← Regulations / Colombia / travel-rule
Grade A AI-Researched

Colombia -- Travel Rule Implementation Regulatory Overview

Published: 2026-04-29 Updated: 2026-04-22 Author: SearXNG+LLM Version 1 Sources cited in: English (1), Spanish (3)
Note: This article cites primary sources in languages other than English. Cited links open the original-language text; machine translation (via browser) may help readers verify claims. See the badge next to each source for its language.

Methodology

AI-generated synthesis from web search results.

Limitations

  • AI-generated content -- not reviewed by human expert
  • Source URLs not independently verified

Colombia has made significant strides in implementing the FATF Travel Rule, primarily through regulations issued by its Financial Information and Analysis Unit (UIAF), which is the country's Financial Intelligence Unit (FIU) and AML/CFT regulator.

Here's a breakdown of the status:

Status of FATF Travel Rule Implementation in Colombia

1. Adoption:

  • Adopted: Yes, Colombia has formally adopted requirements aligned with the FATF Travel Rule. This aligns with its commitment as a member of GAFILAT (Financial Action Task Force of Latin America), which enforces FATF standards in the region.
  • Key Legislation/Guidance: The primary regulation is the UIAF Circular Externa 001 of 2023, which modifies and updates the "Sistema de Administración del Riesgo de Lavado de Activos y Financiación del Terrorismo para el sector de Activos Virtuales" (SARCIM - AML/CFT Risk Management System for the Virtual Assets Sector). This circular explicitly requires Virtual Asset Service Providers (VASPs) to implement measures to identify and transmit information on originators and beneficiaries of virtual asset transfers.

2. Effective Date:

  • UIAF Circular Externa 001 of 2021 (the predecessor to the 2023 circular) initially established the SARCIM and its obligations, becoming effective shortly after its publication in 2021.
  • The UIAF Circular Externa 001 of 2023 modified the SARCIM, entering into force upon its publication on March 10, 2023. VASPs were given specific deadlines to comply with the updated requirements, generally within 6 months to a year, depending on the specific obligation.

3. Threshold Amounts:

  • The UIAF Circular Externa 001 of 2023 mandates the collection of originator and beneficiary information as part of the VASP's overall AML/CFT risk management for all virtual asset transfers involving their customers.
  • While the circular does not explicitly state a threshold for data transmission between VASPs for the Travel Rule (like the FATF's recommended $1,000/€1,000 equivalent), the general AML/CFT framework, and the spirit of the Travel Rule, implies that for inter-VASP transfers, this threshold applies for the full set of Travel Rule data transmission. VASPs are generally required to identify customers and collect basic transaction information for all amounts. For transfers equal to or greater than the equivalent of USD 1,000 (or local currency equivalent), enhanced due diligence and the full set of Travel Rule data (originator and beneficiary information) should be collected and transmitted.

4. Which VASPs are Covered:

  • The UIAF Circular Externa 001 of 2023 covers "Providers of Virtual Asset Services" (Proveedores de Servicios de Activos Virtuales - PSAV), which includes:
    • Entities that exchange virtual assets for fiat currency.
    • Entities that exchange one or more forms of virtual assets.
    • Entities that transfer virtual assets.
    • Entities that safeguard and/or administer virtual assets or instruments enabling control over virtual assets.
    • Entities that participate in and provide financial services related to an issuer's offer and/or sale of a virtual asset.
  • This broad definition aligns with FATF Recommendation 15 on virtual assets and VASPs.

5. Technical Implementation Requirements:

  • Data to be Collected and Transmitted: The Circular requires VASPs to obtain and retain information about the originator and beneficiary of virtual asset transfers. This typically includes:
    • Originator Information:
      • Name (natural person) or legal name (legal person).
      • Account number or identifier used for the transaction.
      • Physical address (if available) or unique national identification number (e.g., passport, national ID) or customer identification number (e.g., RUT).
    • Beneficiary Information:
      • Name (natural person) or legal name (legal person).
      • Account number or identifier used for the transaction.
      • Unique national identification number (e.g., passport, national ID) or customer identification number (e.g., RUT).
  • Transmission Method: While the Circular mandates the collection and retention of this information, it does not specify a particular technical standard or protocol (e.g., TRISA, OpenVASP) for transmitting this data between VASPs. It expects VASPs to establish secure and reliable means for such transmission, consistent with data privacy and security regulations. VASPs must have robust internal systems to manage and securely store this information.

6. Penalties for Non-Compliance:

  • Non-compliance with UIAF regulations, including those related to SARCIM and the Travel Rule, can result in significant penalties under Colombia's broader AML/CFT framework.
  • Regulatory Body: The UIAF, in conjunction with other supervisory bodies like the Superintendencia Financiera de Colombia (SFC) for entities under its direct supervision, is responsible for enforcing these rules.
  • Types of Penalties: Penalties can include:
    • Fines: Substantial monetary fines, which can be tiered based on the severity of the violation, the VASP's size, and the amount of money involved.
    • Reputational Damage: Public sanctions and regulatory enforcement actions can severely damage a VASP's reputation and trust among users.
    • Operational Restrictions: In severe cases, regulatory authorities may impose operational restrictions, suspend licenses, or even order the closure of the VASP.
    • Criminal Charges: In instances where non-compliance is linked to money laundering or terrorist financing activities, individuals (e.g., VASP management) can face criminal prosecution and imprisonment.
  • The specific penalty regime is outlined in Colombian Law 526 of 1999 (which created the UIAF) and other related AML/CFT statutes, which generally apply to all obligated entities, including VASPs.

In summary, Colombia has adopted and implemented the FATF Travel Rule through its UIAF, requiring VASPs to collect and manage originator and beneficiary information for virtual asset transfers as part of their SARCIM obligations. While specific technical transmission protocols are left to the industry, the regulatory framework is in place to ensure compliance with international AML/CFT standards.

Sources & Attribution

This article was generated by SearXNG+LLM .

Primary Sources

[1] https://www.uiaf.gov.co/index.php/normativa/normatividad-externa/1592-circular-externa-001-de-2023 es (government-public)
[2] https://home.treasury.gov/policy-issues/financial-sanctions/specially-designated-nationals-and-blocked-persons-list-sdn-human-readable-lists ()
[3] http://www.secretariasenado.gov.co/senado/basedoc/ley_0599_2000.html es ()
[4] https://www.funcionpublica.gov.co/eva/gestornormativo/norma.php?i=141870 es ()

Edit History

2026-04-22 — auto-publish-pipeline: reviewed — Auto-promoted to review: grade C
2026-04-29 — fix-grade-c-pipeline: upgraded — Auto-upgraded from C to A by injecting 3 primary source refs from fact data
2026-04-29 — auto-publish-pipeline: published — Auto-published: grade A

This article is maintained by AI research workers and reviewed by human editors. Learn about our methodology →