In November 2019, the Financial Market Commission published, for public consultation purposes, a proposed amendment to its Updated Regulations Compendium (URC), by means of enacting a new Chapter 20-10, on Information Security Management and Cybersecurity (the New Regulation).

The main characteristics of this New Regulation can be summarized as follows:

• Regulatory Perimeter:The New Regulation will be applicable to banks, its affiliates, banking business supporting companies (sociedades de apoyo al giro bancario), and payment cards issuers and operators.
• New Regulation structure:The New Regulation is divided in four sections. The first one sets general rules on information security management and cybersecurity. The second one sets mandatory guidelines to be followed when implementing a risk management process to support the information security system and cybersecurity. The third part sets specific due diligence requirements for cyber risks management, and the last section establishes certain considerations to be observed by the relevant entity, as part of the local critical infrastructure, in accordance with the National Cybersecurity Policy.
• Main provisions:The New Regulation introduces the following main regulatory innovations:
  • It sets specific guidelines on information security management and cybersecurity, for the Board of Directors to become responsible of approving and supervising the relevant entity’s strategy in this regard. These guidelines establish that the information security management process must guarantee compliance with the law, including those norms concerning the protection of personal data and intellectual property rights.
  • It defines the minimum stages that shall comprise the information security and cybersecurity risks management process.
  • It sets specific due diligence requirements for cyber risks management, such as the determination of cybersecurity’s critical assets and its protection mechanisms, and
  • It establishes that the entities must have policies and procedures for the identification of assets that comprise the financial industry’s critical infrastructure, and for the exchange of incidents information with entities that are part of such infrastructure.
• Connection with other URC’s norms:The New Regulation will complement the current rules on information security, such as those outlined in Chapter 1-13, on operational risks management evaluation; Chapter 20-7, on risks undertaken by the entities that outsource services; Chapter 20-8, on operational incidents information; and Chapter 20-9, on business continuity management.
• Validity:The New Regulation will take effect on March 1, 2020.

The consultation period will be open until December 27, 2019.

Authors:Diego Peralta, Paulina SIlva, Carlo Benussi, Diego Lasagna

Link:https://www.carey.cl/en/financial-market-commission-publishes-for-public-consultation-new-regulations-on-information-security-and-cybersecurity-for-financial-entities/

New regulations on regulatory capital calculation for banks. On November 19, 2019, the Financial Market Commission published, for public consultation purposes, a proposed amendment to its Updated Regulations Compendium, by means of the enactment of a new Chapter 21-1, which sets the rules that banks shall observe to determine their effective patrimony, in order to fulfill the legal requirements set forth in the General Banking Act, (the “New Regulation”).

The New Regulation considers the amendments that were introduced on January 2019¹ to the General Banking Act, in accordance with Basel III guidelines, and in this regard, it adopts the terminology used by the Basel Committee on Banking Supervision to define three different capital levels:

i.- The Common Equity Tier 1 (CET1) Capital;ii.- The Additional Tier 1 (AT1) Capital, andiii.- The Tier 2 (T2) Capital.

Pursuant to the New Regulation provisions, the banks’ basic capital will be equal to CET1, after certain deductions corresponding to the value of assets whose economic value is considered either undetermined or low, or whose liquidation is difficult in financial stress scenarios. Moreover, banks’ effective patrimony shall be the sum of (i), (ii) and (iii), after such deductions.

The New Regulation will take effect on March 1, 2020, although it sets a gradual application of its rules, until December 1, 2024, where it shall be fully implemented.

The consultation period will be open until January 17, 2020.

Authors:Diego Peralta, Diego Lasagna.

Link:https://www.carey.cl/en/financial-market-commission-publishes-for-public-consultation-new-regulations-on-regulatory-capital-calculation/