The Bangko Sentral ng Pilipinas (BSP) on Thursday, Sept. 1, said it will soon deploy its recently completed Advanced SupTech Engine for Risk-Based Compliance (ASTERisC*) among selected BSP supervised financial institutions (BSFIs) to strengthen the industry’s cybersecurity through technology-based supervision.
ASTERisC* is a unified regulatory and supervisory technology or RegTech and SupTech solution that streamlines and automates regulatory supervision, reporting, and compliance assessment of BSFIs’ cybersecurity risk management, explained the BSP.
As lead in the Computer Emergency Response Team (CERT) covering all BSFIs, the BSP will likewise issue soon the Financial Services Cyber Resilience Plan which is being prepared by the Financial Supervision Sector-Technology Risk and Innovation Department.
“The plan, which will serve as the primary framework for policies and strategies to strengthen cyber defense in the financial services industry, is expected to bolster the regulatory and supervisory environment for cyber security,” said the BSP.
The BSP is working with relevant government agencies and industry associations for what it called a “cohesive and industry-wide approach” against emerging threats and risks. The approach will also include enhanced cyber incident response, threat intelligence, and overall situational awareness in the country.
“The BSP is committed to ensuring the cyber resilience of the Philippine financial system to promote its soundness and stability,” it added.
The BSP’s RegTech and SupTech solutions, which are the next generation of digital supervision tools and techniques, are aimed at enhancing the timeliness and quality of its risk-based decision making.
In 2020, the BSP started its exploration of RegTech and SupTech such as Intelligent Detection of Atypicality (IDeA) and the ASTERisC*.
IDeA uses data science techniques to automate the process of detecting anomalies in supervisory data while ASTERisC will automate the regulatory side.
The BSP will benefit from digitalization by digitizing reportorial requirements, develop digital platforms, and employ various artificial intelligence integration projects.
RegTech and SupTech are distinct subsectors of the fast-growing financial technology or fintech space that seek to improve how regulators carry out their supervisory and monitoring functions, while enabling regulated institutions to comply with regulatory requirements.
It was in 2018 when the BSP started enhancing its technology-enabled monitoring of banks. The original roll out of the Regtech and Suptech was 2019 but due to the expansion in these projects which includes Financial Institution (FI) portal, the Application Programming Interface (API) system and the automated complaint-handling system, there were delays in completion.
FI portal is an online, secured, web-based facility designed to streamline the BSP’s regulatory compliance process while the API system has changed the central bank’s regulatory reports process.
Meantime, with Regtech and Suptech, the BSP will further strengthen cybersecurity supervisory tools to ensure financial consumers are safely transacting with banks and non-banks.
Since the Covid-19 pandemic has magnified financial customers’ reliance on technology and digital platforms, it has also opened them up to more risks and potential cybersecurity issues.
Other improvements to cybersecurity rules that are forthcoming relates to digital banking, cloud computing, virtual asset service provider, and the Cybersecurity Maturity Model.
The BSP is also developing the Financial Services Cyber Resilience Plan as the “primary and cohesive framework” to promote trust and cooperation, intelligence sharing and adoption of cybersecurity best practices and standards among BSFIs.