Service • El Salvador

El Salvador BSP License — Bitcoin Service Provider

We support Bitcoin-focused teams in structuring and documenting their route to a Bitcoin Service Provider (BSP) status in El Salvador. The analysis starts from facts: custody/control of assets, transfer execution, exchange/payment flows, outsourcing, and counterparties (banks/PSPs/exchanges) that rely on your controls.

We do not sell “one-size-fits-all licenses”. We build a workable compliance + documentation narrative aligned to real flows.

Typical BSP profiles

Custodial wallets / hosted services.
Bitcoin payment processing and settlement.
BTC transfer and execution flows for customers.
Platforms where BTC exchange/settlement is part of the service.

Often paired with Compliance and Web & Crypto.

Regulatory framework

How BSP is framed in El Salvador

We position BSP within the applicable legal environment and the practical expectations of regulators and counterparties.

Core pillars we reference

Bitcoin Law as the baseline for Bitcoin-related services.
Relationship with the broader Digital Assets regime (where relevant to your model).
Role of institutional stakeholders (incl. the National Bitcoin Office) in market practice.
BSP vs DASP: Bitcoin-specific service narrative vs broader digital asset services positioning.

Outcome: a coherent regulatory story that matches your product reality and counterparties’ expectations.

Regulatory evolution (why old checklists fail)

Early-stage requirements: some initial market expectations were informal and not consistently applied.
Procedures that are no longer a reliable guide: online “templates” often ignore outsourcing, custody splits and evidence trails.
Legal uncertainty zones: classification of hybrid models (non-custodial layers, embedded wallets, delegated custody) may require careful qualification.

We treat “rules from blog posts” as non-authoritative until verified against your flows and the current practice.

Applicability

Who may need BSP status

BSP analysis is trigger-based. We confirm applicability after mapping custody/control, execution responsibility, and counterparties.

Trigger

Custodial responsibility

You hold or control client BTC (directly or via an outsourced custody model).

Hosted wallets / custodial accounts.
Ability to transfer/freeze as a service feature.
Custody via vendor but responsibility on you.

Key question: who is responsible if assets are lost?

Trigger

Transfer execution

You execute BTC transfers on behalf of customers (not merely provide software).

Customer-initiated transfers executed by you.
Remittance / payout flows.
Custody + execution combined.

Key question: are you the responsible intermediary?

Trigger

Payments / exchange components

BTC payment processing or exchange/settlement is part of your service to clients.

Merchant payment rails.
Embedded exchange/settlement features.
Brokerage-like flows where you intermediate.

Key question: what do partners rely on (PSP/bank/exchange)?

Scope

Scope of activities we map for BSP

We describe the regulated “surface area” of your model and allocate responsibilities across you and outsourced providers.

Typical activity buckets

Custody / control layer (hosted or delegated).
Transfers and execution (who pushes the transaction).
Payment processing and settlement roles.
Exchange/brokerage logic embedded into the service.
Customer onboarding and geographic distribution footprint.

Output: an activity map that avoids contradictions between terms, policies, UI/UX claims, and actual flows.

Why scope matters

Regulatory coherence

You cannot defend a route if documents describe a different business than the product.

Partner onboarding

Banks/PSPs test controls and evidence, not just labels.

Outsourcing clarity

“Vendor does it” is not a defence if you remain responsible to clients/partners.

Risk allocation

Contracts must reflect who is liable for what (loss, errors, fraud, chargebacks, etc.).

Requirements

Licensing readiness requirements (practical baseline)

Exact requirements depend on your model. This baseline is designed to be implementable and evidence-backed.

Corporate

Corporate and governance layer

Clear accountability and decision-making that can survive due diligence.

Governance roles and delegated authority lines.
Compliance ownership and reporting structure.
Outsourcing boundaries and responsibility split.
Records baseline (resolutions / registers).

Goal: demonstrate control and accountability.

Compliance

AML/KYC and sanctions controls

Controls aligned to client profile, geographies and services offered.

CDD/EDD logic + client risk scoring.
Sanctions/PEP/adverse media workflow.
SOF/SOW evidence rules (as applicable).
Monitoring + escalation and recordkeeping.

Goal: bank/PSP and partner readiness.

Legal

Client-facing documentation

Terms and disclosures that match real flows and allocate risk correctly.

Service terms and eligibility logic.
Risk disclosures (custody, volatility, errors).
Restricted jurisdictions/client categories logic.
Complaints, incident handling and notices.

Goal: reduce disputes and mis-selling risk.

Taxes

Tax considerations for BSP entities (numbers-first, case-by-case)

We highlight baseline rates and typical cross-border exposures. Final tax treatment depends on facts (residence, management & control, revenue sourcing, customer geography, and how BTC flows are accounted for).

Corporate tax position

Corporate income tax (CIT)

Baseline corporate taxation is assessed against your real operating footprint and management & control.

30% standard corporate income tax rate (general baseline).
25% rate may apply for smaller taxable income brackets (e.g., up to USD 150,000 taxable income).
We align invoices, contracts and substance to avoid “paper structure” risks.

No “zero tax” claims — outcomes are fact-driven.

Indirect taxes

VAT (IVA) and operational exposure

Indirect tax impact depends on where services are supplied, customer type, and invoicing model.

13% standard VAT (IVA) rate (general baseline).
We map whether your revenue is treated as local supply vs cross-border services.
We keep tax logic consistent with AML evidence and accounting records.

Indirect tax is often a “silent” friction point for PSP/banking.

Withholding

Typical withholding taxes (WHT)

Cross-border payments may trigger withholding depending on recipient status and payment characterisation.

Dividends: commonly referenced at 12% (or 5% where the more favourable local rate applies).
Interest: 10% (baseline reference).
Royalties / rent: 10% (baseline reference).
Services: 10% (baseline reference).

Treaty relief and special cases must be checked separately.

Bitcoin-related tax treatment (how we handle it)

We do not assume “0% on crypto” by default.
We verify whether a specific transaction type may be covered by crypto/digital asset tax exemptions under the applicable framework.
We align the tax narrative with accounting (valuation, recognition) and compliance evidence (SOF/SOW, monitoring logs).

If you need an investor-facing memo, we scope a separate “tax & structuring note” (multi-jurisdiction).

Cross-border tax exposure (what we flag early)

CFC rules

If controllers are abroad, home-country CFC rules may apply regardless of El Salvador rates.

Management & control

“Real management” can shift tax residence if decisions are made elsewhere.

Permanent establishment

Local presence of teams/agents can trigger PE/agency risks in other jurisdictions.

Revenue sourcing

Customer geography and supply rules affect VAT/WHT and reporting expectations.

We treat tax as part of “bankability”: consistency across contracts, invoices, policies and records.

Process

Licensing process (workable sequence)

We run a structured track to keep the model, documents and evidence aligned — and reduce delays caused by inconsistencies.

Step-by-step

Qualification: confirm BSP triggers and the correct positioning.
Structuring: corporate and outsourcing boundaries; roles and accountability.
Controls: AML/KYC, sanctions, monitoring, escalation, recordkeeping.
Documentation: policies + SOPs + client terms/disclosures + key contracts.
Filing support: application narrative and evidence pack (where applicable).
Operational launch: compliance calendar and ongoing reporting rhythm.

We do not promise approvals. We build readiness and reduce avoidable friction.

What usually makes it slow

Unclear custody/control split (especially with vendors).
Terms and UI/UX claims contradict actual flows.
Weak evidence rules for SOF/SOW and monitoring.
Bank/PSP onboarding started without a compliance baseline.

We fix these issues early — before they become regulator or banking blockers.

Ongoing

Ongoing obligations after BSP positioning

The operational layer matters. Partners and regulators look for evidence of execution, not just written policies.

AML monitoring

Ongoing monitoring

Monitoring triggers, reviews, escalations and documented outcomes.

Periodic reviews and EDD refresh.
SAR/incident escalation (where applicable).
Quality control and governance oversight.

Evidence-driven, repeatable process.

Transparency

Transaction transparency

Clear logs, audit trails and rationale for decisions.

Transaction and access logs (custody/control).
Source-of-funds evidence storage rules.
Exceptions and approvals documentation.

Designed for partner DD and audits.

Retention

Record retention

A defensible retention and retrieval system.

Retention periods and access controls.
Incident records and customer complaints.
Vendor due diligence and reviews archive.

Avoids “we can’t reproduce it” failures.

We also track future regulatory changes affecting Bitcoin services and update the compliance calendar and documents accordingly.

Risk

Regulatory risks & outdated assumptions

This section filters out “license tourists” and protects serious teams from mistakes driven by oversimplified narratives.

Myth

“Total deregulation”

El Salvador is often described as “fully deregulated”. In practice, counterparties still test controls and evidence.

Banks/PSPs require AML/sanctions coherence.
Partners ask for responsibility allocation.
Documentation must match real flows.

Status ≠ bankability.

Outdated

Old Bitcoin Law interpretations

Early interpretations often ignore hybrid models and outsourcing.

Non-custodial layers misclassified as custodial.
Vendor custody treated as “not our responsibility”.
Missing evidence trail assumptions.

We qualify the facts before choosing the route.

Confusion

BSP vs DASP mix-up

Teams sometimes apply the wrong label and build the wrong compliance narrative.

Wrong scope for policies/SOPs.
Partner onboarding contradictions.
Misaligned product disclosures.

We keep narratives and obligations consistent.

Another frequent issue: AML requirements misunderstood — weak client risk scoring, missing monitoring triggers, and inconsistent SOF/SOW evidence rules.

Support

How we support BSP applications

We focus on legal qualification, documentation coherence, and implementable controls — not on marketing promises.

What we deliver

BSP qualification memo tied to your real flows and responsibilities.
Documentation package: policies, SOPs, client terms/disclosures and key contracts baseline.
Consistency checks across product, documents and evidence trail requirements.
Regulator/partner Q&A support and remediation planning (if issues are raised).

We can start small with a qualification memo and expand only if the route is confirmed.

How we work (practical)

First 60 minutes

Model mapping: custody, transfers, counterparties, geographies, outsourcing.

Evidence-first

We define what you must be able to prove (not just what to write).

No rework

We keep policies, SOPs, terms and contracts aligned to the same flow narrative.

Cross-border aware

We flag tax/CFC/management-control exposures early (fact-based).

Related: El Salvador DASP License (if applicable).

Start with a BSP qualification memo

Send a short description of your activity (custody/control, transfers, exchange/payment logic), target markets and counterparties. We will propose a practical BSP route and a document scope aligned to real flows.

If you already have documents, we can start with a gap review and update only what is missing or inconsistent.

Good fit for this service:

Custodial wallet and payment teams.
Projects executing BTC transfers for customers.
Platforms preparing partner/bank readiness.
Teams needing coherent controls + documents.

Focus: workable compliance + contracts that match real flows — and reduce friction with banks, partners and exchanges.