Brazil strengthens security requirements for payments processors as Mexico consults on secondary regulations for the industry
In a busy month for fintech regulations, payments companies in Brazil are being told to update their security frameworks and make a plan to deal with breaches.
The new rules came at the same time as Brazil’s Central Bank proposed welcoming fintechs into microfinance, and Mexico published a first draft of new rules for payments companies.
Brazilian payments companies must set out a cybersecurity policy and an action plan for responding to incidents, under new rules announced last week.
The cybersecurity direction by Brazil’s Central Bank followed a debilitating cyber attack on Mexico’s central payments network, the SPEI, earlier this year.
“Companies in general use electronic payments services extensively, and mainly through remote access channels,” the Central Bank said. “Adopting controls and systems designed specifically to be resilient to cyberattacks is important.”
Payment companies’ plans must include protocols for sharing information with other financial institutions in the case of a security breach. And companies will be required to report annually on how they have complied.
The regulator also stipulated how payments companies should use third party services, including cloud storage. Companies must report to the Central Bank on third party providers they work with. And the bank stressed that the payments gateways themselves are responsible for ensuring that any third party services are secure and trustworthy.
But companies have been given a long lead time to comply: The rules come into effect in September 2019.
Microfinance rules under review
Brazil’s financial regulator is also updating rules for microfinance, and encouraging fintech startups into the market. The bank wants to simplify the rules around the types of institutions that can offer microloans, as well as to increase the lending limits for microfinance.
It hopes that by encouraging the use of tech in microfinance, the new rules will make micro-lending cheaper and easier to access, Otávio Damaso, the bank’s regulatory director, said in a statement.
The Brazilian Central Bank is taking public comments on the proposals until September 14.
Mexico consults on secondary regs for payments
Mexico’s central bank is also consulting on new rules for payments companies. The proposal is the first public look into the secondary regulations that will determine the policy details of Mexico’s fintech law.
Among other measures, the rules open the door to companies processing cryptocurrencies.
Interested parties have just 10 days – until August 29 – to submit their comments. The short timeline is a result of the September 10 deadline for the Central Bank to publish the secondary regulations.
PayPal’s retreat from financial services in Mexico highlights how complicated it can be to become a regulated financial institution
Banks are teaming up with big tech platforms at the same time as they compete with them
Santander, Bradesco and Itaú have posted double-digit growth in digital customers
Celcoin, 4ToldFintech win Inclusive Fintech competition, but dozens of LatAm applicants fell short because of poor English skills, say judges
The digital lending arm of Puerto Rico’s biggest bank says focusing on just one high-potential market and fine tuning the customer experience has fueled growth
Innovations on top of old tech amplify challenges for bank cybersecurity in Argentina
- Threat of big tech remains in Mexico despite Fintech Law
- Digital sign-ups continue apace at BBVA
- Argentine fintech leaders call for better regulation
- Santander’s pace of digital onboarding in LatAm shows signs of slowing
- Citibanamex innovation: A work in progress
- New regs cut partner bank requirement for Brazilian startups