Superintendencia Financiera de Colombia (SFC) - Financial Services Regulator

Overview

The Superintendencia Financiera de Colombia (SFC), known formally as the Financial Superintendence of Colombia, is the national financial services regulatory authority with jurisdiction over banking, securities, insurance, pension funds, and fintech/virtual asset service providers. The SFC preserves financial system stability, ensures investor protection, promotes market confidence, and regulates the Colombian financial sector under a unified supervisory framework.

Establishment and Regulatory Evolution

Original Banking Regulator (1923): The institution was originally established in 1923 as a banking regulator through Law 45, with a Chief Superintendent of Banking appointed as head and charged with monitoring all banking institutions throughout Colombia.

2005 Unification and Expansion: In a landmark regulatory restructuring, the SFC was formally merged in 2005 with the securities market regulator, combining banking and securities supervision under unified authority. The 2005 merger expanded SFC jurisdiction to include:

• Banking institutions and credit system participants

• Securities market participants and trading venues

• Insurance companies and policy distribution networks

• Pension fund administrators

• Any entity involved in management and investment of public resources

• Virtual asset service providers (added later through Decree 1297 of 2023)

This merger created unified financial supervision (commonly referred to as the "Superintendencia Única" model), eliminating jurisdictional gaps and creating integrated oversight across the entire financial system.

Current Leadership

Superintendent (Head of Institution): The SFC is led by a Financial Superintendent appointed to oversee all supervisory operations, strategic direction, and regulatory implementation.

Organizational Structure: The Superintendent's office directs multiple supervisory divisions:

• Banking Supervision Division: Oversight of credit institutions, deposit-taking entities, and banking services

• Securities Supervision Division: Monitoring of stock exchanges, brokers, dealers, and securities market infrastructure

• Insurance Supervision Division: Regulation of insurance companies and their distribution networks

• Payment Systems and Fintech Division: Emerging supervision of payment institutions, virtual asset providers, and digital finance

• Compliance and Enforcement Division: Investigation, sanctions, and enforcement against regulatory violations

Administrative Leadership Team: Includes various Director-level positions overseeing technical supervision, compliance investigations, international relations, and administrative operations.

Constitutional Status and Independence

The SFC operates as an autonomous administrative body under the Colombian government's financial supervisory structure, with:

• Technical Independence: Authority to establish regulatory standards and enforcement policies without political interference

• Budgetary Autonomy: Self-funded through supervisory fees charged to regulated institutions

• Operational Discretion: Independence to conduct investigations and impose sanctions based on factual findings

• Accountability Framework: Transparent reporting to the President, Congress, and public on supervisory activities and outcomes

Basic Identity

Classification

Inclusion Justification

What This Entity Oversees

Licensing and Authorization

The SFC grants banking licenses and authorizes credit institution operations based on:

• Capital Requirements: Minimum paid-in capital thresholds (adjusted annually for inflation)

• Ownership and Control: Fit-and-proper tests for ownership structure and control persons

• Business Plan Viability: Assessment of proposed service offerings and target markets

• Governance Standards: Minimum board composition, committee structures, and management capabilities

Prudential Standards and Capital Adequacy

The SFC implements Basel III capital standards through:

• Capital Ratios: Minimum Common Equity Tier 1 (CET1), Tier 1, and Total Capital ratios, calibrated for Colombian systemic importance

• Risk-Weighted Assets (RWA): Calculation methodologies for credit risk, market risk, and operational risk

• Liquidity Standards: Basel III Liquidity Coverage Ratio (LCR) and Net Stable Funding Ratio (NSFR)

• Concentration Limits: Maximum exposures to individual borrowers and connected parties

Asset Quality and Credit Risk Supervision

• Loan Classification: Mandatory categorization system for credit quality (A, B, C, D, E categories)

• Provisions and Allowances: Reserve requirements based on loan classification and expected loss models

• Connected Party Lending: Limits on transactions with related parties to prevent conflicts of interest

• Large Exposure Monitoring: Tracking of systemic risk from major credit concentrations

On-Site Examination Program

The SFC conducts:

• Annual Examinations: Full-scope risk-based supervisory reviews of significant institutions

• Targeted Examinations: Focused reviews of specific risk areas (AML/CFT, operational risk, liquidity management)

• Continuous Monitoring: Off-site analysis of regulatory reports, financial statements, and market data

• Stress Testing: Forward-looking assessment of institutional resilience under adverse scenarios

Enforcement Powers in Banking Supervision

For banking institutions, the SFC possesses:

• Corrective Action Authority: Mandatory orders to address deficiencies in capital, governance, or risk management

• Dividend Restrictions: Authority to prohibit or limit dividend distributions to remediate capital deficiencies

• Management Changes: Authority to require removal of ineffective officers or board members

• Consent Orders: Binding agreements to address specific supervisory concerns

• Sanctions and Penalties: Administrative fines up to specific statutory limits

• License Revocation: Authority to cancel banking licenses for persistent non-compliance or critical failures

Securities Market Regulation

Stock Exchange and Trading Venue Oversight

The SFC exercises oversight of the Bolsa de Valores de Colombia (BVC), Colombia's primary securities exchange, through:

• Market Rules Approval: Review and approval of BVC operating rules, listing standards, and trading procedures

• Surveillance Authority: Monitoring of trading activity for market manipulation, insider trading, and disruption

• Participant Regulation: Authorization and ongoing supervision of exchange members (brokers, dealers)

• Infrastructure Standards: Requirements for trading system reliability, data integrity, and business continuity

• Pre-trade and Post-trade Transparency: Standards for order visibility and transaction reporting

Securities Broker and Dealer Supervision

The SFC regulates securities market intermediaries through:

• Licensing Requirements: Fit-and-proper standards, capital requirements, and operational capability assessments

• Customer Protection Standards: Segregation of customer assets, client agreement requirements, and dispute resolution procedures

• Compliance Programs: Mandatory compliance functions, code of conduct, and internal controls

• Suitability and Conduct Rules: Requirements to understand customer needs and recommend suitable investments

• Sales Practice Standards: Prohibitions on misrepresentation, churning, and abusive practices

Issuer Regulation and Disclosure Standards

• Listing Standards: Requirements for companies seeking public listing on BVC

• Continuous Disclosure: Mandatory reporting of material events to investors

• Financial Statement Filing: Audited annual financial statements and interim disclosures

• Corporate Governance: Standards for board composition, executive compensation, and related-party transactions

• Takeover Protections: Regulatory framework governing public company acquisitions and control contests

Investment Fund and Product Oversight

• Mutual Fund Regulation: Authorization, prospectus requirements, and ongoing monitoring of collective investment schemes

• Closed-End Funds: Standards for closed-end investment funds and capital pools

• Structured Products: Regulation of complex financial instruments and derivatives

• Retail Investment Protection: Heightened standards for products marketed to individual investors

Market Conduct Enforcement

The SFC's securities enforcement includes:

• Insider Trading Enforcement: Investigation and prosecution of unlawful trading on non-public information

• Market Manipulation Prosecution: Actions against artificial price movements and false signals

• Disclosure Violations: Sanctions for misrepresentation, omissions, and fraud by issuers and intermediaries

• Administrative Penalties: Fines, trading suspensions, and other remedies for violations

• Criminal Referrals: Cooperation with prosecutors on serious market abuse cases

Insurance Company Licensing and Authorization

The SFC approves insurance company operations based on:

• Capital and Reserves: Minimum paid-in capital requirements, reserve adequacy for policy obligations

• Actuarial Soundness: Demonstration of actuarially sound premium and reserve practices

• Claims Administration: Capability to manage claims payment and policyholder service

• Reinsurance Arrangements: Assessment of reinsurance protections for risk transfer

Actuarial and Reserving Standards

• Technical Reserves: Mandatory calculation of policy reserves using SFC-approved actuarial methodologies

• Catastrophe Reserves: Provisions for major loss scenarios and disaster contingencies

• Policyholder Protection Fund: Contributions to national guarantee fund for policyholder protection in insolvencies

• Actuarial Reports: Regular certification of reserving adequacy by independent actuaries

Insurance Product Regulation

• Policy Form Approval: SFC review of insurance policy terms, conditions, and exclusions

• Premium Regulation: In some lines (auto, workers compensation), regulatory oversight of rate adequacy

• Disclosure Standards: Policyholder information requirements and explanation of coverage

• Complaint Handling: Mandatory procedures for policyholder complaint resolution

Market Conduct and Consumer Protection

• Broker and Agent Regulation: Licensing, continuing education, and disciplinary standards for insurance intermediaries

• Sales Practice Standards: Prohibitions on misrepresentation and requirement to disclose policy terms

• Unfair Practices Enforcement: Action against deceptive marketing, improper commission arrangements, and abuse

AML/CFT Regulatory Framework

The SFC implements comprehensive anti-money laundering and counter-terrorism financing requirements based on:

• International Standards: Financial Action Task Force (FATF) recommendations adopted into Colombian law

• Statutory Requirements: Colombian AML/CFT statutes and SFC regulatory instruments

• Coordination with UIAF: The Financial Information and Analysis Unit (UIAF) is Colombia's primary AML/CFT authority, with SFC providing operational supervision

SARLAFT 4.0 Implementation

The SFC established SARLAFT 4.0 (updated Risk Management System for Money Laundering and Financing of Terrorism) with enhanced requirements:

• Risk Assessment: Mandatory identification of money laundering and terrorism financing risks in:

• Geographic locations where customers and counterparties operate

• Customer and transaction profiles

• Product and service delivery channels

• Third-party relationships and service providers

• Customer Due Diligence (CDD): Enhanced procedures for:

• Know Your Customer (KYC) information collection

• Beneficial ownership identification for corporate customers

• Source of funds verification

• Enhanced due diligence for high-risk customers

• Transaction Monitoring: Mandatory systems for:

• Real-time or near-real-time transaction screening against sanctions lists

• Pattern analysis and anomaly detection

• Reporting of suspicious activities

• Retention of transaction data for regulatory review

• Sanctions Screening: Compliance with:

• UN Security Council sanctions lists

• Colombian government sanctions designations

• OFAC and other international sanctions designations

• Comprehensive and comprehensive sanctions compliance protocols

UIAF Coordination and Reporting

The SFC coordinates with UIAF (Unidad de Información y Análisis Financiero - Financial Information and Analysis Unit) on:

• Suspicious Transaction Reports (STRs): Mandatory reporting of transactions suspected of involving money laundering or terrorism financing

• AML/CFT Policy Development: UIAF establishes national AML/CFT policy framework that SFC implements through supervision

• Financial Intelligence Sharing: Two-way sharing of transaction information and institutional risk assessments

• Inter-agency Task Forces: Joint investigations of suspected money laundering networks and terrorism financing activities

Record Keeping and Reporting

Financial institutions supervised by the SFC must:

• Maintain Records: Keep comprehensive documentation of customer identification, transactions, and beneficial ownership for minimum 10-year periods

• File Regulatory Reports: Submit periodic reports on AML/CFT compliance and control effectiveness

• Incident Reporting: Report suspicious transaction reports, sanctions matches, and policy violations to UIAF and SFC

• External Audit Compliance: Annual independent audits of AML/CFT program compliance

Virtual Asset AML/CFT Standards (PSAV)

Virtual asset service providers face heightened AML/CFT requirements:

• Transaction Reporting: Virtual asset transactions exceeding USD 150 trigger mandatory reporting with full sender/recipient details

• Customer Verification: Strict identity verification for all customer accounts

• Source of Funds: Documentation of legitimate sources for all virtual asset deposits

• Network Monitoring: Ability to identify illicit flows and compliance with national sanctions

• Regulatory Reporting: Periodic compliance certifications and audit reports

Regulatory Powers

Types of Enforcement Actions

The SFC exercises comprehensive enforcement authority through multiple action types:

1. Administrative Measures:

• Cease and desist orders prohibiting unlawful activities

• Corrective action directives requiring operational adjustments

• Temporary asset freezes or transaction suspensions

• Service restrictions limiting specific business activities

1. Financial Penalties:

• Administrative fines up to statutory maximums (typically COP billions for serious violations)

• Disgorgement of illegal profits

• Restitution orders to affected customers

• Increase in regulatory capital requirements

1. Market Access Restrictions:

• Suspension of trading or transaction authorization

• Prohibition from offering specific financial products or services

• Expansion of supervisory oversight and reporting requirements

• Public warnings or condemnation notices

1. Structural Actions:

• Mandatory governance changes (board removal, management replacement)

• Requirement to divest business lines or customer bases

• Forced merger or acquisition of failing institutions

• License revocation and institution wind-down

Enforcement Record

• Financial Impact: The SFC imposed over USD 1.5 million in fines for non-compliance in 2023 alone

• Scope of Violations: Enforcement actions address AML/CFT violations, market abuse, customer protection breaches, and capital adequacy failures

• Deterrent Effect: Publicized enforcement actions serve to communicate regulatory expectations across the supervised sector

Enforcement Procedure

• Investigation Phase: Preliminary examination of alleged violations through document review and witness interviews

• Notice of Violation: Formal communication of findings with opportunity for entity response

• Administrative Hearing: Opportunity for the entity to present evidence and argument before final action

• Final Action and Appeal: Issuance of enforcement order with administrative appeal rights

Regulatory Role and Function

Legal Foundation

Constitutional and Statutory Foundation

The SFC derives its authority from:

• Colombian Political Constitution: Articles establishing financial system stability as a public policy objective

• Organic Statute of the Financial System: Foundational framework defining SFC jurisdiction and powers

• Law 45 of 1923 (amended): Original banking supervision statute, modernized through successive reforms

• General Financial Regulation: Multiple statutory and regulatory instruments establishing standards for regulated entities

Scope of Regulatory Authority

As a Layer 1 regulator with binding legal authority, the SFC:

• Establishes mandatory prudential standards for all regulated financial institutions

• Issues binding regulatory circulars and external resolutions applicable to the entire supervised sector

• Licenses and authorizes specific financial services providers

• Conducts ongoing supervision through on-site examinations and off-site monitoring

• Imposes mandatory adjustments and corrective action requirements

• Levies administrative penalties and sanctions for regulatory violations

Supervisory Jurisdiction and Control Powers

The SFC exercises direct supervision over:

1. Banking Institutions (~35-40 credit institutions):

• Commercial banks

• Savings and loan associations

• Credit cooperatives and other deposit-taking institutions

1. Securities Market Participants (~300+ entities):

• Brokerage firms and investment houses

• Dealers and market makers

• Securities custodians and depositories

• Stock exchange operators (Bolsa de Valores de Colombia - BVC)

1. Insurance Industry (~80+ entities):

• Property and casualty insurers

• Life and health insurers

• Reinsurance companies

• Insurance brokers and agents

1. Pension System Participants:

• Pension Fund Administrators (APPs)

• Individual accounts managers

• Pension benefits providers

1. Fintech and Virtual Asset Providers:

• Payment service providers (PSPs)

• Virtual asset service providers (VASPs)

• E-money issuers

• Digital wallet operators

Regulatory Reach and Extraterritorial Considerations

• Systemic Actors: Direct supervision of any entity critical to Colombian financial stability

• Cross-border Activities: Authority to regulate Colombian entities offering services to foreign customers

• Foreign Branch Operations: Oversight of Colombian financial institutions' foreign branches and subsidiaries

Licensing and Authorization Relevance

Payment Service Provider Framework

Under Decree 1297 of 2023 and SFC regulatory guidance, payment service providers (PSPs) offering services in Colombia must:

1. Formal Authorization: Obtain SFC license as a Payment Service Provider to legally offer payment services

2. Capital Requirements: Maintain minimum capitalization standards proportional to transaction volume

3. Technical Infrastructure: Demonstrate robust payment system architecture, security protocols, and redundancy

4. Participant Qualification (CUD): Achieve technical and operational qualification status to join interoperable payment networks (Bre-B infrastructure)

5. Service Scope: Authorization determines specific payment services (P2P, B2B, merchant payments, e-commerce)

PSAV Registry and Virtual Asset Providers

The SFC maintains the PSAV Registry (Proveedores de Servicios de Activos Virtuales - Virtual Asset Service Providers Registry) for entities offering services related to virtual assets (cryptocurrencies, stablecoins, tokens):

• Registry Requirements: Mandatory registration to legally offer virtual asset services in Colombia

• Scope of Regulation: VASPs offering exchange, custody, wallet services, or asset transfers

• Registration Deadline: Compliance mandatory as of 2024 (entities failing to register faced exclusion from legal framework)

• Ongoing Compliance: Annual license renewal and compliance certification required

Payment Transaction Standards

The SFC establishes requirements for:

• Transaction Authentication: Security standards for customer identification and authorization of payment instructions

• Fraud Prevention: Requirements for monitoring, detection, and reporting of unauthorized or fraudulent transactions

• Settlement Finality: Rules ensuring irreversible settlement of completed transactions

• Dispute Resolution: Procedures for handling customer disputes over unauthorized or erroneous transactions

Real-Time Payment Participation

For participation in real-time payment systems (Bre-B, Transfiya, etc.), PSPs must meet:

• CUD Technical Qualification: Demonstration of technical readiness for real-time processing

• Security Certification: Independent assessment of data security and fraud prevention controls

• Operational Readiness: Proof of 24/7 operational capability and incident response procedures

• Participation Fees: Payment of regulatory and clearing fees set by Banco de la República and ACH Colombia

Regulatory Sandbox Program (2020-2023)

The SFC operated a regulatory sandbox (2020-2023) designed to:

• Controlled Testing Environment: Allow fintech companies to test innovative business models and technologies under regulatory supervision without full compliance with all requirements

• Risk-Managed Innovation: Evaluate implications of digital assets, blockchain-based services, and novel payment mechanisms

• Regulatory Learning: Use sandbox data to inform development of permanent regulatory frameworks

• Transition to Permanent Framework: Successful sandbox participants transitioned to formal authorization under new regulatory standards

Sandbox Outcome: The sandbox program concluded in 2023 with the establishment of more structured regulatory frameworks for virtual assets, payment services, and digital finance (Decree 1297 of 2023, PSAV Registry).

Open Banking (Finanzas Abiertas) Regulation

2026 Regulatory Update: The SFC published External Circular 001 of 2026 (February 3, 2026), extending implementation deadlines for open banking requirements:

• Scope: Requirements for financial entities to enable secure API-based data sharing and service aggregation

• Architecture Requirements: Technical standards for API design, security protocols, and data exchange standards

• Security Standards: Encryption, authentication, and data protection requirements for third-party access

• Extended Compliance Deadline: August 7, 2026 for full implementation of open banking architecture and security requirements

• Phased Implementation: Entities received extension to address technical, security, and architecture adjustments

Objectives: Open banking framework promotes financial innovation, customer data portability, and enhanced competition in payment services.

Digital Assets and Cryptocurrency Regulation

Current Framework (Decree 1297 of 2023):

• PSAV Registration: Mandatory licensing for virtual asset service providers

• Scope of Services: Regulation of exchange services, custody, wallet operation, and asset transfer services

• AML/CFT Requirements: Strict money laundering and terrorism financing controls

• Report Thresholds: Virtual asset transactions exceeding USD 150 trigger mandatory reporting to authorities

Regulatory Approach: Colombia has adopted a "permissioned innovation" model, allowing crypto business under strict regulatory oversight rather than prohibition.

FinTech Supervision and Market Monitoring

• Emerging Risk Identification: Ongoing monitoring of new financial technologies and service models for systemic risks

• Regulatory Guidance: Publication of technical guidance on AML/CFT compliance, data security, and customer protection for fintech firms

• Inter-agency Coordination: Cooperation with Banco de la República on payment systems and with UIAF on AML/CFT standards

• Innovation Engagement: Regular dialogue with fintech industry on regulatory requirements and emerging technologies

Payments and Money Movement Relevance

The Superintendencia Financiera de Colombia (SFC) - Financial Services Regulator has the following relevance to payments and money movement in Colombia:

Payment Systems Governed or Overseen

The Superintendencia Financiera de Colombia (SFC) - Financial Services Regulator has oversight responsibilities across multiple financial sectors in Colombia, including payment services:

The entity regulates payment service providers, e-money issuers, and related financial intermediaries within its integrated supervisory mandate.

Relationship to Other Regulators

IOSCO Membership and International Standards

The SFC is an Ordinary Member of IOSCO (International Organization of Securities Commissions) and:

• Standards Adoption: Implements IOSCO Principles for Securities Regulation in Colombian securities law and supervisory practices

• Policy Influence: Participates in IOSCO working groups and policy committees on emerging securities issues

• Information Sharing: Exchanges of regulatory and enforcement information with other IOSCO members under Memoranda of Understanding (MOUs)

• Cross-border Cooperation: Assistance with investigations of securities fraud and market abuse involving Colombian actors

IOSCO Contact Information:

• Official Address: Calle 7 Nº 4-49, Oficina Despacho Superintendente, Bogotá, D.C., Colombia

• International Relations Email: [email protected]

International Memoranda of Understanding (MOUs)

The SFC maintains bilateral and multilateral information-sharing agreements with:

• SEC (U.S. Securities and Exchange Commission): Cooperation on cross-border securities matters and investor protection

• ESMA (European Securities and Markets Authority): Coordination on European regulation affecting Colombian market participants

• FinCEN and FATF: Cooperation on AML/CFT matters and financial intelligence sharing

• Latin American Regulators: Regional cooperation with other country regulators in SEC, Central American Council of Banking Superintendents, and similar forums

Regional and International Engagement

CELAC-Africa 2026 Forum: The Financial Superintendent participated in the High-Level Forum CELAC-Africa 2026 held in Colombia, addressing regional financial cooperation and development finance.

Central American Council Coordination: Participation in the XIV Joint Meeting between the Central American Council of Banking Superintendents and the Central American Monetary Council, addressing regional financial stability and regulatory harmonization.

World Bank and IMF Engagement: Technical assistance and policy dialogue with World Bank and IMF on financial regulation, banking supervision, and systemic risk management.

Geography and Jurisdiction Notes

Important Departments and Divisions

Key Public Resources

Official Contact Information

Superintendencia Financiera de Colombia (SFC)

• Main Address: Calle 7 Nº 4-49, Bogotá, D.C., Colombia

• Official Website: https://www.superfinanciera.gov.co/

• Regulated Entities Registry: https://www.superfinanciera.gov.co/entidades/

• International Relations Email: [email protected]

Key Supervisory Divisions

• Banking Supervision: Contact through main office for credit institution regulatory matters

• Securities Supervision: Oversight of brokerage firms, securities dealers, and BVC regulation

• Insurance Supervision: Authorization and monitoring of insurance companies and brokers

• Fintech and Innovation: Virtual asset licensing, payment service provider authorization, and regulatory sandbox inquiries

• Compliance and Enforcement: Investigation of regulatory violations and administrative proceedings

Strategic Initiatives and Guidance

• Open Banking (Finanzas Abiertas): External Circular 001 of 2026 establishes implementation standards and deadlines

• Regulatory Sandbox Documentation: Historical guidance on fintech testing framework (2020-2023 program)

• Fintech Regulation Roadmap: Ongoing guidance on virtual assets, payment services, and digital finance regulation

• AML/CFT Standards: Implementation guidance on SARLAFT 4.0 and transaction monitoring requirements

• Investor Protection Standards: Consumer education and complaint resolution resources

Supervisory Resources and Transparency

• Regulatory Publications: Archive of binding resolutions, circulars, and guidance documents on supervisory requirements

• Entity Lists: Comprehensive registries of authorized banks, securities firms, insurance companies, payment providers, and virtual asset providers

• Enforcement Actions: Public notice of administrative penalties, license suspensions, and other enforcement measures

• Report and Data: Regular publication of financial system statistics, market surveillance reports, and supervisory outcomes

• Complaint and Inquiry Portal: Public mechanisms for financial consumers to file complaints and obtain regulatory guidance

Global Money Week 2026

During Global Money Week 2026, the SFC conducted extensive financial education activities:

• Geographic Reach: Visits to nine departments and 11 municipalities across Colombia

• Public Participation: More than 3,500 citizens participated in SFC-led financial education activities

• Topics Covered: Financial literacy, consumer protection, and understanding regulated institutions

• Commitment to Inclusion: Demonstration of SFC commitment to broad financial education and consumer awareness

Notes on Naming and Language