The Bangko Sentral ng Pilipinas (BSP) has approved changes to the submission deadline and category of banks’ prudential reports using the application programming interface (API).
BSP Circular No. 1177, which was approved and signed on July 12 by BSP governor-in-charge, Deputy Governor Chuchi G. Fonacier, will be applied this month. It amends the due date and category of 20 prudential reports in extensive mark-up language or XML through API.
Fonacier in the circular memo said that the category of all prudential reports submitted using the XML format through the API are now amended as Category A-1 which was based on the current category of the Financial Reporting Package (FRP).
She said reports will be considered as a single report “for the purpose of determining compliance with the prescribed submission requirements and the computation of the corresponding penalty for reporting violations.”
The BSP has a goal of strengthening its surveillance of all banks and changing the category and due dates for 20 prudential reports migrating to API is part of this objective.
The prudential reports that are amended are the following: the Basel 1.5 Capital Adequacy Ratio Report for stand-alone thrift banks and rural/cooperative banks; income statement on Retail Microfinance Operations and Report on Microfinance Products; Report on Compliance with Mandatory Credit Allocation which was required under Republic Act No. 6977; Report on Cross Border Financial Positions; and Report on Repurchase Agreements or the repo report of banks and quasi-banks.
The API has also covered the following prudential reports which will be amended as well: Financial Reporting Package; Basel III Leverage Ratio; Basel III Capital Adequacy Report; Computation of the Risk-Based Capital Adequacy Ratio Covering Combined Credit, Market and Operational Risks; Expanded Report on Real Estate Exposures; Report on Electronic Money Transactions; Basel III Liquidity Coverage Ratio; Minimum Liquidity Ratio; Basel III Report on Net Stable Funding Ratio; Published Balance Sheet; Stress Testing Reports Covering Credit and Market Risks; Report on Project Finance Exposures, among others.
The BSP in October 2021 implemented new rules to efficiently gather and process information from banks and non-banks which include the migration to the API-based prudential report submission.
The migration to API platforms was adopted in stages for efficiency in data preparation and in the validation and processing of information by the BSP.
Basically, API is a set of standard messages between two computer systems – such as BSP and the banks – for machine-to-machine submission and validation of reports.
Besides XML, the API accepts other file formats such as MS Excel, PDF, CSV, among others. The BSP however, prefers XML because it restructures various reports to a single report, thus enabling a more streamlined reporting process.
The BSP first announced the API adoption in 2019 to enable the BSP to eliminate significant human intervention in the reporting process.
The API system will change the central bank’s regulatory reports process and will minimize risks related to human intervention and e-mail transmission of reports at less costs for BSP supervised financial institutions or BSFIs.
The BSP on January 1 this year implemented the Advance Suptech Engine for Risk-based Compliance or ASTERisC*. This marked the start of a digitalized supervisory and regulatory bank and non-bank processes.
The ASTERisC* has won the 2023 FinTech & RegTech Global Award for Cyber Resilience Initiative in London last June 13, fortifying BSP’s reputation as one of the pioneers in digitizing supervisory and regulatory processes in the world.
Fonacier, who received the award, said the BSP “sees the fast evolving and sophisticated nature of cybersecurity threats” and as such “cybersecurity supervision must also step up to cope with the dynamic landscape.”
Fonacier said threat actors will continue the cycle of exploiting controls, systems and vulnerabilities, however with the ASTERisC* platform, “the BSP can be more proactive in deploying early interventions.”
Based on a memo issued Oct. 27 last year, a select number of BSP supervised financial institutions (BSFIs) that meets the requirements for a “predefined criteria” are first to be covered under ASTERisC*. These BSFIs were allowed to access the system in advance to prepare the lT profile data.
The BSP defines ASTERisC* as a unified Regulatory and Supervisory Technology solution that streamlines and automates regulatory supervision, reporting, and compliance assessment of BSFIs' cybersecurity risk management systems and processes.