On the map of Latin America, Costa Rica, which once had a relatively relaxed attitude towards cryptocurrencies, suddenly slammed the brakes on compliance. Recently, the country's legislative assembly unanimously passed an amendment to Law No. 7786 during its second debate, bringing "virtual asset service providers," which previously existed outside the traditional financial system, officially into the anti-money laundering (AML) battlefield: individuals and institutions engaged in the exchange of virtual assets for fiat currency, the exchange of one cryptocurrency for another, transfers, and custody or management of virtual assets are all included in a unified definition and must register with the Superintendence of Financial Entities (Sugef). They are required to fulfill obligations such as customer identification, due diligence, transaction record keeping, and suspicious transaction reporting. The shift was not sudden—by 2024, the FATF had already pointed out that Costa Rica had regulatory gaps in this area. Without taking corrective steps, it might be placed on a gray list, which would mean stricter international financial scrutiny, higher cross-border compliance costs, and a more fragile financial reputation. The collision between the relaxed old framework and the imminent risk of being listed forced a set of almost "uncontroversial" tough amendments, but for this small Latin American country, which has limited scale yet desires to capture the growth bonus of cryptocurrencies, the real challenge has just begun: under the pressure of FATF standards and compliance, does it regard cryptocurrencies as a source of risk that needs to be tamed, or does it strive to find a narrow path between innovation and compliance?
The Shadow of the Gray List Approaches: How FATF Forces Costa Rica to Shift
In 2024, the FATF officially called out Costa Rica and warned that there were significant gaps in the regulation of virtual asset service providers. It explicitly indicated that if the gaps were not addressed quickly, the next step could be being placed on a gray list. For any sovereign country, being on the gray list is not simply a matter of "damaged image." It means that all foreign financial institutions and partners involving that country's funds will have to undergo stricter scrutiny and more cumbersome due diligence processes, rapidly increasing compliance costs for cross-border financial transactions, and simultaneously pressuring financial reputation and the environment for capital flow. Once such systemic pressure is formed, it is difficult to reverse in the short term.
Before this, Costa Rica had maintained a relatively relaxed attitude towards cryptocurrencies and related service providers: virtual asset service providers were not systematically included in the traditional financial AML regulatory framework, lacking both clear legal definitions and the same level of KYC, due diligence, and suspicious transaction reporting obligations as banks and other financial institutions. For the industry, this seemed like a comfortable "compliance vacuum period"; for the FATF, it was a sufficiently large loophole. Once the warning was issued, procrastination equated to accepting a higher chance of being placed on the gray list. In a situation where costs were foreseeable, waiting became the most dangerous option.
Thus, the Costa Rican government chose to respond with the most significant signal—amending the law. Under the existing framework of Law No. 7786, it plugged the regulatory gap for virtual asset service providers, officially bringing them into the AML, counter-terrorism financing, and non-proliferation systems, directly described by officials as a step to respond to FATF requirements and avoid potential gray list risks and related international financial dangers. For a country with limited scale that does not want to be marked out in the international financial system, this is not an active embrace of a regulatory narrative but a strategically forced acceleration between external standards and internal spaces.
From "Laissez-faire" to "Listing": Who Will be Considered a Cryptocurrency Service Provider?
This time, Costa Rica no longer vaguely refers to the "cryptocurrency industry," but instead writes who is considered a "service provider" into a new chapter of Law No. 7786. The amendment gives a straightforward answer: any individual or legal entity engaged in the exchange of virtual assets for fiat currency, the exchange between different virtual assets, virtual asset transfers, or holding and managing virtual assets for others will be considered a "virtual asset service provider." In other words, whether it is facilitating buy-sell transactions, providing account wallets, or being responsible for helping clients move assets from one end of the chain to the other, as long as these key functions are involved, they will be pulled from the "gray area" into the regulatory list.
After being included in the list, the storyline shifts from technological innovation to "institutionalization." The new law requires all virtual asset service providers to register with the Superintendence of Financial Entities (Sugef), changing their identity from "start-ups" to regulated financial entities and aligning their AML and counter-terrorism financing obligations with traditional banks: identifying and verifying customer identities, fulfilling ongoing due diligence obligations, retaining transaction records, and reporting suspicious transactions to regulatory agencies. This is the first time Costa Rica has systematically set anti-money laundering and reporting responsibilities for cryptocurrency service providers, pushing what was previously seen as "marginal innovation" into the same compliance coordinate system as traditional finance.
A Playground for Cryptocurrency Start-ups or Raised Barriers: A New Reality of Entry Costs
In the new law text, Sugef registration is just a seemingly simple verb, but for any virtual asset service provider's operational table, it means a complete rewriting of the cost structure: to conduct customer identification and verification like a bank, to continually carry out due diligence throughout the customer lifecycle, to leave traces of every transaction, and to establish criteria for suspicious transactions within their systems and report them externally. For local teams that are already accustomed to "light assets and rapid iteration," this is no longer just filling out a few more forms; it requires hiring compliance officers who understand the regulations, setting up monitoring and reporting systems, and reserving budgets for potential on-site inspections, raising fixed costs and quantifying error costs into potential regulatory accountability and public opinion risks.
Different players face completely different threshold curves. Those small teams with only a few developers and operators, previously experimenting with product-market fit on the regulatory edge, will likely be forced to confront the role of "compliance department" for the first time: cut half of the R&D budget to hire a compliance officer or simply shut down business aimed at domestic users, becoming an "invisible" cross-border product entry in Costa Rica. In contrast, cross-border service providers that have already faced similar AML regulations in other jurisdictions are more focused on assessing whether the marginal cost of "replicating a set of compliance" is worth it, whether they should specifically lay out local KYC processes and reporting lines for the relatively limited Costa Rican market, or avoid local users through geographical barriers and terms restrictions. The likely result is that the industry will gradually shrink from "anyone being able to start a business to try" to being dominated by a few players capable of absorbing compliance costs, with other teams forced to pivot, merge, or exit.
As a result, controversies naturally surface: after the pressure from the FATF and the shift towards compliance, can Costa Rica still continue to tell a "crypto-friendly" story? Proponents argue that bringing virtual asset service providers under an AML framework similar to traditional finance is a necessary price to pay for international credibility and avoiding gray list risks, which, in the long run, is beneficial for attracting larger compliant capital; opponents focus on the immediate financials: a country that was once seen as a lenient jurisdiction is raising the entry barriers to almost the level of the banking industry, while the effective date of the amendment, transitional arrangements, and Sugef registration details have not yet been made public, leaving the so-called "friendliness" to linger more on slogans and expectations. This uncertainty alone is enough to deter a group of cost-sensitive entrepreneurs.
Benchmarking Against El Salvador and Brazil: Three Diverging Paths for Cryptocurrency Regulation in Latin America
If El Salvador, Brazil, and Costa Rica are currently on the same map of Latin America, then they are turning in completely different directions. In 2021, El Salvador elevated Bitcoin to the status of legal tender with a Bitcoin law, betting on the story of an influx of crypto capital and tourism, but it also took on the concerns of international financial institutions like the IMF regarding financial stability and AML risks; the regulatory parameters were intentionally loosened, prioritizing "attracting funds" over "controllable compliance." In contrast, Brazil established a national legal framework for crypto assets around 2022, directly bringing service providers into the sight of the central bank and securities regulators, dividing the industry into "licensed" and "outsiders" through licensing and AML obligations, attempting to rewrite the rules of the cryptocurrency industry using traditional financial tools.
The recent amendment in Costa Rica clearly did not follow El Salvador's high-profile route. It has not granted any cryptocurrency a legal tender status but instead chose to fill the regulatory gap for virtual asset service providers under the framework of Law No. 7786: clearly defining those engaged in exchange, transfer, custody, and so forth, requiring them to register with Sugef, fulfill customer identification, due diligence, transaction record retention, and suspicious transaction reporting obligations. This is essentially a response to the 2024 FATF warning, aiming to reduce gray list risks through "compliant governance." In terms of approach, Costa Rica is closer to the high-compliance model of Brazil, but with a different starting point: Brazil actively incorporated cryptocurrency into the national financial order, while Costa Rica is being pushed towards a medium-intensity regulatory shift from a lenient jurisdiction under external pressure. Thus, Latin America is shaping three clear paths around cryptocurrency: El Salvador bets on the legal tender experiment, trading risk for story; Brazil weaves a regulatory net with the central bank and securities commission; and Costa Rica seeks a narrow seam between FATF regulations and attracting crypto capital. The differentiation among these three strategies is reshaping the site selection and strategic landscape for cryptocurrency service providers in the region.
The Law is on the Road, but the Game Between Compliance and Innovation is Just Beginning
By unanimously passing the amendment in its second debate, Costa Rica has responded to the FATF warning with a text, filling the regulatory gap for virtual asset service providers under Law No. 7786, at least formally alleviating the most urgent pressure of being quickly pushed onto the gray list. However, what ultimately determines its fate in the FATF system is not the binary question of "whether to amend the law," but a series of Q&A on "how to execute": when exactly will the amendment take effect, whether existing service providers will receive a clear transition period, how Sugef will design the registration process and daily inspection standards, and these critical variables have not yet been made public. The FATF has also not given a public conclusion on the follow-up assessment of this amendment, so whether Costa Rica can thereby stabilize or even shake off the gray list risk remains uncertain. For cryptocurrency service providers, the passage of the law is just the starting point of a new signal, not a final ruling. On one hand, they will continue to concentrate their business on jurisdictions with clearer regulatory frameworks and more predictable compliance costs globally; on the other hand, they will deconstruct different functions like trading, custody, and user acquisition between El Salvador's radical experiments, Brazil's high-compliance model, and Costa Rica's medium-intensity shift, searching for new layout gaps and arbitrage opportunities amid the regulatory differences in the Latin American crossroads.
Join our community to discuss and become stronger together!
On-chain Telegram community: https://t.me/AiCoinWhaleData
On-chain community: https://www.aicoin.com/link/chat?cid=N6OVMor5g
AiCoin on-chain Twitter: https://x.com/aicoinwhaledata
Exclusive Hyperliquid benefits for AiCoin: https://app.hyperliquid.xyz/join/AICOIN88
Exclusive Aster benefits for AiCoin: https://www.asterdex.com/zh-CN/referral/9C50e2
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
