CMF regulation

NCG 502: Registration and Authorisation under the Fintech Law

The CMF’s General Standard No. 502, dated 12 January 2024 and in force since 3 February 2024, consolidates in a single instrument the Registry, the authorisation procedure, the disclosure obligations, the governance and risk management rules and the capital and guarantee requirements applicable to the providers of the technology-based financial services listed in Title II of Law 21.521.

This page maps NCG 502 from the ground up: what the standard is and why it matters, the nine-section structure that organises it, the six services it reaches, the registration and authorisation process, the governance and capital duties, the transitional regime and the later NCG 524 amendments. It closes with the frequently asked questions and the official source.

What is NCG 502?

The starting point is the origin of the norm and the breadth of what it puts into operation.

NCG 502 is the General Standard issued by the Comisión para el Mercado Financiero (CMF) on 12 January 2024 that puts Title II of Law No. 21.521 (the Fintech Law) into operation. The CMF grounds the norm in articles 1, 3, 5 (numerals 1, 8 and 18) and 20 (numeral 3) of Decree Law No. 3.538, and in articles 4 to 13 of Law 21.521, following the agreement of its Council in Ordinary Session No. 374 of 11 January 2024. It was signed by Solange Berstein Jáuregui, then chair of the Commission.

Its scope is broad: it does not merely open a registry. In a single instrument it sets out who must register, how authorisation is requested for each regulated service, what must be disclosed to clients, what governance and operational-risk duties the provider assumes, and how much capital and guarantees must be held. The instrument is therefore the first full supervisory framework for technology-based financial service providers in Chile, and the reference every firm in the perimeter works from when designing its compliance programme.

That breadth is easier to navigate with the map of the norm in view.

Structure of the norm

Nine sections plus three annexes, and a single provider can be touched by several at once.

NCG 502 is organised into nine sections plus three annexes. Understanding the map matters: each section contains the specific rules that apply to each regulated service, and the same provider can be touched by several of them at once.

SectionSubjectDetail
IRegistry of Financial Service ProvidersRequest for registration, cancellation and the three classes of exception (legal-person requirement, exclusive corporate purpose, Chilean domicile).
IIAuthorisation for the provision of servicesService-specific requirements for investment advisory, credit advisory, crowdfunding, alternative trading systems, order routing, and intermediation and custody of financial instruments (grouped together).
IIIDisclosure obligationsDisclosure and information-provision obligations to the client, by service.
IVCorporate governance and risk managementBoard responsibilities, written policies, risk function, internal audit, information security and cybersecurity, business continuity, outsourcing and proportionality.
VCapital and guaranteesClassification by business volume, minimum equity, risk-weighted assets for operational, market and credit risk, including specific treatment of crypto-assets.
VIOperational capacityOperational capacity.
VIIInherent activitiesInherent activities.
VIIIRepealRepeal.
IXEntry into forceEntry into force.

The three annexes contain the glossary of definitions and the templates for reporting operational incidents and operational losses.

The sections above calibrate their duties around the six regulated services listed next.

Services covered by the Fintech Law

Six regulated services, each with its own registration, authorisation, disclosure, governance and capital duties.

The Fintech Law defines six regulated services. NCG 502 calibrates the registration, authorisation, disclosure, governance and capital duties for each one. Intermediation and custody of financial instruments are treated jointly in Section II.F, which reflects that the same provider often performs both activities:

  • Investment advisory (asesoría de inversión).
  • Credit advisory (asesoría crediticia).
  • Crowdfunding platforms (plataformas de financiamiento colectivo).
  • Alternative trading systems (sistemas alternativos de transacción).
  • Order routing (enrutamiento de órdenes).
  • Intermediation and custody of financial instruments (intermediación y custodia de instrumentos financieros), treated jointly in Section II.F.

To offer any of those services, a provider first works through the registration and authorisation process.

Registry and authorisation process

Registration and authorisation are separate steps, and Section I adds three exceptions.

The registration request is filed electronically through the application made available on the CMF website, by the legal or contractual representative of the applicant, who is responsible for the accuracy and completeness of the information supplied. Registration by itself does not entitle the entity to operate: the provider must in parallel request the authorisation that corresponds to each specific service it intends to render, each one with its own supporting documentation set.

Section I also regulates three classes of exception, to the legal-person requirement, to the exclusive corporate purpose (giro exclusivo) and to the requirement of a Chilean domicile, which allow certain foreign or non-exclusive providers to register under specific conditions. Each exception comes with its own evidentiary and reporting obligations.

Once inside the register, the provider takes on the operational duties of Section IV.

Corporate governance and risk management

Section IV is the operational heart of the norm, applied proportionally.

Section IV is the operational heart of the norm. It breaks down by service the responsibilities of the board or equivalent body, the written policies and control mechanisms, the risk management function, internal audit, and the specific regimes for information security and cybersecurity, business continuity and outsourcing. Section IV also codifies the proportionality principle: smaller or lower-risk providers apply a lighter version of the same core duties, while providers with greater reach or systemic relevance face heightened requirements. Operational incidents and operational losses must be reported to the CMF using the templates in Annexes No. 2 and No. 3.

Alongside the operational régime, Section V sets the prudential floor of capital and guarantees.

Capital and guarantees

A graduated prudential framework, classified by business volume.

Section V establishes a classification of providers by business volume and, on that basis, the minimum equity and guarantees that must be maintained. It also sets out how risk-weighted assets are computed for operational, market and credit risk, including the treatment of counterparty risk and a specific regime for crypto-assets with its list of type-A crypto-assets. The result is a graduated prudential framework, calibrated to the activity, that aligns with the CMF’s supervisory practice in other regulated sectors.

These duties came into force under a transitional regime with a fixed filing deadline.

Repeal and transitional regime

The norm repeals two 2023 standards and phased in existing providers by a fixed deadline.

Section VIII of NCG 502 repeals General Standards No. 493 and No. 494 of 2023, which had provisionally regulated aspects of the fintech transition. Section IX sets the entry into force at 3 February 2024.

Under the transitional rules, providers of crowdfunding platforms, alternative trading systems, credit advisory, custody of financial instruments, order routing and intermediation of financial instruments who were already performing those activities as of the entry into force had until 3 February 2025 to file their registration and authorisation requests. The CMF expressly warned that registration alone does not entitle the entity to provide the service, so the registration and authorisation filings had to proceed in parallel. Firms that missed the deadline, or whose filings were later declared abandoned or rejected, lost the possibility of continuing to operate the service while the procedure was pending.

Since that entry into force, one later standard has already reshaped parts of NCG 502.

Later amendments: NCG 524

The December 2024 amendment refines the wording and adds a new authorisation carve-out.

On 2 December 2024 the CMF issued NCG 524, which amends NCG 502 on several fronts: it refines the wording of the registration request, it narrows the concept of “prior intent of intermediation” so that assignments of financial instruments made solely for collateral, guarantee, custody or collection purposes do not fall within the intermediation service, it rewrites the exception of exclusive corporate purpose (Title C.2) and of the Chilean domicile (Title C.3) and it adds a new Title G creating a targeted exception to the authorisation requirement for entities with a ten-year clean compliance record that serve only qualified investors.

The most frequent questions on the norm and its perimeter are gathered below.

Frequently asked questions about NCG 502

Scope, addressees, transitional deadlines, governance, capital and the NCG 524 amendments.

What is CMF NCG 502?

NCG 502 is the General Standard issued by the Chilean Financial Market Commission (CMF) on 12 January 2024, in force since 3 February 2024. It puts Title II of Law No. 21.521 (the Fintech Law) into operation and consolidates in a single instrument the Financial Service Providers Registry, the service-by-service authorisation procedure, the client-disclosure duties, the corporate-governance and risk-management requirements, and the capital and guarantee rules.

Who does NCG 502 apply to?

It applies to providers of the six technology-based financial services regulated by Title II of the Fintech Law: investment advisory, credit advisory, crowdfunding platforms, alternative trading systems, order routing, and intermediation and custody of financial instruments (treated jointly). Registration and per-service authorisation are independent requirements that must be filed in parallel.

What are the transitional deadlines under NCG 502?

Providers already performing crowdfunding, alternative trading, credit advisory, custody, order routing or intermediation activities at the time of entry into force (3 February 2024) had until 3 February 2025 to file their registration and authorisation requests. Registration alone does not entitle the entity to provide the service. Firms that missed the deadline, or whose filings were declared abandoned or rejected, lost the possibility of continuing to operate the service while the procedure was pending.

What corporate-governance and risk-management obligations does NCG 502 impose?

Section IV requires the board or equivalent body to assume explicit responsibility for written policies and control mechanisms, an independent risk-management function, internal audit, and specific regimes for information security and cybersecurity, business continuity and outsourcing. The norm codifies the proportionality principle: smaller providers apply a lighter version, while providers with greater reach face heightened requirements. Operational incidents and operational losses must be reported to the CMF using the templates in Annexes No. 2 and No. 3.

What capital and guarantees must providers hold under NCG 502?

Section V classifies providers by business volume and, on that basis, sets the minimum equity and guarantees required. It also establishes how risk-weighted assets are computed for operational, market and credit risk, including counterparty risk and a specific regime for crypto-assets with the list of type-A crypto-assets. The result is a graduated prudential framework, calibrated to the activity.

How did NCG 524 amend NCG 502?

NCG 524, issued on 2 December 2024, amended NCG 502 on several fronts: it refined the wording of the registration request, it narrowed the concept of "prior intent" of intermediation to exclude assignments made solely for collateral, guarantee, custody or collection purposes, it rewrote the exception of exclusive corporate purpose (Title C.2) and Chilean domicile (Title C.3), and it added a new Title G creating a targeted exception to the authorisation requirement for entities with a ten-year clean compliance record that serve only qualified investors.

Further reading

Transform Your Legal Challenges into Competitive Advantages

Discover how our innovative approach can drive your business

© 2025 AnguitaOsorio, all rights reserved.
Chile

Contact

Contáctanos

Phone:

+56 2 2760 4512

Location:

Cerro el Plomo 5420, office 1306, Las Condes, Metropolitan Region.