Financial Crime World

Financial Institution Risk Management Best Practices Take Center Stage in Argentina

Introduction

In an effort to strengthen financial institutions’ management of information technology and security risks, the Central Bank of the Argentine Republic (BCRA) has introduced new minimum requirements for risk management and control. As of September 6, 2023, Communication A 7724 will be enforceable for all financial entities operating in Argentina, replacing Com. A 4609.

New Requirements and Expectations

According to Fabián Bogado, IT Advisory Director at Grant Thornton Argentina, the importance of this standard lies in its update of mandatory requirements that financial institutions must implement for managing information systems (IS) and information technologies (IT). “It incorporates new controls and issues to consider with a fairly short implementation period,” he explained.

The new communication seeks to solidify the management of technologies, systems, information security, risks, and cybersecurity. To ensure effective practices for internal control and risk management of its IT/IS operating environment, the BCRA has established a set of minimum requirements applicable to processes, structures, and information assets.

Key Highlights of Communication A 7724

  • Entity Roles and Responsibilities: Entities must define roles and responsibilities at a hierarchical level, establish policies and procedures for information management, and implement an IT/IS risk management framework integrated with operational processes.
  • Risk Considerations: Financial institutions must consider scenarios that affect technological resilience, obsolescence, artificial intelligence, the adoption of new or emerging technologies, personal data protection aspects, and cyber-incident scenarios.
  • Artificial Intelligence (AI) Management: The BCRA places special emphasis on the management of AI and machine learning (ML), requiring strong controls and evaluations for their use in projects or processes.
  • Impact Assessments and Risk Appetites: Entities must ensure the performance of impact assessments and definition of risk appetites for the use of AI and identify and document reasons for its use.

What This Means for Financial Institutions

The new regulation sets a higher bar for technology and information security measures that financial institutions must implement, providing greater protection for users’ information and reliability in services received. “Financial institutions will need to prioritize the implementation of robust risk management frameworks, effective controls, and continuous monitoring to ensure compliance with Communication A 7724,” said Bogado.

Getting Started

For more information on this new regulation or to learn how Grant Thornton’s IT Advisory and BRS - Financial Services teams can support you in complying with Com. A7724, contact us today. Our experts are here to guide you through the process and ensure a smooth transition to the new requirements.