The Superintendence of Banks and Financial Institutions (SBIF) issued December 18 the Circular 06/2018 that obliges financial system entities to share information regarding cybersecurity incidents. The information will be included in the new Cybersecurity Incident File I12 and will have to be sent monthly. It will reach banks, card issuers and money transfer support companies. This information will be mandatory from April 2019.
The new regulation obliges entities to report cybersecurity incidents that occur each month. All events that put at risk or negatively affect the information assets or infrastructure of institutions will be reached. With this information, the SBIF will create a database, which will allow it to monitor events and diagram new regulations to deal with them.
These reports must be submitted on a monthly basis. They will become mandatory as of April 2019, so the first information shared must be that of March 2019. The institutions reached will be banks, savings and credit cooperatives, payment card issuers and money transfer support societies.