Changes regarding compliance matters introduced by the Transparency Law (Law 2195 of 2022)

Law 2195 of 2022 (“Transparency Law), within the framework of the fight against corruption, introduced significant changes and new measures regarding compliance matters for all supervised companies. Please find below some of the most important aspects introduced by Transparency Law in this matter:

1.Administrative liability of companies

The Transparency Law amended Article 34 of Law 1474 of 2011. It provides that a company is responsible for tolerating or consenting to, and seeking to benefit, directly or indirectly, from the commission of crimes against the public administration (Title XV of the Criminal Code ("CC")); the environment (Title XI, CC); the social economic order (Title X, CC), as well as the financing and administration of resources related to terrorism and organized crime groups. In this scenario, a company is responsible when its director, administrator, legal representative, statutory auditor, or other employee or officer of the company, was convicted or granted a principle of discretionary prosecution (principio de oportunidad) for any of the criminal conducts mentioned above.

The Transparency Law introduced Article 34-3 in Law 1474 of 2011, which establishes the aggravating and mitigating circumstances that must be taken into consideration by the competent authorities at the time of imposing sanctions regarding these matters. Of the mitigating circumstances, it is worth highlighting that it will be taken into consideration (i) the performance of an adequate due diligence process in those cases where the sanctioned company is acquired by another, after the criminal acts have been carried out and (ii) the adoption of measures that, in the judgment of the competent authority, allow reasonably preventing this type of conducts, among which can be classified the Transparency and Business Ethics Programs ("PTEE" by its acronym in Spanish) (paragraphs c and f of the mitigating circumstances). These criteria show the benefits and importance of adopting risk management programs.

2. New companies obliged to implement a PTEE

The Transparency Law, with the aim of promoting self-regulation of risks associated with acts of corruption according to the needs of each company, introduced in Article 34-7 of Law 1474 of 2011 the duty of all companies subject to inspection, surveillance, and control of any competent authority, to adopt a PTEE.

It should be noted that these programs do not necessarily have to follow the requirements set forth in Circular 100-000011 of August 9, 2021, of Superintendence of Companies. On the contrary, the Transparency Law called on the Superintendencies to determine their own anti-corruption and anti- transnational bribery programs taking into consideration criteria such as the sector to which their supervised companies belong and risks to which they are exposed.

Regarding the criteria to determine companies obliged to implement a PTEE, it is possible to note that Transparency Law does not allow considering those related to the amount of income, assets, or the value of their operations, since it stated that for SMEs and MSMEs (Pymes and Mipymes, by its acronym in Spanish), criteria must be established for the implementation of PTEE.

3. Review function by statutory auditor

Circular 100-000011 of August 9, 2021, provides for certain functions to be performed by statutory auditors regarding PTEE. The Transparency Law incorporated a new function to the statutory auditors regarding PTEE in paragraph 4 of Article 34-7 of Law 1474 of 2011. This function consists of assessing PTEE and issuing opinions on them.

4. Due diligence and final beneficiaries

The Transparency Law introduced new due diligence purposes in programs for prevention, management or administration of Money Laundering, Financing of Terrorism and Financing of the Proliferation of Weapons of Mass Destruction risks. Regarding these programs, any due diligence process must be intended to (i) identify the persons with whom a legal transaction is effectively entered into; (ii) with respect to these persons, identify their final beneficiaries; and (iii) know the intended purpose of the legal transaction to be entered into. In any case, specific standards to carry out these processes will be set by the Superintendencies and must be observed by their supervised companies.

In addition to such purposes, Transparency Law indicates that these processes must be carried out with certain regularity to verify the type of transactions entered into within the framework of the legal relationship and to corroborate they are in accordance with the economic activity and, in general, with the person with whom legal transaction was entered into.

Finally, the information collected in due diligence processes must be kept for five years after (i) the termination of the legal business or (ii) the liquidation of the company or public entity.