Dear Atty. Angela,
I was a victim of a phone scam when one day a caller pretended to be a bank employee and I was tricked to giving the one-time password which ended up transferring P50,000 from my bank account to a different bank account. I reported the incident to the PNP Anti-Cybercrime Group which assisted me in obtaining a Warrant to Disclose Computer Data to identify the account holder involved in the scam. The bank is now questioning the warrant and claiming that the bank secrecy law prohibits the disclosure of bank information, including the account holder. Is this correct?
Emma
θ θ θ
Dear Emma,
No, the issuance of Warrant to Disclose Computer Data is valid and could be imposed against a bank in cybercrime cases.
In the case of EastWest Rural Bank v. PNP-ACG, G.R. No. 273720 (29 July 2025), the Supreme Court clarified that while the Bank Secrecy Law protects the confidentiality of bank deposits and their financial details, it does not prevent the disclosure of basic identifying information when allowed by law. Under the Cybercrime Prevention Act, law enforcement agencies may, with a court-issued warrant, require the disclosure of computer data necessary to investigate cybercrime offenses.
The SC ruled that the bank is considered a service provider under the Cybercrime Prevention Act because their digital banking services — such as online banking platforms, mobile applications, and automated email notifications — allow customers to communicate and transact through computer systems. As a banking institution, it also processes and stores substantial amounts of computer data both in the course of its operations and on behalf of its customers, placing it within the law’s coverage for the disclosure of computer data.
In your case, after the scam incident, you were able to obtain a warrant to disclose data and this is valid and enforceable against the bank where disclosure of identifying account information, not deposit details, is allowed.
Atty. Angela Antonio