Regulatory Alerts2026-04-27
Circular No. 1232: Cybersecurity Maturity Framework and Cybersecurity Controls Self-Assessment Requirement
Bangko Sentral ng Pilipinas amended the Manual of Regulations for Banks and Non-Bank Financial Institutions to replace the IT Rating System with the Supervisory Assessment Framework and introduce the Cybersecurity Maturity Framework. This regulatory change mandates that Banks and Non-Bank Financial Institutions conduct periodic Cybersecurity Control Self-Assessments to benchmark their cyber resilience against four defined maturity tiers. The initial assessment must be submitted via the ASTERISC platform within sixty days of the release of reporting guidelines, with subsequent annual reports due by March 31.
Share