Recently, the Perú Libre Parliamentary Group presented Bill No. 3251/2022-CR, whose purpose is to regulate the responsibility of companies in the Financial System, with respect to computer fraud committed against users of this system in the face of active and fraudulent liabilities, establishing the actions that must be taken and determining the times for the resolution of the cases.
The purpose of said bill is to protect and guarantee active and passive operations carried out by users of the financial system, reducing economic damage and safeguarding good credit reputation.
Among the measures contemplated in the proposed standard, the obligation is prescribed for companies in the financial sector to return the amounts and/or cancel unauthorized operations reported by their users, in any case and no later than the business day following reported the incident. If the company has reasonable grounds to doubt the veracity of the report, it must inform the user and the Superintendency of Banking, Insurance and AFPs in writing, within the same term, attaching the evidence that supports its position, and it is the responsibility of the company to demonstrate that for said operation, all the verification mechanisms were activated that demonstrate that said operation was correctly registered.
The recently approved Fintec Law creates the Open Finance System (SFA), whose objective is to promote competition, innovation and inclusion in the financial system, facilitating the exchange of information between different service providers in this field.
This will occur through remote and automated access interfaces–known as application programming interfaces or “APIs”—, which will enable direct interconnection and communication between said providers without the need for a contractual relationship that binds them.
The SFA will function under the supervision and oversight of the Commission for the Financial Market (CMF) . It will correspond to it to dictate the regulation and instructions necessary for its adequate implementation and operation, as well as to supervise the fulfillment of the obligations of its participating institutions.
Below, we describe the main aspects of the operation of the OSS, including the information it will contain, the institutions that will participate in it and their roles, and the main deadlines established by law.
What kind of information will be exchanged?
The Fintec Law establishes a non-exhaustive list of information that must be exchanged through the SFA:
Information on general terms and conditions of financial products and services, and on customer service channels.
Identification information and registration of clients of financial products and services and their representatives.
Information on the commercial conditions contracted and the history of transactions of clients of financial products and services, such as checking, sight, provision of funds and savings accounts, credit cards, insurance policies, savings or investment instruments and operation services cards and similar means of payment.
Communications between financial providers for purposes of financial portability.
Data or information necessary for the provision of payment initiation services.
Other data or information related to financial products or services or initiation of other types of transactions that the CMF may define through a general rule.
While the information in points (i) and (iv) must be available in open data formats, that in points (ii), (iii), (v) and (vi) may only be shared to the extent that the respective clients have previously authorized it.
2. What type of institutions will participate?
The Fintec Law defines 4 categories of participating institutions:
Information Provider Institutions – are those that generate the information that will be available through the OSS, so their participation is mandatory. This category includes, among other institutions, banks, issuers and operators of cards or other means of payment authorized by the CMF, savings and credit cooperatives, insurance companies, general fund managers, stock brokers and compensation funds.
Information-Based Service Provider Institutions – are those that may consult, access and receive data from the Information Provider Institutions through the OSS. Although their participation is voluntary, as a general rule they must register in advance in a special registry in charge of the CMF. As an exception, duly authorized Information Provider Institutions and Financial Service Providers will not require new registration, but they will be subject to compliance with the same requirements applicable to entities whose participation is voluntary.
Payment Initiation Service Providers – are those that provide services to clients holding checking, sight or fund accounts, consisting of the instruction (on behalf of these clients and before Account Provider Institutions) to execute payment orders or transfers electronic funds charged to their respective accounts and means of payment. To operate legally, these entities must be registered in a special registry in charge of the CMF.
Account Provider Institutions – are the banks and financial institutions that provide checking, sight or fund accounts. Although they already qualify as Information Provider Institutions, the Fintec Law has specifically defined them to regulate their relationship with Payment Initiation Service Providers within the framework of the SFA. Their participation in the latter is therefore mandatory.
Diagram No. 1. Roles of the institutions participating in the OSS.
3. Will there be charges associated with its operation?
Information Provider Institutions may not charge Information-based Service Providers for the communication of customer data information requested through the SFA APIs. This, with the exception of the reimbursement of the direct incremental costs that must be incurred to meet the number of requests over the thresholds that the CMF must define based on public, objective, equitable and non-discriminatory conditions among the participating institutions.
The aforementioned requests for information may not give rise to the collection of commissions or additional charges to clients.
4. When will you start operating?
The CMF must issue the necessary regulations for the gradual implementation of the OSS within a period of 18 months from the publication of the Fintec Law in the Official Gazette. This regulation will be subject to prior public consultation procedures, regulatory impact assessment and reports from the National Economic Prosecutor’s Office.
Although the process will be gradual, the Fintec Law has also established certain maximum deadlines to complete the implementation. Counted from the entry into force of the regulations issued by the CMF, there will be 12 months for the registration of the entities that on the date of entry into force of the Fintec Law are providing Payment Initiation Services; 18 months for the full operation of the OSS in banks, card issuers and Payment Initiation Service Providers; and 36 months for full operation in the other participating institutions.
Diagram No. 2. Main terms of the SFA.
The SFA means a relevant step for the country on the path of open finance , so it is foreseeable that its operation will entail significant challenges for the participating institutions. Do not hesitate to contact us if you want to know more about the Fintec Law or its related topics.
For more information contact:
Natalia Gonzalez | Associate Group az Tech | ngonzalez@az.cl
On December 1, the Assembly No. 102 of the Federal Consumer Council (Cofedec) will be held in Paraná, organized by the General Directorate of Consumer Defense and Commercial Loyalty of Entre Ríos.
Officials of the National Secretariat of Commerce, of the Undersecretary of Actions for the Defense of Consumers and of the National Directorate of Consumer Defense and Consumer Arbitration, as well as directors of Consumer Defense from all over the country, They will participate in the assembly to deepen and coordinate policies and actions related to consumer rights and commerce.
The Federal Consumer Council is a body for coordinating policies related to issues related to consumers. It is made up of representatives of the National Government, the Autonomous City of Buenos Aires and all the provinces. In each of the Assembly, projects are debated and policies related to consumer issues are coordinated, where the national authority and the provincial authorities share experiences and develop policies together in order to defend and strengthen the rights of consumers.
The province of Entre Ríos, in addition to being a member of Cofedec, is part of the Agency’s body of Advisors on issues related to Consumer Education, by democratic election of all the member provinces.
In the last two assemblies that took place in Rosario, Santa Fe and Resistencia, Chaco, key issues will be addressed such as: competence of the Central Bank of the Argentine Republic in relation to financial consumption relations; direct damage and savings plans: National Insurance Superintendency; setting of general administrative procedures; sales through social networks; prepaid medicine: pre-existing, disability cases; competencies in aeronautical issues: referral to the National Civil Aviation Administration; banking problems: bank account blocking and abusive debt refinancing; credit card: summary challenge for charges revoked in a timely manner; among others.
The following are functions of the Federal Consumer Council:
a) Promote consumer or user education with the objectives of:
I) Strengthen freedom of choice and optimize rationality in the consumption of goods and services,
II) facilitate the understanding and use of the information provided to users and consumers by providers,
III) disseminate knowledge of the duties and rights of consumers and users and the most appropriate way to exercise them and,
IV) promote the prevention of risks that may arise from the consumption of products or the use of services.
b) Promote the homogenization of criteria regarding the application of public policies related to consumption, including proposals for modification and/or harmonization of current regulations on consumer protection.
c) Exchange information with the productive sectors in order to promote greater efficiency in the production and marketing of goods for consumption.
d) Promote the installation of public consumer or user information offices that fulfill at least the following functions:
I) disseminate the results of studies, comparative analyses, tests and quality controls on products and services and,
II) manage the reception, registration and acknowledgment of receipt of complaints and claims from consumers or users and their referral to the corresponding entities or agencies.
e) Stimulate the creation of consumer associations, maintaining a permanent exchange and collaboration with them and keeping updated national and provincial records of existing ones.
f) Collect information from public and private entities related to consumer protection.
g) Request the collaboration of the control entities and organisms with competence in the matter for a better attention to the problems of consumers and users.
h) Request the collaboration of public and private institutions, specialized departments of universities and any other technical body to carry out studies, comparative analyses, tests and quality controls on products or services and disseminate their results.
i) Propose to the competent authorities the granting of scholarships for the personnel affected by the departments, for the purpose of their permanent training in the matter of consumer protection.
j) Promote the exchange of information and collaboration to carry out actions aimed at consumer protection with international public and private consumer defense organizations.
k) Provide advice to the National Congress and the Provincial Legislatures regarding problematic consumer legislation.
l) Strengthen institutional relations with other official bodies with competence in consumption or regulatory bodies for public services.
On June 3, 2021, President Biden issued a memorandum declaring corruption as “a core United States national security
interest” and directing interagency coordination to develop a presidential strategy to “significantly bolster the ability of the United States Government… to combat corruption.” The memorandum states that corruption contributes to extremism and migration and provides the necessary means for authoritarian leaders to undermine democracies and to threaten the rule of law. Days later, in connection with a visit to Mexico and Guatemala, Vice President Harris announced that the U.S. Department of Justice (DOJ) would increase its efforts against transnational bribery in Guatemala, El Salvador, and Honduras.
On July 1, Secretary of State Antony J. Blinken issued the list naming several individuals, including current and former government officials, suspected of corruption and antidemocratic conduct in Guatemala, El Salvador, and Honduras. Mr. Blinken referred to this list in compliance with section 353 of the United States-Northern Triangle Enhanced Engagement Act.1 This list – known as the “Engel list” for its author, former U.S. Representative Eliot L. Engel – is composed of 55 names:
Guatemala: The list names 20 individuals, including high-ranking public officials who are currently in office or who served in previous periods. There is a former president, former ministers, current and former congressmen, magistrates of the country’s high courts, various lawyers, and leaders of non-governmental organizations.
El Salvador: The list includes 14 names among which are high-ranking public officials, including members of the current government such as ministers, members of the Legislative Assembly, government advisers, a former member of the Supreme Elector Court, a former mayor, and some businessmen.
Honduras: There are 21 individuals listed, most notably a former first lady, current and former congressmen, and a former director of Inversión Estratégica de Honduras (INVEST-H).
The Engel list is compiled based on an analysis by the Department of State of classified and non-classified information and a subsequent determination that the named individuals have (1) knowingly participated in actions that affect democratic processes or institutions, (2) have knowingly engaged in significant acts of corruption, and (3) have knowingly engaged in obstructing investigations of such acts of corruption, including those related to government contracts, bribery and extortion, facilitation payments, as well as money laundering, violence, harassment, and intimidation of investigators of
governmental and non-governmental corruption.2 As a result, the individuals named may face sanctions, including (1) ineligibility to receive visas or other documentation to enter the U.S., (2) ineligibility to be admitted or paroled into the United States or to receive any other benefit under the Immigration and Nationality Act (8 U.S.C. 1101 et seq.), and (3) revocation of current visas.3
What steps should businesses and investors take if they are associated with the people listed?
Carry out a risk assessment focused on potential points of contact between your organization and the individuals listed.
Evaluate all aspects of the relationship between your business and the relevant individual(s), including:
– Level of authority and influence toward or within your organization
– All points of contact, including involvement in transactions involving your organization
– Payments made to and received from the listed person
– Any business determinations or cases involving current or former government officials (e.g., pending cases with
judges or magistrates who have been enlisted).
In the event compliance risks are identified, develop a plan for remediation and evaluate the need for further internal
investigation.
1.The United States-Northern Triangle Enhanced Engagement Act passed in December 2020 (included in the omnibus appropriations and COVID-19
relief package) to support the people of Central America and strengthen the national security of the United States by addressing the fundamental
causes of migration from El Salvador, Guatemala, and Honduras (the Northern Triangle). In accordance with this law, strategies will be developed for economic development, to combat corruption and to deal with other problems in these countries.See All Information (Except Text) forH.R.2615 – United States-Northern Triangle Enhanced Engagement Act; U.S. House of Representatives Comm. on Foreign Aff., Engel U.S.-Northern Triangle Enhanced Engagement Act Passes Congress.
2. See Consolidated Appropriations Act of 2021, Pub. L. No. 116-260, § 353(b), 134 Stat. 1182, 3130 (2020).
On March 22, Congress sent to the Executive the bill on computer crimes, which defines eight new criminal offenses, repealing the old law that governed this matter and adapting the regulations to the provisions of the Budapest Convention.
The new norm -which will come into effect once the law is enacted and published- penalizes various conducts, updating our regulations to the current reality and at the same time establishing the criminal liability of the legal person when these crimes are committed within an organization. that it has not implemented adequate models for the prevention of these crimes.
Indeed, the old Law No. 19,223, which has been in force since 1993, typifies criminal figures related to computing. it sanctioned only four types of conduct (computer sabotage, computer espionage, the disclosure and alteration of data) and was manifestly outdated. Thus, this new regulation covers these facts from a more adequate perspective, considering the advancement of technology and the possibilities of criminal behavior related to information technology.
In this sense, the penalty for computer fraud stands out in the first place, one of the most anticipated figures by legal operators to sanction scams committed through computerized means, such as fraud at bank tellers. In turn, improper access to computer systems and the receipt of computer data is sanctioned, this being one of the newest crimes, which punishes those who market, transfer or store computer data obtained through the commission of access crimes. illicit, interception or computer forgery.Additionally, computer forgery is typified, which includes the malicious introduction, alteration, deletion or suppression that generates inauthentic data with the purpose of making them pass as “authentic or reliable” by a third party. Another of the new crimes is illegal interception, which penalizes anyone who improperly intercepts, interrupts or interferes with non-public transmission between computer systems.
For its part, the abuse of devices punishes the facilitator of technological means and computer tools that are suitable for committing the crimes of attacks on systems and data, illegal access and computer interception, as well as for the perpetration of conduct. Finally, the attack on the integrity of a computer system and the attack on the integrity of computer data are penalized.
One of the controversial aspects of the bill was the restriction imposed on ethical hacking, since the crime of improper access was typified in a general way, allowing the violation of computer systems only with the authorization of its owner. Thus, unauthorized access, even when performed for the ethical purpose of identifying failures in computer systems and reporting them to the owner for repair, constitutes conduct sanctioned by the legislator.
In consideration of this new regulation, it is recommended that companies carry out a risk assessment and adapt their crime prevention model in order to implement the appropriate mitigation measures to reduce the risk of committing these acts within them.
For more information and advice on the adaptation of crime prevention models for the incorporation of these new legal risks, you can contact:
On May 16, 2013, Law No. 12,813/2013 (“Conflict of Interests Act”)[1] was enacted regulating conflict of interests arising from the relations with government officials of the Federal Executive branch. In particular, Article 5, Item IV, of the Conflict of Interests Act establishes that a conflict of interests emerges when a government official “acts, informally or not, as attorney-in-fact, consultant, advisor or intermediary of private interests in the public bodies or government entities of the public administration, direct or indirect, from Federal, State and City levels and the Federal District”.[2]
To shed light to the scope of application of Article 5 aforementioned, Decree No. 10,889/2021[3] (“Decree”) was – recently – enacted in December 2021. According to the Decree,[4] federal governments officials are allowed to receive hospitalities from private players, including meals, as long as a few criteria are fulfilled, such as: (i) the specific public body or government entity to which the official is subject should allow (or not expressly prohibit) the receival of hospitalities; (ii) the hospitality should be directly related to legitimate interests’, as well as occur under appropriate circumstances of professional interaction; and (iii) the hospitality’s value should be compatible with the standards adopted by the federal public administration in similar occasions. Lastly, it should not characterize personal benefit for the government official.
Regarding the specifics of each public body or government entity, it is worth mentioning the standards provided by Code of Conduct of the Federal Administration (“Code of Conduct”),[5] which are most commonly reflected. The Code of Conduct is applicable to ministers and secretaries of state; individuals holding high ranked positions in the federal government, presidents and directors of federal agencies, independent government agencies, public funded foundations, public companies, and mixed-capital companies.[6]
The Code of Conduct sets forth that “the public authority shall not receive salary or any other type of income from a private source forbidden by the law, nor receive transportation, travel expenses or any kind of favors from private entities which could raise doubts about the public authority’s probity or honorability”.[7] Thus, provided that the “courtesy” does not raise distrust on the government officials’ integrity, the Code of Conduct allows such hospitalities.
We identified one ruling by the Office of Comptroller-General involving the offering of meals to government officials.[8] The restaurant chain Madero was found guilty of having paid undue advantages to inspectors of the Ministry of Agriculture, Livestock and Food Supply by means of cash and meals. Nonetheless, no further details were made available by the Office of Comptroller-General, providing no clarifications onto the criteria for hospitalities to government officials.
The Office of Comptroller-General also published the “Integrity Program: Guidelines for Legal Entities”,[9] where it outlines standards for companies to implement effective integrity programs. Regarding the policy on offering hospitalities, freebies, and gifts, the Office of Comptroller-General understands that companies should bear in mind the following:
“Offering freebies, gifts and hospitality cannot be associated with the intention to obtain undue gains for the company, to compensate for a contract awarded or characterize an implicit or explicit exchange of favors or benefits;
Before offering any type of hospitality, freebies or gifts, the employee or representative must ensure that his or her act complies with the local rules and the legislation regarding transnational bribery (i.e.: FCPA, UK Bribery Act, Brazilian Anti-Corruption Law) and the policies and internal rules of the legal entity of the person who will receive the hospitality, freebie or gift;
Expenses must be reasonable and in accordance with the local legislation, the limits of which must be stipulated by the company itself;
No type of hospitality, gifts or presents may be provided with unreasonable frequency or to the same receiver in a way that may suggest suspicion or impropriety;
Invitations involving travel and related expenses must be clearly associated with the company’s activities whether to promote, show or present products and services or to enable the performance of potential contracts;
Indicators must be created for the employee himself/herself to be able to develop his/her critical ability to assess how reasonable it would be to propose a given action regarding hospitality or an offer of gifts or presents. For example, employees can be guided by a basic list of questions: (i) what is the intention involved?; (ii) Besides promoting the company’s business, does the action involve anything that should be kept in secrecy?; (iii) Would reporting the situation to the external public – for example, as a news article of a high circulation newspaper – represent a drawback to the company?; and (iv) Would the company be misinterpreted? and
Employees or representatives must be told who in the company they should turn to should they have any questions about practical situations involving hospitality, freebies or gifts”. (emphasis added).
Although no explicit and unequivocal value standard is provided, three conclusions can be drawn from the guidelines above. First, that the reasonableness of the hospitality’s expenses should be perceived within the context in which it occurs, giving companies room for determining the precise amounts. Second, that the frequency of such hospitalities is also relevant, which means that a one-off meeting would hardly be construed as improper per se. And finally, that the hospitality should be intended to foster the companies’ business activities.
From all the above, we understand that prior to offering any kind of hospitality to government officials, companies should assess whether the criteria set forth in the Decree were observed. Although Brazilian legislation and regulation do not provide crystal clear guidelines on which hospitalities would violate the Brazilian Anti-Corruption Law, the Office of Comptroller-General’s standards allow companies to have a more precise course of action, offering hospitalities, including meals, that: (i) accommodate with the circumstances where they are intended to occur; (ii) are not frequent; and (iii) pursue the company’s business purposes.
[2] In Portuguese, “Art. 5º Configura conflito de interesses no exercício de cargo ou emprego no âmbito do Poder Executivo federal: (…) IV – atuar, ainda que informalmente, como procurador, consultor, assessor ou intermediário de interesses privados nos órgãos ou entidades da administração pública direta ou indireta de qualquer dos Poderes da União, dos Estados, do Distrito Federal e dos Municípios;”.
[4] In Portuguese, “Art. 19. As hospitalidades de que trata o inciso V do caput do art. 5º poderão ser concedidas, no todo ou em parte, por agente privado, desde que autorizado no âmbito do órgão ou da entidade. § 1º A autorização a que se refere o caput observará: I – os interesses institucionais do órgão ou da entidade; e II – os riscos em potencial à integridade e à imagem do órgão ou da entidade. § 2º Os itens de hospitalidade: I – devem estar diretamente relacionados com os propósitos legítimos da representação de interesses, em circunstâncias apropriadas de interação profissional; II – devem ter valor compatível com: a) os padrões adotados pela administração pública federal em serviços semelhantes; ou b) as hospitalidades ofertadas a outros participantes nas mesmas condições; e III – não devem caracterizar benefício pessoal. § 3º A concessão de itens de hospitalidade poderá ser realizada mediante pagamento: I – direto pelo agente privado ao prestador de serviços; ou II – de valores compensatórios diretamente ao agente público, sob a forma de diárias ou de ajuda de custo, desde que autorizado pela autoridade competente”.
[6] In Portuguese, “Art. 2º As normas deste Código aplicam-se às seguintes autoridades públicas:I – Ministros e Secretários de Estado;II – titulares de cargos de natureza especial, secretários-executivos, secretários ou autoridades equivalentes ocupantes de cargo do Grupo-Direção e Assessoramento Superiores – DAS, nível seis;III – presidentes e diretores de agências nacionais, autarquias, inclusive as especiais, fundações mantidas pelo Poder Público, empresas públicas e sociedades de economia mista”.
[7] In Portuguese, “Art. 7º A autoridade pública não poderá receber salário ou qualquer outra remuneração de fonte privada em desacordo com a lei, nem receber transporte, hospedagem ou quaisquer favores de particulares de forma a permitir situação que possa gerar dúvida sobre a sua probidade ou honorabilidade”.
[8] BRAZIL. Office of Comptroller-General. Proceedings No. 00190,105384/2018-01. Defendant: Madero Indústria e Comércio S.A. Plaintiff: Office of Comptroller-General. President of Commission: Antônio Augusto Sousa Fernandes. Brasília, September 15, 2020. Available at: Ruling by the Office of Comptroller-General (in.gov.br)
On May 16, 2013, Law No. 12,813/2013 (“Conflict of Interests Act”)
