The General Law of Banks establishes the banking reserve in relation to the debt information of people in the banking system, except for justified exceptions in the delivery of said information that the law itself contemplates.
In line with the foregoing, article 14 of the General Banking Law establishes that the Commission for the Financial Market (“CMF” for it initials in Spanish) must maintain permanent and consolidated information on bank debtors, for the use of the institutions subject to its control. This, considering that the exchange of information on the characteristics of debtors and their level of indebtedness can have important benefits for the market, since it allows, among other aspects, to improve the knowledge of the banks about the characteristics of the applicants and a better prediction on the probabilities of payment, a better evaluation, greater credit mobility and more competition.
The use of such information by financial institutions is strictly confidential and exclusive, and for no reason must circulate in media outside the institution that receives it, except for legal exceptions.
In a context of credit expansion and development of new technologies for processing information, it is increasingly important to have robust and secure credit information systems that guarantee the proper handling of this information by financial institutions, following the best practices and standards for the treatment and use of data.
For the sending and handling of information on debtors of financial institutions, the provisions contained in the Updated Compilation of Bank Regulations (“RAN” for it initials in spanish) must be followed, which is currently subject to a proposal for regulatory modification by the CMF, which will be available until next May 20th for purposes of being evaluated and commented on in public consultation.
The regulatory proposal aims to update the current 6th paragraph of Chapter 18-5 of the RAN, on information management by financial institutions; to require such institutions to have an Internal Security and Information Management Policy on Debtors (PISMID for its initials in Spanish) that improves the standard on data processing, following international principles and best practices in the matter, as well as the guidelines on the management of information security and cybersecurity established in the RAN itself (Chapter 20-10).
The PISMID must consider, among other aspects, the information processing procedure with the justification of compliance with the applicable principles; a registration system for access to information and delivery of these records; the mechanism for appointing a person in charge of granting access to the different displays of the source information; as well as a registry with access permissions that must be updated at least once a year. Regarding the procedure of processing information of your debtors, you must incorporate the right of access; the right of rectification or modification in the event that it is proven by the owner that the personal data is erroneous, inaccurate or outdated; and the right of cancellation, if applicable; having at least one of its own communication channels specially dedicated to receiving and resolving claims that arise regarding debtor information.
The PISMID must be approved by the entity’s Board of Directors and be documented and available for review and supervision by the CMF. For the proper functioning of said policy and use of information, these processes must be updated, approved, and audited, both internally and externally, at least once a calendar year.
Additionally, the regulatory proposal is used to update the references to the new institutional framework, modifying the references to the Superintendence of Banks and Financial Institutions by the Commission for the Financial Market, numeral 7 on “Transitional Provisions” and the annex, since it refers to Instructions not current.
To access the full text of the regulatory proposal, go to: https://www.cmfchile.cl/institucional/legislacion_normativa/normativa_tramite.php