PARAGUAY Law and Practice Contributed by: Juan Fiorio, Alejandra Corrales and Jean Saavedra, Fiorio, Cardozo & Alvarado
cant environmental and social impacts. The process of obtaining an Environmental Impact Declaration is specifically mentioned in the context of obtaining financing.
ICT incident response capabilities and busi - ness continuity plans. • Incident reporting and transparency: The document mandates reporting cloud service usage to the Central Bank. This is similar to DORA’s reporting requirements for ICT inci - dents, although not as comprehensive. • Oversight and supervision: The document clearly lays out the supervisory role of the BCP, demonstrating a mechanism for moni - toring and enforcing compliance. Similar oversight capabilities are crucial for the effec - tive implementation of DORA in the EU. The BCP is developing a regulatory environment for the purpose of facilitating financial inclusion. As part of this process, the BCP has announced a Basic Accounts Regulation for MSMEs and launched the Digital Economy Pilot Program. Through this programme, the aim is to support MSMEs with the goal of advancing the mod - ernisation and optimisation of financial trans - actions by reducing the use of traditional pay - ment methods in favour of digital systems that facilitate accessibility and a diversity of payment methods such as QR codes, debit, and credit cards, which will significantly contribute to the modernisation of business practices and finan - cial inclusion. Moreover, it is expected that the BCP will regu - late the IT security systems that financial insti - tutions must have to mitigate the risk of digital fraud, such as phishing or SIM swapping, which have increased in recent months. This regulation would aim to unify and standardise the security systems of the regulated entities. 11. Horizon Scanning 11.1 Regulatory Developments
10. DORA 10.1 DORA Requirements
In Paraguay, there are no regulatory require - ments related to DORA matters; however, Res - olution 10, Act No 43, dated 28 July, regulates the use of cloud computing services for banking and covers several areas that indirectly relate to the overall goals of DORA, namely enhancing the operational resilience of financial institutions. The overlap lies in the regulation’s focus on: • Third-party risk management: The regulation stresses the importance of managing risks associated with third-party service providers, including those offering cloud computing ser - vices. This aligns with DORA’s emphasis on managing risks from ICT third-party provid - ers. The regulation mandates due diligence on cloud providers, requiring specific certifi - cations and robust contractual agreements. • Cybersecurity and data protection: The document includes detailed requirements for cybersecurity, including data encryp - tion, access control mechanisms, incident response plans, and compliance with data protection laws. These provisions mirror DORA’s focus on ensuring the security and resilience of ICT systems. Specific standards, such as ISO 27001, are mentioned. • Business continuity and disaster recovery: The regulation emphasises the need for robust business continuity plans that include cloud services. This directly supports DORA’s requirement for institutions to have effective
439 CHAMBERS.COM
Powered by FlippingBook