ARGENTINA Law and Practice Contributed by: Santiago J. Mora, Nicolas Garfunkel, Milagros Caneda and May Steward, GPG Advisory Partners
Regulation of Cybersecurity There is no uniform set of rules regarding cyberse - curity. Responsibility (including the indemnification regime) arising from the loss of information by fintech companies is governed, in principle, by the CCC, the CPL and the PDPL. Resolution 47/18 issued by the AAIP sets forth a series of recommended security measures aimed at facilitating compliance with the PDPL, including matters related to the collection of personal data, access control, control of changes, back-up and recovery, vulnerability management, information destruction, security incidents and devel - opment environments. Likewise, among other specific rules, the BCRA has established cybersecurity standards for banks and PSPs, and the CNV has issued similar standards for PSAVs. Regulation of Software Development Software development is generally regulated by the CCC and the IPL. 2.12 Review of Industry Participants by Parties Other Than Regulators In addition to regulators, other relevant players are actively involved in the sector. The most important fintech companies are grouped in the Argentine Fin - tech Chamber, and different bank associations rep - resent the interests of financial institutions. There are also important organisations that promote the use of blockchain technology in its various forms. 2.13 Conjunction of Unregulated and Regulated Products and Services In Argentina, there are several cases of industry par - ticipants offering unregulated products and services in conjunction with regulated products and services. Many fintech companies offer unregulated products and services in conjunction with regulated products. For example, Mercado Libre (an Argentine company that hosts the largest online commerce and payments ecosystem in Latin America) operates simultaneously from a single entity as a PSPCP, a PNFC and a mar - ketplace. Also, Mercado Libre offers its clients the possibility of investing in funds administrated by dif - ferent companies.
Moreover, the BCRA has allowed financial institutions to participate in fintech companies and provide ser - vices through these companies. Notwithstanding the above, it is worth mentioning that in May 2022 the BCRA prohibited financial insti - tutions from carrying out or facilitating their clients in carrying out operations with crypto-assets, which was also extended to PSPCPs in May 2023, banning these companies from carrying out and facilitating crypto- asset transactions for their clients. It is expected that this ban will be lifted in the short term. 2.14 Impact of AML and Sanctions Rules The reform of the AMLL that came into effect with the enactment of Law No 27,739 significantly impacted many fintech businesses, primarily by expanding the scope of reporting entities. Notably, the new reporting requirements now apply to all functions of PSP, PSAVs and PNFCs. Under the AMLL, these entities are required to fulfil several obligations, including: • registering with the UIF; • identifying ultimate beneficial owners; • demonstrating AML/CFT prevention procedures; • appointing compliance officers; • assessing the risk profile of each client; • conducting due diligence; and • investigating the origin of funds flowing through their platforms, etc. Regarding sanctions, the reform also introduced stricter penalties. The potential fines applicable in such proceedings have increased, and a new sanction allows for the disqualification of compliance officers in cases of non-compliance. 2.15 Financial Action Task Force (FATF) Standards Argentina’s AML and sanctions framework follows the standards imposed by the Financial Action Task Force (FATF). As a member of the FATF since 2000, Argentina aligns its regulations with the organisation’s recommendations.
19 CHAMBERS.COM
Powered by FlippingBook