Brazil strengthens security requirements for payments processors as Mexico consults on secondary regulations for the industry
In a busy month for fintech regulations, payments companies in Brazil are being told to update their security frameworks and make a plan to deal with breaches.
The new rules came at the same time as Brazil’s Central Bank proposed welcoming fintechs into microfinance, and Mexico published a first draft of new rules for payments companies.
Brazilian payments companies must set out a cybersecurity policy and an action plan for responding to incidents, under new rules announced last week.
The cybersecurity direction by Brazil’s Central Bank followed a debilitating cyber attack on Mexico’s central payments network, the SPEI, earlier this year.
“Companies in general use electronic payments services extensively, and mainly through remote access channels,” the Central Bank said. “Adopting controls and systems designed specifically to be resilient to cyberattacks is important.”
Payment companies’ plans must include protocols for sharing information with other financial institutions in the case of a security breach. And companies will be required to report annually on how they have complied.
The regulator also stipulated how payments companies should use third party services, including cloud storage. Companies must report to the Central Bank on third party providers they work with. And the bank stressed that the payments gateways themselves are responsible for ensuring that any third party services are secure and trustworthy.
But companies have been given a long lead time to comply: The rules come into effect in September 2019.
Microfinance rules under review
Brazil’s financial regulator is also updating rules for microfinance, and encouraging fintech startups into the market. The bank wants to simplify the rules around the types of institutions that can offer microloans, as well as to increase the lending limits for microfinance.
It hopes that by encouraging the use of tech in microfinance, the new rules will make micro-lending cheaper and easier to access, Otávio Damaso, the bank’s regulatory director, said in a statement.
The Brazilian Central Bank is taking public comments on the proposals until September 14.
Mexico consults on secondary regs for payments
Mexico’s central bank is also consulting on new rules for payments companies. The proposal is the first public look into the secondary regulations that will determine the policy details of Mexico’s fintech law.
Among other measures, the rules open the door to companies processing cryptocurrencies.
Interested parties have just 10 days – until August 29 – to submit their comments. The short timeline is a result of the September 10 deadline for the Central Bank to publish the secondary regulations.
Virtual assistants offer benefits for clients wanting help 24/7, but incorporating them into the digital strategy requires careful planning
Brazilian SME lender BizCapital’s series B round is the latest proof that fintech investment amid Covid is possible
Here are the best webinars and online events in the digital banking and fintech sector in Latin America, from June 15 to 19
Digital platforms and integrations are growing in importance for Latin American financial services, say execs from banks and fintechs
COVID has disrupted the disruptors, with Latin American fintechs often finding more customer demand but tougher financing options
Argentine banks nab Nubank exec for digital payments venture; Santander InnoVentures invests in a55