On May 19, 2026, the Ministry of Finance signed Decree 510, which amends Decree 2555 of 2010 by adding Title 5 to Book 5 of Part 2, thereby creating a specialized regulatory framework for all fiduciary businesses in Colombia. The decree is grounded in the consumer protection statute (Law 1328 of 2009) and the Organic Statute of the Financial System, and entered into force the day following its publication.
The new framework applies to all acts derived from trust (fiducia mercantil) and mandate (encargo fiduciario) contracts executed by trust companies (sociedades fiduciarias) supervised by the Financial Superintendence of Colombia (“SFC”). The decree formally defines key concepts, including Fiduciary Business, Fiduciary Service, Commercial Trust, Fiduciary Mandate, Fiduciary Risks, and Non-Fiduciary Risks, providing the legal vocabulary needed to demarcate each party's responsibilities.
Five principles govern fiduciary businesses under the new framework: (i) Segregation — assets in an autonomous estate (patrimonio autónomo) are independent from the trust company's own assets and from those of other businesses it administers, and are excluded from any insolvency proceeding against the trust company; (ii) Professionalism — trust companies must act as prudent and diligent experts, with the technical, legal, and technological competencies to fulfill contractual obligations; (iii) Prevalence of interests — the interests of the trust business as set out in the contract prevail over those of the trust company, its shareholders, directors, officers, and affiliates; (iv) Prevention — trust companies must anticipate fiduciary risks that may affect the execution of their contractual obligations; and (v) Transparency — all parties must act transparently and ensure adequate disclosure to those holding rights derived from the trust business.
Furthermore, the decree establishes a comprehensive set of duties for trust companies:
(a) Diligence: Trust companies must act with the care of a professional expert in fulfilling the fiduciary service agreed in the contract.
(b) Disclosure to financial consumers: In line with Law 1328 of 2009, trust companies must keep financial consumers informed about risks, costs, and the scope of their rights and obligations, providing clear, complete, and understandable information throughout the pre-contractual, execution, and liquidation stages.
(c) Disclosure to information recipients: Trust companies must ensure that information made available to contractually designated recipients is permanently available, accurate, timely, and comprehensible. Digital means are permitted provided they guarantee security and integrity. The trust company must take into account the recipients' level of knowledge and experience.
(d) Accountability reporting: Trust companies must present periodic accountability reports to settlors (fideicomitentes) or principals (encargantes) and beneficiaries on the management performed and the development of the fiduciary service, through the joint information mechanism defined in the contract. The SFC will define the content of such reports by general instructions.
(e) Fiduciary risk management: From the pre-contractual stage through liquidation, trust companies must conduct a documented analysis of fiduciary risks covering at minimum: (i) evaluation of the object and purpose of the trust business to verify it is not being used to circumvent legal rules; (ii) identification and classification of risks by type of asset, tasks entrusted, structure of the business, and parties involved; (iii) evaluation and prioritization by quantitative and qualitative methods; (iv) definition of treatment for identified risks (acceptance, mitigation, transfer, or avoidance) aligned with the risk appetite; (v) establishment of control, mitigation, and administration mechanisms; and (vi) communication and coordination mechanisms with corporate governance bodies. As a result of this analysis, trust companies must build a fiduciary risk matrix to be included in the contract and kept updated, and make it available to the SFC.
(f) Protection or safeguarding of transferred or delivered assets: Trust companies must take all necessary steps to protect and defend assets transferred to the autonomous estate, and comply with instructions from the settlor or principal to preserve and care for delivered assets against acts of third parties, the beneficiary, or the settlor or principal themselves.
(g) Best execution of asset disposal or acquisition transactions: When a contract contemplates disposal or acquisition of assets, parties must agree on pricing criteria. In the absence of such agreement, market prices serve as reference. Trust companies must act with the necessary care to ensure conditions correspond to the best available market conditions, considering price, transaction size, asset type, market conditions, and associated costs. This duty does not apply when conditions are set by the party with authority under the contract and the trust company has no involvement in pricing.
(h) Prevention and management of conflicts of interest: Trust companies must establish and apply principles, policies, and procedures approved by their board of directors for detecting, preventing, managing, and disclosing conflicts of interest in the provision of the fiduciary service. These must be incorporated in the corporate governance code, address conflicts between trust businesses managed by the same company, and address conflicts with the trust company's own transactions or those of its affiliates.
Mandatory contract content. Beyond the essential elements required by law, fiduciary contracts must include provisions on: (i) information recipients and the information to be provided; (ii) minimum information to be disclosed, including changes in compliance timelines, investment results, the risk matrix, and any circumstance affecting recipient rights; (iii) a joint information mechanism through which both the trust company and the settlor supply information to recipients, potentially differentiated by rights held; (iv) the risk matrix covering both fiduciary and non-fiduciary risks; (v) conflict of interest mechanisms; (vi) asset valuation conditions consistent with accounting standards under Law 1314 of 2009; (vii) information on investments and results when the business contemplates resource investment; (viii) authorization for use of the trust company's name and logo; (ix) the liquidation procedure; and (x) for project-related trust businesses, mechanisms for technical control, monitoring, or verification. For residential real estate trust businesses specifically, the trust company must verify that the settlor or principal has a construction supervision contract (contrato de interventoría).
On the other hand, models or forms of adhesion contracts for mass fiduciary services must be evaluated by the SFC before execution, to protect financial consumers and prevent abusive clauses. Trust companies must also report to the SFC the classification and typologies of their fiduciary businesses.
Lastly, the decree establishes five official categories: (i) Guarantee trust (fiducia en garantía) — for securing obligations through asset transfer; (ii) Administration trust (fiducia de administración) — for asset management, transfer, or disposition; (iii) Investment trust (fiducia de inversión) — for portfolio construction, whether managed individually under settlor instructions or collectively; (iv) Real estate trust (fiducia inmobiliaria) — for real estate project development and execution; and (v) Social security trust (fiducia con recursos del sistema de seguridad social y otros relacionados).
The SFC must issue instructions implementing the decree within 12 months of its entry into force. Fiduciary businesses already in progress at the date of the decree's entry into force will continue to be governed by the rules in effect at the time of their execution.
In this context, trust companies should begin mapping their existing fiduciary business portfolios against the new typology and reviewing the adequacy of their fiduciary risk management frameworks, including the construction of risk matrices for each contract. They should also review their standard contract templates to incorporate the mandatory content requirements and prepare adhesion contracts for SFC evaluation. Particular attention should be given to updating conflict of interest policies and disclosure procedures. Furthermore, entities acting as settlors or principals should be aware of their own obligations regarding the joint information mechanism and the non-fiduciary risk matrix.