Circular RUNOR 1-1951 SINAP 1-243: Disciplinary Regime of the Central Bank of Argentina (Laws 21.526 and 25.065) and Foreign Exchange Proceedings (Law 19.359). Payment Service Providers. Principles for Financial Market Infrastructures. Amendments.

2026 - YEAR OF ARGENTINE GREATNESS COMMUNICATION “A” 8411 20/03/2026 TO FINANCIAL ENTITIES, TO TRUSTEES OF FINANCIAL TRUSTS INCLUDED IN THE FINANCIAL ENTITIES LAW, TO ADMINISTRATORS OF CREDIT PORTFOLIOS OF PREVIOUS FINANCIAL ENTITIES, TO REPRESENTATIVES OF FOREIGN FINANCIAL ENTITIES NOT AUTHORIZED TO OPERATE IN THE COUNTRY, TO FOREIGN EXCHANGE OPERATORS, TO NON-FINANCIAL CREDIT CARD ISSUING COMPANIES, TO NON-FINANCIAL PURCHASE CARD ISSUING COMPANIES, TO OTHER NON-FINANCIAL CREDIT PROVIDERS, TO ELECTRONIC CLEARING HOUSES, TO ATM NETWORKS, TO PAYMENT SERVICE PROVIDERS, TO PAYMENT SERVICE PROVIDERS OFFERING PAYMENT ACCOUNTS, TO PEER-TO-PEER CREDIT SERVICE PROVIDERS THROUGH PLATFORMS, TO FINANCIAL MARKET INFRASTRUCTURES, TO SECURITIES CUSTODIANS, TO ELECTRONIC FUNDS TRANSFER NETWORKS, TO PAYMENT SERVICE PROVIDERS PERFORMING THE INITIATION FUNCTION, TO ADMINISTRATORS OF ELECTRONIC FUNDS TRANSFER PAYMENT SCHEMES, TO TRANSFER PAYMENT ACCEPTORS, TO CARD PAYMENT ACQUIRERS, TO PAYMENT INSTRUMENT AGGREGATORS, EXTRA-BANKING TAX AND/OR SERVICE COLLECTION COMPANIES:

Ref.: Circular RUNOR 1-1951, SINAP 1-243: Disciplinary Regime of the Central Bank of Argentina (Laws 21.526 and 25.065) and Foreign Exchange Proceedings (Law 19.359). Payment Service Providers. Principles for Financial Market Infrastructures. Amendments.

We address you to inform you that this Institution has adopted the resolution which, in its pertinent part, establishes:

1- Replace the second paragraph of point 2.2.1.2. of the consolidated text on Disciplinary Regime of the Central Bank of Argentina (Laws 21.526 and 25.065) and Foreign Exchange Proceedings (Law 19.359) with the following: “ To these effects, two groups of entities and subjects covered by the BCRA’s sanctioning power are distinguished in the table. Group A is composed of financial entities, electronic clearing houses, administrators of electronic funds transfer payment schemes, PSPs subject to registration with the BCRA, and systemically important financial market infrastructures, as well as their external auditors, and representations of foreign financial entities. It also includes other subjects, including those from Group B, that incur violations of articles 19 and 38 of the Financial Entities Law (LEF). Group B is composed of foreign exchange entities, their external auditors, and other subjects covered by specific BCRA regulations, without prejudice to cases where, due to the nature of the alleged violation, they are included in Group A under the terms of the preceding paragraph.”

2- Replace point 11.1.2. of the consolidated text on Disciplinary Regime... with the following: | 11.1.2. Execution of operations involving habitual intermediation between the supply and demand of financial resources without prior BCRA authorization. | Very High | 800 | N/A |

3- Replace point 11.9... with the following: | 11.9. Rules on internal control, internal audit and risk management. | | 11.9.1. Absence of relevant working papers regarding internal control and internal audit reports. | High | 150 | 75 | | 11.9.2. Irregularities detected and not included or mentioned in internal audit reports. | High | 150 | 75 | | 11.9.3. Internal audit procedures not performed or poorly performed on significant aspects. | High | 150 | 75 | | 11.9.4. Management or internal control flaws/weaknesses. | High | 300 | 75 | | 11.9.5. Audit Committee tasks not performed or poorly performed. | High | 150 | N/A | | 11.9.6. Other non-compliance with minimum internal control and audit system standards not covered in other points. | Medium | 60 | 30 |

4- Replace point 11.15... with the following: | 11.15. Non-compliance with minimum requirements for managing and controlling technology and information security risks, and with minimum requirements for managing and controlling technology and information security risks associated with digital financial services. | | 11.15.1. Technology and information security governance. | High | 200 | 100 | | 11.15.2. Technology and information security risk management. | High | 100 | 50 | | 11.15.3. Information technology management. | High | 150 | 75 | | 11.15.4. Information security management. | High | 150 | 75 | | 11.15.5. Business continuity management. | High | 150 | 75 | | 11.15.6. Technological infrastructure and processing. | Medium | 70 | 35 | | 11.15.7. Cyberincident management. | Medium | 70 | 35 | | 11.15.8. Software development, acquisition and maintenance. | High | 100 | 50 | | 11.15.9. Third-party relationship management. | Medium | 60 | 30 | | 11.15.10. Digital financial services. | Very High | 400 | 200 |

5- Replace point 11.19... with the following: | 11.19. Security measures. | | 11.19.1. Relevant non-compliance with minimum security measures regulated by the BCRA. | Very High | 500 | 250 | | 11.19.2. Non-compliance that removes and/or reduces the effectiveness of systems, devices or services normatively implemented to prevent the commission of criminal acts. | High | 300 | 150 | | 11.19.3. Non-compliance with security measures not classified as High or Very High. | Medium | 60 | 30 |

6- Replace point 11.22.2... with the following: | 11.22.2. Use of designations provided in the LEF or the Law on Foreign Exchange Houses, Agencies and Offices by unauthorized natural and/or legal persons that induce doubts and/or confusion regarding their nature. | High | 100 | N/A |

7- Incorporate, as new point 11.22 of Section 11..., the following point (renumbering subsequent existing points): | 11.22. Non-Financial Credit Providers. | | 11.22.1. Non-compliance regarding registration and documentation rules. | High | N/A | 150 | | 11.22.2. Non-compliance regarding the Consolidated Text on Interest Rates in credit operations. | High | N/A | 100 | | 11.22.3. Other non-compliance with the Consolidated Text on Non-Financial Credit Providers, except as provided in point 1.3. | Medium | N/A | 30 |

8- Incorporate as new point 11.23 of Section 11..., the following point (renumbering subsequent existing points): | 11.23. National Payment System. | | 11.23.1. Non-compliance with the definition and implementation of operational, technical and commercial rules of the payment scheme administered in accordance with the regulatory framework, and execution of actions to ensure compliance, including definition and application of fines to incentivize all participants' compliance with these rules. | Very High | 800 | N/A | | 11.23.2. Non-compliance with interoperability provisions. | Very High | 800 | N/A | | 11.23.3. Non-compliance with mandatory homologation and/or technological integration requirements, carried out by administrators of electronic funds transfer payment schemes. | High | 400 | N/A | | 11.23.4. Non-compliance with service availability provisions. | Very High | 800 | N/A | | 11.23.5. Non-compliance with limits on different types of immediate transfers. | High | 300 | N/A | | 11.23.6. Non-compliance with exchange rates and pricing provisions. | Very High | 500 | N/A | | 11.23.7. Non-compliance with settlement/crediting timeframes provisions. | Very High | 500 | N/A | | 11.23.8. Non-compliance with messaging provisions. | High | 300 | N/A | | 11.23.9. Non-compliance with consent provisions. | Very High | 800 | N/A | | 11.23.10. Other non-compliance with the Consolidated Text on NPS – Transfers. | Medium | 200 | N/A | | 11.23.11. Other non-compliance with the Consolidated Text on NPS – Transfers – complementary rules. | Medium | 200 | N/A | | 11.23.12. Other non-compliance with the Consolidated Text on NPS – Payment Services. | High | 400 | N/A | | 11.23.13. Other non-compliance with the Consolidated Text on NPS – Immediate Debit. | Low | 100 | N/A | | 11.23.14. Other non-compliance with the Consolidated Text on NPS – Direct Debit. | Low | 100 | N/A | | 11.23.15. Other non-compliance with the Consolidated Text on NPS – Electronic Clearing Houses. | High | 500 | N/A | | 11.23.16. Other non-compliance with the Consolidated Text on NPS – Checks and Other Negotiable Instruments. | High | 300 | N/A | | 11.23.17. Other non-compliance with the Consolidated Text on NPS – ATMs. | Low | 80 | N/A | | 11.23.18. Other non-compliance with the Consolidated Text on NPS – Electronic Payment Medium (MEP). | High | 300 | N/A | | 11.23.19. Other non-compliance with the Consolidated Text on Payment Service Providers. | High | 400 | N/A | | 11.23.20. Other non-compliance with the Consolidated Text on current and other demand accounts of financial and foreign exchange entities at the BCRA. | High | 200 | N/A | | 11.23.21. Other non-compliance with the Consolidated Text on Platforms for SME Financing. | Low | 50 | N/A | | 11.23.22. Other non-compliance with the Consolidated Text on Principles for Financial Market Infrastructures. | High | 400 | N/A |

9- Replace point 1.5 of the consolidated text on Payment Service Providers with the following: “ 1.5. Non-compliance and sanctions Both PSPs subject to registration as provided in Section 2, and those authorized by the BCRA to perform the functions of administrator of electronic funds transfer payment schemes or electronic clearing houses, and members of their government, administration and oversight bodies, are subject to the application of sanctions for non-compliance with BCRA regulations governing their activity, as provided in articles 41 and 42 of the Financial Entities Law and concordant provisions.”

10- Incorporate, to the list of systemically important financial market infrastructures provided in Section 5 of the consolidated text on Principles for Financial Market Infrastructures, to administrators of electronic funds transfer payment schemes authorized by point 6 of Communication A 7153 and amendments, the following subjects: Interbanking SA, Compensadora Electrónica SA, Newpay SAU and Red Link SA.

Furthermore, we inform you that we will subsequently send you the sheets to replace those previously provided, which must be incorporated into the consolidated texts of reference.

We respectfully greet you. CENTRAL BANK OF THE ARGENTINE REPUBLIC Alejandra I. Sanguinetti Néstor D. Robledo Deputy General Manager of Payment Means Deputy General Manager of Compliance and Control