Blog: Regulation of open finance in Colombia | Dentons – JDSupra – JD Supra

(Ministry of Finance and Public Credit, Decree 1297 of 2022, 07/25/2022)

On July 25, 2022, the Ministry of Finance and Public Credit issued Decree 1297 of 2022, which regulates open finance in Colombia. It is important to emphasize that the country’s financial system is undergoing a profound transformation in terms of dynamics, diversity of actors and digital needs on the part of the financial consumer. Therefore, open finance has emerged as a means to promote competition, inclusion, and efficiency in the provision of financial services, as it allows financial institutions, as well as other actors, to develop innovative strategies that allow greater integration with different sectors of the economy. To this end, the Decree develops the implementation of open finance through the following main pillars:

  • The processing and commercialization of personal data of financial consumers: the Decree establishes that financial entities may process the personal data of financial consumers who have granted their authorization, in compliance with the rules that regulate the matter; these being punctually Laws 1266 of 2008 and 1581 of 2012. Likewise, these entities must adopt effective, useful and efficient measures of proven accountability that guarantee the adequate treatment, security and confidentiality of personal data. Additionally, the Decree expressly authorizes the entities supervised by the Finantial Superintendence (hereinafter “SFC”) to commercialize the use, storage and circulation of personal data subject to processing, provided they have the prior and express authorization of the holder for this purpose, and strict compliance with the provisions contained in the aforementioned rules.
  • Initiation of payments as an activity within the payment ecosystem: the Decree introduces the concept of “Initiation of payments”, an activity defined as the sending of a payment order or transfer of funds by a third party to the entities issuing the means of payment, prior authorization of the originator. Credit institutions, Companies Specializing in Electronic Deposits and Payments (herein after “SEDPEs”) and companies not supervised by the SFC may also participate in this activity. Likewise, it is established that the activity must be processed through a low value payment system administrator entity, being applicable the pertinent rules for this purpose. Additionally, the payment initiators will need the express authorization of the consumer to initiate each transaction and that, in any case, the issuing entities authenticate the identity of the consumer. Finally, it is established that, if a low value payment system administrator entity, or any of its affiliates, subsidiaries, controlling companies or shareholders, takes part in the activity of payment initiation, it must include in its regulations a specific chapter where conflicts of interest that may arise from such situation are addressed.
  • Digital Ecosystems and Embedded Finance: Two different groups of measures are established:
    • With respect to third parties that offer their services in platforms managed by entities supervised by the SFC: It is established that the entities supervised by the SFC may offer, in non-face-to-face channels, products or services of third parties not supervised, provided that such offer is related to their authorized operations, i.e. that they promote the use of the products or services of the supervised entity. For this purpose, supervised entities may charge consideration to third parties that offer products or services in their electronic platforms. Additionally, the possibility is established that the third party offering its products or services may be another supervised entity, and it is recognized that in these cases a network use contract already developed within Decree 2555 of 2010 must be used. Finally, an information and identification obligation is imposed on the entities supervised by the SFC that lend their technological infrastructure to third parties that are not supervised, to protect the financial consumer.
    • Financial entities that use the platforms of third parties to offer or promote their products or services: i) in case the product or service of the supervised entity is offered and provided through the electronic platform of a non-controlled third party, such third party would be considered as a digital correspondent of the entity, to which the corresponding regulation would be applicable; and ii) in case the product of the supervised entity is only offered in the electronic platform of a non-controlled third party, the corresponding regulation of channels will be applicable.
  • Commercialization of Technology and Infrastructure to third parties: It is established that the entities supervised by the SFC may commercialize to other third parties their own technology and infrastructure for the rendering of their financial services.

Finally, the Decree establishes the SFC as the entity in charge of establishing the technological, security and other standards deemed necessary for the development of the open financial architecture in Colombia, for which it will have a term of twelve (12) months following the issuance of the Decree.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s