REUTERS

The Bangko Sentral ng Pilipinas (BSP) will soon require financial institutions to demonstrate the robustness of their cybersecurity systems.

“Now prior to offering electronic payments and financial services, BSP-supervised financial institutions must undergo the BSP’s approval process, which requires rigorous security controls and consumer protection mechanisms,” BSP Governor Benjamin E. Diokno said in a briefing Friday.

“Compliance with BSP security and risk management standards are assessed during on-site examination as well as off-site monitoring.”

The central bank is in its final stages of developing a circular requiring the adoption of strong fraud management systems and temporary freezes on funds to minimize losses from fraudulent activities, the BSP said.

“Based on the reported crimes and losses submitted by BSP-supervised financial institutions, the top cyber incidents pertained to account takeover or identity theft, and card not present fraud, which are attributable to phishing, and its variants such as phishing and other cyber fraud schemes,” Mr. Diokno said.

The central bank recently identified the owners of accounts receiving illicit fund transfers involving two lenders last weekend.  Individuals who said they were BDO Unibank, Inc. account holders alleged on social media that their funds were transferred without authorization to UnionBank of the Philippines, Inc. accounts.

“We are also expanding the scope of our investigation, because we have surveillance showing that there may be other institutions other than of course, UnionBank, which may have been used to funnel away the stolen funds,” BSP Technology Risk and Innovation Supervision Director Melchor T. Plabasan said.

“So we will also we also want to get to the bottom of that particular issue or concern.”

He said it is too early to tell whether there will be penalties against institutions involved.

“It’s still premature or too early to tell whether we are going to resort to enforcement action or monetary or non-monetary sanctions, but then again, imposing sanctions is also a part of the regulatory framework to ensure that we are able to achieve the desired change and also to mitigate further risk,” he said. – Jenina P. Ibañez

RELATED ARTICLESMORE FROM AUTHOR