The Bangko Sentral ng Pilipinas (BSP) will implement the Advance Suptech Engine for Risk-based Compliance or ASTERisC* on Jan. 1, 2023, marking the start of a digitalized supervisory and regulatory bank and non-bank processes.
BSP Deputy Governor Chuchi G. Fonacier in a memo (Memorandum No. M-2022-045) she signed on Oct. 27, said a select number of BSP supervised financial institutions (BSFIs) that meets the requirements for a “predefined criteria” will be the first to be covered.
While reporting through ASTERisC* will start on Jan. 1 next year, BSFIs will be allowed to access the system in advance to prepare the lT profile data for submission on Jan. 25, 2023.
The BSP defines ASTERisC* as a unified Regulatory and Supervisory Technology solution that streamlines and automates regulatory supervision, reporting, and compliance assessment of BSFIs' cybersecurity risk management systems and processes.
“The system scope, features and functionalities may be further expanded in the future to cover additional participating BSFls, other key risk areas and/or modules in line with supervisory priorities and/or requirements,” Fonacier noted in the memo.
Meantime, the BSP stressed that it will “directly coordinate with the participating BSFIs for the provision of login credentials authentication setup and schedule of training on the use of the systern.”
Participating BSFIs can access the system via a cloud-based web application by providing the necessary credentials.
Fonacier said authorized users can submit cyber-related reports and assessments through web-based forms and can have access to the following: a dashboard which summarizes the status of submissions and summary reports; global reports predefined by the BSP, which contain charts, summary reports, or raw data; and email notification for report due dates and BSP acknowledgement receipt.
As a cloud-based solution, ASTERisC* supports the BSP's end-to-end process on cybersecurity supervision and oversight to include cyber-profiling, cyber incident reporting and cybersecurity control self-assessments, among others.
“With this platform, BSFIs can directly access and transmit cybersecurity-related reports and information in real-time. The system likewise enables deeper analyses and correlation capabilities to help the BSP implement risk-based and proactive supervisory decisions and set policy direction on cybersecurity,” said Fonacier.
The BSP’s Regtech and Suptech solutions, which are the next generation of digital supervision tools and techniques, are aimed at enhancing the timeliness and quality of its risk-based decision making.
In 2020, the BSP started its exploration of Regtech and Suptech such as Intelligent Detection of Atypicality (IDeA) and the ASTERisC*.
IDeA uses data science techniques to automate the process of detecting anomalies in supervisory data while ASTERisC will automate the regulatory side.
The BSP will benefit from digitalization by digitizing reportorial requirements, develop digital platforms, and employ various artificial intelligence integration projects.
Regtech and Suptech are distinct subsectors of the fast-growing financial technology or fintech space that seek to improve how regulators carry out their supervisory and monitoring functions, while enabling regulated institutions to comply with regulatory requirements.
It was in 2018 when the BSP started enhancing its technology-enabled monitoring of banks.
The original roll out of the Regtech and Suptech was 2019 but due to the expansion in these projects which includes financial institution or FI portal, the application programming interface or API system and the automated complaint-handling system, there were delays in completion.