CNV Regulates Virtual Asset Service Providers (VASPs)

Last Thursday, March 13, General Resolution No. 1058/2025 (the "Resolution") was published in the Official Gazette. This Resolution, issued by the Comisión Nacional de Valores ("CNV" and analogous to SEC in the US), increased the previously scarce regulation that Virtual Asset Service Providers ("VASPs") had in Argentina to register and operate in the Argentine market.

VASPs are individuals or legal entities that, as a commercial activity, offer exchange services between digital assets and legal tender currencies, transfers of virtual assets, digital custody, or participate in the offering and sale of these assets.

The most relevant points of the Resolution are detailed below:

1)   Requirements for registration in the VASP Registry and subsequent operation as a VASP:

• Legal entities established in Argentina that wish to operate as VASPs must be constituted only under the corporate type of (i) corporation; or (ii) limited liability company. Therefore, companies constituted under a different corporate type must transform themselves.

• Foreign companies can operate as VASPs in Argentina in two ways: by establishing an Argentine company that registers as a VASP and complies with local regulations, or by establishing a branch or permanent representation according to Article 118 of the General Companies Law.

• They must have a website with a ".ar" domain, and a special email address and telephone number for customer complaints.

• They must designate (i) a Regulatory Compliance and Internal Control Officer, and (ii) a Public Relations Officer, and identify their personal data.

• They must prepare "Information Security Policies", "Consumer Advertising Policy," and "Code of Conduct" containing the minimum information established by the new resolution.

• Submit financial statements legalized by the CPCECABA, accrediting Minimum Net Worth (expressed in dollars at the "Wholesale" exchange rate published by the BCRA), according to the type of activity carried out by the VASP.

2)   Obligations and submissions during the development of the activity:

• VASPs with a transactional or custody volume of less than US$2,500,000 in the last 12 months can maintain only 50% of the Minimum Net Worth required for their category. The CNV must be kept informed of the reduction in Minimum Net Worth.

• Have "Procedure Manuals" directed to clients, detailing the technical and operational procedures used.

• Have a "Cybersecurity Procedure Manual," which must address: (i) procedures for managing cyber risks; (ii) mechanisms to safeguard information and identify weaknesses; (iii) control mechanisms and measures; (iv) processes for recognizing potential risks; and others expressly detailed in the Resolution.

• Maintain an updated database and a backup copy regarding: (i) offers entered into the system; (ii) registered operations; (iii) dates, hour and minutes, amount offered, type of asset, blockchain hash code (TXID), client identification, among other data.

• An annual systems audit must be carried out by a computer expert, and its conclusions transcribed in the company's books (board of directors or management minutes as the case may be).

• They must keep accounting records, client identity, communications, and relevant files for a minimum period of 10 years.

3)   Reporting regime to the AIF (Financial Information Highway):

• Within the first 15 calendar days after the end of each calendar month, a report must be submitted, declaring the number of clients, the monthly volume of operations expressed in dollars, and detailing the 10 most traded virtual assets.

• Annually, within 70 calendar days after the end of the calendar year, they must submit (i) an annual system audit report; and (ii) a report issued by the Regulatory Compliance and Internal Control Officer.

4)   Agreements with third parties:

• VASPs are authorized to enter into agreements with third parties for the delegation of certain functions. In no case can a disclaimer of responsibility be agreed upon by the registered VASP; if the VASP delegates its own functions to third parties, it will continue to be responsible for the activity.

• All agreements entered must be communicated to the AIF within 5 days of being concluded and will be confidential.

5)   Non-compliance with the Resolution:

• The CNV may suspend or revoke registrations for non-compliance and the sanctions provided for in Article 132 of the Capital Markets Law No. 27,739 will be applied (fines, warnings, disqualifications, suspensions, prohibitions to continue operating)