On April 22, Costa Rica published the law “Protection of Consumers in the Safekeeping of Their Funds Managed by Any Financial Institution” (Law No. 10889).

The country already has a regime of strict civil liability applicable to merchants vis-à-vis consumers for damages or losses related to the use or risks of goods or services offered in the market (Law No. 7472). The new law establishes more specific standards for cases of electronic fraud affecting depositors of banks and other regulated financial intermediaries. Financial institutions will be liable when funds are withdrawn from an account without the account holder’s authorization, even in the absence of fault and regardless of the mechanism used. Certain cases are excluded from liability, such as “self-fraud,” intentional misconduct by the account holder, and transfers between accounts held by the same owner.

The law shifts the burden of proof to the financial institution, establishes rules and deadlines for submitting and resolving claims, and requires the General Superintendency of Financial Institutions (SUGEF) to issue regulations on the matter and to assume a role that is unprecedented to date: reviewing and approving or rejecting each case in which a financial institution denies a consumer’s claim, without prejudice to subsequent judicial review.

Both SUGEF and several financial institutions raised objections to the approval of this law. Close attention should be paid to the regulation and implementation process.