BSP orders enhanced security measures for NSSLA

MANILA, Philippines – The Bangko Sentral ng Pilipinas (BSP) has directed all non-stock savings and loan associations (NSSLAs) nationwide to comply with enhanced security measures.

BSP deputy governor Nestor Espenilla Jr. issued Memorandum No. 2016 – 007 stating that all official notices and correspondences from the BSP’s Supervision and Examination Sector would be sent via electronic mail to officially registered e-mail addresses of NSSLAs starting July 1.

Espenilla said the bank regulator issued the guidelines in the transmission of written correspondences through email as part of the on-going initiatives of maximizing available information technology platforms and infrastructure and enhancing the security of communications between the BSP and NSSLAs.

NSSLAs are non-stock, non-profit corporations engaged in the business of accumulating the savings of its members and using such for extending credit to them.

The BSP is now requiring all NSSLAs to submit duly accomplished and notarized registration form signed by the corporate secretary certifying the official email addresses of the designated officials of the NSSLAs.

It added each NSSLA could register a maximum four email addresses including one for the compliance officer while the others should belong to authorized responsible officials. 

The BSP said subsequent changes in the official registry could be facilitated through the submission of an updated registration form and data entry template.

There are 20 NSSLAs registered with the BSP.

Espenilla earlier said the regulator is now working on supplemental or additional regulations that further strengthen and increase the level of maturity of Philippine banks and other financial institutions in light of heightened cyber attacks after the $81 million bank heist last February.

“Financial institutions everywhere are routinely being attacked by cyber criminals. So the important thing is the quality of the cyber crime prevention programs that is why we are trying to strengthen the defenses. The best thing to do now is to make the system strong to prevent breaches,” he said.

SWIFT (Society for Worldwide Interbank Financial Telecommunication), the global financial network that banks use to transfer billions of dollars every day, last month warned its customers of a “number of recent cyber incidents” where attackers had sent fraudulent messages over its system.

Espenilla said the BSP has already conducted a comprehensive review of the cyber crime prevention programs of Philippine banks as early as 2014.

 “We consider it (cyber attack) a very serious thing. That (review) is a good learning experience for us and the banks that made us more aware of the issues and we are happy to say that our banks are responding to this,” he added.

According to him, the proposed guidelines would set the minimum things to do about cyber crime.