Over the past year, the fintech market in Panama has continued to grow and evolve, consistently challenging traditional financing models. According to information provided by the Panamanian Fintech Chamber (Cámara Fintech Panamá), more than 100 fintech companies are currently operating in the country covering areas such as paytech, crowdfunding, wealthtech, lending and insurtech, among others. The market remains attracted to Panama’s strategic geographic position, stability and diversity.

The different business models continue to pursue compliance by working closely with local regulators, abiding by existing laws and proactively adhering to international regulatory standards.

In the next year, given the number of legislative proposals submitted before our legislative branch, we expect legislation and regulatory engagement that further encourages continued growth of both international and local players.

Even though the fintech landscape is constantly evolving, Panama’s new and legacy players are currently concentrating on a few specific business models, as follows.

Payment Service Providers

These companies offer digital payment processing services, such as peer-to-peer, merchant or cross-border transaction services. Generally, these companies offer technological integrations or standalone platforms that facilitate payments in a prompt and secure manner.

Cryptocurrency Exchanges

Legacy players typically do not engage in this business model because there is currently a lack of formal regulation. In contrast, new entrants are entering this space and providing these services. Some of these new players offer a wide range of services similar to those of established currency exchanges (including custody of fiat currency and/or cryptocurrency, trading and leverage), while others focus solely on the exchange of fiat currency and/or cryptocurrency.

Digital Wallets

Due to the lack of regulation regarding digital wallets, legacy players have been able to use their banking licences to provide digital wallets within their respective ecosystems. New players have mostly avoided this business model due to the potential liabilities derived from the possibility of infringing the current deposit-taking regulations.

Digital Lending Platforms

Several fintech start-ups are focused on digital lending models, using data to assess creditworthiness for (mostly) personal loans. These platforms offer digital approval processes, with quick disbursements and smaller loans, filling the gap left by traditional lending institutions, which often have strict requirements.

Fintech Companies Serving Financial Institutions

These companies provide technological solutions that enhance and optimise operations of legacy players, enabling them to broaden their service offerings within an increasingly digitalised financial ecosystem.

Panama has a unified regulatory regime, meaning there is no distinction between state and federal regulation. Industry participants can be subject to one or more of the following three verticals that compose the regulatory regime:

• Banking: The main legal source for this vertical is Executive Decree 52 of 2008 (the Single Text of the Banking Law (as amended, the “Banking Law”)), and the sector is supervised and regulated by the Superintendency of Banks (SBP). The SBP oversees banks, trust companies and foreign exchange houses, in addition to acting as the local regulator for anti-money laundering (AML) matters related to certain fintech activities; thus, any business model that carries out activities within this scope will be subject to either registration or licensing requirements from the SBP.
• Securities: The main legal source for this vertical is Decree Law 1 of 1999 on the Securities Market in the Republic of Panama and the Superintendency of the Securities Market (the “Securities Law”). The sector is supervised and regulated by the Superintendency of the Securities Market (SMV), which oversees brokerage houses, investment advisers, stock exchanges, fund managers, clearing houses and credit rating agencies, among others. Thus, any business model that carries out activities within this scope will be subject to licensing requirements from the SMV. Additionally, the SMV supervises issuers and the registration of public offerings of securities.
• Financial companies: This vertical, which encompasses the regulation of lending companies, pawn shops, money remittance houses and movable goods leasing companies, has various legal sources. Even though there are different laws which regulate each of these businesses, they are all supervised and regulated by the Directorate of Financial Companies attached to the Ministry of Commerce and Industry (MICI). Lending companies are entities that engage in lending activities without deposit-taking activities.

As stated above, depending on the scope of the business model, a company may be subject to one or more of the regulations detailed above.

Companies normally charge their customers directly, having clearly communicated pricing and payment terms. However, depending on the specific business model and the regulatory vertical in which the company operates, there may be additional standards or specific information that must be included in the disclosures. For example:

• whenever a brokerage house has a conflict of interest, a separate and independent disclosure must be made to the customer; and
• lending companies must include specific information (interest, term, number of payments, etc) in their contracts.

In general, local law requires companies to provide full disclosure to their clients regarding the compensation models of their business. Furthermore, whenever a specific service is devoid of a legal framework in Panama, it is advisable that end customers be informed that all transactions carried out are at their own risk and are not regulated by the SMV or SBP for local purposes.

Currently, the regulations applicable to fintech industry participants do not differ from those applicable to legacy players in the finance sector. This is due to Panama’s regulatory framework’s lack of formal recognition of newer business models and more innovative enterprises. In other words, the regulatory landscape has not caught up with the emergence of fintech. Local laws and regulations have been made and implemented around traditional financial institutions, and these regulations do not yet include more flexible parameters or simplified licensing requirements for fintech companies, although there are currently several draft bills in discussion that aim to address this.

There is currently no regulatory sandbox available for fintech companies. Regulators are aware of the lack of specific regulations relating to certain fintech companies, and depending on the business model, they try to accommodate fintech companies within the existing legal framework. However, they are ultimately limited by the lack of regulations, and in many cases, they simply state that the fintech company is not subject to their supervision. Draft Bill 487, currently in discussion in the National Assembly, attempts to introduce a regulatory framework for a regulatory sandbox for fintech companies, although it has not yet been approved as law, and may undergo significant changes should it be enacted.

The regulatory scope of each of the three main financial sector regulators is based on the activities conducted by a company, as outlined in 2.2 Regulatory Regime. For instance, if a company is involved in public lending and issuing securities, it will need to interact with both the MICI and the SMV. Therefore, it is essential for companies to clearly define the specific services they will offer and to obtain the necessary registrations and licences.

In Panama, regulatory authorities do not formally issue “no-action” letters, as is commonly understood in jurisdictions such as the United States. However, entities can request an opinion to seek regulatory guidance or clarification before undertaking activities.

The Superintendencies (SBP and SMV) issue opinions ex officio or upon request, expressing the respective Superintendency’s administrative position regarding the law’s application. The opinions issued by the Superintendencies are limited to expressing the administrative position regarding the application of a specific provision of the applicable laws and regulations but may not contravene resolutions approved by the Board of Directors of the respective Superintendency or the Judiciary on the same subject. In the case of the SMV, and according to its regulation, the opinions are binding. However, in the case of the SBP, it is not expressly regulated, and therefore:

• the SBP can specify that the opinions are of general application and binding for the specific consultations presented; and
• the SBP can specify that they are non-binding without specifying a particular case.

Depending on the nature of the regulated function, it may or may not be allowed to be outsourced. Whenever local regulations allow for outsourcing, they generally state the requirements that the vendor must meet or state whether said outsourcing is subject to notification or prior approval from the regulator. The vendor is generally responsible to the party contracting the outsourcing, but engaging in outsourcing does not exclude the contracting party from its obligations and responsibilities to the regulator. The outsourcing of regulated functions should be assessed individually for each case. For instance, Agreement 9 of 2005 issued by the SBP defines “outsourcing” as the practice in which licensed banks engage third parties – either individuals or legal entities, including companies within the bank’s economic group – to perform activities, functions or processes that fall within the scope of their legal operations. Banks must seek prior authorisation from the SBP for all outsourcing agreements not exempt under Agreement 9 of 2005.

Panama has issued several laws and regulations relating to AML matters. In this sense, financially obliged subjects are responsible for monitoring and examining the activities carried out on their platforms or servers. However, this responsibility stems from being a regulated financial subject and not from being categorised as a “gatekeeper”. At present, there is no formal categorisation of a company as a “gatekeeper”.

The three main verticals and their respective regulators share similar enforcement actions. The applicable regulator has the faculty to impose penalties based on the evaluation criteria determined by the corresponding legal source. Generally, the legal source determines which actions and/or omissions are defined as very serious infractions or lesser infractions. Depending on the extent of the infraction, sanctions can include monetary fines, loss of licences or registration to carry out the activities, suspension of activities, removal of personnel from the position of administration or control, or other measures as mandated by the applicable law.

As mentioned above, there are no regulatory distinctions between legacy players and fintech companies. In general terms, however, there are a few applicable non-financial service regulations.

The Electronic Commerce Law

In Panama, electronic commerce is regulated by Law 51 of 2008, as amended (the “Electronic Commerce Law”), which applies to businesses that work through the internet and offer their services in Panama. The Electronic Commerce Law relates mainly to electronic contracts and the conditions relating to the validity and effectiveness of said contracts, and establishes the obligations and responsibilities of providers of commercial services through the internet, including those that act as intermediaries in the transmission of content by social media networks and the exchange of commercial information and documentation electronically, including offers, promotions and competitions.

The Data Protection Regulation

Law 81 of 2019, regulated by Executive Decree 285 of 2021 (the “Data Protection Regulation”), regulates the protection of personal data of natural persons and its handling, storage and treatment. The Data Protection Regulation applies to data processing that originates from or is stored in Panama and data processing carried out within the framework of a commercial activity on the internet, or any other means of electronic or digital communication in accordance with the Electronic Commerce Law to guarantee data protection in activities aimed at the Panamanian market.

Whenever a person or entity obtains its users’ personal data, the person or entity must implement a privacy policy that respects the “ARCO rights” enshrined in the Data Protection Regulation. Such person or entity must also obtain the necessary consent from its users for the collection, use and processing of their personal data, in addition to complying with the requirements in case of transfer of said personal data to third parties (local or cross-border).

Law 45

Law 45 of 2007 (“Law 45”), which dictates regulations on consumer protection and defence of competition, is also applicable to financial service providers. In general, Law 45 implements standards for providing information clearly, truthfully and without inducing confusion. For example, credit products must expressly and visibly indicate the total amount of the debt, the effective interest rate applied and its calculation method, the commissions, and the natural or legal person providing the credit.

Assuming that industry participants have some kind of registration or licensing, they will generally be required to obtain audited financial statements from auditing firms and present them to the regulators, along with other information.

Industry participants generally do not offer unregulated products and services in conjunction with regulated ones. However, different legal entities within the same economic group can offer regulated and unregulated products separately, and regulators have not opposed this practice. In any case, this must be evaluated on a case-by-case basis to determine the regulator’s possible interpretation.

AML rules impact fintech companies because the regulations do not distinguish between established legacy players and fintech companies. Thus, the obligations and responsibilities will be the same across the board except for specific vertical regulations.

Law 23 of 2015 (“Law 23”) adopts measures to prevent money laundering, the financing of terrorism and the financing of the proliferation of weapons of mass destruction, and dictates other provisions which are further regulated by Executive Decree 363 of 2015 (“Regulation of Law 23”). Article 22 of Law 23 lists the financially obliged subjects, which the SBP supervises in matters of compliance with Law 23, the Regulation of Law 23, and other corresponding agreements relating to the prevention of money laundering, the financing of terrorism and the financing of the proliferation of weapons of mass destruction (the “Compliance Laws”). The Compliance Laws establish a series of measures that financial obliged subjects must implement to prevent the improper use of their services.

It is worth noting that it is possible for an entity to be subject to the Compliance Laws but not subject to licensing requirements. For example, entities dedicated to payment processing services and issuers of electronic money are financially obliged subjects and must register with the SBP in order to comply with the Compliance Laws, but they are not required to obtain a licence for their activities. Thus, a fintech company may not be required to have a licence from any of the regulators, but it could be subject to registration requirements with the SBP only for the purposes of the Compliance Laws.

Law 23 establishes a regime of administrative sanctions for those that violate its provisions. The supervisory bodies will apply sanctions considering the seriousness of the offence, its recurrence and the damage caused. Sanctions may include fines of between USD5,000 and USD5 million, which may be imposed on individuals and entities that fail to comply. In addition, progressive sanctions are provided for continuous violations, and corporate responsibility is established, attributing the acts of employees to the obliged entity.

The Compliance Laws are generally aligned with the standards of the Financial Action Task Force (FATF). Since the enactment of Law 23 in 2015, Panama has been actively taking significant steps to comply with FATF recommendations. However, its progress and effectiveness have been subject to periodic scrutiny by the FATF.

Local regulation does not explicitly permit reverse solicitation, although it does often apply to operations carried out in or from Panama. Under that premise, when a Panamanian customer independently approaches a foreign provider to access a regulated product or service, the provision of said foreign product or service would not be caught by local regulation. It is very important that the foreign provider does not carry out any prior marketing, solicitation or advertisement directed at the Panamanian market.

As mentioned above, Panama does not have a special regulatory framework for companies in the fintech industry, including robo-advisers. Therefore, there are no regulations or requirements for robo-advisers besides the applicable AML legislation (Law 23) and the Data Protection Regulation. The SMV regulates “investment advisers”, defined as individuals or entities that, for compensation, provide advice to others on the pricing of securities or the suitability of investing in, buying or selling those securities. This includes preparing and publishing studies or reports relating to securities, as well as advising on forex. These regulations apply to both individuals and companies, along with their employees, that offer investment advisory services to clients. However, there is currently no clear guidance on whether these regulations also extend to robo-advisers.

Legacy players in Panama have not developed or are only beginning to develop robo-adviser services for their clients. However, it is only a matter of time before all legacy players will offer these services to their clients since there is a trend in Panama for legacy players to create and implement fintech products and services based on modernisation and the current changing dynamic of services offered to a new wave of clients that want to leverage technology for their financial services.

Panama has no special regulations regarding the best execution of customer trades. However, some securities laws applicable to brokers establish that the individuals who carry out broker services have an obligation to perform their duties with the diligence and care that a person normally uses in their business. Brokers must carry out their duties with strict adherence to ethical principles, good conduct and transparency.

There are no significant differences in the business or regulation of loans to individuals, small businesses and other entities. The regulation of loan activities is based on the use of the funds rather than the recipients of the loans. Entities that extend loans fall into two categories: licensed banks or financial companies (empresas financieras). Licensed banks are regulated by the Banking Law, while financial companies are governed by Law 42 of 2001 (as amended, the “Financial Companies Law”). An entity is regulated under the Banking Law if it raises funds from the general public (through deposits or other means) and uses those funds to extend loans to third parties. Conversely, an entity is regulated under the Financial Companies Law if it uses its own funds to extend loans to third parties.

Both licensed banks and financial companies evaluate a potential client’s creditworthiness through the Panama Credit Association (APC, for its name in Spanish), a bureau that uses tools to assess an individual’s credit rating and accurately determine the associated loan risk. Additionally, licensed banks are legally mandated to establish credit and risk committees. These committees are responsible for assessing and approving (or rejecting) loans based on the prospective borrower’s profile and the transaction’s credit risk.

In Panama, companies can raise funds from various sources, including loans or equity investments from peers or private equity firms, loans from banks and financial companies, and private or public securities offerings. Lending between peers or by private equity firms does not require licences or permits, provided these activities do not fall under the definition of “banking business” as defined and regulated by the Banking Law and are not conducted in the ordinary course of business by the lending party. If lending to third parties becomes habitual and part of the ordinary course of an entity’s business, the entity would be classified as a financial company under the Financial Companies Law and require a licence from the MICI.

Equity fundraising may be regulated depending on the target audience. In Panama, public securities offerings are governed by the Securities Law and Agreement 2 of 2010 (as amended) issued by the SMV.

Under the Securities Law, a public offering of securities must be registered with the SMV when the offer or sale is made by an issuer, an affiliate of the issuer, or an offeror of the issuer or its affiliate in Panama. An offer or sale of securities is considered to have been made in Panama if it is directed to individuals domiciled in Panama, regardless of whether the offer or sale originated from within Panama or abroad. All securities subject to a public offering, except those exempt from registration with the SMV, require authorisation from the SMV.

A registration application and a prospectus regarding the offering must be submitted for approval to the SMV.

Exemptions under the Securities Law include:

• (i) offers or sales of securities to persons domiciled outside the Republic of Panama;
• (ii) offers or sales of securities made by an issuer, an affiliate of the issuer, or an offeror of the issuer or its affiliate to no more than 25 persons, resulting in the sale of said securities to no more than ten persons within one year; and
• (iii) offers or sales of securities made by an issuer, an affiliate of the issuer, or an offeror of the issuer or its affiliate to institutional investors (as defined by Agreement 1 of 2001 issued by the SMV, as amended).

It is important to note that while the exemption in (iii) above does not require registration, certain formalities must be observed in accordance with Agreement 1 of 2001, such as notifying the SMV of the offering (as opposed to registering it).

Loan syndication frequently occurs in Panama; however, there are no specific laws or regulations regarding this.

In general terms, payment processors use existing payment rails or create and implement new ones to the extent they relate to new technologies such as blockchain.

Cross-border payments and remittances are regulated from the perspective of tax implications, regulated banks or financial entities and AML/CFT standards.

The Securities Law mandates that trading platforms for securities and other financial instruments are regulated by the SMV and must have a licence issued by this entity. The law defines a “security” as “[a]ny bond, negotiable commercial instrument, or other debt security, stock (including treasury stock), recognised stock right in a custody account, share, participation unit, participation certificate, securitisation certificate, trustee certificate, deposit certificate, mortgage certificate, option, and any other security, instrument, or right commonly recognised as a security or determined by the [SMV] to constitute a security”. Conversely, a “financial instrument” is defined as “[a]ny contract that gives rise to the creation of a financial asset for one entity and the creation of a financial liability or equity instrument for another entity”. This includes all financial assets and liabilities, whether securitised or not, as well as their derivatives, with underlying assets such as currencies and precious metals. The Securities Law classifies securities trading platforms as “self-regulated entities”. These platforms must establish internal rules and regulations based on the following principles:

• protecting the interests of investors;
• promoting co-operation and co-ordination among individuals responsible for processing information about securities, as well as for trading, safeguarding, clearing and settling securities;
• ensuring fair and representative participation of members in governing bodies;
• ensuring that fees and expenses paid by members are reasonable and equitably shared;
• reporting any violations of the Securities Law by members, directors, officials or employees to the SMV;
• monitoring members, directors, officials and employees to ensure compliance with internal rules, and establishing corresponding disciplinary procedures and sanctions;
• ensuring the confidentiality of transactions; and
• preventing deceptive and manipulative practices or any actions that may affect market transparency, promoting fair practices in securities trading and fostering the development of an efficient market.

Commodities Trading Platforms

Panama also permits commodities trading platforms under Law 23 of 1997 (as amended) and Executive Decree 11 of 1998 (as amended). The National Commission of Commodities Exchange regulates these platforms and requires them to have a licence to operate. Brokers also need a special licence to trade commodities on those platforms. Panama has one commodity trading platform, the Bolsa Nacional de Productos, S.A. (BAISA). Products that can be traded on commodities exchanges include any goods, services and products, whether domestic or foreign, and contracts or commercial documents that represent, establish or grant rights over these goods, services or products.

Securities and financial instruments are regulated by the Securities Law and the SMV. In contrast, commodities are regulated by Law 23 of 1997 (as amended) and Executive Decree 11 of 1998 (as amended). Currently, Panama does not regulate security tokens and cryptocurrencies.

No specific laws or regulations govern the issuance or transaction of virtual assets in Panama. An attempt was made to legislate this matter through Bill 697 of 2022, which ultimately did not become law.

Nevertheless, the emergence of cryptocurrency exchanges has forced the regulators to issue statements and, in certain cases, analyse whether they have jurisdiction over cryptocurrencies. For example, the SMV has issued public statements indicating that cryptocurrencies are not considered “securities” and therefore are not regulated by the SMV. The SMV has also warned the public about the risks associated with cryptocurrencies, noting that, in its view, cryptocurrencies:

• lack a legal framework and are not subject to supervision or regulation by any financial regulatory authority in Panama;
• have no inherent value, being intangible, and their circulation occurs via the internet;
• do not have the approval or regulation of a central authority;
• are vulnerable to money laundering;
• are highly volatile and speculative assets; and
• involve a high risk of fraud.

Furthermore, the SMV has stated that it does not have the legal authority to regulate or supervise crypto-exchange platforms. Recently, the SMV issued Opinion 4 of 2025, in which the SMV reaffirmed that cryptocurrencies are not considered securities or financial instruments under the Securities Law. As a result, Opinion 4 of 2025 states that a non‑custodial technological platform that facilitates user interaction with decentralised exchanges does not involve intermediation, investment advice, custody of financial instruments, portfolio management, or public offerings of securities, and therefore does not trigger any licensing, registration or compliance obligations before the SMV.

There are no regulatory listing standards.

For registered securities and financial instruments, industry practices indicate that public offerings totalling less than USD12 million are uncommon. Specifically, for bonds, Agreement 2 of 2010 issued by the SMV mandates that the duration of revolving bond programmes must not exceed ten years. This does not imply that the maturity of bonds issued under a revolving programme cannot extend beyond ten years from the issuance date; rather, the availability of the programme, under which the issuer can issue bonds, cannot last more than ten years.

Regarding securities trades on an organised exchange, Agreement 5 of 2003 issued by the SMV, which regulates order handling, mandates that brokerage firms require their clients to issue orders that are clear and precise in scope and meaning, ensuring both the issuer and recipient fully understand their effects. Orders placed over the phone may be recorded with prior client authorisation. Entities receiving orders must execute them or take necessary measures to deliver them to the responsible entity on the same day of receipt or, if not possible, on the next business day. The receiving entity must include the order in its register in strict chronological order, assigning each a consecutive number and identifying the broker who received the order.

These rules apply exclusively to entities handling orders for securities and financial instruments traded on organised exchanges in Panama or globally.

Peer-to-peer trading platforms of registered securities are currently not permitted in Panama, as the Securities Law requires that all trades of registered securities must be carried out through a stock exchange and the investors’ brokers and their brokerage accounts.

Panama does not regulate trading in securities that are not subject to registration and other assets (such as cryptocurrencies).

For peer-to-peer trading to prosper in Panama, the Securities Law would need to be amended to specifically exclude these innovative platforms from the definition of stock exchanges and establish clear rules on the types of transactions that peer-to-peer trading platforms can handle. However, fraud, money laundering and cybersecurity threats are big concerns for Panama’s regulators, so changes are unlikely to happen very quickly.

Payment for order flow is not regulated in Panama.

Under the Securities Law, markets should be designed to prevent deceptive and manipulative practices or any other actions that affect market transparency, to promote fair practices in securities trading, and to encourage the development of an efficient market.

High-frequency and algorithmic trading is not regulated in Panama.

Market makers are regulated by Agreement 2 of 2011 issued by the SMV, which regulates securities brokers and dictates that stock exchanges must establish the rules governing market makers. The Latin American Stock Exchange has established a rulebook for market makers, which indicates that market makers are a “fundamental pillar in financial markets, providing the opportunity to expand market reach and even engage in international transactions, leading to the benefit of being more recognised in other countries”. Under said rulebook, any securities broker can apply to be a market maker, which application is subject to the consideration of the board of directors of the stock exchange.

In Panama, the regulations do not distinguish between funds and dealers that engage in these activities.

The Securities Law does make a distinction between a dealer and a fund. The Securities Law defines a “broker‐dealer firm” as a legal entity engaging in the business of purchasing and selling securities or financial instruments for third parties or on its own account. The operation of a broker-dealer firm is regulated by Title III of the Securities Law and Agreement 2 of 2011 issued by the SMV. On the other hand, the Securities Law defines a “fund” (“investment company” in Panama as used in the Securities Law) as a legal entity, trust or contractual arrangement that, by issuing and selling its own participation quotas, engages in the business of obtaining money from the investing public through one payment or periodical payments for the purpose of investing and trading securities, foreign exchange, metals and supplies, chattel property or any other property determined by the SMV. The operation of a fund is regulated by Title VIII of the Securities Law and Agreement 5 of 2004 issued by the SMV.

Both business models require authorisation from the SMV. In the case of a broker-dealer firm, the legal entity requires a licence issued by the SMV. In the case of a fund, the legal entity must be registered with the SMV.

Panama has no regulations for programmers and the programming to develop and create trading algorithms and other electronic trading tools, provided the programmers are not performing trades.

The underwriting process by industry participants in insurtech usually involves the same process as that of traditional insurance companies. There is no separate regulation applicable to insurtech. The Superintendency of Insurance and Reinsurance (SSR) is the local regulatory body that supervises and regulates the insurance and reinsurance business.

The participants treat each type of insurance in accordance with the applicable current regulations.

There is only one insurance regulator, which is the SSR, and regulation is mainly focused on the following lines of business, each of which requires its own respective licence:

• personal – individual life in all its modalities, collective or group, personal accidents, health, industrial, annuities, income, disability, loss of income, assistance to travellers or any other insurance covering exposure to loss and risks of persons;
• general – fidelity, fire and similar, maritime, land and/or air transport, sea and air hull, automobile, aviation, civil liability, theft, technical branches, property titles, various risks, extensions of manufacturer guarantee, or any other insurance not included in the field of people and/or guarantees/bonds; and
• guarantee and bond – compliance with contracts, with payment and other related guarantees or bonds relating to the construction of works or for the supply of materials or equipment or any other bonds/guarantees.

Each of these lines of business has different applicable regulations (eg, for purposes of reserves or obligations of the parties).

Regtech providers are not specifically regulated in Panama. However, financial companies generally use their services in order to comply with AML laws, such as Law 23.

In Panama, there are no regulations governing the terms and conditions of contracts with regtech providers, allowing financial services companies the flexibility to negotiate their contractual obligations with these providers.

Due to a lack of regulation, traditional players have been reluctant to implement blockchain technology in the provision of their financial services.

In recent years, there have been several legislative initiatives, but none have been enacted into law.

Panama’s latest legislative efforts to regulate blockchain and virtual‑asset activities are reflected in Draft Bills 247, 326 and 487, all of which remain under consideration in the National Assembly and have not yet passed the three‑debate process required for enactment.

• Draft Bill 247 of 2025, introduced by the Commerce and Economic Affairs Commission, proposes the most comprehensive crypto‑focused regime to date. It defines key digital‑asset concepts and would create the National Council of Digital Assets (CONAD) to supervise and co-ordinate policy for cryptocurrencies and virtual asset service providers (VASPs). The bill mandates VASP registration, FATF‑aligned AML controls, audits, transparency obligations and regulatory oversight for token offerings, while also introducing tax incentives for blockchain start-ups.
• Draft Bill 326 of 2025, also pending legislative approval, complements this approach by aiming to establish a mandatory AML‑driven licensing and supervision framework for VASPs under the authority of the SMV. It would reinforce FATF compliance, formalise VASP registration through a public registry, and allow banks to engage in virtual‑asset activities subject to strict KYC, traceability and risk‑management standards.
• Draft Bill 487, introduced in January 2026 and still in the early stages of debate, would incorporate blockchain activity into a broader fintech regulatory structure. Although wider in scope, it would create a Special Fintech Regime that covers digital‑asset services alongside other fintech verticals and require blockchain‑based operators to obtain a fintech licence and register in a national registry supervised by the SBP. The bill would also establishe an Interinstitutional Fintech Council and a regulatory sandbox designed to test innovative blockchain models in a controlled environment, while co-ordinating oversight with other financial regulators.

Taken together, these three draft bills reflect Panama’s emerging interest in blockchain regulation and seek to provide long‑needed legal certainty for virtual‑asset activities in the country.

Blockchain assets are not regulated in Panama. Under Opinion 2 of 2015 and Opinion 1 of 2018, the SMV has established that tokens registered in a blockchain are not considered “securities” under their current definition in the Securities Law. Opinion 4 of 2025 has also stated that cryptocurrencies such as Bitcoin (BTC) and Ether (ETH) are not considered securities or financial instruments under the Securities Law.

Issuers of blockchain assets are not regulated in Panama. The SMV issued Opinion 1 of 2018, in which it concluded that on a platform on which capital is raised from the general public, when a token registered in that platform’s blockchain is issued in exchange for the investment, it is not an activity that is under the SMV’s jurisdiction because tokens are not considered “securities” under their definition in the Securities Law.

Through Opinion 4 of 2025, the SMV reaffirmed that activities involving the purchase, sale, transfer or non‑custodial storage of cryptocurrencies do not fall within the regulatory or supervisory jurisdiction of the SMV. This position is consistent with prior administrative opinions which concluded that crypto-assets are outside the scope of the regulated securities market. Opinion 4 of 2025 further explains that a non‑custodial technological platform that facilitates user interaction with decentralised exchanges does not involve intermediation, investment advice, custody of financial instruments, portfolio management, or public offerings of securities, and therefore does not trigger any licensing, registration or compliance obligations before the SMV.

However, multiple draft bills currently under discussion describe how these activities would be regulated if approved.

Under Draft Bill 247 of 2025, issuers of blockchain assets, including those conducting Initial Coin Offerings (ICOs), would become subject to a formal supervisory structure. The bill proposes that any entity issuing digital assets to the public must comply with registration, disclosure and approval obligations before the SMV, which would assess offerings to determine whether they fall within a securities‑type perimeter. Issuers would also be required to comply with AML and transparency obligations, provide audited information, and operate under oversight from the newly created CONAD. Although this framework is not currently binding, it represents the clearest legislative intent to regulate blockchain‑asset issuers and bring public token sales inside Panama’s existing financial‑regulatory perimeter.

Initial sales of blockchain assets, whether structured as ICOs, token launches or other primary issuances, also remain unregulated under current law. However, the draft bills suggest that Panama plans to subject these activities to registration, disclosure and supervision requirements similar to those applied to securities issuances.

The absence of a clear legal framework for tokenising real‑world assets in Panama creates significant uncertainty around the validity and enforceability of tokenised ownership. Without regulatory guidance, it is unclear how transferability and rights enforcement will be treated. Until dedicated rules are enacted, tokenisation efforts must operate in an environment where market practice develops faster than the law, limiting confidence and institutional adoption.

Blockchain asset trading platforms and the secondary market trading of blockchain assets, either through intermediaries or peer-to-peer, are not regulated in Panama.

The provision of staking services relating to cryptocurrencies is not regulated in Panama.

The provision of lending services relating to cryptocurrencies is not regulated in Panama.

The offering of cryptocurrency derivatives is not regulated in Panama.

Decentralised finance is not regulated in Panama.

Funds that invest in blockchain assets are not regulated in Panama.

Currently, no regulations apply to digital assets, cryptocurrencies or virtual currencies in Panama. However, both the SBP and the SMV have issued public notices and opinions stating that they do not generally monitor cryptocurrencies. Each entity has specifically established the following.

The SMV

In Opinion 7 of 2018, the SMV indicated that it does not consider cryptocurrencies (specifically, bitcoin) as currencies, noting that “in the Republic of Panama, no inherent value has been given to bitcoin or another type of cryptocurrency”. The SMV also confirmed that the concept of “securities” under the Securities Law does not encompass virtual currencies, so bitcoin is not considered a security. Additionally, the SMV established that no forex regulation applies to cryptocurrencies, as it only applies to currencies that are an exclusive and incidental activity of broker-dealer houses.

In a statement issued on 25 April 2018, the SMV referred to cryptocurrencies as “digital assets intended for purchases, sales, or other financial transactions, created by companies or individuals and stored electronically in a blockchain, a database that maintains a permanent record of these digital transactions”.

Furthermore, through Opinion 4 of 2025, the SMV reaffirmed that cryptocurrencies such as Bitcoin (BTC) and Ether (ETH) are not considered securities or financial instruments under the Securities Law. As a result, activities involving their purchase, sale, transfer or non‑custodial storage do not fall within the regulatory or supervisory jurisdiction of the SMV. In Opinion 4 of 2025, the SMV explains that a non‑custodial technological platform that facilitates user interaction with decentralised exchanges does not involve intermediation, investment advice, custody of financial instruments, portfolio management, or public offerings of securities, and therefore does not trigger any licensing, registration or compliance obligations before the SMV. Opinion 4 of 2025 also highlights that licensed broker-dealers and investment advisers are expressly prohibited from handling crypto-assets on behalf of clients, as cryptocurrencies are not among the investment products permitted under the current legal framework. The SMV emphasises that Panama’s existing securities laws were not designed with crypto-assets or distributed‑ledger‑based instruments in mind, and acknowledges that the rapid growth of crypto markets exposes gaps in the legal framework.

Therefore, the SMV does not consider digital assets, cryptocurrencies or virtual currencies to be subject to its supervision, and no licence is required to operate activities involving the exchange of virtual currencies or cryptocurrencies, including bitcoin and other cryptocurrencies.

The SBP

Unlike the SMV, the opinions of the SBP are not available to the general public. However, on 24 April 2018, the SBP issued a public notice warning the general public about the use of “bitcoin or any other instrument of the same category”, indicating that these do not have specific regulations and are not within the competence of the SBP. The notice also established that “as usual, regulated entities must maintain due diligence measures to prevent the improper use of their services and platforms, in accordance with the provisions of the Banking Law, Law 23 of 2015, Agreement 10 of 2015, and other applicable regulations”.

Although cryptocurrencies, digital assets and virtual currencies are not regulated in Panama, there are platforms where these assets are traded or stored. Operators of these platforms are advised to implement compliance measures, such as due diligence and KYC procedures based on local regulations, to prevent the misuse of their services before allowing any person to use their platforms.

Non-fungible tokens (NFTs) and NFT platforms are not regulated in Panama, and we have no knowledge of any opinions issued by any regulator with respect to NFTs.

Stablecoins are not regulated in Panama.

However, there are several legislative initiatives aimed at regulating stablecoins and cryptocurrencies in general, although these efforts remain at a very early stage, as further explained in other sections of this article.

There is no local specific regulation on open banking. The banking business continues to be regulated and supervised by the SBP.

The Data Protection Regulation regulates the protection of natural persons’ personal data, as well as its handling, storage and treatment. The Data Protection Regulation applies to the processing of data that originates from or is stored in Panama and data processing carried out within the framework of a commercial activity on the internet, or any other means of electronic or digital communication in accordance with the Electronic Commerce Law, to guarantee data protection in activities aimed at the Panamanian market. The Data Protection Regulation includes obligations for banks and technology providers relating to data privacy and data security. Furthermore, the SBP issued Agreement 1 of 2022, which established special regulations in relation to personal data handled by banks.

Therefore, the general rule is to obtain the customer/client’s consent and have the appropriate privacy policies and security protocols in place.

Both the Banking Law and the Securities Law contain dispositions that prohibit and sanction fraudulent activity. The legislation does not provide a specific list of the elements of fraud; however, in a general sense, fraud requires a person to have the intent to deceive for personal gain or to cause harm to others by making false statements, material omissions or misrepresentations. Panama’s Criminal Code also contains dispositions relating to fraud and other financial crimes.

Regulators supervise their regulated entities to prevent and detect fraudulent or illicit activity. They focus on investment fraud, accounting fraud, payment fraud and other activities.

A fintech service provider may be liable for losses sustained by a customer if those losses result from fraudulent activities conducted by the provider. Additionally, depending on the specific terms of the contract between the fintech service provider and the customer, the provider may also be accountable for losses arising from gross negligence. The extent of this liability will depend on the damages that can be substantiated.