Regulatory Alerts2025-05-30
Circular No. 12/3: Amendments to IT Risk Management Regulations to Implement AFASA
The Bangko Sentral ng Pilipinas issued Circular No. 12/3 to amend the Manual of Regulations for Banks, Non-Bank Financial Institutions, and Payment Systems, implementing Section 6 of the Anti-Financial Account Scamming Act. The regulation mandates the adoption of robust Fraud Management Systems, including real-time monitoring, transaction velocity checks, and geolocation tracking, while requiring strong authentication mechanisms like biometrics and adaptive authentication for high-risk transactions. Additionally, financial institutions must provide customers with self-service security tools such as kill switches and money locks, enforce strict device and script restrictions, and maintain comprehensive transaction logs for at least five years to facilitate fraud investigation and liability determination.