BSP: NBI tasked to prosecute brains behind bank hacking incident

Published January 17, 2022, 1:37 PM

by Hannah Torregoza 

The National Bureau of Investigation (NBI) will pursue the filing of criminal cases against the brains behind the series of bank hacking incident that were reported in December 2021, an official of the Bangko Sentral ng Pilipinas (BSP) said on Monday.

Melchor Plabasan, head of the BSP’s Technology Risk and Innovation Supervision Department, aired this assurance at the Senate Committee on Banks, Financial Institutions and Currencies’ hearing on the reported illegal online bank fund transfers that occurred in the last quarter of last year involving two reputable banks in the country, BDO Unibank and UnionBank.

“The BSP is conducting its own investigation. The investigation is really in relation to our supervisory and regulatory power, but NBI, on the other hand, is also conducting for purposes of prosecuting,” Plabasan told Sen. Grace Poe, head of the Senate banks panel.

“There are people who need to be prosecuted, that’s within the purview of the NBI,” he said in response to the senator’s question regarding updates about the incident.

Plabasan also assured senators the BSP is proactively coordinating with the NBI and the two institutions that were involved in the particular incident.

“We have a dedicated group in the BSP called the Cybersecurity Oversight and Surveillance, and that’s primarily the mandate of the group. And we are constantly, similar to other government agencies, we are constantly building our capability,” he said.

Asked by Poe if BSP plans to expand the agency’s cybersecurity group, BSP Governor Benjamin Diokno replied in the affirmative, but stressed that banks and other financial institutions should also do the same.

“Yes, definitely your honor…In addition, your honor, the BSP-supervised institutions should also beef up their cybersecurity capability,” Diokno said.

Plabasan, however, refused to provide further details of the online hacking incident, saying that the investigation is still ongoing, but a number of the 700 involved hacked accounts have already been restituted by the concerned bank.

“And we hope to be able to come up with the results of our investigation …(but) it is too early to tell kasi,” he said.

“Admittedly, the incident is quite complex, it really requires ‘yung cyber forensic investigation. Unfortunately, at this point, we cannot disclose yet with certainty what really went wrong, but hopefully po in the end of this month, we will come up with something and we will submit to the Monetary Board already,” Plabasan said.

Poe, however, stressed it is imperative for the government and for lawmakers to address the growing complexity of financial transactions as well as support the accelerated financial inclusion in the country.

The senator said she believes that the enactment into law of the proposed Financial Consumer Protection Act or FCPA has become even more necessary under the “new normal.”

“The goal of hitting 70 percent in 2023 now seems doable as more and more Filipinos open bank accounts or utilize e-money accounts,” Poe said.

“(But) expansion comes with its own range of challenges—from the small-scale fraud and investment scams to the hacking of one of the largest banks in the Philippines which left at least 700 accounts compromised. ‘Yung perang iniipon at pinagpaguran, bigla na lang nawala (Money that you save and have a hard time saving, were just stolen from you),” she lamented.

“Thus, the need for a law that lists all the rights of financial consumers—these are your ordinary depositors, consumers, policy holders—to protect their interests. This law shall also ensure that our financial service providers are operating optimally, and the regulators are able to oversee the system with utmost efficiency,” the senator reiterated.