Traditionally, most Latin America Countries are not early adopters but when LATAM gets momentum, the market ignites.
During the last months, several countries in Latin America have been very active in their local cybersecurity regulations especially in the banking and financial industry. A mix of factors have developed a perfect storm: structural factors like the GDPR replication effect, serious hacking attacks to financial institutions in Mexico and Chile, and new regulations in countries like Brazil, Colombia, and Chile.
With date lines as early as October 2018 and plans needed to be executed before the end of 2020, the financial sector is deeply looking for how to comply with what they have been asked to do. Every day CISOs, CIOs, and Compliance officers receive invitations to Cybersecurity events on all formats. From two day shows to everyday breakfasts in major cities. Those disclosing the benefits of their technologies will catch a good ride in the upcoming months.
-- Is your company getting ready to compete for this market?, Or will you row against the current later?
Below you will find a summary of the actions in some of the major countries in the region, most from the Financial Sector:
Brazil:
Starting in Brazil, the largest market in LATAM and the one with the highest cyber-attack traffic not only in South- America but entire southern hemisphere. (The reason behind the huge number of cyber-criminals in Brazil is the cashless nature of its economy. A good percentage population of Brazil uses electronic and online payment systems making them vulnerable to hackers.)
Recently, the Central Bank of Brazil (Bacen) issued the Resolution No. 4,658 that establishes that financial institutions have the obligation to develop a cybersecurity policy that addresses topics such as overseas cloud services, promptness and transparency in cybersecurity incidents, information sharing, board involvement, sensitive information control, data classification, and accountability for leakage of sensitive information. [i]
The resolution also defines deadlines for designation, approval, adequacy, and communication, as well as the regular issuance of annual reports. Institutions should immediately establish a task force to identify gaps in relation to requirements and define action plans for meeting deadlines
Colombia:
In Colombia, the government entity that monitors, inspects and controls the financial activity, SUPERINTENDENCIA FINANCIERA, recently issued what they called the CIRCULAR EXTERNA 007 of 2018, which established that entities must include in the business continuity plan programs for prevention, response, recovery, resumption of the operation in contingency, and restoration before the materialization of a cyber-attack. [ii]
These new instructions will begin to take effect in six months and the monitored entities must comply with it in three stages: the first one must be implemented within the next six months; the second, within the following year and the third during the next 18 months.
Mexico and Chile created entities responsible for cybersecurity after some serious attacks to some of the financial ecosystems. Both central banks are working hard and several policies and legislation will be issued during the rest of the year.[iii][iv]
The beginning of next year will show a very encouraging momentum in the cybersecurity market in LATAM, but the real effervescence will happen early on in 2020 as financial institutions need to comply and be ready to show what regulators have asked them to do.
-- Would you tell your global bank prospect/customer in the USA or EU that you cannot help them in their operations in LATAM?
___________________________
[i] Banco Central do Brasil. RESOLUÇÃO Nº 4.658, DE 26 DE ABRIL DE 2018 https://www.bcb.gov.br/pre/normativos/busca/downloadNormativo.asp?arquivo=/Lists/Normativos/Attachments/50581/Res_4658_v1_O.pdf
[ii] Superfinanciera Colombia Protección de la información de los consumidores financieros ante riesgos de ciberseguridad y la realización de operaciones en pasarelas de pago A través de la Circular Externa 007
[iii] Banxico Estrategia de Ciberseguridad del Banco de México
http://www.banxico.org.mx/spei/d/%7BA578961B-C965-33AD-0A8A-BFE6D6FE9669%7D.pdf
[iv] CICS Chile ( Comité Interministerial Sobre Cyberseguridad) Política de Seguridad Nacional de Chile
http://www.ciberseguridad.interior.gob.cl/media/2018/06/PNCS_Chile_ES_FEA.pdf