Aggregated News From Investment Management Regulators

CMF publishes for consultation regulation on information security management and cybersecurity


Please complete the required fields.

November 25, 2019.- The Financial Market Commission (CMF) reports that it has published today for public consultation the regulation on information security management and cybersecurity. This regulation will apply to banks, banking subsidiaries, companies supporting banking activities, and payment card issuers and operators. The consultation process will end on December 27, 2019.

The new chapter of the Updated Compilation of Rules for Banks (RAN, for its Spanish acronym), which is also applicable to the aforementioned entities, includes a series of measures based on international best practices to be considered for managing information security and cybersecurity.

Said regulation will allow entities to be better prepared to prevent and respond to operational events related to information security and cybersecurity.

The regulation in consultation consists of four sections:

  • Section One establishes general guidelines on the matters of information security management and cybersecurity. Among them, it emphasizes the role that the Board of Directors ought to have in the proper management of both information security and cybersecurity, entrusting it with the approval of an institutional strategy in these matters. The Board must also ensure that the entity maintains an information security and cybersecurity management system that addresses a way of dealing with such risks consistent with the best existing international practices.
  • Section Two establishes guidelines to be considered by institutions for implementation of a risk management process to support the aforementioned system. It states the basic stages of an information security and cybersecurity risk management process.
  • Section Three considers the relevance of cybernetic risks and establishes two relevant aspects in the management of cybersecurity.
    • First, the determination of critical cybersecurity assets, referring to logical information components considered key to business operation. Some of these include hardware and technological systems that store, manage, and support such assets. In the case they are not properly operated, the entity is exposed to risks that might affect the confidentiality, integrity, and availability of its information.
    • Second, it underlines the relevance of the protective functions of said assets, the detection of threats and vulnerabilities, the response to incidents, and the restoration of the entity’s normal operation.
  • Section Four stresses the importance of entities having policies and procedures for the identification of assets that make up the critical infrastructure of the financial industry and payment system. This also applies to the adequate exchange of incident-related information with other members that are part of said infrastructure.

It is worth mentioning that this new chapter of the RAN complements the requirements of various CMF norms, such as those established in Chapter 1-13 on the assessment of operational risk management; Chapter 20-7 on the risks that entities assume in outsourcing services; Chapter 20-8 on operational incident information; and Chapter 20-9 on business continuity management.

To access the details of the regulatory proposals, you can visit the Draft Rules and Norms section of the CMF website. In addition, the Commission also makes available to interested parties a Frequently Asked Questions document and a Presentation. These documents summarize the core elements of this public consultation.

Source link

Regulator Information

Recent Articles

SEC Charges Former Pharmaceutical Global IT Manager in $8 Million Insider Trading Scheme

Washington D.C., Sept. 17, 2021 — The Securities and Exchange Commission today announced insider trading charges against Dayakar R.

SEC Awards $11.5 Million to Two Whistleblowers

Washington D.C., Sept. 17, 2021 — The Securities and Exchange Commission today announced awards of approximately $11.

Issuance of Executive Order Imposing Sanctions on Certain Persons with Respect to the Humanitarian and Human Rights Crisis in Ethiopia; Ethiopia General Licenses and...

The President has signed a new Executive Order Imposing Sanctions on Certain Persons with Respect to the Humanitarian and Human Rights Crisis in Ethiopia.  OFAC has...

CVM suspends registration of 3 subsidized companies

This post was translated by Regulatory.News for informational purposes only; the content below is not an official translation from the regulator. See the content...

CFPB Report: Renters at Risk as COVID-19 Safety Net Ends

Stimulus Checks and Other Payment Relief Linked to Renters’ Financial Stability WASHINGTON, D.C. – The Consumer Financial Protection Bureau (CFPB) today released a report warning...

Get the latest from Regulatory.News in your inbox!