Financial Crime World

Peru’s Fintech Regulation: A Complex Web of Authorities

Introduction

As fintech companies continue to transform the financial landscape in Peru, regulatory bodies are working to ensure compliance with laws and regulations. But who is responsible for regulating these new players? In this complex web of authorities, multiple entities play a crucial role.

Regulatory Bodies Involved

  • Central Reserve Bank of Peru (BCRP): Conducts monetary policy, manages foreign reserves, and ensures the stability of the country’s financial system.
    • Develops policies that may affect the fintech sector, such as guidelines for payment systems.
  • Instituto Nacional de Defensa de la Competencia y de la Propiedad Intelectual (INDECOPI): Promotes and protects free competition, intellectual property rights, and consumer protection across various industries.
    • Has jurisdiction over fintech companies in matters related to unfair competition, consumer protection, and intellectual property.
  • Unidad de Inteligencia Financiera-Perú (UIF-Perú): Financial intelligence unit responsible for preventing and detecting money laundering and terrorist financing activities.
    • Supervises and regulates compliance with anti-money laundering (AML) and counter-terrorism financing (CTF) regulations.
  • Autoridad de Protección de Datos Personales (APDP): Oversees the protection of personal data, ensuring compliance with data protection laws and regulations.
    • Fintech companies must comply with these regulations, which include obtaining consent from data subjects, implementing adequate security measures, and notifying data breaches.

Outsourcing Regulated Functions

  • Financial institutions may outsource functions to third-party vendors, but they must assume full responsibility for the results.
  • The Superintendency of Banks, Insurance and Private Pension Funds (SBS) regulates this activity, requiring notification and in some cases authorization.
  • Entities under the supervision of the Securities Market Commission (SMV) must establish formal policies and procedures for assessing risk levels and implementing control mechanisms throughout the outsourcing period.

Gatekeeper Liability

  • Fintech providers are not subject to any specific legal obligation to act as gatekeepers, a key concept in regulating financial services.

Enforcement Actions: Consequences of Non-Compliance

  • When fintech companies fail to comply with regulations, enforcement actions can include:
    • Fines
    • Sanctions
    • Orders to cease and desist from engaging in unfair competition or violating intellectual property rights
    • Penalties for data protection violations (APDP)
    • Investigations resulting in administrative and criminal sanctions (SBS and SMV)

Implications of Additional Regulations

  • Fintech companies must also comply with personal data protection provisions, which establish a legal framework for the processing, use, and transfer of personal data.
  • Failure to comply can result in fines and other penalties.

Conclusion

As fintech continues to evolve in Peru, regulatory bodies will play a crucial role in ensuring compliance with laws and regulations. Understanding the complex web of authorities involved is essential for fintech companies operating in this market.