BSP to adopt tighter cybersecurity reporting

MANILA, Philippines — The Bangko Sentral ng Pilipinas (BSP) is set to finally adopt in September a tighter reportorial requirement for financial institutions, particularly banks, to address the growing concerns over cybercrime.

BSP Deputy Governor Chuchi Fonacier said the proposed reporting requirement for cyber security and other information technology (IT)-related matters is now under review by the central bank’s legal department.

Once finalized, Fonacier said the proposal would be forwarded to the Monetary Board for approval.

 “It is undergoing legal review before Monetary Board approval by September,” Fonacier said.

Fonacier said the proposal calls for BSP-supervised financial institutions (BSFI) to report breaches in cybersecurity within 24 to 48 hours from as long as 10 days.

According to Fonacier, the BSP wants to ensure that its system has the capacity to handle all reports from financial institutions.

The central bank has approved pioneering guidelines on information security management that place a renewed focus on cybersecurity, promoting the cyber resiliency of the entire banking industry.

The enhanced information security framework strengthened cybersecurity controls in line with a rapidly evolving cyber threat landscape surrounding financial institutions.

The new guidelines, one of the first in Southeast Asia, cover a holistic framework on information security risk management as an integral part of the banks’ information security program, enterprise risk management system and governance mechanisms.

The cyber threat landscape has continuously evolved with more threats surfacing in the cyber realm in an increasingly complex and sophisticated fashion.

The amendments highlighted the role of the banks’ board and senior management in spearheading sound information security governance and strong security culture within their respective networks.

The regulator required supervised institutions to set-up a 24 by 7 security operations center (SOC) equipped with advanced technologies and manned by competent analysts to proactively monitor emerging and highly sophisticated cyber-threats and attacks.