Colombia Draft Circular Proposes Unified AML & Anti-Corruption Risk Framework 2025

Regulation Name: Sistema de Autocontrol y Gestión de Riesgos LA/FT/FPADM y C/ST
Date Of Issue: Dec 2025
Region: Colombia
Agency: La Superintendencia de Sociedades (Superintendence of Companies)

Colombia Proposes Unified AML & Anti-Corruption Risk Framework Under New Draft Circular

In late 2025, Colombia’s corporate regulator, the Superintendencia de Sociedades, released a draft circular proposing a major overhaul of corporate compliance obligations by unifying anti-money laundering (AML), counter-terrorist financing (CTF), proliferation financing (PF), and anti-corruption / anti-bribery (ABC) requirements into a single, integrated risk management system.

The draft circular, commonly referred to as “Sistema de Autocontrol y Gestión de Riesgos LA/FT/FPADM y C/ST”, aims to consolidate and replace Colombia’s existing SAGRILAFT (AML/CFT/FP framework) and PTEE (Corporate Transparency and Business Ethics Program) regimes. If adopted, this would mark one of the most significant compliance reforms for Colombian companies in recent years.

What the draft circular proposes

Unified compliance framework

Instead of maintaining separate AML and anti-corruption programs, companies would be required to implement a single, integrated system covering:

• Money laundering (LA)
• Terrorist financing (FT)
• Proliferation financing (FPADM)
• Corruption and transnational bribery (C/ST)

This represents a structural shift from siloed compliance to enterprise-wide risk management.

Expanded risk-based approach

Entities would be expected to:

• Identify, assess, and mitigate risks across AML and ABC domains together
• Align internal controls, monitoring, and reporting mechanisms across risk categories
• Apply proportional controls based on size, sector, and exposure

Governance and senior management accountability
The draft emphasizes board-level and senior management responsibility, requiring:

• Clear designation of compliance leadership
• Active oversight of the unified risk system
• Documentation of decisions, controls, and remediation actions

Broader scope of obligated entities

The proposal signals a potential expansion of applicability, capturing entities previously subject only to one of the two regimes (SAGRILAFT or PTEE), depending on thresholds and risk exposure.

Enhanced internal controls and reporting

Companies would need to:

• Strengthen internal reporting channels
• Improve documentation of risk assessments and controls
• Ensure auditability of AML and anti-corruption measures

Why this matters

If finalized, this draft circular would:

• Increase compliance maturity expectations for Colombian companies
• Raise the bar for governance, documentation, and internal controls
• Align Colombia more closely with FATF standards and international anti-corruption frameworks
• Significantly impact multinational groups operating in Colombia

For compliance teams, the proposal signals a move away from checklist-driven programs toward integrated, risk-based compliance architectures.

What companies should do now

Even while the circular remains in draft form, companies should:

• Map overlaps between existing AML (SAGRILAFT) and ABC (PTEE) programs
• Assess governance readiness for an integrated framework
• Identify gaps in enterprise-wide risk assessment and monitoring
• Prepare for possible implementation timelines once finalized

Sourced from here.

⚠️ Editorial Note

This RC is based on externally available compliance analyses of a draft proposal that has not yet been formally published as a Circular Externa on an official government website. Obligations described are proposed, not yet legally binding.

Read about the product: Transact Comply

Empower your organization with ZIGRAM’s integrated RegTech solutions – Book a Demo