Nip cybercrime in the bud through policy reforms


Banking has greatly evolved over the years. Changes in the way that we live, such as mobility restrictions due to COVID-19 and the rise of more advanced technologies, have allowed banks to offer services that no longer require customers to physically go to branches to transact. Through digital platforms, bank clients can now do their transactions on the go and even in the comfort of their own homes.

However, banks are not the only ones that have adapted to the increasing shift toward digital technology. Cybercriminals have also taken advantage of digital banking through social engineering schemes and other types of scams. Now it is in the face of these new challenges that banks are stepping up their efforts to empower customers to guard against scammers and, ultimately, contribute to nation-building.

INDUSTRY-WIDE RESPONSE TO FINANCIAL-RELATED CYBERCRIMESConsidering the ingenuity of scammers and other malicious actors, banks continue to strengthen their defenses by setting up cybersecurity measures and by constantly informing clients about ways that they can protect themselves from scams and other similar crimes. To complement these efforts, it has become essential for the banking industry and the government to work together for the enactment of much-needed policies that will help reduce the number of scam incidents in the country. Below are some policy reforms that will ultimately protect the general banking public and prevent the proliferation of financial-related cybercrimes, if implemented.

FINANCIAL CONSUMER PROTECTION ACTTowards the end of his administration, former President Rodrigo R. Duterte signed RA No. 11765 or the Financial Products and Services Consumer Protection Act (FCPA) into law. The said law aims to strengthen consumer protection mechanisms and authorizes regulators, i.e., the Bangko Sentral ng Pilipinas (BSP) and the Securities Exchange Commission (SEC), to enforce the law on banks and financial institutions. For banks, one of the key provisions that shall help customers victimized by cybercrimes is the creation of a Financial Consumer Protection Assistance Mechanism (FCPAM) for each BSP-supervised financial institution (BSFI).

The mechanism provides more efficient and faster avenues to redress issues, especially for matters that involve financial loss from scams. Customers go through a long and difficult process when they decide to pursue a case against cybercriminals. Thus, having a mechanism that will allow banks to offer accessible, affordable, and fair means of resolving complaints can help strengthen bank customers’ trust in the industry’s systems. The BSP has one year from the effectivity of the law to work with BSFIs and other stakeholders in the crafting of the implementing rules and regulations (IRR) to ensure that there are clear guidelines for its implementation and that its objectives will be met accordingly.

FINANCIAL ACCOUNTS REGULATION ACTApart from protecting customers and preventing them from losing their confidence in financial systems, the banking industry is also advocating for policies that nip cybercrimes in the bud. During the 18th Congress, the Bankers Association of the Philippines (BAP) pushed for a policy that aims to criminalize money mules and social engineering schemes, as well as to regulate the use of financial accounts and e-wallets (electronic wallets).

Money mules are individuals who help facilitate illegal funds transfer for someone else’s behalf. Their emergence is a perfect example of how criminals have used digitalization to find new ways to operate. The proposed policy aims to deter this new form of crime from further proliferating by imposing the appropriate punishment on individuals who are proven to be money mules.

Moreover, the policy addresses the ever-changing nature of social engineering schemes. Most of us are familiar with phishing (via e-mail), smishing (via SMS), and vishing (via voice calls), but, recently, cybercriminals have also resorted to quishing (via QR code). The latter occurs when victims are tricked into scanning QR codes that direct them to fake websites where they will be asked to provide their personal data. Cybercriminals can then acquire information that can be used to access bank accounts or e-wallets.

The House version of the bill (HB 10689) was approved at the committee level in January 2022, while its Senate counterpart (SB 2380) passed the first reading in September 2021. This 19th Congress, several members of the House of Representatives have already refiled the bill, acknowledging that with the increased use of e-commerce and digital banking, there is a need to update our cybersecurity policies and strengthen law enforcement against the rapidly evolving financial-related cybercrimes. Once passed into law, this legislative measure will protect the public from the unauthorized or illegal use of bank accounts and e-wallets.

SIM REGISTRATION ACTOne major policy that has the potential to address scams at the root of their operations is the SIM Registration Act. After getting vetoed last Congress over a contentious social media provision, the bill finally saw the light of day when it was signed into law on Oct. 10, now known as RA No. 11934 or the Subscriber Identity Module (SIM) Registration Act. This law can help eradicate mobile phone or electronic communication-aided criminal activities by making it possible for law enforcement agencies to identify cybercriminals who use prepaid SIM cards for phishing, vishing, and other text scams.

The impact of this landmark legislation is yet to be seen as concerned government agencies craft the law’s IRR in the next 60 days. Of course, just like in all other policy initiatives, this new law requires a balancing of interests between preventing SIM-aided crimes and protecting the privacy of the public. The IRR must be clear in terms of the registration process and the proper storage of data to safeguard these interests.

CUSTOMERS AT THE CORE OF BANKINGOne of the core values we have at BPI is customer obsession. We define it as the ability of the bank and all of our employees to anticipate our customers’ needs, to innovate and provide them with the best financial advice, and to make it easy for our customers to save and grow their finances. While the primary role of the banking industry is to maintain an efficient and stable financial system that contributes to the country’s economic growth, it is equally important for us to protect the core of our operations: the customers.

This is the reason why banks are committed to assisting the government in crafting and implementing policies that will strengthen consumer protection and will contribute to the fight against cybercrimes — not just in responding to specific incidents, but also in preventing future crimes from occurring. The government and the private sector, particularly the banking industry, have a shared goal of protecting banking customers, and providing the best and safest services for them to achieve financial freedom.

We have been in the business for 171 years now. Together with the nation and the Filipino people, we have experienced milestones and have overcome many challenges. It is true that the banking landscape is evolving and will continue to evolve in the coming years, but as we face numerous changes, we remain committed to support necessary measures that aim to protect our customers, by collaborating with the government and the rest of the banking industry to ensure that these policies are implemented.

This article reflects the personal opinion of the author and does not reflect the official stand of the Management Association of the Philippines or MAP.

Ramon “Mon” L. Jocson is EVP and COO of BPI. This article is written as part of the bank’s initiative to celebrate the 2022 Cybersecurity Awareness Month with the theme “See Yourself in Cyber.”