THE BANGKO SENTRAL ng Pilipinas (BSP) will soon require banks to promptly report cybersecurity breaches, as the regulator tightens its watch on digital platforms.
BSP Deputy Governor Chuchi G. Fonacier said the new rule, which will require financial institutions to report information technology (IT)-related attacks or glitches, will be issued “next month.” “It is undergoing legal review before MB (Monetary Board) approval,” Ms. Fonacier told reporters when asked for updates on the measure.
The BSP official previously revealed plans to prescribe a two-day window to report cyber attacks and similar incidents, at a time of growing cases of cybersecurity breaches. Such reports, she explained, should also disclose costs incurred from theft, fraud and other incidents.
Ms. Fonacier said central bank officials are yet to finalize whether the reporting window will be 24 or 48 hours upon discover of the incident.
Ahead of the approval of the new standard, the BSP official said the Bankers Association of the Philippines, composed of universal and commercial banks, has already set up its own monitoring and reporting platform. This industry portal will also be designed to enable banks to share notes and alert peers about hacking attempts or any IT-related risk which they encounter.
The central bank is encouraging increased use of electronic channels for payments and fund transfers to bring down transaction costs while promoting wider use of formal financial services.
In November last year, the BSP issued Circular 982 which requires all financial businesses to monitor and counter a wide array of digital attacks, including skimming, phishing and malware.
Existing rules also require financial firms to adopt “advanced” controls versus digital crimes and glitches, and mandates the establishment of a 24/7 security operations center to “proactively monitor emerging and highly sophisticated cyber-threats and attacks.”
While the BSP has been developing an “enabling” environment for financial technology, Ms. Fonacier has said that banks themselves should take steps to better guard against digital fraud and hacking. — Melissa Luz T. Lopez