In recent years, Chile has introduced significant reforms in areas such as cybercrime, cybersecurity, economic crimes, and personal data protection, requiring companies to make substantial updates to their compliance programs.
This new legal framework presents a concrete challenge for the private sector: to effectively adapt their compliance programs to a more demanding and dynamic regulatory environment, where collaboration between Compliance, Information Technology (IT), Information Security, and Cybersecurity teams, among others, is essential.
To address this topic, BH Compliance hosted the webinar “Cybercrime and Compliance: What Are Companies Doing?”, which explored the impact of the new legislation on corporate crime prevention models, shared practical implementation experiences, and identified best practices and recommendations for effective compliance.
The panel featured María Pía Espejo, Head of Regulatory Compliance and Crime Prevention at Transbank, and Cristóbal Lladser, Director of Compliance at Clínica Alemana de Santiago, with Ramón Montero, BH Compliance’s Operations Manager, serving as moderator.
Ramón Montero opened the session by explaining the relevance of this topic in light of Law 21.459, which defines eight cybercrimes in alignment with the Budapest Convention, including: illegal access, data interception, attacks on IT integrity, data forgery, cyber fraud, and possession of stolen digital data. Importantly, this law incorporates these offenses into the list of criminal liabilities for legal entities, meaning companies must update their crime prevention models, implement new controls, and review their compliance programs to appropriately address cybercrime-related risks.
María Pía Espejo then shared Transbank’s experience implementing a cybercrime prevention model, emphasizing that security is a core pillar and their most valuable asset. She explained how the new regulations triggered a deep internal transformation, including a thorough review of controls, policies, and risk matrices. The process involved multiple teams, required technical training and external advisory support, and highlighted the need for interdisciplinary collaboration. She stressed the importance of seeking help, building strong teams, and trusting experts—recognizing that the compliance function must also act as an enabler for technical processes. Today, Transbank has achieved 96% compliance in reviewing and monitoring its cybercrime module and is continuing to address other offenses in the new legal framework, aligned with upcoming regulatory challenges.
For his part, Cristóbal Lladser emphasized the operational complexity at Clínica Alemana, where over 9,000 people are involved in a high-volume, high-sensitivity healthcare operation that handles more than one million consultations annually. In this context, he described how their crime prevention model was adapted to the new regulatory changes, with a special focus on cyber risks such as unauthorized access to electronic medical records. He noted that beyond the legal requirements, they already had a solid structure of technical, regulatory, and governance controls in place, and the review process helped streamline and strengthen those measures. He also highlighted the importance of cross-functional collaboration, but particularly the support of the board of directors, which he identified as a key success factor in the process.
Following the panelists’ presentations, the session opened up to audience questions. This webinar showcased the practical efforts of these leading Chilean companies in adapting their crime prevention models to address cybercrime—providing guidance for other organizations just beginning this journey or struggling to make progress.
