M-2024-023: Enhancements to the Report on Crimes and Losses Date Entry Template

Classification: GENERAL OFFICE OF THE DEPUTY GOVERNOR I FINANCIAL SUPERVISION SECTOR MEMORANDUM NO. M-2024-____ To : ALL BSP-SUPERVISED FINANCIAL INSTITUTIONS Subject : Enhancements to the Report on Crimes and Losses Date Entry Template Pursuant to existing regulations prescribing the submission of Report on Crimes and Losses (RCL), all BSP-Supervised Financial Institutions (BSFIs) submitting RCL to the Bangko Sentral ng Pilipinas – Department of Supervisory Analytics (BSP-DSA) through electronic mail, shall use the revised RCL Data Entry Template (RCL-DET) beginning 05 August 2024. The enhancement in the said template includes, (i) additional fields and changes in the available dropdowns for cyber-related crimes to align with RCL submission via Advanced Suptech Engine for Risk-based Compliance (ASTERisC*) 1 ; and (ii) expansion of template to 9-digit financial code, i.e., 3-digit bank type and 6-digit branch code, in accordance with the Enhanced Financial Institution Library System (EFILS) of the BSP. The revised RCL-DET, its corresponding Control Prooflist for the Initial and Final Report, and the User Guide, as reference in accomplishing the RCL-DET can be downloaded from https://www.bsp.gov.ph/ses/reporting_templates. Submission of the old version of the RCL-DET shall be rejected by the system and considered non-compliant with the BSP reporting standards beginning 05 August 2024. All other provisions of BSP Memorandum M-2021-008 dated 19 January 2021 and M-2021-054 dated 12 October 2021, setting the guidelines on the electronic submission of the RCL-DET to BSP-DSA shall remain in effect. For compliance. CHUCHI G. FONACIER Deputy Governor 17 July 2024 1ASTERisC* - * is a solution that streamlines and automates regulatory supervision, reporting, and compliance assessment of BSFIs' cybersecurity risk management systems and processes. Initial implementation covers select BSFIs which meet the pre-defined criteria set by the BSP and it includes reports such as the IT Profile Report, Event Driven Report and Notification, RCL and Cybersecurity Control Self-Assessment.