Financial Crime World

Puerto Rico Takes a Major Step Forward in Cybersecurity Protection for Finance Sector

In a bold move aimed at safeguarding the financial sector from growing cyber threats, Puerto Rican Governor recently signed into law Act No. 40-2024, also known as the Cybersecurity Act of the Commonwealth of Puerto Rico.

A Comprehensive Cybersecurity Framework

The landmark legislation mandates a comprehensive cybersecurity framework for government agencies and private entities doing business with the public sector. Under the new law:

  • Government agencies and contractors are required to establish robust control mechanisms to prevent:
    • Unauthorized access
    • Malware attacks
    • Other cyber threats
  • Implement policies governing the proper use of information systems
  • Report any cybersecurity incidents within 48 hours
  • Adhere to industry standards when processing credit card transactions online

Oversight and Compliance

The Puerto Rico Innovation and Technology Service (PRITS) has been entrusted with the responsibility of overseeing the implementation of the new law, including:

  • Developing regulations, standards, and procedures for ensuring the security of government information technologies
  • Working closely with the Puerto Rico Bureau of Statistics to publicly disclose cybersecurity incident statistics on their respective websites

New Chief Information Security Officer Position

The law also establishes a Chief Information Security Officer position within the government, which will oversee the Office for Cyber Incident Assessment. This office is tasked with:

  • Developing cybersecurity protocols
  • Monitoring compliance with Act 40

Compliance and Termination of Non-Compliant Contracts

Government agencies must consult with PRITS before entering into contracts or making changes to existing agreements with contractors. The law empowers PRITS to terminate non-compliant contracts, ensuring that all parties adhere to the new cybersecurity standards.

Timeline for Implementation

The government has until July 18, 2024 to comply with the provisions of Act 40. This move is seen as a significant step towards enhancing the security and integrity of Puerto Rico’s financial sector, which is critical to the island’s economic well-being.