On Friday, August 31th, the Superintendency of Banks and Institutions (SBIF) issued its first regulation on the fight against cyber insecurity by modifying the information regimes of financial institutions regarding incidents that threaten the operational continuity of the financial system. The SBIF also opened a public consultation for entities to propose modifications to the data that should be included in such reports and announced that they will deepen the cooperative work among the entities, with a view to producing an integral and collective approach to the fight against cyber risks.
The SBIF amended Chapter 20-8 and 1-13 of its Compendium of Financial Regulations, where it introduced new requirements in information regimes for entities that suffer cyber attacks. Entities must have a specialist in the matter in permanent contact with the regulatory body. They must also submit periodic reports outlining the measures taken in this area. To complement this, the SBIF opened a public consultation regarding the data that must be recorded in the information regimes that will last until October 5th.
SBIF Regulatory Director Luis Figueroa assured that these measures will be deepened, since they consider that individual efforts against these episodes are useless. He stressed the need for a “comprehensive and cooperative approach” among financial institutions. In addition to these regulations, Figueroa said that in the medium term they could promote the development of sandbox platforms to encourage the development of financial technologies.