The BCRA has approved the minimum requirements for the management and control of information security risks seeking to improve strategic planning on cybersecurity, fraud prevention, and cyber resilience. This is vital for rendering valuable financial services to users.
These requirements have been set out by current regulations, which have been reviewed on a comprehensive basis in line with the recommendations of the Bank for International Settlements (BIS) and the Financial Stability Board (FSB). Financial institutions are subject to these regulations on different areas such as governance, management of information security risks, business continuity, technology, IT infrastructure, management of cyber incidents and key aspects to improve cyber resilience in the financial system.
Within the framework of technological advances, diversity of participants in the financial system and its interconnections, and the expansion of digital financial services, the BCRA has been addressing associated risks and threats by developing good practices and guidelines in 2020 and 2021
Guidelines on Cyber Security and Cyber Resilience and the Cyber Lexicon - 2020.
Self-Diagnosis Guide on implementation of the guidelines - 2021.
Guidelines on cyber incident response and recovery - 2021.
In addition, the BCRA has drawn up specific security guidelines on the doble security factor for e-wallets, and management of fraud in the financial system, among other subject areas. It has further adopted measures to mitigate fraud and has laid down requirements for consent.
The regulation, which gathers best practices and security requirements in a thorough regulatory framework, seeks to promote operational resilience and to preserve the stability of the financial system.
The regulation will become effective 180 days after its publication date. During this period, financial institutions may review their processes in line with the new regulatory approach.
The BCRA will continue reviewing the regulation concerning the management of information security risks, which will be applicable to digital services and made available by all participants of the financial system, such as payment service providers (PSPs) and financial market infrastructures.
March 9, 2023