Lexology In-Depth: Fintech Law Ecuador

In the dynamic landscape of financial technology (fintech), the Republic of Ecuador has assumed a pivotal role, albeit in the early stages of regulatory development. Ecuadorean jurisdiction describes fintech as companies that use technological innovation to offer financial services in an efficient and disruptive manner.

So far, we have identified approximately 23 relevant policies and regulations within the Ecuadorian legal framework related to fintech topics. This tracing dates back to the implementation of the Electronic Commerce, Signatures and Data Message Law in 2002 and extends until the promulgation of the Fintech Law in 2022, marking a precise milestone of two decades since the introduction of the mentioned law.

Below is a table summarising all the pertinent regulations related to fintech up to the present moment:

With the enactment of the Fintech Law, Ecuador underwent a significant shift in technological advancement. However, it is essential to acknowledge that, despite achieving a noteworthy milestone, the law left several legal gaps that should be gradually addressed over time, considering the flexibility and swiftness with which technology transcends globally.

These legal gaps, we dare to assert, stem from a lack of academic focus and research on relevant issues. Ecuador, throughout its history, has been resistant to new trends and has faced challenges in adapting to technological changes. Therefore, we encounter outdated and scarce digital academic studies and information publicly available on these topics.

The most relevant information comes from a study issued by the Central Bank of Ecuador (BCE) on 22 February 2022, titled ‘Panorama of Fintech in Latin America and Ecuador’, identifying 12 primary services or segments that could be offered by fintech companies for the first time, including:²

1. paytech;
2. loans;
3. corporate financial management;
4. personal financial management;
5. collective financing (crowdfunding);
6. digital currencies (cryptocurrency);
7. insurance (insuretech);
8. security, identity and fraud (scoring);
9. investment and wealth management (e-trading);
10. business technologies for financial institutions;
11. digital banks (neobanks); and
12. fintech as a service

This list is not exhaustive and remains open to new segments that may emerge with the exponential growth of fintech activities in Ecuador. The list includes cryptocurrencies but excludes decentralised finance (DeFi) and decentralised autonomous organisations (DAOs), among other categories. From the beginning of the regulation until now, none of these categories have been officially recognised.

Given the government’s strong interest in fostering financial innovation and inclusion, our Ecuadorean jurisdiction is undeniably fintech-friendly. The evident commitment to various initiatives, along with collaborative efforts involving extensive support for fintech companies through incubation programmes, financing, tax incentives such as free trade zones and additional resources, collectively creates a favourable environment conducive to their development and expansion.

Over the last 18 months, Ecuador has witnessed significant advancements in the regulatory landscape of fintech. The introduction of the Fintech Law, coupled with subsequent regulations and resolutions, reflects a proactive approach by the Ecuadorian government to foster technological innovation within the financial sector.

i Fintech Law

On 22 December 2022, the Organic Law for the Development and Control of Technological Financial Services (Fintech Law) was enacted, representing a significant milestone in Ecuador’s financial sector development. This event encourages technological development and innovation adoption, introducing key reforms to the Monetary and Financial Organic Code (COMF), the Organic Law for Entrepreneurship and Innovation (LOEI), and the Organic Code of Social Economy of Knowledge, Creativity and Innovation (Innovation Code). This law, aimed at providing a robust legal framework, seeks to promote growth and security in the fintech sector for both companies and users.

In accordance with Ecuadorean regulations outlined in the Fintech Law, and its associated secondary regulations, Fintech activities are categorised into:³

1. technological infrastructures for channelling means of payment (ITCMP);
2. administrators of auxiliary payment systems (ASAP) – not officially recognised in the article;
3. specialised companies in electronic deposits and payments (SEDPES);
4. financial technology services (SFT);
5. technological services for the securities market (STMV); and
6. technological services for insurance (STS).

Establishing a fintech company in Ecuador requires meticulous adherence to legal procedures. The legislation dictates that the company must undergo proper incorporation, choosing between being a national entity or an authorised branch of a foreign company. Legal compliance and formality are non-negotiable aspects of the incorporation process, with a specific emphasis on the company being structured as a sociedad anónima (SA) and having a clearly defined social purpose.

Securing licenses or authorisation is a crucial phase for fintech entities. Beyond the incorporation process, obtaining explicit authorisation from the relevant regulatory bodies becomes of paramount importance.

ii Regulation for the Fintech Law

On 7 November 2023, President Guillermo Lasso issued the Regulation for the Fintech Law, through Executive Decree No. 903. Noteworthy points include: assigning regulatory responsibilities to the JPRM for payment systems and the JPRF for financial risks.⁴ Also, the designation of the BCE, Superintendency of Banks (SB) and Superintendency of Companies (SCVS) in charge of the licence expedition, supervision and control of fintech activities.⁵

iii Norm Regulating Currency, Means, and Payment Systems and Fintech Activities by the JPRM

On 21 August 2023, the JPRM issued the Resolution No. JPRM-2023-014-M, a norm that defines the legal currency in Ecuador as the US$, outlines the accepted electronic payment methods and their operations through the central payment system. Additionally, it establishes the concept of a national payment system and recognises it as fintech activities, regardless of their category within Article 5 of the law, the ASAP being administrators of the payment system. Furthermore, the norm sets forth processes and services granting the BCE the authority to require the qualification and authorisation of companies participating in the auxiliary payment system (SAP), which includes ASAP, SEDPES and SFT.

iv Norm Regulating Technological Financial Service Entities by the JPRF

On 12 September 2023, the JPRF issued the Resolution No. JPRF-F-2023-076. This regulation aims to oversee fintech activities dedicated to SFT, with a focus on providing digital credit services. The normative framework outlines the administration for anti-money laundering risk prevention, policies, portfolio qualification, and provisions in case of granting digital credits. It also establishes minimum requirements for establishment and specifies that accreditation will be under the supervision of the banking superintendent because of representing a financial risk.

v Norm for Authorisation, Surveillance, and Supervision of Auxiliary Payment Systems by the BCE

On 4 October 2023, the BCE issued Resolution No. BCE-GG-018-2023. This regulation outlines the requirements for obtaining an authorisation licence as participants in auxiliary payment systems, specifically ASAP. It ensures transaction security, integrity and transparency. The norm establishes standards for data security and cybersecurity, with a particular emphasis on protecting user information. Additionally, it delineates the supervisory procedures that the BCE will undertake after granting authorisation.

vi Norm for Qualification, Supervision, and Control for Fintech Entities by the SB

On 21 November 2023, the SB issued Resolution No. SB-2023-02416. This regulation establishes comprehensive guidelines for obtaining authorisation licences as participants in auxiliary payment systems, specifically SEDPES and SFT; it encompasses various aspects, including requirements, policies and processes.

These developments collectively underscore Ecuador’s commitment to creating a conducive regulatory environment for fintech, embracing technological advancements while ensuring security, transparency and inclusivity in financial services.

i Licensing and marketing

Understanding the regulatory landscape of fintech companies in Ecuador involves analysing the transformative impact of the Fintech Law and its secondary norms.

To apply for a fintech licence, the company must first be properly incorporated or domiciled as a fintech company in Ecuador, under any of the corporate types outlined in the Company Law. Its social purpose will be specific and exclusive for carrying out fintech activities and cannot include different activities.

This legal framework establishes guidelines and designates regulatory entities responsible for overseeing and giving licences to fintech entities. The JPRM and JPRF are the entities tasked with formulating policies related to monetary, credit, financial, insurance and securities. While the SB, BCE and SCVS are designated as control and supervision entities within their respective jurisdictions, legal gaps persist in secondary regulations, indicating the need for further refinement.

The Fintech Law, as mentioned, recognises five distinct fintech activities: ITCMP, STF, SEDPES, STMV and STS. These activities represent key pillars shaping the landscape of fintech operations in Ecuador.10 Although the law does not explicitly mention ASAP in the article, their recognition is implied through the stipulated requirements and associated categories beyond the secondary norms.

Fintech special license categories

There are two types of licences: accreditations and authorisations, each tailored to the nature of fintech operations.

Accreditation precedes authorisation in the process of establishing a fintech company, aligning with the Ecuadorian authorities’ logistical sequence. Initially, entities must undergo accreditation with the SB as an Auxiliary Service of the Financial System (SASF). This service need not be exclusively fintech; it extends to any company aiming to provide services within the financial system. Consequently, before progressing to the second phase, which involves applying for a fintech licence, entities must navigate through this initial step governed by Resolution No. SB-2021-0920.

Fintech licences for companies operating within the national payment system are issued by the BCE, while those with a higher financial risk receive their licences from the SB. For technological companies in insurance or securities falling under the jurisdiction of the SCVS, the requirements for these fintech companies are still pending, and the regulations have not been issued as of the time of writing.

Therefore, the focus will be solely on the SB and the BCE. First, the categories must be analysed in relation to the fintech company’s operations to find the licence that best suits its objectives. At the moment, there are two complete authorisations upcoming. Currently, authorisations for ASAP, SEDPES and SFT (only digital credit concession) are within Ecuador’s technological financial ecosystem. However, specific authorisation details for Neobanks or Financial Advisory services within SFT are still in development.

ASAP authorisation

Companies seeking ASAP authorisation must submit various documents to the BCE, including an authorisation request, constitution deed, financial statements and technological infrastructure details. Additional requirements apply to specific operations like money remittances, payment getaways, aggregators and more. These requirements are defined on the secondary norm of fintech law issue by the JPRM, JPRF and the BCE.

SEDPES and SFT authorisation

Entities pursuing SEDPES and SFT (digital credit granting) authorisation must initially present an Economic–Financial Feasibility Study, encompassing aspects like interest rates, fees, technological innovation, and credit technology. This study should include specific details such as market studies, competitive position, risk management, services and administrative structure. Subsequently, the company is required to submit detailed documentation for both categories, and upon meeting these requirements, the BCE issues the authorisation resolution and operating permit. These stipulations are outlined in the secondary norm of the fintech law issued by the JPRM, JPRF and the SB.

We anticipate that the issuance of remaining licences like the SFT (neobanks and financial advisory), and the securities and insurance of the SCVS will significantly contribute to a clearer understanding and development of the dynamic fintech regulatory landscape. These forthcoming licences are crucial elements for establishing a comprehensive and up-to-date framework in the evolving fintech sector.

Based on the provided context, there are no specific limitations or prohibitions on marketing measures in Ecuador regarding fintech services. However, it is essential to comply with the Communication Law, consumer protection laws, and their regulations. These laws require promotional communications to be directed at adults and to accurately represent services transparently and fairly. The regulatory framework emphasises adherence to principles such as accuracy, loyalty and freedom of expression, along with obligatory compliance with standard court regulations.

In addition, there is a requirement related to the nationality principle, stipulating that 80 per cent of all advertising must be produced in Ecuador. The regulatory body responsible for sanctions was the Superintendence of Communications (Supercom), which was liquidated in 2017, and its legal functions were repealed as a result of abuse of its coercive power and limitations on freedom of expression during the government of Rafael Correa. In 2019, the Communication Law was reformed, and the Fifth Provision established that the Council for the Development and Promotion of Information and Communication (Development Council) would be the new body for the administration and promotion of communication, but it does not have sanctioning powers.

Establishing an automated digital advisory or asset management company in Ecuador requires specific licences.

Automated digital advisory services fall under the fintech activity of the SFT, recognised in the financial advisory subcategory, yet the process for granting such licensing is still pending from the authority.

Asset management services must comply with trust regulations; therefore, adherence to strict legal requirements will be essential. Authorisation is granted to fund administrators and trustees as asset managers, governed by laws in the COMF and their Regulation, including the General Regulation of the Securities Market Law. Moreover, the LOPDP grants individuals transparent information rights and protection against decisions solely based on automated assessments. Decisions must avoid serious risks and cannot be waived through mass adhesion contracts in advance.

Yes, there are special rules on credit information services in Ecuador. These services, which include scoring services and credit bureau, are governed by the Securities Market Law and Codification, as well as other relevant laws. However, there are currently no specific regulations within the fintech sector that address specifically credit information services. Nonetheless, existing data protection and banking confidentiality laws apply to credit-related business models, ensuring the protection of individuals’ personal and financial information.

ii Cross-border issues

The Fintech Law in Ecuador outlines specific requirements for engaging in fintech activities. Some of these requirements state that foreign companies seeking to conduct such activities must establish a branch in Ecuador. The Companies Law specifies that foreign companies wishing to establish a branch must be legally incorporated in their home state, possess the legal and statutory authority to create branches in other countries, and appoint an attorney.

There are no agreements with other countries for the accreditation of foreign countries to be valid in Ecuador. This means that fintech activities that are not legally authorised in Ecuador cannot be conducted by foreign companies in the country.⁶

Digital services function without geographical constraints, enabling the provision of various fintech services in Ecuador. However, it is crucial to emphasise that adherence to Ecuadorian standards is imperative for regulatory compliance. Recognising that establishing a market presence in Ecuador requires alignment with local norms is essential to avoid potential sanctions or restrictions. While occasional services may carry minimal risks, well-established services in Ecuador must fully conform to local regulations, given the intricacies of the regulatory landscape.

Having a physical presence does not necessarily mean a physical office in Ecuador, but rather the requirement for a local domicile, facilitated by a local counsel.

Rather, only if they engage a fintech activity that requires a local licence in Ecuador like wallets, digital credit concession activities or neobanks. Other activities that are authorised in Ecuador that do not require a local licence for their activity do not have to obtain another licence to provide cross-border services in the country.

It is relevant whether the services or products are actively marketed. If the services or products are actively marketed, the company must ensure that its financial transactions are accurately accounted for in accordance with international financial reporting standards and generally accepted accounting principles. However, if users request a service, it may not be necessary to provide such accreditation.

Fintech institutions supervised by the Superintendency of Banks and Insurance that engage in foreign currency transactions must maintain accounting records for each of the currencies with which they operate. These entities will prepare a balance for each currency they operate in, converted to the parity in US$, based on the foreign exchange rate table provided daily by the Central Bank of Ecuador for the current day. The difference between the closing position of the previous day and the adjusted position will be recorded as profit or loss, depending on the nature of the creditor or debtor, respectively, affecting the income statement.

In Ecuador, there is a widely recognised digital identity issued by The General Office of Civil Registration, Identification and Identification Cards. This public entity manages identity-related services, civil status information and personal data comprehensively through physical and electronic channels. The new electronic ID card, introduced as of 23 February 2021, incorporates advanced security features, including laser printing and an internal chip storing personal data, photo, fingerprints, and an electronic signature.

Aligned with international recommendations, the digital identity card includes additional information fields such as donor status, blood type and disability percentage. Verification processes are streamlined through QR code scanning and MRZ code validation, ensuring efficient and secure identity verification.

Ecuador has also introduced a digital passport as part of its broader digital identity initiatives, offering enhanced convenience. Both the digital ID card and passport contribute to streamlined and secure identity verification processes, accessible to nationals and residents.

The usage of digital identity in transactions with public entities (e.g., water, electricity, security and transportation services) is increasing. There is an ongoing development of systems to solely accept your national ID for fee payments.

However, specific limitations on the usage of digital identity in certain transactions may exist. The nature of the transaction and applicable regulations determine the extent to which the digital identity can be used. It is crucial to consider the legal framework, including the Electronic Commerce Law and the Identity and Civil Data Protection Law, which stipulate that the digital identity holds the same legal validity as its physical counterpart. This ensures legal recognition and sets parameters for its usage in various transactions.

Financial service providers in Ecuador are permitted to conduct fully digitised client onboarding in adherence to recent financial regulations. The regulations require institutions to employ secure channels for identity verification, mandating a minimum of two robust authentication methods. These methods include security codes, digital keys, tokens, biometric identification, fingerprint verification linked to the national ID card or digital passport, and other secure measures.

Moreover, the process necessitates connection to the national system to verify information accuracy before accepting clients. Individuals must agree to terms and conditions, consent to the use of specified security methods and provide personal information for verification prior to accessing digital channels implemented by the companies. These measures ensure a secure and efficient onboarding experience for clients while aligning with regulatory requirements.⁷

Digital marketplaces in Ecuador are primarily governed by general regulations applicable to e-commerce, as established by the Electronic Commerce Law and its accompanying regulations enacted in 2016. These regulations mandate that digital marketplaces must register with the appropriate registry administered by the Internal Revenue Service (IRS) and comply with value added tax (VAT) obligations on transactions.

International marketplaces often facilitate transactions in Ecuador without maintaining a physical presence in the country. Nonetheless, these platforms must adhere to consumer protection regulations to ensure the well-being and rights of Ecuadorian consumers.

While specific regulations for digital or cryptoassets are still pending in Ecuador, accounting practices adhere to International Financial Reporting Standards (IFRS). Under these standards, cryptoassets can be valued at cost, with impairment being the only factor considered for assessment, while revaluation is not applicable.

Ecuador takes a unique stance on taxing profits derived from cryptoassets. While there are no taxes applied directly to profits obtained from cryptoassets, converting these profits into cash may trigger taxation. However, the regulatory framework for taxing such conversions is currently unclear and remains under development.

The use of cryptocurrencies as a form of cryptoasset is discouraged in Ecuador. Trading, exchanging or engaging in transactions involving cryptocurrencies not permitted within the Ecuadorian legal framework is prohibited.

Collective investment schemes, recognised as collective investment funds, are governed by the Organic Monetary and Financial Code, Book II Securities Market Law, and the Regulation for Investment Funds of Administrators. Within the Fintech Law, this category is identified through the reform of the Organic Law for Entrepreneurship and Innovation and the Monetary Code, specifically in the section on capital funds, defining them as funds that exclusively manage and invest resources in venture capital, angel, or seed capital in shares, participations and securities, among others. Investor returns are determined based on collective results. However, crypto-based or crypto-investing collective investment funds are not recommended within the Ecuadorian financial ecosystem.

Crowdfunding is recognised and regulated under the Entrepreneurship Law of 2020 and the expedition of the Fintech Law of 2022. However, as of now, there is no resolution providing the specific requirements and procedures for obtaining a licence for crowdfunding activities. The regulatory framework allows for crowdfunding, but the detailed guidelines for obtaining the necessary licence are currently pending issuance.

Crowd-lending is currently not prohibited, as there is no specific regulation restricting it. However, while there is no direct regulatory framework addressing crowd-lending, consumer lending regulations indirectly apply. The absence of explicit regulations for crowd-lending suggests that existing consumer lending regulations serve as a reference, guiding and influencing activities in this domain.

Companies engaged in peer-to-peer activities are required to secure permits as financial intermediaries from regulatory authorities. Peer-to-peer lending falls typically within the crowdfunding category outlined in the Fintech Law and the Organic Law for Entrepreneurship and Innovation. While the licensing framework for peer-to-peer lending is still under development, these entities must adhere to the provisions outlined in the Organic Monetary and Financial Code, which regulates loans between citizens with the control and supervision of the SB, BCE and SCVS. In essence, they are obligated to establish a comprehensive risk prevention and information security policy, adhere to financial user protection standards, maintain a minimum capital and fulfill other stipulated requirements.

There are restrictions on trading loans or financings on secondary markets in Ecuador. These restrictions are outlined in the Organic Law on Entrepreneurship and Innovation and the Fintech Law. Article 37 of the Fintech Law specifies additional prohibitions, including the prohibition for crowdfunding companies to use their platforms to raise funds on behalf of third parties or for their own expenses or investments.

To assign such loans in a securitisation, formal requirements must be complied with, as specified in Article 35 of the Organic Law on Entrepreneurship and Innovation. These requirements include:

1. legal entity: supervised by the Superintendence of Companies, Securities, and Insurance of Ecuador, operating through regulated and accredited platforms in the country;
2. corporate purpose: acts as an intermediary on internet platforms for promoters seeking capital, connecting them with investors;
3. platform requirements: must have a URL for its crowdfunding webpage and an institutional email for electronic notifications; and
4. documentation: should provide accessible terms and conditions of use and a data privacy policy on the website.

Payment services are subject to stringent licensing requirements under the Fintech Law of 2022. This comprehensive legislation mandates that entities intending to participate in the national payment system must obtain a licence tailored to their specific operational segment. For example, entities such as ASAP or SEDPES are among those obligated to secure these licences. Under the purview of the Fintech Law, these licences play a pivotal role, designating the licence holders as integral participants in Ecuador’s auxiliary payment system. This authorisation not only legitimises their operations but also underscores their compliance with regulatory standards.

In Ecuador, there is no direct obligation for institutions to provide third parties with access to client or product data. Data protection regulations emphasise principles of confidentiality and security in handling customer information. However, certain exceptions may exist, and specific circumstances might legally compel institutions to share data with third parties. This could include situations where regulatory authorities require access for compliance purposes or legal investigations.

It is necessary to review the specific data privacy laws and regulations in Ecuador, as they may vary and establish conditions for information exchange with third parties. Additionally, certain sectors, such as the financial industry, might have specific regulations governing data sharing among financial institutions and third-party service providers, such as fintech companies.

There are no defined rules for the storage of crypto-based assets in Ecuador. The lack of official backing, absence of recognition as legal tender, and the absence of a clear regulatory framework create uncertainty around the storage of cryptocurrency. Despite the constitutional permissibility for cryptocurrency purchases using US$, the ambiguous regulatory stance and authorities’ resistance contribute to the absence of specific guidelines for storing crypto-based assets in the country.

From an equity perspective, cryptocurrencies are considered a digital asset that should be reported by every individual in Ecuador who has assets exceeding US$238,040 until May of every year. However, beyond this reporting requirement, there are no established rules or guidelines specifically addressing the storage of crypto-based assets. The overall regulatory landscape remains unclear, contributing to the ongoing uncertainty surrounding the storage and management of cryptocurrencies in Ecuador.

In Ecuador, blockchain technology is minimally regulated, particularly addressing services for securities or insurance markets (STMV or STS) under SCVS control. Imposing application requirements for companies using blockchain technology in these sectors, but lacking the nuanced approach tailored to the unique features of blockchain technology, leading to ambiguity for businesses in these markets.

Regarding the legal status of cryptocurrency purchases made in Ecuador using US dollars as the official currency, such transactions are permitted under constitutional property rights. However, cryptocurrency is not recognised as an authorised form of payment in the country. It lacks official backing and relies heavily on speculation. Financial transactions conducted through cryptocurrencies remain uncontrolled, unsupervised and unregulated by any entity in Ecuador, presenting inherent financial risks. While online buying and selling of cryptocurrencies are not prohibited, it is crucial to understand that cryptocurrency is not considered legal tender and is unauthorised as a means of payment for goods and services in Ecuador.

On the regulatory front, Ecuador’s stance on cryptocurrencies is ambiguous because of the absence of clear guidelines. Regulatory authorities approach cryptocurrencies cautiously, expressing skepticism and resistance because of concerns about their impact on the established dollarisation system. Currently, there is no regulatory framework, and authorities hesitate to fully embrace digital currencies, viewing them as potential threats to Ecuador’s economic stability.

In Ecuador, tokens are recognised and qualified exclusively as securities tokens, with no regulations for other categories such as utility tokens or equity tokens.

The Superintendence of Companies and the Companies Law specifically recognise tokens in the case of stocks of SA companies. In the country, there are two independent stock exchanges located in Quito and Guayaquil. The objective of the regulation in Ecuador’s Companies Law is to facilitate negotiation and business transactions among companies, although this regulation is minimal. However, if it were not for this regulation, the application of tokens and blockchain would be limited to private entities and companies with minimal business characteristics. Although the legal framework allows for the tokenisation of stocks for sociedad acciones simplificadas (SAS) and SA companies, only SA companies can qualify to introduce their tokenised stocks as securities. The adoption of tokenised stocks brings numerous benefits, such as efficient, direct and secure financial transactions among various economic market operators.

In Ecuador, security tokens, known as ‘certify tokens’ when representing company stocks, are subject to specific rules and regulations. These rules primarily stem from the country’s Companies Law and the Monetary and Financial Code, Book II Securities Market Law. However, the regulation for security tokens is not extensive, with only one provision in the Companies Law addressing this area.

The use of security tokens is aimed at enhancing efficiency and transparency in financial transactions, leveraging blockchain technology to provide an immutable record. Shareholders are required to have trust wallets to manage their transactions and participate in the electronic market.

To further develop the regulatory framework for security tokens, it is necessary for the SCVS to publish resolutions that specifically regulate the transaction and registration of financial operations involving security tokens among shareholders. These resolutions would provide clarity and guidance on the legal requirements and procedures for using security tokens in Ecuador.

Tokens can be linked to underlying assets, such as shares or bonds through the use of blockchain technology. In Ecuador, the latest reform to the Companies Law introduces the possibility for certain companies to issue security tokens related to their stocks, known as ‘certify tokens’. To meet the criteria, these tokens must satisfy two conditions in electronic format: (1) they utilise blockchain storage or any register chain providing virtual, secure and verifiable information, and 2) they facilitate the electronic transfer of all information embedded within the certified token. The applicable law defines blockchain as electronic information organising and storing data in chronologically linked blocks through an encrypted algorithmic function, confirmed by a consensus mechanism.⁸

The integration of token technology into the transfer of shares is currently being developed and described within Ecuador’s Companies Law, particularly in the fourth transitory provision. Regulatory authorities are exploring mechanisms to ensure that each share has a digital representation within a protected blockchain. This integration aims to benefit the public by providing distributed, encrypted and verified information in real-time regarding share transfers among shareholders. Once the information is updated, the blockchain will be immutable, ensuring transparency and publicity. Additionally, the shares certificate register will be organised using blockchain or another data distribution network.⁹

Anti-money laundering rules apply to cryptocurrencies and tokens in Ecuador primarily through the oversight of the Financial and Economic Analysis Unit (UAFE).¹⁰ This entity collaborates with the Prosecutor’s Office and competent jurisdictional bodies to provide information for the investigation, prosecution and trial of money laundering and crime financing offences. However, there is currently no regulation that explicitly requires cross-border cryptocurrency companies to have a process under the control of UAFE. The UAFE warns of the risks associated with using cryptocurrencies but does not mandate specific processes for these companies.

On the other hand, tokens, primarily recognised as security tokens within the Company Law, are subject to UAFE requirements if they are legal entities tokenising assets for citizens. In this case, UAFE demands an anti-money laundering process to protect citizens. The absence of explicit regulation for cryptoassets may result in a lack of specific guidelines for storing such assets.

In Ecuador, cryptocurrencies and tokens currently lack formal recognition and designated tax treatment under existing regulatory frameworks. The absence of specific taxation guidelines creates uncertainty for taxpayers and businesses involved in cryptocurrency transactions. While these digital assets are considered reportable from an equity perspective, with individuals required to declare them if their assets exceed US$238,040 until May each year, clear and specific rules regarding the tax treatment of cryptocurrencies and tokens are yet to be established.

Tokens may be offered to local residents from abroad, but businesses must navigate this process carefully, considering existing regulations. While there is no explicit prohibition, compliance with international securities regulations, anti-money laundering laws and know-your-customer (KYC) requirements is crucial for a legally sound and transparent offering. Engaging with local legal counsel and regulatory authorities is advised, in order to stay informed about evolving regulations, ensuring a smooth and secure cross-border token offering process.

Self-executing contracts are generally permitted in Ecuador, and their enforceability relies on the terms and conditions specified within the contract itself. The legal framework for such contracts is primarily based on the agreement between the involved parties, as stipulated by the civil code of Ecuador. Correction mechanisms, such as arbitration or mediation, are available if included in the contract. Parties can invoke these mechanisms in case of conflicts or discrepancies, provided they are outlined in the contract. It is crucial for parties engaging in self-executing contracts to clearly define terms, conditions and dispute resolution processes to ensure legal clarity and enforceability.

Automated investing and robo-adviser processes are permitted but still not regulated in Ecuador. They could fall under the category of Technological Financial Services, particularly Financial Advisory, but this is not explicitly defined. This is because automated processes, along with robotics and artificial intelligence, are still undergoing understanding and development by regulatory bodies in the country. It would be necessary to review the general legal framework so that, regardless of precise regulation, businesses intending to implement such processes ensure alignment with financial regulations. They should also consider factors such as transparency, accountability and risk management.

As of the time of writing, Ecuador lacks explicit rules dedicated to governing the utilisation of artificial intelligence in financial products. Nevertheless, it is advisable for businesses to comply with existing general regulations, incorporating ethical and responsible AI practices. It is noteworthy that a committee on artificial intelligence has recently been approved within the Ministry of Telecommunications and Information Society (MINTEL)¹¹ to address these matters.

Third-party websites may compare or provide information about financial products subject to regulation, within the constraints outlined in each legislation. These regulations establish the following obligations:

1. not to share information related to business operations that could impact free competition: Organic Law for the Regulation and Control of Market Power;
2. not to share personal information related to the financial activities and credit bureau of users in the financial system without their consent: Organic Law on Data Protection; and
3. not to share information subject to banking secrecy and confidentiality unless they are global, non-personalised, partial operations, solely for statistical or informational purposes, when there is a public interest: Organic Monetary and Financial Code.

While Ecuador’s fintech landscape is evolving, specific new business models may pose regulatory and legal challenges. Examples include peer-to-peer lending, crowdfunding, and digital wallets. Compliance with financial regulations, consumer protection and data privacy are key concerns.

The regulatory landscape in Ecuador currently does not provide a specific understanding or framework for DeFi or DAOs. As of the time of writing, there are no explicit regulations or guidelines addressing these concepts within the jurisdiction; it is not even mentioned within the fintech law.

In Ecuador, DeFi is understood as a growing sector within the broader fintech industry that leverages blockchain technology to provide financial services without the need for traditional intermediaries. This includes services such as lending, borrowing, trading and asset management, all conducted on decentralised platforms. Regarding DAOs, the country is beginning to embrace them as a means to promote blockchain technology and its adoption. DAOs are viewed as autonomous and decentralised communities aimed at promoting the development and adoption of blockchain technology. They are seen as a way for community members to make decisions autonomously and decentralised, without the need for a centralised authority, while still complying with Ecuador’s legal standards, enabling them to operate, contract and have legal personality.

In the realm of fintech business models, intellectual property protection is primarily linked to copyright. In the Ecuadorian legislation, software falls under copyright rather than industrial property, which includes patents, utility models and industrial designs.¹²

In Ecuador, software is afforded special protection providing various rights, including moral, economic and remuneration rights. Specifically, the Copyright Law grants authors of software the exclusive right to reproduce, distribute and communicate their works to the public.¹³ Notably, only economic or remuneration rights are transferable, while moral rights are not. In cases where an employee develops software for their employer, the COESCCI dictates a form of co-ownership, with each co-owner holding distinct rights to the same work.¹⁴

Patent protection is not applicable to Fintech business models or related software. The analysis indicates that these models and software do not meet the patentability requirements and are not considered inventions. Therefore, while patents are not an option, protection as works is feasible, given their nature. The National Service of Intellectual Rights (SENADI), Ecuador’s regulatory authority, provides mechanisms for safeguarding software through the registration of these works.

Regarding the ownership of intellectual property rights for software, if an employee or contractor develops software, by default, the ownership of works created under an employment relationship or by commission belongs to the author.¹⁵ This provision aligns with international agreements such as the Berne Convention and domestic laws, granting authors exclusive rights.

Concerning the ownership of intellectual property rights for software, if an employee or contractor develops software, the default ownership of works created under an employment relationship or by commission belongs to the author.

However, unless explicitly specified in a contract or a non-disclosure agreement (NDA) transferring the work, the rights will remain with the author. The COESCCI clearly outlines this ownership, enabling the author to retain rights and receive fair remuneration. This legal framework ensures that the rights and compensation owed to authors, encompassing employees and contractors, are governed by the relevant legislation and international agreements.¹⁶

The data protection rules for client data in Ecuador are primarily governed by the LOPDP. This comprehensive legal framework emphasises legitimate bases for data processing, with a focus on consent and contractual relationships. When external service providers, designated as data processors, are involved, contractual agreements must explicitly define roles to enhance overall data protection. Additionally, the LOPDP advocates for the implementation of organisational and technical measures, such as confidentiality agreements with employees and adherence to ISO standards, to ensure the secure handling of personal data.¹⁷

In terms of data security, the LOPDP underscores the central principle, mandating a continual evaluation of technical and organisational measures, including anonymisation and encryption.¹⁸ In case of security breaches, the law mandates a prompt notification to relevant authorities, ensuring transparency and timely response measures.¹⁹

Regarding digital profiling, the LOPDP provides a comprehensive definition, while outlining data subject rights related to profiling.²⁰ The law places significant emphasis on transparency, as evidenced, obliging data controllers to inform individuals about automated assessments, including profiling.²¹ In summary, Ecuador’s LOPDP employs a multifaceted approach, combining legal, technical and organisational measures to secure client data. The law also regulates digital profiling practices within the country, ensuring transparency and protection of data subject rights.

Ecuador’s progress in integrating Fintech models into its financial system underscores the nation’s commitment to technological advancement. Notably, regulatory attention has been directed towards business models influencing transactional and payment systems, signaling a proactive approach in adapting to emerging trends. However, the current regulatory landscape is marked by a notable absence of clarity, especially in areas like crowdfunding, neobanks and securities market transactions, and cryptoassets.

This regulatory void is not just a challenge but, more significantly, a strategic opportunity. The nascent state of the market presents a unique chance for industry stakeholders to shape regulations that align with international standards, fostering an environment conducive to the introduction of innovative business models. The Ecuadorian market’s potential for growth is underscored by its receptivity to diverse industry players, particularly those offering cross-border services.

In addition to navigating regulatory nuances, a comprehensive examination of the impact of large language models (LLMs) on fintech services is imperative. This scrutiny should encompass aspects such as model training, inherent biases and the broader implications for individual rights, particularly in cases involving automated decision-making, profiling and personal data management.

As Ecuador maintains its regional position characterised by low inflation and high profitability, attributed primarily to a dollarised economy, the significance of a well-considered and adaptable regulatory framework cannot be overstated. The evolving nature of the market, with its potential for further maturity, presents a valuable opportunity for the fintech sector to thrive and contribute substantially to the nation’s economic landscape.