The Argentine Central Bank has regulated digital wallets and made changes to the regulation of payment service providers and electronic transfers
On February 24, 2022, the Argentine Central Bank (the “BCRA”, according to its Spanish acronym) issued Releases “A” 7462 and “A” 7463, by which it regulated the “digital wallet” service and made certain amendments to the BCRA regulations on payment service providers (“PSPs”) and wire transfers. A summary of the major updates and changes can be found below:
1. Digital wallet service
The digital wallet service is defined as the service offered by a financial entity or a PSP via an application in a mobile device or a website, which must allow payments by electronic transfers (“PET”) and/or via other payment instruments (such as debit, credit, purchase or prepaid cards), among other transactions.
Accounts debited as a result of PET (or as a result of payments made via other payment instruments) may be provided by either: (i) the same financial entity or PSP that provides the digital wallet service; or (ii) other financial entities or PSPs.
1.1 Register of digital wallets
The BCRA has created the “Register of Interoperable Digital Wallets” and has established that any financial entity or PSP that intends to provide a digital wallet service enabling PET initiated by scanning QR codes must be registered in this registry. Financial entities or PSPs that as of February 24, 2022 are already providing the digital wallet service must register by April 15, 2022.
For registration purposes, financial entities and PSPs must comply with certain information and documentation requirements. For example, among other requirements, they must submit an affidavit from the immediate transfer system administrator stating that the digital wallet service provided by the respective entity or PSP has successfully integrated with each of the acceptors. has adhered to its scheme and is ready to be used by the general public to manufacture PET via QR codes.
Once these requirements are met, the Superintendence of Financial and Foreign Exchange Entities (Superintendencia de Entidades Financieras y Cambiarias) will issue a certificate of registration, which will be a condition for operating the digital wallet service.
1.2. Fraud mitigation mechanisms
Financial entities and PSPs that provide digital wallet services should establish mechanisms to detect suspicious or unusual activity to mitigate the risk of fraud. In particular, within 180 days from February 24, 2022, they must implement the necessary means to:
(i) Efficiently obtain consent from clients when applying for an account.
(ii) Verifying the validity of Clients’ consent at the time of authorization of any payment instruction issued by the Client through the Digital Wallet Service, maintaining the maximum accreditation duration of 15 seconds established in the Rules on the ” National Payment System – Transfers”.
(iii) Provide the Customer with the ability to establish parameters for the use of the Digital Wallet (for example, limits on amounts per period and number of transactions). Likewise, they must allow the visualization and modification of the established parameters and the disengagement of their account from the electronic purse service in a simple and immediate way, in particular in the event of suspicion of fraud on the part of the customer.
The main changes introduced in the PSP rules are as follows:
2.1 New functions
The BCRA has established new functions that can be performed by a PSP, in addition to the account provisioning, administration and acceptance functions already set out in the BCRA’s PSP regulations:
(I) Initiation: consists in transmitting a valid payment instruction to the provider of the account concerned (or to the issuer of the payment instrument) at the request of a client.
(ii) ATM networks: PSPs can administer transactions made through ATMs.
(iii) Electronic funds transfer networks: PSPs can transmit electronic instructions for the movement of funds between financial entities and, where applicable, notify the PSP offering payment accounts of the credits on its account.
Certain obligations previously applicable exclusively to PSPs offering payment accounts have been extended to PSPs performing any of the above functions (even where they do not offer a payment account). These obligations include: (1) registration in the “Register of Payment Service Providers”; and (2) compliance with the BCRA’s information and monitoring regime, which must also be complied with by the financial entities providing the digital wallet service.
2.2. PSPs that offer digital wallet services without providing payment accounts
PSPs that perform the “initiation” function without providing payment accounts (“PSI”) and that provide the digital wallet service must comply with the following obligations, which must be implemented and operational by May 1, 2022, for new customers, and before June 1, 2022 for customers using digital wallets from February 24, 2022.
(I) Verification of the identity of potential customers requesting the digital wallet service. For these purposes, identification data (name, surname, place and date of birth, domicile, profession, marital status, among others) and the corresponding supporting documents will be required.
(ii) Association and access to the “digital wallet”. PSI shall only associate with digital wallets payment instruments or accounts whose holder (or one of the co-holders) coincides with the holder of the digital wallet. In addition, robust customer identification and authentication mechanisms must be in place to access the wallet.
(iii) Traceability and recording of user activities. All customer-related activities must be traceable and verifiable, and ensure the integrity, protection and backup of these records.
2.3. PSP registration
PSPs must comply with certain additional requirements when registering with the BCRA:
(I) Registering multiple functions. PSPs which exercise more than one function subject to registration must identify them separately in the register, except in the case of PSPs which simultaneously exercise the functions of opening and providing payment accounts, in which case only the registration of this last function will be mandatory.
(ii) Payment initiation via QR codes. ISPs and PSPs that offer payment accounts and provide the digital wallet service are required to specify whether this service will allow them to initiate payments by scanning QR codes and, if so, to detail the instruments (such as as PCT and credit card) used for these payments. can be made. In addition, ISPs must indicate the payment schemes in which they participate by initiating transactions.
(iii) ATM and electronic funds transfer networks. PSPs performing any of these functions must provide: (1) a copy of the policy or operations manual that provides service specifications and participant responsibilities; and (2) the list of its participants, grouped by type or function.
(iv) Proof of registration of statutes or statutes.
(v) Affidavit of Voluntary Submission to BCRA’s Regulatory, Oversight and Disciplinary Regime.
3. Prevention and management of fraud in immediate transfer schemes
While the Regulation on “Transfers 3.0” (i.e. immediate transfers) has generically established the obligation to implement fraud mitigation tools to identify suspicious patterns and alert customers of any risk, Communicated “A” 7463 provided specific obligations for immediate transfer systems regarding the prevention and/or management of fraud. To know:
(I) Identification of responsibilities. The responsibilities of each participant in the system should be identified and the relationship with other systems for fraud management purposes should be determined. Customer service for fraud claims shall be the responsibility of the relevant account provider.
(ii) Identifying Suspicious Patterns. Coordinated tools to identify suspicious patterns should be implemented (eg alerting the customer and/or requiring confirmation by other means before processing the transaction).
(iii) Complaint Resolution. The transfer scheme should provide fraud claim resolution procedures that allow for planned and coordinated management between participants in the relevant payment schemes, including the determination of maximum response times.
(iv) Transaction traceability. The transfer scheme must determine the information needed to be recorded by each of the participants in the scheme in order to have end-to-end traceability of the transactions.
(v) Confidentiality and integrity of information. Confidentiality and integrity measures must be adopted to protect the information exchanged between participants (for example, identification information, a specific transaction or any other data necessary to process and make a payment).
(v) Exchange of additional information. Transfer systems should exchange with their participants and other systems additional information for the prevention, detection and mitigation of fraud, such as suspicious behavior, red flags, vulnerabilities and detected threats.
Compliance with these obligations should be ensured by the plan administrator.