Bangko Sentral ng Pilipinas (BSP) Governor Benjamin E. Diokno said on Wednesday, Feb. 16, that the investigation of the December 2021 hacking incident involving two of the country’s big banks are about to be finished but he did not say when.

“The report is currently being finalized and we expect the investigation to wrap up soon,” said Diokno in a Viber message to reporters.

Diokno said that while the BSP Charter or the New Central Bank Act “prohibits” the disclosure of any probe findings, the BSP will update the public on their investigation results.

“We can tell you that remedial measures to beef up cybersecurity and anti-money laundering (AML) controls are already being undertaken by the concerned banks,” he said.

Based on the BSP’s oversight examination team handling the hacking incident, Diokno said that both BDO and Union Bank of the Philippines “have extended their full cooperation in the ongoing investigation which is at an advanced stage.”

Last January 24, BSP announced that it was targetting to release the results of the BDO and Union Bank investigation by the end of January.

As an update, Diokno said BDO has informed the BSP that they have reimbursed 94 percent of all affected customers. The SM Group-owned bank said earlier that they have identified 700 hacked accounts.

“(BDO) has assured us that remaining clients will be fully reimbursed for their losses,” said Diokno.

The BSP has set up a task force of cyber, anti-money laundering and legal experts to probe BDO’s cybersecurity lapses and the KYC or Know Your Customer issues of Union Bank.

The BDO hacking incident occurred last December 11 and 12 and it also involved Union Bank since the cyber criminals transferred the stolen digital cash to Union Bank clients.

Since December, the BSP has been reminding all banks and non-banks to strictly practice fair treatment in setting terms and conditions applied to depositors and clients to ensure consumer protection rights are upheld and respected at all times.

The BSP released Memorandum No. M-2021-069 in December to remind banks that they are “required to exercise a high degree of diligence, if not utmost care, in providing financial services” and that “jurisprudence charge banks with the obligation to treat their client’s account with the highest degree of care, considering the fiduciary nature of their relationship with the depositors.”

To further strengthen banks’ cybersecurity and cyber-threat surveillance, the BSP continues to coordinate with law enforcement agencies, relevant government bodies, including the Anti-Money Laundering Council.

“We are also working closely with the Philippine Congress for the passage of measures on SIM registration and anti-mule accounts. These measures are seen to deter fraud and other financial crime and improve the handling of consumer complaints,” said Diokno on Wednesday.

“Together with the recently passed Financial Consumer Protection Act (FPCA), we will raise standards for market discipline, fair treatment, and transparency for the benefit of financial consumers,” he added.

Once FCPA is signed into a law, the BSP will be at the forefront in its implementation and it will grant the central bank additional redress mechanism for consumer complaints.

Without the FCPA, the BSP’s complaints’ resolutions process is constrained due to the central bank’s limited legal authority to adjudicate.

The FCPA will ensure the BSP will have legal authority to conduct summary hearings on claims for payments or requiring reimbursements. Consumers will no longer need to go to court if their claim involves a return of money from a financial service provider. This translates to a prompt and more efficient process when consumers seek reparation in financial transactions, as warranted by financial regulators.