CHILE Law and Practice Contributed by: Alberto Alcalde, María Catalina Zegers García-Huidobro and Pía Robledo, Puga Ortiz
Systems for Alternative Transactions Violations include manipulation of prices, fictitious transactions and failure to ensure transparency in market operations. Credit and Investment Advisory Services Violations include providing recommendations that are inconsistent, fraudulent or not aligned with client needs. Custody of Financial Instruments Violations include misuse of client assets, failure to segregate accounts and inadequate security meas - ures. Routing of Orders and Intermediation of Financial Instruments Violations include failure to meet transparency require - ments, conflicts of interest non-disclosure and opera - tional deficiencies. General Enforcement Mechanisms These include the following: • sanctions for infringements – the CMF can impose fines, suspend operations or cancel registrations for entities that violate the law or fail to meet regu - latory requirements; • intervention and oversight – in some cases of financial instability or operational risks, the CMF can appoint an intervention administrator to over - see the entity’s operations and ensure compliance; and • criminal and civil liability – severe violations, such as fraudulent activities or manipulation of financial markets, can lead to criminal charges and civil liability. Entities must report incidents, breaches or operational deficiencies to the CMF, which can trigger investiga - tions and enforcement actions. 2.11 Implications of Additional, Non- Financial Services Regulations Fintech participants are subject to additional frame - works concerning data protection, cybersecurity, advertising and software integrity.
Data Protection Law No 19,628 currently governs, but Law No 21,719 (published 13 December 2024) will replace it on 1 December 2026. This new regime introduces the Personal Data Protection Agency ( Agencia de Pro- tección de Datos Personales – APDP), mandatory data protection officers (DPOs) and data protection impact assessments (DPIAs), data portability, and fines of up to UTM20,000 or 4% of annual turnover. Cybersecurity Entities must comply with CMF General Rules 338 and 423. Additionally, the Framework Law on Cyber - security created the National Cybersecurity Agency ( Agencia Nacional de Ciberseguridad e Infraestructura – ANCI). OIVs must implement ISO/IEC 27001 sys - tems, appoint a chief information security officer (CISO) and report incidents to the computer security incident response team (CSIRT). Social Media NCG No 524 requires investment advisers with over 100,000 followers to register in the FSPR. Software Automated systems must meet CMF standards for reliability and objectivity, potentially requiring external certification. 2.12 Review of Industry Participants by Parties Other Than Regulators The CMF is the main regulator overseeing fintech activities, and it also indirectly supervises other enti - ties that may review the activities of industry partici - pants, including accounting/auditing firms, vendors and industry bodies. Accounting and Auditing Firms These firms may be engaged by fintech providers to ensure compliance with financial reporting standards, internal controls and governance requirements. Fintech providers often rely on external auditors for credibility and transparency, especially when seeking investment or partnerships. Legacy players typically have long-standing relationships with auditing firms, while fintech providers may need to establish these connections.
151 CHAMBERS.COM
Powered by FlippingBook