In October 2021, Colombia’s Ministry of Finance and Public Credit published for consultation a draft decree to regulate open finance. Open Banking Exchange (OBE) subsequently responded to the draft, encouraging the regulators to focus on standards and schemes.
On 25 July 2022, the final decree was issued. This article provides a summary of the decree and indicates the future shape of open banking in Colombia.
Background
The decree 1297 of 2022 has created a regulated ecosystem for open banking and open finance in Colombia. It broadly aligns with the draft decree which was presented to Congress in October 2021. The final decree deals with four major topics:
- Payment initiation
- Treatment of personal data
- Commercialisation of technology and infrastructure
- Open finance standards
Aims of the Decree
The Colombian open finance decree begins with the following statement:
“The financial system is undergoing a profound transformation process and faces a distinct competitive dynamic, with a greater diversity of actors and digital requirements”
It goes on to explain that financial institutions have accordingly changed the way they distribute products and services, and as a result, it is time to modify the original decree 2555 of 2010 on open finance to account for the current needs and opportunities of the ecosystem.
In line with the draft decree, it states that the purpose of open finance is to promote “competition, inclusion, and efficiency in the offering of services”. Nearly a quarter of the Colombian population was unbanked in 2020 (Euromonitor). As such, open finance will prove pivotal in encouraging new companies and new services which target untapped sections of society.
Overview of the Decree
Payment initiation
The first pillar of the decree deals with payment initiation. The decree enables a broad range of participants to engage in the initiation of payments – from credit institutions to companies not monitored by the Financial Superintendence of Colombia (SFC). All payments must of course be authorised by the payer, before being processed through a System Administrator of Low Value Payments.
Treatment of Personal Data
The decree then specifies rules around the transfer of consumer data between financial entities. This is known as account information in Europe, which was one of the two regulated services in the revised Payment Services Directive (PSD2), the other being payment initiation.
If authorised by the customer, a financial institution may process their personal data and share it with different entities to benefit the customer with new insights and services. Companies must at all times comply with data protection laws and prioritise the “security, confidentiality, veracity, quality, use, and circulation” of the data in question.
Finally, entities supervised by the SFC may commercialise the data of their customers if authorised. As a result, the decree encourages a new regulated ecosystem based upon the use and sale of personal data.
Digital Ecosystems
This section is divided into:
- Third-party services offered on platforms managed by supervised entities
- Services offered by supervised entities on third-party platforms
The first part enables entities supervised by the SFC to offer the services and products of third parties, so long as the services are connected to their authorised operations.
The second part allows supervised entities to offer their products on the platforms of third parties. This is what is known in Europe as embedded finance. In these cases, the (unsupervised) third party is considered a digital correspondent of the entity and therefore must comply with open finance regulation.
Commercialisation of Technology and Infrastructure
Finally, the decree specifies that supervised entities can commercialise their technology and infrastructure to third parties.
Next Steps
According to the decree, the SFC now has twelve months to establish standards on technology, security, and other relevant topics. By the end of 2023 – if not sooner – there should be a fully functioning, regulated open finance ecosystem in Colombia.
Open Banking Exchange View and the Importance of Standards
Colombia is now the third country in South America to implement open finance regulation, following Mexico’s ‘Ley Fintech’ of 2018 and Brazil’s ‘Regulation on Open Banking’ of 2020. Chile is likely to follow soon as its fintech draft decree is currently being approved by the Senate.
The sections above were all present in the draft decree and closely align with the original vision. However, the final section of the decree addresses standards and the digital architecture of open finance.
This was conspicuously absent in the draft decree and it is promising to see its inclusion in the final document. The Unidad de Proyección Normativa y Estudios de Regulación Financiera (URF) has taken this advice on board, working closely with OBE to gather market input and guide the final decree.
The section reads:
“The SFC will establish the technological standards on security and other topics which it considers necessary for the development of the architecture of open finance in Colombia”
Supervised entities will be obliged to report on their implementation of open finance to the SFC. This will help to monitor the ecosystem and ensure transparency between participants. Standards will minimise cost and fragmentation, leading to a faster and more efficient national implementation of open finance.
OBE is working closely with the URF, the SFC and market participants. With this significant milestone, Colombia comes one step closer to creating an open, inclusive, and competitive financial sector. OBE will continue to produce technical documents and lead working groups and webinars to guide the implementation of open finance in Colombia.
