BSP wary of financial cybercrimes | | Philippine News
Home  » Business » Business Agenda » BSP wary of financial cybercrimes

BSP wary of financial cybercrimes

Late last year, the Bangko Sentral ng Pilipinas (BSP) held its first-ever “Cybersecurity Summit for the Financial Services Industry” as the central bank and the banking community recognized the growing threat in digital, mobile and Internet banking from hackers-for-hire and cyber syndicates.



“It is a fact: Cybercrimes are being committed and financial institutions and financial consumers are being targeted,” according to BSP Governor Amando M. Tetangco Jr.

The digital threats have long caught the BSP’s attention but it will only be this year and the next years beyond, that measures focusing on cybersecurity will highlight the consumer protection framework.

While technology has revolutionized banking in that access to financial services is now easier and convenient, it came with the unavoidable risks. If criminals gain access to sensitive and critical information, they could trigger financial losses, business disruptions, damaged reputation, and even threaten the viability of the institution itself, said Tetangco.

Data from BSP show that as end 2014, there were 22 million users of electronic banking services and channels, and growing e-money and e-banking transactions.

“Clearly, technology innovation has become an integral part of the business that it is now considered a “must” for BSFIs (BSP-supervised financial institutions) to survive and thrive in the digital world,” said Tetangco.

“However, as in other fields, there is a downside that comes with innovations in technology – criminal elements have likewise evolved. While it is far from widespread, cybercrimes exploit advances in technology to expand, conceal and perpetrate their criminal activities from the real world to the cyber realm.”

To combat these threats, Tetangco sees more cooperation between the BSP and the industry to stop cybercriminals. So far, cyber syndicates involved in ATM skimming, credit card fraud, and phishing incidents have been apprehended.

“Can we stop cybercrimes? Well, studies indicate that cyber attacks and similar fraudulent activities against the financial services industry are likely to continue,” said Tetangco. “But we can manage the risks related to cybercrimes.”

The game plan is to expand anti-cybercrime programs and activities since, said Tetangco, the stakes are high and could hurt the public’s trust in digital banking.

The rules are being crafted but much is to be done before the BSP is ready to release it. The BSP knows it will take many years to develop an effective security infrastructure but it has a good start and 2016 could contribute more by way of additional consumer protection measures.

“This calls for a continuing cycle of rigorous assessments of the institution’s security versus emerging threats and risks. Cyber security controls, processes and procedures must be continuously enhanced to mitigate weak points and achieve a higher state of resilience and maturity,” emphasized Tetangco.

In 2013, the BSP issued Circular No. 808, a framework for technology risk management. It tackled so-called multi-layered security controls for cyber-risk prevention, detection and response.

Within the BSP, it has the Core Informational Technology Specialist Group which handles cybersecurity issues in the banking sector and recommends the issuance of regulations to the Monetary Board.



The BSP’s consumer protection framework – first launched in 2014 – will have more teeth this year as the central bank improves the overall quality of safety nets for financial consumers, including redress mechanism and enforcement actions.

For the last two years, all banks have been required to observe crucial consumer protection standards since empowered financial consumers encourage competition, efficiency and productivity.

Primarily, the BSP stresses on more “disclosure and transparency” this year, and particularly fair treatment which will make compliance to transparency rules ‘very strict.’

The BSP said it would like more emphasis on “fair treatment” which goes beyond the current practice of “suitability tests”. Fair treatment requires that all banks and non-banks or all BSP-supervised financial institutions must not only fully disclose product details but should also determine whether the products and services it is offering are suitable to the risk and financial profile of the financial consumer.

BSP Deputy Governor Diwa C. Guinigundo said the central bank promotes strong and stable financial institutions and their inclusiveness by way of improving access to banking services including the use of mobile and Internet.

“We have started to implement a national strategy for financial inclusion covering regulatory issues, financial and economic literacy, and consumer protection,” said Guinigundo.

Guinigundo stressed that consumer protection has been “pushed to allow consumers greater mileage to their savings and investments” and there will be greater focus on protection measures this year, especially on digital information where it relates to banking and financial clients.