BSP inks data-sharing agreement with CICC, NBI, SEC

The Bangko Sentral ng Pilipinas (BSP) inked information-sharing agreements with the Cybercrime Investigation and Coordinating Center (CICC) and the Securities and Exchange Commission (SEC) to help combat the growing number of financial scams in the Philippines.

Formally signed at the central bank headquarters on Friday, the agreements authorize the lawful sharing of confidential financial account information to support investigations involving scams and related offenses, in accordance with existing bank secrecy laws and regulatory safeguards.

Representing BSP Governor Eli M. Remolona Jr., BSP General Counsel Roberto L. Figueroa hailed the agreement as affirming the BSP’s “strong commitment to fortify the safety and integrity of our financial system, towards strengthening public confidence, and ensuring that innovation and growth in the digital market are matched with vigilance and accountability.”

According to a November survey by global information solutions firm TransUnion, Filipino companies lost an estimated P4 trillion in revenues to various financial scams. The same report noted the growing sophistication of scam tactics, including the use of advanced technologies and artificial intelligence — a trend Figueroa acknowledged on Friday.

“Financial crimes evolve rapidly. No single regulator or law enforcement authority, however capable, can address these threats alone,” he said.

“This agreement sends a clear message to financial institutions that compliance and responsible innovation remain paramount. To financial consumers, that regulators and enforcement agencies are working in concert to protect them. And to those who seek to exploit the financial system, that coordination among authorities is deepening,” Figueroa added.

The information-sharing agreements (ISAs) set out clear procedures for requesting and securing data from the BSP’s Consumer Account Protection Office regarding financial accounts linked to scam activities. The arrangements are aligned with the Anti-Financial Account Scamming Act (AFASA) and its implementing rules under BSP Circular No. 1214.

AFASA, or Republic Act No. 12010, is designed to combat financial account scams by strengthening the powers of regulators and law enforcement to investigate, freeze, and recover funds linked to fraudulent transactions. It requires BSP-supervised financial institutions to enhance fraud management systems, adopt stronger authentication measures, and promptly share relevant information with authorities.

The law primarily covers scams involving bank and e-wallet accounts used as conduits for illegal transfers. However, it does not eliminate bank secrecy protections or authorize unrestricted access to accounts; information sharing remains subject to due process, data privacy rules, and judicial or lawful authorization requirements.

Through these agreements, the CICC can strengthen investigations and case-building for AFASA violations, while the SEC can access relevant information in the discharge of its regulatory and adjudicatory functions, including financial consumer complaints. All information sharing will be subject to strict compliance with bank secrecy laws and data privacy regulations.

“The negotiation and drafting process reflects not only technical expertise but a shared sense of institutional responsibility,” Figueroa said.

“Its success will not be measured by the document itself but by its execution — by investigations strengthened, cases resolved, risks mitigated, and harm prevented. In other words, we owe our public, our stakeholders, nothing less than actual results.”