Colombia fintech & payments: BR oversees payment systems; VASP licensing under AML Law 1676
Colombia maintains a regulated environment for fintech and payments, primarily overseen by the Banco de la República (BR) regarding payment system infrastructure and interoperability. The BR actively updates technical standards for immediate low-value payment systems and interbank compensation, as evidenced by recent circulars in 2026. Non-bank payment providers must navigate the BR's operational frameworks for systems like CENIT and SPBVI.
For virtual assets and broader fintech licensing, the regime is governed by Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) laws, specifically Law 1676 of 2013. Entities dealing in virtual assets are classified as obligated subjects and must register with the Financial Information and Analysis Unit (UIAF). The Central Bank of Colombia (BCC) and the Superintendency of Corporations (SFC) also play roles in supervising financial activities and corporate entities, though specific fintech licensing acts are not detailed in the provided source documents.
Recent regulatory direction emphasizes interoperability, technical standardization, and operational resilience. The BR has issued multiple circulars in early 2026 to refine tariffs, update directory regulations (DICE), and mandate timestamp synchronization for immediate payment systems. This indicates a focus on modernizing payment infrastructure and ensuring seamless integration between traditional banks and new market participants like Movii S.A.
Banco de la República
Primary supervisor of payment systems, issuing currency, and setting technical standards for interoperability and settlement.
[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17]Financial Information and Analysis Unit (UIAF)
Supervises AML/CFT compliance for obligated subjects, including virtual asset service providers.
Superintendency of Corporations (SFC)
Supervises financial intermediation and corporate entities in the financial sector.
Law 1676 of 2013 (2013)
The primary AML/CFT law that designates virtual asset service providers as obligated subjects, requiring registration with the UIAF.
External Regulatory Circular DSP-465 (2026)
Regulates the interoperability of immediate low-value payment systems, setting technical and operational requirements for administrators and participants.
[1][11][12][17]Virtual Asset Service Provider (VASP) Registration
Entities dealing in virtual assets must register with the UIAF as obligated subjects under AML/CFT regulations. Specific fintech payment institution licenses are not detailed in the provided documents.
Low confidence — verify with the regulator before relying on this.
Payment System Participant
Entities such as Movii S.A. can join interbank compensation systems like CENIT upon authorization by the Banco de la República, subject to technical and operational compliance. Timeline: May 2026
[8][9]Payment system administrators must adhere to strict technical standards for interoperability, including timestamp synchronization and unavailability protocols as defined in Circular DSP-465 and DSP-471.
[11][10][17]Certain payment transactions, such as interbank compensation via GOU PAYMENTS, are exempt from General Sales Tax (GMF) under specific conditions.
[5]The regulatory environment is evolving towards greater interoperability and technical standardization in immediate low-value payments, with the BR actively updating circulars to refine operational mechanisms and tariffs.
[1][11]New participants like Movii S.A. are being integrated into core payment infrastructure, suggesting an open but regulated approach to non-bank payment providers.
[8]Email alerts for Colombia updates
New circulars, rules and guidance — a digest in your inbox, same day.