Close this search box.

Banks and finance companies: how are they affected by the BCU's new security rule?

The regulation aims to ensure the security of users of banks and finance companies and may involve changes to the technology they use.
Home " Blog " Networking " Banks and finance companies: how does the new BCU security rule affect them?

In recent years, the use of digital tools for financial transactions has increased. While this brings benefits for users (such as the ease of operating from anywhere and at any time, without having to go to a branch), it also entails different risks, such as fraudulent transactions, unauthorised withdrawals or identity theft.

The Central Bank of Uruguay(BCU), which regulates and supervises the functioning of the financial system, issued a resolution modifying the rules of the game.

Circular 2395: what is its purpose?

On 16 December 2021, from the Superintendency of Financial Services, the BCU published Circular 2395, addressed to issuers of electronic instruments.

The regulation, which comes into force on 1 April this year, aims to ensure the security of the users of these instruments, in order to avoid undesired movements. To this end, it establishes obligations and a sanctioning regime for companies in the financial sector.

To which entities does it apply?

The standard covers banks, finance houses, financial intermediation cooperatives, investment banks, external financial institutions, credit managers, financial services companies, money transfer companies and managers of peer-to-peer lending platforms.

The condition is that these entities are issuers of electronic instruments. What do we mean by this? An electronic instrument is defined as an electronic means of payment that enables transactions to be carried out via ATMs, the internet or other means(Law 19210, Title 1 on electronic means of payment, Article 1).

How to adapt practices to the new regulation?

The regulation implies that financial firms implement administrative changes, such as informing the customer about different risks to which he/she is exposed when using the electronic instrument or communicating procedures for reporting inconveniences.

In addition, technological modifications may be required to, inter alia, ensure:

  • The security of the system operating the instrument, so that transactions are not affected by technical failures or any other anomalies.
  • Authentication unambiguously by the customer or by third parties, with knowledge of the customer, with the ability to operate the electronic instrument.
  • Record of transactions, exchanges and operations to be made available to the customer as set out in the resolution.

Biometrics: the solution to the rescue for secure digital processes

Shopping online, carrying out banking transactions and accessing digital channels (both web and app) of companies are some of the actions that users carry out most often. Having security mechanisms to validate their identity is key to building trust. And this is where biometrics comes in.

According to a study by Juniper Research, this solution will be the big player in a few years: it will authenticate more than $3 trillion in transactions by 2025, up from $404 billion in 2020.

What does it mean to incorporate biometrics in the processes of financial institutions? It means that, for example, users can authenticate their identity remotely using an ID card and a selfie. This saves them from having to remember long and difficult passwords, a mechanism that is becoming obsolete and easy to crack. Users prefer simple, innovative and frictionless procedures.

For some platforms, such as VU's Secure Onboarding Process, it works like this: in the first instance, the tool recognises characteristic features (such as voice, face and fingerprints) and records them in a database. The system then analyses these features and derives characteristics that it will associate with that individual. When it comes to validating the identity, the system checks the data it obtains against the data it has stored in the database. If the characteristics do not match, the authentication is rejected.

In this way, it ensures identity verification, as well as preventing identity theft and transactions on behalf of third parties. Moreover, although it may not seem like it, it is an affordable technology for small and medium-sized enterprises.

A first step in finding out where your organisation stands is diagnosis, and this is one of the areas where we can help.

At Isbel we work together with VU to create digital identity solutions for strong authentication such as multi-factor authentication, as well as onbarding and biometric authentication, and anti-fraud solutions in case of theft of electronic instrument accounts.



Related Entries


Synchronism: from 0 to 5G

In the era of 5G, the demand for precision for telecommunications networks reaches unprecedented levels. Learn more about the synchronization universe and how we have moved towards accurate and standardized solutions such as NTP and PTP.

See more "