2026-03-31

Added · Updated

Operational and Services External Circular DSP-470, Subject 19: Centralized Directory (DICE) Regulations

The Bank of the Republic issued Operational and Services External Circular DSP-470 to update the regulations for the Centralized Directory (DICE), specifically modifying Annex 2 regarding DICE unavailability scenarios and transition periods. The circular establishes the operational framework, technical connection standards, and user obligations for Entities Administering Immediate Low-Value Payment Systems (EASPBVI) to ensure the integrity and continuity of the DICE database. It further details the Bank's responsibilities for system maintenance, contingency planning, and data protection compliance while defining the fee structure for DICE administration.

Banco de la Republica Colombia logo

Colombia

Banco de la Republica Colombia

Click to view thumbnail

Document No: OT/PF/MAR/2026/128135 Hoja 19 - 00 Recipient: Entities Administering Immediate Low-Value Payment Systems Subject 19: Centralized Directory (DICE) Regulations

This Circular replaces Operational and Services External Circular DSP-470 of March 5, 2026, corresponding to Subject 19 "CENTRALIZED DIRECTORY REGULATIONS (DICE)" of the corporate manual of the Payment Systems Department.

The Circular is replaced to modify in Annex 2 the operational rules in scenarios of DICE unavailability and the applicable transition periods.

Sincerely,

MARCELA OCAMPO DUQUE Executive Manager

DIONISIO VALDIVIESO BURBANO Deputy Manager of Payment Systems and Banking Operations

OPERATIONAL AND SERVICES EXTERNAL CIRCULAR DSP-470 DEPARTMENT OF PAYMENT SYSTEMS Date: Tuesday, March 31, 2026

Document No: OT/PF/MAR/2026/128135 OPERATIONAL AND SERVICES EXTERNAL CIRCULAR DSP-470 Date: Tuesday, March 31, 2026 Subject 19: Centralized Directory (DICE) Regulations Page 19 - 1

  1. Introduction The Bank of the Republic administers the database known as the Centralized Directory (DICE) as provided for in the second paragraph of Article 104 of Law 2294 of 2023, External Resolution No. 6 of 2023 of the Board of Directors of the Bank of the Republic, and External Regulatory Circular DSP-465 issued by the Bank of the Republic, or those that modify or replace them.

The DICE stores the Keys, transmitted by the Federated Directories of the Entities Administering Immediate Low-Value Payment Systems (EASPBVI), which the Clients of the Participants of the Immediate Low-Value Payment Systems (SPBVI) link to a Payment Method to receive funds from a Payment Order and/or Immediate Fund Transfer (PO/IFT Immediate). The DICE is also responsible for validating that the Key is unique and performs updates to the Keys and Key Resolution when the Federated Directories make these requests.

  1. Definitions For the purposes of this Circular, the following terms have the meaning established below, regardless of whether they are used in singular or plural, or in uppercase or lowercase:

Beneficiary: Client recipient of the funds subject to a Payment Order and/or Immediate Fund Transfer.

Client: as defined in letter a) of Article 2 of Law 1328 of 2009 and the norms that modify, replace, or regulate it.

Centralized Directory: database administered by the Bank of the Republic that contains the Keys and other information associated with the Clients of the Participants of all Immediate Low-Value Payment Systems.

Federated Directory: database administered by an Entity Administering an Immediate Low-Value Payment System that contains the Keys and other information associated with the Clients of the Participants of an Immediate Low-Value Payment System.

Entities Administering Immediate Low-Value Payment Systems (EASPBVI): are the administering entities of low-value payment systems defined in numeral 7 of Article 2.17.1.1.1. of Decree 2555 of 2010, or the norms that modify or replace it, that administer an Immediate Low-Value Payment System.

Document No: OT/PF/MAR/2026/128135 OPERATIONAL AND SERVICES EXTERNAL CIRCULAR DSP-470 Date: Tuesday, March 31, 2026 Subject 19: Centralized Directory (DICE) Regulations Page 19 - 2

Key: is the identifier that the Client links to their Payment Method. The types of Keys are those referred to in External Regulatory Circular DSP-465.

Timestamp: date and time information that the Entities Administering Immediate Low-Value Payment Systems and Participants must include in the messages required to carry out, among others, the Key management and Resolution processes, and the Compensation and Settlement of Payment Orders and/or Immediate Fund Transfers.

Payment Method: deposit product from which Payment Orders and/or Immediate Fund Transfers are debited or credited.

Originator: Client who initiates a Payment Order and/or Immediate Fund Transfer to debit funds from their Payment Method.

Payment Orders and/or Immediate Fund Transfers (PO/IFT Immediate): is the instruction given in the Immediate Low-Value Payment Systems by an Originator on any day and hour to debit funds from their Payment Method and credit them to the Payment Method of a Beneficiary in real time, according to the characteristics established in External Regulatory Circular DSP-465 issued by the Bank of the Republic.

Participants: as defined in numeral 16 of Article 2.17.1.1.1. of Decree 2555 of 2010 or the norms that modify or replace it, that process Payment Orders and/or Immediate Fund Transfers.

Originating Participant: is the Participant where the Originator has their Payment Method from which they originate a Payment Order and/or Immediate Fund Transfer in an Immediate Low-Value Payment System.

Receiving Participant: is the Participant where the Beneficiary has their Payment Method to receive funds from a Payment Order and/or Immediate Fund Transfer in an Immediate Low-Value Payment System.

Key Resolution: query in the Federated Directory and/or Centralized Directory, based on the Key, to obtain the information of the Beneficiary's Payment Method and other information necessary to process the Payment Order and/or Immediate Fund Transfer.

Immediate Low-Value Payment Systems (SPBVI): are the low-value payment systems defined in numeral 22 of Article 2.17.1.1.1. of Decree 2555 of 2010 or the norms that replace or modify it, that provide services related to Payment Orders and/or Immediate Fund Transfers.

Document No: OT/PF/MAR/2026/128135 OPERATIONAL AND SERVICES EXTERNAL CIRCULAR DSP-470 Date: Tuesday, March 31, 2026 Subject 19: Centralized Directory (DICE) Regulations Page 19 - 3

Access Technologies: devices and/or set of technological procedures that allow initiating Payment Orders and/or Immediate Fund Transfers.

Time-Out: maximum time to complete or decline the process.

  1. General Characteristics of the DICE The DICE stores the Keys that the Clients of the Participants of the SPBVI link to a Payment Method to receive the funds associated with a PO/IFT Immediate. These Keys are transmitted to the DICE by the Federated Directories of the EASPBVI through a connection standard based on API-REST technology.

The DICE stores the information associated with each Key, according to the structure defined in numeral 4.2.2 of External Regulatory Circular DSP-465.

The DICE validates that each Key is unique and performs updates on the Keys according to the Key management processes described in numeral 3.4.3 and in Annex 1 of External Regulatory Circular DSP-465. Likewise, it performs the Key Resolution when the Federated Directories make this type of request.

  1. Users of the DICE Users of the DICE are the EASPBVI that meet the technical requirements established in this Circular and its annexes for connection to the DICE and for its use. The DICE interconnects with the EASPBVI through the Federated Directories that these entities administer.

The EASPBVI identify themselves to the DICE with the abbreviations established in the "DICE Technical Specifications Document," which will be sent by the Bank of the Republic to the EASPBVI in their process of linking to this centralized module and when modifications are made.

  1. Operational Characteristics of the DICE The DICE has the following operational characteristics: a) API-REST connection for Federated Directories.

Document No: OT/PF/MAR/2026/128135 OPERATIONAL AND SERVICES EXTERNAL CIRCULAR DSP-470 Date: Tuesday, March 31, 2026 Subject 19: Centralized Directory (DICE) Regulations Page 19 - 4

b) Key registration according to requests sent from the Federated Directories and sending of the response message with the result of the process. c) Key updates and their status resulting from modification, cancellation, blocking, or reactivation requests, originated by Clients and/or Participants as appropriate, sent from the Federated Directories and sending of the response message with the result of the process. d) Update of fields associated with Keys according to requests originated by Participants and sent from the Federated Directories and sending of the response message with the result of the process. e) Key Resolution according to the request sent from the Federated Directories and sending of the response message with the result of the process. f) Execution of Key information queries according to requests sent from the Federated Directories and sending of the response message with the result of the process. g) Verification of Key non-duplication in registration and modification processes, to ensure that it is not associated with more than one Payment Method.

5.1. Schedules and Support The DICE operates 24 hours a day, seven (7) days a week, 365 days a year (24/7/365). The Bank of the Republic provides 24/7/365 technical support through the email address admidice@banrep.gov.co and the telephone lines available at Telephone Attention | Bank of the Republic.

In leap years, the DICE will also operate on February 29, and the Bank of the Republic will provide technical support on that date.

The Bank of the Republic may, temporarily, suspend the operation of the DICE or modify the schedules provided for in this Circular for: i) force majeure or fortuitous event reasons, or ii) when there are reasons that, in the judgment of the Bank of the Republic, justify it. Whenever possible, the Bank of the Republic will previously communicate to the EASPBVI the date on which the respective suspension or schedule modification will occur, indicating the operating conditions that will apply, as appropriate.

Document No: OT/PF/MAR/2026/128135 OPERATIONAL AND SERVICES EXTERNAL CIRCULAR DSP-470 Date: Tuesday, March 31, 2026 Subject 19: Centralized Directory (DICE) Regulations Page 19 - 5

  1. Linking of EASPBVI to the DICE The process for linking EASPBVI to the DICE is described in Annex 1 of this Circular, titled "Manual for linking Entities Administering Immediate Low-Value Payment Systems to the Centralized Modules for the Interoperability of Immediate Payments."

The EASPBVI that during Phase 3 defined in numeral 9 of External Regulatory Circular DSP-465 have initiated the linking process to the centralized modules for the interoperability of immediate payments must continue it according to what is provided in the aforementioned Annex, according to the stage in which they are.

  1. Structure of the DICE The fields stored by the DICE will follow the minimum structure of the Federated Directories, according to what is established in numerals 4.2.1 and 4.2.2. of External Regulatory Circular DSP-465.

The types of Keys and Keys registered in the DICE must follow the specifications on their structure provided in section 3.4.2. of External Regulatory Circular DSP-465.

The other fields transmitted to the DICE must follow the specifications on their structure provided in section 4.2.2. of External Regulatory Circular DSP-465.

The DICE does not store transactional information of Clients or other additional data different from the above.

  1. Connection and Messaging Standards with the DICE The standard for the data exchange format that must be used in the API-REST type interconnection between the Federated Directories and the DICE is JSON.

The technical specifications, standards, and messaging format that EASPBVI must comply with in their connection to the DICE are found in the "DICE Technical Specifications Document," which will be sent by the Bank of the Republic to the EASPBVI in their process of linking to this centralized module and when modifications are made.

Document No: OT/PF/MAR/2026/128135 OPERATIONAL AND SERVICES EXTERNAL CIRCULAR DSP-470 Date: Tuesday, March 31, 2026 Subject 19: Centralized Directory (DICE) Regulations Page 19 - 6

  1. Operational Controls Executed by the DICE a. The DICE executes the following operational controls once it receives the Key registration request from a Federated Directory: i. Validates compliance with the fields, according to the minimum structure that must be transmitted by the Federated Directory, following the structure defined in section 4.1.2 of External Regulatory Circular DSP-465. ii. Verifies that each of the fields in the request meets the specifications described in sections 3.4.2 and 4.2.2. of External Regulatory Circular DSP-465. iii. Validates that the Key requested to be registered has not previously been associated with another Payment Method. b. The DICE executes the following operational controls once it receives the request for modification, cancellation, reactivation, or blocking of a Key from a Federated Directory: i. Validates compliance with the fields, according to the minimum structure that must be transmitted by the Federated Directory, following the structure defined in section 4.1.2 of External Regulatory Circular DSP-465. ii. Verifies that each of the fields in the request meets the specifications described in sections 3.4.2 and 4.2.2. of External Regulatory Circular DSP-465. iii. In modification requests, validates that the Key is associated with a single Payment Method. iv. In cancellation requests, validates that the Key is active or blocked by the Client. v. In reactivation requests, validates that the Key is in a blocked state. vi. In blocking requests, validates that the Key was previously in an active state. c. The DICE executes the following operational control once it receives the Key Resolution request from a Federated Directory: i. Validates that the type of Key and the Key to be resolved meet the specifications on their structure.

Document No: OT/PF/MAR/2026/128135 OPERATIONAL AND SERVICES EXTERNAL CIRCULAR DSP-470 Date: Tuesday, March 31, 2026 Subject 19: Centralized Directory (DICE) Regulations Page 19 - 7

  1. Key Resolution In Key Resolution requests, the Federated Directories must send to the DICE the Type of Key and the Key to be resolved, following the structure specifications provided for both fields.

The DICE executes the Resolution of Keys that are in the "Active" state. In the event that the Key whose Resolution is requested is not active, the DICE informs in the response message to the Federated Directory the issue with the status of the Key, that is, Inactive or Non-existent Key, or Blocked Key.

  1. Registration, Control, and Standard of DICE Timestamps The DICE clock maintains permanent synchronization with the Legal Time service of the National Institute of Metrology of Colombia (INM) or the one that replaces it.

The Timestamps that the DICE incorporates in the Key Resolution and Key management processes use the clock synchronized with the Legal Time service of the INM. These Timestamps are recorded under the ISO 8601 standard in local time and in the format defined by this standard, so they include information of the year, month, day, hour, minutes, seconds, tenths, hundredths, and thousandths of a second.

11.1. DICE Timestamps for Key Resolution The DICE incorporates Timestamps upon receiving the Key Resolution request from the Federated Directory (Timestamp C310) and upon sending the response regarding the Key Resolution to the Federated Directory (Timestamp C320). The foregoing, in accordance with what is established in Annex 5 of External Regulatory Circular DSP-465.

11.2. Timestamps for Key Management Processes The DICE incorporates Timestamps upon receiving the Key registration request from the Federated Directory (Timestamp R301) and upon sending the response regarding the Key registration to the Federated Directory (Timestamp R303). The foregoing, in accordance with what is established in Annex 5 of External Regulatory Circular DSP-465.

Document No: OT/PF/MAR/2026/128135 OPERATIONAL AND SERVICES EXTERNAL CIRCULAR DSP-470 Date: Tuesday, March 31, 2026 Subject 19: Centralized Directory (DICE) Regulations Page 19 - 8

  1. Obligations and Responsibilities Regarding Connection to the DICE and Its Use 12.1. Obligations and Responsibilities of EASPBVI In addition to what is provided in other sections of this Circular, in the contracts, and in any other regulation associated with the DICE, the EASPBVI will have the following obligations and responsibilities regarding connection to the DICE and its use: a) Update the Keys and the information associated with them in their Federated Directories, according to the Key management processes carried out by Clients with the Participants of the SPBVI, attending to the connection standards and messaging format defined by the Bank of the Republic in this Circular; and inform these updates to the DICE. b) Consult the DICE in the event of registration or modification of a Key in their Federated Directory(ies), to ensure that such Key is not associated with another Payment Method. Once the DICE has notified the response to the Key query process, the Key can be registered in the Federated Directory of the respective SPBVI. c) Send to the DICE the requests for Key or Key type modification received from their Participants using two messages: the first, for cancellation of the previous Key or Key type, and the second, for registration of the new Key or Key type. In any case, the EASPBVI may process Key or Key type modification requests with their Participants using a single message according to the technological mechanisms agreed upon in their regulations. d) Determine, from the Key sent by the Participant, the type of Key in question and send to the DICE the information on the Key and the Key type in Key Resolution procedures. e) Comply with the schedules, procedures, requirements, and technical and security norms contained in this Circular, as well as any other instruction issued by the Bank of the Republic for the operation of the DICE. f) Participate in the tests and training programs organized by the Bank of the Republic regarding the DICE. g) Inform the Bank of the Republic as soon as they become aware of incidents, inconveniences, and failures that occur in the operation or connection with the DICE. For this purpose, the relevant information must be notified to the mailbox admidice@banrep.gov.co and to the telephone lines available at Telephone Attention | Bank of the Republic. h) Apply modifications to the regulation and/or operation of the DICE that the Bank of the Republic informs through circular letters, regulatory circulars, or periodic updates to the DICE user manuals.

Document No: OT/PF/MAR/2026/128135 OPERATIONAL AND SERVICES EXTERNAL CIRCULAR DSP-470 Date: Tuesday, March 31, 2026 Subject 19: Centralized Directory (DICE) Regulations Page 19 - 9

i) Design and maintain in due working order internal contingency schemes that guarantee the continuity of their Federated Directories and their interaction with the DICE. j) Apply the contingency plan established by the Bank of the Republic in this Circular, when necessary, according to the scenario that arises. Refrain from performing any act or incurring in any omission that affects the order, security, competition, transparency, and good functioning of the DICE.

12.2. Obligations and Responsibilities of the Bank of the Republic The Bank of the Republic, as administrator of the DICE, has the following obligations and responsibilities regarding the DICE, in addition to those provided in the contracts and in any other regulation associated with the DICE: a) Attend and respond promptly to inquiries, complaints, or requests presented by the EASPBVI regarding the DICE. b) Ensure the integrity and confidentiality of the information received from the EASPBVI, from its receipt. c) Design, test, and put into execution a contingency plan aimed at ensuring continuity in the operation of the DICE. d) Carry out the Key registration, update, and Resolution processes according to the requests sent by the EASPBVI, with the operating scheme and procedures described in this Circular and its annexes. e) Inform the EASPBVI promptly about modifications to the software, technical and operational conditions, or current regulation of the DICE, through circular letters or regulatory circulars, or periodic updates of their user manuals, applying when appropriate the procedures defined in External Regulatory Circular DDE-304 of the Bank of the Republic. f) Formulate a response regarding issues reported by the EASPBVI that prevent the registration, update, or Resolution of Keys, informing the corporate mailboxes of those about the causes and alternative solutions when the failures are attributable to the Bank of the Republic.

  1. DICE Fee The Bank of the Republic will apply the tariffs authorized by its Board of Directors in the terms and with the procedures established in Operational and Services External Circular DSP-272, corresponding to Subject 16 "Tariffs for the administration of Deposit Accounts, for operations in the CUD, and for the centralized modules for the interoperability of immediate payments" of the Manual of the Payment Systems Department, or those that modify or replace it.

Document No: OT/PF/MAR/2026/128135 OPERATIONAL AND SERVICES EXTERNAL CIRCULAR DSP-470 Date: Tuesday, March 31, 2026 Subject 19: Centralized Directory (DICE) Regulations Page 19 - 10

  1. Policies and Procedures for the Confidential Handling of Information Shared by Federated Directories with the DICE In compliance with the personal data protection regime (Political Constitution, Statutory Law 1581 of 2012, Decree 1074 of 2015, Title V of the Single Circular of the Superintendence of Industry and Commerce (SIC), and other provisions that modify, complement, or replace them), the Bank of the Republic informs its policy for the treatment of personal data contained in the DICE, which have been transmitted by the Federated Directories of the EASPBVI: a) General Data - Responsible: Bank of the Republic, Tax ID No. 8600052167, Main Office: Carrera 7 # 14-78 Bogotá D.C. Area: Citizen Attention. Contact: Through the email address admidice@banrep.gov.co or the Citizen Attention System