GP&H Suite


GP&H Suite

24 Feb

Cybersecurity regulations for Financial Institutions


As financial institutions have migrated their operations to the digital era, more significant operational risks have arisen that must manage correctly to strike a balance between the use of information technologies and the control of underlying risks.

Fintech companies offer various types of financial services and operate within varied markets; some provide services directly to the financial system users, and others design solutions for companies. This business concept generally includes online lending, online currency exchange, online payments, digital banking, among other services.

As a result of the use of digital clouds for information storage, social networks, analytics, and mobility, various cybersecurity attacks have been reported in Mexico, being the second country in Latin America with more cyber-attacks, given that 57.4% of the population is an internet user and most financial institutions offer online digital banking applications.

Mexico’s national cybersecurity strategy was developed in collaboration with the Inter-American Committee against Terrorism, which underlines Mexico’s commitment to combat cybercrime and recognizes the importance of information and communication technologies in Mexico’s political, social, and economic development.

Some of the recommendations included in the cybersecurity strategy for financial institutions are the following:

  • Preparedness and governance: having a responsible body or corporate governance body to lead information security and fraud prevention using digital media;
  • Digital security event detection and analysis: prioritizing the development of capabilities using emerging digital technologies, such as Big Data, artificial intelligence, and related technologies;
  • Digital security incident management, response, recovery, and notification: investigating the source of an incident and ensuring the design and implementation of policies or processes for containment, response, and recovery;
  • Training and awareness: providing training plans and conducting prevention campaigns; and
  • Financial system authorities and regulators: issuing guidelines, recommendations, and instructions on digital security best practices and verifying reporting mechanisms.

Likewise, To increase the level of financial inclusion and improve competition conditions in the financial system in Mexico, in March 2018, the Law to Regulate Financial Technology Institutions (Fintech Law) was published in the Official Gazette of the Federation.

Génesis Moyeda Salazar

Gloria Ponce de León & Hernández

Noticias anteriores: