The new rule will enter into force on August 1, 2025, with an extended deadline until July 1, 2026 to implement ARC in mandatory cases.
The Financial Market Commission (CMF) issued General Rule No. 538, which establishes the minimum security, registration and authentication standards to be met by banks, card issuers, savings and credit cooperatives and other supervised entities.
This in relation to transactions subject to Law No. 20,009 on liability for unrecognized transactions with means of payment.
Among the main points to be highlighted in this regulation are the following:
- It introduces the obligation to implement enhanced customer authentication (ARC) in key operations, such as electronic fund transfers and modifications of personal data.
- ARC must be based on at least two independent authentication factors (knowledge, possession and inherence).
- Issuers are required to ensure the confidentiality, integrity and traceability of transactions.
- The CMF may supervise and sanction non-compliance with these standards.
It is important to mention that the rule comes into force on August 1, 2025, with an extended deadline until July 1, 2026 to implement the CRA in mandatory cases.
In this way, this regulation marks an important milestone in the protection of financial users against fraud, reinforcing the cybersecurity and traceability measures required of issuers.
The call to these entities is to prepare themselves, since it will be key to review internal policies, technological systems and authentication protocols in order to comply with the regulation.
You can review the full text here.
For more information on these issues, please contact our Corporate and Business team:
Álvaro Rosenblut | Partner | arosenblut@az.cl
Stephanie Cruz | Legal & Business Director | scruz@az.cl
Vicente Martínez | Senior Associate | vmartinezw@az.cl
Be part of our multimedia platform and you can receive the latest legal news, events, podcazt and webinars.
