The Bangko Sentral ng Pilipinas (BSP) is advocating for banks to have a default “zero trust” cybersecurity systems for maximum protection both during COVID-19 and post-pandemic set up.
BSP Governor Benjamin E. Diokno directed banks and all other BSP-supervised financial institutions (BSFIs) to “take a second look at their cybersecurity strategies and assess the feasibility of shifting to a ‘zero-trust’ operational model.”
“In this model, access to BSFI resources will have to be continuously verified and authorized by implementing security protocols. These protocols include biometric technologies or multi-factor authentication,” said Diokno during his regular online “GBED Talks”.
He said BSFIs must evaluate and assess if implementing zero-trust identity and access management procedures will more effectively address cyber risks. It will also strengthen data protection.
“As BSFIs adopt technology that is practically borderless, protecting data becomes even more crucial,” said Diokno.
Stronger data protection is part of the BSP’s programs to improve banks’ cyber resilience while encouraging digital innovation, cybersecurity measures and enabling consumer protection mechanisms.
“To this end, the BSP granted regulatory reliefs to include relaxed Know-Your- Customer requirements to pave the way for more convenient digital onboarding of clients,” said Diokno. “The BSP took it a step further by waiving applicable license fees for BSFIs who wish to offer e-payments and financial services.
These were pursued along with issuances urging BSFIs to augment their existing capabilities and implement strategies to address the rising demand for digital financial services.”
The BSP has also stepped up its cyber surveillance with policy issuances that emphasize “vigorous and multi-layered controls to ward off threats.”
As for consumer protection mechanisms, Diokno said focused cybersecurity awareness campaigns serve to “warn financial consumers on emerging cyberthreats and scams.”
“BSP also enjoined BSFIs to ramp up customer service and redress mechanisms to protect consumers and minimize fraud losses,” he said.
The BSP has been noting an increase in cyber-related incidences during the lockdown period but most are readily detected by the layers of cybersecurity defenses by the BSP and banks.
Diokno said there is no such thing as 100 percent security and this is why they are stressing on banks’ need for cyber resilience.
Based on BSP surveillance, there have been an increase in cyber incidence during the lockdown period because financial consumers had to do more financial transactions online. Mostly, cyber threats are in the form of phishing and malicious websites.
Diokno reiterated that the best way to combat cyber incidences is cyber awareness campaigns.
“The BSP remains committed to engage and collaborate with BSFIs, law enforcement agencies, and other key stakeholders, to ensure safety and integrity of the financial system. We are committed to uphold the protection of financial consumers at all times,” he said.
As for the Wirecard issue, Diokno said the BSP has included all those involved in the falsification of documents in the watchlist file. These people who are employees of two of the country’s biggest banks, Bank of the Philippine Islands and BDO Unibank Inc., will be disqualified from entering the banking system again, he said. The Wirecard scandal is an alleged $2.1 billion transaction that according to BSP, never entered the Philippines anyway, based on earlier investigations.