Costa Rica Crypto Company Setup 2026: No-License Guide

Searching for a crypto license in Costa Rica? Here's the truth most competitors won't tell you: Costa Rica issues no cryptocurrency license, no VASP registration, and no digital asset permit. That's not a problem — it's the jurisdiction's most powerful feature. Crypto companies incorporate as a standard Sociedad Anónima (SA) or Sociedad de Responsabilidad Limitada (SRL) under general commercial law, operate legally with zero corporate tax on international income, and avoid the multi-month licensing timelines that drain capital in regulated jurisdictions. This guide covers every element of Costa Rica crypto company formation in 2026: the legal framework, the right entity structure, AML/CFT compliance requirements, banking strategy, tax treatment, annual obligations, and the practical steps — including the Firma Digital workaround every foreign founder needs to understand. Setup takes 4–8 weeks. No residency required.

Costa Rica Crypto Company Formation: No License Required in 2026

Last Updated: May 29, 2026. Reviewed by Privacy Solutions Legal & Compliance Team.

Costa Rica's Crypto Regulation in 2026: The Truth About Licensing

Costa Rica does not issue a cryptocurrency license. There is no VASP registration, no DASP authorization, and no fintech permit specifically for crypto. This is not a gap in the legal system — it is the jurisdiction's defining competitive advantage, and understanding it correctly is the difference between a well-structured operation and a compliance mistake.

Crypto businesses in Costa Rica operate under the Código de Comercio — the same general commercial code that governs every other type of business. You incorporate a standard legal entity, specify your business activities in the corporate purpose clause, and operate. No regulator reviews your business model before you launch. No license application waits on a bureaucratic desk for three months.

The legislative landscape is worth tracking. Bill 22.837 — the Crypto Asset Market Regulation — was introduced with the aim of creating a formal VASP licensing framework. It was archived and is no longer active. Two successor bills, Expediente 25.340 and Expediente 25.362, have since been introduced with different regulatory approaches. As of May 2026, neither has been enacted into law, and no legislative timeline for passage has been established.

What Requires Authorization in Costa Rica vs. What Doesn't

Activity	Authorization Required?	Governing Authority
Operating a crypto exchange for international customers	No	None — general commercial law
Offering custodial wallet services internationally	No	None — general commercial law
Running a crypto OTC desk internationally	No	None — general commercial law
DeFi protocol development and deployment	No	None — general commercial law
Crypto payment processing internationally	No	None — general commercial law
Tokenized public securities offering to CR residents	Yes	SUGEVAL
Collective investment scheme with CR retail investors	Yes	SUGEVAL
Operating as a regulated financial intermediary	Yes	SUGEF
Accepting deposits in fiat currency	Yes	SUGEF / BCCR
Soliciting regulated investments from CR residents	Yes	SUGEVAL

The pattern is clear: activities that involve financial intermediation, public securities, or solicitation of Costa Rican retail investors trigger oversight. Everything else operates under general commercial law.

Download: 2026 Costa Rica Crypto Compliance Playbook

The Legal Status of Cryptocurrencies in Costa Rica

Cryptocurrencies are not legal tender in Costa Rica but are not prohibited. The Banco Central de Costa Rica (BCCR) has been explicit on this: crypto is not currency within the meaning of Costa Rican monetary law, but there is no legal prohibition on holding, trading, or accepting crypto in private transactions.

The BCCR's position frames crypto as an intangible asset under general commercial law — closer to a contractual right or commodity than to currency or a regulated financial instrument. This framing matters: it means crypto transactions don't fall under banking law or monetary transmission regulation. No capital gains tax applies to crypto-to-crypto or crypto-to-fiat conversions on offshore-sourced income. The Dirección General de Tributación (DGT) has issued guidance confirming that crypto transactions are not subject to VAT under the current interpretation of the tax code. Founders should note that regulatory interpretations evolve and should monitor DGT pronouncements annually.

Why "No License Required" Is a Competitive Advantage

Licensed jurisdictions — Estonia, Lithuania, El Salvador — impose ongoing compliance costs, minimum capital requirements, annual regulatory reporting, and mandatory audits. Costa Rica offers the same legal operating capability without any of those costs or constraints.

The speed advantage alone is material. A Costa Rican crypto company can be incorporated and operational within 2–4 weeks. An Estonian VASP license takes 3–6 months. An El Salvador DASP authorization takes 10–14 weeks and costs approximately USD 20,000 in setup fees alone. A Cayman VASP registration runs USD 30,000–50,000 in first-year costs.

Additional advantages of the no-license framework:

No license renewal fees — no annual regulatory payment to maintain operating status
No mandatory regulatory audits — banking partners set the audit standard, not the government
No minimum capital requirements — capital structure is entirely the founder's decision
No business model pre-approval — pivot from spot trading to DeFi without regulatory permission
No regulatory waiting period before launch — begin operations immediately after incorporation
No regulator to report breaches to — compliance is between you and your banking partners

The tradeoff is institutional credibility. Some institutional counterparties and enterprise clients treat a licensed jurisdiction as a trust signal. The solution for businesses that need that signal is a dual-structure: Costa Rican holding company for tax efficiency, plus a licensed subsidiary in a regulated jurisdiction for client-facing operations. That structure often costs less than a standalone licensed entity while providing both benefits.

When SUGEVAL Jurisdiction Does Apply

The Superintendencia General de Valores (SUGEVAL) regulates activities involving public securities offerings, collective investment schemes, and financial intermediation. Most crypto startups do not come close to triggering SUGEVAL oversight — but the line matters.

SUGEVAL jurisdiction is triggered when the activity involves offering investment products to the Costa Rican public, not simply because the product involves crypto. Here is how the line falls in practice:

Does NOT trigger SUGEVAL:

A DeFi protocol with a governance token (governance token is not a security offering under CR law)
A crypto OTC desk not holding client funds in discretionary accounts
A centralized exchange serving international customers (not soliciting CR retail investors)
A custodial wallet service for international clients
A crypto mining company selling hardware or hashrate internationally

May trigger SUGEVAL — legal analysis required:

A tokenized real estate fund open to Costa Rican residents
A token sale explicitly marketed to Costa Rican investors as an investment opportunity
A yield-bearing token structured as a collective investment scheme
A crypto lending platform accepting deposits from Costa Rican residents

The test is not "does this involve crypto?" — it is "does this constitute a public offering of securities or financial intermediation directed at Costa Rican residents?" If the answer is yes or ambiguous, a formal legal opinion from qualified Costa Rican counsel is essential before launch.

Types of Crypto Businesses That Operate From Costa Rica

Costa Rica's permissive framework accommodates nearly every crypto business model. The constraint is not regulation — it is banking and operational infrastructure. Understanding which business models fit best shapes both your entity structure and your banking strategy.

Crypto Exchanges and Trading Platforms

Centralized exchanges operating from Costa Rica can serve international customers without a license. The operational challenge is banking, not regulation.

A Costa Rican SA or SRL can legally operate spot trading, derivatives, and margin platforms for international users. The corporate purpose clause should specifically reference "digital asset exchange services," "cryptocurrency trading," and related activities. The primary operational bottleneck is establishing fiat on/off ramps — which requires banks and payment processors who have evaluated and accepted your AML/KYC program.

Key considerations for exchange operators:

AML/KYC program: Banking partners require a written, implemented AML/KYC program aligned with FATF Recommendation 15 before onboarding. This is a banking requirement, not a regulatory one.
Transaction monitoring: Real-time and batch transaction monitoring is expected by banking partners for exchange volumes over USD 500K monthly.
Counterparty screening: OFAC, UN, and EU sanctions screening of customers and counterparties is standard expectation.
Custodial structure: Exchanges holding customer crypto assets should implement hot/cold wallet separation, typically 80–90% cold storage, to satisfy enterprise client requirements and reduce banking risk perception.

Compared to licensing a spot exchange in Estonia (EUR 15,000+ first year, 3–6 months) or the Cayman Islands (USD 30,000+ first year), a Costa Rican exchange setup costing USD 5,000–8,000 and completing in 4–8 weeks represents a dramatically lower barrier to operational launch.

Custody and Wallet Services

Custodial wallet services are not regulated in Costa Rica. Providers self-implement security and AML standards to satisfy banking partners and enterprise clients — which, in practice, means a more demanding compliance standard than most regulators would impose.

Enterprise clients — funds, family offices, DAOs holding treasury assets — conduct their own due diligence before appointing a custodian. Their requirements typically include:

Multi-signature key management: 2-of-3 or 3-of-5 multi-sig arrangements for institutional wallet custody
Cold storage infrastructure: Air-gapped hardware wallets, geographically distributed key shards
SOC 2 Type II equivalent processes: Documented access controls, change management, incident response — even without formal certification
Insurance: Crime insurance or digital asset insurance policies (available through Lloyd's syndicates and specialized underwriters)
AML/KYC: Full client onboarding procedures including source of funds verification for deposits above threshold amounts

A Costa Rican custody company serving international clients benefits from zero corporate tax on internationally-sourced revenue under the Territorial Tax Principle. The practical limitation is that custody relationships often require banking accounts for fee collection and operational expenses — which loops back to the banking strategy covered in detail below.

DeFi Protocols and Web3 Projects

Costa Rica is ideal for DeFi development companies and protocol foundations. The Territorial Tax Principle means protocol revenue earned outside Costa Rica faces zero local corporate tax — a significant structural advantage for protocols generating substantial fee income.

The most common structural approaches for DeFi and Web3 projects using Costa Rica:

Option 1: Costa Rican SA as Protocol Development Company

Holds IP, employs developers, contracts with the DAO
Income from international protocol fees or licensing: zero CR corporate tax
Clean separation between development entity and protocol treasury

Option 2: Costa Rican SA + Panamanian Foundation

SA operates; Foundation holds treasury assets and provides asset protection
Combined structure addresses both tax efficiency and beneficiary separation
Popular for protocols with significant treasury assets or complex governance

Option 3: Costa Rican Holding Company + Regulated Subsidiary

CR holding company owns the shares of an EU or other licensed entity
Dividends flow up to the CR holding company; international income taxed at 0%
Used when the protocol needs MiCA authorization for EU-facing operations

DAO legal wrappers present a specific structuring challenge. Unincorporated DAOs have no legal personality in most jurisdictions, which creates counterparty risk for banking, contracts, and liability. A Costa Rican SA can serve as the legal wrapper, with governance rights mapped to token holdings via shareholder agreement. This is not a perfect solution — it centralizes legal control — but it is a functional and commonly used structure.

Token issuance from a Costa Rican entity requires analysis of the target jurisdictions' securities laws — particularly the US (Howey test), EU (MiCA financial instrument classification), and Singapore (MAS digital token framework). The Costa Rican entity's legal status domestically is clean; the risk comes from the extraterritorial reach of other jurisdictions' securities laws.

Crypto Payment Processing and OTC Desks

OTC desks benefit most from Costa Rica's speed-to-market advantage. A new desk can incorporate and begin trading within 2–3 weeks of completing document collection — faster than any licensed jurisdiction.

The infrastructure stack for a functional Costa Rican OTC desk:

Fiat On/Off Ramps:

Local bank account (BCR, Banco Nacional, BAC Credomatic) for CRC/USD operations
EUR IBAN via EMI (Bankera, Paysera, Verifo) for European counterparties
Multi-currency payment processor for card-based fiat conversion

Payment Processor Relationships:

Mercuryo, MoonPay, Banxa, Transak for retail-facing fiat conversion
B2B relationships with licensed exchanges for institutional liquidity
Settlement account structure separating client flows from operational funds

Volume-Based Due Diligence Expectations:

USD 0–100K/month: Standard KYC, basic transaction records
USD 100K–1M/month: Enhanced due diligence, counterparty screening, transaction monitoring system
USD 1M+/month: Full institutional AML program, independent audit, possible enhanced banking requirements

OTC desks that attempt to operate without a documented AML/CFT framework face a predictable outcome: initial banking may work, but the first large transaction or compliance review triggers account closure. Building the framework before starting operations is the correct sequence.

Costa Rica vs Other Crypto Jurisdictions: 2026 Comparison

Founders comparing jurisdictions need a single decision matrix. The table below provides the side-by-side comparison that allows an informed choice — not a marketing pitch for any single option.

2026 Crypto Jurisdiction Comparison Matrix

Factor	Costa Rica	El Salvador	Estonia	Cayman Islands	BVI
License/Registration Required?	No	Yes (DASP)	Yes (VASP)	Yes (VASP)	Yes (VASP)
Typical Setup Time	2–4 weeks	10–14 weeks	12–24 weeks	8–16 weeks	6–12 weeks
First-Year Setup Cost (USD)	$5,000–$8,000	$20,000–$30,000	$15,000–$25,000	$30,000–$50,000	$20,000–$35,000
Annual Compliance Cost (USD)	$3,000–$5,000	$8,000–$15,000	$10,000–$20,000	$15,000–$30,000	$10,000–$20,000
Corporate Tax on Intl. Crypto Income	0% (territorial)	0% (territorial)	20% CIT	0%	0%
Banking Access (Crypto)	Challenging	Moderate	Moderate	Established	Established
Foreign Founder Residency Required?	No	No	No (director req.)	No	No
AML/KYC Mandatory?	Banking-driven	Regulatory	Regulatory	Regulatory	Regulatory
Regulatory Uncertainty Risk	Low–Medium	Medium	Low	Low	Low
Institutional Credibility	Moderate	High	High	Very High	High

The cost differential is stark: Costa Rica's first-year all-in cost is 60–80% lower than any licensed alternative. The credibility gap is real for businesses targeting institutional counterparties. The choice between these options is not about which is objectively better — it is about which profile matches your business model, target market, and growth timeline.

Costa Rica vs El Salvador: Two Central American Models

El Salvador became the first country to adopt Bitcoin as legal tender in 2021 and created a formal Digital Asset Service Provider (DASP) license through the National Digital Assets Commission (CNAD). Costa Rica took the opposite approach — no license, no legal tender status, maximum operational flexibility. Both systems work. Which model is better depends entirely on the business.

El Salvador DASP — the case for:

Regulatory credibility for institutional counterparties and traditional finance partners
Clear legal framework with explicit crypto recognition
Bitcoin legal tender status simplifies domestic crypto commerce
CNAD has been responsive and pragmatic in its early licensing decisions

El Salvador DASP — the case against:

~USD 20,000 first-year setup cost, USD 8,000–15,000 annually thereafter
10–14 week setup timeline before operations begin
Ongoing regulatory reporting and compliance obligations
Regulatory framework still maturing — interpretation risk is higher than established jurisdictions

Costa Rica — the case for:

USD 5,000–8,000 first-year cost; 60–70% cheaper than El Salvador DASP
2–4 week setup timeline; operational in weeks, not months
No regulatory reporting obligations to financial authorities
No minimum capital; no mandatory audits; no business model pre-approval

Costa Rica — the case against:

Some institutional counterparties expect licensed-jurisdiction domicile
Banking is harder — requires more AML documentation to satisfy conservative banks
No explicit legal recognition of crypto status (operates under general commercial law)

Decision framework:

Choose El Salvador if: You are targeting institutional clients, need regulatory credibility for fundraising, or intend to serve El Salvador-domiciled customers under Bitcoin legal tender provisions.
Choose Costa Rica if: You are prioritizing speed to market, cost efficiency, operational flexibility, or serving primarily international customers without institutional counterparty requirements.

Costa Rica vs EU MiCA: Serving European Customers

A Costa Rican company can legally serve non-EU customers without MiCA authorization — full stop. Serving EU-resident customers post-MiCA (fully in force since late 2024, with all provisions now operational in 2026) requires careful analysis.

MiCA — the Markets in Crypto-Assets Regulation (EU 2023/1114) — applies to crypto-asset service providers (CASPs) offering services to EU residents. A non-EU company can serve EU customers under certain conditions without MiCA authorization:

The Reverse Solicitation Doctrine:

MiCA permits non-EU CASPs to serve EU clients where the client "exclusively at their own initiative" sought the service
Reverse solicitation cannot be claimed where the firm markets to EU residents, runs EU-targeted advertising, or uses EU-based representatives
The doctrine is narrow — regulators in France, Germany, and the Netherlands have signaled aggressive enforcement against claims of reverse solicitation that don't hold up factually

When a Costa Rican company triggers MiCA's territorial scope:

Actively marketing to EU residents (digital ads targeted to EU, EU-language websites without appropriate geo-restrictions)
Employing EU-based sales representatives who solicit EU clients
Holding client assets belonging to EU residents
Offering services that constitute financial intermediation under EU law

Structuring options for EU-facing Costa Rican companies:

Structure	Cost	Timeline	MiCA Compliance
Costa Rica only, passive EU clients	Low	2–4 weeks	Compliant via reverse solicitation
Costa Rica + EU-authorized CASP subsidiary	Medium	6–12 months	Fully compliant for active EU operations
Costa Rica + White-label agreement with licensed EU CASP	Low–Medium	3–6 months	Compliant via licensed partner
Migrate to EU-licensed entity	High	6–18 months	Full MiCA compliance

The practical advice: if EU retail clients represent more than 20% of your revenue or user base, the reverse solicitation argument becomes increasingly difficult to sustain. A Costa Rican holding company with an EU-licensed operating subsidiary — typically in Ireland, Lithuania, or Germany — is the structure that delivers both tax efficiency and MiCA compliance.

Costa Rica vs Cayman Islands and BVI

The Cayman Islands and British Virgin Islands both offer VASP registration frameworks with established crypto banking relationships. Costa Rica offers no registration at all. The trade-off is banking access and institutional credibility versus regulatory simplicity and dramatically lower cost.

Cayman Islands VASP Registration:

Administered by CIMA (Cayman Islands Monetary Authority)
Cost: USD 30,000–50,000 first year, USD 15,000–30,000 annually
Strong banking relationships with established crypto-friendly banks (Deltec, Silvergate legacy relationships, newer specialized institutions)
High institutional credibility — preferred by hedge funds, asset managers, VC-backed projects
Regulatory overhead: CIMA reporting, annual reviews, AML inspections

BVI VASP Registration:

Administered by the FSC (Financial Services Commission)
Cost: USD 20,000–35,000 first year, USD 10,000–20,000 annually
Moderate banking access — better than Costa Rica but below Cayman
Preferred for holding companies and IP structures
Less regulatory overhead than Cayman

Costa Rica:

No registration, no regulatory authority relationship
Cost: USD 5,000–8,000 first year, USD 3,000–5,000 annually
Banking requires more documentation and preparation, but functional solutions exist
Zero tax on international income vs. zero in Cayman and BVI (similar tax profile)
Setup in weeks vs. months

Who should choose Cayman or BVI over Costa Rica:

Founders who need institutional banking relationships from day one
Projects targeting institutional LPs or fund structures requiring regulated-jurisdiction domicile
Businesses where banking access justifies the 5–10x cost premium

Who should choose Costa Rica:

Founders prioritizing speed to market and cost efficiency
Businesses with flexible banking needs (able to use EMIs and payment processors during bank onboarding)
Operations where the regulatory credibility of a licensed jurisdiction is not a client-facing requirement

Step-by-Step: Setting Up a Crypto Company in Costa Rica

The entire process — from document collection to operational readiness — takes 4–8 weeks. The Costa Rican entity itself forms in approximately 2 weeks. Banking onboarding runs partially in parallel with incorporation and AML framework development, which is what compresses the total timeline.

Four-Phase Setup Timeline

Phase	Activities	Timeline	Can Run Parallel?
Phase 1: Preparation	Document collection, apostilles, translations, AML draft	Weeks 1–2	Yes — start Day 1
Phase 2: Incorporation	National Registry filing, notarial deed, RTBF registration	Weeks 2–3	Partially
Phase 3: AML & Compliance	Finalize AML policy, KYC procedures, risk matrix	Weeks 2–4	Yes — start with Phase 1
Phase 4: Banking	Bank applications, EMI onboarding, payment processor setup	Weeks 3–8	Yes — start in Phase 2

The critical path insight: most founders lose 2–4 weeks by sequencing phases instead of parallelizing them. The AML framework can be drafted before incorporation is complete. Banking documentation can be prepared simultaneously with the notarial process. Privacy Solutions runs all four phases concurrently to achieve the 4–8 week total timeline.

Choosing Your Legal Structure: SA vs SRL

Two structures dominate Costa Rica crypto company formation: the Sociedad Anónima (SA) and the Sociedad de Responsabilidad Limitada (SRL). The SA is preferred for businesses that may seek external investment or have multiple shareholders; the SRL for closely held operations with two or fewer founders.

SA vs SRL Comparison

Feature	Sociedad Anónima (SA)	Sociedad de Responsabilidad Limitada (SRL)
Ownership Units	Shares (freely transferable)	Quotas (restricted transfer)
Minimum Capital	CRC 10,000 (~USD 20, nominal)	No minimum
Minimum Shareholders	2	2
Maximum Shareholders	Unlimited	25 (practical limit)
Share/Quota Transfer	Freely transferable	Requires other quota-holder consent
Corporate Governance	Board of Directors required	Manager(s) — simpler structure
Nominee Directors	Permitted	Permitted
Foreign Ownership	100% permitted	100% permitted
Preferred For	External investment, institutional, multi-shareholder	Closely held, 1–3 founders, operational simplicity
Public Investors	Can issue public shares	Cannot
Annual Meetings	Required (can be held outside CR)	Required

Both structures allow 100% foreign ownership with no residency requirement. Both allow nominee directors and shareholders. Both have full limited liability protection for shareholders.

The crypto-specific recommendation: Choose the SA if:

You anticipate raising investment from VCs, angels, or institutional investors
You want the ability to issue different share classes (common, preferred, etc.)
You have more than 3–4 shareholders or expect ownership to change frequently

Choose the SRL if:

The business is owned by 1–3 founders who expect to remain the owners
You want a simpler governance structure with fewer corporate formalities
You do not anticipate external investment

Document Requirements and Due Diligence

Costa Rica's due diligence requirements are driven by Law 7786 (the AML/CFT framework, officially the Ley sobre Estupefacientes, Sustancias Psicotrópicas, Drogas de Uso no Autorizado, Actividades Conexas, Legitimación de Capitales y Financiamiento al Terrorismo) and the RTBF registry — not by crypto-specific regulation.

Required Documents for Each Director, Shareholder, and UBO:

Document	Specification
Passport copy	Certified copy, all pages including blank pages
Proof of address	Utility bill or bank statement, less than 3 months old
Bank reference letter	On official bank letterhead, signed by bank officer
Source of funds declaration	Signed statement with supporting documentation
CV / Professional biography	Covering last 10 years of business history
Business plan summary	2–5 pages covering business model, market, revenue model

Apostille Requirements: Documents issued in countries party to the Hague Apostille Convention must be apostilled before use in Costa Rica. This typically takes 1–5 business days depending on the issuing country's process. Countries not party to the Convention must use legalization through the Costa Rican consulate.

Certified Spanish Translations: All documents not in Spanish require certified translation by a Costa Rica–registered translator (traductor oficial). Privacy Solutions coordinates both apostille procurement and certified translation as part of the setup process.

Common documentation mistakes to avoid:

Using expired passports (must be valid for at least 6 months)
Proof of address older than 3 months at time of submission
Bank reference letters that are generic rather than specifically addressed
Source of funds declarations without supporting documentation (exchange statements, wire records, tax returns)

Company Registration and RTBF Filing

Company registration occurs at the Registro Nacional (National Registry of Costa Rica). The process begins with a notarial deed drafted and executed by a Costa Rican notary public, then filed with the Registry. The entity has legal existence from the date of inscription in the Registry.

Step-by-Step Registration Sequence:

Engage a Costa Rican notary public — the notary drafts the corporate deed (escritura de constitución)
Execute the notarial deed — shareholders or their representatives sign; physical or virtual notarization available
Pay inscription fees — Registry fees based on stated capital; typically CRC 50,000–200,000 (~USD 100–400)
File with Registro Nacional — notary files electronically; confirmation within 5–10 business days
Obtain the corporate ID (cédula jurídica) — unique identifier for the company in all official dealings
Register with the DGT — required for tax purposes; obtain the taxpayer registry number
Complete RTBF filing — mandatory within 20 days of incorporation

RTBF Filing Requirements:

The Registro de Transparencia y Beneficiarios Finales (RTBF) is Costa Rica's beneficial ownership registry, managed by the Tax Administration. Every legal entity incorporated in Costa Rica must register and maintain current beneficial ownership information.

Key RTBF requirements:

Who must be reported: Any natural person who directly or indirectly holds 15% or more of the shares/quotas, or who exercises effective control of the entity regardless of ownership percentage
Information required: Full legal name, nationality, identification document number, date of birth, residential address, percentage of ownership, nature of control
Ordinaria filing: Annual update, due by April 30 each year
Extraordinaria filing: Required within 15 days of any change to beneficial ownership or control
Penalties for non-compliance: Fines ranging from 2% to 3% of the company's gross income for the prior period; repeated non-compliance can result in Registry deregistration

The registered agent requirement: Every Costa Rican company must maintain a registered agent (apoderado) with a physical registered office address in Costa Rica. The registered agent receives official correspondence and is legally responsible for ensuring the company meets its local obligations. Privacy Solutions serves as registered agent for all incorporated clients.

Firma Digital: How Foreign Founders Comply

The Firma Digital is Costa Rica's mandatory electronic identity credential for corporate filings, tax submissions, BCCR portal access, and interaction with virtually every government digital system. It is a PKI-based digital certificate that authenticates the holder's identity for electronic transactions with legal validity equivalent to a physical signature under Costa Rican law.

The problem for foreign founders: the Firma Digital is issued by the Banco Central de Costa Rica (BCCR) exclusively to Costa Rican nationals and permanent residents. Foreign founders cannot directly obtain one.

The Standard Solution: Appointed Legal Representative

The correct approach is to appoint a Costa Rican legal representative who holds a valid Firma Digital and is authorized to execute electronic filings on the company's behalf. This is done via a power of attorney (poder especial) that defines the scope of authority granted to the representative.

The power of attorney can be:

General: Broad authority for all company filings and transactions
Special: Limited to specific transaction types (e.g., RTBF filings only, or tax submissions only)

For most crypto companies, a special power of attorney covering tax submissions, RTBF filings, and Registro Nacional filings is sufficient for day-to-day operations.

The "Salvedad" Exception:

There is a limited exception where a foreign national with a specific Costa Rican identification credential (cédula de residencia) may apply for a Firma Digital, but this requires legal residency status — not available to most foreign founders.

How Privacy Solutions Handles This:

Privacy Solutions provides a qualified Costa Rican legal representative who holds the Firma Digital credential and executes all mandatory electronic filings on your behalf. This covers:

Annual and extraordinary RTBF filings
DGT tax submissions and declarations
Registro Nacional filings and amendments
BCCR portal interactions where required

Practical Implications:

Day-to-day company management does not require Firma Digital access. Bank account management, client contracts, commercial decisions, and treasury management all occur outside the government digital systems. The Firma Digital is required only for interactions with Costa Rican government portals — which occur predictably and can be scheduled.

What if your legal representative becomes unavailable?

This is a real operational risk. Privacy Solutions maintains backup Firma Digital holders so that no single person's availability creates a compliance gap. Founders should verify this continuity coverage with any registered agent or legal representative they appoint.

AML/CFT Framework: Building Your Compliance Program

Costa Rica does not require crypto companies to submit an AML program to any regulator for approval. However, every bank and payment processor will demand one before opening an account. Your AML/CFT framework is a banking prerequisite, not a regulatory one — and the standard set by banking partners is often higher than what a regulator would require.

Required Components of a Banking-Acceptable AML/CFT Framework:

Component	Description	Standard Required
AML Policy	Written policy statement on the company's anti-money laundering commitment	FATF Recommendation 15 aligned
KYC Procedures	Customer identification and verification procedures	Risk-based, tiered by customer risk
Customer Risk Assessment	Risk matrix classifying customers by ML/TF risk level	Low/Medium/High/Prohibited categories
Transaction Monitoring	Process for monitoring, flagging, and investigating unusual transactions	Automated tools preferred for volume >USD 500K/mo
Compliance Officer	Designated AML officer responsible for program implementation	Can be outsourced; must be reachable
Staff Training Program	AML/CFT training records and schedule	Annual minimum; documented
Independent Audit Schedule	Third-party AML program review	Annual for high-volume operations
Suspicious Activity Reporting	Internal process for escalating and reporting suspicious activity	Policy required even without mandatory SAR filing
Sanctions Screening	OFAC, UN, EU sanctions list screening of customers and transactions	Real-time or batch; must be documented
Record Keeping	Transaction and KYC record retention	5-year minimum

The FATF Recommendation 15 framework — which addresses virtual asset service providers specifically — provides the international benchmark that banking compliance teams use when evaluating your program. Aligning your framework with R.15 language signals sophistication and reduces the back-and-forth with banking compliance reviewers.

Practical sequencing: Draft the AML framework before approaching banks — not after. A bank's first impression of your compliance program is the one that determines whether the application advances or is rejected. Resubmitting a revised AML program after an initial rejection is possible but starts the relationship with a credibility deficit.

Download: Global Banking & Structural Guide

Banking and Payment Infrastructure for Costa Rican Crypto Companies

Banking is the hardest part of operating a crypto company from Costa Rica — not because of Costa Rican law, but because global correspondent banking relationships make local banks risk-averse toward crypto. A multi-layer banking strategy is not optional; it is the operational foundation of a functioning crypto business in this jurisdiction.

The core problem: Costa Rican commercial banks depend on US correspondent banking relationships (with major US banks) to clear international USD transactions. US correspondent banks have been systematically de-risking crypto exposures since 2020, and that pressure flows downstream to Costa Rican correspondent customers. Even a Costa Rican bank that is personally willing to bank a crypto company may face restrictions from its US correspondent on crypto-related transaction flows.

The solution is a banking architecture that does not depend on any single relationship — particularly not a single local bank account for all transaction types.

Opening a Corporate Bank Account: What to Expect

Expect 4–8 weeks for banking onboarding. This is not unusual or indicative of a problem — it reflects the enhanced due diligence that Costa Rican banks apply to crypto companies. The banks most commonly used by international crypto businesses in Costa Rica include BCR (Banco de Costa Rica), Banco Nacional, BAC Credomatic, and Scotiabank Costa Rica.

Documentation Package Required by Banks:

Certified copies of all corporate documents (deed of incorporation, shareholder register, board minutes)
Certified passports and proof of address for all directors, shareholders, and UBOs
RTBF filing confirmation
Complete AML/CFT framework (policy, KYC procedures, risk matrix)
Business plan and revenue model description
Source of funds declaration with supporting documentation (at least 12 months of financial history)
Bank reference letters for founders
Projected transaction volumes and counterparty types

What Banks Will Ask:

What is the nature of the business, and who are the end customers?
What are the expected monthly transaction volumes?
What jurisdictions will transactions flow from and to?
How are customer funds held — are they co-mingled or segregated?
What AML/KYC controls are in place for customer onboarding?
What is the source of the founders' capital?

Red Flags That Trigger Rejection:

Vague or inconsistent business descriptions
Source of funds that cannot be traced to documented, legitimate activity
Customers in FATF high-risk or sanctioned jurisdictions
Anonymous or privacy-coin-focused transaction models
Previous banking rejections that the applicant does not disclose

The "no" vs "not yet" distinction: A flat rejection based on business model (e.g., "we don't bank crypto companies") is a "no" — move to the next bank. A rejection citing missing documentation or incomplete AML program is a "not yet" — remediate and reapply, typically within 2–4 weeks. Distinguishing between the two requires reading the rejection communication carefully and, when possible, speaking directly with the bank's compliance officer.

Common Banking Rejection Reasons and How to Fix Them

Most banking rejections fall into three categories: incomplete AML documentation, unclear source of funds, or a crypto business model perceived as excessively high-risk. Each has a specific remediation path.

The 5 Most Common Rejection Reasons and Their Fixes:

1. Incomplete RTBF Filing

Problem: Bank's compliance system flags the company as non-compliant with beneficial ownership registry
Fix: Complete or update the RTBF filing; obtain confirmation from the Tax Administration; attach confirmation to the banking application resubmission
Timeline to resolve: 1–2 weeks

2. Vague Source of Funds

Problem: The source of funds declaration states "crypto trading" without supporting documentation
Fix: Provide a fully documented audit trail — exchange account statements (12+ months), wire transfer records showing fiat-to-crypto and crypto-to-fiat flows, tax returns from the founders' home jurisdictions, and a written narrative explaining the documented history
Timeline to resolve: 2–3 weeks (depends on document gathering speed)

3. Business Model Perceived as High-Risk

Problem: The business description triggers the bank's crypto de-risking policy without enough context
Fix: Rewrite the business description to emphasize: the specific customer base (institutional vs. retail), the AML controls in place, the transaction types and volumes, and the jurisdictions served. Include a one-page "crypto business model summary" that pre-answers the questions the compliance team will ask.
Timeline to resolve: 1 week (plus resubmission review time)

4. Jurisdiction Mismatch

Problem: Corporate domicile is Costa Rica but all founders, customers, and transactions are in jurisdictions the bank considers high-risk
Fix: Establish documented economic substance in Costa Rica — at minimum, a functional office, local employees or contractors, and Costa Rica–based service providers. Consider restructuring to align the banking jurisdiction with the business's primary operational footprint.
Timeline to resolve: 4–8 weeks

5. No Demonstrable Local Presence

Problem: The company exists on paper but has no evidence of actual operations in Costa Rica
Fix: Establish a physical or virtual office address (not just a registered agent address), engage local service providers (accountant, IT services, translation), open operational accounts for local payables, document local expenditures
Timeline to resolve: 2–4 weeks

Payment Processors, EMIs, and Crypto-Friendly Banking Alternatives

While pursuing local banking, simultaneously onboard with crypto-friendly payment processors and EMIs. This dual-track approach ensures operational continuity even if the local bank application takes months — which it sometimes does.

Fiat On/Off Ramp Payment Processors

Provider	Services	Supported Currencies	Onboarding Timeline	Crypto Policy
Mercuryo	B2B fiat-crypto conversion	30+ fiat	2–4 weeks	Crypto-native
MoonPay	Consumer and B2B fiat-crypto	40+ fiat	3–6 weeks	Crypto-native
Banxa	B2B payment rails	20+ fiat	2–4 weeks	Crypto-native
Transak	Fiat on-ramp infrastructure	75+ countries	2–3 weeks	Crypto-native

Electronic Money Institutions (EMIs) for EUR/GBP IBAN Accounts

Provider	Services	IBAN Currency	Onboarding Timeline	Crypto Policy
Bankera	IBAN, SWIFT, SEPA, crypto	EUR, USD	2–4 weeks	Crypto-friendly
Paysera	IBAN, SEPA, multi-currency	EUR, 30+	1–3 weeks	Crypto-friendly
Verifo	IBAN, SEPA, crypto business	EUR	2–4 weeks	Crypto-native
Bilderlings	IBAN, SWIFT, SEPA	EUR, USD, GBP	3–5 weeks	Selective

Crypto-Native Banking for Institutional Operations

Provider	Services	Minimum	Onboarding Timeline	Notes
Sygnum (Switzerland)	Custody, banking, trading	USD 500K	6–10 weeks	Institutional-grade
AMINA (Switzerland)	Custody, banking, OTC	USD 1M+	8–12 weeks	Former SEBA Bank
Kraken Financial (US)	Banking, custody, staking	USD 100K	8–12 weeks	US persons compatible

Practical guidance: EMIs are faster to onboard than traditional banks and have higher tolerance for crypto business models. They are not a permanent substitute for traditional banking — wire limits, counterparty restrictions, and geographic limitations mean they serve best as a bridge. Establish EMI relationships immediately and pursue local bank accounts in parallel.

Multi-Layer Banking Strategy for Operational Resilience

No single banking relationship is sufficient for a crypto company. The standard resilient architecture uses three layers: a local Costa Rican bank for operational expenses, one or two EMIs for client fund flows, and a crypto-native bank or institutional custody provider for treasury management.

Three-Layer Banking Architecture

Layer	Purpose	Providers	Typical Account Balance
Layer 1: Local Bank	Operational expenses (payroll, local vendors, rent)	BCR, Banco Nacional, BAC	1–3 months operating expenses
Layer 2: EMIs	Client fund flows, fiat on/off ramp, international transfers	Bankera, Paysera, Verifo	Transactional — low resting balance
Layer 3: Crypto-Native / Treasury	Treasury management, large asset custody, institutional settlements	Sygnum, AMINA, Kraken Financial	60–80% of treasury

Risk architecture principles:

Never hold more than 20% of total assets in any single banking relationship
Maintain at least 2 functional EMI relationships at all times — if one closes the account, you need immediate backup
Keep Layer 1 (local bank) balances low — local banks are most prone to account review and closure under US correspondent pressure
Geographic diversification: at least one non-US correspondent path for USD settlements (Swiss or Singapore correspondent preferred)

Adding redundancy: The trigger for adding a fourth banking relationship is when any single provider handles more than 30% of monthly transaction volume. Concentration risk in banking is as dangerous as concentration risk in counterparties — a single account closure can halt operations.

The "immediate revenue impact" test: Can the business collect revenue and pay essential vendors within 48 hours if Layer 1 fails? If the answer is no, the multi-layer strategy is incomplete. EMIs and crypto-native banking should cover revenue collection independently of the local bank.

Taxation of Crypto Businesses in Costa Rica

Costa Rica applies a territorial tax system — only income generated within Costa Rica is taxed. For crypto companies serving international customers, this typically means zero corporate tax on business income. The benefit is conditional, not automatic: it depends on documented income sourcing and adequate economic substance, and founders should not treat it as guaranteed without proper tax structuring advice.

The territorial framework is one of the most significant structural advantages available to internationally operating crypto businesses — and it is straightforward compared to complex offshore regimes. But "straightforward" does not mean "no documentation required."

The Territorial Tax Principle Explained

Under the Principio de Territorialidad, Costa Rica taxes income at its source. If the income-producing activity occurs outside Costa Rica, the income is not subject to Costa Rican corporate tax — regardless of where the company is incorporated.

What qualifies as "foreign-sourced" for a crypto company:

Revenue from exchange services provided to non-Costa Rican customers, where the matching, settlement, or service delivery occurs on servers outside Costa Rica
OTC trading income where the transaction parties are outside Costa Rica
Protocol fees from a DeFi protocol where the smart contracts are deployed on a blockchain (no geographic origin)
Licensing fees received from non-Costa Rican licensees for IP developed (or held) outside Costa Rica
Consulting fees from non-Costa Rican clients for services performed outside Costa Rica

Documentation requirements to support foreign-sourced characterization:

Documentation	Purpose
Customer jurisdiction records	Demonstrate customers are not Costa Rican residents
Server and infrastructure location records	Show service delivery occurs outside Costa Rica
Contract records	Establish that agreements are with non-CR counterparties
Payment flow records	Trace revenue from foreign counterparties
Employee/contractor location records	Demonstrate work is performed outside Costa Rica

Risk of re-characterization: The DGT can challenge the territorial characterization if it concludes that income-producing activities actually occurred within Costa Rica. The most common re-characterization risk is when key employees or founders perform substantive business activities from within Costa Rica — which would make a portion of the income Costa Rica–sourced. Founders living in Costa Rica or working from Costa Rica should obtain specific tax advice on this point.

Corporate Tax, VAT, and Withholding Obligations

Costa Rican-sourced income is taxed at the standard corporate rate. Crypto-to-crypto and crypto-to-fiat transactions are not subject to VAT per the DGT's current interpretation. Withholding taxes apply to certain cross-border payments made from Costa Rica.

Corporate Income Tax Rates (2026):

Annual Gross Income (CRC)	Approximate USD	Tax Rate
Up to CRC 5.834 million	~USD 11,500	5%
CRC 5.834M – 8.752M	~USD 11,500–17,200	10%
CRC 8.752M – 11.669M	~USD 17,200–22,900	15%
CRC 11.669M – 23.338M	~USD 22,900–45,800	20%
Above CRC 23.338 million	~USD 45,800+	30%

Note: These rates apply to Costa Rican-sourced income only. Foreign-sourced income is excluded from the calculation base entirely.

VAT Treatment of Crypto Transactions:

Crypto-to-crypto exchanges: Not subject to 13% VAT per DGT guidance
Crypto-to-fiat conversions: Not subject to VAT per current interpretation
Services provided to non-CR customers: Generally not subject to Costa Rican VAT
Services provided to Costa Rican customers: May be subject to 13% VAT — specific analysis required

Withholding Tax on Outbound Payments:

Payment Type	Withholding Rate
Dividends to foreign shareholders (foreign-sourced income)	Generally 0%
Dividends to foreign shareholders (CR-sourced income)	15%
Interest on foreign loans	15%
Royalties paid to foreign entities	25%
Service fees to foreign providers (some categories)	15%

Payroll and Social Security (if hiring locally):

CCSS (social security) contributions: Employer ~26.67%, Employee ~10.67%
Employee income tax: Progressive rates 0–25%
If no local employees: No payroll obligations

International Tax Reporting: CRS, FATCA, and CARF Status

Costa Rica has committed to the OECD Common Reporting Standard (CRS) and maintains a FATCA Intergovernmental Agreement with the United States. The Crypto-Asset Reporting Framework (CARF) is expected but not yet implemented as of May 2026. Costa Rican crypto companies should begin preparing for CARF reporting obligations now.

CRS Obligations: Costa Rica's financial institutions — banks, investment firms, and certain other entities — are required to report account information of non-resident account holders to the DGT, which exchanges information with the account holder's home jurisdiction under the CRS. If your Costa Rican crypto company qualifies as a "financial institution" under Costa Rican CRS rules (which depends on the nature of the business), it may have CRS reporting obligations.

FATCA Compliance: Costa Rica and the United States have a Model 1 IGA (Intergovernmental Agreement) under FATCA. Costa Rican financial institutions must report information about US persons' accounts to the DGT, which transmits it to the IRS. For US founders or US beneficial owners of Costa Rican crypto companies, FATCA compliance interacts with FBAR filing requirements and the PFIC rules for US shareholders of foreign corporations.

CARF — The Coming Framework: The OECD's Crypto-Asset Reporting Framework is designed to extend automatic information exchange to crypto transactions. Costa Rica, as an OECD Inclusive Framework member, has committed to implementing CARF, but no implementing legislation has been enacted as of May 2026. Key CARF obligations when implemented:

Crypto-asset service providers will report customer transaction data to the DGT
The DGT will exchange this data with partner jurisdictions under automatic exchange agreements
Reportable transactions include crypto-to-fiat, crypto-to-crypto, and transfers

The practical preparation step is to ensure your transaction record-keeping system is capable of generating CARF-required reports — customer identity, transaction types, amounts in fiat equivalent, and counterparty details. Companies that build this into their systems now will have a significantly lower compliance cost when CARF is enacted than those who retrofit later.

Ongoing Compliance and Annual Obligations

Costa Rican crypto companies face annual obligations in three categories: corporate (National Registry), transparency (RTBF), and tax (DGT). Missing a deadline triggers penalties — some are modest late fees, others can result in the company being struck from the registry or assets being seized. The compliance calendar is manageable when actively monitored; it becomes expensive when neglected.

RTBF Filings: Ordinaria and Extraordinaria

The RTBF requires two types of filings: ordinaria (annual, due by April 30) and extraordinaria (due within 15 days of any change to beneficial ownership or control). Both are mandatory for all Costa Rican legal entities — there is no exemption for small companies or foreign-owned entities.

Ordinaria Filing (Annual):

Due: April 30 each year
Content: Confirmation or update of all UBOs and their ownership percentages
Filed through: The Tax Administration's portal (requires Firma Digital)
Penalty for non-filing: Fine of 2%–3% of gross income; repeated failures can trigger registry deregistration

Extraordinaria Filing (Change-Based):

Due: Within 15 days of any change in beneficial ownership, control structure, or UBO identification
Triggers: New investor onboarding, secondary share sale, founding shareholder exit, change in control mechanisms
Common mistake: Founders forget this filing when they add a new investor or transfer shares, then discover the non-compliance during a banking review

UBO Threshold: Any individual who holds (directly or indirectly) 15% or more of the equity, or who exercises effective control of the entity regardless of ownership percentage, must be reported as a UBO. Control includes: majority voting rights, veto rights over major decisions, ability to appoint or remove the majority of directors, or contractual rights equivalent to control.

Privacy Solutions' RTBF management service: We track ownership changes across all client entities and proactively file both ordinaria and extraordinaria updates. Clients receive a reminder when the April 30 deadline approaches and are required to notify us of any ownership changes within 5 days of occurrence.

Corporate Maintenance and Renewal Calendar

Every Costa Rican company must file an annual return, pay the annual education and culture tax, and maintain a registered office and registered agent. These are hard deadlines with defined penalties.

Annual Compliance Calendar

Month	Obligation	Authority	Penalty for Non-Compliance
January	Education and culture tax payment (Impuesto de Personas Jurídicas)	Registro Nacional	Deregistration after 3 years non-payment
January–March	Review and update corporate books and records	Internal	N/A direct, but banking compliance risk
April 30	RTBF ordinaria filing	DGT (Tax Administration)	2%–3% of gross income fine
Varies	Corporate income tax declaration	DGT	Interest + 1% monthly surcharge + fine
Within 15 days	Extraordinaria RTBF filing on any ownership change	DGT	Same as ordinaria penalty
Ongoing	Maintain registered agent and registered office	Registro Nacional	Company struck if agent resigns without replacement
Annual (December)	Renew service agreements with registered agent	Privacy Solutions	Continuity of compliance coverage

Education and Culture Tax (Impuesto de Personas Jurídicas): All Costa Rican legal entities pay an annual tax that varies by company size (measured by assets and revenue). The base rate for most foreign-owned holding companies is modest — typically CRC 50,000–100,000 (~USD 100–200) — but failure to pay for three consecutive years results in the company being stricken from the National Registry.

Corporate Books and Records: Costa Rican companies are required to maintain legally constituted books: shareholders' register, minutes book (actas), and accounting books. These must be available for inspection and are required for banking due diligence. Physical books require legalization at the Registro Nacional; electronic records are permitted with proper certification.

Shareholder and Director Meeting Requirements: The SA requires at least one annual shareholders' meeting (which can be held outside Costa Rica or virtually). Minutes must be prepared and recorded in the minutes book. Failure to hold annual meetings creates a gap in corporate records that can surface during banking due diligence or dispute resolution.

AML/CFT Audit Readiness

Costa Rica does not mandate AML audits for non-financial companies. However, banking partners may require annual independent AML audits as a condition of maintaining your account — particularly for accounts handling more than USD 500K monthly. Prepare as if an audit is coming, because for active crypto businesses, it usually is.

What an AML Audit Covers:

Policy review: Is the written AML policy current, complete, and implemented in practice?
KYC file review: Are customer files complete, current, and consistently applied across the customer base?
Transaction monitoring: Are monitoring procedures operating, and are alerts being investigated and resolved?
Suspicious activity: Are SAR equivalents being escalated and documented even where no mandatory filing exists?
Training records: Can you demonstrate that all relevant staff received AML training in the past 12 months?
Sanctions screening: Are screening procedures documented and running consistently?

Documentation to Maintain Year-Round:

Document	Retention Period
Customer KYC files (ID, address, due diligence)	5 years from relationship end
Transaction records	5 years
AML training records	5 years
Sanctions screening records	5 years
Board/management AML approval records	Indefinitely
Independent audit reports	5 years

Common audit findings and how to avoid them:

Stale KYC: Customer files that haven't been updated when underlying facts changed (address, ownership) — fix with a periodic review schedule (annual for standard risk, 6 months for high risk)
Unresolved transaction monitoring alerts: Alerts that were generated but not documented as investigated — fix with a written alert disposition process
Missing training records: Verbal training without documentation — fix with dated sign-off sheets and recorded online training certificates
Incomplete source of funds: Customer files missing documented source of funds for significant deposits — fix with systematic SOF verification at onboarding

Real-World Case Studies: Costa Rican Crypto Structures That Work

Theory is useful; practice is persuasive. These anonymized case studies, drawn from Privacy Solutions' client work since 1996, illustrate how real crypto businesses use Costa Rican structures successfully — and what almost went wrong.

Case Study 1: European DeFi Protocol Using a Costa Rican Holding Company

A DeFi lending protocol with USD 50M total value locked (TVL) needed a non-EU holding company to hold treasury assets and intellectual property outside MiCA's direct scope. The protocol's two founding teams — based in Germany and Portugal — were subject to MiCA's new CASP authorization requirements for EU-resident operators, but the protocol itself was deployed on Ethereum and Arbitrum with no EU-specific restrictions.

The Problem: The founders needed a legal entity that could: (1) hold the protocol's treasury (approximately USD 8M in stablecoins and ETH), (2) own the protocol's smart contract IP, (3) receive protocol fees, and (4) do all of this without triggering MiCA authorization requirements or EU corporate tax on offshore income.

The Structure:

Costa Rican SA: Operating entity; holds IP, receives protocol fees from international users, employs contractors
Panamanian Foundation: Foundation shareholder of the SA; holds treasury assets in a separated custody layer; beneficiaries are the founders' family trusts
EU Legal Opinion: Formal opinion that the Costa Rican structure does not constitute an EU-established CASP under MiCA, given no active solicitation of EU users

Implementation:

Timeline: 8 weeks from engagement to full operational readiness
Week 1–2: Document collection and structure finalization
Week 2–3: Costa Rican SA incorporation
Week 3–5: Panamanian Foundation establishment and SA share transfer
Week 4–6: AML/CFT framework drafting and banking outreach
Week 6–8: EMI onboarding (Bankera for EUR), crypto-native bank application (Sygnum for treasury custody)

Outcome:

Banking: EUR IBAN via Bankera (4-week onboarding); Sygnum custody for treasury (8-week onboarding)
Annual compliance cost: ~USD 8,500 (registered agent, RTBF filings, AML program maintenance, Firma Digital representation, accounting)
Tax: Zero Costa Rican corporate tax on protocol fees (foreign-sourced income); no EU tax on the holding structure
MiCA: Formal legal opinion issued; no CASP authorization required

Key lesson: The Panamanian Foundation layer added 3 weeks to the setup timeline and approximately USD 4,000 in additional first-year cost, but provided critical separation between operational control (SA management) and asset custody (foundation beneficiaries). When one founding team later sought to exit, the foundation structure allowed a clean asset separation without triggering a corporate liquidation event.

Case Study 2: LATAM OTC Desk With Multi-Layer Banking

Two founders — one Colombian, one Mexican — launched an OTC desk targeting Colombian and Mexican high-net-worth clients wanting to move USD 50K–500K equivalent per transaction into and out of crypto. Monthly volume expectation: USD 2–5M. They needed fast incorporation and functional banking within 6 weeks.

The Problem: Their first bank application — submitted the week after incorporation — was rejected within 10 days. The rejection letter cited "insufficient AML documentation" and "unclear source of client funds." The founders had submitted a two-page AML summary, not a complete AML/CFT framework.

The Remediation: Privacy Solutions took 12 business days to:

Draft a complete AML/CFT framework (policy, KYC procedures, risk matrix, transaction monitoring protocol, SAR escalation process, sanctions screening procedure)
Restructure the source of funds documentation: 18-month statements from Binance and Coinbase Pro accounts; wire records showing historical OTC activity; Colombian and Mexican tax returns; bank statements from existing business operations
Rewrite the business model description from a vague "cryptocurrency trading" summary to a detailed OTC desk operational description with counterparty types, volume bands, KYC tier structure, and transaction monitoring thresholds

The Banking Architecture Built:

Layer 1 (Local): BCR (Banco de Costa Rica) — USD operating account; second application approved in 3 weeks
Layer 2A (EMI): Bankera — EUR IBAN for European counterparties
Layer 2B (EMI): Paysera — USD account for North American wire flows; 2-week onboarding
Layer 3 (Crypto-Native): Institutional custody via Kraken Financial — for treasury management and large settlements

Timeline and Costs:

Total timeline: 10 weeks (incorporation at week 2, banking complete by week 10)
First-year total cost (incorporation + legal + AML + banking setup + registered agent): ~USD 12,000
Annual ongoing compliance: ~USD 6,500

Key lesson: Prepare the AML framework before approaching banks — the first impression is the one that matters. The founders lost 3 weeks and the cost of the first bank application because they assumed the bank would ask for AML documentation later. Banks that review a complete, professionally drafted AML program at submission advance applications significantly faster than those that receive piecemeal documentation over multiple request-response cycles.

Common Pitfalls and How We Help Clients Avoid Them

The five most expensive mistakes foreign founders make when incorporating in Costa Rica — and how Privacy Solutions prevents each one.

Pitfall 1: Delaying banking outreach until after incorporation

What happens: Founders focus on incorporation first, then start banking. Banking adds 4–8 weeks that run sequentially instead of in parallel. Total timeline stretches to 8–14 weeks instead of 4–8.
How we prevent it: We begin banking preparation — document package assembly, AML framework drafting, bank selection — simultaneously with the incorporation process. Banking applications go out within days of incorporation completion.

Pitfall 2: Skipping the AML framework

What happens: Founders submit banking applications without a complete AML/CFT program. Banks reject the application. The founder spends 2–4 weeks building what should have been built first.
How we prevent it: AML framework drafting is built into our standard setup engagement. No banking application leaves our office without a complete, banking-quality AML/CFT framework attached.

Pitfall 3: Choosing the wrong legal structure

What happens: A founder who expects to raise VC investment chooses an SRL because it's slightly simpler. When investors come in, the SRL's quota transfer restrictions and share class limitations create costly structural problems.
How we prevent it: We conduct a 30-minute structure interview covering investor expectations, exit scenarios, shareholder composition, and banking requirements before recommending SA vs SRL. The choice is made with 18-month visibility, not just immediate simplicity.

Pitfall 4: Ignoring RTBF filing deadlines

What happens: The ordinaria deadline (April 30) passes while founders are focused on operations. The DGT assesses a fine. More problematically, the banking compliance team finds the non-compliance during an annual review, triggering an account review.
How we prevent it: Privacy Solutions manages RTBF filings as part of the annual compliance retainer. Clients receive reminders for the April 30 ordinaria and are contractually required to notify us of ownership changes within 5 business days.

Pitfall 5: Assuming "no license" means "no compliance"

What happens: Founders hear "no license required" and conclude they have no compliance obligations. They launch without AML procedures, KYC documentation, or transaction monitoring. Banking relationships collapse when the first annual compliance review occurs.
How we prevent it: We are explicit from the first consultation: "no license" means no regulatory license fee and no regulator to report to — it does not mean no compliance. Banking partners set the compliance standard, and that standard is real, documented, and enforced. We build the compliance program from day one.

How We Help: Privacy Solutions Costa Rica Crypto Setup Services

Privacy Solutions has provided corporate structuring, compliance, and banking support to international business owners since 1996. Our Costa Rica crypto setup service delivers end-to-end coverage — from initial structure design through ongoing annual compliance — coordinated through our established network of vetted Costa Rican legal and corporate partners.
- Eligibility and access: Foreign founders of any nationality can incorporate a Costa Rican SA or SRL through our service. No Costa Rican residency is required. Minimum one director (nominee available). No minimum share capital for SRL; nominal capital for SA. We do not impose a nationality restriction — founders from any jurisdiction may engage our services, subject to our own AML/KYC onboarding requirements.
- Documentation coordination: We manage the complete documentation package — certified passport copies, proof of address, bank reference letters, source of funds declarations, business plan summaries, apostille procurement, and certified Spanish translation. Founders provide originals; we coordinate the rest, including liaison with local translators and notaries.
- Incorporation timeline and process management: Corporate entity registration completes in approximately 2 weeks from document receipt. Full setup including banking onboarding: 4–8 weeks via parallel-phase processing. Working through our Costa Rican legal partners, we coordinate National Registry filings, RTBF registration, registered agent appointment, and DGT tax registration — with a single point of contact on our side throughout.
- Firma Digital representation: Costa Rican law requires a locally credentialed representative for mandatory electronic filings. Through our partner network, we arrange a qualified Costa Rican legal representative holding a valid Firma Digital credential — enabling all required filings (RTBF, DGT, Registro Nacional) without the foreign founder needing to obtain Costa Rican residency or travel to Costa Rica.
- AML/CFT framework development: We draft and maintain a complete AML/CFT program — AML policy, KYC procedures, customer risk assessment matrix, transaction monitoring framework, sanctions screening procedure, compliance officer designation (internal or outsourced), and staff training template. The framework is aligned with FATF Recommendation 15 and built to satisfy the due diligence requirements of banks and payment processors.
- Banking introductions and strategy: We draw on a 30-year international network of banking relationships — complemented by our local partners' on-the-ground knowledge of the Costa Rican banking environment — to match your company with appropriate banks, EMIs, and crypto-friendly payment processors suited to your business model, transaction volumes, and customer profile. We prepare and review banking applications before submission, reducing rejection risk significantly.
- Annual compliance management: We coordinate the full annual compliance calendar on your behalf — RTBF ordinaria and extraordinaria filings, corporate income tax submissions, annual return preparation, education and culture tax payment, registered agent and registered office services, and corporate book maintenance. Our local partners execute; we supervise and keep you informed. One retainer covers everything.

Frequently Asked Questions About Crypto Businesses in Costa Rica

1. Does Costa Rica have a crypto license?

No. Costa Rica does not issue a cryptocurrency license, VASP registration, or digital asset authorization of any kind. Crypto companies operate under general corporate law — specifically the Código de Comercio — by incorporating a standard SA or SRL with crypto-related business activities specified in the corporate purpose clause. This framework means no application fees, no regulatory waiting periods, and no ongoing license renewal costs. Two pending bills (Expediente 25.340 and 25.362) could change this in the future, but neither has been enacted as of May 2026.

2. Is cryptocurrency legal in Costa Rica?

Yes. Cryptocurrencies are not legal tender — only the Costa Rican colón holds that status — but their use, trading, and holding are not prohibited. The Banco Central de Costa Rica (BCCR) has stated that cryptocurrencies may be used in private transactions under general commercial law. Businesses can accept crypto as payment, trade digital assets, and offer blockchain-based services without restriction. There are no criminal penalties for crypto ownership or trading in Costa Rica.

3. Can a crypto exchange operate from Costa Rica without a license?

Yes, for international customers. A Costa Rican SA or SRL can operate a spot or derivatives exchange serving non-Costa Rican customers without a financial license, provided the activities do not constitute public securities offerings — which would trigger SUGEVAL oversight — or involve solicitation of Costa Rican retail investors. The operational challenge is banking, not legal authorization: the company needs functional fiat on/off ramps, which requires AML/KYC documentation that satisfies banking partners' compliance requirements.

4. What authority regulates crypto in Costa Rica?

No single authority has comprehensive crypto regulatory jurisdiction. The BCCR oversees monetary policy and has issued guidance affirming that crypto is not currency but may be used in private transactions. The Superintendencia General de Entidades Financieras (SUGEF) supervises financial institutions for AML compliance under Law 7786. SUGEVAL regulates securities markets — relevant only if crypto assets are structured as public securities. The Dirección General de Tributación (DGT) handles tax treatment. In practice, most crypto companies interact primarily with the National Registry for incorporation, the DGT for RTBF and tax filings, and their banking partners' compliance teams — not with financial regulators.

5. How much does it cost to start a crypto business in Costa Rica?

Total first-year costs range from approximately USD 5,000 to USD 8,000 for a fully operational setup — including incorporation, legal fees, RTBF registration, AML/CFT framework drafting, Firma Digital representation, registered agent, and registered office for the first year. This is 60–80% lower than licensed jurisdictions: El Salvador DASP runs approximately USD 20,000–30,000 first year; Estonia VASP approximately EUR 15,000–25,000; Cayman VASP USD 30,000–50,000. Ongoing annual compliance costs run approximately USD 3,000–5,000 for RTBF filings, registered agent, corporate maintenance, and annual return preparation.

6. How long does it take to set up a crypto company in Costa Rica?

The entity itself forms in approximately 2 weeks from the date of document submission to the National Registry. Full operational readiness — including banking relationships and payment rails — takes 4–8 weeks when banking outreach runs in parallel with incorporation and AML framework development. Sequential processing (incorporate first, then start banking) extends the total timeline to 8–14 weeks. Founders who prepare their AML documentation and document package before engaging the incorporation process consistently complete the full setup fastest.

7. How are crypto businesses taxed in Costa Rica?

Costa Rica applies the Territorial Tax Principle (Principio de Territorialidad): income from activities occurring outside Costa Rica is taxed at 0%, regardless of where the company is incorporated. For most crypto companies serving international customers, this means zero Costa Rican corporate tax on business income. Costa Rican-sourced income is taxed at the standard progressive corporate rate, up to 30% for large companies. Crypto-to-crypto and crypto-to-fiat transactions are currently not subject to the 13% VAT per DGT guidance. Dividends paid to foreign shareholders from foreign-sourced income are generally not subject to Costa Rican withholding tax. The territorial benefit requires documented economic substance and clear income-sourcing records — it is not automatic without proper structuring.

8. Can a non-resident open a crypto company in Costa Rica?

Yes. Costa Rica permits 100% foreign ownership of both SA and SRL entities, with no director or shareholder residency requirement. The company must maintain a registered office in Costa Rica and a resident registered agent. The practical challenge for non-resident founders is the Firma Digital — the mandatory electronic identity credential required for government portal interactions, which is issued only to Costa Rican nationals and permanent residents. The solution is to appoint a Costa Rican legal representative who holds the credential, which Privacy Solutions provides as part of its standard setup service.

9. What are the banking options for a Costa Rican crypto company?

Banking is a multi-layer exercise, and no single relationship is sufficient. Local banks — BCR, Banco Nacional, BAC Credomatic — offer CRC and USD accounts but apply enhanced due diligence to crypto companies and depend on US correspondent banking relationships that can restrict crypto transaction flows. EMIs — Bankera, Paysera, Verifo — provide EUR IBAN accounts with faster onboarding (typically 2–4 weeks) and higher crypto tolerance. Crypto-native banks — Sygnum, AMINA — offer institutional-grade services including custody, OTC trading, and credit facilities, with higher minimums and longer onboarding (6–12 weeks). The standard resilient architecture combines all three layers: local bank for operational expenses, EMIs for client fund flows, and crypto-native banking for treasury management.

10. What is the difference between Bill 22.837 and the current situation?

Bill 22.837 was the first significant attempt to create a formal crypto licensing framework in Costa Rica — it would have established VASP registration requirements and a regulatory oversight structure for digital asset service providers. It was introduced into the Legislative Assembly and then archived, meaning it was withdrawn from active legislative consideration and is no longer in play. Two successor bills — Expediente 25.340 and Expediente 25.362 — have since been introduced with different regulatory approaches. As of May 2026, neither has been enacted into law, no committee approval has been announced, and no legislative timeline for passage has been established. Costa Rica continues to operate under general corporate law for crypto businesses. Founders should monitor developments but should not delay incorporation waiting for regulatory clarity — the current framework has been stable for years and is fully functional for legitimate business operations.

Disclaimer: The information provided on this page is for general informational purposes only and does not constitute legal, tax, or professional advice. While we strive to keep the content accurate and up-to-date, Privacy Solutions makes no representations or warranties of any kind about the completeness, accuracy, or suitability of the information. Laws and regulations change frequently and vary by jurisdiction. You should consult with a qualified professional before making any business, legal, or tax decisions.