BSP prepares rules on ethical use of data

Published February 16, 2021, 1:21 PM

by Lee C. Chipongian

The Bangko Sentral ng Pilipinas (BSP) said it is preparing to issue the proposed policy on banks and non-banks’ ethical use of data and to release the intended circular for comments and recommendations soon.

The BSP said it is now drafting the policy on Data Governance and Ethical Use of Data for BSP-supervised financial institutions (BSFIs), one of policy initiatives (so-called “Third Pillar”, Digital Governance and Standards) under its three-year digital payments transformation roadmap.

“A discussion paper on the proposed policy is expected to be released for comment of the industry within the first half of the year,” the BSP said in an email. The proposed policy is in addition to the current governance standards relating to the protection and privacy of consumer data (“Enhanced Guidelines on Information Security Management under Circular No. 982, approved on November 9, 2017) and the Consumer Protection Framework (Circular No. 1048, approved on September 6, 2019).

The BSP explained that in adopting digital governance standards for the protection and privacy of consumer data, the proposed policy should add another layer of “high level principles and supervisory expectations” for all BSFIs’ ethical use of data.

During the pandemic, the BSP said the “significant shift” in consumer preference in using more digital financial services has strengthened its drive in promoting financial inclusion and highlighted the “need to ensure the security of consumer information in the hands of financial institutions.”

“The ongoing digital transformation of the Philippine financial system entails the entry of various players, including non-banks, in the digital financial ecosystem and the concomitant increased volume of data. While open access to data and advancing data technology have the potential to create faster, more innovative and convenient services, they also carry risks including data breach and cyber-attack,” said the BSP.

The BSP in January released draft circulars on operators of payment systems (OPS) and circulated to all BSFIs. The BSP is reviewing the comments from the industry.  The first proposed circular was the Governance Policy Guidelines for OPS and the second was the circular on the Regulatory Reporting Standards of OPS.

In the draft circular on OPS reporting standards, the BSP said OPS should have “relevant, accurate, timely” submission of required information while the BSP set its rules to ascertain the accuracy and integrity of these regulatory reports.

As part of reporting governance, the board of directors and senior management are responsible for an effective reporting system and that they will establish regulatory reporting procedures as per the proposed BSP reporting standards for OPS.

As policy statement, the BSP said the relevant, accurate, and timely reports are necessary for “effective oversight of the national payment system” and follows rules specified under the National Payment Systems Act (NPSA) or Republic Act No. 11127. 

By law and by BSP’s definition, an OPS is a person that performs any of the following functions: maintains the platform that enables payments or fund transfers, regardless of whether the source and destination accounts are maintained with the same or different institutions; operates the system or network that enables payments or fund transfers to be made through the use of a payment instrument; and provides a system that processes payments on behalf of any person or the government.

The other OPS-related proposed is the Governance Policy Guidelines which is part of the BSP’s second phase of its policy development and regulatory framework to implement the NPSA.