By Lee C. Chipongian
The Bangko Sentral ng Pilipinas (BSP) has changed much of its regulatory framework in the last 12 months in response to an increasingly technology-enabled and digitalized financial services industry.
Nestor A. Espenilla Jr.
BSP Governor Nestor A. Espenilla Jr. said the central bank has updated and revised crucial regulation because of a changing market environment and at the center of it is the digital transformation.
Espenilla even coined a new word “FINfrastructure” or financial infrastructure to emphasize their focus on the digitization of the financial sector. The BSP’s support of a biometric-based foundational ID system is part of FINfrastructure.
Tech-savvy financial consumers’ payment options
Towards the latter part of 2017, the BSP implemented the National Retail Payment System (NRPS) to pave the way for a “safe, efficient and reliable” electronic payment environment in the country.
The NRPS, as BSP explained, basically provides the gateway for unbanked, underserved markets. It is expected to digitilize about 20 percent of retail transactions by 2020.
At the moment only one percent of the 2.5 billion payment transactions made in the Philippines is electronic, and that is per month. This is valued over R3 trillion and 99 percent of which is in cash or checks. The central bank wants that one percent electronic payment transactions to increase to at least 20 percent in two years.
In November, the BSP already launched the Batch Electronic Fund Transfer Credit system or PESONet. With this, Espenilla said funds will be made available to the recipient account or accounts within the same banking day at full value.
“In the first quarter of 2018, we will launch InstaPay, another automated clearinghouse allowing real time, low-value push electronic fund transfers perfect for e-commerce,” he said. “All of these initiatives will help lower the cost of doing business, enable increased e-commerce, and give wide access to credit and other vital financial services.”
Banks and non-bank electronic money issuers (EMIs) have signed the charter of the Payment System Management Body (PSMB) for the e-payments PESO Net and InstaPay.
The Philippine Payments Management, Inc. (PPMI), which has already been registered with the Securities and Exchange Commission, is the industry-driven “self-governing body to drive the responsible development and operations of the retail payment system.” The PPMI will aid the BSP in the NRPS by ensuring that it is implemented correctly.
Bankers Association of the Philippines president Nestor Tan has said that PPMI will assist the BSP in overseeing the development and operations of the retail payment system as well as offer policy recommendations. “The PPMI (can help the) BSP and various agencies towards a more financially inclusive economic system for the Filipinos through cooperation and competition from various financial service providers,” said Tan.
BSP tightens IT security rules
Also in November, the BSP approved the enhanced IT security rules to put extra emphasis on the information security governance and a “strong security culture” in banking networks.
Banks’ cybersecurity systems will have to do some serious upgrades after the BSP approved IT controls and measures against cyber threats, one of the first in the region.
The BSP said the new guidelines are the “right balance” of managing cyber-related risks without hampering innovations, and that it “covers a holistic framework on information security risk management or ISRM as an integral part of (banks’) information security program, enterprise risk management system and governance mechanisms.”
The new circular is a global best practice on information security and it directs all banks in the country to adopt what it called key elements of cyber resilience in one year from its effectivity date. The central bank also expects a report of each banks’ plans of actions and timelines by next month.
California-based FICO in a statement said technology is affecting the banking sector in “every aspect.” “There is digital disruption in the way products are being sold to consumers, the way they are managed and the way customers expect to interacting with their banks,” it said.
For 2018, the analytics software firm predicts that more regulators and banks will adopt stricter cybersecurity which will be a “more holistic approach to detecting money laundering through the synthesizing of siloed fraud prevention, cybersecurity and anti-money laundering (AML) operations.”
The BSP wants banks to be prepared against the fast-evolving cyber-threats that continue to hit both global and local financial sectors on a daily basis.
FICO described the past year as – globally for the financial sector – “fraught with fraud cases” and that banks now realize that they have to “beef up their systems in order to combat these increasingly sophisticated threats.”
Espenilla said the new cybersecurity rules are part of their strategic roadmap on cybersecurity. “Over the years, we have taken a very active role in ensuring that our policy and regulatory environment provide opportunities for innovation while ensuring risks are well-managed. We have learned to be open-minded to change,” he told bankers in a forum during the issuance of the new IT regulation.
“Among central banks, we are a pioneer in the use of the ‘test and learn’ approach, now called the regulatory sandbox,” he added. The BSP’s regulation on e-money in 2004 is an example of its pioneering measures in the region.
Banks were consulted by the BSP on the revised and upgraded IT regulations. The consultations started even before IT-related banking security issues hit BDO Unibank, Inc. and Bank of the Philippine Islands earlier this year. Besides the two big banks, there were other IT internal control problems that other banks reported.
BSP is comfortable with Fintech, but wary of VCs
In every one of Espenilla’s talks and discussions with bankers, investors and market players this past year, and more so when he took the helm as BSP chief in July, he continued to communicate the central bank’s open-minded approach to Fintech.
Espenilla said he is comfortable with their ways of monitoring and assessing Fintech or financial technology firms but he also wants his people to remain on top of the emerging sector. In short, the BSP has to “stay plugged in and understand what’s going on,” he said.
There are various Fintech operations and almost all are being watched by the central bank such as those that support the banking system. The BSP is aware of Fintechs that are service providers and offer services on their own but they are more interested in Fintechs that are acting as a connector between traditional banks and their customers.
“At the BSP, we have a very open-minded approach to Fintech,” said Espenilla in a forum. “This means that we take a very active role in ensuring that our policy provides opportunities for innovation that can help advance inclusive growth and deliver more efficient financial services. At the same time, we want to ensure risks are well managed, particularly technology, money laundering/ terrorist financing, and consumer protection risks.”
Mindful of related risks to Fintechs, the BSP in 2017 issued several regulations that will address technology risks, as well AML/CFT concerns. “These include comprehensive supervisory frameworks for money service businesses and pawnshops to ensure effective AML compliance. This also extends to entities that use virtual currency (VC) as underlying instruments for remittance.”
On December 30, the BSP had to issue a public warning against the use of VCs before Filipinos greet the new year, perhaps realizing that in 2018, VCs will either change the game or sunk the ship that disruptive technology sailed on.
The BSP said VCs such as Bitcoin bring with it risks including money laundering and its use as pyramid-like investment instrument.
The BSP said that usage of VCs in the Philippines has gained momentum as payment and in sending remittances due to its “faster, cheaper, and convenient way” of transactions, but it also noted that investors could be hooked on VC pyramid schemes which are “disguised as initial coin offerings or virtual currency investment products.”
Due to the rising trend in the use of VC exchanges, the BSP has categorized these VC transactions as remittance and transfer companies for purposes of supervision.
Espenilla earlier said that they have noted a significant increase in Bitcoin daily transactions, from just $2 million two years ago to $6 million today. “That’s the reason why we created the requirement (to register) because we are seeing rapid increase (in VC usage),” he said.
When the BSP approved the VC circular in February last year, it was the first such regulation in Asia. Still, Espenilla said they remain very watchful of VC trends and its accessibility as a money laundering vehicle.