The Bangko Sentral ng Pilipinas (BSP) will keep its June 2026 deadline for banks and other financial institutions to strengthen their fraud management systems (FMS) and curb reliance on interceptable authentication tools, according to BSP Deputy Governor Elmore Capule.
Capule said the central bank is not considering an extension at this time, stressing that BSP-supervised institutions are expected to comply with requirements under the Anti-Financial Account Scamming Act (AFASA).
“As of now we are not extending it, so they have to catch up,” Capule said in an interview in Manila.
Under AFASA, financial institutions offering complex electronic products and services—or those recording an average monthly network value of at least P75 million over the past six months—are required to enhance their fraud detection and prevention systems.
The law’s implementing rules and regulations mandate that covered institutions upgrade their FMS to detect behavioral anomalies, conduct blacklist screening, monitor geolocation data, and track changes in mobile devices and account information to help prevent unauthorized transactions.
Capule emphasized the need for stronger industry-wide coordination in addressing scams. “The most important thing is an industry protocol—meaning if I get scammed, the whole industry should know about it so no one just passes the buck,” he said. He added that once a scam is reported, institutions should already be on alert while funds are still in transit.
President Ferdinand R. Marcos Jr. signed AFASA, or Republic Act No. 12010, into law on 20 July 2024, after it was identified as a priority measure by the Legislative Executive Development Advisory Council.
The IRR also directs BSP-supervised financial institutions to limit the use of one-time passwords (OTPs) sent via SMS and email, which are vulnerable to interception, and to shift toward more secure multi-factor authentication (MFA)methods.
Recommended alternatives include biometric authentication—such as fingerprint scanning, facial recognition, and voice recognition—as well as behavioral biometrics that analyze user patterns like typing speed, mouse movements, and device behavior.
The BSP said the measures are intended to strengthen consumer protection and reduce losses from increasingly sophisticated digital financial scams.