose the parameters for cost reimbursement and ensure they are objective, equitable and non-discriminatory.

The regulation of new fintech industry participants differs significantly from the regulation of legacy players, such as banks, in Chile. While both are subject to oversight by the CMF, the regulatory frameworks reflect the distinct nature of their business models, operational risks and market roles.

Key Differences in Regulation

Registration and authorisation

Fintech participants must register in the Financial Services Providers Register (FSPR) and obtain specific authorisation for each service they intend to provide (eg, investment advisory, credit advisory, custody of financial instruments).

Entities must have a single-purpose business model focused exclusively on fintech services.

Banks are regulated under the General Banking Law (GBL) and do not need to register for fintech-related services. Their authorisation is broader and encompasses a wide range of financial activities, including lending, deposit-taking and payment services.

Scope of activities

Fintech participants should limit their activities to specific services defined under the Fintech Law, such as platforms for collective financing, alternative transaction systems and advisory services.

Banks have a broader scope of activities, including traditional banking services, investment management and payment processing. They can also provide fintech-like services without additional registration.

Capital and guarantee requirements

Fintech entities are subject to minimum capital requirements (eg, 3% of risk-weighted assets) and must provide guarantees (eg, bank bonds or insurance policies) to protect customers.

These requirements are tailored to the size, risk profile and business model of the fintech entity.

Banks have significantly higher capital adequacy requirements and liquidity standards under the Basel III framework, reflecting their systemic importance and broader risk exposure.

Governance and risk management

Fintech participants must implement governance policies, risk management systems and cybersecurity measures that are proportionate to their size and operational risks.

The CMF provides flexibility for smaller fintech entities by allowing less burdensome compliance measures for low-risk operations.

Banks are subject to stricter governance and risk management standards, including comprehensive internal controls, stress testing, and compliance with international banking regulations.

Data protection and open finance

Fintech entities participating in the Open Finance System must comply with specific rules for data sharing, customer consent and authentication. They cannot charge customers for accessing their financial data.

Banks are also required to participate in the Open Finance System, but their existing infrastructure and broader regulatory obligations under the GBL may provide them with operational advantages.

AML

Fintech participants are subject to AML law, but the CMF may issue differentiated instructions based on the nature and risk profile of their operations.

Banks face more stringent AML obligations due to their systemic role in the financial system, including detailed reporting and customer due diligence requirements.

Exemptions

Certain legacy players, such as banks, stock exchanges and insurance companies, are exempt from registering under the new system for services that overlap with their existing regulatory frameworks.

Despite the differences, both fintech participants and banks must:

• comply with data protection laws;
• adhere to consumer protection standards; and
• ensure transparency in their operations and disclosures to customers.

Chile has a regulatory sandbox for the fintech industry. The sandbox is designed to promote innovation and inclusion in financial services by allowing fintech companies to test new technologies, products and services in a controlled environment with temporary regulatory flexibility.

The sandbox provides a framework for fintech companies to experiment with innovative financial solutions while ensuring consumer protection and financial stability. It aims to foster competition and technological advancement in the financial sector.

Companies participating in the sandbox may be exempted from certain regulatory requirements or allowed to comply with less burdensome rules.

The CMF determines the scope of exemptions and alternative compliance measures based on the nature of the innovation and associated risks.

Participants operate under close supervision by the CMF, which monitors their activities to ensure compliance with sandbox-specific rules and to mitigate risks to consumers and the financial system.

Participation in the sandbox is temporary, with a defined testing period. After this period, companies must either comply fully with applicable regulations or cease operations if they fail to meet the required standards.

The framework is designed for fintech companies offering innovative financial products or services that are not fully covered by existing regulations, as well as entities proposing solutions that leverage technology to improve financial inclusion, efficiency or competition.

Companies must submit a detailed proposal to the CMF, outlining:

• the nature of the innovation;
• potential benefits to consumers and the financial system; and
• risks and proposed mitigation strategies.

The CMF evaluates applications based on criteria such as innovation, feasibility and alignment with public policy objectives.

Proportional Regulation

The CMF applies a risk-based approach, tailoring regulatory requirements to the size, complexity and risk profile of the sandbox participant.

Companies are required to implement adequate governance, risk management and consumer protection measures.

Sandbox participants must provide regular reports to the CMF on their operations, financial performance and risk management. The CMF may impose additional conditions or restrictions during the testing period to address emerging risks.

At the end of the testing period, companies must transition to full compliance with applicable regulations or cease operations. Successful participants may apply for permanent authorisation to operate under the regulatory framework established.

Benefits of the sandbox include:

• encourages innovation by reducing regulatory barriers for new entrants;
• provides a safe space for testing new ideas without exposing consumers or the financial system to undue risks; and
• helps regulators understand emerging technologies and adapt regulations to support innovation.

The primary regulator for fintech industry participants in Chile is the CMF. However, other regulators, such as the Banco Central de Chile (Central Bank) and the Unidad de Análisis Financiero (Financial Analysis Unit ‒ UAF), also have jurisdiction over specific aspects of the industry.

CMF: Primary Jurisdiction

The CMF oversees fintech companies providing services such as:

• platforms for collective financing;
• alternative transaction systems;
• investment and credit advisory;
• custody of financial instruments; and
• order routing and financial instrument intermediation.

It administers the FSPR and grants authorisations for fintech operations.

It supervises compliance with financial regulations. Issues norms related to governance, risk management, cybersecurity, and consumer protection. Implements and monitors the Open Finance System.

The CMF does not regulate monetary policy or payment system stability, which fall under the jurisdiction of the Central Bank.

Central Bank

The Central Bank regulates monetary policy, payment systems and financial stability.

It also oversees the issuance and operation of digital representations of money (eg, crypto-assets backed by currency) and technologies like distributed ledger systems. The Bank establishes standards for security, reliability and acceptability of digital payment systems. In addition, it regulates fintech companies that handle digital currencies or payment systems with systemic importance.

UAF

The UAF focuses on AML and CTF compliance. It regulates fintech companies that handle financial transactions, including platforms for collective financing, custody services and payment initiation.

Other Relevant Authorities

• Servicio de Impuestos Internos (Tax Authority ‒ SII): responsible for tax compliance and reporting by fintech companies, including annual reporting of financial instrument transactions and balances.
• Overlap and co-ordination between the CMF and the Central Bank: both regulate payment systems, but the CMF focuses on operational compliance, while the Central Bank addresses systemic stability and monetary policy.

Regulators in Chile do not issue “no-action” letters by regulators in Chile. However, under the law the CMF has the authority to provide regulatory flexibility and exemptions for fintech companies on certain conditions. This flexibility is typically granted through formal resolutions or norms of general character, rather than “no-action” letters.

The CMF can exempt certain entities from specific regulatory requirements or allow less burdensome compliance measures if their activities do not compromise public trust or financial stability.

Fintech companies participating in the regulatory sandbox may receive temporary regulatory relief to test innovative products and services in a controlled environment.

The CMF may issue resolutions or norms tailored to specific cases, allowing entities to operate under modified regulatory conditions.

The system does not address the outsourcing of regulated functions or the obligations placed on vendors. However, based on the principles and regulatory framework outlined in the law, the following considerations can be inferred:

Obligations on Vendors

Vendors involved in outsourced functions must comply with the regulatory requirements applicable to the services they provide, including standards for governance, risk management, cybersecurity and data protection.

Vendors handling financial data must adhere to strict confidentiality, security and privacy standards as outlined in the law.

Entities outsourcing regulated functions remain accountable to the CMF and must ensure that vendors provide the necessary information and comply with reporting obligations.

While the document does not specify mandatory contractual requirements for outsourcing, general regulatory practices suggest the following:

• contracts should clearly define the scope of services, compliance obligations, and performance standards.
• contracts should include provisions allowing the regulated entity or the CMF to audit the vendor’s compliance with applicable laws and standards; and
• vendors should be held liable for breaches of regulatory requirements or failures in service delivery.

Outsourcing to a regulated entity may reduce compliance risks, as these entities are already subject to oversight by the CMF or other regulators.

Regulated entities are likely to have established governance, risk management and compliance frameworks.

Fintech providers are deemed to have “gatekeeper” responsibilities for the activities conducted on their platforms. The law places significant obligations on these providers to ensure compliance, protect clients, and maintain the integrity of the financial system.

Fintech providers must comply with regulatory requirements and ensure that their platforms operate within the legal framework established by law.

They are subject to supervision by the CMF, which has the authority to monitor their activities and enforce compliance.

Providers are required to adopt policies, procedures and controls to safeguard client interests, including ensuring the security, confidentiality and proper use of client data. They must disclose relevant information to clients, including risks, conflicts of interest, and the characteristics of financial products or services offered.

Fintech providers are responsible for ensuring that the activities conducted on their platforms comply with the law. This includes preventing fraudulent activities, manipulation of prices, and other prohibited practices.

They must implement governance and risk management frameworks to address operational, financial and cybersecurity risks.

Providers must report relevant information to the CMF and other authorities, including data on transactions, client balances, and compliance with AML and CTF regulations.

Providers can face sanctions, including fines, suspension or cancellation of their registration, if they fail to fulfil their gatekeeping responsibilities or engage in misconduct.

Fintech providers operating crowdfunding platforms must ensure transparency regarding the projects listed, disclose conflicts of interest, and prevent the dissemination of false or misleading information.

Providers offering custody services are responsible for safeguarding client assets and ensuring they are not misused or exposed to undue risks.

Providers offering credit or investment advisory services must ensure that their recommendations are objective, consistent and aligned with client needs.

The law outlines the framework for regulatory oversight and enforcement actions that can be applied across the main verticals of fintech services.

Platforms for Financing Collective Projects

• Violations: dissemination of false or misleading information about projects or conflicts of interest not disclosed.

Systems for Alternative Transactions

• Violations: manipulation of prices, fictitious transactions, or failure to ensure transparency in market operations.

Credit and Investment Advisory Services:

• Violations: providing recommendations that are inconsistent, fraudulent or not aligned with client needs.

Custody of Financial Instruments:

• Violations: misuse of client assets, failure to segregate accounts, or inadequate security measures.

Routing of Orders and Intermediation of Financial Instruments

• Violations: failure to meet transparency requirements, conflicts of interest or operational deficiencies.

General Enforcement Mechanisms

• Sanctions for infringements: the CMF can impose fines, suspend operations, or cancel registrations for entities that violate the law or fail to meet regulatory requirements.
• Intervention and oversight: in some and special cases of financial instability or operational risks, the CMF can appoint an intervention administrator to oversee the entity’s operations and ensure compliance.
• Criminal and civil liability: severe violations, such as fraudulent activities or manipulation of financial markets, can lead to criminal charges and civil liability.

Entities must report incidents, breaches, or operational deficiencies to the CMF, which can trigger investigations and enforcement actions.

The law does not explicitly address non-financial services regulations such as privacy, cybersecurity, social media content or software development. However, it establishes certain principles and requirements that intersect with these areas, particularly for fintech industry participants.

Fintech providers must comply with strict data protection standards (general law), including safeguarding client data and ensuring confidentiality, integrity and availability.

Consent requirements are particularly important, with clients needing to provide explicit, informed and specific authorisation for data sharing. Violations of privacy obligations, such as fraudulent data processing or unauthorised disclosure, are considered to be very serious and can lead to sanctions.

Legacy financial institutions often have established frameworks for data protection due to long-standing compliance with privacy laws. Fintech providers, especially start-ups, may face higher compliance costs to implement robust privacy measures.

Fintech providers may rely more heavily on digital platforms and APIs, increasing their exposure to privacy risks compared to legacy players with more traditional systems.

Cybersecurity Regulations

Fintech providers must adopt cybersecurity measures to prevent unauthorised access, data breaches and system interruptions.

They are required to report security incidents to the CMF and implement mitigation measures. Standards for secure software development and system inviolability are mandated, particularly for automated processes like algorithms.

Fintech providers, being more reliant on cloud-based systems and APIs, may face greater cybersecurity challenges compared to legacy players with more centralised systems. Legacy players often have larger budgets and established cybersecurity teams, while fintech providers may need to allocate significant resources to meet regulatory requirements.

Social Media Content

Fintech providers must ensure that advertising and promotional content does not mislead or confuse clients about the nature, risks or benefits of financial products. Social media campaigns must align with transparency and accuracy requirements to avoid regulatory scrutiny.

Software Development

Fintech providers must ensure that software systems, including algorithms, meet standards of inviolability and reliability. Automated systems used for advisory services or transaction processing must align with regulatory requirements for objectivity and consistency.

Fintech providers often develop proprietary software and rely on agile development processes, which may require frequent updates to meet regulatory standards.

Legacy players may use more standardised software solutions, reducing the need for constant adaptation to new regulations.

While the CMF is the main regulator overseeing fintech activities, and also indirectly highlights other entities that may review the activities of industry participants, including accounting/auditing firms, vendors and industry bodies. Below is an analysis of their roles, requirements and industry practices.

Accounting and Auditing Firms

These firms may be engaged by fintech providers to ensure compliance with financial reporting standards, internal controls and governance requirements.

Fintech providers often rely on external auditors for credibility and transparency, especially when seeking investment or partnerships. Legacy players typically have long-standing relationships with auditing firms, while fintech providers may need to establish these connections.

Other Vendors (eg, Technology Providers)

Vendors providing software, cloud services  and cybersecurity solutions play a critical role in ensuring compliance with technical standards. Vendors must meet security and operational standards set by the CMF, particularly for systems handling sensitive financial data.

Fintech providers often use third-party APIs and cloud services, which may require additional scrutiny to ensure compliance.

Fintech providers often engage with industry bodies to stay up to date with trends and collaborate on compliance strategies. Legacy players may have less reliance on industry bodies due to their established regulatory frameworks.

The law explicitly addresses the regulation of financial services and provides clear guidelines for industry participants offering regulated products and services.

Entities offering regulated services must have a sole and exclusive corporate purpose related to the provision of these services. Offering unregulated services through the same legal entity may conflict with this exclusivity requirement.

Fintech providers often establish separate legal entities to offer unregulated services, ensuring compliance with regulatory requirements while diversifying their offerings.

Fintech providers must ensure a clear separation between regulated and unregulated services to avoid regulatory scrutiny.

AML and sanctions compliance are critical components of the system, impacting both regulated and unregulated fintech companies.

Fintech companies offering regulated services must comply with AML and sanctions rules. Entities must implement governance and risk management policies to prevent money laundering and terrorism financing. Reporting obligations to the UAF are mandatory for transactions that may involve suspicious activities.

Regulated fintech companies often adopt advanced technologies (eg, AI-driven transaction monitoring) to meet AML requirements efficiently. Compliance with AML rules is seen as a competitive advantage, enhancing trust among clients and investors.

The CMF and UAF have broad powers to monitor compliance, investigate suspicious activities, and impose penalties for violations. Regulators emphasise the importance of data security and transparency in preventing money laundering.

Severe penalties, including cancellation of registration and criminal charges, may apply to entities failing to meet AML requirements.

Chile’s AML/CTF framework aligns with FATF standards through its focus on risk-based compliance, customer due diligence and reporting obligations. This alignment ensures that fintech companies operating in Chile adhere to internationally recognised best practices for combating money laundering and terrorism financing.       

Cross-Border Offering of Regulated Services

Foreign companies providing regulated services must have a domicile in Chile to operate. These entities must comply with the registration and authorisation requirements set by the CMF, including being listed in the FSPR.

The law does not explicitly provide exemptions for reverse solicitation, where a client in Chile initiates contact with a foreign provider to access regulated services without triggering domestic regulations.

Certain entities already regulated under other laws (eg, banks, insurance companies, brokers) may provide services provided they comply with their existing regulatory frameworks. In a small number of case, this could enable the provision of cross-border services without triggering additional domestic regulations, but only for entities that are already recognised and regulated in Chile.

Different asset classes, such as security tokens and cryptocurrencies, require distinct business models due to their unique regulatory and operational requirements. The law defines and regulates these asset classes under specific frameworks, emphasising tailored approaches for their management and commercialisation.

Security tokens fall under the category of financial instruments as they represent titles, contracts or assets designed to generate monetary returns or represent debts. Security tokens are subject to stricter oversight, including registration in the FSPR and compliance with governance, risk management and transparency requirements.

Cryptocurrencies are classified as virtual financial instruments, representing digital units of value, goods or services, excluding money in national or foreign currency. They are regulated differently, focusing on their use in alternative transaction systems or custody services, and require platforms for exchange, wallet services or custody of digital assets. The framework emphasizes technological infrastructure, such as blockchain or distributed ledger systems, and may involve peer-to-peer transactions or decentralised finance (DeFi) models.

The law does not distinguish how legacy players implement solutions introduced by robo-advisers. However, it provides a broad framework for financial innovation and technology, including investment advisory, which could include robo-advisers. It outlines requirements for entities providing such services, which may guide legacy players in adopting robo-adviser solutions.

Robo-advisers fall under the category of investment advisory, defined as services offering evaluations or recommendations regarding investments in public offerings, financial instruments or investment projects. This excludes advisory services related to pensions or insurance.

Entities must meet standards of suitability and knowledge for personnel and systems used in providing recommendations. Compliance with governance and risk management standards is mandatory. Information provided to clients must include conflicts of interest, methods, criteria and risks associated with recommendations.

Legacy players, such as banks and insurance companies, may integrate robo-adviser solutions to enhance their investment advisory services.

The law promotes technological neutrality, allowing legacy players to adopt robo-adviser solutions without being restricted to specific technologies.

Key issues relating to best execution include the following.

Transparency and Fairness

Best execution requires promoting adequate price formation and enabling the optimal execution of customer orders.

Providers must have the capacity to process transactions efficiently through robust systems and infrastructure.

Interruptions or contingencies in systems must be disclosed to customers.

Entities must disclose potential conflicts of interest.

The CMF supervises the activities of entities involved in trade execution, ensuring compliance with legal standards.

The CMF can impose corrective measures to protect investors and ensure market integrity.

The legal framework also encourages entities to adopt innovative solutions for trade execution while maintaining compliance with regulatory standards.

The law provides a general framework for financial services, including credit advisory, which may indirectly address aspects of loans.

It involves evaluating or recommending the creditworthiness of individuals or entities for obtaining, modifying or renegotiating loans.

Providers must meet standards of suitability and knowledge to ensure accurate assessments. Entities offering credit advisory services must disclose conflicts of interest, evaluation criteria, and risks associated with recommendations.

Compliance with financial integrity, data protection and AML measures is necessary for all financial services.

The system provides general principles and requirements for financial services, including credit advisory, which may involve underwriting-related activities.

Credit advisory involves evaluating the creditworthiness of individuals or entities, including their ability to repay loans. Providers must use objective, coherent and consistent standards in their evaluations.

The CMF supervises entities providing financial services, ensuring compliance with legal standards. While the law does not prescribe specific underwriting methodologies, it requires adherence to principles of transparency, risk management and customer protection. Entities must implement policies, procedures and controls to manage risks inherent to their business lines.

Providers must disclose the criteria, methods and risks involved in their evaluations to customers.

Underwriting typically involves assessing credit scores, income, debt-to-income ratios and collateral for individuals.

For businesses, it may include reviewing financial statements, business plans and market conditions.

The law does not explicitly outline the sources of fiat currency funds for loans or the legal and regulatory issues associated with each source. However, it provides a framework for financial services, including platforms for crowdfunding and other financial activities, which may involve loan funding.

The platforms must disclose project details, risks and potential conflicts of interest.

They are subject to oversight by the CMF and must comply with governance and risk management requirements.

Entities providing loans may raise capital through private investments or equity offerings must comply with corporate governance and risk management standards.

If the raised capital involves securities it may fall under the Capital Markets Law, which regulates public offerings and securities registration.

Only banks and other financial institutions authorised to take deposits are regulated under the GBL and supervised by the CMF.

Deposit-taking institutions must comply with strict liquidity, solvency and operational requirements.

They are subject to AML and customer protection regulations.

The syndication of loans is only regulated for banks. The Fintech Law outlines a framework for financial services, including platforms for crowdfunding.

Crowdfunding allows multiple investors to fund projects or loans. This could resemble syndication, where multiple parties contribute to a single loan.

Entities providing these services must be registered with the CMF and comply with governance, risk management, and transparency requirements. Platforms must disclose project details, risks and potential conflicts of interest to participants.

The law does not explicitly state whether payment processors must use existing payment rails or if they are allowed to create or implement new ones. However, it provides a framework for financial innovation, including provisions for payment services and open finance systems, which suggest flexibility in implementing new payment mechanisms.

Banks and financial institutions offering accounts and payment initiation service providers are regulated under the new law. These entities must comply with interoperability standards and ensure secure access to payment systems.

The law promotes technological neutrality allowing innovation in financial services.

Payment processors may implement new systems or interfaces, provided they meet the security, interoperability and operational standards set by the CMF. The Open Finance System encourages the development of interfaces for automated and remote access, which could include new payment rails.

Financial integrity, data protection, and AML and CFT standards operate under a common regulatory framework.

The law emphasises the prevention of money laundering and financing of terrorism as a core principle. Entities providing financial services must comply with these standards.

Adequate safeguards for the treatment of customer data are required, including privacy and security measures.

Entities must provide clear information to customers and report relevant data to the SII for tax purposes.

The CMF oversees compliance with financial regulations, including AML/CFT standards, and has the authority to impose preventive or corrective measures.

Various types of marketplaces and trading platforms are permissible, each with specific regulatory requirements.

Crowdfunding Platforms

• Physical or virtual spaces where individuals or entities with investment projects or financing needs connect with those willing to provide resources.
• They must be registered in the FSPR.
• Obligations include providing clear information about projects and potential conflicts of interest.
• Governance and risk management standards must also be met.

Alternative Trading Systems

• Physical or virtual spaces for quoting, offering or trading financial instruments or public securities; they are not authorised as stock exchanges.
• These systems must be registered and authorised by the CMF.
• They are required to maintain operational capacity for processing transactions and ensure transparency in price formation.
• Governance, risk management, and internal regulations promoting fair and competitive markets are mandatory.

Financial Instrument Intermediation

• Activities involving the purchase or sale of financial instruments for third parties, either directly or through intermediaries.
• Entities must be registered and authorised by the CMF.
• They must meet the requirements for operational capacity, guarantees and minimum capital.
• Governance and risk management standards apply.

Order Routing

• Channelling orders from third parties for the purchase or sale of securities or financial instruments to trading systems or intermediaries.
• Registration and authorisation by the CMF are required.
• Entities must meet operational, governance and risk management standards.

Custody of Financial Instruments

• Safekeeping of financial instruments, money or foreign currency on behalf of third parties.
• Registration and authorisation by the CMF are mandatory.
• Entities must meet minimum capital and guarantee requirements.
• Governance and risk management standards apply.

Operational Requirements

• Some of these entities are required to maintain robust operational systems to ensure transaction processing and market transparency.
• Minimum capital and guarantee requirements to protect clients.
• Governance and risk management policies tailored to their size, volume and nature of operations.

Distinct regulatory regimes exist for different asset classes, including security tokens, cryptocurrencies and other financial instruments.

Security Tokens

Security tokens are considered financial instruments under the law if they are designed to generate monetary returns or represent debt or equity. Security tokens are subject to the same rules as other financial instruments, such as contracts, derivatives and invoices. They must comply with transparency, reporting and governance requirements. Security tokens are excluded from the definition of publicly offered securities unless explicitly registered under law.

Cryptocurrencies

Cryptocurrencies are defined as digital representations of value that can be transferred, stored or exchanged digitally, excluding money in national or foreign currency.

Cryptocurrencies are treated as a separate asset class and are not considered financial instruments unless explicitly structured for financial returns.

Platforms dealing with cryptocurrencies must comply with AML/CFT standards, data protection and governance requirements.

The law emphasises the neutrality of technology, meaning that the regulatory framework applies regardless of whether the asset is digital or physical.

Traditional Financial Instruments

These include contracts, derivatives, invoices, and other intangible assets designed to generate monetary returns. They are subject to comprehensive rules for transparency, reporting, governance, and risk management. Instruments must be registered and authorised for public offering under the Capital Markets Law.

Both asset classes are subject to AML/CFT standards, but platforms handling cryptocurrencies may face additional scrutiny due to their potential use in money laundering or terrorism financing.

Cryptocurrency exchanges ‒ both centralised and decentralised ‒ are explicitly addressed and regulated as part of the broader framework for financial services based on technology. The emergence of these platforms has led to the establishment of specific rules to ensure transparency, security and protection for users.

Centralised exchanges are categorised as Alternative Trading Systems if they facilitate the trading of cryptocurrencies. They must:

• register at the CMF;
• comply with governance and risk management standards;
• ensure operational capacity for secure transaction processing; and
• implement AML/CFT measures to prevent money laundering and terrorism financing.

Decentralised Cryptocurrency Exchanges (DEXs) operate without intermediaries, allowing users to trade cryptocurrencies directly through smart contracts or blockchain-based protocols are free of regulations.

Listing standards for financial instruments, including those traded on platforms such as Alternative Trading Systems, are regulated to ensure transparency, investor protection and market integrity.

Financial instruments must be registered in the Securities Registry if they are subject to public offering. Platforms facilitating the trading of financial instruments must be authorised by the CMF.

Platforms must provide clear and accurate information about the financial instruments listed, including their characteristics, risks and conditions. Issuers must disclose essential information about their financial, economic and legal situation.

Platforms must implement governance and risk management policies to ensure fair and transparent trading.

Certain instruments, such as unregistered securities, are excluded from public offering unless explicitly authorised.

Order handling rules apply under law, particularly for platforms categorised as Alternative Trading Systems and entities involved in Order Routing. These rules are designed to ensure transparency, fairness and efficiency in the execution of orders.

Platforms and intermediaries must:

• ensure the best execution of orders, prioritising fairness and efficiency in processing;
• maintain operational capacity to support the secure and timely processing of transactions; and
• provide clear information about the conditions of access and functioning of their systems.

Platforms must disclose:

• the conditions under which orders are routed and executed;
• and any potential conflicts of interest that may arise in the handling of orders.

Platforms facilitating order routing must adopt internal regulations to ensure an equitable, competitive, and transparent market, promoting proper price formation and the best execution of user orders.

The CMF oversees compliance with these rules and may impose corrective measures or suspend operations if platforms fail to meet order handling standards.

Platforms and intermediaries strive to execute orders at the best available price and under optimal conditions for clients.

Transparency in disclosing conflicts of interest is critical to maintaining trust.

The rise of peer-to-peer (P2P) trading platforms significantly impacts both traditional financial institutions and fintech players, while also introducing regulatory challenges.

Traditional Financial Institutions

• Competition: P2P platforms challenge traditional institutions by offering direct, decentralised trading, often with possible lower fees and faster transactions.
• Disintermediation: traditional players may lose market share as P2P platforms bypass intermediaries like brokers and banks.
• Adaptation: banks and other institutions may need to innovate, adopting similar technologies or partnering with fintechs to remain competitive.

Fintechs benefit from the rise of P2P platforms by leveraging technology to create innovative solutions, such as blockchain-based trading or automated systems.

Market Expansion

P2P platforms enable fintechs to reach underserved markets, promoting financial inclusion.

P2P platforms must comply with the Fintech Law, which regulates services like crowdfunding platforms and alternative trading systems.

Ensuring compliance with AML and CTF regulations is critical, as P2P platforms may be vulnerable to misuse.

P2P platforms handle sensitive financial data, requiring adherence to strict data protection standards.

The law does not explicitly address payment for order flow (PFOF) ‒ a practice where brokers receive compensation from third parties (eg, market makers) for routing client orders to them. However, the law establishes principles and rules that indirectly impact this practice, particularly in the context of transparency, market integrity, and conflict of interest management.

Rules Related to Payment for Order Flow

Entities providing services like order routing or financial instrument intermediation must disclose any conflicts of interest to their clients.

Platforms and intermediaries are required to ensure best execution of orders, prioritising fairness and efficiency.

Entities must provide clear information about the conditions under which orders are routed and executed, including any arrangements that could affect the impartiality of order handling.

Platforms facilitating order routing must adopt internal regulations to ensure an equitable, competitive and transparent market, promoting proper price formation and the best execution of user orders

Impact on the Vertical

For P2P platforms

PFOF could undermine the trust that P2P platforms aim to build by offering direct, decentralised trading. Transparency and fairness are critical for these platforms to maintain credibility.

For traditional brokers

PFOF may provide a revenue stream but could face scrutiny under the law’s conflict of interest and best execution provisions. Brokers must balance profitability with compliance and client trust.

For fintechs

Fintechs leveraging PFOF must ensure compliance with transparency and disclosure requirements. Failure to do so could result in regulatory penalties and reputational damage.

Regulatory Challenges

Regulators must ensure that PFOF does not compromise the quality of execution for clients.

PFOF arrangements could lead to unequal access to liquidity or price manipulation, requiring oversight to maintain market integrity.

Ensuring that entities disclose PFOF arrangements and their impact on order routing decisions is critical.

The system establishes several principles and rules to ensure market integrity and prevent market abuse in trading activities. These principles are designed to promote transparency, fairness and trust in financial markets, while safeguarding investors and the stability of the financial system.

Basic Principles of Market Integrity

Transparency

Entities must provide clear, accurate and timely information about trading conditions, including pricing, access and operational interruptions. Platforms and intermediaries must disclose any conflicts of interest that could affect the impartiality of their services.

Fairness

Trading systems must ensure equitable access and competitive conditions for all participants, avoiding discriminatory practices. Platforms must adopt internal regulations to promote orderly and transparent markets, ensuring proper price formation and execution of orders.

Best execution

Entities providing trading services must prioritise the best execution of client orders, ensuring optimal outcomes for investors.

Neutrality

The law emphasises technological neutrality, ensuring that trading systems do not favour specific technologies or participants.

Rules governing market abuse

Price manipulation is explicitly prohibited, including actions aimed at artificially stabilising, fixing or altering the prices of financial instruments. Fictitious transactions or fraudulent practices to induce others to buy or sell financial instruments are also banned.

Entities are prohibited from disseminating false or misleading information about financial instruments, issuers or projects to alter investor perceptions or valuations.

Using client assets (eg, financial instruments or funds) for personal or third-party benefit without authorisation is strictly prohibited.

Entities must disclose and manage conflicts of interest to prevent abuse or unfair practices in trading.

Entities and individuals engaging in fraudulent or manipulative practices are subject to administrative and criminal penalties.

The CMF is tasked with supervising trading activities to ensure compliance with these principles. The CMF has the authority to suspend or revoke authorisations for entities that violate market integrity rules or impose sanctions for market abuse, including fines and cancellation of registrations.

The law addresses algorithmic trading indirectly through its emphasis on transparency, risk management and governance. While the law does not explicitly establish a separate regulatory regime for algorithmic trading, it sets out principles and requirements that apply to entities using such technologies.

Entities employing algorithms or automated systems for services such as investment advisory or credit advisory must ensure that these systems meet standards of objectivity, coherence and consistency. The CMF will establish certification requirements to ensure the reliability and inviolability of these systems.

Entities using algorithmic trading must implement policies, procedures and controls to manage risks inherent to their business lines, including operational and financial risks. The CMF will define standards of governance and risk management, including cybersecurity measures, tailored to the size and nature of the entity’s operations.

Entities must disclose the variables, methods and criteria guiding algorithmic decision-making, especially in investment advisory services. Any conflicts of interest arising from algorithmic trading must be disclosed to clients.

Algorithmic systems must not engage in price manipulation, fictitious transactions or other practices that distort market integrity.

The CMF has the authority to monitor algorithmic trading systems and ensure compliance with transparency, risk management and governance standards.

The law does not explicitly differentiate regulatory regimes for algorithmic trading based on asset classes. However, certain provisions suggest that the CMF may tailor requirements depending on the nature of the asset class or type of service.

• Financial instruments (eg, securities, derivatives) are subject to stricter governance and risk management standards, including minimum capital and guarantees.
• Virtual financial assets are defined separately and may require additional safeguards due to their volatility and unique risks.
• Investment advisory versus trading platforms: entities providing investment advisory services must disclose the methodologies used by algorithms to recommend investments, while trading platforms must focus on ensuring fair and transparent markets.

Algorithmic systems used for custody of financial instruments must meet higher standards for operational security and risk management.

In Chile, entities functioning in a principal capacity as market makers are required to be licensed or registered to operate professionally. The law establishes a registration and authorisation regime for entities providing financial services, including those acting as intermediaries or market makers. Below is a description of the relevant regime.

Entities providing services such as intermediation of financial instruments must be registered in the Registry of Financial Service Providers managed by the CMF. Only entities registered in this registry can operate professionally in these capacities.

To be registered and authorised, entities functioning as market makers must meet the following conditions:

• exclusive business purpose;
• operational and risk management capacity;
• guarantees and minimum capital;
• governance and risk management; and
• transparency and disclosure.

Certain entities, such as banks and securities intermediaries, may operate as market makers without being registered in the FSPR, provided they are already regulated under other legal frameworks.

The CMF oversees compliance with these requirements and has the authority to:

• suspend or revoke registrations for non-compliance; and
• impose sanctions for violations, including operating without proper registration.

The Chilean system establishes distinct regulatory frameworks for funds and dealers engaging in financial activities, reflecting differences in their business models and operational roles.

Funds

Funds are managed by general fund administrator or portfolio managers under the Fund General Law. Their primary role is to pool investor capital and manage it according to predefined investment strategies.

The manager must maintain a minimum capital based on the volume of assets under management and risk exposure, and must provide guarantees to ensure compliance with their obligations to investors.

If a fund manager uses automated systems for portfolio management, they must certify the suitability and security of these systems.

Funds are subject to strict disclosure requirements to ensure transparency for investors regarding risks, fees and performance.

The CMF oversees fund administrators, ensuring compliance with governance, risk management and operational standards.

Dealers

Dealers, such as intermediarios de instrumentos financieros (financial instrument intermediaries), act as market participants, facilitating buying and selling of financial instruments, often in a principal capacity.

They may also act as market makers, providing liquidity to markets.

Dealers must:

• be registered in the FSPR;
• maintain financial guarantees and minimum capital to ensure stability and protect clients; and
• implement robust governance structures and risk management systems.

Dealers are subject to rules preventing manipulative practices, such as price manipulation or fictitious transactions.

The CMF monitors dealers to ensure compliance with operational, transparency and risk management standards.

Programmers who develop trading algorithms and electronic trading tools are not directly regulated as individuals. However, the entities that use these algorithms and tools are subject to strict regulatory oversight, particularly regarding the suitability and security of the systems they employ. Below is an explanation of how the regulation applies.

Entities such as administradoras generales de fondos (fund administrators), financial intermediaries, and providers of information-based services are responsible for ensuring that the algorithms and systems they use comply with regulatory standards.

These entities must certify the reliability security, and accuracy of the algorithms they employ.

The CMF requires entities to demonstrate that their algorithms meet specific standards.

• Inviolability: ensuring the systems are secure and cannot be tampered with.
• Objectivity and consistency: ensuring the algorithms align with the needs and expectations of clients.

Entities using trading algorithms must implement robust governance structures and risk management systems to monitor and mitigate risks associated with algorithmic trading.

While programmers themselves are not directly regulated, their work is indirectly governed through the entities that employ their tools.

Entities are accountable for the performance and security of the algorithms, meaning programmers must adhere to the standards set by the regulated entities.

Programmers may need to ensure their tools comply with the technical and operational requirements established by the CMF.

Entities using algorithms for trading must ensure these systems do not engage in manipulative practices, such as price manipulation or fictitious transactions.

Systems must meet minimum cybersecurity standards to prevent unauthorised access or data breaches.

Entities must disclose the methodologies and criteria used by their algorithms to clients, ensuring transparency in decision-making processes.

Underwriting processes in the insurtech sector are not explicitly detailed or prescribed by regulation. However, the law provides a framework for the regulation of insurance companies and intermediaries that focuses on transparency, risk management and consumer protection, which indirectly influence underwriting practices.

Insurtech companies may use traditional underwriting methods, which involve assessing risks based on historical data, actuarial models and individual customer profiles. This process typically includes evaluating factors such as age, health, occupation and lifestyle for personal insurance or business operations for commercial insurance.

Technology-Driven Underwriting

Insurtech participants often leverage data analytics, machine learning and AI to streamline underwriting processes.

These tools enable dynamic risk assessment, personalised pricing and faster decision-making by analysing large datasets, including real-time data from IoT devices, social media and other sources.

Parametric Insurance

The law explicitly allows parametric insurance, where underwriting is based on predefined triggers (eg, weather events) rather than traditional claims assessments.

This approach simplifies underwriting by focusing on measurable variables and eliminates the need for detailed damage assessments.

Insurtech companies must ensure underwriting processes align with transparency and fairness principles. They are prohibited from using misleading or incomplete information in their processes.

The law encourages the development of inclusive insurance, microinsurance and mass-market insurance, which may require simplified underwriting processes to serve underserved populations.

Insurtech companies must implement robust governance structures and risk management systems to ensure underwriting practices are consistent with regulatory standards.

If underwriting processes involve automated systems or algorithms, these must be certified for suitability and security by the CMF.

For parametric insurance, the CMF establishes criteria for acceptable variables, risks and policy characteristics, ensuring underwriting aligns with measurable and objective standards.

Different types of insurance ‒ such as life, annuities, property and casualty ‒ are treated differently by both industry participants and regulators, primarily due to the nature of the risks involved and the regulatory requirements specific to each type.

Life Insurance and Annuities

Life insurance and annuities typically involve long-term commitments, requiring detailed underwriting processes that assess individual health, age and lifestyle factors.

Insurtech companies may use predictive analytics and AI to streamline underwriting and pricing for life insurance policies.

Life insurance is excluded from parametric insurance models, as the law specifies that parametric insurance cannot be applied to previsional (pension-related) insurance or mandatory insurance.

Property and casualty insurance often involves short-term coverage, making it suitable for parametric insurance models. For example, coverage for natural disasters can be triggered by measurable events like earthquakes or floods.

These types of insurance are often distributed through microinsurance or inclusive insurance models, targeting underserved populations with simplified underwriting processes.

Annuities are treated as financial instruments requiring careful actuarial calculations and risk management due to their extended payout periods. Annuities are subject to stricter governance and solvency requirements to ensure long-term financial stability.

Life insurance and annuities are excluded from parametric insurance frameworks, as they require individualised risk assessments and cannot rely solely on predefined triggers.

Companies offering life insurance and annuities must implement robust governance structures and risk management systems to ensure solvency and compliance with long-term obligations.

Regulators allow property and casualty insurance to adopt parametric models, simplifying claims processes and enabling faster payouts based on measurable events.

The law encourages simplified processes for property and casualty insurance to serve excluded or underserved populations, such as low-income groups.

The CMF establishes differentiated rules for microinsurance and inclusive insurance, focusing on simplified policies, streamlined claims processes, and mass-market distribution.

Regtech providers ‒ entities that use technology to assist in regulatory compliance ‒ are regulated depending on their activities. The law establishes a framework for oversight by the CMF, which supervises entities involved in financial services, but does not include those leveraging technology for compliance purposes.

Financial services firms are required to ensure that technology providers meet specific standards of performance and accuracy, particularly when their services involve regulated activities such as custody, intermediation, or advisory services. The contractual terms imposed on technology providers are influenced by both regulation and industry custom.

Contractual Terms to Assure Performance and Accuracy

Performance guarantees

Financial services firms often require technology providers to include guarantees for:

• operational reliability;
• accuracy of data; and
• compliance with regulatory standards.

Liability clauses

Contracts typically include provisions holding technology providers liable for:

• errors or omissions in data processing;
• system failures that impact financial transactions or customer services; and
• breach of regulatory requirements, such as data privacy violations or failure to meet cybersecurity standards.

SLAs

SLAs are commonly used to define the following.

• Uptime guarantees: minimum operational availability of systems.
• Response times: timely resolution of technical issues.
• Accuracy thresholds: standards for data processing and reporting.

Audit and reporting requirements

• Submit to regular audits to verify compliance with regulatory and contractual obligations.
• Provide periodic reports on system performance, data accuracy and risk management.

Indemnification clauses

Financial firms often seek indemnification for losses caused by:

• system errors or inaccuracies; and
• regulatory penalties resulting from non-compliance by the technology provider.

Termination rights

Contracts may include provisions allowing financial firms to terminate agreements if:

• the provider fails to meet performance standards; or
• regulatory compliance is compromised.

Financial firms are required to implement governance and risk management systems that ensure the reliability and security of technology providers. Contracts must reflect these obligations, particularly in areas like cybersecurity and data protection.

Technology providers must comply with minimum security standards set by the CMF, which influence contractual terms related to system integrity and data confidentiality.

Providers must meet regulatory requirements for accurate data processing and reporting, as dictated by the CMF.

Firms may adopt ISO standards or other internationally recognised frameworks for performance and accuracy.

Traditional players are working to collaborate with fintech and take advantage of the new ecosystem too.

The Open Finance System established by law promotes interoperability and secure data exchange between financial institutions. Blockchain could play a role in ensuring secure and transparent data sharing.

While the system does not consider blockchain implementation, it provides a regulatory framework that supports its use in areas like payment systems, custody and tokenisation. Traditional players in the financial services industry are likely to explore blockchain to enhance security, efficiency and transparency, aligning with the law’s principles of innovation and inclusion.

The law provides a clear framework for the use of blockchain and other innovative technologies in the financial services industry in Chile. Local regulators, particularly the CMF and the Central Bank, have introduced provisions and interpretations that support blockchain adoption while ensuring compliance with security, reliability and transparency standards.

The law explicitly acknowledges distributed ledger technologies (eg, blockchain) as valid systems for recording digital representations of value, including financial instruments and payment systems.

Blockchain-based systems are permitted for representing money (national or foreign currency) recorded on the blockchain and can be used to document obligations payable in various currencies.

The Central Bank is tasked with setting minimum standards for blockchain-based systems, including the following.

• Security: ensuring the reliability and protection of transactions.
• Acceptability: promoting mass adoption and usability.
• Reliability: preventing fraud and ensuring system integrity.

The Open Finance System established by law promotes interoperability and secure data exchange between financial institutions. Blockchain could play a role in ensuring secure and transparent data sharing.

The law allows for the tokenisation of financial instruments and assets, provided they meet regulatory standards for security and transparency.

The CMF has broad powers to monitor blockchain-based systems used by financial institutions. It can also issue regulations to ensure compliance with cybersecurity, data protection and risk management standards.

The CMF will define the technical and operational standards for the Open Finance System, which may include blockchain-based solutions for the secure exchange of data.

The law mandates a phased implementation of blockchain-related systems, with the CMF setting timelines and standards for adoption.

Blockchain assets are not universally classified as regulated financial instruments. The law provides specific definitions and classifications for certain types of blockchain-related assets, but it also establishes boundaries for what is considered a financial instrument. Below is an analysis based on the law and its implications.

Blockchain assets are defined as digital representations of units of value, goods or services (excluding money in national or foreign currency) that can be transferred, stored or exchanged digitally.

These assets are distinct from traditional financial instruments and are not automatically considered regulated financial instruments unless they meet specific criteria.

Financial instruments are titles, contracts or documents designed to generate monetary returns or represent debts or virtual financial assets. Blockchain assets may qualify as financial instruments if they are structured to generate monetary returns or represent debts, but money or foreign currency (whether physical or digital) is explicitly excluded from this classification.

Blockchain assets that do not meet the criteria for financial instruments (eg, utility tokens or non-financial digital assets) are not regulated under the financial framework established by law.

The distinction between financial instruments and virtual financial assets can be unclear, especially for blockchain assets like stablecoins or tokenised securities.

Some blockchain assets may straddle the line between utility and investment, creating challenges for regulatory classification.

Blockchain assets used for non-financial purposes (eg, NFTs or utility tokens) may fall outside the scope of financial regulation, leaving them unregulated in certain contexts.

The lack of clear classification for some blockchain assets may expose consumers to risks, such as fraud or lack of transparency.

The regulation of “issuers” of blockchain assets and the initial sales of such assets depends on whether the assets are classified as financial instruments or virtual financial assets.

Financial Instruments

Blockchain assets that qualify as financial instruments (eg, tokenised securities or debt instruments) are subject to strict regulatory oversight.

Issuers must register their financial instruments in the FSPR maintained by the CMF. Issuers must provide accurate, sufficient and timely information about their financial instruments to the CMF and the public. Issuers must adhere to governance, risk management and reporting standards set by the CMF.

Virtual Financial Assets

Virtual financial assets (eg, cryptocurrencies) are not automatically classified as financial instruments and are not subject to the same regulatory requirements.

Issuers of crypto-assets may be subject to AML and CTF regulations.

There are no specific requirements for registration or reporting unless the crypto-asset is structured as a financial instrument.

Blockchain Assets

Issuers of blockchain assets that are explicitly excluded from the definition of financial instruments (eg, utility tokens) are not regulated under the system.

These issuers may still be subject to general consumer protection laws.

Initial Sales of Financial Instruments

Blockchain assets offered as financial instruments must comply with the rules for public offerings under Law No 18.045.

The financial instruments must be registered in the Capital Markets Register before being offered to the public, unless they fulfil the requirements to be considered a private offer.

Issuers must provide detailed information about the offering, including risks, terms and conditions, to ensure transparency and investor protection. Issuers in liquidation or facing regulatory sanctions cannot make public offerings unless explicitly authorised by the CMF.

Initial sales of crypto-assets are not regulated as public offerings unless the assets are structured as financial instruments.

Sales may be subject to AML/CTF regulations to prevent illicit activities.

There are no specific requirements for disclosure or registration unless the crypto-asset is classified as a financial instrument.

Initial sales of utility tokens or other non-financial blockchain assets are not regulated under the fintech system. These sales may still be subject to general consumer protection laws to prevent fraud or misleading practices.

Blockchain asset trading platforms and secondary market trading are regulated based on the classification of the assets being traded. The law provides a framework for platforms that facilitate trading of financial instruments and establishes oversight mechanisms for intermediaries and P2P transactions.

Blockchain Asset Trading Platforms

Blockchain asset trading platforms that facilitate the trading of financial instruments are regulated as alternatives systems of trading.

Platforms must be registered in the FSPR maintained by the CMF. Platforms must obtain authorisation from the CMF before initiating operations.

Platforms must have systems and procedures to ensure transparency, security and proper functioning.

They must implement governance and risk management policies. Platforms must maintain an internal regulation to ensure equitable, competitive and transparent trading.

Platforms must provide information about transactions, interruptions and contingencies to the CMF and the public.

Platforms for Virtual Financial Assets are not automatically regulated unless the assets qualify as financial instruments.

Platforms may be subject to AML and CTF regulations.

Regulation of Secondary Market Trading

Intermediaries facilitating the trading of financial instruments must be registered as FSPR.

They must obtain CMF authorisation before initiating operations.

P2P Trading

P2P trading of blockchain assets is not explicitly regulated under the law unless the assets qualify as financial instruments.

P2P transactions involving crypto-assets may be subject to AML/CTF regulations.

Platforms and intermediaries trading unregulated blockchain assets (eg, utility tokens) may expose investors to risks, such as fraud or lack of transparency.

There are no explicit regulations governing staking services related to cryptocurrencies. However, the regulation of such services may depend on the classification of the cryptocurrencies involved and the nature of the staking activity.

If staking is structured as a financial service (eg, offering returns or rewards that resemble investment products), it may fall under the scope of the Fintech Law as a regulated activity, such as investment advisory.

Entities providing staking services may need to register in the FSPR. They may be subject to governance, risk management and reporting requirements.

Staking services involving cryptocurrencies may be subject to AML/CTF regulations if they are deemed to pose risks related to money laundering or terrorism financing.

Providers may need to report suspicious transactions to the UAF.

If staking is purely a technical activity (eg, validating transactions on a blockchain without offering financial returns), it is unlikely to be regulated under local law.

Such activities may still be subject to general consumer protection laws.

The provision of lending services related to cryptocurrencies is regulated if the activity involves financial instruments or falls under the scope of credit advisory.

If the lending activity involves cryptocurrencies classified as financial instruments, it is subject to regulation under the Fintech Law.

Lending services related to cryptocurrencies may fall under the scope of the Financial Services or Money Lending Operations special laws.

Entities providing lending services must register in the FSPR. They must obtain authorisation from the CMF before initiating operations. Providers must comply with governance, risk management and reporting requirements.

Lending services involving cryptocurrencies may be subject to AML/CTF regulations. Providers must report suspicious transactions to the UAF.

P2P crypto lending may remain unregulated unless AML/CTF concerns arise.

The offering of cryptocurrency derivatives is regulated by law.

Law No 21.521 expands the definition of financial instruments to include contracts such as derivatives and contracts for difference. These are financial instruments designed to generate monetary returns or represent a debt or virtual financial asset.

Cryptocurrency derivatives, such as futures, options or swaps based on cryptocurrencies, fall within this definition.

The offering and trading of cryptocurrency derivatives are considered forms of financial intermediation or may be conducted through alternative trading systems.

Entities offering cryptocurrency derivatives must register in the FSPR. Authorisation from the CMF is required before initiating operations.

Providers must comply with governance, risk management and reporting requirements.

Providers must ensure transparency in the offering of derivatives, including clear information about risks, pricing and terms. Misleading or incomplete information is prohibited.

Providers of cryptocurrency derivatives are subject to AML/CTF regulations. They must report suspicious transactions to the UAF.

If cryptocurrency derivatives are offered informally or outside the scope of regulated financial services, they may fall outside the above-mentioned regulation. However, such activities may still be subject to general consumer protection laws.

Decentralised finance (DeFi) services are subject to regulation if they involve activities defined as financial services or instruments, even if no traditional intermediary is involved. Below is an explanation of how DeFi services are governed and whether they can claim exemption from regulation.

The Fintech Law applies to activities involving financial instruments, which include security tokens, cryptocurrency derivatives and other financial instruments.

If a DeFi platform facilitates trading, custody or other financial services involving these instruments, it falls under the regulatory framework.

DeFi platforms that allow participants to trade financial instruments or cryptocurrencies are considered alternative transaction systems.

Platforms offering custody services for cryptocurrencies or security tokens are regulated.

Even if the platform operates without a traditional intermediary, the activity itself is regulated.

Entities facilitating DeFi services must register in the FSPR. Authorisation from the CMF is required before initiating operations.

DeFi platforms must ensure transparency, avoid misleading information, and disclose risks associated with their services.

DeFi platforms are subject to AML/CTF regulations. They must report suspicious transactions to the UAF.

Parties operating or facilitating DeFi platforms are considered service providers and must comply with registration, authorisation and reporting requirements.

Claims of exemption due to decentralisation or lack of intermediaries are invalid under the law.

If the DeFi platform offers services involving regulated financial instruments (eg, security tokens, derivatives), it must comply with the law.

Platforms must ensure governance, risk management and reporting mechanisms.

DeFi platforms must address risks such as fraud, market manipulation and cybersecurity vulnerabilities.

Funds that invest in blockchain assets, whether partially or entirely, are regulated under General Funds Management Law and other applicable laws in Chile.

Funds investing in blockchain assets, such as cryptocurrencies, security tokens or other blockchain-based financial instruments, are subject to the regulatory framework.

Blockchain assets are considered financial assets if they are designed to generate monetary returns or represent a debt or virtual financial asset.

Fund managers must register with the CMF, and each fund must also be registered before it can be offered to the public. Authorisation from the CMF is required before initiating operations.

Fund managers must implement governance, risk management and cybersecurity measures to protect investors and ensure operational continuity.

Fund managers must maintain a minimum capital equivalent to the greater of USD200,000 or 3% of assets weighted by financial and operational risks.

Fund managers must disclose the risks, characteristics and conditions of blockchain assets to investors. Misleading or incomplete information is prohibited.

Fund managers investing in blockchain assets are subject to AML/CTF regulations. They must report suspicious transactions to the UAF.

If fund managers use algorithms or automated systems for investment decisions, they must demonstrate the reliability and inviolability of these systems to the CMF.

Fund managers must provide guarantees to ensure compliance with their obligations and protect investors.

Blockchain assets held by funds must be segregated and maintained securely to prevent misuse or unauthorised access.

Virtual currencies and blockchain assets are defined and treated differently based on their characteristics and intended use. Below is an explanation of their definitions, treatment, and key differences.

Virtual Currencies

Virtual currencies represent digital units of value, goods or services, excluding money (whether in national currency or foreign currency).

Virtual currencies can be transferred, stored or exchanged digitally.

Blockchain Assets

Blockchain assets defined as financial instruments include titles, contracts, or intangible assets designed to generate monetary returns or represent debts or virtual financial assets. Blockchain assets may include security tokens, derivatives, contracts for difference, and other financial instruments.

Virtual currencies are treated as digital representations of value but are not considered money. They are subject to regulations when used in financial services, such as custody, trading or investment platforms.

Virtual currencies are excluded from the definition of financial instruments unless explicitly structured as such.

Blockchain assets are treated as financial instruments if they are designed to generate monetary returns or represent debts or virtual financial assets.

They are subject to stricter regulations, including registration, authorisation, and compliance with governance and risk management requirements.

NFTs and NFT platforms may fall within the fintech regulatory perimeter depending on their characteristics and intended use cases.

Regulatory Perimeter for NFTs and NFT Platforms

NFTs are unique digital assets typically representing ownership of a specific item, such as art, collectibles or intellectual property, stored on a blockchain.

in some cases, they can be classified as virtual financial instruments or cryptocurrency if they represent digital units of value that can be transferred, stored or exchanged digitally.

Platforms facilitating the trading, custody or issuance of NFTs may fall under the scope of alternative systems of trade or custody.

If NFTs are structured to generate monetary returns or represent financial rights, they may be considered financial instruments.

NFTs designed for investment purposes (eg, fractional ownership of real estate or securities) could be regulated as financial instruments.

Platforms offering such NFTs would need to register with the CMF and comply with governance, risk management and transparency requirements.

Exclusion from the Regulatory Perimeter

NFTs used solely for non-financial purposes, such as digital art or collectibles, are unlikely to fall under the fintech regulatory perimeter.

Inclusion in the Regulatory Perimeter

NFTs and platforms are included if they involve financial services, such as trading, custody or investment.

The law aims to regulate activities that could impact financial stability, investor protection or public trust.

NFTs with purely artistic or non-financial purposes are excluded because they do not pose risks to the financial system or involve monetary returns.

In Chile, the law actively supports the implementation of open banking through the establishment of the Open Finance System under Title III of the law.

The law aims to promote competition, innovation and inclusion in the financial system.

It establishes rules for the interchange of financial data between institutions, subject to explicit customer consent.

Key Features of the Open Finance System

Data sharing

Institutions must enable the exchange of customer financial data through remote and automated interfaces (APIs).

Data includes account information, transaction history and other financial details.

Consent and security

Customers must provide explicit consent for data sharing, ensuring privacy and security.

Institutions must comply with cybersecurity standards and report security incidents.

Participants

Banks, card issuers, and other financial institutions are required to participate as Information Providers Institutions.

Third-party providers (TPPs) can register as Services Providers based in information to access data and offer services.

Gradual implementation

The CMF is tasked with defining the implementation timeline and technical standards.

This phased approach ensures a smooth transition and minimises disruptions.

Challenges or inhibitions

Technical and operational barriers

Institutions must develop and maintain secure APIs, which may require significant investment.

Smaller institutions may face challenges in meeting the technical requirements.

Customer awareness

The success of open banking depends on customer understanding and trust in data-sharing mechanisms.

Lack of awareness could limit adoption.

Regulatory complexity

The law introduces detailed requirements for consent, security and interoperability, which may be challenging for institutions to implement effectively.

Comparison with PSD2 (Europe)

Similarities

Both frameworks emphasise the importance of customer consent, data security and standardised APIs.

They aim to foster competition by enabling third-party providers to access financial data.

Differences

PSD2 focuses on payment services and mandates access to payment account data, while the Chilean system has a broader scope, covering various financial products and services.

PSD2 is more mature, with established technical standards (eg, RTS for APIs), whereas Chile’s open banking system is still in the implementation phase.

Banks and technology providers in Chile are required to address data privacy and data security concerns raised by open banking through strict regulatory measures. Below is an overview of how these concerns are being managed.

Banks and technology providers must obtain explicit, informed and specific consent from customers before sharing their financial data.

Customers can revoke consent at any time, and providers are prohibited from using data beyond the scope of the authorisation.

Institutions must clearly inform customers about the type of data being shared, the purpose of sharing, and the validity period of the consent.

Open banking participants must adhere to Chile’s data protection law, ensuring the confidentiality and proper handling of personal data.

Banks and technology providers must implement minimum security standards for data protection, including measures to ensure confidentiality, integrity and availability of information. These standards are defined by the CMF through general regulations.

Data exchange must occur through APIs that meet stringent security requirements. APIs must be interoperable and include mechanisms to prevent unauthorised access or data breaches.

Institutions are required to report security incidents to the CMF without delay and take immediate steps to mitigate risks.

Banks and providers must implement strong customer authentication methods to verify the identity of users and ensure secure access to data. Authentication standards may include multi-factor authentication and encryption.

Banks and technology providers are investing heavily in cybersecurity infrastructure and API development to comply with regulatory requirements. Smaller institutions may face financial and technical challenges in meeting these standards.

Banks are partnering with fintech companies and technology providers to leverage their expertise in secure data handling and API development. Industry-wide collaboration helps establish best practices and shared security protocols.

Institutions are focusing on educating customers about the benefits and risks of open banking, as well as their rights regarding data privacy and security.

Building trust is critical for adoption.

Fraud in financial services and fintech in Chile is addressed through specific provisions that aim to prevent and penalise fraudulent activities. Below are the key elements of fraud as they relate to financial services and fintech.

Misrepresentation of Information

Fraud often involves the intentional provision of false, incomplete or misleading information to deceive clients, investors or regulators. Examples include:

• false financial statements or data provided to the CMF; and
• misleading information about investment projects or financial instruments.

Manipulation of Financial Instruments

Fraud can occur through actions that artificially influence the value or perception of financial instruments, such as:

• price manipulation of financial instruments to stabilise, fix or alter prices artificially; and
• fictitious transactions or fraudulent practices to induce others to buy or sell financial instruments.

Unauthorised Use of Client Assets

Fraud may involve the misuse of client funds or assets for personal or third-party benefit, including:

• using financial instruments, money or assets held in custody for unauthorised purposes.

Breach of Data Privacy and Security

Fraud can also arise from the unauthorised access, use or disclosure of client data, such as:

• fraudulent treatment of personal data or misuse of sensitive information; and
• exploiting vulnerabilities in cybersecurity systems to access client data unlawfully.

Inducement to Error

Fraud may involve actions designed to mislead or deceive clients, such as:

• providing false or tendentious advice in credit or investment services to induce clients to make decisions against their interests; and
• misleading advertising or propaganda about financial products or services.

Violation of Regulatory Standards

Fraud can occur when entities fail to comply with legal and regulatory requirements, including:

• operating without proper registration or authorisation; and
• failing to meet obligations related to guarantees, governance or risk management.

Cyber Fraud

With the rise of fintech, fraud increasingly involves cyber-related activities, such as:

• unauthorised transactions initiated through digital platforms or APIs; and
• exploiting weaknesses in authentication systems to impersonate clients or providers.

Fraudulent activities are classified as serious violations and may result in administrative sanctions such as fines or cancellation of registration.

Criminal penalties for actions constituting financial crimes, including manipulation, misrepresentation or unauthorised use of assets.

Regulators in Chile, particularly the CMF, focus on preventing and addressing various types of fraud in financial services and fintech. The key areas of regulatory focus include the following.

Misrepresentation and False Information

Regulators closely monitor fraud involving the intentional provision of false, incomplete or misleading information to clients, investors or the CMF.

Manipulation of Financial Instruments

Fraud related to the artificial manipulation of prices or transactions is a significant concern. Regulators focus on:

• price manipulation to stabilise, fix or alter the value of financial instruments artificially; and
• fictitious transactions or fraudulent practices to induce others to buy or sell financial instruments.

Unauthorised Use of Client Assets

Regulators prioritise fraud involving the misuse of client funds or assets, such as:

• using financial instruments, money or assets held in custody for unauthorised purposes.

Cyber Fraud and Digital Transactions

With the rise of fintech, regulators are increasingly focused on cyber-related fraud, including:

• authorised push-payment fraud ‒ fraudsters trick clients into authorising payments to fraudulent accounts, often exploiting weaknesses in authentication systems; and
• unauthorised access to client data or systems through cybersecurity breaches.

Inducement to Error in Advisory Services

Fraud involving misleading advice in credit or investment services is a key area of focus.

Breach of Data Privacy and Security

Regulators are vigilant about fraud involving the unauthorised access, use or disclosure of client data, such as:

• fraudulent treatment of personal data or misuse of sensitive information; and
• exploiting vulnerabilities in cybersecurity systems to access client data unlawfully.

Unauthorised Operations

Operating without proper registration or authorisation is considered a serious violation. Regulators focus on:

• entities providing financial services without being registered in the FSPR.

Fraud in Open Banking and Payment Initiation

Regulators are particularly focused on fraud risks associated with open banking and payment initiation services, including:

• fraudulent initiation of payments or transfers through digital platforms; and
• ensuring strong authentication mechanisms to prevent unauthorised transactions.

Fintech service providers in Chile are held responsible for losses suffered by customers in specific situations, particularly when the provider fails to meet legal, regulatory or contractual obligations. Below are the key scenarios and corresponding extent of responsibility.

Fraud or Misrepresentation

Fintech providers are responsible for losses caused by false or misleading information provided to customers, such as inaccurate advice or fraudulent advertising. Misrepresentation of financial instruments or investment projects.

Misuse of Client Funds

Providers are liable for losses resulting from the misuse of client funds or assets, including using financial instruments, money, or assets held in custody for unauthorised purposes.

Cybersecurity Breaches

Fintech providers are responsible for losses caused by:

• unauthorised access to customer data or systems due to inadequate cybersecurity measures; and
• failure to report or mitigate security incidents that compromise customer data.

Payment Initiation Fraud

In cases of payment initiation services, providers are liable for losses if:

• they fail to demonstrate that a payment was authorised by the customer; or
• unauthorised transactions occur due to weaknesses in authentication systems.

Breach of Data Privacy

Providers are responsible for losses arising from:

• fraudulent treatment of personal data or misuse of sensitive information; and
• unauthorised storage, use or disclosure of customer data beyond the scope of consent.

Failure to Meet Regulatory Standards

Providers are liable for losses if they fail to comply with:

• guarantee requirements to ensure the fulfilment of obligations; and
• governance and risk management standards designed to protect customer interests.

Inducement to Error

Providers are responsible for losses caused by:

• misleading advice or recommendations that induce customers to make decisions against their interests.

Extent of Responsibility

Providers are directly liable for losses caused by their actions or omissions, including negligence or fraud.

Providers must compensate customers for financial losses, including the value of unauthorised transactions, lost assets, or damages caused by misinformation.

In cases where guarantees are not constituted, directors and administrators may be held jointly and severally liable for customer losses.

Providers may not be held responsible if:

• the customer fails to follow security protocols or acts negligently; and
• losses are caused by external factors beyond the provider’s control, such as systemic market risks.