September 9, 2020 -Joaquín Cortez, Chairman of the Financial Market Commission (CMF), spoke today at the session of the Senate's Committee on Economics held to analyze the operational incident reported by Banco Estado last weekend. In his presentation before the Committee, Chairman Cortez stressed that since the very first moment the incident was reported, the Commission has kept close contact with authorities of the bank and the financial system through the Financial Stability Board (CEF, for its Spanish acronym).
Cortez also stated that the CMF assembled an on-site supervision team at Banco Estado's offices, and instructed that financial institution and the rest of the banking industry to adopt all necessary measures to safeguard the security of the information and resources of users of the financial system. "The Commission has closely followed the evolution of this incident, focusing at this stage on operational continuity, customer protection, and cautioning other financial institutions to adopt all necessary safeguards," added the Chairman.
Supervision and Regulation Framework
The Chairman of the CMF highlighted that the supervisory and regulatory framework on information security and cybersecurity for the financial industry has been steadily strengthened in recent years. He mentioned that the last step in terms of regulation was the issuance of the Information Security and Cybersecurity Standard in July 2020, which will come into force this December and raises the standard of requirements in this area, following international best practices.
Joaquín Cortez pointed out that the Basel III standards incorporated in the new General Banking Act consider capital charges associated with credit, operational, and market risks (Tier 1). In addition, Tier 2 empowers the supervisor to make additional capital requirements as a result of the supervisory process for risks not covered under the traditional framework.
However, the Chairman said that "there is still room to strengthen the institutional framework at the national level in cybersecurity, which is why it is important to encourage ongoing legal initiatives and promote the existence of specialized units in cybersecurity at all levels."
International Recommendations
The Chairman of the Financial Market Commission observed that international recommendations suggest oversight of cybersecurity risk management should focus on preparing institutions to reduce detection times, generate rapid responses, and limit contagion or impact to the rest of the industry. Along these lines, he said, the international practice is to involve the board of directors and senior executives to assume clear responsibilities on cybersecurity risk management so that financial institutions have protocols, roles (including the board), specialized teams, and execution of stress and scenario tests. "The role of the supervisor in this scheme is to ensure that the operational risk management and cybersecurity framework is in place and working properly," stated Cortez.
Next Steps
Joaquín Cortez declared that the Commission will continue to monitor Banco Estado's situation on-site and will adopt all measures within the scope of its powers to protect the security of the information of users of the financial system.