NCG 502: Registration and Authorisation under the Fintech Law

The CMF’s General Standard No. 502, dated 12 January 2024 and in force since 3 February 2024, consolidates in a single instrument the Registry, the authorisation procedure, the disclosure obligations, the governance and risk management rules and the capital and guarantee requirements applicable to the providers of the technology-based financial services listed in Title II of Law 21.521.

What is NCG 502?

NCG 502 is the General Standard issued by the Comisión para el Mercado Financiero (CMF) on 12 January 2024 that puts Title II of Law No. 21.521 (the Fintech Law) into operation. The CMF grounds the norm in articles 1, 3, 5 (numerals 1, 8 and 18) and 20 (numeral 3) of Decree Law No. 3.538, and in articles 4 to 13 of Law 21.521, following the agreement of its Council in Ordinary Session No. 374 of 11 January 2024. It was signed by Solange Berstein Jáuregui, then chair of the Commission.

Its scope is broad: it does not merely open a registry. In a single instrument it sets out who must register, how authorisation is requested for each regulated service, what must be disclosed to clients, what governance and operational-risk duties the provider assumes, and how much capital and guarantees must be held. The instrument is therefore the first full supervisory framework for technology-based financial service providers in Chile, and the reference every firm in the perimeter works from when designing its compliance programme.

Structure of the norm

NCG 502 is organised into nine sections plus three annexes. Understanding the map matters: each section contains the specific rules that apply to each regulated service, and the same provider can be touched by several of them at once.

  • I. Registry of Financial Service Providers — request for registration, cancellation and the three classes of exception (legal-person requirement, exclusive corporate purpose, Chilean domicile).
  • II. Authorisation for the provision of services — service-specific requirements for investment advisory, credit advisory, crowdfunding, alternative trading systems, order routing, and intermediation and custody of financial instruments (grouped together).
  • III. Disclosure and information-provision obligations to the client, by service.
  • IV. Corporate governance and risk management — board responsibilities, written policies, risk function, internal audit, information security and cybersecurity, business continuity, outsourcing and proportionality.
  • V. Capital and guarantees — classification by business volume, minimum equity, risk-weighted assets for operational, market and credit risk, including specific treatment of crypto-assets.
  • VI. Operational capacity.
  • VII. Inherent activities.
  • VIII. Repeal.
  • IX. Entry into force.

The three annexes contain the glossary of definitions and the templates for reporting operational incidents and operational losses.

Services covered by the Fintech Law

The Fintech Law defines six regulated services. NCG 502 calibrates the registration, authorisation, disclosure, governance and capital duties for each one. Intermediation and custody of financial instruments are treated jointly in Section II.F, which reflects that the same provider often performs both activities:

  • Investment advisory (asesoría de inversión).
  • Credit advisory (asesoría crediticia).
  • Crowdfunding platforms (plataformas de financiamiento colectivo).
  • Alternative trading systems (sistemas alternativos de transacción).
  • Order routing (enrutamiento de órdenes).
  • Intermediation and custody of financial instruments (intermediación y custodia de instrumentos financieros) — treated jointly in Section II.F.

Registry and authorisation process

The registration request is filed electronically through the application made available on the CMF website, by the legal or contractual representative of the applicant, who is responsible for the accuracy and completeness of the information supplied. Registration by itself does not entitle the entity to operate: the provider must in parallel request the authorisation that corresponds to each specific service it intends to render, each one with its own supporting documentation set.

Section I also regulates three classes of exception \u2014 to the legal-person requirement, to the exclusive corporate purpose (giro exclusivo) and to the requirement of a Chilean domicile \u2014 which allow certain foreign or non-exclusive providers to register under specific conditions. Each exception comes with its own evidentiary and reporting obligations.

Corporate governance and risk management

Section IV is the operational heart of the norm. It breaks down by service the responsibilities of the board or equivalent body, the written policies and control mechanisms, the risk management function, internal audit, and the specific regimes for information security and cybersecurity, business continuity and outsourcing. Section IV also codifies the proportionality principle: smaller or lower-risk providers apply a lighter version of the same core duties, while providers with greater reach or systemic relevance face heightened requirements. Operational incidents and operational losses must be reported to the CMF using the templates in Annexes No. 2 and No. 3.

Capital and guarantees

Section V establishes a classification of providers by business volume and, on that basis, the minimum equity and guarantees that must be maintained. It also sets out how risk-weighted assets are computed for operational, market and credit risk, including the treatment of counterparty risk and a specific regime for crypto-assets with its list of type-A crypto-assets. The result is a graduated prudential framework, calibrated to the activity, that aligns with the CMF\u2019s supervisory practice in other regulated sectors.

Repeal and transitional regime

Section VIII of NCG 502 repeals General Standards No. 493 and No. 494 of 2023, which had provisionally regulated aspects of the fintech transition. Section IX sets the entry into force at 3 February 2024.

Under the transitional rules, providers of crowdfunding platforms, alternative trading systems, credit advisory, custody of financial instruments, order routing and intermediation of financial instruments who were already performing those activities as of the entry into force had until 3 February 2025 to file their registration and authorisation requests. The CMF expressly warned that registration alone does not entitle the entity to provide the service, so the registration and authorisation filings had to proceed in parallel. Firms that missed the deadline, or whose filings were later declared abandoned or rejected, lost the possibility of continuing to operate the service while the procedure was pending.

Later amendments: NCG 524

On 2 December 2024 the CMF issued NCG 524, which amends NCG 502 on several fronts: it refines the wording of the registration request, it narrows the concept of \u201cprior intent of intermediation\u201d so that assignments of financial instruments made solely for collateral, guarantee, custody or collection purposes do not fall within the intermediation service, it rewrites the exception of exclusive corporate purpose (Title C.2) and of the Chilean domicile (Title C.3) and it adds a new Title G creating a targeted exception to the authorisation requirement for entities with a ten-year clean compliance record that serve only qualified investors.

Further reading

Transform Your Legal Challenges into Competitive Advantages

Discover how our innovative approach can drive your business

Schedule ConsultationMeet the Team
© 2025 AnguitaOsorio, all rights reserved.
Chile

Our Company

Contact

Contáctanos

Phone:

+56 2 2760 4512

Location:

Cerro el Plomo 5420, office 1306, Las Condes, Metropolitan Region.