Regulatory Alerts2026-02-13 | A 8401Circular RUNOR 1-1947 CREFI 2-143: Minimum Requirements for the Management and Control of Technology and Information Security Risks. Expansion to Financial Entities. Update.
The Central Bank of the Argentine Republic (BCRA) issued Communication “A” 8401 to update and expand the Minimum Requirements for Technology and Information Security Risk Management (Circular RUNOR 1-1947/CREFI 2-143) to financial entities, payment service providers, and market infrastructures. The regulation mandates the implementation of robust third-party outsourcing frameworks, including prior notification for critical services, continuous risk monitoring, and strict compliance with international anti-money laundering standards. It establishes detailed governance structures, contractual formalization requirements, and transitional provisions effective from February 2026 to ensure operational resilience and aligned risk management across the financial sector.