2 days ago
2
Upgrade to High-Speed Internet for only ₱1499/month!
Enjoy up to 100 Mbps fiber broadband, perfect for browsing, streaming, and gaming.
Visit Suniway.ph to learn
Keisha Ta-Asan - The Philippine Star
June 4, 2025 | 12:00am
In Circular 1214, the BSP laid down formal procedures that allow its Consumer Account Protection Office (CAPO) to conduct an inquiry into bank, e-wallet or other financial accounts suspected of being used in scams including phishing, money muling and social engineering schemes.
MANILA, Philippines — The Bangko Sentral ng Pilipinas (BSP) now has the authority to access and share financial account information without violating bank secrecy or data privacy laws, as part of its expanded investigative powers under the Anti-Financial Account Scamming Act (AFASA).
In Circular 1214, the BSP laid down formal procedures that allow its Consumer Account Protection Office (CAPO) to conduct an inquiry into bank, e-wallet or other financial accounts suspected of being used in scams including phishing, money muling and social engineering schemes.
“The provisions of Republic Act 1405, as amended, or the Secrecy of Bank Deposits Law; RA 6426, as amended, or the Foreign Currency Deposit Act of the Philippines; RA 8367 or the Revised Non-Stock Savings and Loan Association Act of 1997; and RA10173 or the Data Privacy Act of 2012, shall not apply to any financial account subject of BSP’s investigation and inquiry,” the circular said.
Under the new rules, CAPO may begin its inquiry once a competent authority, such as a relevant government or law enforcement agency, submits a formal request supported by affidavits and transaction records.
The BSP will issue an inquiry order directing the financial institution to submit all relevant account documents and prohibit any disclosure to the account holder.
“Any person who… discloses any information… for purposes other than those mentioned under Sections 12 and 14 of the AFASA shall be subject to criminal and administrative liabilities,” the BSP said.
To ensure secure handling, both the requesting agency and the BSP must have an information sharing agreement in place. These agreements require strict confidentiality protocols including encryption, audit trails and limited access before any data is transmitted.
CAPO may also initiate its own investigations motu proprio and apply for cybercrime warrants or preservation orders under the Cybercrime Prevention Act.
Institutions must register up to three official e-mail accounts for use in all correspondence related to CAPO inquiries. Any submissions sent from unregistered addresses will not be accepted.
The BSP said “any email sent by CAPO to an institution’s registered e-mail account shall be presumed to have been duly received,” placing the responsibility on financial institutions to keep their channels monitored and secure.
The circular takes effect 15 days after publication.
