Case / El Salvador
El Salvador DASP: licensing track and compliance documentation
An indicative outline of how we typically support Digital Asset Service Provider licensing in El Salvador:
model positioning, company/licensing structure, and a regulator-ready compliance and documentation pack.
Public version is simplified and anonymised. Exact scope depends on license type (exchange / custody / issuance / payments / advisory),
user geographies, and whether fiat rails or card/PSP integrations are involved.
Snapshot
Jurisdiction
El Salvador
Digital asset framework
License
DASP
Service-specific scope
Model
Crypto services
B2B/B2C variants
Core output
Docs + compliance
Submission-ready pack
Licensing roadmap
Policies & procedures
Governance
Website alignment
Important: DASP licences are not “resold” as ready-made assets.
The approval is granted to a specific applicant company and its business model.
Context
What the client needed
The project wanted a jurisdiction that supports a strong digital asset narrative and a clear legal framework,
while keeping the licensing scope aligned with the actual services and launch plan.
Initial situation
- Planned to operate digital asset services (scope defined by the chosen DASP category).
- Needed company formation + licensing route packaged as one coherent plan.
- Required a compliance stack (AML/KYC, onboarding, risk) aligned with operations and IT.
- Wanted investor/partner-ready documentation and a consistent public narrative.
Exchange / custody / issuance
Fiat rails (optional)
Cross-border users
Key questions we answered
- Which DASP license types match the exact services and “phase 1” launch.
- What documentation is essential for submission and what can be phased.
- How to position onboarding, monitoring and custody in a regulator-ready way.
- How to align the website, user terms and disclosures with the licensing scope.
Our approach is scope-first: define what you actually do, then build the license category and documents around that.
Workstream
How the licensing track was built
A typical DASP project combines licensing scope definition, internal controls and policies, and “public layer” alignment.
The best outcome is when the model, documents and actual operations tell the same story.
Step 01
Scope
Perimeter & license type selection
Mapped planned services (exchange, custody, issuance, advisory, payments) to the DASP framework and fixed the phase-1 scope.
- Service map and assumptions
- Phased rollout plan
- Key third-party providers
Step 02
Structure
Company and governance setup
Structured the applicant entity and governance: decision-making, key roles, segregation of duties and accountability.
- Corporate formation support
- Governance and role matrix
- Outsourcing oversight rules
Step 03
Compliance
AML / KYC and onboarding procedures
Built the compliance core around customer categories, risk scoring, sanctions/PEP checks, SoF/SoW and monitoring triggers.
- AML / KYC policy
- Onboarding & verification
- Record keeping and audit trail
Step 04
Risk
Risk management and controls
Defined operational, market and technology risks, and documented mitigation: limits, approvals, monitoring and reporting.
- Risk framework
- Incident escalation
- Vendor / custody risk controls
Step 05
Resilience
IT, security and business continuity
Prepared BCP and IT narrative: access controls, logging, backups, incident response and continuity measures.
- BCP
- IT/security controls
- Operational resilience plan
Step 06
Public
Website, disclosures and user documentation
Aligned Terms, Privacy, disclosures and marketing claims with the license scope to avoid misrepresentation and “scope creep”.
- Terms & disclosures
- Privacy / cookies layer
- Risk disclaimers for users
Key point: the fastest DASP route is consistency.
Regulators, banks and partners look for a single coherent story: business model → controls → documents → public wording.
Deliverables
What the client received
The set below is representative of a “submission-ready” pack. The exact list depends on the license type and operational model.
Licensing & governance
- Scope memo: service mapping + phased plan for license coverage.
- Corporate setup and governance notes (roles, responsibilities, approvals).
- Outsourcing/vendor oversight framework (custody, screening, liquidity providers).
- Submission narrative and regulator Q&A preparation package.
Roadmap
Governance
Vendor controls
Compliance, IT and public layer
- AML / KYC policy + onboarding procedures aligned with real flows.
- Risk management framework + incident escalation logic.
- BCP and IT/security controls narrative (access, logs, backups).
- User-facing documentation: Terms, Privacy, risk disclosures.
In practice, most “issues” come from the public layer contradicting the internal model. We treat it as part of compliance.
Reality check: if someone asks for a “ready-made DASP for sale”, that’s a red flag.
The license is issued to a specific applicant company, with specific owners, governance and controls.
FAQ
Common questions about DASP (El Salvador)
Short public answers. For your case we normally prepare a structured memo.
Is DASP one license or multiple license types?
The DASP framework typically covers multiple service categories (e.g., exchange, custody, issuance, advisory, payments).
The right approach is to define your “phase 1” scope and license coverage accordingly.
Can we start small and expand later?
Often yes. A phased approach is common: start with a limited set of services and controls, then expand the scope once
operations and compliance maturity are proven.
Do we need full AML/KYC even if we are “crypto only”?
Yes. Even without fiat, you still need sanctions/PEP screening, customer risk assessment, monitoring triggers, and record keeping.
If fiat rails are added, the requirements become stricter.
What typically causes delays?
Scope uncertainty, weak governance, unclear custody arrangements, and contradictions between documents and website claims.
The quickest path is a coherent model and a consistent document set.
Considering a DASP license in El Salvador?
Send 6–8 bullet points about your services (exchange/custody/issuance/payments/advisory), target regions,
whether you need fiat rails, and your launch timeline. We’ll propose the best-fit scope, roadmap and document list.
You can start with a high-level description. Sensitive details can be shared later under NDA.
Especially useful if you:
- Need a realistic scope definition and phased licensing strategy.
- Use third-party custody/screening/liquidity providers and need oversight rules.
- Want a clean compliance pack (AML/KYC, risk, BCP) aligned with operations and IT.
- Need the public website and disclosures aligned with the license scope.
We focus on regulator-ready logic: model → controls → documents → public layer.