Generic selectors
Exact matches only
Search in title
Search in content

The future of finance in LatAm & the Caribbean

January 23, 2022

Brazil tightens cybersecurity rules for payment processors

Aug 23, 2018

By Katie Llanos-Small
Brazil's Central Bank photo
Brazil strengthens security requirements for payments processors as Mexico consults on secondary regulations for the industry


In a busy month for fintech regulations, payments companies in Brazil are being told to update their security frameworks and make a plan to deal with breaches.

The new rules came at the same time as Brazil’s Central Bank proposed welcoming fintechs into microfinance, and Mexico published a first draft of new rules for payments companies.

Brazilian payments companies must set out a cybersecurity policy and an action plan for responding to incidents, under new rules announced last week.

The cybersecurity direction by Brazil’s Central Bank followed a debilitating cyber attack on Mexico’s central payments network, the SPEI, earlier this year.

“Companies in general use electronic payments services extensively, and mainly through remote access channels,” the Central Bank said. “Adopting controls and systems designed specifically to be resilient to cyberattacks is important.”

Payment companies’ plans must include protocols for sharing information with other financial institutions in the case of a security breach. And companies will be required to report annually on how they have complied.

The regulator also stipulated how payments companies should use third party services, including cloud storage. Companies must report to the Central Bank on third party providers they work with. And the bank stressed that the payments gateways themselves are responsible for ensuring that any third party services are secure and trustworthy.

But companies have been given a long lead time to comply: The rules come into effect in September 2019.


Microfinance rules under review

Brazil’s financial regulator is also updating rules for microfinance, and encouraging fintech startups into the market. The bank wants to simplify the rules around the types of institutions that can offer microloans, as well as to increase the lending limits for microfinance.

It hopes that by encouraging the use of tech in microfinance, the new rules will make micro-lending cheaper and easier to access, Otávio Damaso, the bank’s regulatory director, said in a statement.

The Brazilian Central Bank is taking public comments on the proposals until September 14.


Mexico consults on secondary regs for payments

Mexico’s central bank is also consulting on new rules for payments companies. The proposal is the first public look into the secondary regulations that will determine the policy details of Mexico’s fintech law.

Among other measures, the rules open the door to companies processing cryptocurrencies.

Interested parties have just 10 days – until August 29 – to submit their comments. The short timeline is a result of the September 10 deadline for the Central Bank to publish the secondary regulations.

Are you subscribed to our weekly newsletter?

Leave your details to receive our Monday briefing on the key news in digital banking, fintech and payments in Latin America.


Submit a Comment

Your email address will not be published. Required fields are marked *


error: Por favor, respeta nuestro trabajo: La reproducción de nuestros contenidos está estrictamente prohibida.