This case is an illustrative example based on real situations in the Peruvian financial sector. Names, figures, and details have been adapted for demonstration purposes.
CoopFin Andes, a savings and credit cooperative with 12 branches in central Peru, faced one of its biggest challenges in 2024: stricter cybersecurity audits by the Superintendency of Banking, Insurance, and Pension Fund Administrators (SBS).
The entity received a blunt preliminary notification:
“Lack of technical controls on access to member data.”
The risk was enormous:
- Fines of up to 2% of annual revenue
- Possible suspension of operations
- Reputational damage in front of its more than 25,000 members
With the final audit just weeks away, CoopFin Andes decided to hire our consulting firm specializing in cybersecurity and regulatory compliance for financial institutions.
Our strategic approach
In a fast-track 4-month plan, we implemented key improvements:
Role-based access controls (RBAC) to restrict privileges and reduce the risk surface
Encryption of data at rest and in transit, ensuring confidentiality even in the event of internal or external incidents
Information retention, backup, and disposal policy, aligned with the Personal Data Protection Act
Monthly staff training on secure handling of sensitive information and anti-leakage practices
Results obtained
In just four months, CoopFin Andes transformed its security posture:
- Full approval in the SBS regulatory audit
- 80% reduction in critical findings
- Estimated savings of S/ 220,000 between avoided fines and reactive consulting services
- Better preparation to offer secure digital services
Today, CoopFin Andes not only complies: it projects confidence, stability, and security to its thousands of members.
Is your financial institution ready for the next audit?
Download our Compliance Guide for Cooperatives and assess the current state of your regulatory security.