Case / El Salvador

El Salvador DASP: licensing track and compliance documentation

An indicative outline of how we typically support Digital Asset Service Provider licensing in El Salvador: model positioning, company/licensing structure, and a regulator-ready compliance and documentation pack.

Public version is simplified and anonymised. Exact scope depends on license type (exchange / custody / issuance / payments / advisory), user geographies, and whether fiat rails or card/PSP integrations are involved.

Snapshot

Jurisdiction

El Salvador

Digital asset framework

License

DASP

Service-specific scope

Model

Crypto services

B2B/B2C variants

Core output

Docs + compliance

Submission-ready pack

Licensing roadmap Policies & procedures Governance Website alignment

Important: DASP licences are not “resold” as ready-made assets. The approval is granted to a specific applicant company and its business model.

Context

What the client needed

The project wanted a jurisdiction that supports a strong digital asset narrative and a clear legal framework, while keeping the licensing scope aligned with the actual services and launch plan.

Initial situation

Planned to operate digital asset services (scope defined by the chosen DASP category).
Needed company formation + licensing route packaged as one coherent plan.
Required a compliance stack (AML/KYC, onboarding, risk) aligned with operations and IT.
Wanted investor/partner-ready documentation and a consistent public narrative.

Exchange / custody / issuance Fiat rails (optional) Cross-border users

Key questions we answered

Which DASP license types match the exact services and “phase 1” launch.
What documentation is essential for submission and what can be phased.
How to position onboarding, monitoring and custody in a regulator-ready way.
How to align the website, user terms and disclosures with the licensing scope.

Our approach is scope-first: define what you actually do, then build the license category and documents around that.

Workstream

How the licensing track was built

A typical DASP project combines licensing scope definition, internal controls and policies, and “public layer” alignment. The best outcome is when the model, documents and actual operations tell the same story.

Step 01

Scope

Perimeter & license type selection

Mapped planned services (exchange, custody, issuance, advisory, payments) to the DASP framework and fixed the phase-1 scope.

Service map and assumptions
Phased rollout plan
Key third-party providers

Step 02

Structure

Company and governance setup

Structured the applicant entity and governance: decision-making, key roles, segregation of duties and accountability.

Corporate formation support
Governance and role matrix
Outsourcing oversight rules

Step 03

Compliance

AML / KYC and onboarding procedures

Built the compliance core around customer categories, risk scoring, sanctions/PEP checks, SoF/SoW and monitoring triggers.

AML / KYC policy
Onboarding & verification
Record keeping and audit trail

Step 04

Risk

Risk management and controls

Defined operational, market and technology risks, and documented mitigation: limits, approvals, monitoring and reporting.

Risk framework
Incident escalation
Vendor / custody risk controls

Step 05

Resilience

IT, security and business continuity

Prepared BCP and IT narrative: access controls, logging, backups, incident response and continuity measures.

BCP
IT/security controls
Operational resilience plan

Step 06

Public

Website, disclosures and user documentation

Aligned Terms, Privacy, disclosures and marketing claims with the license scope to avoid misrepresentation and “scope creep”.

Terms & disclosures
Privacy / cookies layer
Risk disclaimers for users

Key point: the fastest DASP route is consistency. Regulators, banks and partners look for a single coherent story: business model → controls → documents → public wording.

Deliverables

What the client received

The set below is representative of a “submission-ready” pack. The exact list depends on the license type and operational model.

Licensing & governance

Scope memo: service mapping + phased plan for license coverage.
Corporate setup and governance notes (roles, responsibilities, approvals).
Outsourcing/vendor oversight framework (custody, screening, liquidity providers).
Submission narrative and regulator Q&A preparation package.

Roadmap Governance Vendor controls

Compliance, IT and public layer

AML / KYC policy + onboarding procedures aligned with real flows.
Risk management framework + incident escalation logic.
BCP and IT/security controls narrative (access, logs, backups).
User-facing documentation: Terms, Privacy, risk disclosures.

In practice, most “issues” come from the public layer contradicting the internal model. We treat it as part of compliance.

Reality check: if someone asks for a “ready-made DASP for sale”, that’s a red flag. The license is issued to a specific applicant company, with specific owners, governance and controls.

FAQ

Common questions about DASP (El Salvador)

Short public answers. For your case we normally prepare a structured memo.

Is DASP one license or multiple license types?

The DASP framework typically covers multiple service categories (e.g., exchange, custody, issuance, advisory, payments). The right approach is to define your “phase 1” scope and license coverage accordingly.

Can we start small and expand later?

Often yes. A phased approach is common: start with a limited set of services and controls, then expand the scope once operations and compliance maturity are proven.

Do we need full AML/KYC even if we are “crypto only”?

Yes. Even without fiat, you still need sanctions/PEP screening, customer risk assessment, monitoring triggers, and record keeping. If fiat rails are added, the requirements become stricter.

What typically causes delays?

Scope uncertainty, weak governance, unclear custody arrangements, and contradictions between documents and website claims. The quickest path is a coherent model and a consistent document set.

Considering a DASP license in El Salvador?

Send 6–8 bullet points about your services (exchange/custody/issuance/payments/advisory), target regions, whether you need fiat rails, and your launch timeline. We’ll propose the best-fit scope, roadmap and document list.

You can start with a high-level description. Sensitive details can be shared later under NDA.

Especially useful if you:

Need a realistic scope definition and phased licensing strategy.
Use third-party custody/screening/liquidity providers and need oversight rules.
Want a clean compliance pack (AML/KYC, risk, BCP) aligned with operations and IT.
Need the public website and disclosures aligned with the license scope.

We focus on regulator-ready logic: model → controls → documents → public layer.