The policy-setting Monetary Board on Tuesday said it has approved amendments relevant to the Anti-Financial Account Scamming Act (AFASA), under which the Bangko Sentral ng Pilipinas (BSP) is given authority to inquire into deposit accounts of individuals suspected of engaging in unlawful activity.
These amendments are spelled out in three circulars, all dated May 29, 2025.
The circulars formalized and implemented key provisions of AFASA, including enhanced IT risk management for financial institutions, rules for BSP’s inquiry into suspicious financial accounts and information sharing, and procedures for temporarily holding disputed funds.
“These amendments aim to strengthen the law’s implementation and ensure more effective compliance, particularly regarding IT risk management and the conduct of inquiries into financial accounts,” the Monetary Board said in a statement issued yesterday.
AFASA, or Republic Act (R.A.) No. 12010, which was signed into law in July 2024, aims to combat financial cybercrimes, safeguard the interests of financial consumers, and uphold the integrity of the financial system.
The law prohibits and punishes financial crimes, including money mules, social engineering schemes, and economic sabotage.
The law authorizes the Bangko Sentral ng Pilipinas (BSP) to investigate financial crimes, apply for cybercrime warrants and orders, and request the assistance of the National Bureau of Investigation and the Philippine National Police in the investigation of cases.
AFASA has been amended through various resolutions and circulars issued by the BSP, as approved by the Monetary Board.
Fraudulent funds
Under Circular No. 1215, banks and other financial institutions are now required to hold funds that are the subject of disputes and coordinate a verification process of up to 30 days to prevent scammers from moving the funds to other accounts and platforms.
The circular was issued to protect the public from cybercriminals and criminal syndicates who target financial accounts or lure account owners into becoming accessories or perpetrators of fraudulent activities.
The Monetary Board said this applies to all Bangko Sentral-Supervised Institutions (BSIs) that shall pursue the coordinated verification of disputed transactions, regardless of whether the funds remain in the financial system or not.
Temporary holding of disputed funds shall apply to the electronic transfer of funds from one financial account to another financial account.
This, however, shall not apply to erroneous transactions and to credit card transactions, except insofar as credit cards are used to perform electronic fund transfers.
The temporary holding of disputed funds and coordinated verification process are initiated through complaint-initiated holding or flagging of BSI’s fraud management system.
The BSI shall keep logs of the actual date and time of receipt of any of the foregoing triggers. These logs shall be used as a basis to determine timely compliance by the BSI of their obligations and liabilities for failure to temporarily hold disputed funds or improper holding of disputed funds.
Beneficiary account owners whose funds are subjected to temporary holding may, at any time, challenge the same or request the lifting thereof from their banks by providing information, documents, or evidence to substantiate the legitimacy of the disputed transaction.
If substantiated, the BSI shall, after evaluation, immediately lift the temporary holding of disputed funds and release the same to the beneficiary account owner, even before the lapse of the applicable holding period.
IT risk management
The Monetary Board also approved amendments to strengthen the implementation of the AFASA through enhanced IT risk management regulations for banks and non-bank financial institutions.
These changes aim to improve compliance and security measures against cyber fraud. The amendments focus on fortifying the regulatory framework to combat financial account scamming.
Circular No. 1213 introduces essential definitions related to IT security measures that financial institutions must implement to combat fraud.
It defined key terms such as Blacklist Screening, Browser Automation, CAPTCHA, Device Fingerprinting, and Fraud Management Systems.
Other terms include Kill Switch, Money Lock, and Transaction Velocity Checks, which are critical for enhancing security protocols.
Under the circular, BSIs are required to implement robust fraud management systems (FMS) to detect and prevent fraudulent transactions effectively.
BSIs must adopt automated and real-time fraud monitoring systems to identify suspicious activities.
Essential fraud rules include transaction velocity checks, geolocation monitoring, and blacklist screening.
FMS should be capable of detecting behavioral anomalies and temporarily holding funds for verification.
The circular emphasizes the need for strong security measures to protect financial accounts from cyber threats and unauthorized access.
BSP’s authority to investigate
Circular No. 1214 outlines the rules and procedures for inquiries into financial accounts under AFASA. It clarifies the inapplicability of certain laws regarding bank secrecy and data privacy.
Under this circular, the BSP shall have the authority to investigate and inquire into financial accounts that may be involved or utilized in the commission of a prohibited act.
These include money mules and social engineering, which could be considered economic sabotage if they involve three or more people as perpetrators or victims.
It stated that the provisions of the Secrecy of Bank Deposits Law, the Foreign Currency Deposit Act of the Philippines, the Revised Non-Stock Savings and Loan Association Act of 1997, and the Data Privacy Act of 2012 shall not apply to any financial account subject to BSP’s investigation and inquiry.
The central bank also has the authority to issue rules on information-sharing and disclosure with law enforcement and other competent authorities related to its inquiry and investigation of financial accounts.
Under the rules, competent authorities must enter into an agreement with the BSP for the sharing of financial account information.
These authorities are the Philippine National Police, National Bureau of Investigation, Department of Justice, Anti-Money Laundering Council, Cybercrime Investigation and Coordinating Center, as well as any government agency authorized to investigate or prosecute prohibited acts under the AFASA.
