CHILE Law and Practice Contributed by: Alberto Alcalde, María Catalina Zegers García-Huidobro and Pía Robledo, Puga Ortiz
approach ensures a smooth transition and minimises disruptions. Challenges or inhibitions Technical and operational barriers Institutions must develop and maintain secure APIs, which may require significant investment. Smaller institutions may face challenges in meeting technical requirements. Customer awareness The success of open banking depends on customer understanding and trust in data-sharing mechanisms. Lack of awareness could limit adoption. Regulatory complexity The law introduces detailed requirements for consent, security and interoperability, which may be challeng - ing for institutions to implement effectively. Comparison with Payment Services Directive 2 (PSD2 – Europe) Similarities Both frameworks emphasise the importance of cus - tomer consent, data security and standardised APIs. They aim to foster competition by enabling TPPs to access financial data. Differences PSD2 focuses on payment services and mandates access to payment account data, while the Chilean system has a broader scope, covering various finan - cial products and services. PSD2 is more mature, with established technical standards – eg, regulatory tech - nical standards (RTS) for APIs – whereas Chile’s open banking system is still in the implementation phase. 11.2 Concerns Raised by Open Banking Banks and technology providers in Chile are required to address data privacy and data security concerns raised by open banking through strict regulatory measures. An overview of how these concerns are being managed follows.
• Banks and technology providers must obtain explicit, informed and specific consent from cus - tomers before sharing their financial data. • Customers can revoke consent at any time, and providers are prohibited from using data beyond the scope of the authorisation. • Institutions must clearly inform customers about the type of data being shared, the purpose of shar - ing, and the validity period of the consent. • Open banking participants must adhere to Chile’s Data Protection Law, ensuring the confidentiality and proper handling of personal data. • Banks and technology providers must implement minimum security standards for data protection, including measures to ensure the confidential - ity, integrity and availability of information. These standards are defined by the CMF through general regulations. • Data exchange must occur through APIs that meet stringent security requirements. APIs must be interoperable and include mechanisms to prevent unauthorised access or data breaches. • Institutions are required to report security incidents to the CMF without delay and take immediate steps to mitigate risks. • Banks and providers must implement strong cus - tomer authentication (SCA) methods to verify the identity of users and ensure secure access to data. Authentication standards may include multi-factor authentication and encryption. • Banks and technology providers are investing heavily in cybersecurity infrastructure and API development to comply with regulatory require - ments. Smaller institutions may face financial and technical challenges in meeting these standards. • Banks are partnering with fintech companies and technology providers to leverage their expertise in secure data handling and API development. Industry-wide collaboration helps establish best practices and shared security protocols. • Institutions are focusing on educating custom - ers about the benefits and risks of open banking, as well as their rights regarding data privacy and security. Building trust is critical for adoption.
165 CHAMBERS.COM
Powered by FlippingBook