Regarding the protection of personal data in Panama through Law 81 of March 26, 2019 and its Regulations through Executive Decree 285 of May 28, 2021.

By: Mariela de la Guardia Oteiza

Download article

The protection of personal data is a fundamental guarantee and is contained in our National Constitution, which establishes in its Article 42 the following:

“Article 42: Every person has the right to access personal information contained in public and private databases or registries, and to request its rectification and protection, as well as its suppression, in accordance with the provisions of the Law.

This information may only be collected for specific purposes, with the consent of its owner or by order of a competent authority based on the provisions of the Law.”

As demonstrated, the owner’s consent must be always obtained, i.e. his or her expression of willingness to process the data and be informed of the specific purpose for which the data is collected. Law 81 establishes that consent may be obtained in a manner that allows its traceability through documentation, whether electronic or through another appropriate mechanism, and may be revoked, without retroactive effect.

Likewise, our National Constitution contemplates in its articles 43 the constitutional guarantees in which every person has the right to request information of public access or of collective interest and to request its rectification.  Article 44 establishes that any person may file a habeas data action to guarantee the right of access to his or her personal information collected in data banks or official registries.

On March 29, 2021, the Personal Data Protection Law came into full force in the Republic of Panama by means of Law 81 of March 26, 2019. This Law establishes the principles, rights, obligations and procedures that regulate the protection of personal data in our country for natural and legal persons.  Afterwards, Law 81 is regulated by means of Executive Decree 285 of 2021.

It is important to note that prior to the enactment of Law 81 of 2019, there were legal provisions that currently regulate the protection of personal data in Panama, by means of special laws. Among which are the Banking Law, Insurance Law, Securities Law, Trust Law, and Law regulating the Rights and Obligations of Patients, in matters of information or free and informed decision, among others.

Although there are special laws and rules that comprise the regulatory framework governing the protection of personal data, Law 81 of 2019 applies in a supplementary manner.

The regulator or regulatory authority of each sector, must establish within its regulations all the protocols, processes and procedures for treatment and secure transfer that must be complied with by the regulated subjects.

Basic Concepts of Personal Data Protection

What is a Personal Datum?

Personal datum is any information concerning natural persons that identifies them or makes them identifiable.

What is a sensible datum?

The Law defines sensitive data, as those which refer to the intimate sphere of the data subject, or whose improper use may give rise to discrimination or entail a serious risk for the data subject.

It is deemed as sensitive data that which may reveal aspects such as racial or ethnic origin; religious, philosophical and moral beliefs or convictions; union membership; political opinions; data related to health, life, sexual preference or orientation, genetic data or biometric data, among others.

Law 81 establishes that sensitive data cannot be transferred without the data subject’s explicit consent; except when it is necessary to safeguard the data subject’s life and he/she is physically or legally incapacitated, when it refers to data that is necessary for the recognition, exercise or defense of a right in a process with competent judicial authorization, when it has a historical, statistical or scientific purpose, in which case measures leading to dissociate the identity must be adopted.

Purpose, principles and application

The Law establishes the principles, rights, obligations and procedures that regulate the protection of personal data, considering its interrelation with the private life and other fundamental rights and freedoms of citizens.

The general principles that inspire and govern the protection of personal data and that are the basis for the interpretation and application of the rule, also complement some gaps in the Law 81 itself:

1. Principle of fairness: personal data are collected without deception or misrepresentation and without using fraudulent means.
2. Principle of purpose: personal data must be collected for specific purposes and not be further processed for purposes other than those for which they were requested, and not be kept for a longer than necessary for the purposes of processing.
3. Principle of proportionality: only adequate and relevant data limited to the minimum necessary in relation to the required purpose are requested.
4. Principle of truthfulness and accuracy: they must be accurate and truthfully respond to the current situation of the data subject.
5. Principle of data security: those personal data controller must adopt measures to ensure the security of the data and inform the data subject, as early as possible, when the data have been removed without authorization or there are indications that their security has been breached.
6. Principle of transparency: information and communication must be expressed in clear and simple language.
7. Principle of confidentiality: all persons involved in the personal data processing are obliged to maintain secrecy or confidentiality with respect to such data.
8. Principle of lawfulness: data must be collected in a lawful manner, with the prior, informed and unequivocal consent of the data subject or by legal basis.
9. Principle of portability: the data subject has the right to obtain from the data controller a copy of the personal data in a generic and commonly used format.

The scope of application of this Law extends to databases located in the territory of the Republic of Panama, which store or contain personal data of nationals or foreigners or that the data controller is domiciled in the country, are subject to the application of this Law and its regulations.

The storage or transfer of personal data originated or stored within the Republic of Panama that are confidential, sensitive or restricted, that receive cross-border processing is permitted provided that the data controller or custodian of the data complies with the standards of personal data protection and obtains consent.

Executive Decree 285 of 2021, which regulates Law 81, establishes that the registration of databases transferred to third parties shall be stated in writing, by any means, including electronic means.

What exceptions apply and when can Personal Data be processed?

There are exceptions to the scope of application of the Law for those data that are expressly regulated by special laws or by regulations that develop them and that we have detailed at the beginning.

Exceptions include:

1. Those carried out by a natural person for exclusively personal or domestic activities.
2. Those carried out by competent authorities for purposes of prevention, investigation or prosecution of criminal offenses or enforcement of criminal penalties.
3. Those carried out for the analysis of financial intelligence related to national security.
4. When it is data processing related to international organizations in compliance with international treaties or conventions.
5. Those resulting from information obtained by means of a previous anonymization procedure.

The processing of personal data can only be carried out when: i.) The consent of the owner is obtained, ii.) The processing is necessary for the execution of a contractual obligation, iii.) The processing is necessary for the fulfillment of a legal obligation, iv.) The processing is authorized by a special law.

Personal data controller, database custodian and Personal Data Protection Officer

The data controller is a natural or legal person, public or private, for profit or non-profit, who is responsible for the decisions related to the processing of data and determines the purposes, means and scope.

The data controller is who shall establish the protocols, processes and procedures for management and secure transfer, protecting the rights of data subjects. The National Authority for Transparency and Access to Information (ANTAI) with the support of the National Authority for Government Innovation (AIG) are the authorities that will oversee and supervise the above.

The custodian of the database, as well as anyone who has access to it, must take care of it with due diligence, and shall also be liable for any damages caused.

As a measure of accountability for compliance with the use of personal data Executive Decree 285 establishes the figure of the Protection Officer (ODP) for public entities and recommended but not mandatory for the private sector.  The ODP will perform his functions independently. Its functions will be to participate in a timely manner in matters related to data protection, inform and advise the responsible and the custodian, supervise compliance with the regulations, promote the training of persons who process data, among others.

Both the personal data controller and the custodian of the database that transfers data, must keep a record of the databases and must be available to the National Authority for Transparency and Access to Information (ANTAI) when required, the database must even identify and state the period of all persons entering personal data within fifteen working days from the start of such activity.

Those data controllers and/or custodians of databases, as well as all persons involved in any phase of data processing, shall be subject to the duty of secrecy or confidentiality. This obligation shall be additional to professional secrecy, shall apply for the entire duration of the processing and shall be kept even after the employee’s or official’s relationship had terminated.

The data controllers and/or custodians of the databases must guarantee the compliance and are subject to the control and supervision of ANTAI through the Directorate for the Protection of Personal Data.

When is authorization not required for the processing of personal data?

Authorization is not required for the processing of personal data in the following cases:

1. Sources in the public domain
2. Those collected by the public administration
3. Those of an economic, financial or banking nature with prior consent.
4. Lists of persons in organizations, professions
5. Those within an established business relationship
6. Processing of private organizations for use by associates
7. Medical or health emergency
8. Historical, statistical or scientific purposes.

Non-waivable rights of the personal data subjects

Like many countries, our country recognizes ARCO rights, i.e. the Right of Access, Right of Rectification, Right of Cancellation, Right of Opposition and Right to Portability.

Our Law allows the personal data subject to request his information to the data controllers, and it must be provided within ten working days. The provision of information, its modification, blocking or deletion shall be free of charge.

Data must be amended when it is erroneous, inaccurate, misleading or incomplete within five working days following the request for amendment. Whoever is responsible must proceed when there is evidence of inaccuracy of the data.

If the data controller does not decide on the data subject’s request within the term, the data subject may appeal to the National Authority for Transparency and Access to Information (ANTAI). In cases subject to special laws, to the regulator or regulatory authority. In the event that the sanctions for the offenses committed are not found in such laws, the regulator shall apply the sanctions established in this Law, without prejudice that the data subject may also file a complaint before the National Authority of Transparency and Access to Information (ANTAI) for the corresponding sanctions to be applied and to the courts of justice to request compensation for pecuniary and/or moral damages.

The data controller or the custodian of the database may not transfer or communicate in any case the data relating to a person after seven years have elapsed, since the legal obligation to keep it was extinguished, unless another period is agreed. These data have to be deleted or re-establish a relationship with the data subject and explain why the data are still kept and what the new purpose is.

The transfer of data is lawful if it meets at least one of the following conditions:

1. Data subject’s consent.
2. That the receiving country or agency provides a better level of protection.
3. That it is provided for in a Law or Treaty.
4. For prevention of medical diagnosis.
5. That is made to any company of the same economic group provided that they are not used for different purposes.
6. By virtue of a contract.
7. It is necessary for the safeguarding of a public interest.
8. For the recognition or defense of a right in a judicial proceeding.
9. For the maintenance or fulfillment of a legal relationship.
10. Required for bank or stock exchange transfers.
11. For international cooperation between intelligence agencies in the fight against organized crime, terrorism, drug trafficking, etc.
12. That the controller transferring the data adopts binding self-regulatory mechanisms.
13. In case of contractual clauses.

Advisory Council and Supervisory Authority

A Council for the Protection of Personal Data is created as an advisory body on the matter which advises the National Authority for Transparency and Access to Information (ANTAI), recommends public policies related to the matter, evaluates the cases filed, provides recommendations and develops its internal regulations.

The National Authority for Transparency and Access to Information (ANTAI), through a Directorate created to deal with this matter, is empowered to sanction the data controller, as well as the database custodian ascertained to have infringed the rights of the personal data subject. The Executive Decree establishes the criteria for the graduation of the sanctions, which will depend on the intentionality, recidivism, nature and amount of the damages caused, rights affectation, adoption of corrective measures, among others.

The decisions of the Directorate may be challenged through an appeal for reconsideration and are appealed before the Director of the National Authority for Transparency and Access to Information (ANTAI).

Infringements and Penalties

The Authority may fix penalties from B/.1,000.00 to B/.10,000.00.

Infringements are classified as minor, serious or very serious:

• Minor: failure to submit or inform the authority of the information within the deadline and may lead to a citation from the authority.
• Serious: carrying out the processing without the consent of the data subject, infringement of the established principles and guarantees, breach the confidentiality commitment, restricting ARCO rights, breach the duty to inform the data subject of the data processing, storing or archiving data without security conditions, failing to comply with repeated requests and remarks of the authority, the above can lead to a fine of B/.1,000 to B/.10,000, depending on its proportionality.
• Very serious: to collect personal data in a fraudulent manner, not to observe the regulations, not to suspend the processing when previously requested by the authority, to store or transfer personal data internationally and to recidivate in serious offenses, which may lead to the closure of the database records and the corresponding fine, and even the suspension and disqualification of the storage and/or processing activity.

Lastly, the Executive Decree establishes terms for the statute of limitations of the action and the penalty:

• Statute of limitations of the action:

1. Minor infringements within a period of 1 year.
2. Serious infringements within a period of 3 years.
3. Very serious infringements within a period of 5 years.

• Prescription of penalty:

1. Minor penalties within a period of 3 year.
2. Serious penalties within a period of 5 year.
3. Very serious penalties has no statute of limitations.

Law 81 of March 26, 2019, which was published in Official Gazette No. 28743-A, entered into full force on March 29, 2021 and Executive Decree 285 of May 28, 2021 entered into full force upon its enactment on May 28, 2021 and it was published in Official Gazette No. 29296-A.

Do you know your rights regarding the use of your personal data? If you have a database, do you know your obligations regarding data protection? Get to know the most important aspects of Panama’s Data Protection and Privacy Law and get the answers to these questions.

By Fernando González-Ruiz and Mariela de la Guardia Oteiza

Every time we make online purchases, request a service, or go to a medical appointment, we provide our personal data. But, are we sure that the information we are providing is being given the proper treatment to ensure that it is not misused or used for other purposes that we did not authorize?

Everyone should be clear about how their personal data is being collected, used, or processed, as well as what to do when there is a breach or misuse of the data.

Likewise, companies must be clear about, among other things, for how long the data can be collected in an organization, how it must be kept, how their system provides adequate confidentiality protection guarantees, the IT security they must apply, and who is responsible for protecting this information within the company.

This is why many countries are promoting laws related to Personal Data Protection, adapting these rules to new technological changes, as is the case of the European Union with the General Data Protection Regulation (GDPR), which came into effect in May 2018 and set a precedent within these rules.

Similarly, in Latin America, countries such as Argentina, Colombia, Brazil, Chile, Peru, and Mexico have begun either modifying their Personal Data Protection laws in order to comply with the standards imposed by the European Union with the General Data Protection Regulation, or developing new laws on the subject.

In the case of Panama, we did not have a specific law regulating the Protection of Personal Data; we only had general provisions on the subject, such as the National Constitution, Law 68 of 2003, which regulates the rights and obligations of patients regarding information and free and informed decision; the Law 24 of May 22, 2002, which regulates the information service on the credit history of consumers or customers, among other special laws.

The absence of a special Law on Personal Data Protection left a great void in our legislation on the subject of how the personal information of our citizens should be properly treated and that would provide real protection to our private life and other fundamental rights and freedoms. Privacy is a Human Right!

This is why, on March 26, 2019, Law 81 on Personal Data Protection was passed, which entered into force on March 29, 2021. This Law establishes the principles, rights, obligations and procedures that regulate the protection of personal data in our country.

But what is Personal Data?
Personal data is defined as any information concerning natural persons that identifies them or makes them identifiable.

Some of the most important aspects of this new Panamanian Law are the following:

To whom does Panama’s Data Protection Law apply?
Contrary to the General Data Protection Regulation (GDPR), which has an extraterritorial scope, our Law only applies to databases located in the territory of the Republic of Panama that store or contain personal data of nationals or foreigners or to those responsible for processing personal data (data controllers) domiciled in the country.

What exceptions apply?
There are exceptions to the scope of application of the Law, for data that is expressly regulated by special laws or by regulations that develop them. Some special laws are the Banking Law or the Law regulating the rights and obligations of patients.

Exceptions include:
1. Those carried out by a natural person for exclusively personal or domestic activities.
2. Those carried out by competent authorities for purposes of prevention, investigation or prosecution of criminal offenses or enforcement of criminal penalties.
3. Those carried out for the analysis of financial intelligence related to national security.
4. When it concerns the processing of data related to international organizations in compliance with international treaties or conventions.
5. Those resulting from information obtained through a previous anonymization procedure.

When may the processing of Personal Data be carried out?

The processing of personal data may be carried out when the following conditions are met:
1. That the consent of the data subject is obtained.
2. That the data processing is necessary for the execution of a contractual obligation.

3. That the data processing is necessary for the compliance of a legal obligation.
4. That the personal data processing is authorized by a special law or the regulations that implement them.

According to our Law, it is of utmost importance that the person who gives his consent for the processing of his personal data, is duly informed as to the purpose of the use of his personal data. Likewise, this consent must be obtained in a way that allows its easy traceability, by means of documentation, whether electronic or by any other appropriate mechanism.

Personal data must be used for the specific purposes for which they were authorized. If for any reason they are to be used for other purposes, the consent of the holder of the data must be obtained again.

What is considered as Sensitive Data?
Sensitive data are those that refer to the intimate sphere of the subject, or whose improper use may give rise to discrimination or entail a serious risk to the subject, such as racial or ethnic origin, religious beliefs or convictions, labor union membership, political opinions, data relating to health, life, sexual preference or orientation, genetic data or biometric data, among others.

It is important to know that the Law establishes that sensitive data cannot be transferred without the Data Subject’s consent.

What are the responsibilities of the data controller of personal data contained in databases?
Among the responsibilities of the data controller of personal data are to establish the protocols, processes and procedures for management and secure transfer, protecting the rights of the data subjects.

What rights do the Personal Data subjects have?

Among the rights that the Personal Data subject mentioned in this Law have, are the following:
1. Right of access: All data subjects should be able to obtain their personal data stored in databases of public or private institutions.
2. Right of rectification: The subject may at any time request the correction of personal data that is incorrect, irrelevant, incomplete, outdated, inaccurate or false.
3. Right of cancellation: The subject may request the deletion of incorrect, irrelevant, incomplete, outdated, inaccurate or false personal data.

4. Right of opposition: this right allows the personal data subject to refuse to provide his personal data due to justified and legitimate reasons.
5. Right of portability: the subject has the right to obtain a copy of the personal data in a structured manner, in a generic and commonly used format which can be operated by different systems.

What are the infringements and penalties imposed by this new Law?
Infringements shall be considered as minor, serious or very serious and the sanctions may range from a citation before the National Authority of Transparency and Access to Information, which is the regulating entity for these matters, to the suspension and disqualification of the activity of storing and/or processing Personal Data. Infringements may include the collection of personal data in a fraudulent manner, processing personal data without having obtained the subject´s consent, storing or archiving personal data without adequate security conditions, among others.

The Law establishes that the National Authority of Transparency and Access to Information shall fix the amounts of the applicable sanctions and proportional to the seriousness of the offense, which shall be established from one thousand dollars (US$1,000.00) to ten thousand dollars (US$10,000.00).

These are just some of the points mentioned in this new Data Protection Law, which came into force in Panama at the end of March 2021. Up to the date of this article, the Executive Decree regulating this matter has not yet been approved, which could clarify and develop some of its points.

Recommendations
To conclude, we make some basic recommendations that organizations or companies that collect personal data from their customers on a daily basis should keep in mind:

• The company must have the prior, informed and unequivocal consent of the data subject to be collected and that the data is collected for the purpose for which they are required.
• If other use is to be made of this data, the consent of the data subject must be obtained again. This could apply to companies that have several lines of business or are part of a large company that has different corporate names for different types of business.
• We must not forget that this consent must be obtained in a way that allows its easy traceability by means of documentation, whether electronic or by any other appropriate mechanism.
• To adopt the technical measures to guarantee the security of the data under their custody and inform the data subjects as soon as possible when a data breach has occurred.
• Review the terms and conditions and privacy policy of the company’s website, as well as its cookies policy, to ensure that they are sufficiently clear to users.

MULTINATIONAL CORPORATION HEADQUARTERS (SEM) REGIME
Updated according to Executive Decree No. 241 of September 16, 2020, and Resolution 023-20 of September 17, 2020

Background

Law No. 41 of 2007, amended by Law 45 of August 10^th, 2012 and Law 57 of 2018, establishes incentives for the creation in Panama of Multinational Corporations Headquarters (SEM, for its acronym in Spanish), whose main activities are the technical, financial and/or administrative assistance to companies with the same corporate group and the provision of services to companies of the same group.

Under this modality, it is allowed to establish multinational corporations in Panama with the purpose of having a headquarter that provides support to its affiliates in the region. They may operate as a foreign company registered in Panama or as a Panamanian company, owned by a multinational company. By applying under the activities listed below, the SEM company shall be able to enjoy a series of fiscal, migratory, and labor incentives.

The activities allowed under this law are the following:

• Management and/or administration for operations in a specific or global geographic area of a company of the corporate group. It refers to the services of strategic planning, business development, personnel management and/or training thereof, control of operations and/or logistics.
• The logistics and/or storage of components or parts, required for the manufacture or assembly of products the company manufactures.
• Technical assistance to companies of the corporate group or to customers who have purchased a product or service from the company and, therefore, it is obliged to provide them the support service.
• Technical, financial and/or administrative assistance, as well as other support services, to companies of the same corporate group, including, but not limited to, services of financial management, risk analysis, credit analysis, due diligence, compliance, documentation custody, and filing, data and/or document processing center and corporate treasury services, as well as loans between related companies of the corporate group. It does not include activities that require a license to operate issued by the State through the Superintendency of Banks, the Superintendency of Insurance and Reinsurance, the Superintendency of the Securities Market, or other regulatory entities.
• Corporate group accounting.
• The preparation of blueprints that are part of designs and/or constructions, or part of them, which constitute part of the normal course of business activity of the parent company or any of its subsidiaries.
• Electronic processing of any activity, including consolidations of the corporate group’s operations. This service includes network operations.
• Advice, coordination, and monitoring of marketing and advertising guidelines for goods or services produced by the corporate group.
• The support of operations and research and development of products and services of the corporate group.
• Any other similar service previously approved by the Cabinet Council by a justified resolution provided it is in compliance with the provisions of the Law.

Outsourcing:

It is important to take into account that the main activity or activities can be performed, in whole or in part, through resources provided by suppliers (outsourcing), as long as the outsourced activity be performed in Panama and the mechanisms to exercise monitoring and supervision of the activity in Panama be maintained.

Services related to manufacturing, EMMA License:

It is important to mention that the multinational companies that are operating in Panama and provide services with manufacturing to related companies or those that have a SEM License, and are willing to increase or expand activities to provide services related to manufacturing described in the EMMA Law or Law 159 of August 31, 2020, may adhere to this system. The Technical Secretariat may take into account all the documentation existing on file to ensure an expedited automation process.

Legal stability of investments:

Companies incorporated under the SEM regime as from 1 January 2019 shall automatically enjoy, as of the moment of their registration, the guarantees established in Article 10 of Law 54 of 1998 on Legal Stability of Investments. That is to say, from the granting of the License they shall enjoy the fiscal, migratory labor and legal benefits for 10 years.

Annual report:

Companies with a SEM License must submit once a year and within six months after the end of their fiscal period, an annual report containing an affidavit with information about the company and the new requirements of substance, which will be signed by the legal representative and a certified public accountant. The form can be downloaded from the website www.sem.gob.pa.

The Technical Secretariat of the Commission of Multinational Company Headquarters Licenses shall issue an administrative resolution stating whether or not the company complies with the substance requirements for the relevant fiscal period. The company may request reconsider and appeal the resolutions of the Technical Secretariat.

If the company complies, the Technical Secretariat submit the Resolution to the Directorate General of Revenues to apply the 5% income tax rate. If the company does not comply, the Technical Secretariat submit the Resolution to the G Directorate General of Revenues to apply the income tax rate at 25%.

I. Fiscal

Fiscal benefits and obligations of corporations which obtain a SEM License:

• Companies holding a SEM license must pay the income tax in the Republic of Panama on the net taxable income arising from the services rendered, at a rate of 5%. They shall settle and pay the income tax, through the annual tax income return, and may include within their deductible expenses, the expenses incurred in concept of labor remunerations of all their employees, which shall proceed even when the employee, recipient of the salary, is exempted from the income tax. The amount that the company has actually paid in that concept or analogous abroad may also apply as income tax credit. When applying this credit, the company shall pay at least 2% of the net taxable income generated in the Republic of Panama, as income tax.
• As of the fiscal year 2019, all legal or natural persons that carry out transactions with related parties that are SEM companies, shall be subject to the Transfer Pricing System in accordance with the provisions of article 762-D of the Tax Code and comply with the filing of Form 930.
• Transfer tax on Personal Property and Services (ITBMS, for its acronym in Spanish). Due to the fact that these are exporting services, the same shall not cause ITBMS, provided that they be rendered to entities of the Corporate Group abroad, which do not generate taxable income within the Republic of Panama.
• Exemption of dividend payment, supplementary tax, and tax on branches, regardless that they be from local, foreign or exempted source.
• They are not subject to the use of tax equipment, nevertheless, they must document their activities through invoices or documents equivalent which allow the Directorate General of Revenues to have proper control, registration, accounting, and supervision of the transactions performed.
• They shall not have the obligation to obtain a Notice of Operation for the rendering of the services established in the SEM Law.

Substance requirements:

SEM companies must comply with Substance Requirements. This means that in order to enjoy the benefit of the reduced rate of 5% of income tax granted by Law 41 of 2007, for the activities contemplated in Article 4 of the Law, it is necessary to prove that the main Activities performed to generate the income benefited by the tax incentive have been carried out in Panama, that the SEM company has an adequate number of qualified full-time employees and an adequate amount of operating expenses, which are directly related to the Main Activity.

In case of non-compliance with the Substance Requirements, the company must pay income tax at 25% with the corresponding fines, surcharges, and interest.

To prove compliance with the Substance Requirements, the SEM company must keep records, books, and documentation showing the adequate level of employees and operating expenses, according to the main activity for up to five years.

II. Immigration

Incentives for Foreign Executives, holders of SEM visas:

• Salaries and other labor remunerations, including salary in kind received by persons holding a SEM Permanent Personnel Visa, are exempt from income tax and social security contributions, educational insurance provided that the salaries and labor remunerations are paid, assumed, and recognized as personnel expenses in the accounting of the company with SEM License.
• Exemption of Importing Tariff for household goods when the employee relocates for the first time to the Republic of Panama. The National Customs Authority has established the amount of twenty-five thousand dollars (US$25,000.00), legal currency of the United States of America as maximum for the application of said exemption. The interested party may bring said household goods within the three (3) months prior to his arrival or up to six (6) months after his entry to the country.

The SEM Law creates new visas specifically for foreign employees hired by the SEM company. The kinds of visas are:

Visas for SEM Permanent Personnel:

These shall be granted to the employees of an administrative-executive level. The same shall have the same validity up to 5 years, renewable for the same term, except for those cases in which the labor contract establishes a shorter term. The holders of this visa shall not require work permits and may renew this visa for an indefinite term.

Visas for Dependents of SEM Permanent Personnel:

For their spouses or common-law couples living for a minimum of five (5) years in conditions of stability and singularity, underage children and children under twenty-five (25) years which are students, as well as the parents of said personnel, who shall remain in Panama under the responsibility of SEM´s personnel. They shall have the same term as that of the SEM´s personnel. The salaries and other labor remunerations, including the salary in kind, shall be considered exempt from income tax, social security, and education insurance contributions, insofar as said salaries and labor remunerations are paid, assumed, and recognized as personnel expense of in the accounting of the SEM company.

Definite Residence for SEM Permanent Personnel:

The foreign personnel that had worked for any SEM company, after the 5-year term of their SEM Permanent Personnel visa had elapsed, may opt for a definite residence. The Permanent Personnel that obtains the definitive residence shall be subject to the payment of the income tax and the social security and education insurance contributions.

Visas for SEM Temporary Personnel:

These visas shall be granted for a period not greater than 3 months for employees that have to come to Panama for any activity related to SEM. Like the visa for SEM Permanent Personnel, it does not need a labor permit.

III. Labor

Companies covered by a SEM License may hire trusted foreign workers to fill senior and mid-level management positions. This is understood as those employees who perform management, inspection, or representation services for the company. Such foreign personnel must comply with the provisions of Article 17 of the Labor Code, with respect to companies whose transactions are developed, consummated, or be effective abroad.

Any foreigner with the status of a dependent of a foreign worker under a visa or residence permit from the Multinational Corporation Headquarter may work in the Republic of Panama, provided that he or she meets the necessary conditions to process a work permit in one of the existing or recognized categories by Panama. These permits must be processed at the Immigration Office of the Multinational Corporations Headquarters or the One-Stop Investment Counter.

Dependents who obtain a work permit and work in Panama shall be subject to the payment of income tax, and social security and educational insurance contributions for wages and other remuneration received.

SEM companies must seek technological exchange, and for such purposes, may hire foreign employees of administrative levels, as well as support or related services personnel with proven academic capacity.

Requirements:

The legal requirements for the obtainment of the SEM License are the following:

1. Assets of the multinational corporation.
2. Operation places or headquarters of the multinational corporation.
3. Activities or Operations carried out by the multinational corporation.
4. Listing of shares on the local or international stock exchange markets.
5. A minimum number of full-time employees and annual operating expenses of the multinational company in the Republic of Panama that must be appropriate to the nature of the business carried out by the company.
6. Any other element or information the Commission may deem necessary to assess as an additional requirement.

The application form must be completed and the following documents must be attached:

• Charter of Incorporation of the applicant company establishing within its objects the interest of establishing a Multinational Corporation Headquarter. If it is an already existing company in Panama, the same must amend its Charter of Incorporation and comply with the requirement described above.
• Power of Attorney granted to a qualified attorney.
• Affidavit subscribed by the representative of the applicant company manifesting its desire of establishing in Panama a Multinational Corporation Headquarter, the specific activities that it shall perform as SEM, and that it complies with all the requirements to opt for a license pursuant to the law. The signature of the legal representative must be duly authenticated before Notary Public.
• Consolidated Financial Statements of the Corporate Group referred to in the Affidavit, duly certified by Certified Public Accountants. Reference may be made to the location of these financial statements on the stock exchange on which the Corporate Group is registered. In the event that the Consolidated Financial Statements are in a language different from Spanish and/or currency other than the dollar, notes or attachments of the financial statements of the Corporate Group shall be submitted in the Spanish language and with the proper conversion into dollars.
• Bank Reference Letter.
• Certification issued by the Treasurer or Secretary of the applicant company, indicating the shareholding interest of the companies of the Corporate Group.
• In the event that it is willing to carry out an activity regulated by the State, through the Superintendency of Banks of Panama, Insurance and Reinsurance, Securities or other regulatory entities, it shall file, together with the other requirements, a letter from the regulatory entity stating its opinion regarding the services to be rendered by the applicant company as SEM.
• Organization chart of the applicant company evidencing the relation with the Corporate Group, its affiliates, subsidiaries, or associated companies, to which it shall render services.
• Corporate Social Responsibility plan.
• PowerPoint presentation with general information about the Corporate Group (maximum 8 slides).

Substantive Conditions:

The Corporate Group assets must be equal or greater than two hundred million United States dollars (US$200,000,000.00) or that the applicant company must render its services to at least seven (7) affiliates, subsidiaries or associated companies.

In order to evidence the foregoing, the following documents shall be included in the filing as applicable:

i. Consolidated Financial Statements of the Corporate Group to which the applicant company belong, duly audited or certified by an independent Certified Public Accountant and apostilled; or

ii. Affidavit signed by the legal representative of the applicant company of the Corporate Group, identifying the affiliates, subsidiaries, or associated companies to which the services shall be rendered. The legal representative signature shall be duly authenticated before a Notary Public of Panama or apostilled.

In the event of establishing a parent company in Panama, an initial minimum capital, of not less than two million United States dollars (US$2,000,000) is required. For its proper verification, the following must be attached:

i. Cash Flow Report

ii. Certification issued by the treasurer or secretary of the applicant company, the signature duly authenticated by a notary, indicating the shareholding interest of the companies of the Corporate Group in order to prove the ownership of the multinational company.

In case the applicant company is operating in Panama, the following must be submitted:

i. License number or operation notice of the corporation under which the same was operating, as applicable.

ii. Financial statements of the local company.

iii. Copy of the last Income Tax Return.

Note: Furthermore, all the documentation submitted together with the application form shall fulfill the following requirements:

• All public documents must be duly legalized or apostilled.
• The original document which is written in a language other than Spanish must be translated by a certified public translator.
• The corresponding documentation must be based in United States dollars.
• It shall be understood by general particulars of the applicant and its attorney-in-fact:
• Full name of the company
• Address
• Identification of the registration data of the corporation at the Public Registry of Panama
• Particulars of the Attorney-in-Fact such as gender, marital status, personal identity certificate, domicile, telephone, facsimile, post office box, e-mail.

As of the entry into force of the SEM Law, our law firm has acquired extensive experience, helping international clients in the obtainment of the SEM Licenses, therefore we are at your disposal for any clarification that you deem appropriate. Contact us at igranet@icazalaw.com for more information.

By Mariela I. de la Guardia Oteiza

More than ten years ago, the Republic of Panama enacted and developed the special system for the establishment of Multinational Companies headquarters (SEM, for its acronym in Spanish), through Law 41 of 2007 (SEM Law), which grants a license which allows carrying out activities of management, accounting, logistics, finance, operations support, among other activities, for the benefit of subsidiaries and/or other companies of the multinational group. Through this law, Multinational Companies and their foreign employees can receive immigration, labor, and tax benefits.

Currently, there are 160 multinational companies established in Panama with a SEM license, which have generated more than 7,000 jobs and almost US$1.2 billion in investment.

To become a more competitive and appealing country for direct foreign investment, which is necessary for the economic and social development of the country, and given the success of the SEM system as well as the need for multinational companies to carry out manufacturing activities, Law 159 of August 31, 2020, was enacted. Said law creates the Special System for the Establishment and Operation of Multinational Companies for the Provision of Services Related to Manufacturing, best known as EMMA Law or EMMA license.

Based on the benefits of the SEM Law, the EMMA Law allows multinationals to render the following services to their business group:

1. The manufacture of products, machinery, and equipment.
2. Assembly of products, machinery, and equipment.
3. Maintenance and repair of products, machinery, and equipment.
4. Refurbishment of products, machinery, and equipment.
5. Conditioning of products.
6. Product development, research, or innovation of existing products or processes.
7. Analysis, laboratory, testing, or other manufacturing related.
8. Logistics such as storage, deployment, and distribution center of components or parts.
9. Any other similar service.

This law even allows multinational companies established under the SEM license to apply for the EMMA license without filing a new application. The documents and information would be reviewed to expedite the procedure.

The law provides that the Panamanian labor force must be trained, so technical education centers will be created in

order to have qualified personnel to fill the jobs which will be required by the multinational companies to be established under the EMMA system.

Companies with an EMMA license will be subject to a special tax system, under which (i) they will only have to pay the net taxable income for the services rendered at a rate of 5%; (ii) no Transfer of Movable Personal Property and the Rendering of Services Tax (ITBMS or VAT in other countries) will be caused as long as the services are rendered to persons who do not generate taxable income in Panama; (iii) will be exempted from dividend tax, supplementary tax and tax on branches; (iv) will not be subject to the use of tax equipment and will not be required to obtain a Notice of Operations (equivalent to a business license in other countries).

They are also exempted from any tax, encumbrance, fee, or import duty on any type or class of merchandise, goods, equipment, and other goods for the performance of the service.

The EMMA license grants immigration benefits, such as temporary and permanent visas, to foreign personnel working for the multinational company and its dependents. After five (5) years have elapsed since the approval of the first permanent personnel visa, foreign employees may opt for permanent residence in Panama.

Among the labor benefits, the company with an EMMA license will be able to hire employees to fill senior and middle management positions. It also allows dependents of its foreign employees with temporary or permanent visas to work in Panama.

Furthermore, the EMMA Law grants legal stability of the investments to companies established under this regime, guaranteeing that for 10 years, the company shall enjoy the same tax and legal system as it did at the time of obtaining the EMMA license. That is, in the event of new legal provisions that may vary the acquired rights and tax obligations at the time of obtaining your license, these will not be affected.

If we consider the benefits granted by the EMMA Law, our country provides other intangible benefits as added value which makes it a center to attract investments, such as our privileged geographical position, the connectivity throughout the continent by means of the Hub of the Americas, logistic facilities, the proximity between both oceans and the Panama Canal. We cannot fail to mention the advantages in terms of telecommunications since seven fiber optic cables converge in Panama, and it has a first-class telematic infrastructure. Also, we have a convenient time zone for the most important shopping centers in the continent. Moreover, with the use of the dollar, economic stability is created with much lower inflation rates compared to the currencies of other Latin American countries. In addition to the aforementioned, Panama is a politically stable country, which has enjoyed more than 30 years of alternation in government.

We are confident that the success of the SEM Law will be replicated in the new system of the EMMA Law in order to develop services related to manufacturing in our country.

Ten years have elapsed since the enactment of Law 41 of 2007, whereby the Special System for the establishment and operation of Multinational Corporations Headquarters (SEM) was created in Panama. As of that date, 134 licenses have been issued for SEM companies in Panama, according to data from the Multinational Corporation Directorate of the Ministry of Commerce and Industries, allowing these companies to carry out activities of management, accounting, spare parts logistics, finance, operations support and other activities allowed to its subsidiaries anywhere in the world.

The appeal of Panama to the SEM companies has been widely discussed, especially in relation to the immigration, tax and labor benefits which the law grants; even more so because, until December 2016, the establishment of these companies represented more than US$820 million dollars in direct investment for Panama and the generation of more than 5,500 workplaces for foreign and domestic workers, according to the Multinational Corporation Headquarters Directorate.

Undoubtedly, Panama has become a magnet for multinational companies: in the past year alone 25 SEM licenses were granted, the highest annual increase in ten years. But, after one decade, how does the country prepare to remain an attractive focus for foreign investment? What challenges or opportunities does the country have regarding the development of this law?

Some peculiarities of the SEM Law which attracts these companies are that it allows them to hire foreign trustworthy personnel and executives without the need to comply with the maximum percentage of 10% -15% required for the companies established in and that operate in our country. Additionally, they shall be exempted from the payment of income tax when their wages stem from the parent company. Likewise, the multinational company itself is exempted from the payment of income tax for the services rendered under the SEM License, provided that the company provides its services abroad and does not generate taxable income in Panama. It shall also be exempted from Transfer Tax on Personal Property and Services, dividends tax and the supplementary tax payments.

If we consider the benefits granted by the SEM Law, our country provides other intangible benefits as added value which make it an investment attraction, such as our privileged geographic position, connectivity with the whole continent through the hub of the Americas, logistic facilities and the proximity between the two oceans. Furthermore, telecommunications are also an advantage, since seven fiber optic cables go through Panama, in addition to the facilities of the Panama Canal. We also benefit from the time zone, convenient to the main trading centers of the continent and a dollarized currency, which creates economic stability with inflation rates much lower compared to the currencies of other countries in Latin America.

Moreover, Panama is a politically stable country, which has enjoyed alternation in government over the past 27 years.

A decade after the enactment of the SEM Law and considering the social, political and economic events that have occurred worldwide and in our country, particularly its economic growth, it is necessary that Panama make some positive changes to this Law in order to progress towards attracting more multinational companies. Probably, the addition of more activities that the companies can perform; to provide trainings to the personnel to develop and discover new talents, as well as to attract and promote knowledge transfer.

Finally, the proposals and experiences from the multinational corporations with SEM license or from those who aim to have one, must be studied in order to assess the new challenges that the country is facing and make an analysis and balance of the actions, which may be taken in benefit of the Special System of Multinational Corporation Headquarters.