The Bangko Sentral ng Pilipinas (BSP) and the Monetary Authority of Singapore (MAS) will adopt and implement policies and rules for the cross-border data transfer and information sharing.
In a joint statement issued Monday, the BSP and MAS both committed to work together for the promotion of data connectivity in financial services.
“(The) BSP and MAS recognise that the ability to aggregate, store, process, and transmit data across borders is critical to the development of the financial sector,” they said in a statement.
Expanding use of data in financial services and more technology into the mix will increase benefits including more consumer choice, enhanced risk management capabilities, and increased efficiency. But, the BSP and MAS said these developments “also pose new and complex risks for markets and challenges for policymakers and regulators.”
“BSP and MAS are committed to working together and with other countries and authorities to promote an environment in financial services that fosters the development of the global economy,” they said.
In the promotion of data connectivity, the two central monetary regulators have committed to enhance cybersecurity and other operational risks that will come with data localization. They will also work on addressing risk management and compliance and financial regulatory and supervisory access to data.
“Data mobility in financial services supports economic growth and the development of innovative financial services, and benefits risk management and compliance programs, by, amongst others, making it easier to detect cross-border money laundering, terrorist financing patterns, and proliferation financing; defend against cyberattacks; and manage and assess risk on a global basis,” they said.
The BSP and MAS agreed to adopt and implement policies and rules that will facilitate these goals: covered institutions should be allowed to transfer data, including personal information, across borders by electronic means provided this activity is for the conduct of the business within the scope of their license, authorisation, or registration; the location where covered institutions can store and process their data should not be restricted as long as BSP and MAS have full and timely access to the data necessary to fulfill their regulatory and supervisory mandate; and if BSP or MAS is unable to access the data (the) covered institutions should have the opportunity to remediate such lack of access before being required to use or locate computing facilities locally.