To ensure stability of the financial system, the Bangko Sentral ng Pilipinas (BSP) is adopting stronger cybersecurity and digital financial supervision to support the digital transformation of all BSP-supervised financial institutions (BSFIs).

“The COVID-19 pandemic has magnified our reliance on technology and digital platforms. But this also compels the BSP to bolster cybersecurity supervision,” BSP Governor Benjamin E. Diokno said Thursday, in his regular “GBED Talks” press chat.

Diokno also noted that the banking sector is catching up and they noted an increase in IT, technology and digitalization spending before the pandemic and they expect this continue.

“Majority (of banks) heavily invested in cybersecurity controls and defences (as) they recognized the value of cybersecurity in the overall safety and soundness of their organizations,” said Diokno. “In fact cyber spending rose by as much a 43 percent from 2018 to 2019 with investment in cybersecurity tools, security operation centers, cyber threat intelligence and testing, among others.”

Diokno said so far, BSFIs are “steadfast” in counter-measures to battle cyber crimes such as implementing cyber awareness campaigns, tighter network controls, heightened surveillance and situational awareness during the pandemic.

“This has significantly reduced the volume of cyber threats towards the end of the lockdown. Nonetheless, cyber threat actors continue to challenge the BSFIs’ cybersecurity defences and controls,” said Diokno. “BSFIs should therefore continue to monitor and anticipate these changing tactics through defence in strategies and effective cyber response mechanisms.”

The BSP is enhancing its digital finance and cybersecurity supervisory tools by adopting the Supervisory Assessment Framework or SAFr which will enable a risk-focused and calibrated supervision based on a BSP-Supervised Financial Institution’s business model, said Diokno.

Other improvements to cybersecurity rules that are coming relates to digital banking, cloud computing, virtual asset service provider, and the Cybersecurity Maturity Model. “These policies support the digital transformation of BSFIs while promoting sound cyber risk management,” said Diokno, and all these supervisory reforms are “suitable for the New Economy.”

The BSP has started last year its exploration of Supervisory and Regulatory Technology (SupTech/RegTech) such as Intelligent Detection of Atypicality (IDeA) and Advanced SupTech Engine for Risk-based Compliance (ASTERisC).

IDeA uses data science techniques to automate the process of detecting anomalies in supervisory data while ASTERisC is a unified SupTech/ RegTech solution that will automate regulatory.

“BSP also worked with the academe on a one-year ‘Big Data Project on Sentiment Analysis’ for banks; and the development of a “Banking System Resilience Index” to aid bank supervision,” said Diokno.