The Superintendency of Companies has imposed a fine of COP 15 million on a convention and events center for failing to implement the Anti-Money Laundering and Counter-Terrorist Financing Risk Management System (SAGRILAFT) within the timeframe established under Chapter X of the Basic Legal Circular.
Although the company had voluntarily adopted the previous SARLAFT compliance framework back in 2014, it did not formally transition to the updated SAGRILAFT system by the regulatory deadline of August 31, 2021. According to official records, full implementation did not occur until April 29, 2022, representing an eight-month delay.
The Superintendency emphasized that the violation was not merely procedural. The updated regulation introduced substantive changes, including revised definitions, a more detailed risk management process, enhanced responsibilities for the Compliance Officer, and more stringent due diligence obligations.
Nonetheless, mitigating circumstances were taken into account. The company’s early adoption of SARLAFT demonstrated a proactive compliance posture, including the implementation of internal controls, the hiring of specialized compliance consultants, and the ongoing monitoring of risk. As a result, the originally proposed fine of COP 20 million was reduced to COP 15 million.
The company appealed the decision; however, the sanction was ultimately upheld in its entirety.
This case underscores the importance of proactively adopting comprehensive compliance frameworks—even in the absence of immediate regulatory mandates—to strengthen internal controls and reduce exposure to enforcement risk.
