Financial Crime World

Here is the article rewritten in markdown format with proper headings, subheadings, and bullet points:

Colombia’s Financial Institutions Face Tough Regulations in Cloud Computing

Bogota - Colombia’s financial institutions are grappling with the challenges of cloud computing, as they navigate a complex web of regulations and guidelines set by the country’s top financial regulator.

The Role of Regulatory Bodies

The Superintendencia Financiera de Colombia (SFC) is the primary financial supervisory authority in Colombia, responsible for regulating and overseeing financial institutions, including banks and credit unions. The Unidad de Regulación Financiera (URF), a government entity within the Ministry of Finance and Public Credit, also plays a key role in setting core regulations for financial institutions.

Compliance Requirements

According to a report by Amazon Web Services (AWS), financial institutions in Colombia using cloud services must comply with a range of legal and regulatory requirements. These include:

  • Circular Externa 005 of March 11, 2019, which establishes rules for using cloud services to support material activities related to corporate purpose or financial management.
  • Circular Externa 007 of June 5, 2018, which requires financial institutions to adopt minimum requirements for information security and cybersecurity management.

Steps to Ensure Compliance

To comply with these regulations, financial institutions can take the following steps:

  • Consider the purpose of their workload and assess its materiality or criticality.
  • Review the AWS Shared Responsibility Model and map AWS responsibilities and customer responsibilities according to each AWS service used.

Personal Data Protection Law

Colombia’s personal data protection law, Ley Estatutaria 1581 of 2012, regulated by decree No. 1377/2013 and decree No. 1074/2015, also comes into play for financial institutions using cloud services.

Key Resources for Compliance

  • AWS Compliance Quick Reference Guide
  • Using AWS in the Context of Common Privacy and Data Protection Considerations
  • NIST Cybersecurity Framework (CSF) Aligning to the NIST CSF in the AWS Cloud
  • Guía de Referencia Rápida sobre Seguridad y Conformidad de AWS (Spanish)
  • Marco de seguridad cibernética NIST. Alineación con el NIST CSF en la nube de AWS (Spanish)

Additional Resources

For more information on compliance with regulations in Colombia, AWS recommends reviewing its whitepaper “Using AWS in the Context of Common Privacy and Data Protection Considerations.”