Regulating Fintech in Peru: A Comprehensive Overview
Peru has established a regulatory framework to govern fintech companies, ensuring they operate within the country’s laws and regulations. This article provides an overview of the key regulators, regulations, and implications for fintech companies.
Regulators
Superintendencia del Mercado de Valores (SMV)
- Regulates financial institutions and securities market entities
- Ensures compliance with securities market law and banking law
Superintendencia de Banca, Seguros y AFP (SBS)
- Supervises financial institutions, including banks, insurance companies, and pension funds
- Regulates banking activities, including the provision of financial services by fintech companies
Unidad de Inteligencia Financiera-Perú (UIF-Perú)
- Responsible for preventing and detecting money laundering and terrorist financing activities
- Ensures compliance with anti-money laundering regulations
Autoridad de Protección de Datos Personales (APDP)
- Oversees the protection of personal data and ensures compliance with data protection laws and regulations
Key Regulations
Banking Law
- Regulates banking activities, including the provision of financial services by fintech companies
- Ensures compliance with prudential norms and risk management requirements
Securities Market Law
- Governs securities trading, including crowdfunding platforms and other fintech services related to capital markets
- Ensures transparency and fairness in securities transactions
Personal Data Protection Law
- Establishes the legal framework for the protection of personal data in Peru
- Requires fintech companies to implement measures to protect personal data
Outsourcing
Fintech companies may outsource certain functions to third-party vendors, but they assume full responsibility for the results of those processes and may be sanctioned for non-compliance.
Entities subject to the supervision of the SMV must establish formal policies and procedures for assessing risk levels and implementing control mechanisms throughout the entire outsourcing period.
Gatekeeper Liability
Fintech providers are not specifically required to act as gatekeepers, but they may be held liable for their actions if they engage in activities that fall within the scope of regulated sectors without the necessary authorizations.
Significant Enforcement Actions
The SBS and SMV may initiate investigations and impose administrative and criminal sanctions on fintech companies that fail to comply with regulations.
- The APDP may impose fines, sanctions, or orders to implement corrective measures for failing to comply with data protection requirements.
- INDECOPI may impose fines, sanctions, or orders to cease and desist from engaging in unfair competition, deceptive advertising, or violations of intellectual property rights.
Implications of Additional Regulations
Fintech companies must comply with personal data protection provisions in Peru, including the collection, processing, use, and transfer of personal data.