Financial Crime World

Financial Services Regulations in Argentina: Key Considerations

B.C.R.A. Regulatory Guidance

The Banking Commissions Regulatory Agency (B.C.R.A.) has published regulatory guidance through Normative Interpretations, clarifying the scope of the B.C.R.A. Regulation regarding financial institutions’ outsourcing to cloud service providers.

  • Normative Interpretations: These documents provide clarity on the regulation’s requirements for financial institutions using cloud services.
  • Scope of Regulation: The regulation applies to all financial institutions in Argentina that use cloud services.

Third-Party Certifications and Audit Reports

Reviewing international third-party certifications (such as ISO) and independent third-party audit reports (such as SOC reports) is generally sufficient to satisfy the B.C.R.A. and SEFyC audit and access rights for cloud service providers providing services to financial institutions.

  • ISO Certification: The International Organization for Standardization (ISO) certification demonstrates compliance with established standards.
  • SOC Reports: Service Organization Control (SOC) reports provide assurance on the security, availability, and processing integrity of a service organization’s system and controls.

AWS Enterprise Agreement

AWS offers customers a contractual framework through its Enterprise Agreement, which can help satisfy applicable contractual requirements under the B.C.R.A. Regulation, including specific terms addressing regulator’s access and inspection rights.

  • Enterprise Agreement: This agreement provides a comprehensive framework for using AWS services.
  • Regulator’s Access Rights: The agreement includes provisions for the regulator’s access to inspect and verify compliance with the regulation.

Technical and Operational Requirements

The consolidated text “Minimum requirements for the management and control of technology and information security risks associated with digital financial services” defines minimum requirements for financial institutions in Argentina.

  • Minimum Requirements: These requirements outline the necessary controls and measures for managing technology and information security risks.
  • Digital Financial Services: The requirements apply to all digital financial services provided by financial institutions in Argentina.

For financial institutions in Argentina, consider the following next steps:

  • Contact an AWS Representative: Discuss your cloud adoption journey with an AWS representative.
  • Obtain and Review Reports: Obtain and review copies of AWS SOC 1, SOC 2 reports, PCI-DSS Attestation, and ISO 27001 certification from AWS Artifact.
  • Explore Governance Practices: Explore other governance and risk management practices as necessary.

Cloud Adoption Success

To manage cloud adoption successfully, it’s essential for financial institutions in Argentina to understand their current state, desired target state, and transition requirements.