SEC Rules and Regulations of the Financial Products and Services Consumer Protection Act of 2022

SEC MEMORANDUM CIRCULAR NO. 5 Series of 2023 TO : ALL CONCERNED SUBJECT : SEC RULES AND REGULATIONS OF THE FINANCIAL PRODUCTS AND SERVICES CONSUMER PROTECTION ACT OF 2022 DATE : 25 April 2023 Pursuant to Section 18 of Republic Act No. 11765, otherwise known as The Financial Products and Services Consumer Protection Act of 2022, the Securities and Exchange Commission En Banc, in its meeting on 25 April 2023, approved the implementing rules and regulations of the aforementioned law. Accordingly, the Commission hereby issues the SEC Rules and Regulations of The Financial Products and Services Consumer Protection Act of 2022 ( SEC FCPA IRR ). This Memorandum Circular shall take effect fifteen (15) days after its publication in the Official Gazette or in at least two (2) national newspapers of general circulation. For the Commission: JAVEY PAUL D. FRANCISCO Commissioner/Officer-in-Charge Published: Philippine Daily Inquirer, 29 April 2023 Manila Standard, 29 April 2023 Filed with UP Law Center: 27 April 2023

Republic of the Philippines Department of Finance Securities and Exchange Commission SEC RULES AND REGULATIONS OF THE FINANCIAL PRODUCTS AND SERVICES CONSUMER PROTECTION ACT OF 2022 Pursuant to Section 18 of Republic Act No. 11765, otherwise known as The Financial Products and Services Consumer Protection Act of 2022 (“FCPA”), the following implementing rules and regulations are hereby promulgated. Rule 1 – Title of Rules Section 1. These Rules shall be referred to as the “SEC Rules and Regulations of the Financial Products and Services Consumer Protection Act of 2022,” or the “SEC FCPA IRR.” Rule 2 – Interpretation Section 1. Construction. – Any doubt that may arise in the interpretation of these Rules shall be resolved by the Commission in a manner that would accomplish the following objectives of the FCPA: i. Right to equitable and fair treatment of consumers; ii. Right to disclosure and transparency of financial products and services; iii. Right to protection of consumer assets against fraud and misuse; iv. Right to data privacy and protection; and v. Right to timely handling and redress of complaints of consumers. Section 2. Suppletory Application of SEC Rules of Procedure. – In order to effectuate the objectives of the FCPA, as stated in the preceding section, the pertinent provisions of the 2016 Rules of Procedure of the Securities and Exchange Commission or any amendment thereto, may, whenever practicable and convenient, be applied by analogy or in a suppletory character and effect, pending the creation by the Commission of the specific Rules of Procedure governing the FCPA. Rule 3 – Scope and Applicability Section 1. Scope. - These Rules shall apply to all financial products and services, and financial service providers, as defined herein, under the jurisdiction of the Commission.

Page 2 of 29 The Commission may revise and supplement these rules and regulations, and issue related guidelines, circulars, and other subsidiary issuances as it deems necessary for the effective implementation of the various provisions of the FCPA. Rule 4 – Statement of Policy Section 1. Statement of Policy. – It is the policy of the State to ensure that appropriate mechanisms are in place to protect the interest of consumers of financial products and services under the conditions of transparency, fair and sound market conduct, and fair, reasonable, and effective handling of financial consumer disputes, which are aligned with global best practices. These mechanisms reinforce financial consumers’ confidence in the financial market and foster the stability of the Philippine financial system. Toward this end, the State shall implement measures to protect the following rights of financial consumers: i. Right to equitable and fair treatment; ii. Right to disclosure and transparency of financial products and services; iii. Right to protection of consumer assets against fraud and misuse; iv. Right to data privacy and protection; and v. Right to timely handling and redress of complaints. The implementation and application of these Rules shall adhere as closely as possible to the attainment of the foregoing policy objectives. Rule 5 – Definition of Terms Section 1. Definition of Terms. - Except as otherwise defined herein, all terms shall have the same meaning as those defined in the FCPA; Republic Act (R.A.) No. 8799, otherwise known as The Securities Regulation Code (“SRC”); R.A. No. 11232, otherwise known as the Revised Corporation Code of the Philippines (“RCC”); R.A. No. 8556, otherwise known as the Financing Company Act of 1998; R.A. No. 9474, otherwise known as the Lending Company Regulation Act of 2007; R.A. No. 9856, otherwise known as the Real Estate Investment Trust Act; R.A. No. 2629, otherwise known as the Investment Company Act; Presidential Decree No. 129, otherwise known as the Investment Houses Law; R.A. No. 11523, otherwise known as the Financial Institutions Strategic Transfer Act (“FIST”); and R.A. No. 7042, otherwise known as the Foreign Investments Act of 1991, including amendments, prevailing jurisprudence, implementing rules and regulations, guidelines, circulars, and other subsequent issuances in relation thereto. For purposes of the SEC FCPA IRR, the following terms shall be defined as: A. Authorized operating department shall refer to: i. The Company Registration and Monitoring Department (“CRMD”);

Page 3 of 29 ii. The Corporate Governance and Finance Department (“CGFD”), which shall exercise authority over the following financial service providers: a. Registered investment companies (e.g., mutual funds); b. Registered issuers of proprietary/non-proprietary shares, timeshares or membership certificates; c. Registered financing companies and lending companies; d. Public companies, except those under other authorized operating departments or other financial regulators; and e. Accredited microfinance non-governmental organizations (“MF-NGOs”); iii. The Markets and Securities Regulation Department (“MSRD”), which shall exercise authority over the following financial service providers: a. Issuers of the following Registered Securities:

1. Shares of stocks, bonds, debentures, notes, evidences of indebtedness, asset-backed securities;
2. Investment contracts, certificates of interest or participation in a profit-sharing agreement, certificates of deposit for a future subscription;
3. Fractional undivided interests in oil, gas or other mineral rights;
4. Derivatives like options and warrants;
5. Certificates of assignments, certificates of participation, trust certificates, voting trust certificates or similar instruments;
6. Other instruments as may in the future be determined by the Commission; b. Issuers of the foregoing Securities in Tokenized or digital forms. c. Registered intermediaries and market professionals such as:
7. Broker/dealers;
8. Government securities eligible dealers;
9. Government securities brokers;
10. Associated persons and salespersons of broker/dealers;
11. Transfer agents;
12. Investment houses;
13. Investment company advisers/fund managers;
14. Mutual fund distributors;
15. Compliance officers and certified investment solicitors of investment company advisers/mutual fund distributors; and

Page 4 of 29 10. Crowdfunding intermediaries; d. Registered investment advisers. iv. The Enforcement and Investor Protection Department (“EIPD”), which shall exercise authority over financial consumer complaints related to investment fraud; and v. The SEC Extension Offices. B. Commission refers to the Securities and Exchange Commission, a financial regulator under Section 5 of the FCPA. C. Consumer Protection Standards of Conduct are specific parameters of consumer protection used to gauge the efficiency of a financial service provider’s consumer protection framework and complaints handling mechanism modelled after international best practices. The Consumer Protection Standards of Conduct are: i. Transparency, disclosure, and responsible pricing; ii. Fair and respectful treatment of clients; iii. Privacy and protection of client data; iv. Financial Consumer Protection Assistance Mechanism (“FCPAM”); v. Information and security standards; and vi. Other standards as may be determined by the Commission. D. Cooling-off is a policy or agreement that allows a client to consider the costs and risks of a financial product or service, free from the pressure of the sales team of the financial service provider, and to cancel the agreement without penalty of any kind upon his or her written, electronic or other form of valid notice to the financial service provider during the given period. E. Days shall be understood to be calendar days, unless these Rules specifically state "business days." F. Financial consumer refers to a person or entity, or their duly appointed representative, who is a purchaser, lessee, recipient, or prospective purchaser, lessee or recipient, of financial products or services. It shall also refer to any person, natural or juridical, who had or has a current or prospective financial transaction with a financial service provider pertaining to financial products or services. G. Financial consumer complaint refers to an expression of dissatisfaction submitted by a financial consumer against a financial service provider relative to a financial product or service in which a response or resolution is expected. H. Financial product or service refers to financial products or services which are developed and/or marketed by a financial service provider which may

Page 5 of 29 include, but are not limited to, credit, securities, investments, and other similar products and services. This also includes digital financial products or services, which pertain to the broad range of financial services accessed and delivered through digital channels. I. Financial service provider refers to a person, natural or juridical, which provides financial products or services that are under the jurisdiction of the Commission. This term shall include: i. Issuers and/or offerors of securities, securities brokers, dealers and salesmen, associated person of a broker or dealer, investment houses and other similar entities managing securities, or rendering similar services; ii. Investment company advisers/fund managers, mutual fund distributors, investment companies (e.g., mutual funds); iii. Investment advisers; iv. Financing and lending companies; v. MF-NGOs; vi. Issuers of proprietary or non-proprietary shares/membership certificates/time shares; vii. FIST corporations; and viii. Others as may be determined and designated by the Commission by rules or regulations. J. Investment fraud refers to any form of deceptive solicitation of investments from the public. This includes Ponzi schemes and such other schemes involving the promise or offer of profits or returns which are sourced from the investments or contributions made by the investors themselves; boiler room operations; and the offering or selling of financial products or services to the public without a license or permit from the Commission, unless such an offering or selling involves exempt securities or are considered exempt transactions, as provided for under existing laws. K. Issuer shall refer to the originator, maker, obligor, or creator of the security. L. Market conduct refers to the manner by which a financial service provider designs and delivers its financial products or services, and manages its relationships with its clients and the public. M. Marketing refers to the act of communicating, offering, promoting, advertising, or delivering financial products or services by financial service providers. N. A person, under these Rules, refers to natural or juridical persons depending on the context of its use.

Page 6 of 29 O. Pre-payment is an agreement where a financial consumer may, at any time prior to the agreed maturity date, prepay a loan or other credit transaction in whole or in part. P. Responsible pricing refers to the pricing, terms, and conditions of financial products and/or services that are set in a way that is both affordable to clients and sustainable for financial service providers by taking into account, among others, client needs and the pricing schemes of the competitors. Q. Securities, as defined under Section 3.1. of the SRC, are shares, participation or interests in a corporation or in a commercial enterprise or profit-making venture and evidenced by a certificate, contract, instrument, whether written or electronic in character. It shall include: i. Shares of stock, bonds, government securities, commercial papers, debentures, notes, evidences of indebtedness, asset-backed securities; ii. Investment contracts, certificates of interest or participation in a profit-sharing agreement, certificates of deposit for a future subscription; iii. Fractional undivided interests in oil, gas, or other mineral rights; iv. Derivatives like options and warrants; v. Certificates of assignments, certificates of participation, trust certificates, voting trust certificates, or similar instruments; vi. Proprietary or nonproprietary membership certificates in corporations; vii. Tokenized or digital forms of any of the foregoing; and viii. Other instruments as may in the future be determined by the Commission. Debt securities/instruments include any evidence of indebtedness such as bonds, notes, debentures, commercial papers, treasury bills, treasury bonds, and other similar instruments as may be determined by the Commission. Equity securities include shares of stock in a corporation. R. Senior management refers to officers stated in the financial service provider’s bylaws and/or General Information Sheet, as well as those who exercise executive functions affecting the operation of the business, such as the chief executive officer, chief financial officer, chief operating officer, general manager, compliance officer, and other analogous positions. Rule 6 – Powers of the SEC Section 1. Powers of the Commission. – The Commission shall, in the implementation of these Rules and the provisions of the FCPA, have the following powers:

Page 7 of 29 A. Rulemaking. The Commission shall have the authority to formulate its own standards and rules for the application of the provisions of the FCPA to specific financial products or services within its jurisdiction, guided by internationally accepted standards and practices. The Commission may also determine the reasonableness of the interest, charges, or fees which a financial service provider may demand, collect, or receive for any service or product offered to a financial consumer. Likewise, the Commission may issue its rules of procedure concerning administrative actions arising from the implementation of the FCPA. B. Market Conduct Surveillance and Examination. The Commission, through its authorized operating department, may conduct surveillance and examination, on-site or offsite, on financial service providers under its supervision, consistent with its risk-based supervision policies, to ascertain that the provisions of the FCPA and SEC FCPA IRR are complied with. The examination for financial consumer protection compliance may be conducted separately from the examination for prudential regulations compliance. The provisions on the conduct of examination and surveillance provided in the RCC, SRC, 2016 SEC Rules of Procedure, or any amendment thereto, 2015 Implementing Rules and Regulations of the SRC, and other laws, rules and regulations being implemented by the Commission shall be applicable to the examination and surveillance activities authorized under the FCPA. The department heads and the examiners of the Commission shall be authorized to administer oaths to any director, officer, or employee of the supervised financial service providers subject to the examination of their market conduct and compliance with the FCPA, and to compel the presentation of all books, documents, papers, or records in any form necessary in their judgment to ascertain the compliance of financial service providers with the provisions of the FCPA and the SEC FCPA IRR. The supervised financial service providers shall afford to the Commission full opportunity to examine their records, and review their systems and procedures, at any time during business hours when requested to do so by the Commission. C. Market Monitoring. The Commission, through its authorized operating department, shall have the authority to require financial service providers and their third-party agents/service providers to submit reports or documents, as needed. For purposes of market monitoring, the Commission may obtain relevant data about financial products, service and markets from other government agencies, which shall be duty-bound to furnish the same. D. Enforcement. The Commission shall have the authority to impose enforcement actions against financial service providers for noncompliance with the provisions of the FCPA, SEC FCPA IRR, and other existing laws pertinent to the jurisdiction and authority of the Commission. Such enforcement actions may include the following:

Page 8 of 29 i. Restriction on the ability of a supervised financial service provider to continue to collect excessive or unreasonable interests, fees, or charges; ii. Disqualification and/or suspension of directors, trustees, officers, or employees of a supervised financial service provider responsible for the violation of the FCPA, SEC FCPA IRR, or orders of the Commission; iii. Imposition of fines, suspension, or penalties for any noncompliance with or breach of the FCPA, SEC FCPA IRR, or the orders of the Commission; iv. Issuance of a cease and desist order (“CDO”) to a financial service provider without the necessity of a prior hearing if in the Commission’s judgment, the act or practice, unless restrained, amounts to fraud or a violation of the provisions of the FCPA and/or the SEC FCPA IRR, or may unjustly cause grave or irreparable injury or prejudice to financial consumers. A CDO is immediately executory upon service or publication on the Commission’s website. However, the financial service provider shall be afforded an opportunity to defend its act or practice in a summary hearing before the Commission or its designated body, upon request made by the financial service provider within five (5) calendar days from its receipt of the CDO. If no such hearing is requested within said period, the CDO shall automatically become permanent. If a hearing is requested by the financial service provider, the proceedings shall be conducted summarily without adhering to the technical rules of evidence, and all issues shall be determined primarily on the basis of records, after which the Commission may order the lifting of the CDO or render the same permanent; v. Suspension of operation of any financial service provider in relation to a particular financial product or service when in the judgment of the Commission, based on its findings, the financial service provider is operating in violation of the provisions of the FCPA, and/or the SEC FCPA IRR; and vi. Disgorgement. In any proceeding in which the Commission may impose a penalty for noncompliance with or breach of the FCPA, SEC FCPA IRR, or other existing laws under the jurisdiction of the Commission, the Commission, in addition to the imposed fine, may enter an order requiring accounting and disgorgement of profits obtained, or losses avoided, as a result of a violation of the FCPA and other existing laws, including reasonable interest. The Commission is

Page 9 of 29 authorized to adopt rules, regulations, and orders concerning the creation and operation of a disgorgement fund, payments to financial consumers, rate of interest, period of accrual, and such other matters as deemed appropriate to implement this provision. The issuance of an order requiring disgorgement will not preclude the Commission from filing the appropriate criminal action for violation of the provisions of the FCPA or other laws, rules and regulations enforced by, or within the jurisdiction of, the Commission, or from instituting an independent civil action for violation of the provisions of the FCPA and its IRR. E. Consumer Redress or Complaints Handling Mechanism. The Commission, through its authorized operating department, shall provide efficient and effective consumer redress or complaints handling mechanisms such as mediation, conciliation, or other modes of alternative dispute resolution to address conflicts between a financial consumer and a financial service provider or dissatisfaction of a financial consumer arising from financial products or services. The financial consumer may avail of the mechanism prior to adjudication. F. Adjudication. The Commission, through its authorized operating department or body, shall have the authority to adjudicate actions arising from or in connection with financial transactions that are purely civil in nature, and the claim or relief prayed for by the financial consumer is solely for payment or reimbursement of a sum of money not exceeding the amount of Ten million pesos (Php10,000,000.00). The decision of the Commission in the adjudication shall be final and executory, and may not be restrained or set aside by the courts except on petition for certiorari on the ground of grave abuse of discretion, or lack or excess of jurisdiction of the Commission. The petition for certiorari may only be filed within ten (10) days from receipt by the aggrieved party of the decision: Provided, That the aggrieved party may file the petition with the Court of Appeals. The decision of the authorized operating department or body is not appealable to the Commission En Banc. The Commission, through its authorized operating department or body, may order the payment or reimbursement of money which is the subject of the action filed before it. The Commission shall have the power to issue subpoena duces tecum, and to summon witnesses to appear in its proceedings, and, when appropriate, to order the examination, search and seizure of all documents, and books of accounts of any entity or person under investigation as may be necessary for the proper disposition of cases pending before the Commission. Further, the Commission shall have the authority to punish for contempt, both directly and indirectly, in accordance with the pertinent provisions of and the penalties prescribed by the Rules of Court.

Page 10 of 29 G. Other Powers. The Commission may exercise such other powers as may be provided by its enabling law or charter, as well as those which may be implied from, or which are necessary for or incidental to the carrying out of, the express powers granted to the Commission to achieve the objectives and purposes of the FCPA and the SEC FCPA IRR, which shall include the power and authority to: i. Issue writs of execution, attachment, levy and garnishment; ii. Grant provisional remedies; iii. Direct any person, natural or juridical, in possession of any real or personal properties of respondents, to hold the same for purposes of satisfaction of any order of the authorized operating department, including orders for accounting and disgorgement; iv. Direct banks or financial institutions, having in their possession, such as bank accounts, monies which are the subject of the claims of financial consumers or the Commission, to hold the same for purposes of satisfaction of claims of financial consumers and/or payment of fines and penalties to be imposed by the Commission through its authorized operating departments; and v. Such other powers and authority as may be necessary to achieve the objectives and purposes of the FCPA and the SEC FCPA IRR. H. The Commission shall issue the pertinent rules or circulars pertaining to the assessment and payment of the appropriate docket or filing fees for verified complaints and other pleadings filed with the Commission pursuant to the FCPA and the SEC FCPA IRR. Rule 7 – Investment Adviser Section 1. Investment Adviser. – No person shall engage in the business of, or act as, an investment adviser in the Philippines, and/or represent or identify himself or herself as an investment adviser or make use of the words “investment adviser” or “financial adviser” or variations thereof, descriptive of a position or title, unless registered as such with the Commission. The term “investment adviser” shall mean any person who, for compensation, engages in the business of advising others, either directly or through publications or writings, whether electronically or in any other form, as to the value of investment products or as to the advisability of investing in, purchasing, or selling investment products, or who, for compensation and as part of a regular business, issues or promulgates analyses or reports concerning investment products. Further, those who offer and/or sell financial products and services having investment components or purported as an investment product by itself or as a part of another financial product or service, shall be considered as an investment adviser, or engaging in acts pertaining to that of an investment adviser, are required to register with the Commission pursuant to the provisions of the FCPA and the SEC FCPA IRR, and other regulations issued by the Commission. Published: Philippine Daily Inquirer, 29 April 2023 Manila Standard, 29 April 2023 Filed with UP Law Center: 27 April 2023

Page 11 of 29 The Commission may designate such other persons as investment advisers by rules and regulations, or appropriate orders. Section 2. Investment advisers shall ensure that financial consumers have a reasonable and holistic understanding of the products and services which they may be acquiring or availing of. In this context, full disclosure and utmost transparency, to the extent allowed under applicable laws and regulations, are the critical elements that empower the consumer to make comparisons and informed financial decisions. The investment adviser shall provide the consumer with ready access to information that accurately represents the nature and structure of the product or service, its terms and conditions, fundamental benefits and risks, detailed breakdown of the pricing, or any cost associated with the product or service. Such information shall be readily available in any platform owned, operated, or utilized by the financial service provider. Sufficient product disclosure must be provided before the contracting of the financial product or service, to give the financial consumer enough basis and time for review. Any change in the terms or conditions of a financial product or service shall be provided to the financial consumer. Section 3. Applicability of SRC Provisions on Investment Advisers. – Investment advisers, aside from the provisions of the FCPA and the SEC FCPA IRR, shall be subject to the provisions of Chapters VII, VIII, X, and XIII of the SRC, as well as to other rules and regulations to be issued by the Commission. Operations, advice, and reports issued by investment advisers may likewise be covered by any rule or order promulgated by the Commission under Section 72 of the SRC. Investment advisers shall also be liable for offenses defined under the SRC and penalized following the procedural rules under the same. Section 4. Application as Investment Adviser. – The Commission shall have the authority to issue the necessary regulations on investment advisers. All persons acting as investment advisers as of the effectivity of the SEC FCPA IRR may continue functioning as such; Provided, That they file with the Commission, within ninety (90) days from the effectivity of the FCPA IRR, an undertaking signifying their intent to register as investment advisers, in accordance with the requirements and procedures to be prescribed by the Commission. Failure to file such undertaking within the prescribed period shall render their operation in violation of the FCPA and the SEC FCPA IRR. Rule 8 – Duties and Responsibilities of Financial Service Providers Section. 1. Board and Senior Management Oversight. – The board of directors and the members of the senior management of a financial service provider shall ensure the conformity of its operations with the provisions of the FCPA and the SEC FCPA IRR, and shall provide the means by which they shall identify, measure, monitor, control, and manage consumer protection risks inherent in their operations, in accordance with the rules and regulations of the Commission.

Page 12 of 29 Section 1.1. Responsibilities of the Board of Directors. – The board shall be primarily responsible for approving and overseeing the implementation of the financial service provider’s Consumer Protection Risk Management System (“CPRMS”). The board’s responsibilities shall include the following: A. Approve the CPRMS and FCPAM, which take into consideration the financial service provider’s business model, market, product lines, and relationships with third parties that may give rise to risks to consumers; B. Promote a culture of ethical behavior and ensure adherence to the Consumer Protection Standards of Conduct and all relevant laws and regulations; C. Ensure that adequate information and actions taken are reported to the board on a regular basis in terms of the measurement of consumer protection￾related risks, reports from the FCPAM, compliance with consumer protection standards and requirements, as well as other material consumer-related developments that will impact the financial service provider’s consumers. The board shall put in place an effective system where reporting lines are established to promptly detect, analyze, and respond to customer concerns and serious infractions; D. Ensure the adequate provision of resources and effective implementation of training and competency requirements for officers and personnel, authorized representatives, or any other party acting on behalf of the financial service provider; E. Approve remuneration and compensation packages structured in such a way that encourages responsible business conduct, fair treatment, and avoidance/mitigation of conflicts of interest; and F. Review periodically the implementation and effectiveness of the CPRMS, including how findings are reported and whether the audit mechanisms are in place to enable adequate oversight, and put in place a regular mechanism to review the relevance of the CPRMS in case of changes in the financial service provider’s business model and/or operating environment. Section 1.2. Responsibilities of Senior Management. – The senior management shall be responsible for ensuring that the practices of the financial service providers are aligned with the approved CPRMS. In this regard, the senior management shall: A. Ensure that the approved CPRMS and FCPAM policies and procedures are clearly documented, properly understood and appropriately implemented across all levels and business units; B. Establish an effective monitoring and management information system to regularly measure, aggregate, and analyze consumer-related issues to determine the level of consumer risks. An appropriate and clear reporting and escalation mechanism should also be integrated in the risk governance framework from any area of the financial service provider to the senior

Page 13 of 29 management and/or from the senior management to the board. The management information system should be able to: i. Provide adequate information on the performance and quality of the financial service provider’s FCPAM and other internal processes that can provide relevant information that allows for identification of emerging consumer issues and root cause analysis; ii. Determine the level of consumer protection risk exposure through assessment of its implementation of the Consumer Protection Standards of Conduct; iii. Identify and monitor, in a timely manner, consumer risks that may result in financial loss of financial consumers, legal and reputational risk, as well as other related risks or consumer detriment; and iv. Identify and assess emerging or increasing consumer risks that affect the financial service provider’s consumers such as, through social media monitoring and market monitoring. C. Ensure that adequate systems and controls are in place to promptly identify issues that affect consumers across all phases of the relationship with the consumers; D. Ascertain that weaknesses in the consumer protection practices or emerging consumer protection risks are addressed and corrective actions are taken in a timely manner; E. Make available a wide range of accessible channels in which consumers can conveniently lodge their complaints, inquiries, and requests with the financial service providers. Channels may include social media platforms, email, live chat, and text/short message service to promote consumer trust. A consumer must also be able to submit a complaint by using any other channel through which he or she ordinarily communicates with the financial service provider; and F. Ensure observance of expectations and requirements prescribed under relevant regulations on compliance and internal audit. Section 1.3. Consumer Protection Risk Management System. – A financial service provider should have a CPRMS that is integrated into its enterprise-wide risk management processes and risk governance framework. The CPRMS includes the governance structure, policies, processes, measurement, and control procedures to ensure that consumer protection risks are identified, measured, monitored, and mitigated. A carefully devised, implemented, and monitored CPRMS provides the foundation for ensuring the financial service provider’s adherence to Consumer Protection Standards of Conduct and compliance with consumer protection laws, rules and regulations, thereby ensuring that identified risks to the financial service provider and the associated risk of financial harm or loss to consumers are properly managed.

Page 14 of 29 The CPRMS must be consistently displayed throughout the financial service provider’s place of business, particularly across all business units that deal directly with consumers. Section 2. Appropriate Product Design and Delivery. – Financial service providers shall continuously evaluate their financial products or services to ensure that they are appropriately targeted to the needs, understanding, and capacity of both their markets and their clients. This shall include, among others, the following: Section 2.1. Affordability and Suitability Assessments. – Financial service providers shall have in place written procedures for adequate product suitability and affordability mechanisms whereby products and services are, among others, offered with skill, due care, and diligence and shall consider the consumers’ financial situation, needs, capabilities, and overall risk profile. Issuers of listed securities are exempt from this requirement, provided they disclose in their registration statements and/or written procedures that the affordability and suitability assessment shall be undertaken by the financial consumer’s chosen broker/dealer. When making a recommendation to a financial consumer: A. Financial service providers, which will conduct suitability assessments, should inform financial consumers clearly and simply about the suitability assessment and its purpose. They should provide a clear explanation that it is the financial service provider’s responsibility to conduct the assessment under relevant regulations so that financial consumers understand the reason why they are asked to provide certain information. Financial service providers should encourage financial consumers to provide accurate and sufficient information about their knowledge, experience, financial situation, financial capability (including their ability to bear losses), and investment objectives (including their risk tolerance); B. Financial service providers should offer products or services that are in line with the needs/risk profile of the consumer. They should provide for and allow the financial consumer to choose from a range of available products and services that can meet his or her needs and requirements. Sufficient and right information on the product or service should enable the financial consumer to select the most suitable and affordable product or service; C. Financial service providers should inform or advise their financial consumers that if they do not provide sufficient information regarding their financial knowledge and experience, financial service providers are not in a position to accurately determine whether a product or service is appropriate to them, given the limited information available. This information or warning may be provided in a standardized format. If the requested products are of higher risk rating than a consumer’s risk tolerance assessment results, the financial service provider should draw the financial consumer’s attention to the risk mismatch and provide a disclosure of the consequences, either in digital or written format, for acceptance by the consumer.

Page 15 of 29 For the purpose of extending credit, affordability and suitability assessments should include measures to prevent over-indebtedness. Section 2.2. Cooling-off Period. – Financial service providers that offer products or services required by the Commission to have a cooling-off period should adopt and implement a clear cooling-off policy, as may be prescribed by law or by rules and regulations issued by the Commission upon its determination that a cooling-off period is necessary for a particular product or service. Such a cooling-off policy should provide a cooling-off period that will allow a financial consumer to consider the costs and risks of a financial product or service, free from the pressure of the sales team of the financial service provider. The length of the cooling-off period shall be determined by the financial service provider based on reasonable expectation of time required for a financial consumer to fully evaluate all the terms and risks of the financial product or service, and to contact concerned parties who may be affected by its terms and conditions, but in no case shall the period be less than three (3) business days or such period as may be prescribed by the Commission, immediately following the execution of any agreement or contract. The terms and conditions of the financial product or service should include information on cooling-off. Fees for products with automatic right of cooling-off must be appropriately determined, discussed, and explained to consumers. Financial service providers must provide notice and/or adequately explain to the consumer the right of cancellation in all contracts, including the period within which to exercise it and the documentary requirements, if any, the fees or advances that may be returned, the reasonable modes or channels to submit a notice of cancellation, and the specific period from receipt of said notice for the financial service provider to effect the refund. During the cooling-off period, financial consumers may cancel or return the contract without penalty; however, nothing herein prevents financial service providers from recovering the processing costs incurred, as may be approved by the Commission. Financial service providers are prohibited from engaging in practices that unreasonably burden the financial consumer in the exercise of the right of cancellation during the cooling-off period. The rule providing for the cooling-off period shall not apply to transactions involving the following: i. Shares or units of participation of investment companies; ii. Securities traded in exchanges, organized over-the-counter markets and alternative trading systems; iii. Securities sold to qualified buyers; iv. Securities sold through crowdfunding intermediaries; and v. Such other transactions, products and services, as may be determined by the Commission. Section 2.3. Pre-payment of Loans and Other Credit Accommodations. – A financial consumer may, at any time prior to the agreed maturity date, prepay a loan or

Page 16 of 29 other credit transactions in whole or in part; Provided, That costs or fees charged to the financial consumer for such pre-payment, if any, shall be disclosed to ensure transparency, disclosure, and responsible pricing as required under this section and subject to such reasonable terms and conditions as may be agreed upon between the financial service provider and its financial consumer. Financial service providers shall charge only the reasonable administrative costs of the early payment. Section 3. Transparency, Disclosure, and Responsible Pricing. Section 3.1. Transparency, Disclosure, and Responsible Pricing. – Financial service providers shall ensure that financial consumers have a reasonable and holistic understanding of the products and services which they may be acquiring or availing of. In this context, full disclosure and utmost transparency, to the extent allowed under applicable laws and regulations, are the critical elements that empower the consumer to make comparisons and informed financial decisions. This is made possible by providing the consumer with ready access to information that accurately represents the nature and structure of the product or service, its terms and conditions, fundamental benefits and risks, detailed breakdown of the pricing or any cost associated with the product and service. Such information shall be readily available in any platform owned, operated, or utilized by the financial service provider. Sufficient product disclosure must be provided before the contracting of the financial product or service to give the financial consumer enough basis and time for review. Any change in the terms or conditions of a financial product or service shall be provided to the financial consumer. Section 3.2. Financial service providers shall ensure that the advertising materials in their platforms are true and accurate, not false, misleading, or do not contain deceptive statements or omit key information that may materially and/or adversely affect the decision of the financial consumer to avail of a service or acquire a product. The terms and conditions, advertising materials, and other communications should contain the following: i. Contact information of the financial service provider’s internal complaints handling unit; ii. Statement that the financial service provider is a regulated entity; and iii. Contact information of the Commission’s authorized operating department. Financial service providers are legally responsible for all statements made in the marketing and sales materials that they produce related to their products or services. Disclosure of information on financial products or services shall be made available to the public by the financial service provider through printed materials, mass media, websites or digital platforms. Section 3.3. A financial service provider’s staff shall communicate with financial consumers in such a manner that a financial consumer can understand the terms of the

Page 17 of 29 contract and his or her rights and obligations, taking into consideration client segments that may have financial literacy limitations. In this regard, the financial service provider shall promote and demonstrate efforts at financial education, which may include digital literacy for products offered electronically, as well as clear information on consumer protection, rights, and responsibilities. Section 3.4. Financial consumers should be given, either in physical or digital forms, a copy of each of the documents they signed or consented to, including, but not limited to, the contract containing all the terms and conditions. Financial consumers should also be provided with electronic copies of the proof of transaction immediately after the transaction has been completed. Section 3.5. Financial service providers must have internal policies and procedures for the setting of prices for their products and services that take into consideration, among others, the principle of responsible pricing. Issuers of listed securities shall disclose in their registration statements and/or written procedures that responsible pricing for new offerings shall be undertaken through the established mode of price discovery of book building by underwriters, while the price of listed securities shall generally depend on the prevailing market price. Section 4. Fair and Respectful Treatment of Clients. Section 4.1. Fair and Respectful Treatment of Clients. – Financial service providers shall have the right to select their financial consumers; Provided, That they shall not discriminate against financial consumers on the basis of race, age, financial capacity, ethnicity, origin, gender, disability, health condition, sexual orientation, religious affiliation, or political affiliation; Provided, further, That financial service providers may provide distinctions, as necessary, when making a risk assessment on a specific financial product or service. This Rule ensures that financial consumers are treated fairly, honestly, and professionally at all stages of their relationship with financial service providers. Financial service providers shall adopt mechanisms to safeguard the interests of their financial consumers which shall include rules regarding ethical staff behavior, acceptable selling practices, fair and equitable terms and conditions, provision of products and services appropriate to the capacity and risk appetite of financial consumers, among others, and shall incorporate the same in their policies and procedures, control functions and agreements with third-party service providers. Section 4.2. A financial service provider demonstrates the principle of fair treatment toward financial consumers if its policies and practices observe the following: A. Terms and conditions are not unfair in that there is significant imbalance in the parties’ rights and obligations arising under the contract, to the detriment of the financial consumer.

Page 18 of 29 Except where expressly permitted by law, in any agreement with a financial consumer, a term should be deemed to be unfair if it exempts or absolves a financial service provider from acting with skill, care, diligence, or professionalism toward the financial consumer in connection with the provision of any product or service and/or any liability for failing to do so. Ambiguities in contractual terms and conditions should be construed in favor of the financial consumer. B. The financial service provider does not employ abusive collection or debt recovery practices against its financial consumers. The financial service provider or its collection agencies, counsels and other authorized third-party agents may resort to all reasonable and legally permissible means to collect amounts due them. However, in doing so, they observe good faith and reasonable conduct and refrain from engaging in unscrupulous or untoward acts. Section 4.3. The staff of a financial service provider and its authorized third-party representatives shall treat financial consumers with professional competence and in a manner that is fair and reasonable. The financial service provider shall: A. Establish a code of conduct applicable to all its staff and authorized third-party representatives, setting forth the organizational values and standards of professional conduct that uphold the protection of financial consumers appropriate to its structure, operations, and risk profile. The code should be reviewed and approved by the board of directors. The board shall define the financial service provider’s corporate culture and values. It shall establish a code of conduct and ethical standards and shall institutionalize a system that will allow reporting of concerns or violations to an appropriate body; B. Align its recruitment and training policies with professional, fair, and responsible treatment of financial consumers, in compliance with the Consumer Protection Standards of Conduct. The following demonstrate the financial service provider’s adherence to fair and responsible treatment of financial consumers: i. The financial service provider’s staff and third-party representatives receive adequate training suitable for the complexity of the financial products or services they sell to ensure understanding of their key features, risks, terms and costs, and relevant Consumer Protection Standards of Conduct, including statutory and regulatory requirements and related internal policies and procedures that might impact their consumers, including those pertaining to consumer risks arising from cybersecurity and/or digital financial products and services; ii. The financial service provider’s staff, as well as authorized third-party representatives contracted for sales and marketing purposes, do not use deceptive or high pressure/aggressive sales techniques and do not

Page 19 of 29 force financial consumers to sign contracts or rush into a financial deal without the benefit of shopping around; iii. The financial service provider’s staff involved in collections, as well as authorized third-party representatives contracted for the purpose, receive training in acceptable debt collection practices and loan recovery procedures consistent with existing relevant regulations; iv. The financial service provider’s staff do not employ practices that discriminate or take advantage of difficulties faced by vulnerable groups such as low-income earners, and persons with disability; C. Establish policies and procedures that aim to protect their financial consumers’ investments and other assets against internal or external fraud or misuse. Section 4.4. Prohibition on Employment of Abusive Collection or Debt Recovery Practices. – Financial service providers and their collection agencies, counsels and other authorized third-party representatives are prohibited from employing abusive collection or debt recovery practices against their financial consumers. Without limiting the general application of the foregoing, the following shall constitute abusive collection or debt recovery practices: A. Use or threat of use of violence or other criminal means to harm the physical person, reputation, or property of any person; B. Use of threats to take any action that cannot legally be taken; C. Use of obscenities, insults, or profane language the natural consequence of which is to abuse the financial consumer and/or which amount to a criminal act or offense under applicable laws; D. Disclosure or publication of the names and other personal information of borrowers or financial consumers who allegedly refuse to pay debts or obligations arising from transactions involving financial products and services; E. Communication or threat of communication to any person of loan information, which is known, or which should be known, to be false, including the failure to communicate that the debt is disputed, except as may be allowed under Section 2 of SEC Memorandum Circular No. 18, Series of 2019; F. Use of any false representation or deceptive means to collect or attempt to collect any debt or to obtain information concerning a borrower; G. Making contact at unreasonable/inconvenient times or hours, which shall be defined as contact before 6:00 a.m. and after 10:00 p.m., unless the account is past due for more than fifteen (15) days, or the financial consumer has given

Page 20 of 29 express consent that the said times are the only reasonable opportunities for contact; H. Notwithstanding the financial consumer’s consent, contacting the persons in the financial consumer’s contact list other than those who were named as guarantors or co-makers shall also constitute unfair debt collection practice; and I. Other acts that may be determined by the Commission to constitute abusive collection or debt recovery practices. Section 4.5. The financial service provider shall ensure that the remuneration structure of its staff and authorized agents is in a manner that encourages responsible business conduct, fair treatment and avoidance/mitigation of conflicts of interest. Financial service providers shall have mechanisms in place to manage and resolve actual conflicts of interest with respect to compensation or remuneration policies that arise in the interaction between their staff and agents and their existing and potential financial consumers. This is demonstrated when a member of the staff or an authorized agent: A. Discloses properly to the consumer prior to the execution of the transaction that the financial service provider or its staff has an interest in a direct/cross transaction with a financial consumer; B. Discloses the limited availability of products to the financial consumer when the financial service provider only recommends products which are issued by its related companies, particularly when commissions or rebates are the primary basis for recommending the particular product to the financial consumer; C. Discloses the basis on which the financial service provider is remunerated at the pre-contractual stage; D. Ensures that adequate systems and controls are in place to promptly identify issues and matters that may be detrimental to a financial consumer’s interests (e.g., cases in which advice may have been given merely to meet sales targets, or may be driven by financial or other incentives); E. Develops and adopts a risk-focused screening process for its pre-employment background screening based on factors like the position, responsibilities associated with such a position, and reputational or consumer risk implications. Moreover, the financial service provider shall: i. Include ethical behavior, professional conduct, and quality of interaction with financial consumers as part of staff performance evaluations; and ii. Perform appropriate due diligence before selecting the authorized agents/outsourced parties taking into account the agents’ integrity,

Page 21 of 29 professionalism, financial soundness, operational capability and capacity, and compatibility with the financial service provider’s corporate culture and implement controls to monitor the agents’ performance on a continuous basis. Section 5. Privacy and Protection of Client Data. Section 5.1. Privacy and Protection of Client Data. – Financial service providers must respect the privacy and protect the data of their financial consumers. Consistent with the provisions of Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012, the Commission shall issue regulations in coordination with the National Privacy Commission governing the disclosure of financial consumers’ data to third parties. Financial consumers have the right to review their data to ensure that inaccurate or deficient data are corrected or amended, to refuse the sharing of their information to third parties, and to request for the removal of their data from a financial service provider’s system if they no longer wish to use the financial service provider’s services. The pendency of specific issuances and regulations from the Commission on this section shall be without prejudice to the financial service providers’ compliance with the Data Privacy Act of 2012 and all other applicable data, protection laws, rules, and issuances. Section 5.2. Financial service providers must ensure that they have well￾articulated information security guidelines, well-defined protocols, and secured storage of information. Procedures in handling the personal information of the financial consumers should be periodically evaluated. This should be an end-to-end process that should cover, among others, the array of information that will be pre-identified and collected, the purpose and manner of gathering each information, and the information technology-security infrastructure of the financial service providers. Protocols for disclosure, both within the financial service provider and to third parties, in accordance with the Data Privacy Act of 2012, its implementing rules and regulations, and other applicable rules and regulations on data privacy shall be strictly observed and implemented. Section 5.3. Protection of Client Information. – Under this consumer protection standard, financial consumers have the right to expect that their financial transactions, as well as relevant personal information disclosed in the course of a transaction, are kept confidential and secure. Financial service providers shall inform financial consumers if their data will be shared to third parties, and in no case shall information be disclosed to third-party authorized representatives or third-party service providers which have not been reported to the Commission, pursuant to Rule 13, Section 2. Section 5.4. The financial service provider demonstrates the ability to protect client information when it is able to:

Page 22 of 29 A. Have a privacy policy to safeguard its consumers’ personal information. This policy should govern the collecting, processing, use, distribution, storage, and eventual disposal of client information and the identification of levels of permissible access to financial consumers’ data for employees. Financial service providers should ensure that privacy policies and sanctions for violations are implemented and strictly enforced; B. Ensure that privacy policies are regularly observed and communicated throughout the organization; C. Have appropriate systems or risk mitigation measures in place to protect the confidentiality and security of the personal data of its financial consumers against any threat or hazard to the security or integrity of the information and against unauthorized access. These include the creation of a written information security plan that describes its program to protect financial consumer’s personal information. The plan must be appropriate to its size and complexity, nature and scope of its activities, and the sensitivity of the financial consumer information it handles. These security measures should be regularly tested, monitored and updated by financial service providers; D. Have a robust information technology system in place to protect the confidentiality, security, accuracy, and integrity of financial consumers’ personal information. This includes network and software design, as well as information processing, database storage, transmission, retrieval, and disposal. Security must be maintained throughout the life cycle of financial consumer information, from data entry to disposal. Encryption of personal data shall be implemented both at rest and in transit; E. Provide clear policies and procedures on data breaches, including mechanisms to compensate financial consumers and compliance with the reportorial requirements of the Commission and the National Privacy Commission; F. Subject to the provisions of existing laws and regulations on data privacy, communicate to its financial consumers through its platform how it will use and share the financial consumers’ personal information; G. Obtain financial consumers’ consent, whether in writing or by electronic or recorded means, unless in situations allowed as lawful processing under the Data Privacy Act of 2012 or an exception by law, before sharing the financial consumers’ personal information with third parties such as credit bureaus, collection agencies, marketing and promotional partners, financial technologies that use a varied range of financial consumer data, and other relevant external parties. Financial consumers shall be given an opportunity to retract or cancel its consent for purposes other than those that are governed by existing laws, rules and regulations; H. Give financial consumers opportunity to exercise all their rights as data subjects, such as the right to access their information, the right to challenge

Page 23 of 29 the accuracy and completeness of the information, the right to amend information as appropriate, the right to request for deletion or blocking, the right to file a complaint, and the right to data portability; I. Notify financial consumers when privacy breaches occur and may leave their data vulnerable, and suggest means for financial consumers to respond to such breaches; J. Ensure that, when data are shared across providers, they transfer the data securely and use the data in a manner consistent with their privacy policy and these Rules; and K. Provide financial consumers information on how they may request to be deleted from the financial service provider’s database, or to be excluded from receiving advertisements and other notifications. Section 6. Financial Consumer Protection Assistance Mechanism. Section 6.1. All financial service providers must establish a single consumer assistance mechanism or an FCPAM, and provide free assistance to financial consumers on financial transactions concerns. The mechanism shall include handling of complaints, inquiries, and requests. Section 6.2. Effective Recourse. – Financial consumers should be provided with accessible, affordable, independent, fair, accountable, timely, and efficient means for resolving complaints regarding their financial transactions. Financial service providers should have in place a mechanism for complaints handling and redress, and may employ various modalities or technological innovations for complaints handling. A financial service provider shall: A. Establish an effective internal complaint handling unit charged with the receiving, recording, evaluating, resolving, monitoring and reporting of financial consumer complaints, concerns, inquiries or requests. Such duties shall be performed either by a designated officer, unit, group or department, depending on the financial service provider’s size, structure, nature of products and services, and complexity of operations, ensuring that there is no conflict of interest; B. Have accessible and working communication channels such as, but not limited to, a helpdesk and a hotline number disclosed in the financial service provider’s online platforms where financial consumers can conveniently lodge their complaints, questions, and concerns. The financial service provider shall acknowledge receipt of complaints and inquiries within two (2) business days and shall continuously communicate with the financial consumer until the issue is fully resolved. Financial service providers are enjoined to develop and adopt appropriate digital technologies for handling queries and complaints;

Page 24 of 29 C. Resolve consumer complaints and inquiries without unnecessary delay. Financial service providers may provide for their own periods for addressing consumer complaints and inquiries which shall not exceed thirty (30) calendar days from initial submission of the complaint or inquiry; D. Develop and implement policies, guidelines and practices for proper handling of financial consumer concerns. The complaint management policy should be set out in a written document and made available to all relevant staff of the financial service provider through an adequate internal channel; E. Ensure that the information on financial consumer assistance helpdesk/hotline, policies, procedures, and timelines for handling complaints are communicated with the financial consumers, included in the terms and conditions of the financial products or service availed, and posted on its online platforms. The financial service provider should also provide a clear, accurate, and up-to-date information about the complaint-handling process; F. Maintain an electronic registry of complaints including the actions or measures taken by the financial service provider for its resolution as well as progress and status of such complaints. Financial service providers must also maintain a management information system for the complaints from financial consumers that allows for consolidation, comparison, and analysis on a regular basis including investigating whether complaints indicate an isolated issue or a more widespread issue for financial consumers to ensure that financial service providers identify and address any recurring or systemic problems, and potential legal and operational risks; G. Establish clear reporting and escalation structure within its risk governance framework for the analysis and reports of financial consumer complaints. The complaints reports shall be submitted in accordance with existing regulations; H. Establish clear policies on investigation, resolution, and restitution of complaints and making the process clear to a financial consumer. When acknowledging receipt of a complaint, the financial service provider should provide information regarding its complaints-handling process; I. Seek to gather and investigate all relevant evidence and information regarding the financial consumer complaint and provide a response without any unnecessary delay or at least within the time limits set by relevant rules and regulations; J. When an answer cannot be provided within the expected time limits, inform the complainant about the cause/s of the delay and indicate when its investigation will likely be completed; K. Provide adequate resources to handle financial consumer complaints efficiently and effectively. Its staff handling complaints should have appropriate experience, knowledge, and expertise. Depending on the financial

Page 25 of 29 service provider’s size and complexity of operation, a senior staff member should be appointed to be in charge of the complaint-handling process; and L. Provide clear information on the actions taken or to be taken on a complaint, inquiry or request from a financial consumer. In the case of alleged disputed amount or unauthorized transactions, the financial service provider, pending the result of its final investigation report, shall suspend the imposition of interest, fees or charges, or provide similar reasonable accommodations to the financial consumer. Section 6.3. Financial consumers who are unsatisfied with the financial service provider’s handling of their complaints, inquiries and requests, may elevate their concerns to the Commission through its authorized operating department; Provided, That the complaints may be elevated under the following conditions to the Commission: i. After thirty (30) days from the initial submission without the complaint or inquiry being resolved; and ii. Within fifteen (15) days from when the financial consumer finds the action taken by the financial service provider to be unsatisfactory. Section 7. Information Security Standards. – Financial service providers shall adopt and implement information security standards to ensure the safety and protection of the confidentiality, integrity, availability, authenticity, and non-repudiation of financial Consumers’ information and financial transactions, and to ensure the data privacy of financial consumers. The Commission shall prescribe the minimum information security standards for compliance by all financial service providers under its supervision. Rule 9 – Bundling of Products Section 1. Bundling of Products. – When a financial consumer is obliged by the financial service provider to purchase any product, including an insurance policy, as a pre-condition for availing of a financial product or service, the financial consumer shall have the option to choose the provider of such product, subject to reasonable standards set by the financial service provider, and this information shall be made available to the financial consumer. Information regarding the bundled product and the right of choice should be made known to financial consumers during the shopping and pre-contractual phases, and financial service providers should not sway or pressure financial consumers toward a particular financial service provider on the basis of its own commercial agreement with that provider. When a choice among different providers for the secondary product is unavailable, financial service providers should not be prohibited from tying products, but all key features, as well as the identity of the provider of the bundled product, should be disclosed. Financial service providers should consider offering product bundles with market-based pricing.

Page 26 of 29 Rule 10 – Training of Staff of Financial Service Providers Section. 1. Training. – The staff of financial service providers who deal directly with financial consumers, including those who are involved in financial consumer protection assistance mechanisms or cybersecurity, must receive adequate training suitable to the complexity of the financial products or services they offer. Financial service providers must be qualified as appropriate for the complexity of the financial product or service they offer. Rule 11 – Investment Fraud Section. 1. Investment Fraud. – It shall be unlawful for any person or persons to commit investment fraud as defined in the FCPA and the SEC FCPA IRR. Any person who commits investment fraud shall be subject to the penalties prescribed under Section 73 of the SRC and to the administrative sanction provided under Section 16 of the FCPA. Section 2. Investment fraud may refer to any form of deceptive solicitation of investments from the public. Deceptive solicitation of investments includes, but is not limited to, any of the following: i. Ponzi schemes and such other schemes involving the promise or offer of profits or returns which are sourced from the investments or contributions made by the investors themselves; ii. Boiler room operations; iii. Offering or selling of investment schemes to the public without a license or permit from the Commission, unless such offering or selling involves exempt securities or are considered as exempt transactions as provided for under existing laws; or iv. All other similar or analogous schemes. Rule 12 – Non-waiver of Rights Section 1. No Waiver of Rights. –No provision of a contract for a financial product or service shall be lawful or enforceable if such provision waives or otherwise deprives a financial consumer of a legal right to sue the financial service provider, to receive information, to have his or her complaints addressed and resolved, or to have his or her non-public client data protected. Rule 13 – Liability of Financial Service Providers for Acts or Omissions of Authorized Agents and/or Representatives Section 1. A financial service provider shall be responsible for the acts or omissions of its directors, trustees, officers, employees, or agents in marketing financial products or services and in transacting with a financial consumer. The financial service

Page 27 of 29 provider shall be solidarily liable with its authorized third-party service providers for acts or omissions in the marketing of products or services and/or in transacting with financial consumers, which may include, but is not limited to, debt collection. Section 2. A financial service provider shall disclose and submit to the Commission a list of its authorized third-party service providers which it has engaged to perform debt collection, marketing and/or transacting with financial consumers for its products and services. The list shall contain the contact details of, and such other details associated with, the third-party service provider, which shall include the names and registered mobile phone numbers of agents engaged to perform debt collection and/or marketing, and other information as may be required by the Commission. Rule 14 – Prescription Section 1. Prescription. – All actions or claims accruing under the provision of the FCPA, and the rules and regulations issued pursuant thereto, shall prescribe after five (5) years from the time the financial transaction was consummated, or after five (5) years from the discovery of the deceit or nondisclosure of material facts; Provided, That such actions shall, in any event, prescribe after ten (10) years from the commission of the violation. Rule 15 - Penalties Section 1. Criminal Penalties. – Any person who willfully violates the provisions of the FCPA or the rules, regulations, orders, or instructions issued by the Commission to implement the FCPA, shall be punished by imprisonment of not less than one (1) year, but not more than five (5) years, or by a fine of not less than Fifty thousand pesos (Php50,000.00) but not more than Two million pesos (Php2,000,000.00), or both, at the discretion of the court; Provided, That if the violation is committed by a corporation or a juridical entity, the directors, officers, employees, or other officers who are directly responsible for such violation shall be held liable thereto. Rule 16 – Administrative Sanctions Section 1. Administrative Sanctions. – Without prejudice to the enforcement actions prescribed under Section 6(d) of the FCPA and the criminal sanction provided under Section 15 of the FCPA, the administrative sanctions provided under the charter of the Commission shall be made applicable to a financial service provider, its directors, trustees, officers, employees or agents for violation of the FCPA or any related rules, regulations, orders or instructions of the Commission; or to any persons found administratively liable for investment fraud; Provided, That for persons found responsible for investment fraud, the Commission may impose a fine of no less than Fifty thousand pesos (Php50,000.00) nor more than Ten million (Php10,000,000.00) for each instance of investment fraud plus not more than Ten thousand pesos (Php10,000.00) for

Page 28 of 29 each day of continuing violation in addition to other administrative sanctions provided under Section 54 of the SRC; Provided, further, That in case profit is gained or loss is avoided as a result of the violation of the FCPA or investment fraud, a fine not more than three (3) times the profit gained or loss avoided may also be imposed by the Commission; Provided, finally, That in addition to the administrative sanctions that may be imposed, the authority of the financial service provider to operate in relation to a particular financial product or service may be suspended or cancelled by the financial regulator. The imposition of administrative sanctions shall be without prejudice to the filing of criminal charges for violation of the FCPA and the SEC FCPA IRR. Rule 17 – Independent Civil Actions Section 1. Independent Civil Action. – Consistent with public interest and the protection of financial consumers, the Commission may, in its discretion, institute an independent civil action on behalf of aggrieved financial consumers for violations of the FCPA and the SEC FCPA IRR, taking into consideration the nature, effects, frequency and seriousness of the violation. The institution of an independent civil action shall be without prejudice to the filing of criminal charges by the Commission against violators of the FCPA and SEC FCPA IRR. Section 2.Should the Commission obtain a civil penalty (i.e., damages) against any person or entity, or should such person or entity agree to settle such civil penalty, the amount of such civil penalty, upon motion of the Commission, shall be added to and become part of a disgorgement fund or other funds established for the benefit of the aggrieved financial consumers, after accounting for the cost of suit. The rules to be issued by the Commission on disgorgement, as described in Rule 6 Section 1.D.vi, shall outline the procedure in implementing this Section.

Rule 18 – Applicability of Other Laws Section 1. The provisions of the Securities Regulation Code; the Revised Corporation Code of the Philippines; the Financing Company Act of 1998; the Lending Company Regulation Act of 2007; the Real Estate Investment Trust Act; the Investment Company Act; the Investment Houses Law; the Financial Institutions Strategic Transfer Act; the Foreign Investments Act of 1991 and Republic Act No. 11647, An Act Promoting Foreign Investments, including amendments, prevailing jurisprudence, implementing rules and regulations, guidelines, circulars, and other subsequent issuances in relation thereto shall have suppletory applicability to financial products and service providers.

Page 29 of 29 Rule 19 – Final Provisions Section 1. Transitory Clause. – Financial service providers shall be given six (6) months from the effectivity of these Rules to: (1) perform a gap analysis of their current consumer protection practices vis-à-vis the provisions of these Rules and the FCPA; and (2) propose an action plan duly approved by their boards of directors to achieve full compliance within a reasonable period of time but in no case longer than one (1) year from the effectivity of these Rules. Section 2. Supplemental Regulations. – These Rules may be supplemented by relevant regulations which the Commission may subsequently issue. Section 3. Separability Clause. – If any portion or provision of these Rules is held unconstitutional or invalid, all other provisions not thereby affected shall remain valid. Section 4. Repealing Clause. – All rules, regulations, orders, circulars and issuances of the Commission that are inconsistent with these Rules, unless otherwise herein indicated, are hereby amended and/or repealed accordingly. Rule 20 – Effectivity Clause These Rules shall take effect fifteen (15) days after their publication in the Official Gazette or in at least two (2) national newspapers of general circulation.