Financial Crime World

Colombian Banks Face Growing Compliance Burden in Cloud Computing Era

Overview

As the use of cloud computing continues to grow among Colombian banks, regulatory bodies are cracking down on compliance requirements to ensure that financial institutions adhere to strict standards.

Regulations in Focus

Circular Externa 005 of March 11, 2019, and Circular Externa 007 of June 5, 2018, are two key regulatory instruments that affect Colombian banks using cloud services. These circulars establish rules and minimum requirements for information security and cybersecurity management that financial institutions must adopt when using cloud services.

Compliance with Regulatory Requirements

“We understand the importance of compliance in the banking sector,” said an AWS spokesperson. “Our customers can rely on our strong compliance framework and advanced tools and security measures to evaluate, meet, and demonstrate compliance with applicable legal and regulatory requirements.”

Key Considerations for Financial Institutions

For banks considering or already using cloud services, there are several key considerations to keep in mind:

  • Assess the materiality or criticality of workloads and processes in light of local requirements.
  • Review the AWS Shared Responsibility Model and map responsibilities according to each service used.
  • Use AWS Artifact to access audit reports and conduct control assessments.

Data Privacy and Protection

Colombian banks must also adhere to applicable privacy requirements, including the Ley Estatutaria 1581 of 2012 and decree No. 1377/2013, as well as Ley Estatutaria 1266 of 2008. The AWS whitepaper “Using AWS in the Context of Common Privacy and Data Protection Considerations” provides guidance on storing or processing personal data.

Additional Resources

For further information on compliance requirements and guidelines for Colombian banks using cloud services, refer to:

  • AWS Compliance Quick Reference Guide
  • Using AWS in the Context of Common Privacy and Data Protection Considerations
  • NIST Cybersecurity Framework (CSF) Aligning to the NIST CSF in the AWS Cloud