The digitalisation of the financial sector not only transforms the user experience but also raises the bar for security and regulatory compliance. Within this context, Costa Rica’s SUGEF 10-07 regulation has emerged as the new benchmark for institutions seeking to protect their clients, comply with the law, and lead in digital trust across the country.
What is the real challenge?
The SUGEF 10-07 (2025 version), issued by the General Superintendency of Financial Entities, sets out an ambitious and mandatory framework for banks, financial institutions, cooperatives, and other supervised entities. The regulation requires the implementation of advanced technologies that ensure:
- Effective identity verification
- Digital behaviour analysis and fraud detection
- Protection of channels and devices throughout the entire customer lifecycle
This regulation brings transparency, security, and user protection to the forefront, transforming how organisations manage risk and their digital relationship with clients.
Although its enforcement highlights the urgency to act now, this shift in mindset allows organisations not only to avoid sanctions but also to anticipate and combat fraud in processes such as onboarding and remote transactions.
How to adapt to the new SUGEF 10-07 standard?
Compliance demands a tailored approach depending on the type of financial entity.
The regulation sets specific strategies for each type of institution: state-owned banks must prioritise digital security and document traceability; entities created under special laws are required to adopt innovative authentication and promote compliance awareness; private banks have the opportunity to lead in efficiency and fraud protection; and non-banking financial institutions and cooperatives can enhance both security and member experience.
An opportunity for digital leadership
The implementation of SUGEF 10-07 should not be seen solely as a regulatory challenge but as an opportunity to strengthen digital culture, build customer loyalty, and stand out in an increasingly competitive market.
Institutions that adopt advanced technologies will not only be ready to comply with SUGEF 10-07 but will also enhance security, efficiency, and trust within Costa Rica’s financial sector.
At Facephi, we support this process with both international and local expertise, working alongside clients such as Promerica and Namutek Fintech. Our solutions meet GDPR and eIDAS standards, ensuring maximum consistency and coverage—from secure biometric access (Art. 14), digital verification during onboarding (Art. 15), and fraud detection through pattern analysis (Art. 17), to robust multi-factor authentication with liveness detection and traceability (Art. 18).