Philippines, Singapore central banks address cybersecurity risks

MANILA, Philippines — The central banks of the Philippines and Singapore agreed to address cybersecurity and other risks with the increasing use of technology to supply financial services amid the global health pandemic.

The Bangko Sentral ng Pilipinas (BSP) and The Monetary Authority of Singapore (MAS) recognize that the ability to aggregate, store, process and transmit data across borders is critical to the development of the financial sector.

“The expanding use of data in financial services and the increasing use of technology to supply financial services offer a range of benefits, including greater consumer choice, enhanced risk management capabilities, and increased efficiency,” the BSP and MAS said in a joint statement.

However, BSP and MAS said these developments also pose new and complex risks for markets and challenges for policymakers and regulators.

“BSP and MAS are committed to working together and with other countries and authorities to promote an environment in financial services that fosters the development of the global economy,” they said.

According to the BSP and MAS, data localization requirements could increase cybersecurity and other operational risks, hinder risk management and compliance, and inhibit financial regulatory and supervisory access to data.

“Data mobility in financial services supports economic growth and the development of innovative financial services, and benefits risk management and compliance programs, making it easier to detect cross-border money laundering, terrorist financing patterns, and proliferation financing; defend against cyberattacks; and manage and assess risk on a global basis,” they said.

As such, both central banks agreed to promote the adoption and implementation of policies and rules with respect to the operation of banks and non-bank financial institutions falling within their jurisdictions.

Under the agreement, covered institutions should be allowed to transfer data, including personal information, across borders by electronic means, provided this activity is for the conduct of the business within the scope of their license, authorization or registration.

Likewise, the location where covered institutions could store and process their data should not be restricted, as long as BSP and MAS have full and timely access to the data necessary to fulfill their regulatory and supervisory mandate.

If BSP or MAS is unable to access the data, covered institutions should have the opportunity to remediate such lack of access before being required to use or locate computing facilities locally.

Both central banks also agreed to share information on developments related to the adoption and implementation of the policies and rules.

Last Sept. 1, BSP Governor Benjamin Diokno and Financial Services Authority of Indonesia (Otoritas Jasa Keuangan) chairman Wimboh Santoso signed a memorandum of understanding (MOA) for consultation, cooperation and exchange of information.