The Colombian Financial Superintendence, in response to the significant proliferation of digital financial services and products, issued Regulation Letter 007 in 2018. This stipulated the minimum requirements for cybersecurity risk management for the groups being watched.
The document seeks to protect the personal information of financial consumers. It takes into account the increase in the use of new technologies and this generation that has greater interconnectivity between each other. It also considers the widespread growth of electronic channels used to develop new instructions related to managing operational risks and data protection.
The Colombian Financial Superintendence put forth a series of measures to inform financial consumers and providers about specific incidents that have occurred within cybersecurity operations. These are examples that compromised the confidentiality or integrity of the information. Employees in charge of protocols and risk management should be trained on a regular basis to stay up-to-date on changes occurring in the tech sector.
The letter also speaks of the importance of a central unit in charge of monitoring, assessing, and defending information systems in companies (web sites, apps, databases, data centers, servers, networks, desktops, and other devices). This will be known as the Security Operation Center (SOC). Companies will be required to evaluate, by means of a comprehensive operational risk analysis, if it is necessary to contract an SOC or not. This would be managed externally. It is important to mention that, due to their characteristics and functional designs, the majority of these systems require constant monitoring by trained personnel, which could represent a high operating cost for the entities that implement them.
Through this Regulation Letter, the Colombian Financial Superintendence has definitely demonstrated that they are aware of the different options available to manage information. In this way, they are able to integrate the ideas that go hand in hand with these new technologies.
Author: Mariana Paéz
