Law No 21,521 (the “Fintech Law”) is in the full implementation phase. Financial Market Commission (Comisión para el Mercado Financiero – CMF) General Rule (Norma de Carácter General – NCG) No 514 establishes the open finance system (OFS) framework. Regulated activities include crowdfunding, alternative trading, credit/investment advisory, custody and order routing. Entities must register in the Financial Services Providers Register (FSPR) and comply with CMF governance, capital and risk standards. The Framework Law on Cybersecurity (Law No 21,663) is also active, focusing on vital importance operators (operadores de importancia vital – OIV).

The Fintech Law regulates several business models, including crowdfunding platforms, alternative trading systems, credit and investment advisory, custody, and order routing and intermediation.

Traditional financial institutions are increasingly adopting fintech models, particularly in digital banking, payment solutions and investment platforms.

Fintech start-ups focus on technology-driven services, including crypto-asset trading and custody, AI-based solutions (eg, credit scoring and fraud detection), and interoperable services enabled by the OFS.

Chile’s fintech framework under the Fintech Law establishes a centralised regime for regulated activities, requiring registration in the Financial Services Providers Register (FSPR) and prior authorisation from the CMF. Non-compliance prevents entities from providing regulated services.

All verticals are subject to governance, risk management, disclosure and cybersecurity requirements. In general, entities must ensure transparency, manage conflicts of interest and implement adequate operational and security standards.

Specific requirements apply depending on the activity:

• crowdfunding and trading platforms must ensure transparent and secure operations;
• advisory services must meet technical competence and conflict-of-interest standards (including certification requirements under NCG No 503 for investment advisers); and
• custodians and intermediaries must comply with safeguarding, capital and guarantee requirements.

Exemptions apply to entities already regulated under other legal frameworks, including banks, brokers, stock exchanges, fund administrators and credit rating agencies.

The CMF oversees compliance and may issue secondary regulation, conduct audits and impose sanctions. Entities must also comply with data protection, AML and cybersecurity regulations.

Fintech participants may use various compensation models, including service fees, subscriptions, transaction-based fees, spreads, third-party commissions, performance fees and reimbursement of incremental costs. All models are subject to CMF oversight and disclosure requirements.

Entities must provide clear information on the nature, amount and calculation of fees, disclose conflicts of interest and how they are managed, and explain applicable risks and terms.

Under the OFS, institutions cannot charge for access to financial data, but may recover objective and non-discriminatory incremental costs as defined by the CMF.

Fintech participants are subject to a regulatory framework distinct from that of legacy players such as banks, reflecting differences in business models and risk profiles.

Fintech entities must register with the CMF and obtain authorisation for each regulated service, operating under a single-purpose model. Banks, by contrast, are authorised under the General Banking Law (GBL) and may provide a broad range of financial services, including fintech activities, without additional registration.

Capital requirements for fintech entities follow a proportional three-tier system under NCG No 502, while banks are subject to stricter capital and liquidity standards under Basel III.

Fintech regulation is generally more flexible, with proportionate governance, risk and cybersecurity requirements. Banks are subject to more stringent standards, including comprehensive controls and supervision.

Both fintech entities and banks must comply with data protection, AML and consumer protection rules, including participation in the OFS, although banks may benefit from existing infrastructure and broader regulatory frameworks.

Exemptions apply to legacy players already regulated under other laws, including banks, stock exchanges and insurance companies.

Chile has a regulatory sandbox (“testing regime”) under Article 68 of the Fintech Law, allowing fintech companies to test innovative products and services under temporary regulatory flexibility.

The testing period lasts up to 18 months, renewable once. The CMF grants exemptions or adjusted requirements on a case-by-case basis, applying a risk-based and proportional approach, and supervises participants throughout the process.

Applicants must submit a proposal describing the innovation, its benefits and associated risks. During the testing phase, participants must comply with reporting, governance and consumer protection requirements.

At the end of the testing period, entities must either obtain full authorisation or cease operations.

The CMF is the primary regulator of fintech activities in Chile, overseeing licensing, supervision and compliance with governance, risk, cybersecurity and consumer protection requirements, as well as the OFS.

Other authorities have jurisdiction over specific areas. The Central Bank of Chile (Banco Central de Chile – BCCh) regulates monetary policy, payment systems and financial stability, including certain digital payment and currency-related activities. The Financial Analysis Unit (Unidad de Análisis Financiero – UAF) supervises AML and CTF compliance for entities handling financial transactions.

Additional oversight includes the tax authority (Servicio de Impuestos Internos – SII) for tax reporting obligations. While both the CMF and the BCCh oversee aspects of payment systems, their roles differ, with the CMF focusing on operational compliance and the BCCh on systemic stability.

Regulators in Chile do not issue “no-action” letters. However, the CMF has the authority to provide regulatory flexibility and exemptions for fintech companies on certain conditions. This flexibility is typically granted through formal resolutions or norms of general character, rather than “no-action” letters.

The CMF can exempt certain entities from specific regulatory requirements or allow less burdensome compliance measures if their activities do not compromise public trust or financial stability.

Fintech companies participating in the regulatory sandbox may receive temporary regulatory relief to test innovative products and services in a controlled environment.

The CMF may issue resolutions or norms tailored to specific cases, allowing entities to operate under modified regulatory conditions.

The system does not address the outsourcing of regulated functions or the obligations placed on vendors. However, based on the principles and regulatory framework outlined in the law, the following can be inferred.

Obligations on Vendors

Vendors involved in outsourced functions must comply with the regulatory requirements applicable to the services they provide, including standards for governance, risk management, cybersecurity and data protection.

Vendors handling financial data must adhere to strict confidentiality, security and privacy standards as outlined in the law.

Entities outsourcing regulated functions remain accountable to the CMF and must ensure that vendors provide the necessary information and comply with reporting obligations.

While the documentation does not specify mandatory contractual requirements for outsourcing, general regulatory practices suggest the following:

• contracts should clearly define the scope of services, compliance obligations and performance standards;
• contracts should include provisions allowing the regulated entity or the CMF to assess the vendor’s compliance with applicable laws and standards; and
• vendors should be held liable for breaches of regulatory requirements or failures in service delivery.

Outsourcing to a regulated entity may reduce compliance risks, as these entities are already subject to oversight by the CMF or other regulators.

Regulated entities are likely to have established governance, risk management and compliance frameworks.

Fintech providers have gatekeeper responsibilities and must ensure that activities on their platforms comply with applicable law.

They are subject to CMF supervision and must implement adequate governance, risk management and cybersecurity frameworks, as well as safeguards for client data and assets.

Providers must ensure transparency, disclose risks and conflicts of interest, prevent fraud and market misconduct, and report relevant information to regulators, including AML/CTF compliance.

Failure to comply may result in sanctions, including fines, suspension or revocation of registration.

The law outlines the framework for regulatory oversight and enforcement actions that can be applied across the main verticals of fintech services.

Platforms for Financing Collective Projects

Violations include dissemination of false or misleading information about projects and conflict of interest non-disclosure.

Systems for Alternative Transactions

Violations include manipulation of prices, fictitious transactions and failure to ensure transparency in market operations.

Credit and Investment Advisory Services

Violations include providing recommendations that are inconsistent, fraudulent or not aligned with client needs.

Custody of Financial Instruments

Violations include misuse of client assets, failure to segregate accounts and inadequate security measures.

Routing of Orders and Intermediation of Financial Instruments

Violations include failure to meet transparency requirements, conflicts of interest non-disclosure and operational deficiencies.

General Enforcement Mechanisms

These include the following:

• sanctions for infringements – the CMF can impose fines, suspend operations or cancel registrations for entities that violate the law or fail to meet regulatory requirements;
• intervention and oversight – in some cases of financial instability or operational risks, the CMF can appoint an intervention administrator to oversee the entity’s operations and ensure compliance; and
• criminal and civil liability – severe violations, such as fraudulent activities or manipulation of financial markets, can lead to criminal charges and civil liability.

Entities must report incidents, breaches or operational deficiencies to the CMF, which can trigger investigations and enforcement actions.

Fintech participants are subject to additional frameworks concerning data protection, cybersecurity, advertising and software integrity.

Data Protection

Law No 19,628 currently governs, but Law No 21,719 (published 13 December 2024) will replace it on 1 December 2026. This new regime introduces the Personal Data Protection Agency (Agencia de Protección de Datos Personales – APDP), mandatory data protection officers (DPOs) and data protection impact assessments (DPIAs), data portability, and fines of up to UTM20,000 or 4% of annual turnover.

Cybersecurity

Entities must comply with CMF General Rules 338 and 423. Additionally, the Framework Law on Cybersecurity created the National Cybersecurity Agency (Agencia Nacional de Ciberseguridad e Infraestructura – ANCI). OIVs must implement ISO/IEC 27001 systems, appoint a chief information security officer (CISO) and report incidents to the computer security incident response team (CSIRT).

Social Media

NCG No 524 requires investment advisers with over 100,000 followers to register in the FSPR.

Software

Automated systems must meet CMF standards for reliability and objectivity, potentially requiring external certification.

The CMF is the main regulator overseeing fintech activities, and it also indirectly supervises other entities that may review the activities of industry participants, including accounting/auditing firms, vendors and industry bodies.

Accounting and Auditing Firms

These firms may be engaged by fintech providers to ensure compliance with financial reporting standards, internal controls and governance requirements.

Fintech providers often rely on external auditors for credibility and transparency, especially when seeking investment or partnerships. Legacy players typically have long-standing relationships with auditing firms, while fintech providers may need to establish these connections.

Other Vendors

Vendors providing software, cloud services and cybersecurity solutions (technology providers) play a critical role in ensuring compliance with technical standards. Vendors must meet security and operational standards set by the CMF, particularly for systems handling sensitive financial data.

Fintech providers often use third-party application programming interfaces (APIs) and cloud services, which may require additional scrutiny to ensure compliance.

Fintech providers often engage with industry bodies to stay up to date with trends and collaborate on compliance strategies. Legacy players may have less reliance on industry bodies due to their established regulatory frameworks.

The law explicitly addresses the regulation of financial services and provides clear guidelines for industry participants offering regulated products and services.

Entities providing regulated services are generally required to maintain as their sole and exclusive corporate purpose the provision of such services. However, General Rule No 524 introduced specific exceptions to this requirement for entities providing only investment advisory, credit advisory, alternative trading systems or crowdfunding services, provided that their services in Chile are directed exclusively to qualified investors (as defined in Article 4 bis of Law No 18.045).

Fintech providers often establish separate legal entities to offer unregulated services, ensuring compliance with regulatory requirements while diversifying their offerings.

Fintech providers must ensure clear separation between regulated and unregulated services to avoid regulatory scrutiny.

AML and sanctions compliance are critical components of the Chilean financial regulatory framework, impacting both regulated and, in certain cases, unregulated fintech companies.

AML obligations derive primarily from Law No 19.913, which created the UAF and established Chile’s AML/CFT framework. Under this regime, reporting entities must implement adequate governance, risk management and internal control policies to prevent money laundering and terrorism financing.

Fintech companies offering regulated services are subject to AML and sanctions rules applicable to their activities. Reporting obligations to the UAF are mandatory where transactions may involve suspicious activities, and entities must conduct customer due diligence and maintain monitoring systems proportionate to their risk profile.

Regulated fintech companies often adopt advanced technological tools (eg, AI-driven transaction monitoring systems) to enhance compliance efficiency. Compliance with AML rules is generally viewed as a competitive advantage, strengthening trust among clients, counterparties and investors.

The CMF and the UAF have broad supervisory and enforcement powers to monitor compliance, conduct investigations and impose administrative sanctions. Severe penalties, including cancellation of registration and potential criminal liability, may apply to entities failing to meet AML requirements.

Chile’s AML/CTF framework aligns with FATF standards through its focus on risk-based compliance, customer due diligence and reporting obligations. This alignment ensures that fintech companies operating in Chile adhere to internationally recognised best practices for combating money laundering and terrorism financing.       

Cross-Border Offering of Regulated Services

Foreign entities providing regulated services in Chile must establish either a locally incorporated company or a registered agency in the country, unless they qualify under the simplified regime applicable to services directed exclusively to qualified investors. In such cases, certain regulatory requirements may be relaxed, subject to compliance with applicable conditions.

The law does not explicitly provide exemptions for reverse solicitation, where a client in Chile initiates contact with a foreign provider to access regulated services without triggering domestic regulations.

Certain entities already regulated under other laws (eg, banks, insurance companies, brokers) may provide services provided they comply with their existing regulatory frameworks. In a small number of cases, this could enable the provision of cross-border services without triggering additional domestic regulations, but only for entities that are already recognised and regulated in Chile.

Different asset classes, such as security tokens and cryptocurrencies, require distinct business models due to their specific regulatory and operational characteristics. Law No 21.521 adopts a technology-neutral and activity-based approach, defining and regulating these asset classes according to their legal nature and the services provided in connection with them.

Security tokens fall within the category of financial instruments where they represent titles, contracts or assets designed to generate monetary returns or evidence credit rights. As such, they are subject to the general securities and capital markets framework, including registration requirements, governance standards, risk management obligations and transparency duties applicable to regulated services.

Cryptocurrencies are classified as virtual financial assets, representing digital units of value that can be transferred, stored or exchanged electronically, excluding legal tender in national or foreign currency. Under Law No 21.521, virtual financial assets constitute a specific subcategory of financial instruments. They are expressly incorporated into the regulatory perimeter and are subject to a differentiated supervisory regime when used in regulated services, particularly in activities such as custody, intermediation or trading platform operation.

Where advisory services are provided in connection with these asset classes, investment advisers must also comply with professional suitability requirements. In this regard, General Rule No 503 establishes knowledge certification requirements – ie, Securities Market Knowledge Accreditation Committee (Comité de Acreditación de Conocimientos en el Mercado de Valores – CAMV) examination – applicable to investment advisers and other market participants performing advisory functions, ensuring minimum standards of technical competence.

The law adopts a technology-neutral approach and does not distinguish between traditional and automated advisory models. Robo-advisers are treated as investment advisory services and are subject to the same regulatory framework.

Entities must comply with suitability, technical competence, governance and risk management requirements, regardless of whether advice is provided by humans or automated systems. They must also disclose methodologies, risks and conflicts of interest.

NCG No 504 imposes additional disclosure obligations on recommendations involving publicly offered securities, which may apply to robo-advisory models.

Legacy players may integrate robo-advisory solutions, provided they comply with the applicable regulatory requirements.

Key issues relating to best execution include the following.

Transparency and Fairness

Best execution requires promoting adequate price formation and enabling the optimal execution of customer orders.

Providers must have the capacity to process transactions efficiently through robust systems and infrastructure.

Interruptions or contingencies in systems must be disclosed to customers.

Entities must disclose potential conflicts of interest.

The CMF supervises the activities of entities involved in trade execution, ensuring compliance with legal standards.

The CMF can impose corrective measures to protect investors and ensure market integrity.

The legal framework also encourages entities to adopt innovative solutions for trade execution while maintaining compliance with regulatory standards.

The Fintech Law provides a general framework for financial services, including credit advisory, which may indirectly address aspects of lending activities. Credit advisory involves evaluating or recommending the creditworthiness of individuals or entities for the purpose of obtaining, modifying or renegotiating loans.

Entities providing credit advisory services must meet standards of suitability and technical competence and must disclose conflicts of interest, evaluation criteria and risks associated with their recommendations.

However, where fintech entities engage directly in lending activities – including online lending models – the underlying credit operations are also subject to Law No 18.010, which establishes the legal framework governing credit operations and monetary obligations in Chile. This statute regulates, among other matters, maximum conventional interest rates, usury limits and general contractual conditions applicable to credit agreements.

Accordingly, non-bank lenders operating through digital platforms must ensure compliance not only with the Fintech Law and CMF requirements (where applicable), but also with the substantive limitations imposed by Law No 18.010 on interest rates and credit structures.

In addition, compliance with financial integrity, data protection and AML measures remains mandatory for all financial service providers involved in lending activities.

The system provides general principles and requirements for financial services, including credit advisory, which may involve underwriting-related activities.

Credit advisory involves evaluating the creditworthiness of individuals or entities, including their ability to repay loans. Providers must use objective, coherent and consistent standards in their evaluations.

The CMF supervises entities providing financial services, ensuring compliance with legal standards. While the law does not prescribe specific underwriting methodologies, it requires adherence to principles of transparency, risk management and customer protection. Entities must implement policies, procedures and controls to manage risks inherent to their business lines.

Providers must disclose the criteria, methods and risks involved in their evaluations to customers.

Underwriting typically involves assessing credit scores, income, debt-to-income ratios and collateral for individuals. For businesses, it may include reviewing financial statements, business plans and market conditions.

The law does not explicitly outline the sources of fiat currency funds for loans or the legal and regulatory issues associated with each source. However, it provides a framework for financial services, including platforms for crowdfunding and other financial activities, which may involve loan funding.

The platforms must disclose project details, risks and potential conflicts of interest. They are subject to oversight by the CMF and must comply with governance and risk management requirements.

Entities providing loans that may raise capital through private investments or equity offerings must comply with corporate governance and risk management standards. If the raised capital involves securities it may fall under the Capital Markets Law, which regulates public offerings and securities registration.

Only banks and other financial institutions authorised to take deposits are regulated under the GBL and supervised by the CMF. Deposit-taking institutions must comply with strict liquidity, solvency and operational requirements. They are subject to AML and customer protection regulations.

The syndication of loans is only regulated for banks. The Fintech Law outlines a framework for financial services, including platforms for crowdfunding.

Crowdfunding allows multiple investors to fund projects or loans. This could resemble syndication, where multiple parties contribute to a single loan. Entities providing these services must be registered with the CMF and comply with governance, risk management and transparency requirements. Platforms must disclose project details, risks and potential conflicts of interest to participants.

The law does not explicitly state whether payment processors must use existing payment rails or if they are allowed to create or implement new ones. However, it provides a framework for financial innovation, including provisions for payment services and OFSs, which suggest flexibility in implementing new payment mechanisms.

Banks and financial institutions offering accounts and payment initiation service providers are regulated under the new law. These entities must comply with interoperability standards and ensure secure access to payment systems. The law promotes technological neutrality, allowing innovation in financial services.

Payment processors may implement new systems or interfaces, provided they meet the security, interoperability and operational standards set by the CMF. The OFS encourages the development of interfaces for automated and remote access, which could include new payment rails.

Cross-border payments and remittances are subject to a combination of financial integrity, data protection and foreign exchange regulations.

In addition to AML and counter-terrorist financing obligations, cross-border transactions are governed by the Compendium of International Exchange Regulations (Compendio de Normas de Cambios Internacionales – CNCI) issued by the BCCh. The CNCI establishes the regulatory framework applicable to foreign exchange transactions, international transfers, reporting duties and certain registration requirements relating to cross-border capital flows.

The Fintech Law emphasises the prevention of money laundering and terrorism financing as a core principle. Entities providing financial services must implement adequate governance, monitoring and reporting mechanisms to comply with AML/CFT standards.

Adequate safeguards for the processing of customer data are required, including privacy and cybersecurity measures. Entities must provide clear information to customers regarding the terms of cross-border transactions and must report relevant information to the SII for tax purposes where applicable.

The CMF oversees compliance with financial regulations applicable to regulated entities and has the authority to impose preventive or corrective measures in case of non-compliance.

Various types of marketplaces and trading platforms are permissible, each with specific regulatory requirements.

Crowdfunding Platforms

These are physical or virtual spaces where individuals or entities with investment projects or financing needs connect with those willing to provide resources. They must be registered in the FSPR. Obligations include providing clear information about projects and potential conflicts of interest. Governance and risk management standards must also be met.

Alternative Trading Systems

These are physical or virtual spaces for quoting, offering or trading financial instruments or public securities; they are not authorised as stock exchanges. These systems must be registered and authorised by the CMF. They are required to maintain operational capacity for processing transactions and ensure transparency in price formation. Governance, risk management, and internal regulations promoting fair and competitive markets are mandatory.

Financial Instrument Intermediation

This refers to activities involving the purchase or sale of financial instruments for third parties, either directly or through intermediaries. Entities must be registered and authorised by the CMF. They must meet the requirements for operational capacity, guarantees and minimum capital. Governance and risk management standards apply.

Order Routing

This refers to channelling orders from third parties for the purchase or sale of securities or financial instruments to trading systems or intermediaries. Registration and authorisation by the CMF are required. Entities must meet operational, governance and risk management standards.

Custody of Financial Instruments

This refers to the safekeeping of financial instruments, money or foreign currency on behalf of third parties. Registration and authorisation by the CMF are mandatory. Entities must meet minimum capital and guarantee requirements, and governance and risk management standards apply.

Operational Requirements

Some entities are required to maintain robust operational systems to ensure transaction processing and market transparency. There are minimum capital and guarantee requirements to protect clients. Governance and risk management policies are tailored according to the size, volume and nature of operations.

Different asset classes are subject to distinct regulatory regimes. Security tokens qualify as financial instruments where they represent debt, equity or economic returns, and are subject to general rules on transparency, reporting and governance.

Cryptocurrencies are recognised as virtual financial assets under the Fintech Law and are regulated depending on the activity performed (eg, custody, intermediation or trading). Entities must comply with AML/CFT, data protection and governance requirements. The framework is technology-neutral and applies based on the nature of the activity. Traditional financial instruments remain subject to the Capital Markets Law, including in regard to registration and public offering requirements.

Cryptocurrency exchanges – both centralised and decentralised – are addressed within Chile’s technology-neutral and activity-based framework for financial services. The emergence of these platforms has increased regulatory attention, with a focus on transparency, operational resilience and user protection.

Centralised exchanges that facilitate the trading of cryptocurrencies may be categorised as alternative trading systems where their activities fall within the scope of regulated financial services. In such cases, they must:

• register with the CMF;
• comply with governance and risk management standards;
• ensure operational capacity for secure transaction processing; and
• implement AML and CFT measures.

Decentralised cryptocurrency exchanges (DEXs) operate through distributed protocols or smart contracts, enabling users to trade crypto-assets without a traditional intermediary. While no specific regulatory regime applies to DEXs as such, their activities may nevertheless be subject to regulatory scrutiny depending on their functional characteristics and the involvement of identifiable service providers.

Listing standards for financial instruments, including those traded on platforms such as alternative trading systems, are regulated to ensure transparency, investor protection and market integrity.

Financial instruments must be registered in the Securities Registry if they are subject to public offering. Platforms facilitating the trading of financial instruments must be authorised by the CMF.

Platforms must provide clear and accurate information about the financial instruments listed, including their characteristics, risks and conditions. Issuers must disclose essential information about their financial, economic and legal situation. Platforms must also implement governance and risk management policies to ensure fair and transparent trading.

Certain instruments, such as unregistered securities, are excluded from public offering unless explicitly authorised.

Order handling rules apply under law, particularly for platforms categorised as alternative trading systems and entities involved in order routing. These rules are designed to ensure transparency, fairness and efficiency in the execution of orders.

Platforms and intermediaries must:

• ensure the best execution of orders, prioritising fairness and efficiency in processing;
• maintain operational capacity to support the secure and timely processing of transactions; and
• provide clear information about the conditions of access and functioning of their systems.

Platforms must disclose:

• the conditions under which orders are routed and executed; and
• any potential conflicts of interest that may arise in the handling of orders.

Platforms facilitating order routing must adopt internal regulations to ensure an equitable, competitive and transparent market, promoting proper price formation and the best execution of user orders.

The CMF oversees compliance with these rules and may impose corrective measures or suspend operations if platforms fail to meet order handling standards. Platforms and intermediaries strive to execute orders at the best available price and under optimal conditions for clients. Transparency in disclosing conflicts of interest is critical to maintaining trust.

The rise of peer-to-peer (P2P) trading platforms significantly impacts both traditional financial institutions and fintech players, while also introducing regulatory challenges.

Traditional Financial Institutions

Here, the following are pertinent:

• competition – P2P platforms challenge traditional institutions by offering direct, decentralised trading, often with potentially lower fees and faster transactions;
• disintermediation – traditional players may lose market share as P2P platforms bypass intermediaries like brokers and banks; and
• adaptation – banks and other institutions may need to innovate, adopting similar technologies or partnering with fintechs to remain competitive.

Fintechs benefit from the rise of P2P platforms by leveraging technology to create innovative solutions, such as blockchain-based trading or automated systems.

Market Expansion

P2P platforms enable fintechs to reach underserved markets, promoting financial inclusion. P2P platforms must comply with the Fintech Law, which regulates services like crowdfunding platforms and alternative trading systems.

Ensuring compliance with AML and CTF regulations is critical, as P2P platforms may be vulnerable to misuse. P2P platforms handle sensitive financial data, requiring adherence to strict data protection standards.

The law does not expressly regulate payment for order flow (PFOF), but its general principles on transparency, conflicts of interest and best execution apply.

Entities providing order routing or intermediation services must disclose conflicts of interest, ensure fair and efficient execution, and provide clear information on order routing arrangements. PFOF structures may raise concerns under these principles, particularly regarding impartiality, market integrity and quality of execution, and are therefore subject to regulatory scrutiny.

The framework establishes principles to ensure market integrity, including transparency, fairness, best execution and technological neutrality. Entities must provide clear and timely information, ensure equitable access and trading conditions, prioritise best execution, and disclose and manage conflicts of interest.

Market abuse is prohibited, including price manipulation, fictitious transactions, misleading information and unauthorised use of client assets. Breaches may result in administrative and criminal sanctions. The CMF supervises compliance and may impose sanctions, including fines and revocation of authorisations.

The law does not establish a specific regime for algorithmic trading but applies general principles on transparency, governance and risk management.

Entities using algorithms must ensure system reliability, objectivity and consistency, and implement adequate governance, risk and cybersecurity controls. The CMF may require certification of such systems. Entities must disclose key parameters and methodologies, as well as conflicts of interest, particularly in advisory services. Algorithmic systems must not engage in market abuse.

The CMF supervises compliance and may tailor requirements depending on the nature of the service or asset class.

In Chile, entities functioning in a principal capacity as market makers are required to be licensed or registered to operate professionally. The law establishes a registration and authorisation regime for entities providing financial services, including those acting as intermediaries or market makers.

Entities providing services such as intermediation of financial instruments must be registered in the Registry of Financial Service Providers managed by the CMF. Only entities registered in this registry can operate professionally in these capacities.

To be registered and authorised, entities functioning as market makers must meet the following conditions:

• exclusive business purpose;
• operational and risk management capacity;
• guarantees and minimum capital;
• governance and risk management; and
• transparency and disclosure.

Certain entities, such as banks and securities intermediaries, may operate as market makers without being registered in the FSPR, provided they are already regulated under other legal frameworks.

The CMF oversees compliance with these requirements and has the authority to:

• suspend or revoke registrations for non-compliance; and
• impose sanctions for violations, including operating without proper registration.

The Chilean framework distinguishes between funds and dealers based on their roles and business models.

Funds pool investor capital and are managed under the Fund General Law. Managers must meet capital and guarantee requirements, comply with disclosure obligations, and implement appropriate governance and risk management standards. Where automated systems are used, their suitability and security must be ensured. The CMF supervises fund administrators.

Dealers act as intermediaries in financial markets, including as market makers. They must be registered, meet capital and guarantee requirements, and implement governance and risk management controls. They are also subject to rules preventing market abuse. The CMF oversees their compliance.

Programmers are not directly regulated; regulation applies to the entities that use algorithmic systems. Such entities must ensure the reliability, security and accuracy of their systems, including compliance with standards of integrity, objectivity and consistency. They must also implement governance, risk management and cybersecurity controls, and prevent market abuse.

Entities remain fully responsible for algorithm performance and must disclose relevant methodologies and criteria. The CMF supervises compliance and may set technical requirements.

Underwriting processes are not specifically regulated but are subject to general principles on transparency, risk management and consumer protection.

Insurtech companies may use traditional or technology-driven underwriting, including data analytics and AI, provided processes remain objective and fair. The framework allows parametric insurance based on predefined triggers, subject to CMF criteria.

Entities must implement adequate governance and risk management, ensure accurate and non-misleading information, and certify automated systems where used.

Different types of insurance are subject to differentiated treatment depending on their risk profile. Life insurance and annuities involve long-term commitments and are subject to stricter governance, solvency and underwriting requirements. Parametric models are not permitted for these products.

Property and casualty insurance, by contrast, is more suitable for parametric models based on predefined triggers, allowing simplified underwriting and faster claims.

The framework also promotes microinsurance and inclusive insurance, with simplified processes and mass-market distribution, subject to specific CMF rules.

Regtech providers ‒ entities that use technology to assist in regulatory compliance ‒ are regulated depending on their activities. The law establishes a framework for oversight by the CMF, which supervises entities involved in financial services, but does not include those leveraging technology for compliance purposes.

Financial services firms must ensure that technology providers meet performance, accuracy and regulatory standards through contractual arrangements.

Contracts typically include performance guarantees, liability and indemnification clauses, service level agreements (SLAs), audit and reporting obligations, and termination rights for non-compliance.

Technology providers must comply with applicable regulatory requirements, including cybersecurity, data protection and data accuracy standards, as defined by the CMF. Firms remain responsible for ensuring appropriate governance and risk management frameworks.

Traditional players are working to collaborate with fintech and take advantage of the new ecosystem too. The OFS established by law promotes interoperability and secure data exchange between financial institutions. Blockchain could play a role in ensuring secure and transparent data sharing.

While the system does not consider blockchain implementation, it provides a regulatory framework that supports its use in areas like payment systems, custody and tokenisation. Traditional players in the financial services industry are likely to explore blockchain to enhance security, efficiency and transparency, aligning with the law’s principles of innovation and inclusion.

The law provides a clear framework for the use of blockchain and other innovative technologies in the financial services industry in Chile. Local regulators, particularly the CMF and the BCCh, have introduced provisions and interpretations that support blockchain adoption while ensuring compliance with security, reliability and transparency standards.

The law explicitly acknowledges distributed ledger technologies (eg, blockchain) as valid systems for recording digital representations of value, including financial instruments and payment systems.

Blockchain-based systems are permitted for representing money (national or foreign currency) recorded on the blockchain and can be used to document obligations payable in various currencies.

The BCCh is tasked with setting minimum standards for blockchain-based systems, including the following.

• security – ensuring the reliability and protection of transactions;
• acceptability – promoting mass adoption and usability; and
• reliability – preventing fraud and ensuring system integrity.

The OFS established by law promotes interoperability and secure data exchange between financial institutions. Blockchain could play a role in ensuring secure and transparent data sharing.

The law allows for the tokenisation of financial instruments and assets, provided they meet regulatory standards for security and transparency.

The CMF has broad powers to monitor blockchain-based systems used by financial institutions. It can also issue regulations to ensure compliance with cybersecurity, data protection and risk management standards. The CMF will define the technical and operational standards for the OFS, which may include blockchain-based solutions for the secure exchange of data.

The law mandates a phased implementation of blockchain-related systems, with the CMF setting timelines and standards for adoption.

The regulatory classification of blockchain assets under Chilean law depends on their legal nature and the activity in which they are used.

Under Law No 21.521, virtual financial assets are expressly recognised as financial instruments. They represent digital units of value that can be transferred, stored or exchanged electronically, excluding legal tender in national or foreign currency. As a specific subcategory of financial instruments, they are subject to a differentiated supervisory regime depending on the regulated service involved.

Financial instruments are defined as titles, contracts or documents designed to generate monetary returns or represent credit rights, and expressly include virtual financial assets within their scope.

Accordingly, blockchain-based assets that qualify as virtual financial assets fall within the financial regulatory perimeter when used in regulated activities such as intermediation, custody or the operation of trading platforms.

However, certain blockchain-based tokens that do not qualify as virtual financial assets – such as pure utility tokens or non-financial digital assets used exclusively for access or consumption purposes – may fall outside the scope of financial regulation, provided they do not involve investment characteristics or regulated financial services.

The classification of certain blockchain assets, including asset-backed tokens or stablecoins, may require case-by-case analysis depending on their structure, economic function and the rights they confer.

While the legal framework seeks to provide clarity through a technology-neutral approach, borderline cases may still raise interpretative challenges, particularly where digital assets combine utility and investment features.

The regulatory treatment of issuers depends on the asset’s legal nature under the Fintech Law, applying a substance-based approach.

Prudential Rules

NCG No 502 (amended by NCG No 524) sets risk-weighting for crypto-assets: “Type A” (eg, Bitcoin/ETH) at 100% and “Type B” (asset-backed) at differentiated rates.

Financial Instruments

Tokenised securities or assets designed for monetary returns fall within the regulatory perimeter. Public offerings require registration in the Securities Registry (Law No 18,045) and market disclosure.

Virtual Financial Assets

While recognised as financial instruments, the Fintech Law does not impose a standalone licensing regime for issuance unless it involves a public offering or regulated service (custody/trading).

Utility Tokens

Pure utility tokens for access or consumption remain outside the financial perimeter, subject only to general consumer protection and fraud legislation. Initial sales of regulated tokens must comply with Law No 18.045 unless they qualify as private placements. The CMF retains interpretative powers to assess issuances on a case-by-case basis.

Blockchain asset trading platforms and secondary market trading are regulated based on the classification of the assets being traded. The law provides a framework for platforms that facilitate trading of financial instruments and establishes oversight mechanisms for intermediaries and P2P transactions.

Blockchain Asset Trading Platforms

Blockchain asset trading platforms that facilitate the trading of financial instruments are regulated as alternative systems of trading.

Platforms must be registered in the FSPR maintained by the CMF, and they must obtain authorisation from the CMF before initiating operations. Platforms must also have systems and procedures to ensure transparency, security and proper functioning. They must implement governance and risk management policies.

Platforms must maintain an internal regulation to ensure equitable, competitive and transparent trading, and they must provide information about transactions, interruptions and contingencies to the CMF and the public.

Platforms for virtual financial assets are not automatically regulated unless the assets qualify as financial instruments. Platforms may be subject to AML and CTF regulations.

Regulation of Secondary Market Trading

Intermediaries facilitating the trading of financial instruments must be registered in the FSPR. They must obtain CMF authorisation before initiating operations.

P2P Trading

P2P trading of blockchain assets is not explicitly regulated under the law unless the assets qualify as financial instruments. P2P transactions involving crypto-assets may be subject to AML/CTF regulations. Platforms and intermediaries trading unregulated blockchain assets (eg, utility tokens) may expose investors to risks such as fraud or lack of transparency.

There are no explicit regulations governing staking services related to cryptocurrencies. However, the regulation of such services may depend on the classification of the cryptocurrencies involved and the nature of the staking activity.

If staking is structured as a financial service (eg, offering returns or rewards that resemble investment products), it may fall under the scope of the Fintech Law as a regulated activity, such as investment advisory.

Entities providing staking services may need to register in the FSPR. They may be subject to governance, risk management and reporting requirements.

Staking services involving cryptocurrencies may be subject to AML/CTF regulations if they are deemed to pose risks related to money laundering or terrorism financing. Providers may need to report suspicious transactions to the UAF.

If staking is purely a technical activity (eg, validating transactions on a blockchain without offering financial returns), it is unlikely to be regulated under local law. Such activities may still be subject to general consumer protection laws.

The provision of lending services related to cryptocurrencies is regulated if the activity involves financial instruments or falls under the scope of credit advisory. If the lending activity involves cryptocurrencies classified as financial instruments, it is subject to regulation under the Fintech Law.

Lending services related to cryptocurrencies may fall under the scope of the Financial Services or Money Lending Operations special laws. Entities providing lending services must register in the FSPR. They must obtain authorisation from the CMF before initiating operations. Providers must comply with governance, risk management and reporting requirements.

Lending services involving cryptocurrencies may be subject to AML/CTF regulations. Providers must report suspicious transactions to the UAF. P2P crypto lending may remain unregulated unless AML/CTF concerns arise.

The offering of cryptocurrency derivatives is regulated under Law No 21.521, which includes derivatives and similar contracts within the definition of financial instruments.

Cryptocurrency derivatives (eg, futures, options or swaps) may be offered through financial intermediation or alternative trading systems.

Entities must register in the FSPR and obtain CMF authorisation prior to operations. They are subject to governance, risk management, reporting and transparency requirements, including disclosure of risks, pricing and terms.

Providers must also comply with AML/CTF obligations and report suspicious transactions to the UAF.

Unregulated or informal offerings may fall outside this framework but remain subject to general consumer protection laws.

DeFi services are regulated based on the underlying activity (trading, custody, or intermediation) regardless of their decentralised structure. If a DeFi platform facilitates activities involving financial instruments or virtual financial assets, it must register in the FSPR and obtain CMF authorisation. Claims of exemption due to lack of traditional intermediaries are invalid under the Fintech Law. Platforms are considered service providers and must comply with governance, risk management and AML/CTF reporting obligations (to the UAF). Regulatory focus remains on transparency, risk disclosure and addressing vulnerabilities like market manipulation or cybersecurity flaws within smart contracts.

Funds that invest in blockchain assets, whether partially or entirely, are regulated under the General Funds Management Law and other applicable laws in Chile. Funds investing in blockchain assets, such as cryptocurrencies, security tokens or other blockchain-based financial instruments, are subject to this framework.

Blockchain assets are considered financial assets if they generate monetary returns or represent debt or virtual financial assets. Fund managers must register with the CMF, and each fund must also be registered before being offered to the public. Authorisation from the CMF is required before operations.

Fund managers must:

• implement governance, risk management and cybersecurity measures to protect investors and ensure operational continuity;
• maintain minimum capital equivalent to the greater of USD200,000 or 3% of risk-weighted assets; and
• disclose risks, characteristics and conditions of blockchain assets to investors – misleading or incomplete information is prohibited.

Fund managers investing in blockchain assets are subject to AML/CTF regulations and must report suspicious transactions to the UAF. If automated systems are used for investment decisions, managers must demonstrate their reliability and inviolability to the CMF. Fund managers must also provide guarantees to ensure compliance with obligations and protect investors.

Blockchain assets held by funds must be segregated and securely maintained to prevent misuse or unauthorised access.

Virtual currencies and blockchain assets are defined and treated differently based on their characteristics and intended use.

Virtual Currencies

Virtual currencies represent digital units of value, goods or services, excluding money (whether in national or foreign currency). They can be transferred, stored or exchanged digitally.

Virtual currencies are treated as digital representations of value but are not considered money. They are subject to regulations when used in financial services, such as custody, trading or investment platforms.

Virtual currencies are excluded from the definition of financial instruments unless explicitly structured as such.

Blockchain Assets

Blockchain assets defined as financial instruments include titles, contracts and intangible assets designed to generate monetary returns or represent debts or virtual financial assets. Blockchain assets may include security tokens, derivatives, contracts for difference and other financial instruments.

Blockchain assets are treated as financial instruments if they are designed to generate monetary returns or represent debts or virtual financial assets. They are subject to stricter regulations, including registration, authorisation, and compliance with governance and risk management requirements.

NFTs and NFT platforms may fall within the fintech regulatory perimeter depending on their characteristics and intended use cases.

Regulatory Perimeter for NFTs and NFT Platforms

NFTs are unique digital assets typically representing ownership of a specific item, such as art, collectibles or intellectual property, stored on a blockchain. In some cases, they can be classified as virtual financial assets or cryptocurrency if they represent digital units of value that can be transferred, stored or exchanged digitally.

Platforms facilitating the trading, custody or issuance of NFTs may fall under the scope of alternative systems of trade or custody. If NFTs are structured to generate monetary returns or represent financial rights, they may be considered financial instruments.

NFTs designed for investment purposes (eg, fractional ownership of real estate or securities) could be regulated as financial instruments. Platforms offering such NFTs would need to register with the CMF and comply with governance, risk management and transparency requirements.

Exclusion From the Regulatory Perimeter

NFTs used solely for non-financial purposes, such as digital art or collectibles, are unlikely to fall under the fintech regulatory perimeter.

Inclusion in the Regulatory Perimeter

NFTs and platforms are included if they involve financial services, such as trading, custody or investment. The law aims to regulate activities that could impact financial stability, investor protection or public trust.

NFTs with purely artistic or non-financial purposes are excluded because they do not pose risks to the financial system or involve monetary returns.

Stablecoins are indirectly regulated through the BCCh, which has authority over payment systems. Following the amendment to Article 35 No 8 of the BCCh Organic Law, the BCCh is empowered to regulate digital representations of value backed by fiat currency (national or foreign). Issuers or platforms handling these assets as part of a payment system must comply with BCCh standards on security, reliability and interoperability. Furthermore, if a stablecoin is structured to generate monetary returns, it may be classified as a financial instrument under the Fintech Law, requiring CMF registration.

In Chile, the law actively supports the implementation of open banking through the establishment of the OFS under Title III. The law aims to promote competition, innovation and inclusion in the financial system.

It establishes rules for the interchange of financial data between institutions, subject to explicit customer consent. Law No 21.236 on Financial Portability (2021) establishes the right of customers to transfer financial products between financial institutions through a simplified and standardised process. This regime operates as a complementary framework to the OFS, reinforcing customer mobility and competition in financial services.

Key Features of the Open Finance System

Data sharing

Institutions must enable the exchange of customer financial data through remote and automated interfaces (APIs). Data includes account information, transaction history and other financial details.

Consent and security

Customers must provide explicit consent for data sharing, ensuring privacy and security. Institutions must comply with cybersecurity standards and report security incidents.

Participants

Banks, card issuers and other financial institutions are required to participate as information providing institutions.

Third-party providers (TPPs) can register as information service providers to access data and offer services.

Gradual implementation

The CMF is tasked with defining the implementation timeline and technical standards. This phased approach ensures a smooth transition and minimises disruptions.

Challenges or inhibitions

Technical and operational barriers

Institutions must develop and maintain secure APIs, which may require significant investment. Smaller institutions may face challenges in meeting technical requirements.

Customer awareness

The success of open banking depends on customer understanding and trust in data-sharing mechanisms. Lack of awareness could limit adoption.

Regulatory complexity

The law introduces detailed requirements for consent, security and interoperability, which may be challenging for institutions to implement effectively.

Comparison with Payment Services Directive 2 (PSD2 – Europe)

Similarities

Both frameworks emphasise the importance of customer consent, data security and standardised APIs. They aim to foster competition by enabling TPPs to access financial data.

Differences

PSD2 focuses on payment services and mandates access to payment account data, while the Chilean system has a broader scope, covering various financial products and services. PSD2 is more mature, with established technical standards – eg, regulatory technical standards (RTS) for APIs – whereas Chile’s open banking system is still in the implementation phase.

Banks and technology providers in Chile are required to address data privacy and data security concerns raised by open banking through strict regulatory measures. An overview of how these concerns are being managed follows.

• Banks and technology providers must obtain explicit, informed and specific consent from customers before sharing their financial data.
• Customers can revoke consent at any time, and providers are prohibited from using data beyond the scope of the authorisation.
• Institutions must clearly inform customers about the type of data being shared, the purpose of sharing, and the validity period of the consent.
• Open banking participants must adhere to Chile’s Data Protection Law, ensuring the confidentiality and proper handling of personal data.
• Banks and technology providers must implement minimum security standards for data protection, including measures to ensure the confidentiality, integrity and availability of information. These standards are defined by the CMF through general regulations.
• Data exchange must occur through APIs that meet stringent security requirements. APIs must be interoperable and include mechanisms to prevent unauthorised access or data breaches.
• Institutions are required to report security incidents to the CMF without delay and take immediate steps to mitigate risks.
• Banks and providers must implement strong customer authentication (SCA) methods to verify the identity of users and ensure secure access to data. Authentication standards may include multi-factor authentication and encryption.
• Banks and technology providers are investing heavily in cybersecurity infrastructure and API development to comply with regulatory requirements. Smaller institutions may face financial and technical challenges in meeting these standards.
• Banks are partnering with fintech companies and technology providers to leverage their expertise in secure data handling and API development. Industry-wide collaboration helps establish best practices and shared security protocols.
• Institutions are focusing on educating customers about the benefits and risks of open banking, as well as their rights regarding data privacy and security. Building trust is critical for adoption.

Fraud in the Chilean fintech sector is addressed through both administrative sanctions and criminal penalties. The CMF’s primary areas of focus include:

• misrepresentation – intentional provision of false financial statements or misleading data;
• market manipulation – artificial price influence or fictitious transactions;
• unauthorised use – misuse of client funds or assets held in custody;
• cyber fraud – exploiting authentication weaknesses or unauthorised transactions via APIs; and
• inducement to error – misleading advice or tendentious investment recommendations.

Regulatory oversight prioritises transparency and ensures entities operate with proper FSPR registration. Violations may result in registration cancellation or criminal prosecution for financial crimes. In open banking, the focus shifts to payment initiation fraud and ensuring SCA to prevent unauthorised transfers.

See 12.1 Elements of Fraud.

Under Law No 21,673 (May 2024), amending Law No 20,009, issuers must provisionally restore disputed funds within ten business days for cards and 15 days for ATMs. Providers are liable for losses from misinformation, misuse of funds or cybersecurity breaches if authentication systems fail. The mandatory restitution threshold is no longer fixed at UF 35; it is now a regulatory range between Unidad de Fomento (UF) 15 and UF 35 set by the Ministry of Finance. Crucially, issuers may now request a suspension of restitution before the local police court within three business days if there is evidence of gross negligence or fraud by the user.

Providers are also liable for losses arising from unlawful data processing or breach of governance standards, unless external systemic market risks apply.