Approaches and challenges for security in El Salvador
Written Rebeca Galdámez, Associate, Consortium Legal
Currently, the banking sector in Central America is facing increasing pressure to strengthen its cybersecurity strategies in response to technological advances and the increase in digital threats. In countries such as El Salvador, prudential standards NRP-23 and NRP-32 establish a regulatory framework that guides financial institutions in managing technological risks. However, a significant gap remains: the absence of a specific data protection regulation that complements and reinforces these guidelines in a comprehensive manner.
NRP-23 requires banking institutions to implement information security policies that include risk assessments and periodic audits. These measures seek to protect the integrity and confidentiality of customer data. At the same time, NRP-32 promotes proactive technological risk management, encouraging institutions to develop strategies to ensure operational continuity in the event of cyber incidents. However, both frameworks regulate only specific aspects of cybersecurity, leaving a latent need for complementary regulations, particularly in the area of personal data protection.
Given this context, it is essential for financial institutions to adopt a preventive stance to mitigate potential risks. The incorporation of advanced cybersecurity measures is not only essential for regulatory compliance, but also critical to protect business stability and reinforce customer confidence. Data security can no longer be viewed as a simple regulatory requirement, but as a key pillar of an institution’s reputation and resilience.
At our firm, we understand the importance of a comprehensive approach to technology risk management and offer specialized advice to help our clients integrate current regulations with effective cybersecurity practices. Our goal is to strengthen their ability to meet the challenges of an ever-changing financial environment, ensuring that they are well prepared to protect both their infrastructure and their clients’ information in a rapidly evolving digital environment.
