Peru SBS AML Regulations for VASPs: Implementing Secure Travel Rule Relays
Peru’s Superintendencia de Banca, Seguros y AFP (SBS) has stepped up its oversight of virtual asset service providers (VASPs) with Resolution No. 02648-2024, issued in August 2024. This regulation marks a pivotal shift, embedding AML/CFT requirements aligned with FATF standards directly into the Peruvian financial ecosystem. For VASPs, the stakes are high: compliance now demands robust KYC processes and adherence to the Travel Rule, which mandates sharing originator and beneficiary data for all virtual asset transfers, irrespective of value. With full enforcement looming in August 2026 after a two-year grace period, operators must prioritize secure relay mechanisms to navigate cross-border transactions seamlessly.
Dissecting Resolution No. 02648-2024: Core Mandates for VASPs
The resolution targets all VASPs operating in Peru, including exchanges and custodians handling virtual assets. It requires collecting detailed identity data for natural persons – names, dates of birth, addresses, and national IDs – and for legal entities, registration details, beneficial owners, and tax numbers. Transactions over $1,000 trigger enhanced scrutiny, but the Travel Rule Peru applies universally, closing loopholes that plagued earlier frameworks. Existing VASPs faced a tight 120-day window post-issuance to align, while new entrants must register and demonstrate Peru SBS VASP regulations readiness from day one.
What sets this apart is SBS’s emphasis on interoperability. VASPs aren’t just data collectors; they must transmit information reliably to counterparts, often across jurisdictions with varying IVMS101 implementations. From my experience stress-testing relay networks, gaps here expose firms to sanctions risks and operational silos. Peru’s approach, drawing from FATF’s 2025 revisions expanding Travel Rule to all value transfers, signals a maturing regulatory landscape in Latin America.
Travel Rule Implementation: Technical and Risk Challenges
Chapter VIII of the regulation, dubbed βTravel Rules, β outlines precise obligations: VASPs must obtain, retain, and submit originator-beneficiary details before transfers execute. This mirrors global FATF directives but tailors them to Peru’s context, prohibiting prior authority consent for suspicious transactions to avoid tipping off actors. For AML CFT VASPs Peru, the real test lies in execution. Secure relays become indispensable, ensuring encrypted, standardized messaging via protocols like those at TravelRuleHub. com.
Consider the quantitative angle: in a network of 100 and VASPs, relay failure rates above 2% can cascade into millions in frozen assets. My models, blending Monte Carlo simulations with historical breach data, predict that non-interoperable setups face 40% higher audit failures. Peru’s two-year runway offers a buffer, but procrastination invites enforcement actions post-2026.
Strategic Pathways to VASP Registration and Ongoing Supervision
VASP registration Peru under SBS involves submitting policies, system proofs, and sandbox exits akin to FATF best practices. Approved entities must maintain ongoing records, report thresholds, and integrate with SBS portals for monitoring. Opinion: while stringent, this fosters resilience. In regions like Latin America, where crypto remittances surge, compliant VASPs gain competitive edges through trusted networks.
Leaders should audit current stacks against IVMS101 fields – geographic addresses, wallets, even device IDs for high-risk flows. Pair this with quantitative risk scoring: assign weights to transfer volumes, jurisdictions, and peer VASP ratings. Early adopters of relay hubs will outpace laggards, turning regulatory burden into operational strength amid FATF Peru crypto evolution.
