Inquirer Plus
Now Reading
Cyber self-checks coming for banks, financial firms 
Inquirer Plus
Inquirer Plus
Dark Light
DictionarINQ: Rage bait
March 18, 1992: Senate probers find nuke loan fraudulent
PSEi ends 3-day slide on bargain hunting
Haus Talk debuts P1.8-B retail bonds on PDEx
Buses, jeepneys, airport cabs, TNVS get fare hike
PH in process of acquiring 2M barrels of fuel–DOF chief
Luistro: VP’s reply to impeach raps didn’t answer accusations
Heritage advocate: What’s libelous about citing book errors?
MMDA offers ‘shower rooms’ for bikers en route to work
Ex-DPWH exec tells court: Co gave me P130M as ‘balato’
Travel tax abolition bill hurdles House
PNP cracks down on abusive online lending apps

Cyber self-checks coming for banks, financial firms 

Ian Nicolas P. Cigaral
by
February 26, 2026

The Bangko Sentral ng Pilipinas (BSP) wants to require banks and other financial institutions to conduct annual self-assessments of their cybersecurity controls.

This is part of a broader effort to strengthen defenses as digital financial services expand and cyberthreats grow more sophisticated.

The BSP is soliciting industry comments on a draft circular that will require financial institutions with more complex information technology operations to submit a Cybersecurity Control Self-Assessment each year, beginning March 31 after the reference period.

The assessment will measure how mature their cybersecurity systems are and identify weaknesses that need to be addressed.

The proposal applies to supervised entities, including banks, quasi-banks and other financial institutions.

The self-assessment will be based on a new Cybersecurity Maturity Framework developed by the BSP, which evaluates financial firms across key areas including governance, risk management, threat detection, incident response and recovery.

The framework ranks institutions into four levels—from “foundational,” indicating minimal controls, to “optimized,” reflecting advanced, proactive cyberdefenses.

The central bank emphasized that the self-assessment would not replace existing cybersecurity examinations, but complement them by providing additional data to support oversight.

“Digital financial and payment services and platforms continue to evolve rapidly, with innovative solutions emerging to enhance customer experience, improve operational efficiency, expand accessibility and strengthen market competitiveness,” it said.

“However, these developments are accompanied by a corresponding increase in cyber threats, which heighten risks to both financial institutions and their customers.”

See Also
Ube’s global appeal takes root

Social engineering schemes—in which criminals manipulate victims into revealing sensitive information that enables fraudulent transactions—emerged as the Philippines’ most prevalent cybersecurity threat last year, accounting for 76 percent of total fraud losses.

BSP Deputy Governor Lyn Javier, who heads the central bank unit regulating financial firms, has said the trend reflected how cyber risks are evolving from attacks on technical vulnerabilities to schemes that exploit the “human element.”

The shift, she warned, poses growing challenges for regulators, as a major cyberattack could erode public trust in the financial system and trigger bank runs, which could create liquidity and capital strains for institutions.

The proposed standards on the cyber maturity model are part of a series of policy and supervisory reforms that the BSP is preparing, including new regulations on application programming interfaces, or APIs. These are traditionally used internally by financial firms to connect systems and applications, but are now exposed to a broader range of external parties in the digital ecosystem.

The BSP also wants to set standards for enhanced authentication mechanisms for financial transactions.

Tags
Inquirer Plus

Have problems with your subscription? Contact us via
Email: plus@inquirer.net, subscription@inquirer.net
Landline: (02) 8896-6000
SMS/Viber: 0908-8966000, 0919-0838000

© 2025 Inquirer Interactive, Inc.
All Rights Reserved.

Scroll To Top