Central Bank of the Philippines issues Anti-Financial Account Scamming Act implementing rules mandating near-real-time handling of disputed transactions

The Central Bank of the Philippines published implementing rules for Republic Act No. 12010, the Anti-Financial Account Scamming Act (AFASA), issuing three circulars that set new requirements for IT risk management, establish rules for financial account inquiries and information sharing, and create a process for the temporary holding and verification of disputed funds. The framework is aimed at reducing financial scams and strengthening consumer protection across BSP-supervised institutions. The IT Risk Management Regulations place responsibility on BSP-Supervised Institutions (BSIs) to strengthen fraud prevention and detection, including stronger security features, transaction verification, and consumer protection tools to prevent unauthorised transactions. Rules on Financial Account Inquiry and Information Sharing operationalise BSP authority to inquire into financial accounts linked to scams where there is a strong basis for an AFASA violation, balancing bank secrecy, data privacy, and law-enforcement needs, and allow sharing of investigation-derived financial data with other authorities under a formal agreement. Regulations on Temporary Holding of Disputed Funds and the Coordinated Verification Process require BSIs, including clearing switch operators, to implement a real-time or near-real-time automated system for disputed transactions within one year from the regulations’ effectivity, permit holding disputed funds for up to 30 days, and provide for coordinated verification and potential return of funds to victimised financial consumers.