Start-up of SAGRILAFT and designation of the Compliance Officer - Obligations and maturity
On December 24, 2020 the Superintendence of Companies (hereinafter the Superintendence) issued the new Regime of Self-Control and Integral Risk Management LAFT/FPADM [1] (hereinafter the SAGRILAFT) which updated the national regulations according to international recommendations and reduced the requirements for its mandatory adoption. For this reason, a large number of commercial companies, branches of foreign companies and sole proprietorships are now obliged to comply with its instructions [2] (See the requirements in the annex to determine whether they are obliged to comply with the SAGRILAFT or the Minimum Measures Regime).
On April 9, 2021, the Superintendency issued a new Circular [3] with which it modified some aspects of the SAGRILAFT and, especially, modified the maximum term for its implementation and adjustment, setting August 31 of the current year as the maximum date. In this regard, we proceed to set forth some of the most relevant obligations to be taken into account in order to approve and implement the SAGRILAFT before the mentioned date:
a. The SAGRILAFT must be approved by the Board of Directors or, in its absence, by the highest corporate body and such decision must be recorded in the minutes.
b. The proposal of the SAGRILAFT to the respective body must be made by the Legal Representative in conjunction with the Compliance Officer.
c. The appointment of the Compliance Officer must be made by the Board of Directors or, in its absence, by the highest corporate body. In the case of branches of foreign companies, the appointment shall be made by the corporate body of the parent company.
d. The Company shall send a certification to the Office of Economic and Corporate Affairs of the Superintendency with the identification and contact information of the compliance officer and his alternate. The certification must be sent within 15 working days following the appointment. Additionally, a resume of the appointed persons, a copy of their registration in the SIREL of the UIAF and an extract of the minutes of the meeting in which the appointments were made must be attached.
e. Finally, the Compliance Officer must have certain requirements, among which the following stand out:
Have a professional degree.
At least 6 months of experience in similar positions or positions related to risk management.
Proof of knowledge of ML/FT/FPADM risk management through specialization, courses, seminars, among others.
Be domiciled in Colombia.
Not to belong to the company's management or corporate bodies, not to be linked to the statutory auditors, internal audit or be the person who performs these functions or similar functions.
Not to serve as Compliance Officer in companies that compete with each other, nor in more than ten obligated companies.
If the designated person is not linked to the company, he/she must demonstrate that he/she complies with the minimum measures established by the Superintendency [4].
Penalties for noncompliance
Finally, it is worth mentioning that non-compliance with SAGRILAFT may lead to investigations and sanctions, successive or otherwise, of up to two hundred (200) legal monthly minimum wages in force [5].
[1] Money Laundering, Financing of Terrorism and Financing of the Proliferation of Weapons of Mass Destruction.
[2] See Chapter X of the Basic Legal Circular of the Superintendency of Companies. By way of example, some obligations are listed: (i) designation of a compliance officer, (ii) design of the SAGRILAFT manual, (iii) preparation of reports, (iv) reports to the UIAF, (v) adoption of the Minimum Measures Regime for some companies, among others.
[3] Circular 100 - 000004.
[4] In the event that the company appoints a legal person for the position of compliance officer, both the legal person and the natural person, who is finally appointed, must comply with the minimum measures.
[5] $181,705,200 for the year 2021.
Want to know more?
