Colombia takes firm steps toward cryptocurrency regulation

Who we areNews, publications and mediaOur publicationsGovernace, Compliance and Risk Management

Toward cryptocurrency regulation

The world has changed the way money is made, transferred, and traded. In the technological realm, currency has become digital, it is no longer tangible. With the widespread adoption and exponential growth of cryptocurrencies in society, there is a growing need for legal frameworks to adapt to this evolution, align with the changes of the modern world, and for government and financial institutions to establish clear regulations governing cryptocurrency operations.

With the approval in the first debate of Bill 510 of 2024, the country aims to establish clear rules for Virtual Asset Service Providers (VASPs), with the goal of formalizing an industry that has experienced exponential growth. The proposal, introduced by Senator Gustavo Moreno and Representative Julián López, is a direct response to the regulatory vacuum that has caused legal uncertainty for businesses and posed risks to millions of users.

 

A growing sector in need of regulation

In recent years, the advancement of financial technology has radically transformed the way monetary transactions are carried out worldwide. Cryptocurrencies have emerged as a digital alternative to traditional money, offering both new opportunities and challenges for governments, businesses, and users. In this context, the need to establish an appropriate regulatory framework for these new forms of money has become imperative.

• In 2024, US$6.7 billion in crypto assets were traded in Colombia.

• Over 5 million Colombians actively interact with cryptocurrencies.

• Colombia ranks fifth in Latin America and 36th globally in cryptocurrency adoption, according to Chainalysis.

• Local platforms such as LuloX and Wenia are already energizing the market alongside international exchanges.

• According to Bitso (2022) and data from Colombia’s Financial Superintendency, Binance is the exchange with the highest trading volume in the country.

 

What does the bill propose?

Bill 510 of 2024 aims to regulate Virtual Asset Service Providers (VASPs). The proposed legislation introduces a comprehensive framework laid out in 19 articles, addressing issues such as the oversight and supervision of VASPs, consumer protection, anti-money laundering (AML) and counter-terrorist financing (CTF) measures, financial education, and support for technologies like blockchain. The bill seeks to formalize the industry without stifling innovation, ensuring that crypto assets operate within a robust legal structure that protects users and encourages responsible investment.

It is important to note that the initiative does not seek to regulate the crypto asset market itself, the underlying technology, or to recognize crypto assets as legal tender. Instead, its focus is on establishing clear rules for VASPs without displacing existing regulatory frameworks such as those related to finance, data protection, competition, or AML.

 

Existing regulatory framework: SUPERSOCIEDADES, UIAF, and DIAN Lay the Groundwork

Although there is not yet a specific law regulating the crypto ecosystem in Colombia, several key provisions have already been issued, serving as a foundational regulatory framework while comprehensive legislation is developed. Among these are Chapter X of the Basic Legal Circular issued by the Superintendency of Companies (Superintendencia de Sociedades), Resolution 314 of 2021 from the Financial Information and Analysis Unit (UIAF), and Unified Concept 1621 of 2023 from the National Tax and Customs Directorate (DIAN). These instruments establish essential obligations and regulatory criteria.

 

Chapter x of the basic legal circular – Superintendency of Companies (SAGRILAFT)

The Superintendency of Companies mandates that businesses engaging in activities or operations involving virtual assets—such as exchanges between virtual assets and fiat currency, exchanges between one or more types of virtual assets, transfers, custody, or management of virtual assets, and any related services—and that, as of December 31 of any year, have revenues exceeding 3,000 monthly legal minimum wages (SMLMV) or assets exceeding 5,000 SMLMV, must implement a Risk Management and Anti-Money Laundering System (SAGRILAFT). 

This system must be tailored to the nature of the business’s operations, as well as the size and complexity of associated risks. SAGRILAFT must include explicit risk management policies, a procedures manual, mechanisms for customer identification and due diligence (KYC), risk segmentation by operation type, and procedures for ongoing transaction monitoring. Additionally, companies must appoint qualified compliance officers with autonomy and direct access to senior management.

 

Resolution 314 of 2021 – UIAF

Virtual Asset Service Providers (VASPs) are required to submit Suspicious Transaction Reports (ROS) to the UIAF as soon as such transactions occur. If no suspicious activity is identified within a given period, a Non-Report of Suspicious Operations (AROS) must be submitted monthly. VASPs must also submit monthly reports on transactions with virtual assets (or the absence thereof), as well as reports on their clients.

These reports must be sent via the SIREL platform provided by the UIAF, within the deadlines established to ensure early detection of money laundering and terrorist financing risks.

 

Unified Concept 1621 of 2023 DIAN: Recognition and need for regulation

While Unified Concept 1621 from DIAN focuses primarily on taxation, it also establishes important regulatory guidelines. It acknowledges that cryptoassets are not legal tender in Colombia, but their use in commercial transactions is not prohibited. From a legal standpoint, VASPs are regarded as technology service providers operating in an informal environment due to the lack of specific legislation.

The concept emphasizes the urgent need to create sector-specific regulations to provide legal certainty for ecosystem participants—both operationally and institutionally. It also highlights the importance of adhering to principles of transparency and formal obligations, even in the absence of a definitive legal framework.

 

Risks of operating in a grey area

The absence of a clear legal framework for cryptoassets in Colombia presents significant risks in terms of anti-money laundering (AML), counter-terrorist financing (CTF), and counter-proliferation financing (CPF). The decentralized and, at times, anonymous nature of cryptocurrency transactions makes them potentially attractive to malicious actors.

The lack of clearly defined obligations related to customer due diligence (KYC), transaction monitoring, and the reporting of suspicious activities by all participants in the crypto ecosystem creates a “grey area” that facilitates the flow of illicit funds. This not only exposes users to fraud, but also jeopardizes the integrity of Colombia’s financial system and harms the country’s international reputation in the fight against organized crime. Regulation aims to close these gaps by establishing a robust compliance framework that discourages the illicit use of cryptoassets.

 

Conclusion

The approval of Bill 510 of 2025 in its first legislative debate represents a decisive step for Colombia to exit the “grey area” in which its crypto ecosystem has been operating. This progress, aimed at regulating Virtual Asset Service Providers (VASPs), will not only provide legal certainty and protection for millions of users and businesses, but also strengthen the country’s AML/CTF/CPF efforts. By recognizing and adopting international best practices, Colombia is on the path to positioning itself as an innovative and secure environment for emerging financial technologies—balancing the promotion of innovation with effective risk mitigation.     

Document

Colombia takes firm steps toward cryptocurrency regulation
Download pdf 273.17KB

Contact us

+57 (604) 4242490
Meet our local team
Discover our offices
Or use our contact form