The Bangko Sentral ng Pilipinas’s (BSP) Cybersecurity Oversight and Surveillance Group is regularly updating its standards and protocols against cybersecurity threats amid the mounting number of bank hacking and fraud incidents taking place within the banking industry in the last couple of years.
Melchor Plabasan, who heads the BSP’s Technology Risk and Innovation Supervision Department, made the assurance during the Senate Committee on Banks, Financial Institutions and Currencies’ hearing on Monday, January 16, on the various measures that seek to protect financial consumers against fraudulent online banking transactions.
The committee, headed by Sen. Grace Poe, is also looking into the case of the 700 plus online bank accounts that were reportedly hacked last December 2021 involving bank account holders of BDO Unibank.
“Technology risk, is I think, one of the most dynamic regulations in the BSP. If there is a need to update, we will update so far, since its issuance back in 2018 we have already issued seeral amendments to take into account the evolving cyberthreat landscape and even the best practices,” Plabasan said after being questioned by Sen. Sherwin Gatchalian.
“So, if there are best pratices that need to be incorporated, we will definitely consider that in the amendment of our rules... It’s not (done) periodically, but as soon as the need arises,” Plabasan added.
“As soon as we get hold of the latest standards or as soon as information is available to us. Let’s say from our offsite supervision, then we will issue the necessary amendments. So there’s really no timeline, (but) as the need arises,” the BSP official stressed.
A victim of digital fraud himself, Gatchalian stressed the need to put up a stronger financial protection for financial consumers noting how the use of online financial services and the use of electronic payments have accelerated during the pandemic.
“We see that hackers and fraudsters have become more sophisticated and emboldened. It’s time we put this in place so that our promotion of financial digital payments would be more robust and consumer confidence will increase thereafter,” Gatchalian said.
Gatchalian lost P1-million to hackers when they hacked his credit card last year. He thanked the National Bureau of Investigation (NBI) for apprehending the perpetrators.
But the BSP’s cybersecurity team assured Gatchalian that the BSP operates a “dynamic policy framework on cyber resilience.”
“That’s the standards being established, and what banks are required to adhere to. Of course, we have on-site, off-site supervision program. It’s not only periodic on-site examination, but we have also ongoing off-site supervision of these institutions to ensure that they are compliant with our standards on cybersecurity,” Plabasan told Gatchalian.
“If some standards are not followed...we have an enforcement framework naman eh, so we can impose monetary or non-monetary sanctions for those banks or other financial institutions (FIs) that are not complying with cybersecurity standards being espoused by the BSP,” he assured the lawmaker.