On 2 July 2023 the Central Bank of Argentina (“BCRA”) issued Communication “A” 7783 (the “Communication”), which approves the “Minimum requirements for the management and control of technology and security risks associated with digital financial services” for financial institutions and payment service providers (“PSPs”).
The Communication defines digital financial services as: “the provision of transactional, consulting or payment financial services provided by organizations to their customers online”.
The Communication establishes that covered entities must notify the BCRA’s External Systems Audit Department of all projects involving a new product or type of service that provides financial services to customers by digital means. The Communication proposes:
- Establish different control mechanisms depending on the relevance of the digital financial transaction that the customer carries out.
- Introduce security measures for devices and/or applications provided to customers to deliver digital financial services.
- Digitally identify customers.
- Protect customer authentication factors.
- Develop specific training and awareness plans.
- Provide communication channels, available 24 hours a day.
The Communication extended the scope of the new “Minimum requirements for the management and control of information technology and security risks”, which was only for financial institutions, and now also applies to Financial Market Infrastructures, known as systemically important payment systems.
The provisions of the Communication enter into force on 29 September 2023.