The Central Bank of Nicaragua (BCN) has issued Administrative Resolution GG-08-MAYO-2025-LASMF-DO, which approves the Regulation for the Implementation of the Standard for Financial Technology Service Providers (PSPs) and Virtual Asset Service Providers (VASPs). The regulation establishes a framework of requirements, authorizations, and obligations for entities operating in these sectors.
License or registration application: requirements, deadlines, and operations
Legal entities interested in operating as PSPs or VASPs must submit a formal application to the President of the BCN along with the following documents:
- Articles of incorporation and legal powers.
- Certifications of the appointment of the Board of Directors and final beneficiary.
- Criminal background checks and résumés of the management team.
- Detailed business plan and certificate of registration with the Financial Analysis Unit (UAF).
- Deposit of 10% of the required minimum share capital.
Once the complete application is received, the BCN will carry out a technical and legal assessment to ensure regulatory compliance and will issue a resolution within a maximum of 90 business days. The granted license must be published in La Gaceta, the Official Gazette, and notified to the BCN within 60 days in order to become effective.
To begin operations, PSPs or VASPs must request authorization within 250 days of receiving their license, submitting technical, financial, and operational documentation. Failure to meet this deadline will render the license void.
Technological and operational requirements
The Regulation requires that all technology platforms, whether owned or cloud-based, must be secure, scalable, and resilient, ensuring confidentiality, integrity, traceability, and availability of operations. Key requirements include:
- Technology compliance report issued by an independent third party.
- Enhanced customer authentication (e.g., biometrics, tokens).
- Documented policies for information security, personal data protection, business continuity, and customer service.
- Tamper-proof audit logs and continuous monitoring mechanisms.
- Specific controls for cloud services, including contracts with SLAs, a shared responsibility matrix, and international certifications (ISO 27001, SOC 2, etc.).
Obligations for financial technology service providers (PSPs)
PSPs authorized to issue electronic money must ensure:
- Full backing of the issued electronic money with liquid funds in segregated accounts (CMDE) held at authorized banks.
- Immediate convertibility of electronic money to fiat currency.
- Operational limits per customer and transaction, aligned with risk profiles.
Obligations for virtual asset service providers (VASPs)
VASPs must implement robust security and control measures to protect clients' funds and virtual assets. Key obligations include:
- Safeguarding of fiat funds in segregated accounts (CMAV).
- Compliance with the “Travel Rule”, ensuring traceability of virtual asset transfers across platforms.
- Use of Blockchain monitoring tools, address analysis, and AML/sanctions risk detection.
- Secure custody of virtual assets through cold storage, multi-signature keys, accounting segregation, and verifiable proof of reserves.
- Evaluation of virtual asset projects, including technical and legal analysis of the issuer and whitepaper, along with end-user risk disclosures.
Additional services and license transfers
PSPs or VASPs wishing to offer services beyond those already authorized must submit a request including operational, technological, and financial analysis, along with evidence of functional testing. Approval must be issued within 30 business days, and the provider will have 250 days to request authorization to launch the new service.
It is important to note that the regulation prohibits the assignment, transfer, or disposal of licenses or registrations. These may not be used as collateral or utilized by unauthorized third parties.
