/ Fintech Law and the importance of addressing cybersecurity in Chile

October 12, 2022

The Fintech Law bill, currently approved in Congress, becomes important after the Judiciary filed a criminal complaint for a cyberattack. The urgency of developing cybersecurity in Chile is undeniable.


María Ignacia Ormeño Sarralde
Associate Attorney
Alessandri Abogados


The current context in Chile reveals the importance of cybersecurity in various aspects, after the systems of the Judiciary were attacked by a computer virus. Because of situations like this, the bill that promotes competition and financial inclusion through innovation and technology in the provision of financial services (Bulletin No. 14,570-05, called Fintech Law) is essential, as it addresses issues related to cybersecurity.

In accordance with the bill, recently approved in the Chamber of Deputies and only lacking its enactment to become law, some financial service providers will have to register in a registry managed by the Financial Market Commission (CMF), for which they will have to submit documents related to the management of risks associated with the financial service. One of the most relevant risks is related to cybersecurity. Once these entities are registered, they must design, approve and implement policies, procedures and controls to respond to the risks inherent to the business.

Based on this project, the CMF will be able to issue general applicability rules (NCG) related to risk management, including cybersecurity aspects. In addition, the CMF may establish differentiated requirements based on the risk associated with the type of products, financial services or type of data to which information-based service providers and payment initiation service providers will have access.

The rules issued by the CMF must safeguard the confidentiality, integrity and availability of data and information and prevent risks to information systems. Thus, they must seek to prevent unauthorized disclosures and/or modifications of information and unauthorized interruptions to technological systems.

This type of provision of financial services through innovation and technology must be carried out taking into account the security of the information accessed through this figure and the risk involved. Furthermore, those providing this type of financial services, according to the Fintech Law, in case of breaches of security measures, the institutions must report the security incidents to the CMF “without delay”, by the means and under the terms determined by the CMF itself, adopting the corresponding risk mitigation measures.

It is essential that the new laws that enter the National Congress and that involve information, provide for figures or mechanisms related to cybersecurity and information security. In this way, both the State and individuals would be aware of the technical measures that must be taken to prevent cyberattacks and to mitigate the risks associated with them. The idea is for the initiatives to be proactive and not reactive to possible attacks that may occur at the State or company level.