Are Directors’ Assets Really Protected in Colombia?: What a Recent Regulatory Action Reveals About Personal Liability Risks

Operating a company in Colombia offers significant opportunities, but it also involves corporate governance and compliance regulations that foreign investors, board members, and senior executives must clearly understand.

A recent administrative action initiated by the Superintendencia de Sociedades (Colombia’s corporate regulator) has reignited an essential question for directors and officers:Does the corporate structure truly protect personal assets when governance and compliance failures occur?

This article explains what happened, what the law actually says, and why this issue matters for foreign shareholders, multinational groups, and board members overseeing Colombian subsidiaries.

A recent regulatory action in Colombia: why it matters

In November 2025, the Superintendencia de Sociedades (Colombia’s corporate regulator)announced the opening of an administrative proceeding aimed at placing a Colombian company under the highest level of corporate supervision known as “control.”

The authority cited accounting, financial, and legal concerns identified during its preliminary assessment.

 Importantly, this action: i) Does not imply liquidation ii) Does not mean government takeover iiii) Does not automatically impose sanctions

However, it does signal serious governance and compliance concerns and activates enhanced regulatory powers. For international investors and directors, the relevance lies not in the specific company, but in what the case illustrates about personal liability exposure in Colombia.

Key legal clarifications

  • The regulator does not manage the company
  • Directors and officers remain in office
  • Shareholders retain their ownership rights
  • The measure is corrective, not punitive by default

However, the company becomes subject to enhanced scrutiny, and management decisions are closely examined.

Why directors and officers should pay close attention

Colombian law does not provide absolute protection to directors and officers simply because a company is a separate legal entity.

When authorities identify serious accounting irregularitie, breach of statutory duties, mismanagement and or lack of diligence or loyalty, the law allows the regulator to assess personal responsibility, always subject to due process.

Directors’ and officers’ duties under Colombian law

Directors, legal representatives, and board members are legally required to act with good faith, loyalty and the diligence of a prudent businessperson.

These duties apply regardless of whether the company is local or part of an international group.

If authorities determine that these duties were breached, personal consequences may follow, depending on the facts and the outcome of the administrative process.

Why this is particularly relevant for foreign investors and boards

For multinational groups and foreign shareholders, this issue often surfaces during: i) due diligence processes, ii) compliance audits, iii) restructuring or turnaround scenarios, iv) M&A transactions and v) regulatory stress situations.

International boards sometimes assume that local managers absorb most regulatory risk, or corporate structures fully shield individual exposure

In Colombia, that assumption can be dangerous if governance is weak or compliance controls are insufficient.

Frequently Asked Questions (Q&A)

Yes. Colombian law allows personal liability when directors breach their legal or fiduciary duties, subject to due process.

No. “Control” is a preventive and corrective measure. Sanctions are only possible if violations are proven through a formal process.

Generally, shareholders’ liability is limited. However, administrators (directors and officers) have distinct personal duties.

Yes. S.A.S. entities are subject to corporate supervision and administrators’ duties, unless specific statutory exceptions apply.

In many cases, yes. Early legal strategy, corrective measures, and proper documentation can significantly reduce exposure.

Yes. Governance and compliance failures—not only insolvency—can trigger scrutiny and liability analysis.

Key lessons for boards and management teams

This regulatory action reinforces several practical lessons:

1, Corporate compliance is not a formality

2. Financial transparency and documentation are critical

3.Board oversight must be active, not symbolic

4. Directors should understand local law exposure, even in subsidiaries

5. Preventive legal advice is far less costly than reactive defense

How Nieto & Nieto Lawyers assists international clients in Colombia

At Nieto & Nieto Lawyers, we advise foreign investors, multinational groups, Colombian subsidiaries, board members and senior executives on directors’ and officers’ liability, corporate governance frameworks, regulatory risk prevention, compliance audits, interactions with the Superintendence of Companies. 

Our approach focuses on anticipation, risk mapping, and practical solutions, not crisis management alone.

Are you a director, officer, or investor involved in a Colombian company?

A confidential governance and liability assessment can help identify risks before they become personal exposure.

Contact our corporate law team corporativo@nietolawyers.com for a tailored review

Agendar con Nieto Lawyers WhatsApp

Final takeaway

The recent action by Colombia’s corporate regulator is not merely a legal headline.

It is a clear reminder that corporate structures do not automatically shield individuals when governance and compliance fall short.

For international investors and board members, understanding this framework is not optional. It is part of responsible corporate oversight in Colombia. Rather than discouraging investment, Colombia’s corporate oversight framework provides predictability and legal certainty for investors who prioritize strong governance and compliance

Topics of Interest

Legal News

Our Team

Jaime Nieto Pérez

Founding Partner and Manager

Contact
Jaime Andrés Nieto

Senior Partner

Contact
Estefani Nieto

Senior Partner

Contact
See more
Share:
nieto & nieto lawyers,  GDPR Cookie Compliance
COOKIE NOTICE

NIETO & NIETO LAWYERS S.A.S. PRIVACY NOTICE

Through this document, and in accordance with the provisions of Statutory Law 1581 of 2012, Article 14 of Regulatory Decree 1377 of 2013, and other related regulations, NIETO & NIETO LAWYERS S.A.S., identified with NIT 830.083.908-9, informs its clients, suppliers, employees, associates, and visitors of its web platforms of the existence of the COMPANY'S PERSONAL DATA PROCESSING AND PROTECTION POLICY, which will apply when using the aforementioned web tools, posting comments on the blog, and/or having commercial, civil, and/or labor relations with the company, as well as how to access said policy and the purposes of the personal data processing that is intended.

  1. Personal Data Processing Policies: NIETO & NIETO LAWYERS S.A.S. states that you may consult the personal data processing policy governing the company at any time, which can be viewed at www.nietolawyers.com.
  2. Purpose of Personal Data Processing: In accordance with the COMPANY'S PERSONAL DATA PROCESSING AND PROTECTION POLICY, the collection, processing, storage, treatment, verification, use, circulation, transfer, and/or national and/or international transmission of personal data is carried out for the following purposes:
  • Fulfillment of commercial obligations within the framework of contractual relationships with clients, suppliers, and employees.
  • Identification and contact of NIETO & NIETO LAWYERS clients, suppliers, and employees for contractual and legal purposes.
  • Processing and ensuring the fulfillment and delivery of services acquired by NIETO & NIETO LAWYERS clients, as well as preparing the corresponding billing.
  • Sending advertising about NIETO & NIETO LAWYERS services.
  • Public or private offering of NIETO & NIETO LAWYERS services.
  • Conducting analysis and profiling of clients to define services tailored to their preferences.
  • Communicating the organization of activities and events held by NIETO & NIETO LAWYERS.
  • Organizing the registration of supplier information for the issuance of purchase orders.
  • Communication, consolidation, organization, updating, control, accreditation, assurance, statistics, reporting, maintenance, interaction, and management of the actions, information, and activities related to NIETO & NIETO LAWYERS suppliers and contractors.
  • Administrative and corporate management of NIETO & NIETO LAWYERS.
  • Facilitating the use of interactive website functions, such as commenting on blog posts, within the established privacy rules.
  1. Rights of Personal Data Holders: Without prejudice to the rights recognized by Law 1581 of 2012, Decree 1377 of 2013, and those mentioned in the COMPANY'S PERSONAL DATA PROCESSING AND PROTECTION POLICY, personal data holders whose data is accessed by NIETO & NIETO LAWYERS S.A.S. will have, in particular, the following rights:
  • Access the provided data that has been processed, free of charge.
  • Know, update, and rectify their information when faced with partial, inaccurate, incomplete, outdated, fragmented, misleading, or unauthorized data processing.
  • Request proof of the granted authorization.
  • Submit complaints to the Personal Data Protection Delegation of the Superintendence of Industry and Commerce (SIC) for violations of current regulations.
  • Revoke the authorization at any time and/or request the deletion of the data, provided there is no legal or contractual duty preventing its deletion.
  • Refrain from responding to questions about sensitive data. NIETO & NIETO LAWYERS S.A.S. informs that responses regarding minors and sensitive data, such as racial or ethnic origin, gender, sexual or political orientation, religious beliefs, membership in unions, associations, or social organizations authorized by law, among others, will be optional.
  1. Use of Cookies and Other Tracking Technologies: NIETO & NIETO LAWYERS S.A.S. informs users that, upon visiting its website, information will be collected through cookies and other tracking technologies. These are used to enhance the browsing experience, analyze user behavior on the website, and facilitate interaction on the platform, such as commenting on the blog.

    Users will have the option to configure their browser to accept or reject cookies, as well as to delete previously stored cookies. At any time, they can manage their cookie preferences, allowing them to choose which cookies to accept and which to reject, ensuring transparent and controlled data handling.