MANILA – The Bangko Sentral ng Pilipinas (BSP) will now be requiring all banks to submit an initial report on any cybersecurity issues in their system within two hours of its discovery.
At the sidelines of the Euromoney Investment Forum in Makati City Friday, Bangko Sentral ng Pilipinas (BSP) deputy governor Chuchi Fonacier said the central bank’s policy-making Monetary Board (MB) approved the stricter measure during their weekly meeting.
She said a draft circular has been created and is now awaiting the signature of deputy governor Almasara Cyd Tuaño-Amador, who is Officer-in-Charge until October 26, while BSP governor Nestor A. Espenilla Jr. is on leave. “The MB agreed to what was laid out,” Fonacier said.
Also, BSP Supervisory Data Center director Vicente T. De Villa III explained that an initial report covering the basic information about the breach should be submitted “within two hours from incident. ” But “a follow up report containing more relevant details (is) required within 24hrs from incident,” he added.
The BSP has issued several Circulars directing banks to fortify their information technology (IT) systems against cyber criminals to protect not only the financial institution but also their clients and the whole system.
Among these is Circular No. 808 issued on Aug. 22, 2013, which classify bank’s IT risk profile as either “complex” or “simple’ and is based primarily on banks’ degree of adoption of certain technologies.
BSP has put in place corrective actions against erring banks and has established a cybersecurity ratings, which Espenilla earlier said, are “getting better.” He said the standards cover, among others, electronic banking (e-banking) transactions.
He said that since the standards were put in place in 2013, enhancements have been introduced and will continue to be improved to ensure that they significantly mitigate the rising number of risks. (PNA)
