XIV Meeting of Central Bank Legal Advisors

Asunción, Paraguay, October 9–11, 2019


The XV Meeting of Internal Auditors of Central Banks took place from September 25 to 27 in Santiago, Chile, thanks to the auspices of the Central Bank of Chile. The words of welcome were given by Rosanna Costa, Counselor of the Central Bank of Chile, Alejandro Zurbuchen, General Manager of the Central Bank of Chile, and Silvia Quintard, General Auditor of the Central Bank of Chile.

In the first part of the session on September 25, Michael O'Bryan, Managing Director and Chief Internal Auditor of the Bank of Canada, spoke about the risk appetite in the audit activity, its benefits as an approach, and how it can be used in determining the lines of defense and the risks that must be faced. He also talked about visual communication with impact on auditing and the experience at the Bank of Canada in this regard.

George Kabwe, of the International Monetary Fund, exposed on the role and relevance of the Audit Committee in central banks, one of the central themes of this meeting. It was stated that this body has been adopted by most central banks worldwide as one of the key elements of management or governance at central banks. The IMF monitored 60 central banks in order to identify the characteristics of their audit committees, and the attributes that make them effective. The study established that the composition and experience of committee members is often problematic, and that it is necessary to improve the effectiveness of evaluations, particularly in regarding internal auditing. This requires the adoption and implementation of standards and good practices.

The head of the Audit Unit of Banco de Mexico, José Luis Pérez, complemented this issue by presenting about the Audit Committee of that institution, which follows the model of the three lines of defense. A detailed description of its composition and functions was made, noting, among its attributions, the evaluation of the institutional system of internal control and its effectiveness, the quality of the administration framework and the policies for preparing financial reports. The need to adopt international best practices was emphasized.

In the second part of the session, Marcus Hornung, Director General Audit at the Deutsche Bundesbank, spoke about the configuration of a strategic internal audit plan, using the Bundesbank itself as an example. The presentation talked about Scrum, or set of good practices to work in teams or collaboratively, as a very useful approach to auditing. Subsequently, Michael O'Bryan of the Bank of Canada spoke about the perspective on challenges and other current issues in internal auditing, including threats to cybersecurity, recent developments and challenges in the three lines of defense, and the risks of outsourcing or subcontracting.

On Thursday, September 26, Ramiro Mendoza, former treasury inspector of the Republic of Chile, spoke about the main challenges of the State and governance, including the challenges for public institutions derived from the fall in public confidence and the perception of state corruption In addition to other challenges as a result of changes in public management –for example derived from technological advances, greater transparency or new practices such as outsourcing.

Subsequently, presentations were made on cybersecurity –another of the central themes of the meeting. In one of them, there was a discussion on the increase in the demand for cybersecurity professionals and the low supply of professionals, which creates difficulties for institutions. Apart from that, new roles in organizations appear as a result of computer needs, which must be met and involve other responsible people, including auditors. Central banks are forced to train the workforce from the inside.

In another presentation the 20 critical controls of cybersecurity were listed. Also, Luis E. Pardo, Director of the Internal Audit Department of Banco de España, spoke about the strategies for managing technological threats and cybersecurity, in which he described the bank's regulatory framework, technical measures, approaches such as threat intelligence and other surveillance measures and estimation of resistance to attacks (for example, intrusion tests).

Jeannette Maturana and Paulo Sáez, from the Information Technology and Security Audit area of ​​Banco Central de Chile, spoke about the evolution of the cybersecurity audit approach at the bank. The presentation described threats such as malicious activities, interception and physical attacks, what constitutes digital surveillance against intelligence threats, and the protection of the central bank's brand. As conclusions, they pointed out towards the importance of understanding the new challenges and the new roles of the central bank; breaking the paradigms on the methods applied in the verification of controls; monitoring technological changes and cyber threats; incorporating new tools and technologies, and leaving the comfort zone, since changes are constant and unpredictable.

Luis José Orjuela and Marisol Alemán, from Banco de la República (Colombia), made a presentation about the audit exercise on the management of the implementation of the SWIFT (Society for Worldwide Interbank Financial Telecommunication) Customer Security Program, highlighting the controls framework, the self-assessment of CSP controls in an organization and the audit approach carried out in the bank with respect to the CSP.

On Friday, September 27, Tamara Agnic, Advisory Partner of KPMG, and Rodrigo Lavados, Partner of Cariola Diez Pérez-Cotapos, spoke about data protection and compliance, making a comparison between Chile and other countries, and describing the New Law Protection of Personal Data in the Chilean case, as well as the importance of data in today's world.

Jorge Badillo, president of the Latin American Foundation of Internal Auditors (FLAI), made a presentation about the model of the three lines of defense and their recent evolution, where the history of the model was discussed in a very detailed fashion, including the efforts to update it, current features of the three lines of defense, and their future.

In addition to the presentations, Banco Central de Chile organized work sessions where participants debated at different tables about the different topics presented, and several statistics about their opinions were reported in the end.

Opening words by representatives from the Central Bank of Paraguay and CEMLA

Powers of Central Banks on Fintech Services and Digital Currencies
Daniel Artecona Gulla, Gerente Asesoría Jurídica, Banco Central del Uruguay

FinTechs and the Impacts of Instant Payments Systems in the European Union
Pedro Machado, Director, Head of Department, Chief Legal Counsel, Banco de Portugal

Legal Foundations of U.S. Monetary Policy Operations
Sophia H. Allison, Senior Special Counsel, Monetary & Consumer Affairs, Legal Division, Board of Governors of the Federal Reserve System

Access to Information under the German Freedom of Information Act regarding the Monetary Policy of the Eurosystem
Maximilian Ressing, Senior Legal Counsel, Legal Services, Deutsche Bundesbank

The Oversight Role of the Board of Directors of a Central Bank
Catalina Margulis, Fondo Monetario Internacional
Configuration of Infractions and Sanctions in a Risk-based Supervision
Marco Gonzalez, Gerente de la Unidad Jurídica del Banco Central del Paraguay

Configuration of Infractions and Sanctions in Supervision
Lucía Arranz, Directora del Departamento Jurídico, Banco de España

Comments on the Contractual Elements for Investment Management
Maria Fernanda Acosta, Gerencia de Asuntos Legales, Fondo Latinoamericano de Reservas

The Portuguese Experience on Banking Resolution – Challenges and Lessons Learned
Pedro Machado, Director, Head of Department, Chief Legal Counsel, Banco de Portugal

QFC and Classifications of Foreign Central Banks according to the EMIR Directive (EU) and the Dodd Frank (USA)
Valeria Formatto, Analista Principal, Gerencia Principal de Asesoría Legal, Banco Central de la República Argentina
Some Contemporary Legal-Financial Issues - A Barbadian Perspective
Elson A. Gaskin, Bank Secretary, Central Bank of Barbados

The Experience and Challenges Related with Contracts on Banknote Manufacturing and Copyright in Peru
Alfredo Díaz, Sub Gerente Legal, Banco Central de Reserva del Perú