Gambling License in El Salvador
End-to-End El Salvador Gambling Licensing and Crypto-Native Compliance Setup
A gambling license in El Salvador is not a speculative opportunity and not a political narrative. It is a regulated market-entry project for operators who intend to run a crypto-enabled iGaming business under state-level supervision in Latin America.
We provide end-to-end El Salvador gambling licensing and operational setup for online casinos, sportsbooks, and crypto-native platforms that require a legally defensible license and a scalable compliance operating model. This service is designed for businesses that must withstand regulatory review, partner due diligence, banking and PSP scrutiny, and long-term operational oversight.
The engagement begins with regulatory perimeter definition: what products you offer, how BTC and USD flows are handled, where custody and transaction risk sits, who controls decision-making, and what must be demonstrably governed inside the licensed entity. On this basis, we design and implement a regulator-ready operating system covering governance authority, shareholder integrity, source-of-funds logic, AML/KYC execution for digital assets, player protection controls, technical audit readiness, and evidence discipline.
This is not a document-only service. We build structures that behave correctly under volume, volatility, and inspection. The objective is not simply to obtain an El Salvador gambling license, but to establish a licensed operation that can operate, scale, and remain stable without regulatory drift or emergency remediation.
If your goal is a crypto-native LatAm licensing base that holds under supervision, this service is structured to deliver it.
Who This Service Is For
This page is for operators who:
want a LatAm-anchored licensing strategy with a crypto-native operating model
accept or plan to accept Bitcoin and require a defensible AML posture for wallet and transaction risk
need a licensing setup that supports PSP/banking onboarding and sustained operations
plan to scale across Spanish-speaking markets and must control marketing and jurisdictional exposure
require an institutional build, not a fast registration narrative
What You Achieve
You receive a licensing and operating framework that is:
structured as a controlled regulatory project with clear accountability
designed for crypto-aware AML/KYC execution and evidence discipline
built for platform auditability, incident resilience, and operational continuity
compatible with partner due diligence and real banking/PSP scrutiny
scalable across brands, channels, and growth cycles without loss of control
Service Scope
We cover the full licensing and operating perimeter, including:
regulatory scope design and service classification for your product set
El Salvador entity and governance setup aligned to supervisory expectations
UBO and shareholder integrity preparation, including funding narrative and evidence plan
AML/KYC framework with digital-asset risk controls and escalation discipline
responsible gaming and player protection controls integrated into platform behaviour
technical compliance readiness: security, logging, change control, audit trails
operational evidence system: registers, reports, retention, and supervisory reconstruction capability
submission management and regulator-facing case structure
Deliverables
Licensing blueprint and regulatory perimeter
service perimeter map and risk model aligned to your products and payment rails
operating structure: roles, decision rights, delegation limits, escalation points
compliance architecture plan: how controls function, not just what policies say
Corporate and integrity file
corporate structure and ownership transparency pack
UBO due diligence structure and submission-ready documentation logic
source of funds / source of wealth evidence plan built for real collection and auditability
AML/KYC and digital-asset controls
AML program with risk scoring, EDD triggers, and case handling workflow
wallet and transaction risk governance (crypto-aware monitoring logic and escalation discipline)
suspicious activity reporting workflow, internal training plan, and evidence retention rules
transaction monitoring scenarios aligned to iGaming risk patterns: bonus abuse, velocity, structuring, collusion indicators
Player protection and responsible gaming system
responsible gaming policy embedded into platform controls and customer workflows
self-exclusion, limits, time-outs, reality checks, and intervention logging
staff scripts and training evidence for player protection incidents and disputes
Technical audit readiness pack
platform security baseline, access control model, and operational security evidence checklist
logging and audit trail specification for reconstructable events and decisions
change management and release control plan that prevents non-approved changes
incident response playbooks and business continuity structure
Operational evidence toolkit
compliance registers: training, incidents, alerts, disputes, interventions, vendor reviews
reporting templates, periodic review cadence, and renewal-readiness checklist
internal control framework that ties risk ownership to measurable outputs
How the Engagement Works
Perimeter and readiness assessment
We fix the regulatory perimeter and identify what your operating model must prove. This prevents the most common failure pattern: a licensing story that does not match platform reality.
Typical outputs include:
scope definition and compliance build map
risk inventory across products, payments, wallets, affiliates, and player geography
priority gap list with implementation sequence
Operating system build
We implement the licensing-grade operating model so that governance, compliance, and technology behave as one controlled system.
This includes:
governance authority and accountable decision-making structure
AML/KYC workflow, monitoring logic, escalation and documentation discipline
player funds protection logic and financial control model
responsible gaming enforcement embedded into platform and support operations
Technical compliance and audit preparation
We align the platform with auditability requirements: security posture, logging, change control, and incident readiness.
This includes:
audit trail and evidence standards
security testing plan and remediation evidence discipline
BCP/DR structure and operational testing schedule
Submission management and regulator interaction
We assemble the application as a coherent case file: consistent across legal, operational, financial, and technical layers.
This includes:
full submission package management
regulator Q&A handling and controlled iterations
consistency checks that prevent contradictions and “paper compliance”
Post-licensing supervision readiness
Approval is the start of supervision. We build routines that keep the license stable.
This includes:
compliance calendar and reporting discipline
renewal readiness pack structure and audit preparation
continuous improvement loop tied to incidents, findings, and platform changes
Crypto-Native AML Without Operational Fiction
If you accept Bitcoin, your AML posture must go beyond generic KYC. The decisive risk is not “crypto exists,” but whether your organisation can control wallet exposure, transaction provenance risk, and high-velocity movement typical for iGaming.
A defensible crypto-aware AML model includes:
wallet screening and risk classification rules
triggers for enhanced due diligence tied to cumulative exposure, not only one deposit
documented acceptance and rejection criteria for high-risk patterns
case management workflow: alerts become cases, cases become outcomes, outcomes are recorded
clear rules for restrictions, holds, and withdrawal controls with senior approvals and audit trails
staff capability: trained handling for blockchain analytics outputs and escalation decisions
This is where most operators fail: they buy tools but cannot explain decisions or keep consistent records. Supervision tests consistency, not tool ownership.
Banking and PSP Readiness in a Dual-Rail Model
Operating with both BTC and USD requires a controlled liquidity and reconciliation model. Partners assess whether you can keep player funds protected, manage settlement cycles, and handle disputes without opaque movements.
A bankable operating model includes:
clear separation between operational funds and player liabilities
reconciliation routines with evidence and sign-offs
rules for conversion, treasury, and payout liquidity management
PSP governance: due diligence, contracts, monitoring, and termination procedures
documented handling for chargebacks, reversals, and disputes
custody governance for any crypto treasury: access control, key management, and incident response
Partner trust is not a “license effect.” It is a control effect.
Technical Integrity and Auditability
For iGaming, technical credibility is part of regulatory credibility. The platform must be fair, secure, and reconstructable.
A robust technical compliance posture includes:
RNG and game fairness certification readiness where applicable
security architecture with MFA, role-based access, and hardened admin controls
immutable logs and audit trails for deposits, withdrawals, bonuses, and configuration changes
change control and release discipline with versioning, approvals, and rollback capability
incident response playbooks and post-incident reporting structure
data retention and backup routines aligned to reconstructing historical decisions
The objective is not “security claims.” The objective is evidence.
Marketing and Jurisdictional Risk Control
LatAm growth often relies on affiliates and aggressive acquisition. That creates the fastest route to compliance collapse if marketing is not controlled as a regulated function.
A durable marketing compliance system includes:
affiliate onboarding due diligence and approval rules
contractual compliance obligations, audit rights, and termination triggers
review workflow for creatives, bonus claims, and transparency standards
monitoring of placements and traffic sources, with documented remediation
geo-restriction controls where required by your market strategy
logs of enforcement actions against non-compliant marketing partners
You cannot outsource reputation or compliance liability to affiliates.
Typical Timeline and Operating Expectations
Time to market depends on corporate readiness, ownership clarity, platform maturity, and evidence availability. A licensing timeline compresses only when the operating model is already coherent.
Projects accelerate when you already have:
clean ownership and funding evidence
a real compliance lead function, not a nominal appointment
stable platform logging and change control
an AML workflow that produces case files and outcomes
controlled PSP flows and reconciliation discipline
Projects slow down when:
ownership and funding narratives are fragmented
policies do not match platform behaviour
monitoring exists but cannot produce audit-grade evidence
marketing is uncontrolled and affiliate exposure is untraceable
Next Step
The right first step is a perimeter and readiness assessment that determines:
the correct licensing scope for your product and payment model
the governance and substance footprint required for a stable license
the AML, responsible gaming, and technical build needed for approval and sustainable operation
Request Gambling License Assessment
Operating Under Digital-Asset–Centric Supervision
An El Salvador gambling license becomes operationally meaningful only when the business can function inside a supervision model that was designed around digital assets from the start. This jurisdiction is not adapting legacy gambling controls to crypto as an afterthought. It is constructing oversight logic where Bitcoin, wallet-based value transfer, and blockchain transparency are native assumptions.
This changes how regulators read risk, how audits are conducted, and how operators are expected to behave when volume, volatility, or incidents occur. A compliant El Salvador operation is not measured by how many policies it has, but by whether its systems, people, and decision-making processes behave coherently when exposed to real crypto-native stress scenarios.
Regulatory Supervision in a Crypto-Native State
Supervision in El Salvador is expected to be continuous, data-oriented, and technologically informed. The regulator’s interest is not limited to periodic reports. It extends to how transactions behave, how controls respond, and whether the operator can reconstruct events without delay or narrative inconsistency.
A supervision-ready operator must assume:
ongoing visibility into transaction behaviour, not just annual summaries
regulator familiarity with blockchain mechanics and wallet analytics
lower tolerance for “we could not trace it” explanations
higher expectations for internal technical competence
This environment rewards operators who treat compliance as infrastructure, not as a legal wrapper.
Wallet Governance as a Core Control Layer
In a Bitcoin-enabled jurisdiction, wallet governance replaces traditional bank-account oversight as the primary control surface. Wallets are not just payment tools. They are regulated risk objects.
A defensible wallet governance model includes:
formal wallet inventory with defined purpose and risk classification
separation between operational wallets, player custody wallets, and treasury wallets
access control rules defining who can initiate, approve, and execute transfers
multi-signature logic for high-risk or high-value movements
documented key management procedures and recovery protocols
monitoring rules tied to wallet behaviour, not just transaction size
The regulator’s question is simple:
If a wallet moves value unexpectedly, can you explain why, who approved it, and what safeguards were in place?
Crypto Liquidity Management Without Regulatory Blind Spots
Liquidity management in a dual BTC/USD environment introduces unique operational risks. Rapid inflows, volatile balances, and conversion timing can expose player funds if controls are weak.
A mature liquidity model includes:
defined minimum liquidity buffers for player withdrawal exposure
rules for conversion between BTC and USD based on operational needs
segregation logic that prevents treasury optimisation from touching player balances
stress scenarios for high-withdrawal events or market volatility
reconciliation routines that link blockchain balances to internal ledgers
Liquidity decisions must be governed, not opportunistic. Under supervision, speculative treasury behaviour that risks player funds is treated as a compliance failure, not a business decision.
Blockchain Analytics as an Operational Discipline
Blockchain analytics tools are only useful if embedded into daily operations. Supervision will not accept “we use analytics software” as evidence of control.
A compliant analytics integration includes:
clear mapping between analytics alerts and internal case handling
documented risk thresholds and escalation triggers
procedures for false-positive review and model adjustment
retention of analytics snapshots tied to specific decisions
staff training on interpreting blockchain risk indicators
The critical point is interpretability. When an alert is raised, the operator must explain:
what the alert meant
why it mattered
what decision was taken
what happened next
Opaque scoring without explanation is functionally equivalent to no monitoring.
Transaction Velocity and Behavioural Risk
Crypto gambling introduces behavioural patterns that differ from fiat environments. High-frequency deposits, rapid withdrawals, and wallet rotation are common. Supervision focuses on whether the operator understands and controls these patterns.
A robust behavioural risk framework includes:
velocity thresholds that adapt to player history
cumulative exposure tracking rather than single-event triggers
pattern recognition for circular movement and wash behaviour
correlation checks between gameplay and transaction timing
documented responses to anomalies
The regulator expects proactive control. Waiting until funds leave the platform to investigate is considered late intervention.
Internal Decision-Making Under Crypto Pressure
One of the most revealing moments in supervision is how an organisation behaves when under pressure. Examples include:
a large withdrawal request during market volatility
an AML alert on a high-value VIP account
a wallet exposure incident requiring immediate action
a system outage affecting transaction visibility
In these moments, informal decisions destroy credibility.
A defensible organisation relies on:
predefined decision authority
documented emergency procedures
immediate evidence capture
post-event analysis and remediation
Regulators look for calm, structured responses. Panic-driven improvisation signals loss of control.
Evidence Discipline in a High-Transparency Environment
Blockchain creates the illusion that “everything is already transparent.” In reality, regulatory evidence still depends on internal records.
A supervision-grade evidence system includes:
case files linking blockchain data to internal decisions
timestamps and role attribution for approvals
preserved versions of policies in force at the time
logs showing how controls behaved, not just that they existed
When asked why a transaction was allowed or blocked, the answer must be supported by records, not reconstructed from memory.
Staff Competence as a Regulatory Asset
In El Salvador, technical literacy is part of compliance credibility. Regulators will assume that key staff understand crypto mechanics.
A credible operator invests in:
role-specific training for crypto AML and wallet risk
documented competence assessments
escalation clarity for technical uncertainty
separation between commercial pressure and compliance judgement
An organisation where staff “avoid crypto questions” internally will fail under supervision.
Responsible Gaming in a Crypto Context
Crypto does not remove responsible gaming obligations. It intensifies them. Faster transactions and perceived anonymity increase the risk of impulsive behaviour.
A crypto-aware responsible gaming framework includes:
deposit and loss limits applied consistently across fiat and crypto
detection of behavioural acceleration typical in crypto play
intervention triggers based on velocity and volatility exposure
immutable logging of interventions and outcomes
staff guidance for handling crypto-related player distress
Supervision evaluates whether protection mechanisms adapt to crypto dynamics or merely mirror fiat-era assumptions.
Marketing Controls in a High-Visibility Jurisdiction
El Salvador’s international profile amplifies scrutiny of marketing behaviour. Crypto messaging attracts attention from regulators, media, and counterparties.
A compliant marketing posture includes:
strict separation between informational and promotional crypto messaging
avoidance of narratives that frame gambling as investment or income
documented approval workflows for campaigns and affiliates
monitoring of language across Spanish-speaking markets
rapid takedown procedures for non-compliant content
Marketing violations in a crypto jurisdiction escalate faster and travel further than in traditional markets.
Dispute Handling with Blockchain Traceability
Player disputes involving crypto are often more complex. Transaction irreversibility, confirmation times, and wallet misunderstandings create friction.
A resilient dispute framework includes:
clear player disclosures on crypto transaction mechanics
internal dispute procedures that incorporate blockchain evidence
ability to demonstrate transaction status at specific block heights
documentation of player communication and resolution steps
Regulators assess whether disputes are handled transparently and fairly, not whether crypto complexity is used as a shield.
System Architecture Designed for Oversight
Technical architecture matters more in El Salvador because oversight assumes digital traceability.
A supervision-ready architecture includes:
centralised event logging across wallets, games, and accounts
API-level access for reporting and internal monitoring
separation of environments with controlled promotion to production
documented dependencies on third-party services
Black-box systems undermine trust. Architecture must support inspection.
Incident Readiness in a Blockchain Environment
Crypto incidents differ from fiat incidents. Once value moves, reversal options are limited.
An incident framework must define:
immediate containment actions
wallet freezing and access restriction logic
communication rules with players and regulators
forensic preservation of blockchain and system data
post-incident remediation and reporting
Failure to plan for irreversibility is viewed as negligence.
Outsourcing Crypto Functions Without Losing Control
Many operators outsource analytics, custody, or wallet infrastructure. Outsourcing does not remove responsibility.
A compliant outsourcing model includes:
vendor due diligence with crypto-specific competence checks
contractual audit rights and data access
integration testing and monitoring
exit plans for vendor failure
If a vendor fails, the license holder answers.
Preparing for Evolution of the Regulatory Framework
El Salvador’s framework is not static. Digital-asset regulation evolves rapidly.
A future-ready operator builds:
adaptable policies with documented review cycles
monitoring of regulatory updates and guidance
internal change management for regulatory adjustments
evidence of proactive compliance evolution
Supervision favours operators who adapt early rather than react late.
Strategic Value of Getting This Layer Right
This layer of operational depth is not decorative. It determines whether the license becomes a long-term asset or a short-lived experiment.
A crypto-native, supervision-ready operating model:
reduces enforcement risk
improves partner and banking confidence
supports regional expansion
protects reputation in a high-visibility jurisdiction
enables sustainable growth under oversight
Why This Section Exists
This section exists to make one point unambiguous:
An El Salvador gambling license is not about being “crypto-friendly.” It is about being crypto-competent.
Competence is measured by:
control
traceability
decision discipline
evidence integrity
This is the layer where serious operators separate themselves from speculative entrants.
What We Build at This Level
When engaged at this depth, we focus on:
translating crypto mechanics into regulator-readable controls
designing wallet and liquidity governance that survives scrutiny
embedding blockchain analytics into real decision-making
aligning staff behaviour with documented authority
building evidence systems that reconstruct reality, not stories
This is not a marketing exercise. It is operational engineering for a digital-asset jurisdiction.
Long-Term License Sustainability and Institutional Trust Building
An El Salvador gambling license becomes strategically valuable only when it remains credible over time. Approval is a threshold event. Sustainability is a behavioural outcome. Regulators, banks, PSPs, technology providers, and even players form trust not from promises, but from observed consistency across months and years.
This section explains how long-term license stability is built in El Salvador’s digital-asset-centric environment, and what separates operators who endure from those who quietly exit after initial enthusiasm.
Regulatory Memory and Retrospective Accountability
Modern supervision does not operate in the present tense alone. Regulators reconstruct history.
When supervision occurs, questions are rarely framed as “what do you do today?” Instead, they sound like:
why was this decision taken six months ago
how did your controls behave during that spike in volume
what evidence existed at the time of approval
who had authority when the incident occurred
A sustainable operator designs its systems for retrospective accountability. This means that at any point in time, the organisation can reconstruct:
what rule applied
what data was available
who decided
why that decision was reasonable
Memory gaps are treated as control failures, not documentation oversights.
Building Institutional Credibility Beyond the License
A license grants permission to operate. It does not guarantee acceptance by counterparties.
Institutional credibility is earned when external parties observe:
predictable behaviour
transparent escalation
consistent enforcement of rules
willingness to self-correct
In El Salvador’s crypto-forward environment, this credibility compounds faster — positively or negatively — because visibility is higher.
Operators who build credibility experience:
smoother banking and PSP negotiations
lower reserve requirements
faster resolution of disputes
greater tolerance during incidents
Those who do not face silent friction long before enforcement actions occur.
Financial Transparency Without Overexposure
Transparency does not mean exposing sensitive commercial data indiscriminately. It means being able to explain financial reality when required.
A stable operator maintains:
internally consistent financial reporting
alignment between operational data and accounting outputs
documented assumptions behind forecasts and liquidity buffers
traceable movement of value between wallets, accounts, and ledgers
Financial opacity is one of the fastest ways to lose trust in a digital-asset jurisdiction.
Profit Extraction Discipline
One of the most underestimated regulatory risks is uncontrolled profit extraction.
Supervisors and partners assess:
whether profits are extracted predictably or opportunistically
whether extraction compromises liquidity
whether extraction aligns with declared financial planning
A defensible profit extraction model includes:
predefined extraction rules
liquidity and stress-test checks before transfers
documented approvals and timing logic
evidence that player obligations are always prioritised
Unplanned extraction during growth phases is a common trigger for downstream problems.
Governance Maturity as the Business Evolves
As the business grows, governance must evolve. Static governance structures break under scale.
A mature operator revisits:
delegation limits
approval thresholds
reporting cadence
committee composition
What worked for launch rarely works at scale. Regulators expect governance to adapt consciously, not drift informally.
Evidence of governance maturity includes:
documented governance reviews
updated role definitions
revised escalation pathways
communication of changes to staff
Governance that never changes signals neglect, not stability.
Managing Public Visibility and Reputation Risk
El Salvador’s international positioning creates a unique reputational dynamic. Operators become visible not only to regulators, but to media, advocacy groups, and political observers.
A resilient operator actively manages:
public messaging consistency
response protocols for negative attention
alignment between marketing narratives and operational reality
internal guidance on external communications
Reputation incidents often originate outside the compliance function, but their consequences are regulatory.
Technology Partnerships and Dependency Risk
Technology is central to iGaming, but dependency creates fragility if unmanaged.
A sustainable operator understands:
which systems are mission-critical
which vendors represent single points of failure
how quickly replacements can be deployed
Dependency risk is managed through:
redundancy planning
exit strategies
documentation of vendor responsibilities
periodic resilience testing
When a vendor fails, the regulator evaluates preparedness, not excuses.
Continuous Improvement Without Compliance Drift
Improvement is necessary. Drift is dangerous.
A strong operator distinguishes between:
controlled evolution
informal shortcuts
Change is introduced through defined pathways:
proposal
risk assessment
approval
implementation
post-change review
This applies equally to:
product features
bonus logic
payment methods
wallet infrastructure
marketing channels
Uncontrolled improvement erodes trust faster than stagnation.
Human Capital Retention and Knowledge Continuity
High staff turnover is a hidden regulatory risk. When knowledge leaves, control weakens.
A durable operation invests in:
role documentation
cross-training
succession planning
retention of compliance-critical staff
Regulators notice when key roles rotate frequently without continuity. Stability of people supports stability of systems.
Training as a Living System
Training is not an onboarding ritual. It is an ongoing control.
A supervision-ready training framework includes:
role-specific modules
periodic refresh cycles
assessment and certification
records tied to decision authority
Training evidence demonstrates that compliance is embedded, not symbolic.
Handling Regulatory Dialogue Constructively
Supervision is a dialogue, not an adversarial process.
Operators who succeed long-term:
respond promptly and precisely
acknowledge issues without defensiveness
propose remediation rather than minimisation
follow through visibly
Regulators differentiate between mistakes and attitudes.
A cooperative posture builds tolerance. A defensive posture shortens it.
Preparing for Stress Events Before They Occur
Stress events are inevitable:
market volatility
payment disruption
technology failure
regulatory clarification
public scrutiny
Prepared operators simulate stress.
Stress testing includes:
liquidity scenarios
transaction spikes
wallet compromise drills
system outage simulations
Evidence of preparation reduces enforcement risk during real events.
Aligning Growth Incentives With Control
Misaligned incentives create silent compliance erosion.
If teams are rewarded only for growth, control weakens.
A mature operator balances:
growth metrics
quality metrics
compliance outcomes
This alignment reduces internal pressure to bypass controls.
Multi-Year Strategic Positioning
The El Salvador license should be positioned as part of a multi-year strategy, not a tactical move.
Strategic questions include:
how this license integrates with other jurisdictions
how crypto exposure will evolve
how regulatory expectations may harden
how the business adapts without structural rebuilds
Operators who plan long-term invest less in remediation later.
Exit Readiness as a Control Concept
Even successful businesses must consider exit scenarios.
Exit readiness includes:
clean records
reconstructable history
transferable systems
transparent governance
This discipline benefits operations even if exit never occurs.
Why Regulators Trust Some Operators More Than Others
Trust is not granted equally. It accumulates through behaviour.
Trusted operators show:
consistency
predictability
humility
competence
Distrusted operators show:
surprise decisions
inconsistent enforcement
narrative shifts
reactive explanations
The difference is rarely legal sophistication. It is operational discipline.
The Commercial Value of Stability
Stability reduces cost.
Stable operators experience:
lower compliance firefighting
fewer partner interruptions
smoother renewals
reduced reputational repair
Over time, stability becomes a competitive advantage.
What This Section Ultimately Defines
This section defines what “serious operator” means in El Salvador.
Not crypto enthusiasm.
Not regulatory optimism.
But controlled behaviour over time.
How We Support This Layer
At this level, our work focuses on:
institutionalising discipline
strengthening governance maturity
embedding evidence logic
aligning incentives and controls
preparing organisations for scrutiny, not avoiding it
This is where licensing becomes an asset.
Strategic Closing Perspective
El Salvador is building something rare: a gambling framework designed for the digital-asset era with sovereign backing.
Such environments reward operators who build for endurance.
Endurance is not speed.
It is control that survives success.
FAQ
The National Lottery (Lotería Nacional de Beneficencia - LNB) is the key regulatory authority responsible for licensing and oversight since 2021. For digital asset matters, the National Digital Assets Commission (CNAD) plays a pivotal role in the compliance framework.
Yes, online gambling is fully legal and expressly regulated, including casinos, sports betting, and crypto-enabled platforms. The government, via the LNB, has established a centralized framework.
Licenses can be issued for up to 10 years initially, subject to mandatory annual compliance checks and renewal.
| Yes, mandatory local substance is required. This typically includes establishing a local legal entity (e.g., LLC/S.A.), having a local office, and appointing a local representative/administrator for tax and regulatory correspondence. |
El Salvador operates on a territorial tax basis. While the standard corporate tax rate is up to $30\%$ for domestic profits, profits generated outside the country (offshore iGaming GGR) are generally exempt from local corporate income tax.
Yes. Licensees must typically pay a Value Added Tax (VAT) of $13\%$ on applicable services and a monthly advance corporate tax payment called "Pago a Cuenta" ($\approx 1.75\%$ of income), which is deductible from the annual tax liability on domestic profits.
Absolutely. As Bitcoin is legal tender, it can be used for B2B transactions, fees, and operator-level payments. The Salvadoran framework is uniquely crypto-friendly for both deposits/withdrawals and corporate financial management.
| The minimum required start-up capital depends on the legal entity chosen. For a Limited Liability Company (LLC), it can be as low as $2,000 USD (with a portion paid upfront). |
The processing time is generally considered efficient, with submission to approval often taking 2 to 3 months for a straightforward, fully compliant application. However, a full setup process involving company formation and system audit can take longer.
The company must have at least one director (no residency restrictions) and a minimum of two shareholders (individual or legal entity, no residency restrictions). A company secretary is also required. All key personnel are subject to rigorous AML/KYC vetting (similar to a KPP).
Due to the Bitcoin Law, AML/KYC protocols are robust and designed to comply with FATF recommendations. Operators must implement a Risk-Based Approach (RBA) and perform enhanced due diligence, including procedures for verifying the Source of Funds (SoF) for high-volume cryptocurrency deposits.
Unlike some jurisdictions, there are generally no specific regional requirements for server location for international iGaming operations. The operator usually has the right to host core servers anywhere globally, provided the platform and all games are certified, audited, and accessible to the LNB for regulatory data.