The Bangko Sentral ng Pilipinas (BSP) has updated its existing information technology-related guidelines on banks and nonbank entities.
In a statement on Tuesday, the central bank said that the Monetary Board approved the issuance of the enhanced information technology risk management (ITRM) framework to strengthen the IT-related activities of banks and nonbank entities against technological threats.
The framework will cover all types of banks, nonbank financial institutions, electronic money issuers and other nonbank entities.
“Consistent with international standards and best practices, the enhanced ITRM framework is expected to strengthen management of risks, security of operations and governance on IT-related activities, as well as reinforce regulations on consumer protection on electronic products and service by tackling the growing number of new and sophisticated technological threats,” it stated.
The BSP noted that the features of ITRM include the institution’s adoption of well-structured IT governance model and process; maintenance of risk identification and assessment process and the establishment of overall IT risk mitigation strategy.
The regulation also requires BSP-supervised institutions to adopt end-to-end triple data encryption standard for the whole automated teller machine (ATM) to strengthen electronic retail payment network and protect against ATM and credit card fraud.
“Seeing the inclination of banks, particularly rural and thrift banks, to use cloud computing technology to leap frog their financial services, the enhanced framework also provides direction on the adoption of cloud computing in the financial service industry,” it said.
BSP announced that the enhanced ITRM framework will take effect 15 calendar days after publication of the appropriate circular in the Official Gazette or a newspaper of general circulation in the Philippines.