Financial Crime World

Compliance with Cloud Services Regulations: A Must for Financial Institutions in Argentina

Financial institutions operating in Argentina must adhere to a complex array of regulations when utilizing cloud services. The Banco Central de la República Argentina (BCR A) and the National Securities Exchange Commission (CNV) are among the primary financial supervisory authorities overseeing the country’s financial institutions.

Key Regulations for Cloud Services

  • The BCR A has established general outsourcing guidelines that banks and financial institutions must follow when procuring IT services, including cloud services. Communication “A” 6,354 of November 3, 2017, as amended by Communication “A” 6,375 of November 17, 2017, outlines the necessary requirements for compliance.
  • Financial institutions must also consider applicable privacy requirements, including Argentina’s Personal Data Protection Law No. 25,326 (“PDPL”). The Argentine Data Protection Authority issued Resolution No. 47/2018 under the PDPL, describing a catalogue of recommended security measures that financial institutions should consider depending on the activities they conduct or the nature of the personal data that they process.

Compliance Requirements for Financial Institutions Using Cloud Services

  • To better understand their compliance needs, financial institutions using or planning to use AWS services can take the following steps:
    • Consider the purpose of the workload(s) under consideration and the relevant categories of data in order to anticipate which legal and regulatory requirements may apply.
    • Assess the materiality or criticality of the relevant workload(s) in light of local requirements.
    • Review the AWS Shared Responsibility Model and map AWS responsibilities and customer responsibilities according to each AWS service that will be used.

Resources for Compliance Support

AWS provides a range of resources to support financial institutions’ compliance needs, including:

  • “AWS Compliance Quick Reference Guide”
  • “Using AWS in the Context of Common Privacy and Data Protection Considerations”

For further information, customers can contact their account representative or reach out to AWS directly.