MANILA, Philippines — The Bangko Sentral ng Pilipinas (BSP) is proposing amendments to existing regulations on banks’ information technology (IT) risk management to combat financial account fraud.
The draft circular, which will update sections of the Manual of Regulations for Banks and Non-Bank Financial Institutions, seeks to fortify safeguards against fraudulent activities by aligning regulations with Republic Act 12010 or the Anti-Financial Account Scamming Act (AFASA).
The regulator said industry players and stakeholders have until Feb. 10 to submit their feedback on the proposed amended guidelines.
The central bank said that BSP-supervised financial institutions (BSFIs) should protect customers from fraudulent schemes done electronically.
“Failing to do so may erode consumer confidence in electronic channels as safe and reliable methods for financial transactions. To mitigate the impact of cyber fraud, BSFIs should adopt an aggressive security posture,” the BSP said.
The proposal mandates the implementation of robust IT controls and a fraud management system (FMS) to monitor and mitigate the risks associated with high-volume, high-value and increasingly complex digital transactions.
BSFIs will be required to adopt an FMS capable of identifying and mitigating both new and evolving fraudulent schemes. The systems may use rule-based, machine learning or hybrid approaches to ensure real-time fraud detection and prevention.
The BSP will also mandate the inclusion of critical fraud detection tools, such as transaction velocity checks, mobile device and account monitoring, geolocation monitoring, blacklist screening and behavioral analysis.
BSFIs will be authorized to hold suspicious transactions temporarily for verification.
“Detection through FMS is one of the grounds for BSFIs to temporarily hold funds and initiate a coordinated verification process,” the BSP said.
“Moreover, BSFIs shall perform acts as may be legally warranted to preserve the integrity of the financial account. Hence, BSFIs shall establish and enforce clear and comprehensive policies, standards and procedures on its FMS implementation,” it added.
The draft circular also calls for implementing an FMS at the automated clearing house level to centralize the monitoring and flagging of suspicious transactions across the financial ecosystem.
BSFIs engaged in complex digital products and services, or those handling high volumes of online transactions, must also adopt stronger authentication mechanisms to ensure the integrity of customer-initiated transactions.
Under the AFASA, failure to meet regulatory standards for fraud prevention may expose institutions to penalties.
The BSP emphasized that BSFIs must assess and regularly update their fraud prevention systems to respond effectively to emerging threats.