Konsentus Powering Trust in Open Ecosystems

Colombia issues Open Finance Decree

The decree 1297 of 2022 has created a regulated ecosystem for open banking and open finance in Colombia

Share This Post

In October 2021, Colombia’s Ministry of Finance and Public Credit published for consultation a draft decree to regulate open finance. Open Banking Exchange (OBE) subsequently responded to the draft, encouraging the regulators to focus on standards and schemes. 

On 25 July 2022, the final decree was issued. This article provides a summary of the decree and indicates the future shape of open banking in Colombia. 

Background  

The decree 1297 of 2022 has created a regulated ecosystem for open banking and open finance in Colombia. It broadly aligns with the draft decree which was presented to Congress in October 2021. The final decree deals with four major topics: 

  • Payment initiation 
  • Treatment of personal data 
  • Commercialisation of technology and infrastructure 
  • Open finance standards

Aims of the Decree 

The Colombian open finance decree begins with the following statement: 

“The financial system is undergoing a profound transformation process and faces a distinct competitive dynamic, with a greater diversity of actors and digital requirements” 

It goes on to explain that financial institutions have accordingly changed the way they distribute products and services, and as a result, it is time to modify the original decree 2555 of 2010 on open finance to account for the current needs and opportunities of the ecosystem. 

In line with the draft decree, it states that the purpose of open finance is to promote “competition, inclusion, and efficiency in the offering of services”. Nearly a quarter of the Colombian population was unbanked in 2020 (Euromonitor). As such, open finance will prove pivotal in encouraging new companies and new services which target untapped sections of society. 

Overview of the Decree 

Payment initiation 

 The first pillar of the decree deals with payment initiation. The decree enables a broad range of participants to engage in the initiation of payments – from credit institutions to companies not monitored by the Financial Superintendence of Colombia (SFC). All payments must of course be authorised by the payer, before being processed through a System Administrator of Low Value Payments. 

Treatment of Personal Data 

The decree then specifies rules around the transfer of consumer data between financial entities. This is known as account information in Europe, which was one of the two regulated services in the revised Payment Services Directive (PSD2), the other being payment initiation. 

If authorised by the customer, a financial institution may process their personal data and share it with different entities to benefit the customer with new insights and services. Companies must at all times comply with data protection laws and prioritise the “security, confidentiality, veracity, quality, use, and circulation” of the data in question. 

 Finally, entities supervised by the SFC may commercialise the data of their customers if authorised. As a result, the decree encourages a new regulated ecosystem based upon the use and sale of personal data. 

Digital Ecosystems  

This section is divided into: 

  1. Third-party services offered on platforms managed by supervised entities 
  2. Services offered by supervised entities on third-party platforms 

The first part enables entities supervised by the SFC to offer the services and products of third parties, so long as the services are connected to their authorised operations. 

The second part allows supervised entities to offer their products on the platforms of third parties. This is what is known in Europe as embedded finance. In these cases, the (unsupervised) third party is considered a digital correspondent of the entity and therefore must comply with open finance regulation. 

 Commercialisation of Technology and Infrastructure 

Finally, the decree specifies that supervised entities can commercialise their technology and infrastructure to third parties. 

Next Steps 

According to the decree, the SFC now has twelve months to establish standards on technology, security, and other relevant topics. By the end of 2023 – if not sooner – there should be a fully functioning, regulated open finance ecosystem in Colombia. 

Open Banking Exchange View and the Importance of Standards 

 Colombia is now the third country in South America to implement open finance regulation, following Mexico’s ‘Ley Fintech’ of 2018 and Brazil’s ‘Regulation on Open Banking’ of 2020. Chile is likely to follow soon as its fintech draft decree is currently being approved by the Senate. 

The sections above were all present in the draft decree and closely align with the original vision. However, the final section of the decree addresses standards and the digital architecture of open finance.  

This was conspicuously absent in the draft decree and it is promising to see its inclusion in the final document. The Unidad de Proyección Normativa y Estudios de Regulación Financiera (URF) has taken this advice on board, working closely with OBE to gather market input and guide the final decree. 

The section reads: 

“The SFC will establish the technological standards on security and other topics which it considers necessary for the development of the architecture of open finance in Colombia” 

 Supervised entities will be obliged to report on their implementation of open finance to the SFC. This will help to monitor the ecosystem and ensure transparency between participants. Standards will minimise cost and fragmentation, leading to a faster and more efficient national implementation of open finance. 

OBE is working closely with the URF, the SFC and market participants. With this significant milestone, Colombia comes one step closer to creating an open, inclusive, and competitive financial sector. OBE will continue to produce technical documents and lead working groups and webinars to guide the implementation of open finance in Colombia. 

Subscribe To Our Newsletter

Keep up to date with all our news and publications.

More To Explore

Talk with Our Team Today

Join us on the Journey

Protect your customers transacting in open ecosystems.

Konsentus Rebrand Button - Konsentus Dot-23-23

Find out how our technology can protect your customers within open ecosystems.

Name(Required)

Opt-in

On completion of this form you will be sharing your personal data with Konsentus Ltd (company number 1115059) (“Konsentus”/”we”/”us”). We will process such information for the purposes of sending you the requested information. We may also send you marketing communications and information which we consider may be of interest to you from time to time. This may include sending information by email, or us contacting you by telephone, where relevant details are provided. We rely on our legitimate interests as the lawful basis for processing your data in this way. Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to receive a copy of the data we hold about you. You also have the right to opt out of marketing communications at any time using the details in an email sent to you or by contacting us at insights@konsentus.com.

This field is for validation purposes and should be left unchanged.

Login to your account