Inquirer Plus
Now Reading
BSP directs financial firms to do cyber self-checks
Inquirer Plus
Inquirer Plus
Dark Light
PDI: May 2, 2026
Arthaland keeps projects on track
Gov’t share from OceanaGold reached P2.1B in ’25
May 2, 2002: Security dragnet keeps the peace
Negros clash spurs call to revive talks with Reds
Marcos asks labor to just ‘keep going’ as wage hike clamor grows
PH part-time jobs surged 35% in Q1–Jobstreet
Police eye business rivalry in billiards patron’s slay
ICC lays groundwork for Du30 trial
Jay Sonza arrested over cyberlibel case
DepEd eyes 2.4M learners in private school subsidies
Lawyer: VP Sara’s impeachment defense ‘addled’

BSP directs financial firms to do cyber self-checks

Ian Nicolas P. Cigaral
by
May 2, 2026
BSP.GOV.PH

The Bangko Sentral ng Pilipinas (BSP) will now require banks and other financial institutions to regularly evaluate their own cybersecurity safeguards, part of a broader push to fortify the financial system as digital services expand and online threats become more sophisticated.

In Circular No. 1232, dated April 27, the central bank introduced a Cybersecurity Maturity Framework intended to give institutions a structured way to measure and strengthen their defenses across key areas of risk and control.

The framework will be paired with a Cybersecurity Control Self-Assessment tool designed to help financial institutions benchmark their current practices and map out a path toward stronger safeguards.

The tool is a questionnaire that asks activity- and capability-based questions to gauge how mature an institution’s controls are in each area, while also helping regulators track emerging cyber trends and industry practices.

Under the framework, institutions will be ranked across four maturity levels, from “foundational,” indicating minimal controls, to “optimized,” reflecting advanced and proactive cyber defenses.

To help supervised financial institutions prepare, the central bank said the initial self-assessment must be submitted within 60 calendar days after reporting guidelines are released.

“Consistent with a risk-based approach to controls implementation, BSFIs (BSP-supervised financial institutions) are expected to achieve the maturity tiers in line with their risk profile,” the circular said, adding that institutions are encouraged to continuously strengthen their cybersecurity capabilities and adopt more advanced controls.

Data from the central bank showed social engineering schemes—in which criminals manipulate victims into revealing sensitive information that enables fraudulent transactions—emerged as the Philippines’ most prevalent cybersecurity threat last year, accounting for 76 percent of total fraud losses.

See Also
‘People power’ during energy crisis

BSP Deputy Governor Lyn Javier, who heads the central bank unit regulating financial firms, has said the trend reflected how cyber risks are evolving from attacks on technical vulnerabilities to schemes that exploit the “human element.”

The shift, she warned, poses growing challenges for regulators, as a major cyberattack could erode public trust in the financial system and trigger bank runs, which could create liquidity and capital strains for institutions.

The standards on the cyber maturity model are part of a series of policy and supervisory reforms of the BSP, including new regulations on application programming interfaces, or APIs.

The BSP also wants to set standards for enhanced authentication mechanisms for financial transactions.

Tags
Inquirer Plus

Have problems with your subscription? Contact us via
Email: plus@inquirer.net, subscription@inquirer.net
Landline: (02) 8896-6000
SMS/Viber: 0908-8966000, 0919-0838000

© 2025 Inquirer Interactive, Inc.
All Rights Reserved.

Scroll To Top