The Bangko Sentral ng Pilipinas (BSP) has improved its rules on banks’ management of human resource-related risk – which it calls “people risk” – and issued guidelines on Know Your Employee (KYE) policies and practices to tighten controls on deposit accounts.
BSP Governor Benjamin E. Diokno signed Circular No. 1112 last April 8, which amended both banks and non-banks’ operational risk management and internal control measures particularly on “people risk”. Basically, the BSP will impose stricter recruitment and selection of personnel as well as to ensure that directors, managers and employees will be subjected to tighter evaluation process when undergoing performance management review.
The Monetary Board also approved KYE guidelines to tighten controls related to confirmation of deposit accounts. “The issuance is part of the commitment of the (BSP) to continue to raise the bar on corporate governance and risk management systems to protect the integrity of the financial system,” said Diokno.
The guidelines require a BSP supervised financial institution’s (BSFI) head office to act on requests for confirmation of accounts from their clients or depositors. The BSP said segregating the confirmation process from the branch or officer handling the account is a control measure aligned with the principles set out under the BSP’s operational risk management guidelines.
In the meantime Diokno said KYE is “just half the battle” and that the “other half depends on the strength of oversight of the board of directors of BSFIs in implementing these policies.”
BSFIs are now required to adopt a risk-focused screening process which considers sensitivities of certain positions that may require more stringent procedures, said the BSP. Adequate understanding of a candidate’s personal background and character, conflict of interest, as well as propensity to commit fraud or irregularity shall be considered in the recruitment process, it added.
The BSP puts emphasis on the assessment of employees' fitness and propriety to perform the responsibilities required of the position. “BSFIs are expected to leverage on existing controls, available reports, and other relevant information to facilitate the assessment (and the) new policy also identified certain behaviours that serve as red flags warranting further scrutiny as part of personnel's performance evaluation,” said the BSP.
Based on the new circular, the central bank is keen on adopting a risk-focused pre-screening process for pre-employment background screening to have a better handle on an applicant’s personal background and character, conflict of interest, and more importantly -- “susceptibility to collusion, fraud or illegal activities.”
The BSP wants all banks to screen its people based on factors such as reputational risk implication and responsibilities associated with a particular position. Based on the sensitivity of bank position, the BSP said “certain positions” particularly in bank branches or the “access level" of an employee may require additional background screening, which the BSP said should include, among others, verification of character references, criminal records, experience, education and professional qualifications.
Banks should also screen applicants and verify background checks against the BSP’s own records for “querying” as part of the stricter selection process.
The “people risk” concerns have been clearly established since the 2016 circular on the operational risk management guidelines where the BSP directed banks to “embed in their enterprise-wide risk management framework measures to identify, measure, monitor, and control human resource related risks.”
Risk identification and assessment allow all BSP monitored banks to have a deeper take on its risk profile and deploy risk management resources and strategies more effectively. These operational risks include internal fraud such as intentional misreporting of positions, employee theft, and insider trading on an employee’s own account. External fraud, in the meantime, is robbery, forgery, check kiting, and damage from computer hacking.