A Guide To Money Laundering Compliance In Colombia

The key challenges of AML compliance in Latin America and the Caribbean

Whether conducting risk assessments or reviewing client due diligence, it is vital to understand the risks and responsibilities of money laundering challenges for different jurisdictions.

In this article, VinciWorks considers the key AML challenges and laws in Colombia, and what organisations should consider when assessing customer, geographic or matter risk.

For more on the key AML risks and challenges in Latin America and the Caribbean, download our free guide to compliance.

Click here to download a free copy.

Key risks

  • Civil conflict – Colombia has a long and complex security situation with widespread terrorist organizations using resources for organized crime, presenting significant money laundering risks.
  • Drug trafficking – cocaine continues to present a major problem for AML. Sophisticated organized crime networks traffic drugs from Colombia and seek to launder the proceeds. 
  • False invoicing – this is a common method of money laundering, particularly for professional services, and is often seen in the banking and trade sectors.
  • Dollar economies – some of Colombia’s neighbors are de facto or de jure dollar economies, presenting a key challenge in bulk cash smuggling.
  • Mineral trafficking – illegally mined gold and minerals are trafficked from neighboring Venezuela and Peru, with Colombia acting as a regional trade and finance hub.

Criminal proceeds

An estimated $14.7 billion – $17 billion is laundered every year in Colombia.

AML policy summary

Colombia is seen as having a relatively weak legal framework, with high levels of corruption and weak prosecution. It is considered to have strong prevention and detection methods. 

Legal summary

Colombia has low numbers of prosecutions and convictions for financial crimes, despite a high level of crime. The legal framework has been described by the FATF as not fully or optimally implemented. Colombia is aiming to join the OECD and is awaiting the next round of GAFILAT mutual evaluations, which may provide avenues for a strengthened system. 

The main money laundering laws in Colombia are:

  • Law 190 of 1995 which criminalizes asset laundering, and now includes over 60 predicate offences.
  • Law 1121 of 2006 outlines the ways to prevent, detect, and prosecute terrorist financing, and sets out the responsibilities of the Colombian FIUs
  • Law 1941 of 2018 created a Center for Coordination on Financing by Criminal and Terrorist Groups to enhance inter-agency collaboration.
  • Bill 341/20 of 2020 has been introduced to Congress to strengthen anti-corruption measures and create a beneficial ownership registry.

Weaknesses

There are conflicting definitions of beneficial ownership and no registry. This creates significant vulnerabilities in regard to shell and front companies, and their use in asset laundering. There is a severe lack of whistleblower protections which makes anti-corruption efforts much harder.

There is a lack of highly trained, specialized staff to work on financial crime cases, and more serious charges of money laundering are often replaced with ‘illicit enrichment’ which has a lower burden of proof. This means criminal networks are less likely to be dismantled. Assets are often seized instead of a more complex money laundering investigation, which still leaves the organized criminals intact.

The Colombian tax and customs authority is not seen as being strongly integrated into the fight against money laundering, and some authorities have been criticized as acting more like a think tank than a law enforcement agency. 

Strengths

Colombia works closely with the United States on counternarcotics, and has a strong track record of seizing illicit goods, even if this means the criminal networks remain largely intact. SARs are detailed and track illicit enrichment, even if this has been criticized as more of a PR effort than a serious fight against criminal gangs laundering money. 

More information

VinciWorks has created a guide designed to support businesses that currently operate in Latin America and the Caribbean, or are planning to, or seeking to expand to new countries in the region. This guide provides an overview of some of the key AML challenges and issues and includes a country-by-country assessment of AML risks and laws. 

Click here to download a free copy.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.