On March 26, the Superintendence of the Securities Market (SMV) approved, through resolution No. 014-2019-SMV/01, an amendment to the Operational Risk Management regulation, which incorporates new provisions around the management of cybersecurity information. The regulation will come into force on January 1, 2020.
The measure establishes provisions to regulate minimum standards for the management of cybersecurity and the outsourcing of data processing in the cloud, to ensure these processes are properly developed by authorized legal persons. Institutions would be required to implement an information security management system to guarantee the integrity, confidentiality and availability of information, as well as effectively manage associated risks. An “appropriate combination of policies, procedures, controls, organizational structure and specialized IT tools” will be required for this purpose.
The regulations outlined in the resolution apply to brokers, mutual fund management companies, investment fund management companies, collective fund management companies, securitization companies, stock exchanges and compensation institutions.