Financial Crime World

Cybersecurity Framework for Financial Institutions in Peru

Introduction

The Peruvian financial regulator and supervisors have established a comprehensive cybersecurity framework to protect the country’s financial sector from cyber threats. This framework consists of four pillars that address the development of specific regulations, organizational structures, human resource capacity, and awareness/training updates.

Pillar 1: Develop Specific Regulations on Cybersecurity

  • The first pillar focuses on creating detailed regulations that extend the integral risk management framework for the financial sector.
  • These regulations will provide a clear understanding of cybersecurity requirements and expectations for financial institutions in Peru.
  • Key actions under this pillar include:
    • Developing a Computer Security Incident Response Team (CSIRT) Services Framework to monitor existing and emerging cybersecurity threats.

Pillar 2: Ensure Necessary Organizational Structures

  • Financial institutions must integrate their cybersecurity measures into their risk management operations and establish adequate organizational structures.
  • This ensures that financial institutions can anticipate, detect, and deal with cybersecurity threats effectively.
  • Key actions under this pillar include:
    • Integrating cybersecurity measures into risk management operations through adequate organizational structures.

Pillar 3: Ensure the Development of Human Resource Capacity

  • Organizational structures and cybersecurity measures are only as good as the personnel tasked with putting them into effect.
  • This pillar aims to ensure financial institutions have the human resource capacity to anticipate, understand, and rapidly respond to cyber threats.
  • Key actions under this pillar include:
    • Providing ongoing training in cybersecurity for all employees.

Pillar 4: Provide Awareness and Training Updates

  • The board of directors should provide resources for developing cybersecurity capabilities, establish policies on this matter, and ensure that cybersecurity training requirements are met.
  • Key actions under this pillar include:
    • Conducting sectoral continuity exercises, including a cyber attack scenario.

Conclusion

The cybersecurity framework for financial institutions in Peru is designed to equip these institutions with the necessary regulatory, organizational, and human resource capacity to effectively manage cybersecurity risks. By following this framework, financial institutions can reduce their vulnerability to cyber threats and protect the integrity of the Peruvian financial sector.