format(webp))
BSP considers stricter regulations for IT risk management.
The proposed regulations aim to improve IT risk management and enhance consumer protection against cyber fraud. Key recommendations include adopting robust fraud management systems, utilizing stronger authentication methods, and implementing features that allow customers to secure their accounts.
The Bangko Sentral ng Pilipinas (BSP) plans to strengthen rules on IT controls and account security for financial institutions to combat cybercrime and protect consumers.
In a draft circular, the BSP proposed changes to regulations for banks and nonbank financial institutions to improve IT risk management as part of the Anti-Financial Account Scamming Act (AFASA), signed into law by President Ferdinand R. Marcos, Jr., in July 2024. This law allows the central bank to investigate violations and seek cybercrime warrants.
The draft rules require BSP-supervised financial institutions (BSFIs) to adopt strong security measures against cyber fraud, including automated fraud monitoring systems. BSFIs must have a robust fraud management system (FMS) to quickly identify and stop fraudulent transactions.
The BSP also wants to limit the use of easily intercepted authentication methods, like one-time passwords (OTP) sent via SMS or email, and recommends stronger methods such as biometric authentication. Customers should receive clear notifications about account activities to verify their legitimacy.
Digital platforms for fund transfers must include features like a “kill switch” to suspend accounts and block transactions as well as a “money lock” feature to secure funds. The BSP requires BSFIs to keep transaction logs for at least five years and emphasizes the importance of empowering customers to protect their financial accounts. — Luisa Maria Jacinta C. Jocson
What's Your Reaction?
