Financial Crime World

Here is the converted article in markdown format:

Chilean Financial Institutions Must Comply with Regulatory Requirements for Cloud Services

Santiago, Chile - The Superintendency of Banks and Financial Institutions (SBF) has issued new regulations for financial institutions in Chile to ensure that they comply with data localization and business continuity requirements when outsourcing cloud services.

Compliance Requirements

According to RAN 20-7, financial institutions must verify that their cloud service providers have permanent access to all records, data, and information being processed, held, and generated. This requires regular visits or remote access to the provider’s facilities to ensure compliance.

AWS Support for Compliance

Amazon Web Services (AWS) has implemented measures to support its financial institution customers in complying with these regulations. Through an AWS Enterprise Agreement, customers can tailor their agreements to meet specific regulatory requirements, including:

  • Access and inspection rights for regulators
  • Control over data localization through multiple regions worldwide
  • PCI-DSS Level 1 certification on AWS Artifact, which provides automated compliance reporting

Data Localization

AWS provides customers with control over data localization through its multiple regions worldwide. Customers can choose the location of their content and servers, ensuring compliance with data residency requirements.

Business Continuity

Financial institutions must have a business continuity plan in place, which outlines:

  • General management elements
  • Data processing sites and technological infrastructure
  • Systemic contingencies

AWS has developed its own Business Continuity Plan, which includes:

  • Activation and notification phase
  • Recovery phase
  • Reconstitution phase

Security Incident Reporting

Financial institutions must report operational incidents to the SBF within 24 hours of detection. AWS maintains a business continuity plan, which outlines its process for responding to outages.

AWS also provides customers with tools such as:

  • CloudTrail: tracks and monitors cloud activities
  • CloudWatch: monitors and analyzes cloud resources
  • Config: tracks and monitors changes to cloud resources
  • GuardDuty: detects and prevents security threats
  • Security Hub: aggregates and analyzes security data
  • Config Rules: enforces compliance and governance

Public security bulletins are available in the AWS Security Center.

Conclusion

For more information on how AWS supports Chilean financial institutions in complying with regulatory requirements, please visit our website.