How to adapt to the new regulation

After the trial period established by the Argentine Central Bank (BCRA), the new Communique “A” 7724, which sets forth the new regulations as regards financial security systems, came into force last month. Since then, what has happened? What were the modifications?

On March 10Th. of the current year, the BCRA published the communique “A” 7724 which established the new minimum requirements to be met by financial entities with regard to the management and control of information security and technology risks in order to avoid fraud and cybercrime. The Central granted a 180-day grace period so that the financial entities can review their processes. The communique is composed of eleven sections and a technical glossary including from general provisions to government and management of technology, information security, business management, infrastructure and cybercrime, among others. The term set for financial entities to adopt this new regulation expired last September.

However, it is important to analyse: What does it consist of?

The regulation implies one step forward, taking into account all the significant changes that have taken place during the last years. In this respect, both security and technology must operate completely together. This measure accompanies both facts and processes.

In this context, the financial entities must get adapted so as not to be negatively affected. Furthermore, it must be considered that to invest in processes and security always implies an improvement opportunity.

“Do the facts accompany it? Yes, because if clients’ data and securities are not safe, all banks will disappear by definition. Having the Central Bank this need, it must strongly support the financial entities. It is sometimes difficult to say “it’s necessary to invest in processes” as, actually, it is not compulsory. Here the entities are bound, but it is a clear improvement opportunity”, assures Lisandro Rodríguez Otaño, CTO and Partner of HLB PMA.

Some of the crucial issues of this regulation are: to promote the adoption of reference frameworks and international standards in terms of information security and technology; to consider information security as an integral part of the risk management of the entity; to evaluate risks not considered in former regulations, related to the development and use of artificial intelligence or automatic learning (machine learning); to adopt a deeper data management framework on the control, use and storage of clients’ data, among others.

It is important to highlight that those entities which do not comply with this regulation shall be punished with penalties. Every year, the BCRA carries out a revision together with its auditors and then, it issues a report about system processes and other areas in general. The result obtained impacts directly on the financial entities credit possibilities.

In summary, the good news of this communique is that it allows us to rethink a lot of issues. And not only that but also: To rethink, to redesign and to implement them, above all, considering that the cybercrime appears to be the order of the day.