Governance and
Ethical Management
Corporate
Governance
Governance Structure
2 Good Governance Code Numeral 1.2.
General Shareholders’ Meeting
The General Shareholders’ Meeting of Colombia Telecomunicaciones S.A. ESP BIC is the supreme body of the company, where shareholders exercise their right to make decisions on the company’s most important matters. Its role is to guarantee the correct administration and management of the company, ensuring respect for the shareholders’ interests.
In line with general good corporate governance practices, two main types of meetings are distinguished:
- Ordinary:
Held periodically, generally once a year, to approve the financial statements, the management of the directors, the distribution of profits and other recurring matters.
- Extraordinary:
SIt is called when it is necessary to deal with urgent or especially relevant matters, such as amendments to the bylaws, mergers, spin-offs, dissolution of the company or changes in the governance structure.
The powers of the Assembly include:
- Approval of the annual financial statements.
- Distribution of profits and payment of dividends.
- Appointment and removal of members of the Board of Directors and external auditor.
- Modification of the company’s bylaws.
- Approval of mergers, spin-offs or liquidation of the company.
- Issuance of shares and other financial instruments.
- Supervision of the management of the Board of Directors.
Regarding convocation, quorum and voting:
- Notice: The Meeting must be called with due notice and in accordance with the bylaws, ensuring that shareholders can exercise their right to participate.
- Quorum: Rules are established regarding the minimum number of shares represented for decisions to be valid.
- Voting: Resolutions are adopted by majority vote, the percentage of which may vary according to the importance of the decision. In some cases, qualified majorities may be required.
This highest authority seeks to guarantee transparency, the exercise of shareholders’ rights and good corporate governance.
Board of Directors
GRI Content 2-9, 2-10, 2-12, 2-13, 2-14, 2-17, 2-18, 405-1
The General Shareholders’ Meeting appoints the members of the Board of Directors subject to the provisions of the Bylaws and, as long as the Company is listed on the stock exchange, and in accordance with the provisions of Law 964 of 2005 and the regulations that may amend it. The Board of Directors is comprised of 10 principal members, without alternates.
The Company’s Bylaws, the Code of Good Corporate Governance and its Annex No. 3- Regulations of the Board of Directors establish that the members of the Board of Directors shall be professionals of high moral and ethical quality, with managerial leadership skills that allow them to contribute to the Company due to their special knowledge of the information and communications technology sector, financial and risk aspects, legal matters, commercial issues and crisis management. It also establishes that 25% of the members must be independent, in accordance with the provisions of Law 964 of 2005.
The profiles of the members of the Board of Directors are published on telefonica.co/accionistas-e-inversionistas/gobierno-corporativo-2/modelo-de-gobierno/junta-directiva-de-colombia-telecomunicaciones-s-a-esp-bic/.
Composition of the Board of Directors
| Name | Gender | Executive / Non-Executive level | Quality | First Appointment | |
|---|---|---|---|---|---|
| 1 | Alfonso Gómez Palacio | Male | Executive | Shareholder | 19/12/2006 |
| 2 | Fabián Andrés Hernández Ramírez | Male | Executive | Executive | 09/08/2012 |
| 3 | Idoya María Arteagabeitia González | Female | Executive | Shareholder | 19/04/2024 |
| 4 | Diego Colchero Paetz | Male | Executive | Shareholder | 17/03/2016 |
| 5 | Martha Elena Ruiz Díaz-Granados | Female | Executive | Executive | 09/08/2012 |
| 6 | Pedro Alberto Ramón y Cajal Agüeras | Male | N.A. | Independent | 05/11/2010 |
| 7 | Francisco Javier Azqueta Sánchez-Arjona | Male | N.A. | Independent | 22/02/2007 |
| 8 | Francisco Javier Quiroga Alba | Male | Executive | Shareholder | 19/03/2024 |
| 9 | Juan Carlos Fernández Martínez | Male | Executive | Shareholder | 26/12/2022 |
| 10 | Lina Zuluaga Ocampo(*) | Female | N.A. | Independent | 26/12/2022 |
(*) Dr. Lina Marcela Zuluaga resigned from her position as a member of the Board of Directors. The appointment of her replacement will be made by the General Shareholders’ Meeting.
Participation by gender
Participation by age
In accordance with the Company’s Bylaws, the Board of Directors is responsible for supervising good corporate governance practices and monitoring compliance with the ethical and conduct standards adopted by the Company, including the Code of Good Corporate Governance and the Principles of Responsible Business. In this regard, it periodically receives and approves information on compliance with these policies, as well as on the progress of the Company’s business plan and management, including sustainability issues.
The Board of Directors plays an active role in integrating sustainability into the organization, defining strategic guidelines and monitoring management, risk and performance indicators. It also oversees the Responsible Business Plan and good corporate governance practices, ensuring compliance with ethical and conduct standards.
Annually, the Board of Directors reviews the Responsible Management Report – BIC Management Report, prior to its presentation to the General Shareholders’ Meeting for approval and subsequent publication through official channels to the corresponding stakeholders and entities.
As part of its oversight role, the Board of Directors ensures compliance with the Anti-Corruption Policy and the certification of the Anti-Bribery Management System under the ISO 37001:2016 standard, ensuring the prevention, detection and mitigation of bribery and corruption risks.
In addition, the Board of Directors receives periodic reports from Compliance Management on the performance of the Compliance Program, including the management of complaints related to possible violations of the Telefónica Group’s ethics and integrity regulations. These reports are also submitted to the Audit and the Management Committee, responsible for leading and supervising the planning, implementation and continuous improvement of the Compliance Program.
Aware of the risks associated with Money Laundering (ML), Financing of Terrorism (FT), Proliferation of Weapons of Mass Destruction (WMD), bribery and corruption, the Company has implemented a robust compliance program to prevent its exposure to these illicit practices, mitigating their impacts on the economy and society.
Chairman of the Board
The Chairman of the Board of Directors is not a senior executive of Colombia Telecomunicaciones SA ESP BIC. The Company’s bylaws establish that the Board of Directors shall have a Chairman elected by its members for a term equal to that of this corporate body. The chairman of the Board of Directors shall be the chief executive officer of the Company. However, as long as the Company is listed on the Colombian Stock Exchange, whoever is the Company’s legal representative may not serve as chairman of the Board of Directors.
Evaluations
Although there are no specific evaluations of the performance of the Board of Directors in relation to the supervision of the management of the impacts of the organization on the economy, the environment and people in a specific manner, in accordance with the provisions of the Code of Good Corporate Governance and its Annex N.º 3 – Regulations of the Board of Directors, the Board of Directors performs an annual evaluation of its management, through the mechanism defined by the Board itself.
The self-evaluation includes, among others, the participation and attendance of its members at meetings, their knowledge of the main aspects of the Company and their follow-up of the decisions made by this corporate body and their contribution to defining the Company’s strategies and projection.
The results of the self-evaluation of the members of the Company’s Board of Directors and the management performed during the year will be included in the Good Corporate Governance Practices Compliance Report 2024, which is published on the Company’s website.
Remuneration
The members of the Board of Directors are entitled to remuneration or compensation, in accordance with the provisions of the Company’s bylaws, the Code of Good Corporate Governance and its Annex N.º 3 – Regulations of the Board of Directors. The fees are set by the General Shareholders’ Meeting, based on the responsibility of the position, the size of the Company and market guidelines. The Company does not have variable remuneration systems, hiring bonuses, hiring incentives, retirement pensions or remuneration systems that incorporate stock options for members of the Board of Directors.
On the other hand, it is reported that fees are not recognized and paid to the members of the Board of Directors appointed by the Telefónica Group who are employed by it.
Finally, it is specified that the remuneration policy for members of the Board of Directors and senior executives is not linked to their performance in managing the impacts of the organization on the economy, the environment and the people.
The Annual Report on Compliance with Good Corporate Governance Practices shall annually report the remuneration received by the members of the Board of Directors in each fiscal year.
This information may be accessed through the web page telefonica.co/accionistas-e-inversionistas/gobierno-corporativo-2/informe-de-cumplimiento-de-practicas-de-buen-gobierno-corporativo/
Board of Directors Audit Committee
The Company’s Bylaws and the Corporate Governance Code establish that the Audit Committee is composed of five members of the Board of Directors, of which three (3) members shall be independent members. Likewise, it is established that all of them must have knowledge in accounting, financial and other related matters.
The profiles of the members of the Audit Committee are published on the website telefonica.co/accionistas-e-inversionistas/gobierno-corporativo-2/modelo-de-gobierno/comite-de-auditoria/.
The Audit Committee analyzes the reports on the Responsible Business Plan and the Company’s management.
Among its main functions is the supervision of compliance with the internal audit program, ensuring that it considers business risks and comprehensively evaluates all areas of the organization.
Composition of the Audit Committee
| No. | Name | Gender | Executive / Non-Executive | Category | First Appointment |
|---|---|---|---|---|---|
| 1 | Alfonso Gómez Palacio | Male | Executive | Shareholder | 27/08/2012 |
| 2 | Pedro Alberto Ramón y Cajal Agüeras | Male | N.A. | Independent | 27/08/2012 |
| 3 | Francisco Javier Azqueta Sánchez-Arjona | Male | N.A. | Independent | 27/08/2012 |
| 4 | Francisco Javier Quiroga Alba | Male | Executive | Shareholder | 19/03/2024 |
| 5 | Lina Zuluaga Ocampo(*) | Female | N.A. | Independent | 26/12/2022 |
(*) Dr. Lina Marcela Zuluaga resigned from her position as a member of the Board of Directors, which implies her resignation as a member of the Audit Committee. The appointment of her replacement will be made by the General Shareholders’ Meeting.
Participation by gender
Participation by age
Managing the Conflict of Interest
The Telefónica Group has a Conflict of Interest Policy that requires acting at all times with loyalty, confidentiality and integrity, especially in the face of possible conflicts of interest. These rules regulate those situations in which a direct or indirect personal interest of an employee may influence or generate the perception of influencing their professional decisions, and may conflict with the interests of any Telefónica Group company.
Colombia Telecomunicaciones S.A. E.S.P. BIC has a Code of Good Governance (hereinafter, “the Code”) whose purpose is to ensure proper administration, promote transparency in its management and establish evaluation and control mechanisms. This Code protects the integrity of the administrators and safeguards the interests of the organization. Its contents and annexes are available at the following link: Code of Good Corporate Governance and Principles of Responsible Business.
Section 3.7 of the Code establishes that, in accordance with the law, directors must abstain from participating, directly or indirectly, in any act in which there is a conflict of interest. In the case of the Board of Directors, its members must declare any possible conflict of interest to the other members of the governing body, who will determine whether the declarant may intervene in the matter in question.
For directors who are also employees of the Company, the Corporate Conflicts of Interest Policy also applies. In this context, directors must declare their conflicts of interest at two key points:
1.
During the selection process, by filling out the “Acceptance of the Regulations on Conflicts of Interest and Regulations on the Telefónica Group’s Relationship with Public Entities” form, which is processed before being hired as a collaborator.
2.
Whenever a potential conflict of interest arises, using the Telefónica Group’s corporate conflict of interest declaration tool, available on the corporate intranet and managed locally by the Compliance Management.
In both cases, Compliance Management is responsible for analyzing the situation, determining the existence of the conflict and, if necessary, establishing recommendations to mitigate the associated risk.
Regarding the members of the Board of Directors, they must disclose any activity that involves competition with the Company, as well as any other act in which there is a potential conflict of interest, including their participation in other boards of directors or in companies with business relationships with the Company, such as suppliers or other stakeholders.
Likewise, the Telefónica Group has a corporate policy on the participation of executives and managers in boards or administrative bodies of external companies, which allows such participation as long as the non-existence of conflicts of interest is guaranteed and the pertinent authorizations are obtained. In these cases, Compliance Management must make a prior report, and subsequently validate and approve the participation.
In addition, employees must declare any situation in which a direct or indirect personal interest may influence or appear to influence their professional decisions. According to the Conflicts of Interest Regulations, these situations include relationships of “kinship, participation in companies either in their capital or in their management and/or administrative bodies, or for any other reason that the Affected Subject considers that limits or conditions his or her objective decision-making capacity in the performance of his or her duties”.
During the selection process, candidates must expressly declare any kin or contractual or legal relationship with contractors, suppliers or competitors of the Company, as well as any current contractual relationship with other companies, regardless of their sector or market. This requirement also applies to any previous contractual relationship with public entities, regardless of the model or type of contract existing between the parties.
In 2024, a total of 198 potential conflicts of interest reported by active employees and candidates in the selection process were managed.
Of these, 175 cases (88%) were evaluated as not representing a risk, while 23 (12%) involved a level of risk and were duly mitigated in conjunction with the People area.
Communication of
Critical Concerns
The Company’s governing bodies reaffirm their commitment to ethical and responsible management by monitoring the reports received through the whistleblower channels, which are managed by the Inspection Management. These reports may address critical issues with significant impact on the organization.
In addition, Compliance Management submits periodic reports on the performance of the Compliance Program, providing a space for raising key concerns related to the Telefónica Group’s ethics and integrity regulations. The complaints received are analyzed by the Disciplinary Action Committee (DAC), which determines the necessary actions to mitigate future risks.
In addition, the Compliance Office has a mailbox to receive inquiries from internal and external stakeholders. If the case does not fall within its competence, a formal transfer is made to the corresponding area for appropriate attention.
In 2024, there were no critical concerns that required direct intervention by the Board of Directors in matters of ethics and corporate responsibility.
Ethical Culture and Responsible
Ethical Culture and Responsible
To ensure ethical and responsible management, the Company has a solid regulatory framework that governs its commitments in all its activities and business relationships. These principles are reflected in its Code of Ethics, known as Responsible Business Principles (RBP), which encourage transparent, integral and sustainable management, promoting a positive social and environmental impact.
To ensure its integration into the company’s strategy and operation, Telefónica has adopted the Policy for the Development and Organization of the Regulatory Framework, which establishes guidelines and mechanisms for coordination between the head office and the Group’s companies. This function is led in Colombia by the Compliance Management, in charge of ensuring compliance with the Principles of Responsible Business and their alignment with internal regulations. This standard recognizes that “(…) the Principles of Responsible Business as an ethical code of the Telefónica Group, which inspire and define the way the Group and all employees act in the development of their professional activity, constitute the fundamental standard under which all other Internal Rules of the Group are framed”. As the highest standard within the organization, in the framework of the design and establishment of its policies and regulations, the Company must respect the content and scope of the Principles for Responsible Business and its guiding elements from the moment of their creation until their eventual repeal.
To ensure ethical behavior and compliance in the Company, a comprehensive program by the Compliance Management is implemented. This program encompasses risk identification, policies and procedures, due diligence controls, training, non-compliance reporting mechanisms, and remediation plans. These elements are detailed in the Compliance Function Annual Report 2024, which establishes the main lines of action and is complemented by the Action Plan for the following year, both of which are reported to the Audit Committee.
In addition, the Compliance Management is responsible for reviewing local policies and procedures prior to their disclosure, ensuring their alignment with the Group’s Preventive Compliance Model (PCM). This review ensures that, by repealing any policy or procedure, the Responsible Business Principles and the obligations of the RCPM are not compromised.
Telefónica’s regulatory framework is composed of corporate and local policies and regulations that develop and reinforce the Responsible Business Principles.
Environmental Management and Climate Change
- Global Environment and Energy Policy
- Environmental Management System Handbook
- Operational Control Handbook
- Instruction on identification and evaluation of environmental aspects
- Context Analysis of Risk and Opportunity Identification Instruction
Ethics and Integrity
- Anti-Corruption Policy
- Self-Control and Risk Management of Money Laundering and Terrorist Financing Policy
- Sanctions Regulations
- Competition Law Policy
- Regulations on Relations with Public Entities
- Conflict of Interest Policy
- Regulations for Anti-Corruption Certifications for Executives
- Internal Rules of Conduct
- Artificial Intelligence Governance Model Regulations
Sustainable Supply Chain Management
- Supply Chain Sustainability Policy
- Supply Chain Sustainability Standards
- Low Carbon Purchasing Instruction
Workplace Safety and Well-Being
- Safety, Health and Welfare at Work Regulations
- Handbook on the Protocol of Action in Situations of Labor or Moral Harassment, Sexual Harassment and Discrimination
- Instruction on Occupational Risks in Contracting of Works and Services
Digital Security and Trust
- Global security policy
- Global safety regulations
- Global Privacy Policy
- Global supply chain security regulations
- International Supply Chain Security Regulations
- Local Instruction of Security in BI Data Governance
- Local Application and Platform Access Controls Instruction
- Local Operational Risk Manual
- Global IT infrastructure security regulations
General Aspects of Responsible Business
- Global Human Rights Policy
- Diversity and Inclusion Policy
- Equality Policy
- Gender Equity Regulations
- Diversity Policy and Board Selection
- Responsible Business Principles Channel Management Regulations
- Quality Policy
- Disability Regulations
Responsible Communication
- Responsible Communication Regulations
- Social Networking Regulations
- Local Regulations Internal Communication
Note: Public Outreach Policies are available at: telefonica.com/es/sostenibilidad-innovacion/como-trabajamos/principios-negocio-responsable/
The Company’s commitments to ensure responsible business conduct are embodied in its Code of Ethics, also known as the Principles for Responsible Business (PNR), which promote transparent, integrated and sustainable management. These principles promote transparent, integrated and long-term management that promotes a more ethical, fair and sustainable social and environmental development.
To ensure that both employees and counterparties adhere to these principles, the Company incorporates contractual clauses in agreements that enforce compliance and establish consequences for possible violations. During 2024, 100% of the members of the Board of Directors and Level I and II directors signed the Anti-Corruption Certificate, reaffirming their commitment to the policies established in the NRPs and the Anti-Corruption Policy. The signing of this document arises as part of the implementation of adequate controls and procedures to ensure compliance with the Anti-Corruption Policy and the Code of Ethics – Principles for Responsible Business. In addition, it is based on the Corporate Regulations on Anti-Corruption Certifications for Executives (4th edition). In addition, the Management Committee received training in this area in the second half of the year.
The Company also has a Corporate Governance Code, which ensures respect for the rights of shareholders, creditors, investors and other stakeholders. This code establishes principles of sustainable investment, healthy competition and social responsibility, and guides sustainability strategies aligned with the Dow Jones Sustainability Index (DJSI). Telefónica also collaborates with non-profit organizations that address development challenges in the country..
In order to make these commitments tangible, the organization has established a series of implementation mechanisms:
(I)
Due diligence on counterparties, in order to identify possible corruption risks with the potential to affect the ethical and responsible management of the organization;
(II)
Adherence of counterparties to the Principles of Responsible Business through the subscription of the Anti-Corruption Certificate and the contractual clauses established by Telefónica;
(III)
Provision of the corporate tool for reporting conflicts of interest and the mechanisms for receiving or delivering invitations and gifts in the private and public spheres;
(IV)
Reporting possible conflicts of interest by potential collaborators in the process of joining the Telefónica Group;
(V)
Establishment of consultation and/or complaint channels for collaborators, suppliers, allies and any third party or interest group;
(VI)
Contractual and/or disciplinary mechanisms that enable the application of consequences in the event of any breach of commitments and/or internal and external regulations.
Communication and
Training
Training
Fostering an ethical culture within the Company requires a strong focus on compliance training and awareness. During 2024, a new mandatory training offering was launched for all employees, with virtual courses in Code of Ethics and Conduct: Integrity and Anti-Corruption, Information Protection Security Practices and Privacy Principles and Binding Corporate Rules. At the end of December 2024, these courses were completed by 99%, 97% and 98% of key employees, respectively.
In addition, Compliance Management provided 31 internal and external trainings on Telefónica’s Compliance Program, addressing topics such as Responsible Business Principles, the Anti-Corruption Policy and the Regulations on Conflict of Interest and Relationships with Public Entities.
In addition, 100% of employees in sensitive positions within the Company completed the “Code of Ethics and Conduct: Integrity and Fight against Corruption” course, available on the corporate learning platform.
As for external training, these were mainly addressed to Optecom S.A.S., a company controlled by Colombia Telecomunicaciones S.A. E.S.P. BIC, and to civil society in various academic spaces on best practices of the Telefónica Group.
All of the new employees (460) who joined in 2024 received a copy of the Responsible Business Principles, the Anti-Corruption Policy and the Conflict of Interest Regulations, in addition to being invited to quarterly Compliance Management training sessions.
Specific training was also provided for key areas such as B2B and B2C, reaching a total of 1,026 employees and 66 Experience Centers trained in 2024.
Business Partner Engagement
Telefónica requires its allies, suppliers and partners to adhere to its anti-corruption and anti-ATF/ATF/AML policies. Therefore, in 2024, five external training sessions were held on collective anti-corruption initiatives, and other four at congresses and academic activities on Compliance. These actions made it possible to share the best practices adopted by the Company in the area of compliance.
Awareness
Awareness is a key pillar of the Compliance Program. In 2024, various initiatives were implemented to reinforce the culture of integrity:
1.
Compliance Day:
Global day to bring the Compliance function closer to the business and raise employee awareness of current issues.
2.
Five Stars Recognition Program: Initiative that rewards exemplary conduct in integrity, sanctions, privacy and security. In its sixth edition, four employees were recognized locally, and one globally in privacy.
3.
Content Disclosure: 117 communications were published in internal channels on:
- Business ethics and integrity
- Conflicts of Interest Management
- Responsible Business Principles
- Valuation of invitations and gifts
- Mandatory SSFF training
- List of sanctioned countries and territories
- Importance of subscribing to the anti-corruption certificate
Mechanisms, Ethics and Consultation Channels
The Company has established mechanisms through which any person inside or outside the Company can safely communicate any doubts or concerns related to the Telefónica Group’s ethics and integrity regulations.
Complaints Channel
The Company has a Whistleblower Channel, the main mechanism for employees, directors, managers and third parties related to the Company to report, anonymously or personally, any alleged unethical or corrupt conduct that constitutes a violation of any of the regulations, including those related to ethics and integrity or those external parties who commit violations and who have any link with the Company.
This channel is managed by the Inspection Management and is governed by the Telefónica Group’s Internal Information System, in addition to the Internal Information System Management Procedure.
Complaints can be submitted in writing or verbally, and the channel is available 24/7 through various means, such as the website and corporate intranet (free access) and dedicated e-mail accounts. In addition, complainants can check the status of their complaint, add information and communicate with the team responsible for the analysis.
The Inspection Management receives and investigates complaints diligently, promoting their verification. Subsequently, the Disciplinary Action Committee, composed of the Compliance and Audit areas, promotes the necessary measures for their mitigation, in accordance with internal regulations and procedures.
Among the conducts that can be reported through this channel are those related to bribery, favored treatment, conflicts of interest or those involving crimes against public administration, as well as any unethical or illegal conduct.
Employees
The mechanisms available to employees to access the whistleblower channel are as follows:
Intranet: intranet.telefonica.com/principios-negocio-responsable/es/#REPORTA_DENUNCIA
E-mail: canal.denuncias.co@telefonica.com
Toll free from anywhere in the country: 018009345712
Through the complaints channel, a total of 78 complaints were received in fiscal year 2024 which, together with the 21 complaints that had remained as Analysis in progress at the end of year 2023, generated a total of 99 complaints, of which:
| Status | Quantity | Percentage |
|---|---|---|
| Not admitted for processing | 3 | 3% |
| Upheld | 13 | 13% |
| Not upheld | 24 | 24% |
| Under analysis | 58 | 59% |
| Forwarded | 1 | 1% |
As a result of the investigations carried out during this fiscal year, 13 complaints were founded. Of the investigations closed, it may be concluded that there were two for non-compliance with commitments to clients, four for internal fraud, three for external fraud, two for inadequate/improper conduct, one for conflict of interest and one for favored treatment.
It is important to note that the Company took the respective disciplinary and corrective measures in each process for the well-founded complaints. Among the measures adopted as a consequence of the well-founded complaints, there was one termination of the employment contract with just cause, one employee resigned prior to the notification of the disciplinary process, four suspensions, two warnings to direct employees and one warning to a commercial agent.
In accordance with the Group’s Anti-Corruption Zero Tolerance Policy, any manifestation of corruption is prohibited, for which reason the Company has specific controls for its prevention, detection and remediation of possible cases, materializing in the adoption of disciplinary measures and/or termination of contracts.
Compliance Mailbox
The Company has two permanent and accessible consultation mailboxes:
- Compliance Management’s corporate mailbox
ofc.cumplimiento.co@telefonica.com, a channel that guarantees confidentiality, availability and accessibility. It can be used by any person inside or outside the organization, including Senior Management, to request information or advice regarding (i) ethical dilemmas or (ii) the content and application of the Telefónica Group’s ethics and integrity regulations, as well as to report facts or acts contrary to the Telefónica Group’s Compliance Program or Corporate Ethics. This corporate inquiry mailbox is governed by the “Specific Procedure of the Compliance Office Mailbox Manual.”
- The Company has two permanent and accessible consultation mailboxes:
Local Compliance officer, registered with the relevant regulators.
In this regard, it is pertinent to specify that an ethical dilemma is understood as those cases in which an executive or employee of Telefónica has doubts about how to behave or act in a specific event, because he/she is not sure whether his/her behavior (i) is ethical, (ii) complies with the ethics and integrity regulations of the Telefónica Group or (iii) if it could generate adverse consequences for him/her or for the organization.
Responsible Business Channel
In addition, the Company has a Responsible Business Channel, for answering any questions and/or complaints related to the Responsible Business Principles. This channel is managed by the Sustainability area and is responsible for transferring the communication to the competent area. In 2024, eight cases were received: two from business partners/suppliers, four from customers, and two from public entities.
The Telefónica Group’s channel for consultations and Responsible Business was updated on the Telefónica – Consultations Channel website.
Consultations Channel website.
The Compliance Function Charter defines the main lines of the Telefónica Group’s Compliance Program, its interaction with business processes and other areas, and particularly relevant matters. The starting point for management is risk assessment and the preservation of integrity.
The above is developed in three main axes:
Preventive control through which different functions are developed to generate a culture of compliance;
Reaction, which refers to the existing action protocols for situations of non-compliance indications;
Response that brings together remediation through the mitigation of actions associated with possible and proven violations. On the other hand, it also promotes the recognition of employees with outstanding behavior in terms of their commitment to compliance.
In 2024, and in the exercise of its functions, Compliance Management evaluated the aspects related to compliance risk and, therefore, the risk of corruption in 100% of the operations carried out by the Company and considered as sensitive to this type of risk.
The following table shows the total number of operations assessed by Compliance Management, according to the type of operation:
| Assessed operation | Assessment objective | Number of assessments |
|---|---|---|
| Temporary joint ventures | Identify and manage corruption and/or ML/FT/AML risks derived from the formation of temporary unions for the development of projects with the public sector, through (i) due diligence of business partners and (ii) review and incorporation of anti-corruption clauses. | 5 |
| Conditional suppliers | Identify and manage corruption and/or ML/FT/AML risks associated with the direct contracting of suppliers within the framework of the execution of projects with public sector clients. | 85 |
| Sponsorships | Identify and manage corruption and/or ML/FT/AML risks associated with the provision or granting of sponsorships to third parties. | 44 |
| Real estate sales projects | Identify and manage corruption and/or ML/FT/AML risks arising from the sale of the Company’s real estate to third parties. | 21 |
| Invitations and gifts | Identify and manage the risks of corruption, conflicts of interest or malpractice arising from the offer or receipt of gifts and intentions. This framework seeks to ensure that such interactions are aligned with the organization’s ethical and regulatory principles, promoting transparency and legal compliance. | 61 |
| Due diligence on counterparties | Identify and manage corruption and/or ML/FT/AML risks derived from the relationship with the Company’s counterparties and certain companies of the Telefónica Group in Colombia. | 19.462 |
| Linkage with PEP | Identify and manage corruption and/or ML/FT/AML risks arising from relationships with counterparties considered Politically Exposed Persons (PEPs). | 18 |
During 2024, the Company maintained the ISO 37001:2016 Standard certification (Anti-Bribery Management System), after successfully completing the internal and external audit processes in the first half of the year. In this context, Compliance Colombia Management identified 65 risks in its Integrity Risk Matrix, none of which were assessed as “Critical”.
The external audits carried out within the framework of the certification highlighted the high level commitment of the personnel, the leadership of Senior Management in the continuous improvement of the Anti-Bribery Management System, the effectiveness of the communications plan and the clear definition of roles and responsibilities within the system.
As part of its commitment to ethics and integrity, the Company continued to strengthen anti-corruption controls in the companies in which it has a majority interest. In particular, it provided guidance to Operaciones Tecnológicas y Comerciales S.A.S. (Optecom S.A.S.) in the identification of its integrity, money laundering, financing of terrorism and proliferation of weapons of mass destruction (LA/FT/PADM) risks, thus contributing to its risk management and minimizing possible direct and indirect impacts on the Company.
Corruption Cases and
Actions Taken
The Telefónica Group has mechanisms in place to identify, investigate and sanction irregularities related to acts of corruption or breaches of ethics and integrity.
During 2024, there were no confirmed cases of corruption that would have resulted in the termination of contracts with business partners or reputational damage to the Company.
Within the framework of the eight (8) Disciplinary Action Committees held during the year, 141 disciplinary sanctions were analyzed, of which 16 were related to acts contrary to the integrity of the company.
Good Practices
The Company continued to consolidate its position as a benchmark in good ethics and integrity practices, promoting a culture of compliance in the business sector during 2024.
Some of his main participations and recognitions were:
Alliance for Integrity: Participation in two sessions of the training program, aimed at strengthening compliance programs in small and medium-sized companies.
Sustainability and Compliance Congress (Universidad EIA de Medellín): Presentation on the integration of sustainability and compliance strategies.
International Fraud Congress (Spanish Association for Cooperation in Fraud Prevention): Presentation of Telefónica’s compliance standards.
Alliance for Integrity – Advisory Group: Inclusion of the Company in this advisory group, led by the German Agency for International Cooperation (GIZ), which allows the Company to influence the compliance agenda at national and international level.
Spanish Chamber of Commerce: Call to present Telefónica’s compliance program, highlighting its reputation and leadership in compliance strategies.
Mayor’s Office of Cali: Recognition of Telefónica’s good compliance practices in the private sector, valuing its commitment to transparency and corporate social responsibility.
Mayor’s Office of Cali: Recognition of Telefónica’s good compliance practices in the private sector, valuing its commitment to transparency and corporate social responsibility.
In 2024, Colombia Telecomunicaciones reaffirmed its leadership in the sector by maintaining the ISO 37001:2016 certification, an international standard that endorses the implementation of an effective and robust Anti-Bribery Management System. Originally obtained in 2022, this certification, valid until June 2025, positions the Company as the only one in the telecommunications sector in Colombia with this certification.
Beyond regulatory compliance, this certification reinforces the trust of partners, clients and regulators, demonstrating a proactive approach to preventing bribery and promoting a culture of integrity.
The maintenance of this certification is the result of the continuous effort of the entire Company under the leadership of the Compliance Office, which guarantees the constant updating and improvement of processes in accordance with the highest international standards. This commitment reaffirms the Company’s leadership in the implementation of preventive measures and its determination to be a reference in business ethics within the telecommunications sector.
Digital Trust
Technology has the potential to improve the quality of life and generate value, provided that it is based on respect for and guarantee of privacy and security in the processing of personal data. It is essential that users have confidence in the products and services they use, knowing that their rights are protected and that they have clear options for managing their information.
To this end, the organization is guided by four fundamental principles:
Protection:
Data security is a priority, ensuring the privacy of individuals in every interaction and collaboration.
Design:
Privacy and security are integrated from the conception of products and services, ensuring their implementation throughout their life cycle.
Empowerment:
Tools are provided that enable individuals to manage and control their data, with transparent access to risks and benefits.
Transparency:
Accessible solutions are provided that allow control of information, with technology designed to respect privacy.
Through these principles, trust is strengthened and responsible use of information in the digital environment is guaranteed.
Data Protection
Data Protection
Telefónica Movistar Colombia reaffirms its commitment to personal data protection and digital security, considering them fundamental pillars to improve the lives of citizens and contribute to social development. Its commitment is based on the Responsible Business Principles, which establish common guidelines to ensure the privacy and security of information in all its operations.
The Company’s Global Security Policy covers physical, operational and digital security, ensuring business continuity, fraud prevention and supply chain protection. Digital security, which includes cybersecurity and information protection, is implemented in systems, networks and services based on the principles of legality, efficiency, co-responsibility, cooperation and coordination.
Integral security is supported by the following regulatory framework:
Global security policy: Principles and commitments to security, based on international standards and best practices in digital security.
General safety regulations: Development of safety principles and guidelines.
Local regulations: Alignment with national regulations and best practices
Global security regulations: Controls and measures for information classification, incident management, business continuity, risk, IT security, cybersecurity and fraud management, among others.
In 2024, Telefónica Movistar Colombia reached a milestone in digital security by obtaining ISO 27001 recertification for its billing and data center processes, following an external audit that validated its security controls.
The security culture has been strengthened through awareness and training programs, with 93% of direct employees participating in security courses and talks at Success Factors (SSFF). In addition, the implementation of Office 365 DLP has significantly improved information leakage control.
As part of the risk management strategy, 69 critical processes and 130 essential applications were analyzed, ensuring the identification and mitigation of vulnerabilities prior to implementation in production. In addition, more than 90% of cloud implementations, including new projects and migrations, were monitored to ensure security in infrastructure, data, integration and access.
The strengthening of Active Directory with Tenable AD has reduced risks of attacks and unauthorized access, benefiting more than 23,000 users and achieving 75% compliance. In parallel, the adoption of Palo Alto’s Prisma CSPM has optimized security in the cloud, providing visibility and control over the infrastructure in Azure (Production, Development and Test).
To reinforce access protection, more than 3,000 third-party users were removed from the T-Técnicos tool in a timely manner, reducing exposure to unauthorized access and improving the quality of the recertification process.
Vulnerability scans and penetration tests were performed on 98% of SOX critical applications and 100% of exposed assets. In addition, more than 4,336 technology and internal network assets were integrated into continuous vulnerability monitoring, and more than 10,000 assets were integrated into the security event monitoring system.
The Company managed 100% of the incidents, ensuring the investigation, mitigation and recovery of assets without affecting the personal data of customers, suppliers or employees. New intelligence sources were also incorporated and the company advanced to Cyber Intelligence Maturity Level 4, anticipating possible threats.
In 2024, Telefónica Movistar Colombia received no complaints from users or authorities for privacy violations or loss of personal data.
In 2024, Telefónica Movistar Colombia received no complaints from users or authorities for privacy violations or loss of personal data.
At the end of 2024, 97.58% of the collaborators of allies and third parties were trained in Digital Security, reaching a total of 17,272. This achievement was possible thanks to the joint work with the training area and channel leaders, who actively promoted the course through strategic communications and the creation of spaces that allowed its implementation without affecting the operation. Initiatives that contributed to this result were:
- Definition of the user baseline.
- Planning the deployment of the course in call center, loop, agent and Experience Center channels.
- Launching of the course by the training team.
- Weekly follow-up through progress reports.
- Consolidation of monthly indicator reports.
- Mobilization of the course with contract managers and channel managers.
- Monthly report to the sustainability area for approval.
These actions have strengthened the digital security culture among allies and third parties, ensuring their alignment with best practices in information protection.
Ethics and
Artificial Intelligence
In 2024, the Artificial Intelligence Governance Model Regulation was officially implemented, following its approval in November 2023. This document establishes a strategic, organizational and operational framework to guide all activities related to artificial intelligence (AI) in Telefónica, from its design and development to its commercialization. Its purpose is to ensure responsible and sustainable management, in strict compliance with current regulations.
The IA Governance Model adopts a comprehensive approach that balances the optimization of resources with the protection of health, safety and human rights. In addition, it is positioned as a key pillar to mitigate potential negative impacts on society and the environment, aligning with Telefónica’s principles of sustainability and responsible business. This framework also facilitates the creation and updating of internal policies and procedures, ensuring that decisions are made within a solid and transparent organizational structure.
The application of the regulation not only strengthens Telefónica’s strategy in human rights and sustainability, but also balances technological innovation with social responsibility and digital trust. In this way, artificial intelligence is consolidated as an effective tool, with an ethical component and aligned with global priorities.
The Compliance function plays a central role in the definition, implementation and oversight of the AI Governance Model within the Telefónica Group. Its main responsibility is to ensure the effective governance of artificial intelligence through the formulation of policies in coordination with the Global Sustainability Management (ESG), Legal Services and Internal Audit. It also develops procedures, processes and regulatory catalogs to ensure compliance with applicable AI regulations, working closely with the Data Governance area (CDO) and Legal Services.
This function also validates the adequacy of processes and regulatory catalogs, promotes compliance with the principles defined by Telefónica and ensures alignment with current legislation. In addition, it provides continuous advice for its correct implementation and supervises the risk assessment to be carried out by the business areas, in order to mitigate them effectively.
Protection in Digital
Environments
Movistar reaffirms its commitment to the responsible use of technology, promoting a safe digital environment for children and adolescents. Through strategic alliances and technological solutions, the Company promotes digital education and online risk prevention.
This commitment is materialized in several lines of action:
Partnerships with key stakeholders: Works with the National Police, MinTic, NGOs and experts to raise awareness of digital risks and promote child cybersecurity.
Partnerships with key stakeholders: Works with the National Police, MinTic, NGOs and experts to raise awareness of digital risks and promote child cybersecurity.
Collaboration with suppliers: Evaluates child protection measures in the design of devices and operating systems.
Education and awareness: Offers educational content through the Dialogando portal, providing tools for responsible use of technology.
Protection products and services: Promotes the use of parental controls and security solutions to help families manage their digital environment.
Blocking of illegal content: Acts against online child abuse and exploitation, blocking materials according to lists of specialized entities and responding to legal notices (more information).
Through these initiatives, Movistar reinforces its commitment to digital safety, ensuring that children can take advantage of technology in a safe and responsible manner.
Responsible Supply Chain Management
GRI Content 2-24, 204-1, 308-1
The social and environmental impact of companies is closely linked to their supply chain, especially in large multi-sector corporations. At Telefónica, sustainability is a fundamental pillar of its business model, and the Company works strategically with its suppliers to align its practices with its commitments to customers and society.
Given the global magnitude of its supply chain, Telefónica promotes and demands high standards of responsibility through its Supply Chain Sustainability Policy. The Company ensures that its suppliers comply with quality criteria, legal regulations and ethical, social, environmental and privacy principles. This policy, based on the Principles of Responsible Business, guides the relationship with stakeholders, specifically Telefónica’s commitment to Sustainable Supply Chain Management.
Developed in accordance with international standards such as the UN Guiding Principles on Business, the Universal Declaration of Human Rights, International Labour Organization conventions, the UN Convention on the Rights of the Child, OECD guidelines and ISO standards, this policy also reflects Telefónica’s commitment to the Global Compact on corporate social responsibility, the Sustainable Development Goals and respect for Human Rights.
Local Supplier
Development
Of the 551 suppliers (awardees) that the Company had in 2024, 74% (409) are companies incorporated in Colombia (local suppliers), who were awarded 90% of the total purchase values, divided into product lines:
Percentage of Purchases Awarded in 2024
In 2024, the Company was supported by 40 partners and 38 agents, who contributed to the creation of 17.718 indirect jobs:
Allied Company
Supplier that provides a service to Telefónica and directly or indirectly affects the end or internal customer, allocating exclusive resources (human, physical, financial, etc.) for this service.
Número de emplNumber of indirect employees – Allies:
13.235
Commercial Agents
Organization that undertakes to independently and stably promote the marketing of Telefónica’s products and services.
Number of indirect employees – Agents:
4.483
On the other hand, in 2024, the Company entered into 310 new contracts with 252 organizations and 15 modifications with 14 organizations outside the scope of the Telefónica Procurement Model (TPM).
Supplier Sustainability
Assessment
In terms of sustainability assessments, the Company has conducted a comprehensive analysis of high-risk suppliers through the IntegrityNext platform. This approach facilitates the effective management of risks associated with sustainability in the supply chain, ensuring compliance with established responsible standards and principles.
Of the suppliers awarded, 75 have been classified as high risk in terms of sustainability. To date, 39 of these suppliers have been evaluated in IntegrityNext, representing 52% of the high-risk suppliers identified, demonstrating significant progress in the implementation of the risk mitigation strategy. These evaluations not only allow us to verify regulatory and ethical compliance, but also strengthen the relationship with suppliers and improve transparency in the supply chain.
In line with the Supply Chain Sustainability Policy, the Company has collaborated with Achilles to evaluate compliance with Telefónica’s Responsible Business criteria in 17 allied auppliers.
Achilles uses a rating system that evaluates ethical, social, environmental and supply chain management criteria, awarding a sustainability score to each supplier between 0% and 100%.
The results of the sustainability audit of the allies in Colombia reflect a positive overall picture, with compliance levels between 87% and 98%. However, the Commercial area presents the lowest percentage of compliance (87%), indicating the need to strengthen controls in this area. In addition, local suppliers have a lower level of compliance in the Responsible Business Principles (RBP) with 78%, indicating areas for improvement in the management of these suppliers.
The analysis reveals that the main areas of opportunity are Occupational Safety and Health (OSH), Human Resources (HR) and PNR, which represent 32%, 31% and 25% of the findings, respectively. The highest concentration of critical observations is in the Commercial area, which highlights the urgency of reviewing its processes and implementing corrective measures.
It is recommended to strengthen OSH protocols, improve oversight of local suppliers and review the commercial process to reduce critical findings and improve compliance.
Supplier Audits and
Improvement Plans
In 2024, the Allies Model continued to be strengthened in Colombia, focusing on the development of actions that contribute to strengthening the relationship with suppliers and ensuring compliance with minimum sustainability standards and criteria in the supply chain:
Administrative audits
We conducted 610 audits of contractors to ensure timely compliance with labor obligations. In addition, contract closing audits were conducted to ensure compliance with labor obligations at the end of the agreements.
Comprehensive audits
17 contractors were audited, evaluating aspects related to human resources, occupational health and safety, the environment, responsible business principles and data protection.
On-site audits
18 on-site audits were carried out, reaching 37% coverage of the allies, which made it possible to identify and develop action plans to eliminate the root causes of the deviations detected.
In addition, as part of the best practices to ensure compliance with social, labor, safety and health standards in the supply chain, the following were developed:
OSH technical roundtables: Technical roundtables were implemented with allies that perform high-risk tasks, including the update of the Instructions for Serious and Fatal Occupational Accidents. In total, two sessions were held with the participation of 34 partners, reaching 148 participants.
Induction and reinduction of allies: Induction of new allies was carried out at the beginning of operations and reinduction of companies in the alliance model every two years. In 2024, five induction and reinduction sessions were held for 17 partners, with a total of 55 participants.
Also to encourage dialogue and supplier satisfaction, they communicated:
Allied mail: Centralized communication channel for issues related to Human Resources and Occupational Health and Safety.
Allied newsletters: Quarterly publications sent to the network of allies and contract administrators, with a total of three editions sent in 2024.
Customer Management
Movistar works to achieve the best customer experience and satisfaction and therefore implements the Quality Management System (QMS), structured under the ISO 9001 standard, which highlights, among others, the Company’s work in business agility, which is above the average for the region, and the management of Customer Service and Customer Experience.
Customer Experience
and Customer Service
Technological evolution, the optimization of response times and the support of strategic allies have strengthened the call and digital service channels, enabling the implementation of self-management solutions for customers to make inquiries and transactions quickly and efficiently. With the shift from face-to-face service to virtual and telephone channels, social networking, self-management and multichannel strategies have been reinforced through Interactive Voice Response (IVR) and digital channels. The main initiatives include:
Improvements in WhatsApp Bot self-management: We optimized the management of failures in fixed services, incorporated new microservices and reduced waiting times in billing, achieving an increase in the transactional NPS from -30% to 8%.
#We Answer We Solve: Initiative focused on guaranteeing fast and effective access to telephone customer service channels, experience centers and WhatsApp, achieving 99% availability of the telephone channel and a 2 pp increase in the transactional NPS of the voice channel.
Strengthening of Close the Loop: Expansion of analysts’ capabilities to increase the immediate resolution of incidents, raising the resolution rate from 80 pp to 85 pp.
Voice of Customer Program: Implementation of Inner Loop and Outer Loop to scale impacts at the executive level and define actions to improve the customer experience.
Artificial Intelligence in IVR and Cognitive Agent: Automation of transfers between IVR and digital channels, enabling the self-management of 2 million transactions and the routing of 2.3 million calls by 2024.
Soy Guía Bot Movistar: Expansion of functionalities in WhatsApp for balance inquiries, payments, plans, technical support and sales. In 2024, the B2C Chatbot served 870,000 unique monthly customers, with 1.2 million sessions and 80% contention.
Improvements in navigation platforms: Development of a speed test tool in the My Movistar app, used by 1.9 million customers, who carried out 3.1 million transactions.
Development of soft skills: Disruptive customer service workshops in Experience Centers, promoting closeness and empathy.
Protocol for difficult clients: Creation of videos in WorkPlace with guidelines for complex cases.
Expansion of accessible experience centers: Implementation of formats adapted for deaf customers in 46 Experience Centers in 32 cities.
Migration and stabilization of the shift system (Moviturnos): Modernization to a more flexible and efficient in-house platform, managing 435 thousand visits and scheduling 11 thousand appointments in 2024.
Inner Loop Methodology: Identification and scaling of operational impacts on customer service to ensure structural solutions.
Compliance with key indicators: 101% in CSI, 103.7% in service level, and 95% in solution and satisfaction according to Moviturnos surveys.
Optimization of processes and training: 39% reduction in the execution of the service channel between 2023 and 2024.
Customer Satisfaction: Net
Promoter Score – NPS
The measurement of customer management is focused on the level of recommendation (NPS – Net Promoter Score) based on the ACSI model (American Customer Satisfaction Index) and used worldwide in companies of different sectors, under a methodology that applies surveys to randomly selected customers of the active fleet, ensuring representativeness of regions and segments, which are processed by an external market research company, ensuring objectivity in the event of an audit.
During 2024, a total of 42,480 surveys were conducted for a monthly average of 3,540 in-depth customer surveys. The sample reached yields an estimated error of 0.06 out of a maximum allowed of 0.13, which allows us to establish the required robustness in the NPS data obtained.
At the end of 2024, the Company’s NPS reached 25%, an increase of +3 pp compared to 2023, with the B2B segment growing +10 pp and B2C improving by +1 pp.
The main pain points identified were problems in the mobile network, rate increases and the perceived lack of solutions in the self-management processes. To address these issues, actions were implemented such as:
Definition and progress in the mobile network sharing project with Tigo.
Improvements in the invoice for greater clarity to the client regarding the value variation.
Launch and implementation of the Voice of the Customer Program: Identification of impacts on key processes through survey analysis and escalation of recurring problems in customer service channels.
Billing and collection optimization:
30% reduction in transaction time at collection machines.
Integration of new payment options such as Nequi and Daviplata, reducing transaction times by 20%.
40% improvement in invoice delivery times.
Personalization of billing and collection notification messages, increasing digital payments to 67% and payments on due date to 53%.
Optimization in commercial support:
Increase in first-line care to 99.84%, with referrals to the Back Office of only 0.16%.
Digitalization of commercial tools to improve sales and post-sales times.
Compliance with Law 2300 and habeas data, optimizing interactions with clients and improving communication through authorized means.
Remediation of Negative
Impacts on Customers
The Company, in addition to having the regulated customer service channels to manage all Questions, Complaints and Claims (PQR), has implemented several actions focused on improving the customer experience through digital and self-management channels, specifically addressing the most recurring issues among users.
Comprehensive claims management
In 2024, the Company managed to reduce to 0.67% the rate of claims on billed items, an improvement from 0.71% in 2023. This percentage corresponds to customers who filed claims that resulted in the issuance of credit notes.
Dynamic monitoring
A dynamic dashboard was developed that allows detailed tracking of the behavior of claims with invoice adjustments. This tool facilitated more timely management of root causes, minimizing both the impact on the customer experience and the impact on business revenues.
Customer Journey Map update
In 2024, we reviewed the critical points and gaps in the process that affect business objectives, designing a comprehensive improvement plan that covers everything from sales to customer service. This effort seeks to consolidate a differential experience for customers, ensuring quality throughout their life cycle, especially for convergent customers.
Process optimization
In collaboration with the Revenue Maximization strategic initiative team, policies and processes were modified to reduce recurring adjustments, ensuring effective solutions at the first customer contact. As part of this effort, the Maxi tool, designed to simplify claims management, was launched. This tool analyzes the case by entering the line number that is the subject of the complaint, providing the advisor with the procedure to follow and the corresponding script. Its implementation made it possible to reduce the average service time for this type of claim from 40 to only 5 minutes per case.
Legal Management
Investments of the Company
in Other Companies
The Company has direct equity investments in Operaciones Tecnológicas y Comerciales S.A.S. – Optecom S.A.S., Comunicación Celular S.A. – Comcel S.A., Álamo Holdco S.L. and UniRed Colombia S.A.S. The following is a detail:
The Company owns 3,330 common shares, equivalent to 100% of the capital stock of Optecom S.A.S., a Colombian company.
Colombia Telecomunicaciones holds and owns 3 shares of Comcel S.A., a Colombian company.
The Company has a 49.99% equity interest in Unired Colombia S.A.S., a Colombian company.
The Company has a 40% interest in the capital stock of Álamo Holdco S.L., a Spanish company, which owns 100% of the capital stock of Onnet Fibra Colombia S.A.S., a Colombian company.
Red Única Project
On February 26, 2024, the Company entered into a framework agreement with Colombia Móvil S.A. E.S.P. to develop a unified mobile access network, through the incorporation of an independent company and the sharing of radio spectrum use permits through a joint venture. After obtaining the corresponding authorizations on December 20, 2024, the closing of the transaction took place and the following events occurred:
The Company entered into contracts with Unired to deploy the mobile access network under the required quality and capacity conditions.
The Ministry of Information and Communications Technologies authorized the assignment of the permit for the access, use and exploitation of 20 MHz of radioelectric spectrum for the operation of land mobile radiocommunications services in the national territory (frequency range from 703 MHz to 713 MHz paired with 758 MHz to 768 MHz) granted to Colombia Móvil S.A. ESP, in favor of the Unión Temporal Colombia Móvil – Colombia Telecomunicaciones, formed between these two companies.
The company “Unired Colombia SAS” was incorporated for the implementation of the single mobile access network, in which Colombia Telecomunicaciones S.A. ESP BIC and Colombia Móvil S.A. ESP have equal participation in its capital stock. The companies will continue to be competitors in the provision of telecommunications services and will maintain their independence and autonomy in the management of the business, strategy and commercial activity.
The single network will enable the Company to expand its coverage to new locations and offer greater capacity and speed, enhancing the customer experience.
Millicom and
Telefónica Movistar Colombia
Non-Binding Agreement
On July 31, 2024, Telefónica Hispanoamérica signed a non-binding agreement with Millicom to explore the combination of their operations in Colombia. This potential transaction is subject to the signing of definitive agreements between the companies and the obtaining of approvals from the corresponding authorities and provides for the sale of the shares of Telefónica Movistar Colombia, as well as the extension of the offer by Millicom to the Colombian Nation. The document requesting the pre-evaluation process of the business integration operation was filed with the Superintendence of Industry and Commerce on December 19, 2024.
Transactions with Shareholders
and Directors
The Company did not enter into transactions with shareholders or directors.
Intellectual Property and
Copyright Regulations
The Company complied with intellectual property and copyright regulations in the different systems installed. The Company is not aware of any violations or possible non-compliance with laws, regulations and standards on intellectual property and copyrights, the effects of which should be considered for disclosure in the financial statements or as a basis for recording a contingent loss.
Free Circulation
of Invoices
The free circulation of invoices was allowed in accordance with the provisions of Article 87 of Law 1676 of 2013.
Corporate Practices Implementation
Report - Country Code
The Company duly prepared and submitted to the Colombian Financial Superintendence the report on the implementation of best corporate practices for the year 2024, which is published on the Company’s website.
Compliance with Legislation
and Regulations
The Company paid in fines imposed by the Superintendence of Industry and Commerce the following amounts (in Colombian pesos): COP 229,000,000; COP 490,604,000; COP 544,207,074, and COP 374,312,712, i.e., a total amount of COP 1,638,123,786 during 2024.
Also, five investigations were initiated by the Superintendence of Industry and Commerce for alleged non-compliance with the Communications Users Protection Regime, and three for alleged non-compliance with the Personal Data Protection and habeas data regulations. As of December 31, contingencies were reported that entail the recording of provisions for COP 1,050,316,570.
During 2024, 23 investigations were conducted by the Ministry of ICT for alleged non-compliance with the general telecommunications regime, including CRC regulations (reports, theft of cell phones, network quality). As of December 31, contingencies were reported for 15 investigations for COP 1.24 billion.
Cases of Non-Compliance Marketing
Communications
In 2024, the Company filed one case of non-compliance related to marketing communications:
The Superintendence of Industry and Commerce (SIC) through Resolution 77520 of December 11, 2024, resolved the appeal and confirmed the COP 229,000,000 fine imposed on the Company on November 30, 2023. When resolving the appeal, the SIC insists that after analyzing the recordings in the file, it is demonstrated that the Company provided information to the users regarding the way in which they could access the benefit of the Netflix streaming service, but in the case of the complainant that gave rise to this investigation, even when a Movistar customer service advisor informed her that she could enjoy such benefit, the truth is that the user at no time was able to access it, therefore the SIC confirmed the fine initially imposed.
Complaints Related
to Privacy and
Customer Data
In 2024, the Company did not identify any complaints from users or authorities for violations of customer privacy or loss of their personal data.
Regulatory Management
Spectrum
Movistar continues to strengthen its telecommunications infrastructure through the optimization and efficient management of the radio spectrum, which is key to guaranteeing the continuity and quality of service, as well as the expansion of its network in Colombia.
This resource is a vital input for the provision of mobile services and, consequently, for the connectivity of thousands of people allowing to guarantee personal, educational and professional development; also for the use at industrial level, allowing to improve processes in economic sectors such as manufacturing, transportation, agriculture and industry in general. As of December 31, 2024, the Company had the permits for the use of the spectrum in different frequency bands, to provide mobile voice and data services in 3G, 4G and 5G technologies:
850 MHz band, 25 MHz, MinTic Resolution 2657 of 2024.
1900 MHz band, 15 MHz, MinTic Resolution 2657 of 2024.
1900 MHz band, 15 MHz, MinTic Resolutions 2803 of 2021 and 2143 of 2022.
AWS band. 30 MHz, Resolutions 1053 and 3046 of 2024.
3500 MHz band (5G), 80 MHz, MinTic Resolution 497 of 2024, awarded jointly with Colombia Móvil.
Standards Issued by
the CRC
Resolution 7285 of January 2024 - Competence
The project began by analyzing the lack of competition issue in the mobile voice and data packages market, and has provided for the following:
A. National Automatic Roaming (RAN)
New obligation to offer and provide RAN service under non-discriminatory conditions as requested by the Home Network Provider. If greater unbundling is requested at the municipal level, the visited Network Provider must provide it (if it demonstrates technical restrictions, it must provide it at least per municipality).
Reduced the tariff received by the dominant RAN operator for voice and data, accelerating the application of the final price, which is lower in accordance with the aspects of the regulated path.
Expanded the list of municipalities from 460 to 498 where the value of the RAN is regulated.
B. User Rights
Rates: New ability to request subscription to retention, loyalty and recovery plans if they meet the requirements, which should be communicated on the web page. A visible and easily accessible microsite must be set up to publish these plans.
Portability: The change window was extended from 8 AM to 4 PM, Monday through Sunday. The activation period is of one calendar day; user can choose the day to make the porting effective; planning and materialization of the change window, and cancellation of the service of a ported number.
Customer service in physical offices due to non-compliance with 4G data quality indicators.
C. Competition
The definition of Mobile Network Operator (MNO) and Mobile Virtual Network Operator (MVNO) was adjusted. A company may be a MVNO in areas where it does not have a spectrum permit, or where it has a permit but does not use it. An MNO is a company that has a spectrum permit.
New obligation: All operators must report the passive infrastructure they use, their own or third parties’ (towers, masts, monopoles, floor space and additional services they control in any capacity). The Dominant Operator is also obliged to publish it on its website, together with the reference conditions for sharing such infrastructure.
Resolution 7356 of April 2024 - Register of Excluded Numbers (RNE)
It defined the RNE as a database in which consumers and users who do not wish to be contacted for commercial and advertising purposes may register, extending it to include not only SMS, but also messaging via applications or web, e-mails and telephone calls.
It ordered that all producers and suppliers will be able to access the RNE to consult whether or not the consumers and/or users they wish to contact are registered in said database in order to comply with the regulation of not contacting those who are registered therein.
It pointed out that registration in the RNE does not imply the non-provision of commercial or advertising message services requested by the user prior to registration, nor those expressly requested by the user after such registration.
Resolution 7363 of April 2024- Quality in mobile services
It modifies the target values for Latency (round-trip), Jitter and Packet Loss Rate indicators for 4G data: Target value indicator by geographic scope: Latency (round-trip) 100 milliseconds maximum; Jitter 50 milliseconds maximum; Packet Loss Rate 5% maximum.
Base stations with satellite transmission, latency, phase jitter and packet loss rate indicators are reported in an informative way, they should not meet target values.
Established target values for 4G mobile data upload and download speed indicators according to the defined geographical areas.
Competition
The legal actions in 2024 with respect to unfair competition or violations of the legislation on monopolistic practices or free competition were as follows:
For practices restricting competition in the Superintendence of Industry and Commerce (SIC):
There are three ongoing proceedings against the dominant operator for unjustified rejections in mobile number portability; diversion of subsidies to new accesses in the fixed internet plan in strata 1 and 2; and unjustified rejections due to new regulatory grounds. The complaint filed against Telefónica Movistar Colombia, for the dominant company is a complaint for the loyalty bonus and “Better Together” programs.
Jurisdictional claims for unfair competition in the SIC:
There is a process against the dominant operator for acts of unfair competition for discrediting, deceit, client diversion and infringement of the duty of good commercial faith by contacting customers of Movistar’s fixed service and insinuating that they would be left without service coverage. Three lawsuits have been filed against Telefónica Movistar Colombia, by Claro, Tigo and WOM, for the loyalty bonus and “Better Together” programs.
Unfair competition claims against the Company:
Jurisdictional claims for unfair competition in the SIC:
The dominant operator sued Telefónica Movistar Colombia, considering that the loyalty plans of the “Better Together” offer were contrary to the regulation in force, since such offer would be generating rejections of portability requests for having an outstanding debt with the Company. The process is in the deciding stage of the appeal filed by the Company as to whether the claim is admitted or not.
For jurisdictional claims for unfair competition in the SIC:
Colombia Móvil against Telefónica Movistar Colombia, considering that the loyalty plans of the “Better Together” offer was contrary to the current regulation, since such offer would be generating rejections of portability requests for having an outstanding debt with the Company. Currently the process is in the deciding stage of the appeal filed by the Company as to whether the claim is admitted or not.