Baker McKenzie Baker McKenzie
How Can We Help?
  • Home
  • Insight
  • Publications
  • Colombia New Draft Circular on AML and ABC
06 January 2026

Colombia New Draft Circular on AML and ABC

In brief

The Superintendence of Companies ("SuperSociedades") has released a draft of the new Basic Legal Circular ("Draft Circular"). The Draft Circular proposes amendments to (i) the risk management frameworks of the Self-Control and Risk Management System for Money Laundering, Terrorism Financing and Financing the Proliferation of Weapons of Mass Destruction (SAGRILAFT (acronym in Spanish)); and (ii) the Transparency and Ethics Corporate Programs (PTEE (acronym in Spanish)), unifying them in a single framework ("Self-Control and Risk Management System for ML/TF/CPF and C/ST"). Additionally, the Draft Circular introduces revisions to the regulations governing sustainability reporting.

Key points

The Draft Circular introduces the following main changes:

SAGRILAFT and PTEE

  • The Draft Circular amends Chapter X unifying SAGRILAFT and the PTEE and updating them in the Self-Control and Risk Management System for ML/TF/CPF and C/ST.
  • Previous circulars are repealed and replaced, consolidating all requirements and guidelines for obligated entities in a single chapter.
  • Expansion of scope
    • The scope of obligated entities is broadened to include not only commercial companies, but also sole proprietorships, branches of foreign companies, confederations, chambers of commerce, and other specific sectors (pharmaceutical, infrastructure, manufacturing, mining-energy, ICT, vehicle trade), according to income and assets.
    • Thresholds are no longer expressed in minimum legal monthly salaries. The Draft Circular establishes thresholds to determine the obligation to implement the unified system in Basic Value Units.
  • Risk-based approach
    • The risk-based approach is reinforced, requiring risk identification, assessment, control, and monitoring to be adapted to the reality and materiality of each company.
    • "Paper compliance" (merely formal compliance) is prohibited, requiring active and effective systems.
  • Mandatory policies
    • The implementation of dedicated policies is mandatory in the areas of gifts and benefits, hospitality expenses, political contributions, donations, lobbying, and financing activities related to the proliferation of weapons of mass destruction.
    • Comprehensive procedures and controls for each policy are provided, including provisions for internal sanctions.
  • Roles and responsibilities
    • The functions and responsibilities of officers within obligated parties such as the board of directors, legal representatives, and compliance officer (principal and alternate) are reinforced, including requirements for suitability, independence, and reporting. Minimum requirements for the compliance officer are provided (professional degree, at least one year of experience in ML/TF/CPF and C/ST risks, knowledge updates every three years).
    • Clear incompatibilities and disqualifications are established for the compliance officer.
  • Due diligence procedures
    • General and enhanced due diligence procedures are provided, with emphasis on the identification of beneficial owners, cash operations, mass sales, and transactions with virtual assets.
    • Ongoing monitoring and periodic updating of counterparties’ information and risk profiles is required.
  • Whistleblowing channels and reporting
    • The obligation to have confidential and anonymous whistleblowing channels is reinforced, as well as the obligation to report suspicious transactions to the Financial Information and Analysis Unit.
    • Clear procedures are established for the management and follow-up of internal and external reports.
  • Sanctions and deadlines
    • Sanctioning regimes and deadlines for implementation and transition to the new system are updated (May of the year in which the circular is issued), as well as minimum periods of permanence in the regime (two years and one year for minimum measures).

 

Sustainability report

  • The Draft Circular maintains the requirement to use an international standard for the preparation of the report, but reinforces the need to evidence the veracity of the information through an additional certification. It specifies that the report must include the "governance" form, addressing corporate governance, ethics, and transparency. The report must include the following information:
    • Name of the international standard used.
    • Table of contents.
    • Entity profile (corporate name, address, sector, main activity, size, value chain, stakeholders and governance).
    • Sustainability context and strategy.
    • Disclosure of management performed (activities, risks, opportunities, impacts, and their measurement).
    • Assignment of a person responsible for the report.
    • Internal and external publication and dissemination of the report.
    • Submission of the "Sustainability Report Certification" as an additional document is required.
  • Certification or audit the sustainability report is not mandatory; however, it is clarified that the information may be verified by the SuperSociedades.
  • The requirement to implement due diligence processes in operations and business relationships is reinforced, with evidence of evaluation, scope, risk management system, and monitoring of the effectiveness of the measures implemented.
  • The Draft Circular recommends publishing the report on the company’s website for public consultation and to promote interaction with stakeholders.

 

Additional information

For more details, it is recommended to consult the full text of the Draft Circular.

Download the Spanish version of Colombia New Draft Circular on AML and ABC.

Explore More Insight
View All