1. About this handbook
This Certification Handbook describes the Compliance Officer credential awarded by International Security Certification Board SAS under the accreditation of the Colombian National Accreditation Body (ONAC), in conformance with ISO/IEC 17024:2012. It supersedes all prior versions and is effective on its publication date.
The handbook is updated at least annually. The current version is always available at ecertify.org. Material changes are communicated to active candidates and certified professionals at least 30 days in advance.
2. About ISCB®
International Security Certification Board (ISCB®) is an independent personnel certification body operating in Colombia through International Security Certification Board SAS and in the United States through International Security Certification Board LLC. Our mission is to certify, under international standards, the technical and ethical competence of polygraph and compliance professionals.
ISCB® operates under an audited ISO/IEC 17024 management system with clear separation between training and assessment, documented impartiality, and multi-stakeholder participation in all schemes.
3. The credential
The Compliance Officer certification is the ISCB® credential for professionals performing compliance duties in Colombia. It certifies core competencies in anti–money laundering (SAGRLAFT/SARLAFT), corporate ethics, personal-data protection (Law 1581), and internal controls required by the Superintendencia de Sociedades, the Superintendencia Financiera and other regulators.
4. Accreditation & credential identity
Same scheme, two accreditation paths
The ISCB® Compliance Officer scheme is published under two accreditation paths. This page describes the Colombian path; the equivalent international version is issued as CCO® (Certified Compliance Officer) via ANAB.
| Path | Issuing entity | Accreditor | Certificate name |
|---|---|---|---|
| This page | ISCB SAS · Colombia | ONAC · ISO/IEC 17024:2012 | Oficial de Cumplimiento |
| International | ISCB LLC · USA | ANAB · ID 9115 | CCO® · Certified Compliance Officer |
The body of knowledge, examination structure and technical requirements are equivalent under both paths. Selection depends on the candidate's jurisdiction and intended professional scope.
5. Scheme Committee
The Compliance Officer scheme is governed by the ISCB® Scheme Committee, comprising representatives from employers, certified compliance officers, academia and sector supervisors. The Committee approves the occupational profile, body of knowledge and assessment mechanisms, and reviews scheme validity annually.
6. Eligibility requirements
To be eligible for the OC® program, candidates must meet the following minimum criteria according to the regulated sector:
| Sector | Degree / qualification | Training | Experience |
|---|---|---|---|
| Superintendencia de Transporte | Technical, technologist or professional qualification | Minimum 90 hours | Minimum 6 months |
| Superintendencia de Sociedades | Professional degree | Minimum 90 hours | Minimum 6 months |
| Superintendencia de Vigilancia y Seguridad Privada | Professional degree | Minimum 90 hours | Minimum 6 months |
| Superintendencia Nacional de Salud | Professional degree | Minimum 90 hours | Minimum 6 months |
The candidate must also demonstrate knowledge of the applicable international and regulatory frameworks: ISO 37301, ISO 37001, ISO 31000, ISO 27001, ISO 27701, FATF Recommendations (FATF 40), and Law 2195 of 2022.
| Sector | Specific regulatory knowledge |
|---|---|
| Superintendencia de Transporte | Resolution 2328 of 2025 |
| Superintendencia de Sociedades | External Circular 100-000016 of 2020 |
| Superintendencia de Vigilancia y Seguridad Privada | External Circular 20240000245 of 2024 |
| Superintendencia Nacional de Salud | External Circular 009 of 2016 |
7. Body of knowledge (BoK)
The OC® program is organized into nine (9) domains derived from the Job Task Analysis (JTA) and the sector-specific regulatory requirements applicable to the Compliance Officer role:
| Domain | Weight | Questions |
|---|---|---|
| International framework and AML/CFT system actors | 10% | 5 |
| Compliance Officer role | 10% | 5 |
| Customer Due Diligence (CDD) | 14% | 7 |
| Risk assessment and compliance controls | 12% | 6 |
| Monitoring and detection of unusual operations | 12% | 6 |
| Suspicious operation reporting and confidentiality | 12% | 6 |
| Compliance system auditing | 10% | 5 |
| New technologies and emerging risks | 10% | 5 |
| Sector regulatory framework | 10% | 5 |
These requirements correspond to the minimum eligibility criteria of the ISCB OC® scheme and do not replace additional requirements that competent regulatory authorities may establish for practicing as a Compliance Officer.
8. Application process
- Submit application with supporting documentation (F-CER-02, résumé, diplomas, employment certifications).
- Document review by the ISCB® Certification team (up to 15 business days).
- Admission notification and signature of the certification agreement (F-CER-01).
- Fee payment and exam scheduling.
- Delivery of the proctored theoretical examination.
- Certificate issuance upon passing, with verifiable registry number.
9. Fees
| Item | Amount | Notes |
|---|---|---|
| Full certification | COP 650.000 + IVA | Covers admission, examination and certificate issuance. |
| Retake | According to current policy | A re-examination may be taken once per application cycle, with a minimum waiting period of 15 calendar days and payment of the applicable fee. |
| Recertification (every 2 years) | COP 650.000 + IVA | Requires 20 CPE hours, at least 10 related to the certified sector. |
| Additional sector | COP 350.000 + IVA | Applies when the candidate wishes to expand the scope to additional sectors. |
Fees are reviewed annually. Payments are made in Colombian pesos (COP) and invoiced under International Security Certification Board SAS.
10. Examination
Format and duration
The assessment contains 62 scored questions in two components: a theoretical examination with 50 multiple-choice questions and a practical examination with 12 questions based on scenarios and applied Compliance Officer situations.
Total duration: up to 4 hours (2 hours theoretical + 2 hours practical).
Minimum passing score
80% demonstrated competence; the candidate must pass both the theoretical and practical components.
Delivery and proctoring
Delivered at authorized centers or online via live remote proctoring through the official ISCB® proctoring partner (the same provider for all accreditation paths). A valid photo ID and a controlled environment are required.
Scheduling and rescheduling
Scheduling is done through the ISCB® portal. Rescheduling is allowed up to 72 hours before the appointment without penalty.
Cancellation and no-show
Cancellations more than 7 days in advance are 50% refundable. No-show without documented justification within the next 14 days counts as a consumed attempt.
11. Scoring and results
Results are communicated to the candidate within 10 business days after the examination, via the ISCB® portal and official email. The report indicates the overall outcome (pass / fail) and domain-level performance. Specific item content is not disclosed, consistent with the exam security policy.
12. Retake policy
Candidates who do not meet the minimum score may request one re-examination per application cycle. They must wait at least 15 calendar days before retesting, pay the applicable fee, and comply with any retraining requirement indicated by ISCB.
13. Recertification
The OC® certification is valid for two (2) years. To keep the certification active, the holder must complete 20 hours of Continuing Professional Education (CPE) during the certification cycle, with at least 10 hours related to the certified sector; maintain compliance with the ISCB Code of Ethics; submit a recertification application with supporting evidence; and pay the established recertification fees.
14. Code of Ethics
Every candidate and certified professional accepts and is bound by the ISCB® Code of Ethics, which covers: professional integrity, impartiality, confidentiality, prohibition of undisclosed conflicts of interest, correct use of the trademark, and cooperation with internal investigations.
15. Appeals and complaints
Any candidate or third party may file an appeal against a certification decision or a complaint about a certified professional's conduct. The appeal window is 30 calendar days from decision notice. Appeals are resolved by an independent committee within 90 days. Procedures are documented in P-CER-04.
16. Privacy and data protection
ISCB SAS processes personal data in accordance with Colombian Law 1581 of 2012. The data-processing policy, data-subject rights and contact channels are published at ecertify.org.
17. Non-discrimination and accessibility
ISCB® provides equal access to the certification process without discrimination based on race, gender, orientation, religion, nationality, disability or other status. Candidates requiring reasonable accommodations may request them at the time of application.