MARCH 30, 2023

Fintech Department Bulletin | Fintech Legal News in Argentina No. 22.

BULLETINS

In this bulletin, you will find a selection of the main legal news related to the fintech and digital banking market in Argentina.

Content
• A new exception to banking secrecy with an open-banking taste
• DEBIN 3.0 vs. Pull transfers
• The role of the Complementary Agent loses functions and attractiveness
• Cybersecurity and anti-fraud measures are enhanced
• Amendments to AML rules applicable to banks (including digital banks)
• Recent developments in crypto-assets
• FX measures to support the knowledge-based economy
• Foreign exchange difficulties for cross-border payment facilitators
• Depuration of the PSP Registry
• Implementation of PUSF standards on PSPCPs and PSIs has begun
• New information and reimbursement regimes come into effect
• Crowdfunding and crowdlending developments
• New developments in digital financing for SMEs

 

A new exception to banking secrecy with an open-banking taste

Financial secrecy may be lifted upon the user’s request

Although the Central Bank of Argentina (“BCRA”) continues without expressly stating its position on the open-banking international trend, the regulator keeps silently establishing measures that help lay the foundations for the development of this model.

In a new rule that went practically unnoticed, last March 6, the BCRA issued Communication “A” 7711, by means of which it amended the Financial Secrecy regime, including a new specific exception that formally opens the door for banks to lift the banking secrecy of passive operations (e.g. balances in their clients’ accounts) when the owner of the data gives its consent to such effects.

Thus, the new exception introduced by the BCRA allows banks to lift the financial secrecy in “those cases in which the person under investigation expressly agrees that the requesting agency may access his passive operations, or at the request of the owner of the data, including, in the case of legal entities, their internal control bodies.”

This measure is extremely important for the development of open banking in Argentina, because until now there were some doubts as to whether the user’s consent was sufficient for banks to share their information with other participants in the financial or payment system, since Law 21,526 establishes a strict secrecy regime of public order that did not include this proviso in its list of exceptions. Although the BCRA had already issued some interpretations in the past that allowed inferring the possibility of lifting the secrecy at the user’s request, this new measure clears all doubts in this regard and brings legal certainty to the system. Notwithstanding, the BCRA clarifies that those who receive the disclosed information must maintain the same duty of confidentiality.

DEBIN 3.0 vs. Pull transfers

DEBIN 3.0 gains ground as a tool for account enrollment

In view of the operational difficulties that have so far delayed the implementation of the immediate pull transfer system set forth by the BCRA under Communication “A” 7514, the adoption of the immediate debit -DEBIN- is gaining ground as a tool for enrolling accounts in third-party wallets and instructing remote account debits, thanks to the extension of its functionality to operate also with PSP’s payment accounts (as established by that same Communication).

In the last few months the main virtual wallets in the market have introduced DEBIN in their applications as an alternative for making top-ups in their payment accounts by debiting funds against other bank (or payment) accounts.

Given that the DEBIN is an automatic system with centralized clearing, it allows PSPs to improve the user experience when loading funds since it reduces the ability of the entities receiving the debit to block or impose limits on transfers. However, the DEBIN (in its recurrent modality) still allows users to make automatic chargeback funds up to 30 days after the debit has been made, so its use still involves certain contingencies.

The role of the Complementary Agent loses functions and attractiveness

The activities that they could carry out are reduced

At some point, it was speculated that the role of Complementary Agents created by the BCRA in 2018 would be the figure that would allow expanding the adoption of banking as a service or embedded finance models in the country since it originally allowed financial entities to delegate practically any of their active and passive operations to non-financial third parties.

However, at the end of 2022, a new limitation on delegable activities was imposed by Communication “A” 7566 issued by the BCRA in August last year. As per this new restriction, financial entities may only delegate to Complementary Agents the activities of cash deposits and withdrawals, payments and collections, and the payment of social security benefits, as well as the attention of related services and of the accounts where they are deposited.

This new limitation, added to the requirement of prior authorization from the regulator established by the BCRA at the end of 2020, makes the role of Complementary Agent lose its initial appeal so that probably the banking as a service or embedded-finance alliances generated by banks will continue to be structured through the figure of “outsourcing” of IT services or other types of sui generis contractual figures, where banks cannot completely disengage themselves from the attention of their customers.

Cybersecurity and anti-fraud measures are enhanced

Due to the increase in claims and digitalization

In recent months, there has been a growing concern in the financial and payment industry regarding the increase in fraud situations, as a natural consequence of the expansion in the use of electronic payment tools and means.

During 2021 and 2022, the BCRA established some measures aimed at strengthening security protections in bank and non-bank digital wallets (for example, through Communications “A” 7328 and 7463) and, even at a market level, in September last year an unprecedented agreement was reached between the different associations of financial institutions and the Argentine Fintech Chamber to improve the security of users.

Although until now these measures and agreements left some margin for their operational implementation, this year we are beginning to see some clarifications regarding the type of measures and specific protection technologies that are expected to be adopted by the different entities.

For example, on January 30, the Commission of Means of Payment (CIMPRA) published its Bulletin 533, which exemplifies international best practices for the implementation of security measures, such as “strong customer authentication”, which is a standard required by the regulator for various scenarios. These recommendations are aimed primarily at entities that participate in immediate transfer schemes.

Also, last March 10, by means of Communication “A” 7724, the BCRA reformulated its rules on “Minimum Requirements for the management and control of technology and information security risks”, which used to establish the security measures that financial entities (and their outsourced service providers) should adopt for their electronic channels. Although the new version of these standards maintains most of the technical measures that were previously in place, the governance structure of the information systems has been greatly strengthened.

What is interesting about this new Communication is that it seems to have been drafted to apply to both financial and non-financial entities (it now refers to “entities” in a broad sense), but in its list of obligated parties, it only included financial entities. This suggests, however, that perhaps in the not-too-distant future, these same rules will also apply to non-financial entities, continuing the trend that the BCRA has been adopting in recent years of “leveling” the regulatory playing field between banks and non-banking companies.

Amendments to AML rules applicable to banks (including digital banks)

Updated requirements for remote KYC

In line with the increase in cyber-protection measures, at the beginning of February of this year (effective as of April), the Financial Information Unit (“FIU”) issued Resolution 14/2023, repealing the previous Resolution 30-E/2017, which established the specific rules that financial and exchange entities must adopt regarding AML and KYC.

Among the new developments of interest to the sector, we highlight certain amendments made with respect to the identification of non-present customers, which especially refer to the recruitment and onboarding of users through electronic or digital channels.

In this regard, we note that in this aspect the new regulation has resembled its wording to the requirements established for card operators (Resolution UIF (FIU) 76/2019), placing greater emphasis on rigorous biometric identification techniques and reducing certain amplitude or flexibility enjoyed by financial entities in the previous wording of the regulation.

Recent developments in crypto-assets

AML measures are strengthened, but the regulatory focus remains confusing

Among the modifications that the Financial Information Unit (“FIU”) established for financial entities in Resolution 14/2013 mentioned above, certain circumstances are provided for in which financial entities must adopt continuous monitoring measures, as well as alerts and automated controls, following typologies and guidelines issued by the FIU and/or other international organizations (e.g. FATF). Among the special circumstances mentioned, it now included the situation where “the client operates or its main activity is related to virtual assets“.

Although a similar conclusion could already be derived from the old Resolution UIF (FIU) 300/2014, the fact is that the introduction of this novelty could lead banks to enhance their monitoring measures (on opening and maintenance of accounts) in relation to exchange companies or even PSPs operating exclusively with crypto businesses, following not only local guidelines that may be established by the FIU but also international standards that have been promoted by the FATF for some time.

In this last sense, at the beginning of March this year, the Securities Exchange Commission (“CNV”) organized together with the FIU a meeting with markets and chambers to inform about the procedure of the FATF evaluation to be carried out in 2024 regarding the implementation of improvements in the local AML system. In such meeting, the president of the CNV highlighted the bill of law submitted last year to reform the AML legal regime (which provides for certain regulations on providers of services with virtual assets), as well as the bill of law submitted last year that promotes certain regulation for advertising the offer of crypto-assets as an investment. Both drafts, which have the public support of the CNV, have not been further treated in the parliamentary process yet.

These public initiatives of the CNV, together with the Fintech Hub it launched last year, seem to outline this agency as the most willing authority to lead some regulatory guidelines for the sector. However, it will have to be seen how far its impetus can go, taking into account that so far, in its last statement on the subject, it continued to maintain that crypto-assets do not meet the necessary elements to be considered “negotiable securities”.

Different is the case of the Federal Tax Authority (“AFIP”), which in the middle of last year issued an internal statement, through Opinion 2/2022, by means of which it decided to assimilate crypto-assets with negotiable securities, to determine their taxability in the Personal Property Tax.

On the other hand, the governmental agenda tries to show some interest and impulse for the sector. Thus, for example, at the end of 2022, the National Government, through Resolution No. 17/2022 issued by the Public Innovation Secretary, created the “National Blockchain Committee” and approved the “National Blockchain Guidelines”, whose main objective is to “promote the development of public policies and technological solutions based on Blockchain“, in line with a similar initiative announced by the Government of the City of Buenos Aires in the middle of last year. However, not much practical application derived from these announcements has been seen yet.

FX measures to support the knowledge-based economy

The possibility of applying foreign currency to the payment of salaries was regulated and a half sanction was issued for the “Mono-Tech”

Continuing with that intention to support digital activities, at the beginning of this year the BCRA finished regulating the “Promotion of Investments for Exports of Knowledge-Based Economy Activities Regime” that had been created by Decree 679/2022 and Resolution 234/2022 of the Knowledge-Based Economy Secretary at the end of last year.

By means of Communications “A” 7664 and 7669, the BCRA formalized the exceptions for the liquidation of foreign currencies for exports of services of the sector, as well as enabled a special account for the deposit of such foreign currencies, so that they may then be destined to the payment of remunerations in foreign currency of personnel registered in a dependency relationship.

However, there are still some doubts regarding the accounts in which the payments of such remunerations in foreign currency should be made, considering that the “salary accounts” (with their associated benefits) can only be operated in Pesos and the BCRA has not provided any clarification in this respect.

On March 28th, the Chamber of Deputies of the National Congress gave partial sanction to Bill 016-PE-2022, known as “Mono-Tech”, which aims to establish a simplified tax regime and a special exchange regime for the tech industry freelancers and also for e-sports that provide services from Argentina to other countries. This regime would apply to those service providers who received a gross income of less than US$30,000 over the last 12 months, exempting them from converting the currencies obtained for such services into Argentine pesos to the extent that they deposit them in special local bank accounts in US Dollars. The treatment of the project in the Chamber of Senators is still pending.

Foreign exchange difficulties for cross-border payment facilitators

Delays in obtaining approvals from the Secretary of Commerce

After the implementation of the new SIRASE system at the end of last year, established by AFIP General Resolution 5271/2022 and BCRA Communication “A” 7622, several cross-border payment facilitators, mainly of digital services, have had difficulties in acquiring and remitting the foreign currency corresponding to merchants abroad, due to delays in the approval that needs to be issued by the Secretary of Commerce with respect to such payments.

In this regard, it has become critical for these companies to determine the “concept code” of payment of services used to access the official foreign exchange market, because, as it appears from the SIRASE system website, certain concepts require prior approval from the Secretary of Commerce, while others only require the approval of the economic-financial capacity granted by AFIP.

The delay in obtaining these authorizations puts these companies in the dilemma of either continuing to wait for the approvals to acquire the foreign currency at the official exchange rate, or making the transfers through the “blue-chip-swap” market, with the consequent extra conversion cost that this entails, and the temporary loss of access to the official exchange market, pursuant to the provisions of Communication “A” 7552 of the BCRA issued in July of last year.

Depuration of the PSP Registry

First delisting cases from the PSP Registry due to failure to start operations

On March 22nd, 2023, expired the deadline to start operations for those PSPs registered as such before September 22nd, 2022, to avoid automatic deregistration, as provided in BCRA’s Communication “A” 7613 (issued in September 2022). By means of such Communication, the BCRA imposed that all companies that were registered in the PSP Registry should start operations within 6 months of obtaining the registration, under the penalty of automatically losing the registration. A procedure for deregistration was also established for those companies that wish to voluntarily withdraw from the Register.

During the months of February and March of this year, the BCRA sent notices to most of the PSPs urging them to inform their date of commencement of operations in the corresponding application. In the last few days, the first delisting cases from the Register of PSPs have already begun to be seen.

One of the main concerns raised by some companies regarding this Communication is the lack of precision on the meaning of the term “start of operations”. Likewise, some doubts arose in relation to the date to be reported in the application, since it only allowed to enter a date subsequent to the registration in the PSP Registry, even if the company had effectively started its operations before such date.

This new regime of deregistration and peremptory deadlines for the start of operations will surely represent a higher entry barrier to the PSP Registry, since companies wishing to register will now have to have a concrete plan to launch operations, which was a condition that was not required until now.

However, it is also true that, on the same date that the BCRA established this new deregistration regime, it partially lifted the requirement that it had imposed on banks at the end of 2021 to place 100% of the deposits for PSPCP account balances with the BCRA. By means of Communication “A” 7611, banks were again allowed to allocate up to 45% of such deposits to the subscription of certain treasury bonds.

Implementation of PUSF standards on PSPCPs and PSIs has begun.

Doubts arise as to the analogical application of certain provisions

Following the line that the regulator has been showing in recent years of trying to “level the playing field” and gradually raise entry barriers, at the beginning of March of this year the application of the BCRA rules on Financial Services Users’ Protection (known as “PUSF” rules) also began to apply to PSP that offer payment accounts (PSPCP) and payment initiators (PSI), with their associated regulatory burdens, under the provisions of BCRA Communication “A” 7593.

Although many of the provisions contained in the PUSF rules reflect similar requirements contained in general consumer protection rules to which PSPCPs and PSIs were already subject, the PUSF rules introduce some specific issues that require adaptations, such as (i) the creation of an area for dealing with user complaints, with dedicated personnel, (ii) the provision of certain information regimes, (iii) the introduction of certain minimum clauses in contracts, (iv) specific rules on fees and charges, and (v) advertising issues.

One of the biggest challenges faced by PSPCPs and PSIs that have had to adapt to the PUSF rules is that the BCRA has decided to extend these rules by simple analogy to those that apply to financial institutions and non-financial credit providers already previously covered by this regime, which requires in many cases to conduct a careful analysis of when certain provisions should or should not apply to the business of PSPCPs and PSIs.

In this sense, the new version of the PUSF rules states that “These rules apply to all regulated entities (…) according to the types and functionalities of their particular operations and the types of transactions, relationships and contracts they enter into with users of financial services“, which avoids automatic analogies, although it is possible that the BCRA may have to issue at some point certain interpretative clarifications for some specific issues, as it has done towards the end of last year with respect to the wallets regulations.

New information and reimbursement regimes come into effect

On user claims, transparency, compliance and… butcheries

With the aforementioned application of the PUSF rules on PSPCPs and PSIs, the requirement of certain additional information regimes on these PSPs, derived from such rules, also begins.

Thus, by means of Communication “A” 7699, the BCRA clarified that as of March 1st of this year, the information regime of Claims began to apply to PSPCPs and PSIs, while only PSPCPs must also comply with the information regime of Transparency (sections B and D of Chapter II).

As is the case with the analogical application of the PUSF rules, some doubts also arise with respect to the application of these regimes to PSPs (mainly the Transparency regime), given that the formats currently in existence for providing such information do not include in their list the typical products offered by PSPCPs. It will also be necessary to see here if at some point the BCRA makes further clarifications (as it has already happened with Communication “A” 7729, which clarified some format issues).

On the other hand, the same Communication “A” 7593 that extended to PSPCPs and PSIs the application of the PUSF rules also incorporated a new compliance report that these PSPs must submit annually to the BCRA. Although it was initially foreseen that this report would cover compliance with all regulations applicable to PSPs, the BCRA later clarified (through Communication “A” 7712) that the report should only cover compliance with the PUSF regulations. Further details on this report are expected when the BCRA publishes the corresponding model and establishes the date of its first presentation.

As regards compliance reports, last February was the deadline for the administrators of immediate transfer schemes to submit their own compliance reports with respect to the immediate transfer rules. The model to be used for this purpose was published by BCRA Communication “A” 7604.

In addition to these BCRA informative regimes, the AFIP also established a new informative regime associated with the Refund Regime for Purchases in Butcher Shops established by General Resolution 5330/2023. This resolution, effective as of March, imposes on financial entities and PSPs certain refund obligations (computable against future taxes) in favor of end consumers who make purchases in butcher shops through the use of cards associated with bank or payment accounts, or through debit in account by payment with QR codes, and at the same time provides for a related monthly informative regime in charge of the companies managing the card system and companies processing the payments made directly in accounts opened in PSPs.

Crowdfunding and crowdlending developments

New reporting regimes and regulatory changes

PSPs are not the only ones to have suffered the application of new information regimes. PSCPPs (Peer-to-Peer Credit Service Providers through Platforms), which as of the date of this Newsletter already have two registered companies, have also been affected.

Communications “A” 7639, 7640 and 7696 specified the content and presentation guidelines that PSCPPs must follow to comply with their respective information regimes as required by the BCRA.

On the other hand, by means of General Resolution 942/22 of November 25, 2022, the CNV modified the regulatory regime applicable to Crowdfunding or Collective Financing Platforms (“PFC”). The measure was taken after a public consultation on the new regulations.

Among the main amendments, we note the increases of certain amounts such as the minimum net worth of the PFCs and the increases of the investment limits, both for investors and the maximum amount that entrepreneurs can raise.

On the other hand, restrictions were added to the operations that PFCs can carry out, limiting them to the offering of platform services and the obligation to associate with a financial trustee or PSPs regulated by the BCRA for the channeling of funds from PFC users.

Although the CNV seems to have the intention of relaunching this regime, which so far has not had much practical effect (due to the lack of registration of platforms), it also seems that at the same time it is trying to encourage many small projects to seek financing through other instruments more recently promoted by the agency, such as negotiable obligations for SMEs and similar.

New developments in digital financing for SMEs

New registration, launch of the CEDIP and news for Electronic Invoices

Due to the positive development showed so far by the electronic credit invoice market Law 27,440 (FCEM), in January of this year the BCRA created a new “Registry of platforms for financing SMEs”, in which all legal entities that provide tools or computer systems that facilitate the performance of FCEM transactions must register.

This new registry was established by Communication “A” 7673, which establishes principles of activity quite similar to those applicable to Peer-to-Peer Credit Service Providers through Platforms. That is to say, it limits to the platforms the possibility of intermediating credit or guaranteeing the solvency of the intervening parties. Likewise, it subjects the platforms and their authorities to the sanctions of the Financial Entities Law for non-compliance with the rules issued by the BCRA for their activity. Companies that were already offering this service before the enactment of the regulation must be registered before June 1st.

On the same date (but effective as of July of this year), the BCRA also issued Communication “A” 7672, by which it stipulated that financial entities must issue an electronic certificate (known as “CEDIP” or electronic certificate for time deposits and investments), that will be the electronic instrument representing such placements, which will be electronically transferable, fractionable and compensable.

In the words of the BCRA, “Through the CEDIP, these placements -both those made in pesos (including those expressed in UVAs) and in dollars- may be transferred electronically easily and simply, be divided into smaller placements and cleared, which will allow their use as a means of payment and financing“. The BCRA intends that this new instrument will replicate the success that the ECHEQ and the FCEM have had so far in streamlining the circulation of payments and financing in digital environments.

In the short term, further details on the operation of CEDIPs will surely be made known through CIMPRA bulletins, to whom the operational and technical definitions of this new instrument have been delegated.

Please, do not hesitate to contact us should you require any additional information on these matters.

Sincerely,

Daniel Levi
María Shakespear
Pablo J. Torretta
Franco Montiel
Luciana Liefeldt
Jorge Pico

——————————
This bulletin contains summaries of standards that are published and to which we refer. They are in no way complete or imply legal advice. If you require legal advice, please contact us.