The regulatory framework for the operation with crypto assets in the country is still a project in progress. The first is the issuance of standards for the platforms on which the trading of digital assets.
Recently, the Financial Superintendence published a draft external circular in which instructions are given regarding the linking and provision of services to Virtual Asset Service Providers.
This prototype was based on the results of a pilot that was carried out with the Presidential Council for Economic Affairs and Digital Transformation, the Ministry of Finance and Public Credit, the Ministry of Information Technologies and Communications, the Bank of the Republic, the Financial Regulation Unit (URF), the Superintendence of Companies, the Superintendence of Industry and Commerce, the Special Administrative Unit Directorate of National Taxes and Customs (DIAN) and the Financial Information and Analysis Unit (UIAF).
The project advanced pilots in terms of deposit and withdrawal operations with platforms of crypto asset exchange (exchanges) through deposit products of supervised entities.
So far, the Financial Superintendence does not carry out any type of supervision of active virtual service providers or the activities they carry out. For this reason, in their project they propose a framework so that the entities supervised by said entity, make alliances or link suppliers to do a pre-assessment and check that:
-There is access to the UIAF reporting system
-A risk management system for money laundering, financing of terrorism and proliferation of weapons of mass destruction.
-Technological and operational conditions for traceability of transactions with virtual assets
-Ability to provide customers with information about their company name, service channels, assets with respect to which they provide their services, their risks, things and rates
-Operational and cybersecurity risk management system as well as with suitable technological tools to manage risk.
Likewise, the project states that the entities supervised by the SFC are not responsible for the risks or results of operations with these types of providers. That is why they demand that the scope of their powers be reported in a clear and timely manner.