Cyber-security Incident Reports to the Argentine Central Bank
The Argentine Central Bank requires financial institutions to report incidents of computer security.
On May 27, 2019, the Argentine Central Bank (the “BCRA” after its Spanish acronym) issued Communique “B” 11847 requiring financial entities to report to the Department of External Audit of Systems all cyber-security incidents generating:
• impossibility of providing services to clients, or a substantial interruption,
• inability of the entity to comply with its obligations in connection to the functioning of the markets in which it operates, or
• exposure of financial or clients’ data.
Among other relevant information, such reports must contain the date and time of detection, a description of the incident, affected channels of attention to clients, and the systems and services involved.
Depending on the risk and criticality level of the reported cyber-security incidents, the BCRA may require additional information on the measures taken by financial entities to solve the incident and monitor its development.
This insight is a brief comment on legal news in Argentina; it does not purport to be an exhaustive analysis or to provide legal advice.