EL SALVADOR Trends and Developments Contributed by: Héctor Torres, Torres Legal
• Legal structuring: Determine early whether the instrument is debt-like, equity-like or revenue- share, and map the LEAD authorisations, disclo- sures and ongoing duties. If distribution will be cross-border, prepare a matrix of private offering exemptions and resale restrictions in target mar- kets, and align the smart contract logic with the final term sheet – coupons, waterfalls, events of default and trustee/agent powers. • Custody and wallet architecture: Institutional allo- cators will expect segregated custody, multi-sig- nature or multi-party computation (MPC) controls, and disaster recovery playbooks. The 2024 cyber statute strengthens the case for vendor govern- ance, and underwriters will ask to see system and organisation control (SOC)-type assurances or equivalent third-party reports. • Data protection by design: Tokenisation ecosys- tems handle identity, payments and telemetry. The Personal Data Protection Law requires lawful bases (consent, contract, legitimate interest, etc), cross-border transfer mechanisms and breach notification disciplines, which should be baked into onboarding flows and data processing agreements from the outset. • Disclosure that looks like a prospectus: LEAD issuers should provide a plain English (and Span- ish) offering memorandum describing the busi- ness model, risk factors, covenant package, smart contract architecture, oracles and contingency plans (eg, chain migration, key loss). The goal is to make the digital wrapping almost irrelevant: an investor should be able to underwrite the risk as they would a conventional note, then benefit from better plumbing. • Governance and dispute resolution: Smart con- tracts reduce ambiguity, not disputes. Contracts should nominate governing law, arbitration and exclusive remedy architecture consistent with the code. For token-holders, clarity on amendments (quorum, thresholds, consent mechanics) and on- chain/off-chain interfaces is decisive. The benefits that matter to chief financial officers and investment committees Tokenisation talk often drifts into ideology. Corporate treasurers and investment committees care about unit
economics and control. In El Salvador, there are five board-level benefits. • Lower issuance friction: Once playbooks exist, on-chain issuances can shorten time to capital by weeks. Document automation, embedded KYC and whitelisted distribution remove repetitive mid- dle steps. • Operational transparency: Always-on dashboards for covenants, collateral and flows reduce meet- ings, emails and disputes. Managers spend less time explaining and more time operating. • Programmable compliance: Transfer restrictions, hard caps, concentration limits and sanctions filters can be coded – and audited – in the smart contract. Compliance teams document intent and evidence, not just policies. • Better investor experience: Token-holders see their assets, flows and risk in real time, which promotes larger tickets over time, reduces churn and makes secondary windows viable. • Reduced agency costs: There are fewer intermedi- aries, fewer reconciliation steps, fewer “trust me” moments. Service providers focus on adding value – with respect to origination, analytics and risk – rather than forwarding PDFs. Key risks and how to allocate them Tokenisation does not eliminate risk; it reallocates it and makes it more observable. • Regulatory execution risk: LEAD procedures, while clear, still require thorough filings and service pro- vider oversight. Issuers should build conservative timelines and avoid marketing until authorisations are in hand. Where the business touches payments or e-money, time should be added for BCR/SSF engagement. • Cyber and operational risk: Smart contract bugs, key compromise and vendor outages can erase the efficiency gains. The 2024 cyber statute’s governance expectations help define minimums, but boards should go further via independent code audits, bug bounty programmes, key ceremony playbooks and tested incident response plans. • Data protection risk: Identity data, transaction telemetry and internet of things (IoT)-linked oracles create privacy exposure. Data minimisation and
119 CHAMBERS.COM
Powered by FlippingBook