Advertisement

BSP, big banks firm up moves vs cyber threats

Font Size

BIG BANKS are teaming up for an industry-wide monitoring scheme for cyber breaches just as the Bangko Sentral ng Pilipinas (BSP) is set to impose a one-day reporting period for such incidents.

BSP Deputy Governor Chuchi G. Fonacier said the central bank is linking up with the Bankers Association of the Philippines (BAP) in order to set up a reporting platform for cyber threats.

Ms. Fonacier said the BSP will soon release a new circular that will require all financial firms to report glitches, hacking and other forms of cyber security breaches to the central bank within 24 hours from detection.

The BSP is “ready” to issue the new rules, Ms. Fonacier told reporters on Tuesday, but is waiting to sync its reporting framework with the BAP’s own system.

Last year, the BSP official revealed plans for a two-day window to report cyber attacks and similar incidents amid growing cases of cybersecurity breaches.

While the BSP has been laying out an “enabling” environment for financial technology, Ms. Fonacier has said that banks should not let their guard down against digital fraud and hacking.

The industry’s own initiative will enable participating lenders to promptly alert and share notes with each other on cyber attacks.

The BSP has been encouraging increased electronic transactions by enabling interbank fund transfers via mobile and Web-based applications.

At the same time, central bank officials have labeled cyber security threats as one of the biggest hazards now faced by the banking industry.

Besides financial losses, banks face reputational risk — involving erosion of public trust — when they succumb to cyber security attacks.

In November last year, the BSP issued Circular 982 that required all financial companies to identify and prepare ways to counter digital attacks like skimming, phishing and malware.

The same circular requires financial firms with “complex” information technology systems to set up 24/7 security operation centers to monitor potential attacks, as well as an incident response plan to “minimize and contain” impact on banking services. — Melissa Luz T. Lopez