Canada    FinTech Guide    Chapter 11    Uruguay

11. Identification
Uruguay  Uruguay

There is an increasing interest in this type of services.

Legal Affairs

If the identification services described above are for the benefit of an entity which is under the control of the CBU, it may be deemed that the same is an outsourcing of services of such entity and therefore an authorization of the CBU would be necessary.

If the identification services, are electronic signature and tokens, that have been instated through Law 18.600 and the regulatory Decree, a license would be required.
In order to qualify as an identification service provider, certain requirements and obligations are in order:

  • The provider must be a natural or legal person, providing sufficient economic warranty and solvency to provide such service.
  • To comply with the necessary qualified staff with the required knowledge and expertise to provide such services of certification, as well as the security and managing in the advanced electronic signature market.
  • Comply with the tools and standards of the Electronic Certification Unit.
  • Being domiciled in the Republic of Uruguay, this being that the technological infrastructure and other material and human resources are located in Uruguayan territory.

According to section 18 of Law 18.600, all electronic certification services provider must:

  1. Abstain from demanding, taking knowledge or accessing under any circumstance to the creation of the electronic signature done by the users certified by the own provider.

  2. To provide to the requirer, prior to the expedition of the electronic signature, a set of minimum information done without cost and through physical or electronic format, which includes:

    • The providers obligations, including the way the token must be kept safe, the procedure to follow in case of loss of theft, as well as the devices that are compatible with the token provided.

    • The different procedures in order to guarantee the trustiness of the of the electronic signature through time.

    • The method used by the provider in order to fully check the identity of the signer and all other data which arise from the certificate.

    • The correct use of the device, it’s possible limitations and the way the provider ensures its own patrimonial responsibility.

    • The accreditations and endorsements that the provider has obtained.

    • All other information included in the certification usage statement.

    • To keep an up-to-date registry of the certifications provided, including the number of equipment provided, and if they are in force up to date. Such registry shall be protected through adequate means of protection.

    • To guarantee the availability of a consulting service regarding the number of the certificates in force.

    • To inform Electronic Certification Unit of any modification regarding the conditions precedent which allowed the accreditation and inscription in the Electronic Certification Providers Registry Unit.

Other identification services not included within the scope of the above reference regulations do not require any type of license.

Economic Conditions

No data available.


Our Government has taken a particular interest in regulating and promoting FinTech and different technological projects in the country regarding finance, as well as the identification and electronic signature, through modern regulations and legislation, specifically through dispositions and regulations of the CBU and national laws. Such actions are planned to continue in the present year and in the near future.

KYC Requirements

I. Regulatory Framework

  1. Anti-Money Laundering Law No 19.574, effective as of January 10, 2018;
  2. Decree No 379/018, effective as of November 20, 2018;
  3. Financing of Terrorism Law N° 19.749, effective as of May 29, 2019;
  4. Decree N° 136/019, effective as of May 29, 2019; and
  5. Financial System´s Control and Regulatory Regulations issued by the Central Bank of Uruguay, current AML sections effective as of November 23, 2018.

National regulator: The main regulator for AML controls is the Anti-Money Laundering and Terrorism Financing Secretary. However, in the financial sector, the Central Bank of Uruguay, acting through the UIAF (Unit of Financial Information and Analysis) also plays an important role.

II. Customer Due Diligence (Know your customer identification)

Process: The Due Diligence process varies in scope depending on which is the entity performing the due diligence. In certain cases the face to face identification is required. In other cases it is sufficient to obtain and verify certain personal and business information. However, minimum standards for KYC identification process include obtaining the following data:

  1. For natural persons:
    • Full name and last name.
    • Place and date of birth.
    • Identification document and number.
    • Tax identity number.
    • Civil status.
    • Domicile and phone number.
    • Profession.
    • Income.
  2. For legal entities:
    • Name.
    • Date of incorporation.
    • Domicile and phone number.
    • Tax identity number.
    • Articles of incorporation and good standing certificate.
    • Income.
    • Corporate structure.
    • Compliance with Ultimate Beneficial Owners Law No. 19.484.

It is possible to meet customer due diligence requirements by relying on third parties who are obliged by law themselves to comply with AML regulations. However, the designated entities to perform due diligence shall keep the final responsibility of it.

Third party entities:

  • Depending on the case, entities who are themselves obliged to perform due diligence. In all cases the final responsibility resides on the hiring party.

It is legally permitted to outsource customer due diligence by contract to other third parties who are not obliged by law to meet AML regulations and rely on these. Certain financial regulated entities are allowed to outsource customer due diligence obtaining prior authorization from the regulator (and shall hold the final responsibility); other may only outsource the due diligence on parties who are obliged by law to meet AML regulations.

License or regulation requirements: Customer due diligence outsourcing is only permitted for limited entities. The outsourced party must comply with specific requirements set forth by the Central Bank of Uruguay´s regulations. As a general rule the outsourcing will need to be previously authorized by the Central Bank. However, in certain cases the outsourcing will be considered as authorized provided the outsourcing complies with specific requirements.

The relevant authority for outsourcing customer due diligence services is the Central Bank of Uruguay. The requisites for the outsourcing will depend on which is the entity that wishes to outsource such services. However, as a general rule, the requisites are the following:

  1. The outsourced entity must apply the due diligence proceedings established by the outsourcing entity.
  2. The outsourcing entity must obtain and preserve the relevant information and documentation for the identification of the customers.
  3. The outsourcing entity will be responsible and liable for the due diligence outsourced services.
  4. The outsourcing may not be used for monitoring accounts and transactions in order to detect patterns in the behavior of the customers.
  5. The outsourced entity must be a financial entity registered before the financial regulator and such regulator must control and supervise the due diligence process applied by the outsourced entity.
  6. The outsourced party must be based in a country that is not under the application of special measures by the Financial Action Task Force.
  7. The outsourcing must be regulated in written agreement that must contain certain clauses.

Notwithstanding the above, all outsourcings will need to be analyzed on a case to case basis.

Signature Requirements

I. Specific Form Requirements

There are no specific formal requirements for making a binding declaration of intention. It is common practice to execute a written declaration. However, the declaration could also be made electronically. Please refer to the section "Conclusion of contracts by electronic signature" below.

Conclusion of loan agreement: Under Uruguayan law there is no formal requirement to effectively conclude a loan agreement (verbal consent is enough). However, it is common practice to execute a written agreement regulating the terms of the loan. The execution of a written agreement is also advisable for facilitating proof in a potential claim.

Conclusion of contracts by electronic signature: Electronic signatures are permitted and regulated by Law No 18.600. The conclusion of a contract by using an electronic signature is not a common practice in Uruguay. It is, however, possible to do so.

There is a specific procedure for obtaining an electronic signature. The procedure begins before the Uruguay´s Post Office and then, depending on which type of electronic signature is needed, the procedure continues before an authorized vendor. Authorized vendors need to fulfill the requirement set forth in Law No 18.600.

Additionally, parties may agree to sign electronically electronic documents. Evidence of such agreement must be obtained (it has not been clarified whether such first agreement needs an original signature).

Conclusion of an electronic contract that has to match with specific formal requirements is not convenient in the country.

Legal consequences if formal requirements are not fulfilled: It will depend on the required formality. As a general rule, the contract will not be effective until the formal requirement is fulfilled. In certain cases the contract will be deemed null and void (i.e. real estate property sale).

II. Procedure of Signing in Practice

Contractual agreements in B2B sector: Agreements are usually executed in wet handwritten signatures with all parties present. In some cases agreements are executed in counterparts. Moreover, in some specific cases in which a notary´s intervention is required by law, agreements are executed with certified signatures.

In the tech arena agreements it is becoming very common to obtain an electronic consent, by clicking an electronic acceptance (after obtaining relevant users ID and passwords and keeping evidence of the same).

Contractual agreements in B2C sector: In some cases there are no written agreements executed. Sale of goods and provision of services are documented with invoices. In certain cases written agreements are signed by means of a pre-printed form, which is handed to the consumer.

Contributing Authors

Guyer & Regules

Federico Susena
Montevideo, Uruguay

John Leaman
Montevideo, Uruguay

Search by:

Chapter Index:

1. Payment Services / Mobile Payment

2. Asset and Portfolio Management

3. Consulting and Broking Services / Robo-advisory / Auto-trading

4. Trading Platforms / Social Trading Platforms / Signal Following

5. Crowdfunding / Crowdinvesting / Crowdlending

6. Virtual Currency - Bitcoin

7. Loan Services / Factoring / Loan Broking / Finetrading

8. Online Banking Services

9. Analytics and Research / Data Management / Risk Management

10. Accounting

11. Identification

12. Online-pawning

13. InsurTech

14. RegTech

15. Initial Coin Offerings (ICOs)

The information in this guide provides a general overview at the time of publication and is not intended to be a comprehensive review of all legal developments nor should it be taken as opinion or legal advice on the matters covered. It is for general information purposes only and readers should take legal advice from a Multilaw member firm.

Publication Date: 1 August 2019