BSP to banks: Toughen up vs cyber crime
The Bangko Sentral ng Pilipinas (BSP) is set to order banks to beef up their cyber crime prevention programs in light of heightened attacks after the $81million bank heist last February.
BSP Deputy Governor Nestor Espenilla Jr. said the bank regulator is now working on supplemental or additional regulations to further strengthen and increase the level of maturity of Philippine banks and other financial institutions.
“Financial institutions eve- rywhere are routinely being attacked by cyber criminals. So the important thing is the quality of the cyber crime prevention programs that is why we are trying to strengthen the defenses. The best thing to do now is to make the system strong to prevent breaches,” he said.
SWIFT (Society for Worldwide Interbank Financial Telecommunication), the global financial network that banks use to transfer billions of dollars every day, last month warned its customers that it was aware of a “number of recent cyber incidents” where attackers had sent fraudulent messages over its system.
Just the other day, Hanoi-based Tien Phong Bank reported that it foiled an attempted cyber heist using fraudulent SWIFT messages involving the transfer of $1.1 million in the fourth quarter of last year.
Espenilla said the BSP has already conducted a comprehensive review of the cyber crime prevention
programs of Philippine banks as early as 2014.
“We consider it (cyber attack) a very serious thing. That (review) is a good learning experience for us and the banks that made us more aware of the issues and we are happy to say that our banks are responding to this,” he added.
He explained the BSP participated in the Cybersecurity Summit for the Finance Services Industry organized by Bancnet and the Information Security Officers Group in November last year.
“Consciously, our focus there was to get the top management of banks, board level and senior level to pay attention to this issue. Don’t look at it as something just for IT people only. It is really for the top management to worry about and to put resources behind it,” Espenilla said.
According to him, the proposed guidelines would set the minimum things to do about cyber crime.
“We are trying to raise the standards in terms of regulations and at the same time we are also strengthening the supervisory capacity of banks,” he said.
While the number of threats involving ATM fraud has been on the decline with the planned deployment of cards with EMV chips, he said other threats including hacking have been on the rise.
“We see on the horizon growing other kinds of threats, the hacking type. So that basically reminds us that there is absolutely there is no room for complacency because new threats arise,” he said.
The BSP, he explained, has been beefing up its security measures with the increased attempts to hack its website.
“We better take care of our own defenses. We have to walk the talk. The BSP has pretty much invested in our own security and defenses. Knock on wood, the Bangladesh incident would not happen on the BSP,” he said.
Last February, hackers attempted to steal $1 billion from the accounts of the Bangladesh Bank at the Federal Reserve Bank of New York through fake SWIFT messages.
Of the 35 transactions, a total of 30 transactions worth $ 850 million were stopped while five transactions worth $81 million entered the Philippines through Yuchengco-led Rizal Commercial Banking Corp. (RCBC).
The BSP, Anti Money Laundering Council (AMLC), and the Senate Blue Ribbon Committee are conducting separate probes on the money laundering scandal.
“We are elevating now the IT standards because there are new regulations coming from international community. We cannot guarantee that there will be no attacks but what we can do is to minimize the system being breached and at the same time strengthen resilience,” he said.