January 5, 2021 - The Financial Market Commission (CMF) has published for consultation a regulation providing instructions on operational risk management and cybersecurity, as well as periodic self-assessments in both areas for insurance and reinsurance companies. The consultation process will be open until January 26, 2021.
Said regulation intends to strengthen the supervision currently carried out by the CMF in this area. It establishes a framework for the evaluation of risk management associated with operational risk and cybersecurity. The proposal considers the experience of other jurisdictions that serve as a reference for Chile, as well as international recommendations regarding operational risk management systems.
The main elements addressed by the regulation in consultation are the following:
- Principles of an adequate operational risk management and cyber security system, which will serve as a basis for the Commission's evaluation of companies in this matter. This is done in the context of assessing the companies' solvency level pursuant to General Rule No. 325.
- An annual self-assessment on cybersecurity and a biannual self-assessment on operational risk regarding the compliance level of these principles. It must include action plans implemented by insurers and reinsurers to close any detected gaps.
- Mandatory reporting to the CMF of any cybersecurity-related incidents faced by insurance companies. This includes defining procedures for entities to share this information with the rest of the industry to protect both the system and its users.
Interested parties can access the Draft Rules and Norms section of the CMF website to check the details of the regulatory proposal and submit their feedback.