|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
In accordance with the size, industry and complexity of their operations, the companies that make up Grupo Financiero Galicia have a governance and management framework that guarantees the identification, assessment and subsequent treatment of risks arising from cybersecurity threats.
Each company manages cybersecurity risks, including through third parties, with its own methodology. However, there are certain meetings, coordinated by Banco Galicia, where the most significant risks are presented to management. Likewise, internal and external audit services and professional consulting services are used whenever they are required.
To this end, the companies of Grupo Financiero Galicia have processes that facilitate the continuous execution of activities that allow timely addressing the monitoring of identified cybersecurity risks.
Processes to assess, identify and manage risks
1.Integration in the General Risk Management.
The processes to assess, identify and manage material risks derived from cybersecurity threats are integrated into the general risk management system of Grupo Financiero Galicia. This integration ensures that these risks are considered together with other types of risks in the organization's comprehensive risk management framework.
2. Participation of Third Parties.
Grupo Financiero Galicia involves evaluators, consultants, auditors and other third parties in connection with its risk management processes. These external experts provide additional information and validation of the effectiveness of the measures implemented.
3. Oversight of Third-Party Risks.
The organization has processes in place to monitor and identify risks arising from threats and risks associated with the use of external or third-party service providers. This includes regular assessments and monitoring of the cybersecurity practices of these third parties to ensure that they comply with the organization's standards.
Impact of cybersecurity risks
Grupo Financiero Galicia describes whether and how risks arising from cybersecurity threats, including those resulting from previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect the organization. This includes potential impacts on business strategy, operating results or financial condition.
The processes for assessing, identifying and managing material risks arising from cybersecurity threats are managed as follows, depending on the size of each company:
•Individual Company Management: Each company manages its cybersecurity risks, including third-party risks, using its own methodology. However, there is a coordinated instance by Banco Galicia where the most significant risks are presented.
•Audit and Consulting Services: Internal and external audit services are used, as well as professional consulting, whenever necessary.
Disclosure of incidents
As of the date of this document, we have not detected any material cybersecurity threats and Grupo Galicia has not suffered any material cybersecurity incidents.
According to the size, industry and complexity of their operations, the companies that make up Grupo Financiero Galicia have established processes for early detection and decision making in response to cybersecurity incidents.
Additionally, all the companies of Grupo Financiero Galicia share a common protocol established for the assessment and determination of the materiality of a cybersecurity incident based on pre-established criteria.
Since the implementation of the management methodology, in accordance with the SEC's new rules on 'Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure,' no material cybersecurity incidents have been detected.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
The processes to assess, identify and manage material risks derived from cybersecurity threats are integrated into the general risk management system of Grupo Financiero Galicia. This integration ensures that these risks are considered together with other types of risks in the organization's comprehensive risk management framework.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
In accordance with the size, industry and complexity of their operations, the companies that make up Grupo Financiero Galicia have an organizational structure that establishes roles and responsibilities and shapes a cybersecurity governance framework. Such framework ensures the monitoring of risks arising from cybersecurity threats and informed decision-making process based on the timely communication to senior management and/or the board of directors, as appropriate, of relevant information regarding the executive oversight of the cybersecurity strategy and the status of the controls implemented.
Committees related to supervision
The companies within Grupo Galicia, depending on their size, have their respective Oversight Committees, to which cyber threats are reported if detected. This reporting is conducted by the cybersecurity team of each company. Specifically, Banco Galicia, Sudamericana Holding, and Naranja X have distinct committees to report and address risks arising from cyber threats.
These risks are monitored through direct communication with management and regular committee meetings.
The existing committees are detailed below, along with their functions and the roles and expertise of their members.
Banco Galicia
Cybersecurity and Fraud Prevention Committee.
Committee Functions:
•Promote Strategic Projects and Information Security Initiatives: Drive strategic projects and initiatives
focused on enhancing information security at Banco Galicia.
•Promote Strategic Projects and Fraud Prevention Initiatives: Lead strategic projects and initiatives aimed at preventing fraud at Banco Galicia.
•Approve Related Strategic and Management Plans: Review and approve strategic and management plans related to information security and fraud prevention.
•Coordinate Decisions Related to Policies and Regulations: Make coordinated decisions regarding policies, regulations, specific security and fraud risk analyses, and service continuity plans.
•Monitor Significant Changes and Assess Risk Status: Oversee significant changes and evaluate the status of risks affecting Banco Galicia's information resources from internal and external threats related to the aforementioned topics.
Committee members.
The members of the Cybersecurity and Fraud Prevention Committee are:
•Board of Directors: Mrs. María Elena Casasnovas
•Board of Directors: Mr. Gastón Bourdieu
•Board of Directors: Mr. Miguel A. Peña
•Risk Manager: Ezequiel Valls
•Product and Technology Manager: Marcela Fernie
•Assets Laundering Prevention Manager: Teresa del Carmen Piraino
•Internal Audit Manager: Claudio Scarso
•Information Security and Fraud Prevention Manager: Pedro Adamovic
Operational and Technology Risk Committee.
Committee Functions:
•Communicate Operational, IT, and Business Continuity Risks: Inform committee members about the main operational, IT, and business continuity risks,and their consequences, and the planned mitigating measures.
•Monitor Control Weaknesses: Oversee control weaknesses detected in business processes.
•Analyze and Recommend Mitigation Actions: Evaluate and suggest actions to mitigate high risks.
•Approve or Reject Risk Assumption Decisions: Approve or reject the decision of the owner of an operational or IT risk to assume the risk, with the corresponding justification or action plan.
•Validate and Approve Risk Management Changes: Validate and approve changes to the risk management structure, policy, and/or procedures.
•Validate and Approve ITS Analysis Methodology Changes: Validate and approve changes to the analysis methodology for Information Technology Services (ITS) provided by third parties, along with their framework and status.
Committee Members.
The members of the Operational and Technological Risk Committee are:
•Risk Manager: Ezequiel Valls
•Product and Technology Manager: Marcela Fernie
•Internal Audit Manager: Fernando Lapajne
•Legal Counsel Manager: Esteban Tresserras
•Compliance Manager: Maria Cecilia Auferil
•Information Security and Fraud Prevention Manager: Pedro Adamovic
•Assets Laundering Prevention Manager: Teresa del Carmen Piraino
Relevant experience of the Committee members.
Ms. Casasnovas: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Board of Directors of Banco Galicia”.
Mr. Bourdieu: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Board of Directors of Banco Galicia”.
Mr. Peña: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Board of Directors of Banco Galicia”.
Mr. Valls: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Grupo Galicia’s Executive Officers”.
Ms. Fernie: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Banco Galicia’s Executive Officers”.
Ms. Piraino: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Banco Galicia’s Executive Officers”.
Mr. Fernando Lapajne: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Banco Galicia’s Executive Officers”.
Mr. Esteban Tresserras obtained a degree in law from the University of Buenos Aires and has a Postgraduate Degree in business administration from the Torcuato Di Tella University
Ms. Maria Cecilia Auferil obteined degree in law from the University of Buenos Aires. She completed a post gradued degree in AML and Financial Crime Prevention from University of Buenos Aires. She obteined a certification in ethics and anti bribery and corruption in University UCEMA. She has been asociated with Banco Galicia since 2012.
Mr. Pedro Adamovic obtained a degree in Computer Systems Engineering from Computer Technology at the Open Interamerican University. He has been working at the Bank since 2019.
Naranja X.
Information Security and Technology Committee.
Committee Functions:
•Ensure Compliance with Policies and Objectives: Ensure adherence to the policies and objectives set by the management applicable to the topics within its scope, through periodic reviews.
•Monitor IT Environment Functionality: Oversee the proper functioning of the Information Technology environment and contribute to improving its effectiveness.
•Annual Systems and Technology Plan: Discuss and submit the Annual Systems and Technology Plan to the Board of Directors of Naranja X, provide opinions regarding its nature, scope, and timing, and periodically evaluate it by reviewing its degree of compliance.
•Analyze Risk Exposure: Analyze the evolution of Naranja X's systems and technology risk exposure, as well as the mitigation action plans that are in the process of implementation.
•Support Business Continuity: Provide the Contingency Team Leader with the necessary support to ensure business continuity in the event of a contingency.
•Monitor Information Security Environment: Oversee the proper functioning of the Information Security environment.
•Improve Internal Security Control: Contribute to enhancing the effectiveness of Naranja X's internal security control.
•Evaluate Information Security Plan Compliance: Evaluate and review compliance with the Information Security Plan.
•Verify Compliance with Information Asset Provisions: Ensure proper compliance with the provisions related to information assets, as contained in the regulations of the BCRA and other oversight and collection agencies with jurisdiction and authority over Naranja X.
•Monitor Corrective Measures Implementation: Continuously monitor the implementation of corrective measures linked to detected weaknesses and opportunities for improvement.
Committee Members.
The members of the Information Security and Technology Committee are:
•Board of Directors: Miguel Ángel Peña
•General Manager: Pablo Hernan Caputto
•Senior Technology Manager: Gonzalo Martin Ozan
•Senior Information Security Manager: Oscar Martin Gutierrez
•Senior Risk Manager: Mariano Omar Tittarelli
•Technology, Operational, and AML Risk Manager: Jose Domenech
•Senior Legal & Compliance Manager: Valeria Mon
Relevant experience of the Committeee members:
Mr. Peña: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Board of Directors of Banco Galicia”.
Mr. Pablo Caputto obtained a Bachelor of Applied Science (B.A.Sc.) in Accounting from the University of Buenos Aires. He completed a postgraduate Master's degree in Finance at Torcuato Di Tella University.
Mr. Gonzalo Martin Ozan obtained a degree in Information Systems Engineer from the National Technological University. He completed a postgraduate program in Master of Business Administration (MBA) at the Catholic University of Cordoba.
Mr. Oscar Martin Gutierrez obtained a degree in Information Systems Engineering from the National Technological University.
Mr. Mariano Omar Tittarelli obtained a Bachelor's degree in Economics from Torcuato Di Tella University. He completed a postgraduate Master's degree in Finance at Torcuato Di Tella University.
Mr. Jose Domenech obtained a Bachelor's degree in Systems Analysis from the Catholic University of La Plata. He completed a postgraduate program in Master in Business Administration (MBA).
Ms. Valeria Mon obtained a degree in Law from the Pontifical Catholic University of Argentina.
Sudamericana Holding.
Comprehensive Risk Management Committee.
Committee Functions:
•Approve the Risk Appetite Statement: Validate the definition of risk appetite and tolerance limits and establish thresholds.
•Monitor Risk Profile Evolution: Constantly monitor the evolution of SUHO's risk profile, establishing necessary corrective measures in accordance with the defined risk appetite and tolerance limits. The Risk team will facilitate this monitoring, by sharing a monthly report.
•Evaluate New Products: Be aware of new products launched on the market and analyze the risks arising from their implementation.
•Communicate Corporate Risk Culture: Define and monitor strategies to communicate the corporate risk culture.
Committee Members.
The members of the Comprehensive Risk Management Committee are:
•General Manager: Gerónimo Fresco
•Administration and Finance Manager: Maria Eugenia Millan
•Legal Manager: Julian Borrelli
•Internal Audit Manager: Carolina Ponteriero
•Technology Manager: Martin Kasañetz
•Head of Risk: Diego Mazzeo
Relevant experience of the Committee members:
Mr. Geronimo Fresco holds a degree in Economics from UADE, and completed a PDD at the Universidad Austral. He has been part of the Galicia Financial Group for more than 20 years. In 2023, he joined Galicia Seguros as Strategy and Integration Manager as part of the acquisition of Seguros Sura by the Galicia Financial Group.
Ms. Maria Eugenia Millan is an actuary who graduated from the University of Buenos Aires, with a Master of Business Administration from the University of San Andrés. She also completed a postgraduate degree in Finance specializing in Capital Markets at the Buenos Aires Stock Exchange. She has over 20 years of experience in the insurance industry and has been with Galicia Seguros for more than 4 years. She currently holds the position of Director and Manager of Administration and Finance. Additionally, she serves as the Deputy Compliance Officer in matters of Anti-Money Laundering and Terrorist Financing before the Financial Intelligence Unit.
Mr. Julian Borrelli has been part of the Galicia Más team since 2018, and his current role was Associate General Counsel. He is a lawyer, having graduated with honors from the Catholic University of Argentina (UCA), and has completed several postgraduate degrees in corporate legal advice. He has extensive experience in insurance and a business acumen.
Ms. Carolina Pontoriero previously served as Head of AML and AML Risk Strategy at Galicia Más. She holds a degree in Industrial Organization and has extensive experience and expertise in related fields.
Mr. Martin Kasañetz is a Systems Analyst who joined Galicia Seguros in July 2022. In his career, he has held positions as Deputy Manager, Head of Programming and Development, Project Leader, and System Analyst. He has worked at the German Hospital, Mapfre, and La Caja. Since 2022, he has been leading the Technology Department.
Mr. Diego Mazzeo is an actuary in Economics from the University of Buenos Aires and has 18 years of experience in the insurance industry. He joined Galicia Seguros at the end of 2023, following the acquisition of Seguros Sura.
Other Companies within Grupo Galicia.
For the rest of the companies in Grupo Financiero Galicia, senior management or the Board of Directors remains informed. Each company has at least one executive committee focused on cybersecurity and cyber risks. Additionally, Banco Galicia provides advice to the rest of the companies when required. Likewise, the Chief Information Security
Officers (CISOs) and cybersecurity leaders of each company maintain constant dialogue.
Processes for reporting to the Committees
The aforementioned committees are informed about relevant aspects through regular presentations and periodic updates.
For each committee, minutes are taken to control and follow-up on the issues discussed.
For the rest of the companies within Grupo Financiero Galicia, depending on their size, there are respective oversight committees to which cybersecurity threats are reported when detected. This reporting is carried out by each team or subject matter expert within each company.
Oversight of the aforementioned risks is conducted through both direct communication with senior management and regular committee meetings. In general, these committees are responsible for managing, promoting and driving improvements and adjustments to the risks under their charge.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The companies within Grupo Galicia, depending on their size, have their respective Oversight Committees, to which cyber threats are reported if detected. This reporting is conducted by the cybersecurity team of each company. Specifically,
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The aforementioned committees are informed about relevant aspects through regular presentations and periodic updates.
For each committee, minutes are taken to control and follow-up on the issues discussed.
For the rest of the companies within Grupo Financiero Galicia, depending on their size, there are respective oversight committees to which cybersecurity threats are reported when detected. This reporting is carried out by each team or subject matter expert within each company.
Oversight of the aforementioned risks is conducted through both direct communication with senior management and regular committee meetings. In general, these committees are responsible for managing, promoting and driving improvements and adjustments to the risks under their charge.
|Cybersecurity Risk Role of Management [Text Block]
|
The companies within Grupo Galicia, depending on their size, have their respective Oversight Committees, to which cyber threats are reported if detected. This reporting is conducted by the cybersecurity team of each company. Specifically, Banco Galicia, Sudamericana Holding, and Naranja X have distinct committees to report and address risks arising from cyber threats.
These risks are monitored through direct communication with management and regular committee meetings.
The existing committees are detailed below, along with their functions and the roles and expertise of their members.
Banco Galicia
Cybersecurity and Fraud Prevention Committee.
Committee Functions:
•Promote Strategic Projects and Information Security Initiatives: Drive strategic projects and initiatives
focused on enhancing information security at Banco Galicia.
•Promote Strategic Projects and Fraud Prevention Initiatives: Lead strategic projects and initiatives aimed at preventing fraud at Banco Galicia.
•Approve Related Strategic and Management Plans: Review and approve strategic and management plans related to information security and fraud prevention.
•Coordinate Decisions Related to Policies and Regulations: Make coordinated decisions regarding policies, regulations, specific security and fraud risk analyses, and service continuity plans.
•Monitor Significant Changes and Assess Risk Status: Oversee significant changes and evaluate the status of risks affecting Banco Galicia's information resources from internal and external threats related to the aforementioned topics.
Committee members.
The members of the Cybersecurity and Fraud Prevention Committee are:
•Board of Directors: Mrs. María Elena Casasnovas
•Board of Directors: Mr. Gastón Bourdieu
•Board of Directors: Mr. Miguel A. Peña
•Risk Manager: Ezequiel Valls
•Product and Technology Manager: Marcela Fernie
•Assets Laundering Prevention Manager: Teresa del Carmen Piraino
•Internal Audit Manager: Claudio Scarso
•Information Security and Fraud Prevention Manager: Pedro Adamovic
Operational and Technology Risk Committee.
Committee Functions:
•Communicate Operational, IT, and Business Continuity Risks: Inform committee members about the main operational, IT, and business continuity risks,and their consequences, and the planned mitigating measures.
•Monitor Control Weaknesses: Oversee control weaknesses detected in business processes.
•Analyze and Recommend Mitigation Actions: Evaluate and suggest actions to mitigate high risks.
•Approve or Reject Risk Assumption Decisions: Approve or reject the decision of the owner of an operational or IT risk to assume the risk, with the corresponding justification or action plan.
•Validate and Approve Risk Management Changes: Validate and approve changes to the risk management structure, policy, and/or procedures.
•Validate and Approve ITS Analysis Methodology Changes: Validate and approve changes to the analysis methodology for Information Technology Services (ITS) provided by third parties, along with their framework and status.
Committee Members.
The members of the Operational and Technological Risk Committee are:
•Risk Manager: Ezequiel Valls
•Product and Technology Manager: Marcela Fernie
•Internal Audit Manager: Fernando Lapajne
•Legal Counsel Manager: Esteban Tresserras
•Compliance Manager: Maria Cecilia Auferil
•Information Security and Fraud Prevention Manager: Pedro Adamovic
•Assets Laundering Prevention Manager: Teresa del Carmen Piraino
Relevant experience of the Committee members.
Ms. Casasnovas: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Board of Directors of Banco Galicia”.
Mr. Bourdieu: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Board of Directors of Banco Galicia”.
Mr. Peña: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Board of Directors of Banco Galicia”.
Mr. Valls: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Grupo Galicia’s Executive Officers”.
Ms. Fernie: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Banco Galicia’s Executive Officers”.
Ms. Piraino: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Banco Galicia’s Executive Officers”.
Mr. Fernando Lapajne: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Banco Galicia’s Executive Officers”.
Mr. Esteban Tresserras obtained a degree in law from the University of Buenos Aires and has a Postgraduate Degree in business administration from the Torcuato Di Tella University
Ms. Maria Cecilia Auferil obteined degree in law from the University of Buenos Aires. She completed a post gradued degree in AML and Financial Crime Prevention from University of Buenos Aires. She obteined a certification in ethics and anti bribery and corruption in University UCEMA. She has been asociated with Banco Galicia since 2012.
Mr. Pedro Adamovic obtained a degree in Computer Systems Engineering from Computer Technology at the Open Interamerican University. He has been working at the Bank since 2019.
Naranja X.
Information Security and Technology Committee.
Committee Functions:
•Ensure Compliance with Policies and Objectives: Ensure adherence to the policies and objectives set by the management applicable to the topics within its scope, through periodic reviews.
•Monitor IT Environment Functionality: Oversee the proper functioning of the Information Technology environment and contribute to improving its effectiveness.
•Annual Systems and Technology Plan: Discuss and submit the Annual Systems and Technology Plan to the Board of Directors of Naranja X, provide opinions regarding its nature, scope, and timing, and periodically evaluate it by reviewing its degree of compliance.
•Analyze Risk Exposure: Analyze the evolution of Naranja X's systems and technology risk exposure, as well as the mitigation action plans that are in the process of implementation.
•Support Business Continuity: Provide the Contingency Team Leader with the necessary support to ensure business continuity in the event of a contingency.
•Monitor Information Security Environment: Oversee the proper functioning of the Information Security environment.
•Improve Internal Security Control: Contribute to enhancing the effectiveness of Naranja X's internal security control.
•Evaluate Information Security Plan Compliance: Evaluate and review compliance with the Information Security Plan.
•Verify Compliance with Information Asset Provisions: Ensure proper compliance with the provisions related to information assets, as contained in the regulations of the BCRA and other oversight and collection agencies with jurisdiction and authority over Naranja X.
•Monitor Corrective Measures Implementation: Continuously monitor the implementation of corrective measures linked to detected weaknesses and opportunities for improvement.
Committee Members.
The members of the Information Security and Technology Committee are:
•Board of Directors: Miguel Ángel Peña
•General Manager: Pablo Hernan Caputto
•Senior Technology Manager: Gonzalo Martin Ozan
•Senior Information Security Manager: Oscar Martin Gutierrez
•Senior Risk Manager: Mariano Omar Tittarelli
•Technology, Operational, and AML Risk Manager: Jose Domenech
•Senior Legal & Compliance Manager: Valeria Mon
Relevant experience of the Committeee members:
Mr. Peña: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Board of Directors of Banco Galicia”.
Mr. Pablo Caputto obtained a Bachelor of Applied Science (B.A.Sc.) in Accounting from the University of Buenos Aires. He completed a postgraduate Master's degree in Finance at Torcuato Di Tella University.
Mr. Gonzalo Martin Ozan obtained a degree in Information Systems Engineer from the National Technological University. He completed a postgraduate program in Master of Business Administration (MBA) at the Catholic University of Cordoba.
Mr. Oscar Martin Gutierrez obtained a degree in Information Systems Engineering from the National Technological University.
Mr. Mariano Omar Tittarelli obtained a Bachelor's degree in Economics from Torcuato Di Tella University. He completed a postgraduate Master's degree in Finance at Torcuato Di Tella University.
Mr. Jose Domenech obtained a Bachelor's degree in Systems Analysis from the Catholic University of La Plata. He completed a postgraduate program in Master in Business Administration (MBA).
Ms. Valeria Mon obtained a degree in Law from the Pontifical Catholic University of Argentina.
Sudamericana Holding.
Comprehensive Risk Management Committee.
Committee Functions:
•Approve the Risk Appetite Statement: Validate the definition of risk appetite and tolerance limits and establish thresholds.
•Monitor Risk Profile Evolution: Constantly monitor the evolution of SUHO's risk profile, establishing necessary corrective measures in accordance with the defined risk appetite and tolerance limits. The Risk team will facilitate this monitoring, by sharing a monthly report.
•Evaluate New Products: Be aware of new products launched on the market and analyze the risks arising from their implementation.
•Communicate Corporate Risk Culture: Define and monitor strategies to communicate the corporate risk culture.
Committee Members.
The members of the Comprehensive Risk Management Committee are:
•General Manager: Gerónimo Fresco
•Administration and Finance Manager: Maria Eugenia Millan
•Legal Manager: Julian Borrelli
•Internal Audit Manager: Carolina Ponteriero
•Technology Manager: Martin Kasañetz
•Head of Risk: Diego Mazzeo
Relevant experience of the Committee members:
Mr. Geronimo Fresco holds a degree in Economics from UADE, and completed a PDD at the Universidad Austral. He has been part of the Galicia Financial Group for more than 20 years. In 2023, he joined Galicia Seguros as Strategy and Integration Manager as part of the acquisition of Seguros Sura by the Galicia Financial Group.
Ms. Maria Eugenia Millan is an actuary who graduated from the University of Buenos Aires, with a Master of Business Administration from the University of San Andrés. She also completed a postgraduate degree in Finance specializing in Capital Markets at the Buenos Aires Stock Exchange. She has over 20 years of experience in the insurance industry and has been with Galicia Seguros for more than 4 years. She currently holds the position of Director and Manager of Administration and Finance. Additionally, she serves as the Deputy Compliance Officer in matters of Anti-Money Laundering and Terrorist Financing before the Financial Intelligence Unit.
Mr. Julian Borrelli has been part of the Galicia Más team since 2018, and his current role was Associate General Counsel. He is a lawyer, having graduated with honors from the Catholic University of Argentina (UCA), and has completed several postgraduate degrees in corporate legal advice. He has extensive experience in insurance and a business acumen.
Ms. Carolina Pontoriero previously served as Head of AML and AML Risk Strategy at Galicia Más. She holds a degree in Industrial Organization and has extensive experience and expertise in related fields.
Mr. Martin Kasañetz is a Systems Analyst who joined Galicia Seguros in July 2022. In his career, he has held positions as Deputy Manager, Head of Programming and Development, Project Leader, and System Analyst. He has worked at the German Hospital, Mapfre, and La Caja. Since 2022, he has been leading the Technology Department.
Mr. Diego Mazzeo is an actuary in Economics from the University of Buenos Aires and has 18 years of experience in the insurance industry. He joined Galicia Seguros at the end of 2023, following the acquisition of Seguros Sura.
Other Companies within Grupo Galicia.
For the rest of the companies in Grupo Financiero Galicia, senior management or the Board of Directors remains informed. Each company has at least one executive committee focused on cybersecurity and cyber risks. Additionally, Banco Galicia provides advice to the rest of the companies when required. Likewise, the Chief Information Security
Officers (CISOs) and cybersecurity leaders of each company maintain constant dialogue.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
The companies within Grupo Galicia, depending on their size, have their respective Oversight Committees, to which cyber threats are reported if detected. This reporting is conducted by the cybersecurity team of each company. Specifically, Banco Galicia, Sudamericana Holding, and Naranja X have distinct committees to report and address risks arising from cyber threats.
These risks are monitored through direct communication with management and regular committee meetings.
The existing committees are detailed below, along with their functions and the roles and expertise of their members.
Banco Galicia
Cybersecurity and Fraud Prevention Committee.
Committee Functions:
•Promote Strategic Projects and Information Security Initiatives: Drive strategic projects and initiatives
focused on enhancing information security at Banco Galicia.
•Promote Strategic Projects and Fraud Prevention Initiatives: Lead strategic projects and initiatives aimed at preventing fraud at Banco Galicia.
•Approve Related Strategic and Management Plans: Review and approve strategic and management plans related to information security and fraud prevention.
•Coordinate Decisions Related to Policies and Regulations: Make coordinated decisions regarding policies, regulations, specific security and fraud risk analyses, and service continuity plans.
•Monitor Significant Changes and Assess Risk Status: Oversee significant changes and evaluate the status of risks affecting Banco Galicia's information resources from internal and external threats related to the aforementioned topics.
Committee members.
The members of the Cybersecurity and Fraud Prevention Committee are:
•Board of Directors: Mrs. María Elena Casasnovas
•Board of Directors: Mr. Gastón Bourdieu
•Board of Directors: Mr. Miguel A. Peña
•Risk Manager: Ezequiel Valls
•Product and Technology Manager: Marcela Fernie
•Assets Laundering Prevention Manager: Teresa del Carmen Piraino
•Internal Audit Manager: Claudio Scarso
•Information Security and Fraud Prevention Manager: Pedro Adamovic
Operational and Technology Risk Committee.
Committee Functions:
•Communicate Operational, IT, and Business Continuity Risks: Inform committee members about the main operational, IT, and business continuity risks,and their consequences, and the planned mitigating measures.
•Monitor Control Weaknesses: Oversee control weaknesses detected in business processes.
•Analyze and Recommend Mitigation Actions: Evaluate and suggest actions to mitigate high risks.
•Approve or Reject Risk Assumption Decisions: Approve or reject the decision of the owner of an operational or IT risk to assume the risk, with the corresponding justification or action plan.
•Validate and Approve Risk Management Changes: Validate and approve changes to the risk management structure, policy, and/or procedures.
•Validate and Approve ITS Analysis Methodology Changes: Validate and approve changes to the analysis methodology for Information Technology Services (ITS) provided by third parties, along with their framework and status.
Committee Members.
The members of the Operational and Technological Risk Committee are:
•Risk Manager: Ezequiel Valls
•Product and Technology Manager: Marcela Fernie
•Internal Audit Manager: Fernando Lapajne
•Legal Counsel Manager: Esteban Tresserras
•Compliance Manager: Maria Cecilia Auferil
•Information Security and Fraud Prevention Manager: Pedro Adamovic
•Assets Laundering Prevention Manager: Teresa del Carmen Piraino
Relevant experience of the Committee members.
Ms. Casasnovas: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Board of Directors of Banco Galicia”.
Mr. Bourdieu: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Board of Directors of Banco Galicia”.
Mr. Peña: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Board of Directors of Banco Galicia”.
Mr. Valls: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Grupo Galicia’s Executive Officers”.
Ms. Fernie: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Banco Galicia’s Executive Officers”.
Ms. Piraino: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Banco Galicia’s Executive Officers”.
Mr. Fernando Lapajne: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Banco Galicia’s Executive Officers”.
Mr. Esteban Tresserras obtained a degree in law from the University of Buenos Aires and has a Postgraduate Degree in business administration from the Torcuato Di Tella University
Ms. Maria Cecilia Auferil obteined degree in law from the University of Buenos Aires. She completed a post gradued degree in AML and Financial Crime Prevention from University of Buenos Aires. She obteined a certification in ethics and anti bribery and corruption in University UCEMA. She has been asociated with Banco Galicia since 2012.
Mr. Pedro Adamovic obtained a degree in Computer Systems Engineering from Computer Technology at the Open Interamerican University. He has been working at the Bank since 2019.
Naranja X.
Information Security and Technology Committee.
Committee Functions:
•Ensure Compliance with Policies and Objectives: Ensure adherence to the policies and objectives set by the management applicable to the topics within its scope, through periodic reviews.
•Monitor IT Environment Functionality: Oversee the proper functioning of the Information Technology environment and contribute to improving its effectiveness.
•Annual Systems and Technology Plan: Discuss and submit the Annual Systems and Technology Plan to the Board of Directors of Naranja X, provide opinions regarding its nature, scope, and timing, and periodically evaluate it by reviewing its degree of compliance.
•Analyze Risk Exposure: Analyze the evolution of Naranja X's systems and technology risk exposure, as well as the mitigation action plans that are in the process of implementation.
•Support Business Continuity: Provide the Contingency Team Leader with the necessary support to ensure business continuity in the event of a contingency.
•Monitor Information Security Environment: Oversee the proper functioning of the Information Security environment.
•Improve Internal Security Control: Contribute to enhancing the effectiveness of Naranja X's internal security control.
•Evaluate Information Security Plan Compliance: Evaluate and review compliance with the Information Security Plan.
•Verify Compliance with Information Asset Provisions: Ensure proper compliance with the provisions related to information assets, as contained in the regulations of the BCRA and other oversight and collection agencies with jurisdiction and authority over Naranja X.
•Monitor Corrective Measures Implementation: Continuously monitor the implementation of corrective measures linked to detected weaknesses and opportunities for improvement.
Committee Members.
The members of the Information Security and Technology Committee are:
•Board of Directors: Miguel Ángel Peña
•General Manager: Pablo Hernan Caputto
•Senior Technology Manager: Gonzalo Martin Ozan
•Senior Information Security Manager: Oscar Martin Gutierrez
•Senior Risk Manager: Mariano Omar Tittarelli
•Technology, Operational, and AML Risk Manager: Jose Domenech
•Senior Legal & Compliance Manager: Valeria Mon
Relevant experience of the Committeee members:
Mr. Peña: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Board of Directors of Banco Galicia”.
Mr. Pablo Caputto obtained a Bachelor of Applied Science (B.A.Sc.) in Accounting from the University of Buenos Aires. He completed a postgraduate Master's degree in Finance at Torcuato Di Tella University.
Mr. Gonzalo Martin Ozan obtained a degree in Information Systems Engineer from the National Technological University. He completed a postgraduate program in Master of Business Administration (MBA) at the Catholic University of Cordoba.
Mr. Oscar Martin Gutierrez obtained a degree in Information Systems Engineering from the National Technological University.
Mr. Mariano Omar Tittarelli obtained a Bachelor's degree in Economics from Torcuato Di Tella University. He completed a postgraduate Master's degree in Finance at Torcuato Di Tella University.
Mr. Jose Domenech obtained a Bachelor's degree in Systems Analysis from the Catholic University of La Plata. He completed a postgraduate program in Master in Business Administration (MBA).
Ms. Valeria Mon obtained a degree in Law from the Pontifical Catholic University of Argentina.
Sudamericana Holding.
Comprehensive Risk Management Committee.
Committee Functions:
•Approve the Risk Appetite Statement: Validate the definition of risk appetite and tolerance limits and establish thresholds.
•Monitor Risk Profile Evolution: Constantly monitor the evolution of SUHO's risk profile, establishing necessary corrective measures in accordance with the defined risk appetite and tolerance limits. The Risk team will facilitate this monitoring, by sharing a monthly report.
•Evaluate New Products: Be aware of new products launched on the market and analyze the risks arising from their implementation.
•Communicate Corporate Risk Culture: Define and monitor strategies to communicate the corporate risk culture.
Committee Members.
The members of the Comprehensive Risk Management Committee are:
•General Manager: Gerónimo Fresco
•Administration and Finance Manager: Maria Eugenia Millan
•Legal Manager: Julian Borrelli
•Internal Audit Manager: Carolina Ponteriero
•Technology Manager: Martin Kasañetz
•Head of Risk: Diego Mazzeo
Relevant experience of the Committee members:
Mr. Geronimo Fresco holds a degree in Economics from UADE, and completed a PDD at the Universidad Austral. He has been part of the Galicia Financial Group for more than 20 years. In 2023, he joined Galicia Seguros as Strategy and Integration Manager as part of the acquisition of Seguros Sura by the Galicia Financial Group.
Ms. Maria Eugenia Millan is an actuary who graduated from the University of Buenos Aires, with a Master of Business Administration from the University of San Andrés. She also completed a postgraduate degree in Finance specializing in Capital Markets at the Buenos Aires Stock Exchange. She has over 20 years of experience in the insurance industry and has been with Galicia Seguros for more than 4 years. She currently holds the position of Director and Manager of Administration and Finance. Additionally, she serves as the Deputy Compliance Officer in matters of Anti-Money Laundering and Terrorist Financing before the Financial Intelligence Unit.
Mr. Julian Borrelli has been part of the Galicia Más team since 2018, and his current role was Associate General Counsel. He is a lawyer, having graduated with honors from the Catholic University of Argentina (UCA), and has completed several postgraduate degrees in corporate legal advice. He has extensive experience in insurance and a business acumen.
Ms. Carolina Pontoriero previously served as Head of AML and AML Risk Strategy at Galicia Más. She holds a degree in Industrial Organization and has extensive experience and expertise in related fields.
Mr. Martin Kasañetz is a Systems Analyst who joined Galicia Seguros in July 2022. In his career, he has held positions as Deputy Manager, Head of Programming and Development, Project Leader, and System Analyst. He has worked at the German Hospital, Mapfre, and La Caja. Since 2022, he has been leading the Technology Department.
Mr. Diego Mazzeo is an actuary in Economics from the University of Buenos Aires and has 18 years of experience in the insurance industry. He joined Galicia Seguros at the end of 2023, following the acquisition of Seguros Sura.
Other Companies within Grupo Galicia.
For the rest of the companies in Grupo Financiero Galicia, senior management or the Board of Directors remains informed. Each company has at least one executive committee focused on cybersecurity and cyber risks. Additionally, Banco Galicia provides advice to the rest of the companies when required. Likewise, the Chief Information Security
Officers (CISOs) and cybersecurity leaders of each company maintain constant dialogue.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|
Ms. Casasnovas: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Board of Directors of Banco Galicia”.
Mr. Bourdieu: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Board of Directors of Banco Galicia”.
Mr. Peña: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Board of Directors of Banco Galicia”.
Mr. Valls: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Grupo Galicia’s Executive Officers”.
Ms. Fernie: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Banco Galicia’s Executive Officers”.
Ms. Piraino: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Banco Galicia’s Executive Officers”.
Mr. Fernando Lapajne: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Banco Galicia’s Executive Officers”.
Mr. Esteban Tresserras obtained a degree in law from the University of Buenos Aires and has a Postgraduate Degree in business administration from the Torcuato Di Tella University
Ms. Maria Cecilia Auferil obteined degree in law from the University of Buenos Aires. She completed a post gradued degree in AML and Financial Crime Prevention from University of Buenos Aires. She obteined a certification in ethics and anti bribery and corruption in University UCEMA. She has been asociated with Banco Galicia since 2012.
Mr. Pedro Adamovic obtained a degree in Computer Systems Engineering from Computer Technology at the Open Interamerican University. He has been working at the Bank since 2019.
Mr. Peña: See “Item 6. Director, Senior Management and Employees— A. Directors ans Senior Management—Board of Directors of Banco Galicia”.
Mr. Pablo Caputto obtained a Bachelor of Applied Science (B.A.Sc.) in Accounting from the University of Buenos Aires. He completed a postgraduate Master's degree in Finance at Torcuato Di Tella University.
Mr. Gonzalo Martin Ozan obtained a degree in Information Systems Engineer from the National Technological University. He completed a postgraduate program in Master of Business Administration (MBA) at the Catholic University of Cordoba.
Mr. Oscar Martin Gutierrez obtained a degree in Information Systems Engineering from the National Technological University.
Mr. Mariano Omar Tittarelli obtained a Bachelor's degree in Economics from Torcuato Di Tella University. He completed a postgraduate Master's degree in Finance at Torcuato Di Tella University.
Mr. Jose Domenech obtained a Bachelor's degree in Systems Analysis from the Catholic University of La Plata. He completed a postgraduate program in Master in Business Administration (MBA).
Ms. Valeria Mon obtained a degree in Law from the Pontifical Catholic University of Argentina.
Mr. Geronimo Fresco holds a degree in Economics from UADE, and completed a PDD at the Universidad Austral. He has been part of the Galicia Financial Group for more than 20 years. In 2023, he joined Galicia Seguros as Strategy and Integration Manager as part of the acquisition of Seguros Sura by the Galicia Financial Group.
Ms. Maria Eugenia Millan is an actuary who graduated from the University of Buenos Aires, with a Master of Business Administration from the University of San Andrés. She also completed a postgraduate degree in Finance specializing in Capital Markets at the Buenos Aires Stock Exchange. She has over 20 years of experience in the insurance industry and has been with Galicia Seguros for more than 4 years. She currently holds the position of Director and Manager of Administration and Finance. Additionally, she serves as the Deputy Compliance Officer in matters of Anti-Money Laundering and Terrorist Financing before the Financial Intelligence Unit.
Mr. Julian Borrelli has been part of the Galicia Más team since 2018, and his current role was Associate General Counsel. He is a lawyer, having graduated with honors from the Catholic University of Argentina (UCA), and has completed several postgraduate degrees in corporate legal advice. He has extensive experience in insurance and a business acumen.
Ms. Carolina Pontoriero previously served as Head of AML and AML Risk Strategy at Galicia Más. She holds a degree in Industrial Organization and has extensive experience and expertise in related fields.
Mr. Martin Kasañetz is a Systems Analyst who joined Galicia Seguros in July 2022. In his career, he has held positions as Deputy Manager, Head of Programming and Development, Project Leader, and System Analyst. He has worked at the German Hospital, Mapfre, and La Caja. Since 2022, he has been leading the Technology Department.
Mr. Diego Mazzeo is an actuary in Economics from the University of Buenos Aires and has 18 years of experience in the insurance industry. He joined Galicia Seguros at the end of 2023, following the acquisition of Seguros Sura.
Other Companies within Grupo Galicia.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
The aforementioned committees are informed about relevant aspects through regular presentations and periodic updates.
For each committee, minutes are taken to control and follow-up on the issues discussed.
For the rest of the companies within Grupo Financiero Galicia, depending on their size, there are respective oversight committees to which cybersecurity threats are reported when detected. This reporting is carried out by each team or subject matter expert within each company.
Oversight of the aforementioned risks is conducted through both direct communication with senior management and regular committee meetings. In general, these committees are responsible for managing, promoting and driving improvements and adjustments to the risks under their charge.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef