The BCRA has approved the Minimum Requirements for the Management and Control of Technology and Information Security Risks in order to continue strengthening cyber security and fraud prevention related to financial services offered to users through digital means.
This regulatory update changes the minimum parameters in terms of governance, management of technology and information security risks, protection measures and monitoring of services and customer activity. It seeks to improve security and fraud prevention related to the provision of services through digital means to financial institutions and payment service providers (PSPs).
Within the framework of technological advances, the diversity of participants and their interconnections in the financial system, and the expansion of digital financial services, the BCRA has established a strategy to address associated risks and threats by issuing guidelines and regulations, such as the following:
• Guidelines on Cyber Incident Response and Recovery (2021).
• Measures to Mitigate, Prevent and Manage Fraud in Transfers (2022).
• Minimum Requirements for the Management and Control of Technology and Information Security Risks (2023).
This regulation updates security practices and requirements, including monitoring and control of customer transactions and activity, digital identification, controls on apps and devices, controls to prevent identity theft through mobile apps, and controls to prevent fake or imposter accounts, apps and websites, among others. This comprehensive regulatory framework seeks to protect users, promote operational resilience and preserve the stability of the financial system.
The regulation will become effective 180 days after its publication date. Until then, financial institutions may review their processes in line with the new regulatory approach.
The BCRA will keep on reviewing the regulations on the management of technology and information security risks in line with the advance of digital services and the creation of new means of payment provided by the actors of the financial system.
