English
Philippines: Bank cybersecurity standards tightened
MANILA, Philippines — The Bangko Sentral ng Pilipinas (BSP) is set to issue tighter regulations requiring financial institutions, particularly banks, to elevate the level of their cybersecurity standards.
“We are set to issue in a few weeks enhanced standards with regard to BSP’s expectation on cybersecurity arrangements in a financial institution,” BSP Governor Nestor Espenilla Jr. said yesterday.
He said the move would help ensure the protection of the financial system against cybercrimes and even against potential natural disasters.
The BSP is eager to accelerate financial inclusion through digitalization, but at the same time wants to safeguard the industry against the accompanying risks, according to Espenilla.
“The BSP is very focused on cybersecurity issues. In fact it is one of those things that can affect even the best and well capitalized bank at any given point in time,” he said.
Espenilla said the proposed reforms are now under legal review after being presented to major stakeholders and would be submitted to the Monetary Board for approval.
He added banks should pay attention to cybersecurity on the board of directors level rather than their respective IT departments.
“In our observation, many of this cybersecurity is left to the attention of technologists. Lower in the organization experts, but it is not embraced as part of the business strategy of banks. And to us that is risky,” he said.
Espenilla said if top management or board level does not pay attention that means the bank would not invest enough resources making the financial institution fundamentally vulnerable to cybercrime.
Since the initial stages of electronic banking in the Philippines, the BSP has put in place relevant regulatory framework and a robust and dynamic supervisory program to guide and oversee banks’ technology implementation.
In 2013, the BSP issued Circular 808 providing the framework on information technology risk management.
Source: http://www.philstar.com/business/2017/10/27/1752771/bank-cybersecurity-standards-tightened