New rules outlining how the central bank will investigate financial accounts under the Anti-Financial Account Scamming Act (AFASA) await approval from the Monetary Board (MB).
The Bangko Sentral ng Pilipinas (BSP) has drafted a circular authorizing the Consumer Account Protection Office (CAPO) to carry out these investigations and share financial account information with relevant authorities.
Competent authority refers to government agencies such as Philippine National Police (PNP), National Bureau of Investigation (NBI), Department of Justice (DOJ), and financial regulators authorized to investigate or prosecute financial crimes and consumer complaints.
Under the AFASA, a competent authority must have an Information Sharing Agreement with BSP to receive and disclose account information obtained by CAPO during investigations.
Information shared by BSP can only be used to investigate and prosecute crimes related to prohibited acts, which include using or selling financial accounts for illegal purposes and social engineering schemes to access sensitive account information fraudulently.
Unauthorized disclosure of financial account information obtained during BSP's investigation is prohibited, except as allowed by existing laws and for purposes specified in the AFASA.
Investigation flow
Concerned financial institutions must register official e-mail accounts with CAPO for exclusive communication on inquiries, with unregistered e-mails rejected. The BSP, however, may allow written agreements as alternative methods.
The authority can launch an investigation into a financial account by filing a request with CAPO if there is reasonable ground to believe a prohibited act was committed involving the account.
They may file a request with CAPO detailing the suspected prohibited act, the financial account involved, and justification for the inquiry. The request must include the authorized officer’s details, incident specifics, and any prior actions by institutions.
Supporting documents, such as affidavits and evidence from the investigation, are required to accompany the request.
CAPO will issue an inquiry order if sufficient evidence links a prohibited act to a bank account; otherwise, it may request revisions within 10 days or deny the request if still inadequate.
The information request will be sent electronically to the institution's registered e-mail or delivered physically to key officials via mail or courier.
Banks or other institutions have three days to submit the required account information and grant CAPO full access to relevant records, after which CAPO will respond to the competent authority.
Generally, CAPO can apply for cybercrime warrants, issue preservation orders, and seek NBI and PNP assistance in investigating financial accounts linked to prohibited acts.
Anyone who knowingly obstructs, refuses, or delays CAPO’s inquiry under these rules may face criminal and administrative penalties as outlined in the AFASA and BSP regulations.