Financial Crime World

Cybercrime Threats Loom Large for Argentine Financial Institutions

New Minimum Requirements Introduced by Argentina’s Central Bank

Argentina’s Central Bank has recently introduced new minimum requirements for financial institutions to manage and control information technology and security risks. This move comes as cybercrime continues to pose a significant threat to the country’s financial sector.

Replacing Existing Regulation

As of September 6, 2023, Communication A 7724 will replace Com. A 4609, which has been in effect since December 2006. The new regulation aims to solidify the management of technologies, systems, information security, risks and cybersecurity across all financial entities operating in Argentina.

Importance of the New Regulation

According to Fabián Bogado, IT Advisory Director at Grant Thornton Argentina, “The importance of this standard lies in its ability to update mandatory requirements for financial institutions to implement effective practices for internal control and risk management. The new regulation proposes a 180-day implementation period, which is relatively short, making it crucial for entities to act quickly.”

Key Requirements

Under the new rules, financial institutions must:

  • Define roles and responsibilities at each hierarchical level
  • Establish policies and procedures for information management
  • Implement an integrated IT/IS risk management framework that considers strategic objectives, action plans, revision of action plans, monitoring, and measurement of results

Artificial Intelligence (AI) and Machine Learning (ML)

The regulation places special emphasis on the management of AI and ML, citing concerns over the risks these technologies entail. Entities will be required to:

  • Perform impact assessments
  • Define risk appetites
  • Identify and document the reason for using AI in projects or processes

Risk Analysis and Mitigation

The analysis of risks associated with AI and ML must consider factors such as:

  • Privacy
  • User impact
  • Data used for training
  • Software testing standards
  • Potential discrepancies between models and reality

Entities must also implement processes that promote reliability in the use of these algorithms.

Employee Training and Awareness

Another key aspect of the regulation is the requirement to provide training and awareness programs on information security to all employees, third parties, customers, and users of financial services. The regulation also urges AI management processes to include measures to avoid bias or discrimination against certain groups or segments of customers.

Conclusion

The new regulation is seen as a significant step forward in protecting user information and ensuring the reliability of financial services. “This new BCRA regulation raises the bar for technology and information security measures that financial institutions must implement, which means users can expect greater protection of their information and more protection and reliability in the services they receive,” concludes Bogado.

Next Steps

Financial institutions operating in Argentina are advised to familiarize themselves with the new regulations and seek support from IT advisory firms to ensure compliance.