By Luz Wendy T. Noble, Reporter
THE BANGKO SENTRAL ng Pilipinas (BSP) on Thursday said it has approved sanctions on BDO Unibank, Inc. and UnionBank of the Philippines, Inc. over an online fraud incident involving customer accounts in December.
In a statement, the BSP said it has completed the investigation into the incident that “originated from a compromised web service” and involved unauthorized access of BDO accounts and fund transfers mostly to UnionBank accounts.
“Based on the results of the investigation, the Monetary Board approved the imposition of sanctions on BDO and UnionBank to ensure that both banks will swiftly address the issues,” it said.
The sanctions “emphasize the importance of continuously enhancing risk management systems involving cybersecurity, anti-money laundering, and combating terrorism and proliferation financing,” the BSP said.
UnionBank President and Chief Executive Officer (CEO) Edwin R. Bautista said the BSP did not impose monetary penalties.
“All the recommendations of BSP to avoid such incidents have been implemented. No monetary penalties. But we were asked to increase our capital charge against operations risk,” he said in a text message.
He said UnionBank has fully cooperated with BDO and the BSP, and has frozen a “sizeable amount and returned it to BDO.”
BDO President and CEO Nestor V. Tan said the bank would comply with the BSP’s sanctions. “We will work with the BSP to ensure a more secure banking environment,” he said via Viber message.
In deciding on sanctions, the BSP said it took into consideration the corrective actions implemented by both banks related to the cyber incident, including BDO’s move to reimburse the funds of its affected clients.
“This incident is a reminder that we should continue to enhance our defenses against cyberthreat actors to protect the integrity of the financial system and the interests of depositors,” BSP Governor Benjamin E. Diokno said in a statement.
In December, some customers of BDO took to social media to complain about unauthorized fund transfers from their accounts to fictitious accounts at UnionBank.
The National Bureau of Investigation in January arrested several people allegedly behind the hacking incident that affected more than 700 BDO clients.
The hackers stole about P1.2 million but could have potentially embezzled more than P50 million if the transactions were not immediately tagged as suspicious, the NBI has said.