SUSCRIBITE
SBS publishes regulations for cybersecurity management; modifies the regulation of cards and operations using electronic money
26 febrero 2021

PERÚ

On February 23, the Banking and Insurance Superintendency (SBS, for its acronym in Spanish), through Resolution SBS No. 504-2021, approved the Regulation governing information security and cybersecurity. The regulatory entity also modified the Credit Card Regulation and the Regulation for Electronic Money Operations, in order to reduce and simplify the information included by cards when issued in physical or digital form.

Regulation for cybersecurity management

Resolution 504 stipulates that companies in the financial system must have a cybersecurity program in place, as well as authentication processes available on digital channels, and secure practices in services provided by third parties. Likewise, entities have the obligation to identify, detect and respond to cyber risks or threats. These guidelines include more provisions for large companies when these are more complex, following a criterion proportional to risk.

The provisions will enter into force on July 1, 2021, except for the authentication requirements, which grant a term until July 1, 2022. Companies must present an adaptation plan, within a period no greater than sixty calendar days.

Reform of the Credit and Debit Card Regulation

The measure states that credit cards with physical or digital support must be issued on a non-transferable basis and must include at least the name of the company issuing the credit card, as well as the commercial name given by the company to the product and the identification of the credit card system, meaning the brand. In turn, the term of validity of credit cards cannot exceed five years.

Modification to the Regulation of Operations using Electronic Money

The SBS also modified the means by which electronic money can be used: these can be mobile phones, prepaid cards, or any other electronic device that meets the established purposes. These devices must include at least the following information:

  • Name of the company issuing the support through which electronic money is used.
  • Trade name given by the company to the product.
  • Identification of the card system (brand) to which it belongs, if applicable.
  • This information must be visible and easily accessible for the user.
  • The same support can be used and / or associated to carry out transactions with more than one electronic money account.

The requirement associated with the inclusion of information on the name of the issuing company and the commercial name assigned to the credit cards, as well as the requirement associated with the inclusion of this information on the electronic money support devices, will enter into force January 1, 2022

Noticias Relacionadas
wefeqwf