Financial Crime World

Here is the article rewritten in markdown format:

Argentina Tightens Online Banking Security Measures with New Regulation

Buenos Aires, Argentina - In a move to protect users’ sensitive information and prevent cybercrime, the Central Bank of the Argentine Republic (BCRA) has introduced a new regulation that sets minimum requirements for online banking security measures.

Effective Date and Replacement of Previous Regulation

The new regulation, Communication A 7724, comes into effect on September 6, 2023, replacing Com. A4609, which was in force since December 2006. This update aims to safeguard information from entities and users by addressing emerging threats such as cybercrime and fraud.

Key Features of the New Regulation

The new regulation sets out several key requirements for financial institutions operating in Argentina, including:

Define Roles and Responsibilities

  • All entities must define roles and responsibilities at a hierarchical level.
  • This ensures clear lines of authority and accountability within organizations.

Establish Policies and Procedures for Information Management

  • Financial institutions must establish policies and procedures for information management that cover:
    • Data classification and protection
    • Access control and authentication
    • Incident response and disaster recovery

Implement Integrated IT/IS Risk Management Framework

  • Entities must implement an integrated risk management framework that considers:
    • Strategic objectives
    • Action plans
    • Revisions
    • Monitoring
    • Measurement of results

Addressing Emerging Threats

The BCRA has emphasized the need to address specific scenarios that affect technological resilience, including:

Obsolescence

  • Financial institutions must ensure that their systems and technologies are regularly updated to prevent obsolescence.

Artificial Intelligence (AI) and Machine Learning (ML)

  • Entities must conduct impact assessments and define risk appetites for the use of AI and ML.
  • This ensures that organizations understand the potential risks and benefits associated with these technologies.

Cyber-Incident Scenarios

  • Financial institutions must have processes in place to respond to cyber-incident scenarios, including:
    • Detection and containment
    • Eradication and recovery

User Awareness and Training

The new regulation also emphasizes the importance of user awareness and training on information security. Financial institutions must:

Provide Comprehensive Training Programs

  • Entities must provide comprehensive training programs that reach the entire organization, third parties, customers, and users of financial services.
  • This ensures that all stakeholders understand their roles and responsibilities in maintaining information security.

Avoid Bias or Discrimination

  • Financial institutions must implement processes to avoid bias or discrimination against groups or segments of customers or users of financial products and/or services.

Impact on the Online Banking Industry

The new regulation will have a significant impact on the online banking industry in Argentina, requiring financial institutions to strengthen their security measures and adopt best practices to protect users’ sensitive information.

If you want to know more about this new regulation or how our IT Advisory and BRS - Financial Services teams can support you in complying with Com. A7724, contact us.