Complete Guide to SAGRILAFT in Colombia

Integral Risk Management and Self-Control System for Money Laundering and Financing of Terrorism

The System of Self-Control and Integral Risk Management of Money Laundering and Financing of Terrorism (SAGRILAFT) is a vital mechanism for companies in Colombia.

Implemented under the regulation of the Superintendency of Companies, this system aims to mitigate the risks associated with money laundering, the financing of terrorism and the proliferation of weapons of mass destruction.

In this article, we will explore in detail what SAGRILAFT is, how it differs from SARLAFT, the steps for its implementation, the regulations in force, the companies obliged to adopt it, and some specific cases.


SAGRILAFT is a set of measures that companies must implement to control and manage money laundering and terrorist financing (ML/FT) risks.

This system includes the identification, evaluation and mitigation of these risks through appropriate policies, procedures and controls.

Its main objective is to protect companies and the financial system from illicit activities that may affect their reputation and operation.

Differences between SAGRILAFT and SARLAFT

Although both systems seek to combat money laundering and terrorist financing, there are key differences between SAGRILAFT and SARLAFT:

  • Scope and Application

SARLAFT is specific to the financial sector and is mandatory for entities supervised by the Financial Superintendency of Colombia.

In contrast, SAGRILAFT applies to companies in the real sector and other entities supervised by the Superintendency of Companies.

  • Requirements

SAGRILAFT focuses on the implementation of mandatory minimum measures and a comprehensive risk management system, while SARLAFT has more detailed and specific requirements for the financial sector.

  • Regulations

SARLAFT is regulated by the Basic Legal Circular of the Superintendency of Finance, while SAGRILAFT is governed by Chapter X of the Basic Legal Circular of the Superintendency of Companies, with specific modifications over time.


SAGRILAFT Implementation: Step by Step

Implementing SAGRILAFT involves a series of steps to ensure compliance with regulations and the effectiveness of the system.

A general process for its implementation is detailed here:

  1. Design and Approval

The first step is to design a system that takes into account the materiality, characteristics and activity of the company, identifying ML/FT risk factors through tools such as the risk matrix.

The board of directors or the highest corporate body must approve the system, presented jointly by the legal representative and the compliance officer.

  1. Audit and Compliance

A compliance officer, with appropriate experience and training, should be designated to audit and verify compliance with SAGRILAFT.

This officer must report to the Superintendency of Companies and ensure that the system is being applied correctly.

  1. Outreach and Training

It is crucial to disseminate SAGRILAFT to all employees and stakeholders, conducting periodic training at least once a year to familiarize everyone with the system and teach them how to identify and report suspicious transactions.

  1. Assignment of Functions

Clearly define the responsibilities and powers necessary for the implementation of SAGRILAFT, transforming them into rules of conduct for all those involved in the company.

  1. Monitoring and Updating

Implement a continuous process of monitoring and updating SAGRILAFT to adapt to changes in regulations or in the company’s operations.

This includes the evaluation of audit reports and the adoption of necessary corrective measures.



SAGRILAFT is regulated by the Superintendency of Corporations through Chapter X of the Basic Legal Circular. The regulation establishes the requirements and deadlines for its implementation, as well as the penalties for non-compliance.

Companies should be aware of updates to these regulations to ensure ongoing compliance.

Which companies are required to implement SAGRILAFT?

The following companies are required to implement SAGRILAFT:

  1. Companies with revenues or assets equal to or greater than 40,000 legal monthly minimum wages in force (SMLMV).
  2. Companies in specific sectors such as real estate agents, precious metals and gemstones trading, legal and accounting services, construction, and virtual asset services.
  3. Companies subject to special regimes, including companies that administer commercial self-financing plans, savings and loan operators, and multilevel marketing companies.

Concrete Cases

An example of companies that should implement SAGRILAFT are precious metals traders, which are at high risk of being used for money laundering.

These companies must take specific measures such as enhanced due diligence and identification of beneficial owners to mitigate these risks.

Another case is that of virtual asset servicing companies, which must comply with additional requirements due to the nature of their operations and the high ML/FT risk associated with cryptocurrency transactions.


The implementation of SAGRILAFT is essential for companies in Colombia, not only to comply with legal regulations but also to protect against significant risks that may affect their reputation and operation.

Adopting this system effectively requires an ongoing commitment to training, auditing and updating internal procedures.


  1. Superintendence of Corporations. (2023). Chapter X of the Basic Legal Circular
  2. Pirani Risk. (2022). All you need to know about SAGRILAFT in Colombia
  3. Herrera and Associates. (2020). What is SAGRILAFT and when should it be implemented?
  4. Risk Global Consulting. (2023). Complete guide to SAGRILAFT in Colombia
  5. Ne Digital. (2022). SAGRILAFT: what is it and who is obliged to comply?

For more information, Contact us!