BSP starts probe on bank glitch

MANILA, Philippines - The Bangko Sentral ng Pilipinas (BSP) has started investigating the “glitch” that affected the nationwide operations of Ayala-led Bank of the Philippine Islands (BPI) starting Tuesday.

A source yesterday said a team of investigators has been dispatched by the BSP to look into the internal data processing error that forced the country’s third largest bank to deactivate its electronic channels, including ATMs, as well as online and mobile banking. The source also said the team includes examiners as the regulator earlier reprimanded the BPI for its outdated system.

The Senate committee on banks and financial institutions is also preparing to investigate the matter, with Senate President Aquilino Pimentel III citing the “inconvenience and panic among several bank clients” caused by the breakdown.

Incoming BSP governor Nestor Espenilla Jr. said Wednesday it would allow BPI to first fix the error before conducting an inquiry.

“For today, the focus is be normal, take care of your customers. But tomorrow we have to talk. First things first, if we come in and they’re managing the problem, they’ll be distracted,” Espenilla earlier said.

BPI was able to restore all its ATM as well as online and mobile banking services Thursday evening after resolving a glitch that hampered operations for two days.

The bank was able to reactivate its electronic channels at 9 p.m. last Thursday or two days after an internal data processing error disrupted its system.

“We are pleased to announce that our clients may now access our electronics channels (ATMs, internet banking and mobile banking),” BPI said in an advisory released Thursday evening.

The oldest bank in the Philippines currently has a deposit base of P1.4 trillion as of end-March. It has eight million deposit accounts.

“As we expect an initially high volume of transactions, you may experience traffic-related difficulties in accessing online and mobile channels, but we anticipate this to normalize very soon,” the bank added.

The bank said it has resolved all the “mis-postings” and the correct balances are now reflected.

“We assure you that the integrity of your accounts will be maintained,” BPI said.

On Wednesday, BPI through its president and CEO Cezar Consing assured clients that the bank’s system was not hacked but only suffered a glitch.

Due to the internal system error, the bank said some transactions between April 27 and May 2 were double-posted on June 6, resulting in incorrect balances in the accounts of depositors.

The bank managed to reactivate its ATM network 10 p.m. of Wednesday and all its electronic channels including online and mobile banking 7 a.m. Thursday, only to deactivate it hours later after discovering that accounts still reflected incorrect balances.

To serve the needs of clients, all BPI and BPI Family Savings Bank branches extended their operating hours to 7:30 p.m. on Wednesday and Thursday.

Pia Roman-Tayag, head of the BSP’s Financial Consumer Protection, earlier said the BSP wanted to see what really happened, or what were the operational lapses that needed to be addressed.

She said the BSP has issued several circulars on technology risk management and operational risk management requiring banks to identify, report and rectify risks affecting their operations.

She added it was still too early to discuss the sanctions that could be imposed against BPI for the incident.

“At this point we cannot speak of enforcement action because we have to do our own investigation first and we don’t want to focus on that yet because the priority really now is for the records of the consumers to be fixed and we want the bank to focus their attention on that,” she added.

Clients’ demand

At the Senate, Pimentel said an investigation is being “demanded by constituents” not satisfied with BPI’s public statement on the matter.

He said a “computer fiasco is a dangerous occurrence” the BPI should not simply dismiss as not caused by hacking.

He said an inquiry would delve into the bank’s security protocols, adding the root cause of the data error must be fully explained by BPI to reassure the public that a similar incident would not occur again.

Pimentel said local banks must be on the lookout for a possible cyber attack as hackers worldwide have already victimized a number of banking institutions despite safeguard measures.

Sen. Francis Escudero, chairman of the committee, earlier said BPI and the BSP should tap the expertise of the National Bureau of Investigation Cybercrime Division in any investigation.

“I don’t want to make any conclusions until it has been thoroughly investigated by competent authorities,” Escudero said.

Sen. Grace Poe said that while BPI has a proven track record, the incident should be clearly explained and clarified.

“It’s good that they came up with this advisory immediately but we would like to know what caused this. Is it an internal IT problem or error? Or is it an attack?” Poe said.

“They should come out with a report on what caused this so that people will not be left in the dark and have unnecessary worries about their accounts. They should be able to uphold the trust given to the banking institutions,” she said. – With Paolo Romero