chamber of commerce registrationcompany namedate of incorporation.addressTelephone numbertax identification numberby-lawsmain activityrevenue volumeshareholders&ultimate beneficial owners
Cédula de Ciudadanía
Law on Legal and Evidential Validity of Data Messages (1999); Law of personal data protection and electronic commerce
1996
1996. Financial institutions had to comply with the Integral System for the Prevention of Asset Laundering (“SIPLA”) regulation by reporting financial transactions over defined limits. In 2008, the
Superintendent of Finance of Colombia issued External Circular No. 022 2007, regarding the implementation of the System for Preventing Asset Laundering and Terrorism Financing (“SARLAFT”) with a risk
based approach. The 2009 regulation incorporates some new reporting standards that must be adhered to when reporting to the Regulator. Currently Circular Basica Juridica 029 de 2014 in its Titulo IV
Capitulo IV regulates (“SARLAFT”).
In 2014, the Superintendent of Corporations of Colombia issued External Circular No. 100-00005, regarding the implementation of the System for Preventing Assets Laundering and Terrorism Financing and
was changed for the External Circular No. 100-00003 in Jun 2015.
The regulation provides specific details of how the SARLAFT should be considered by financial institutions. Although the segmentation methodologies and activities related to risk management and transactional monitoring should be designed by each individual entity. For entities of the real sector there is a guide created by the United Nations Office on Drugs and Crime (“UNODC”),the British Embassy and the chamber of commerce of Bogotá “El Modelo de Gestion del Riesgo de LA/FT en el sector real”.
Yes, new regulation establishes the parameters for KYC procedures which incorporate the requirement to update a customer’s information.
No. Colombia is a member of the Financial Action Task Force on Money Laundering in South America (“GAFISUD”).
Yes
Yes, there are various thresholds depending on the type of transaction, including no customer due diligence for the transfer of electronic funds or foreign currency exchange transactions less than USD5,000,
and if a signed signature card for an account with the institution also exists for such transactions over USD5,000. No due diligence is required for cash transactions of less than USD5,000 (other than when
two or more transactions totalling more than USD5,000 are believed to be linked).
Individuals: The regulator has defined the basic form each customer should complete. The requirements surrounding independent verification or authentication vary according to each customer. Individuals
should provide identification, tax payment copy or yearly income certificate and other relevant financial information.
Legal entities: The regulator has defined the basic form that legal entities should complete. Legal entities should provide Chamber of Commerce registration, details of partners with shares greater than 5%,
an antitax payments certificate and other relevant financial information.Legal entities:
a) company name;
b) date of incorporation;
c) address and telephone number;
d) tax identification number;
e) bylaws and other information;
f) main activity;
g) revenue volume; and
h) shareholders and ultimate beneficial owners;
Customers should be able to demonstrate the source of income and ownership by way of a copy of a tax payment or income certificate. Entities should monitor changes in income or properties of their clients,
Enhanced due diligence is required for PEPs. In Colombia, this includes not only politically related people but also publicly recognised people. This also includes due diligence of deposit accounts which will be used by political parties and during political campaigns.
There are regulatory requirements in relation to PEPs. In Colombia, a PEP is defined as a publicly relevant person (not only politicians). Each time a PEP is identified, additional due diligence has to be
performed, especially when the client manages public resources.
For correspondent banking relationships, every international transaction should be reported to the authorities. Each report requires information on the origin of the money i.e. client, address, telephone
No.
Entities must define special procedures in order to perform KYC for non-face-to-face interviews. They must also implement follow up procedures for clients’ transactions
UIAF of Colombia
www.uiaf.gov.co
Yes, institutions should report individual cash transactions above USD5,000 and total monthly cash transactions above USD25,000. They should also report: a) suspicious transactions b) transactions of remittances and buy and sell of foreign exchange; c) transactions with international credits cards; d) products offered; and e) information about campaigns and parties political.
USD25,000
Special requirements and an investigation from the regulator shall be performed at an institution that does not report the required periodical AML information.
No, each entity is free to develop or use their specific methodology to perform transaction monitoring according to their KYC policies.
No, each entity shall define if a suspicious transaction shall be continued or not, although it has to be reported to the UIAF.
Entities monitor all transactions regardless of the entity’s jurisdiction.
Yes, the financial Colombian regulation defines that the external auditor must perform audits of the AML risk management system quarterly. Additionally, the internal auditor must perform an audit annually.
the external auditor performs an audit quarterly
the results are reported to the board of directors
the final opinion is part of the financial statement audit.
The external and internal auditors must evaluate that the risk management system is operating according to all requirements of the regulation. The audit is performed in accordance with the auditor judgement
the regulation for personal data protection stipulates that all individuals have the right to know about and update personal information that has been gathered about them by public or private entities and prohibits the processing of any individual's sensitive information without the prior, explicit, and informed consent of that individual.
N/A
Sensitive data is expressly protected. The law has a reinforced protection for so-called sensitive data, which is information that deserves special protection because of the high risk posed by its processing to citizen’s rights and freedoms. The incorrect use of this sensitive data might cause discrimination. Sensitive data includes people’s racial and ethnic origins; colour and sexuality; their political, religious, philosophical, or other beliefs; their participation in a given association; or their membership in a trade union, among others.
In Colombian legislation, banking secrecy and the right to privacy are not considered valid arguments to reject banking information requests issued by judges of the Republic of Colombia or Colombian AML authorities, within the limits established by article 15 of the Constitution and 2 of Law 1121 of 2006, also known as Organic Statute of the Financial (“EOSF”). Banking secrecy includes the financial and personal information in custody of the financial entities. Information relating to criminal records (those that are part of ongoing investigations without final decision of competent authority) and medical histories are considered sensitive and require prior, explicit and written authorization of the owner to be transferred.
Conveyance of real estate rights, aircraft, ships, corporation or other business associations; by laws; mortgage agreements; unlimited agency agreements and incorporation of branches are exempted from the law.
Yes, the law provides that the parties may use electronic signatures with consent.
Summary of law
Electronics signatures are used in both the public and private sectors in Colombia. It is considered two-tier jurisdiction because it gives digital signatures the same status as handwritten signatures but also recognizes simple electronics signatures as legal and enforceable. Countries that follow this model gives companies the opportunity to select different forms of signatures and customize their business process based on the form that is most convenient and appropriate for each use case.
Legal rulings regarding electronic signature have been somewhat general and do not address specific types of electronic signature. However, a Colombian Supreme Court decision in December 16, 2010, included digital and electronic signatures as recognized legal categories under Law 527. Obtaining consent prior to using electronic signature is a good practice to ensure enforceability.
The main features of the regulation included implementing adequate KYC procedures, monitoring transactions, investigating unusual transactions and reporting any suspicious transactions to the relevant
Normatividad/circulares-externas/CircularExterna100-00005 Junio del 2014.
Yes, new regulation has a risk based approach regarding AML.
There is no need for copies to be certified by a notary (this was a requirement previously). Entities compare the copy with the original identification when the customer brings in the required documentation.
Habeas Data law expressly prohibits the transfer of information to another country without the prior, express and written permission of the owner of the information and further states that the other country must have an equal or higher standard of protection of information and guarantees for the owner of the information. In Colombian legislation, banking secrecy and the right to privacy are not considered valid arguments to reject banking information requests issued by judges of the Republic of Colombia or Colombian AML authorities, within the limits established by article 15 of the Constitution and 2 of Law 1121 of 2006, also known as Organic Statute of the Financial (“EOSF”). Banking secrecy includes the financial and personal information in custody of the financial entities. Information relating to criminal records (those that are part of ongoing investigations without final decision of competent authority) and medical histories are considered sensitive and require prior, explicit and written authorization of the owner to be transferred.
In Colombian legislation, banking secrecy and the right to privacy are not considered valid arguments to reject banking information requests issued by judges of the Republic of Colombia or Colombian AML authorities, within the limits established by article 15 of the Constitution and 2 of Law 1121 of 2006, also known as Organic Statute of the Financial (“EOSF”). Banking secrecy includes the financial and personal information in custody of the financial entities. Information relating to criminal records (those that are part of ongoing investigations without final decision of competent authority) and medical histories are considered sensitive and require prior, explicit and written authorization of the owner to be transferred.