Costa Rica has approved the Law on the Protection of Consumers in the Custody of Their Funds, which establishes new rules regarding the liability of financial institutions in cases involving the misappropriation of funds and electronic fraud in bank accounts.
The law amends provisions of consumer protection legislation and Costa Rica’s procedural framework to enhance the security of users within the financial system and to establish clearer mechanisms for resolving disputes related to unauthorized transactions.
Liability of financial institutions
One of the key changes is the expansion of the liability regime applicable to financial institutions that hold customer funds.
Once the law enters into force, banking and financial entities, whether public or private, may be held liable for economic damages suffered by users when funds are withdrawn from their accounts without authorization, even if such acts are carried out by third parties.
The law also establishes an express legal basis for users to claim restitution of misappropriated funds, an issue that previously created uncertainty in many electronic fraud cases.
In practice, this means that:
- A customer may request the financial institution to reimburse the stolen funds.
- If a satisfactory response is not obtained, the customer may pursue administrative or judicial remedies to seek compensation.
Reversal of the burden of proof in fraud cases
The law also introduces significant procedural changes. In cases involving electronic fraud or unauthorized withdrawal of funds, the burden of proof is reversed. This means that the financial institution must demonstrate that it complied with the required standards of security and due diligence to prevent the fraud.
This change aims to balance the relationship between users of the financial system and the institutions that manage their funds, recognizing that the latter have greater access to technical information and transaction records.
Implications for the financial sector
The new regulation will have operational and compliance implications for entities operating within Costa Rica’s financial system, including banks, cooperatives, and other institutions authorized to manage public funds.
Key considerations include:
- Reviewing and strengthening cybersecurity and fraud prevention protocols.
- Implementing monitoring systems and early detection mechanisms for unusual transactions.
- Updating internal procedures for handling and managing customer claims.
- Assessing policies related to the handling and safeguarding of personal and financial data.
Financial institutions will also need to properly document their controls and procedures, as such information may be critical in administrative or judicial proceedings.
Relevance for companies and financial system users
For companies and investors operating in Costa Rica, the new law strengthens the protection framework applicable to funds held in financial institutions and seeks to increase confidence in electronic payment systems and digital banking.
At the same time, companies that manage frequent or high-volume financial transactions may benefit from greater safeguards in cases of unauthorized transactions.
However, businesses will also need to strengthen their internal controls and digital security protocols to mitigate fraud risks and facilitate the handling of potential claims.
More information:
GarciaBodan Costa Rica
T: +506 4001 6878