By Lee C. Chipongian
The Bangko Sentral ng Pilipinas (BSP) is currently assessing pawnshops’ cybersecurity compliance with existing rules in light of the recent data breach suffered by Cebu Lhuillier, the country’s biggest pawnshop operator.
BSP Deputy Governor Chuchi G. Fonacier said the review specifically on Cebu Lhuillier is still at its initial stages following reports that some 900 clients of the pawnshop were placed at risk with their personal information compromised due to the data breach.
“There is still an on-going assessment on the details of the breach,” said Fonacier. “So, at this point, it is still premature to discuss on the BSP’s handling.”
She said the “IT and cyber-related rules of the BSP also cover the pawnshops since they are BSP-supervised financial institutions.”
Banks and non-banks such as pawnshops’ cybersecurity systems had to be upgraded to comply with IT controls against cyber threats that continue to hit both global and local financial sectors on a daily basis. The BSP requires immediate reporting of any cyber-related issues – or within two hours of the incidence – to prevent further damage or adverse impact to the involved company and its customers.
On Monday, the BSP issued a statement assuring the public that it will be “closely monitoring the situation and coordinating with the concerned officers of Cebu Lhuillier to ensure timely remediation and that such exposed information will not be used for fraudulent transactions.”
Pawnshops engage in the business of lending money on personal property delivered as security for loans. Millions of Filipinos, who do not have access to banks, transact their financial business with non-bank channels such as pawnshops and the remittance agents.
In 2017, the same year the BSP’s IT and cybersecurity rules were enhanced and approved, the central bank shut down and delisted more than 200 pawnshop operators. Some were voluntary delistings.
Pawnshops, along with foreign exchange dealers/money changers and/or remittance agents, are also referred to as money service businesses or MSBs by the BSP.
There are 920 pawnshops in the country operating 11,563 total offices. This is much lower compared to end-2016’s 16,740 that were registered by the BSP. Almost half of pawnshops are also multi-functioning as foreign exchange dealer/money changer and/or remittance agent.
Two years ago the BSP revised regulations covering pawnshops by tightening compliance to consumer protection issues as well as adopting a network-based approach.
The BSP said it recognizes the important role of the pawnshop industry as a financial inclusion vehicle and in “protecting the welfare of financial consumers.”
The central bank is a pioneer in digital and technology-related policies. Its IT security rules is a first in the region. Last year, it approved an enhanced IT security rules that encourage a “strong security culture” in banking networks.