BANGKO Sentral ng Pilipinas is working on additional rules to strengthen the banking industry and make it resilient against cybercrimes in the wake of the $81-million money laundering scam that broke out in the country recently.
“Financial institutions everywhere are routinely being attacked by cyber criminals. So the important thing is the quality of the cybercrime prevention programs. That is why we are trying to strengthen the defenses,” Bangko Sentral Deputy Governor Nestor Espenilla Jr. said at the sidelines of an event at Bangko Sentral Tuesday.
“The best thing to do now is to make the system strong to prevent breaches. We are now working on supplemental or additional regulations to further strengthen and increase the level of maturity of Philippine banks and other financial institutions. We consider it a very serious thing,” Espenilla said.
Espenilla said the bank regulator conducted a comprehensive review back in 2014 to assess the quality of preparedness of local banks, making it the basis of Bangko Sentral’s subsequent interventions.
He said the recent scam—which involved universal bank Rizal Commercial Banking Corp. as one of the conduits for the transfer and entry of illegal funds to the Philippines—was a good learning experience for the industry and made everybody aware of the issues.
“We are happy to say that our banks are resilient to this. If you recall in December last year, we held the first-ever cybercrime security forum. Consciously, our focus there was to get the top management of banks, board level and senior level to pay attention to this issue,” Espenilla said.
He said bank executives in the industry should not consider the scam as a mere IT issue. He said top management of banks must also worry about it and put ample amount of resources behind it.
“In other words, we want more guidelines on what should be the minimum things to do about cybercrime. We are trying to raise the standards in terms of regulations and at the same time we are also strengthening the supervisory capacity of banks,” Espenilla said.
He said the dominant threat for a long time were those related to ATM fraud. However, Espenilla said this trend was on the decline, adding the situation would further improve with the deployment of EMV chip by January 2017.
“But also we see on the horizon other kinds of threats growing—the hacking type. So that basically reminds us that there is absolutely no room for complacency because new threats arise,” he said.
He said the Bangko Sentral was also taking care of its own defenses against cybercrime threats. He said Bangko Sentral invested in its own security, and hoped “the Bangladesh incident would not happen on the BSP.”
Asked if domestic banks were required to report to Bangko Sentral even if cybercrime attacks were not successful, Espenilla said banks must do so.
“Of course they want to first investigate and check. But that is not the principle of incident management. If something happens, before doing anything else, report to the BSP. Because that also alerts us. The approach there is formal reporting to the BSP but we also encourage them as an industry to talk more and communicate with one another,” Espenilla said.