Prometeo & Fiskil Partnership Powers Colombia's Open Finance Rollout: Fintech Compliance Implications for 2026

What Happened: Strategic Partnership for Colombia's Open Finance Implementation

Prometeo and Fiskil have announced a strategic partnership to provide an end-to-end solution for Colombia's open finance implementation. The collaboration combines Prometeo's API connectivity expertise with Fiskil's platform for consent management, data provider operations, directory integration, and monitoring. This partnership aims to bridge the gap between Colombia's regulatory framework and operational execution by offering scalable infrastructure that ensures compliance, transparency, and alignment with current and future requirements.

Colombia has established its open finance regulatory framework through Decree 1297 of 2022, Law 2294 of 2023, and External Circular 004 of 2024. These regulations define technical standards, security guidelines, and interoperability requirements for open finance. The initiative targets supervised entities required to disclose data under Superintendencia Financiera de Colombia (SFC) standards, as well as fintechs and companies that consume this data with consent to develop new services.

Why It Matters: Regulatory Context and Global Alignment

Colombia's open finance regulations represent a significant step toward modernizing the country's financial ecosystem. The framework aligns with global trends in open banking and financial innovation, similar to the European Union's PSD2 (Payment Services Directive 2) and MiCA (Markets in Crypto-Assets Regulation) in their emphasis on standardized APIs, consumer consent, and secure data sharing.

Unlike the EU's PSD2 which has been in effect since January 2018, Colombia's regulations are still in the implementation phase. The partnership between Prometeo and Fiskil comes at a critical time as financial institutions and fintechs prepare for compliance deadlines. The solution addresses key implementation challenges including scalable infrastructure, real-time financial information processing, and support for new business models based on APIs.

Compliance Challenges for Fintechs in 2026

As Colombia's open finance rollout progresses toward 2026, fintechs face several critical compliance challenges:

Data Privacy and Protection

Colombia's regulations require robust data protection measures for financial information sharing. While Colombia has its own data protection law (Law 1581 of 2012), fintechs operating internationally must also consider global standards like the GDPR (General Data Protection Regulation) which applies to any organization processing personal data of EU residents. The right to data portability under GDPR Article 20 aligns closely with open finance principles.

API Security and Standardization

The technical standards defined in External Circular 004 of 2024 require secure, standardized API connectivity. This aligns with global cybersecurity frameworks like NIST Cybersecurity Framework 2.0 (published February 2024) and the ISO/IEC 27001:2022 standard for information security management. Fintechs must implement strong authentication, encryption, and monitoring to prevent unauthorized access to financial data.

Consent Management

Colombia's regulations emphasize explicit consumer consent for data sharing. The partnership's consent management platform addresses this requirement, but fintechs must ensure their systems provide clear, granular consent options, easy revocation mechanisms, and transparent data usage policies. This aligns with global trends in consumer data rights seen in regulations like California's CPRA (effective January 2023) and the EU Pay Transparency Directive (transposition deadline June 2026).

AML/KYC Integration

Open finance systems must integrate with anti-money laundering (AML) and know-your-customer (KYC) requirements. Colombia follows international AML standards from the FATF (Financial Action Task Force), and fintechs must ensure their open finance implementations don't compromise these obligations. The EU's AML Package (2024) and establishment of the AMLA (Anti-Money Laundering Authority) provide relevant benchmarks for enhanced due diligence.

What Organizations Should Do: Actionable Compliance Steps

Fintechs preparing for Colombia's open finance implementation should take these actionable steps:

1. Conduct a Regulatory Gap Analysis: Map your current operations against Colombia's Decree 1297 of 2022, Law 2294 of 2023, and External Circular 004 of 2024 requirements. Identify gaps in API security, consent management, and data protection.
2. Assess Vendor Solutions: Evaluate partnerships like Prometeo-Fiskil against your specific needs. Consider integration capabilities with existing systems, scalability for future regulatory changes, and compliance with both Colombian and international standards.
3. Implement Robust Consent Management: Develop or integrate systems that provide clear consent options, easy revocation, and transparent data usage tracking. Ensure alignment with global privacy standards including GDPR's Article 22 rights related to automated decision-making.
4. Strengthen API Security: Implement security measures aligned with NIST CSF 2.0's six core functions (Govern, Identify, Protect, Detect, Respond, Recover) and consider SOC 2 attestation for service organizations. Remember that SOC 2 is not a certification but an attestation report based on Trust Services Criteria.
5. Integrate AML/KYC Solutions: Leverage specialized tools like ComplyAdvantage or Sumsub for enhanced due diligence. Ensure your open finance implementation maintains robust AML controls as required by Colombia's financial authorities and international standards.
6. Prepare for Cross-Border Considerations: If operating internationally, ensure compliance with relevant regulations like the EU's MiCA (full application December 2024 for Crypto-Asset Service Providers) and PSD3/PSR (expected adoption 2025-2026).

Related Resources and Next Steps

Colombia's open finance implementation represents both opportunity and complexity for fintechs. The Prometeo-Fiskil partnership provides one pathway to compliance, but organizations must take proactive steps to ensure they meet all regulatory requirements.

To stay ahead of evolving regulations, consider using AIGovHub's fintech compliance intelligence platform to monitor updates across multiple jurisdictions. Our tools can help streamline reporting, track regulatory changes, and ensure alignment with both Colombian requirements and global standards like PSD2, MiCA, and emerging frameworks.

For more information on related compliance topics, explore our guides on AI governance implementation, data regulation compliance, and cybersecurity best practices.

This content is for informational purposes only and does not constitute legal advice. Organizations should verify current regulatory timelines and requirements with qualified professionals.