Regulatory Alerts2025-07-17 | A 8280Circular RUNOR 1-1910: Cyberincident Response and Recovery (RRCI) Guidelines - Adaptations
The Central Bank of the Argentine Republic (BCRA) issued Circular RUNOR 1-1910 to mandate mandatory cyberincident notification procedures for financial entities, payment service providers (PSP), and systemically important market infrastructures. The circular replaces existing response guidelines, introduces a three-tier incident categorization (critical, important, non-relevant), and establishes strict reporting timelines requiring initial notifications within one hour, frequent updates for prolonged incidents, and closure reports within five calendar days. It further standardizes email reporting formats, extends a 60-business-day implementation window for non-payment-account PSPs, and repeals the previous Communication B 11847 to ensure unified regulatory compliance.