MANILA — The Philippine central bank said on Friday it has tightened reporting requirements for banks to beef up their cyber security surveillance and prevent widespread damage from online attacks to the financial system.
Cyber attacks against banks have increased in numbers and sophistication in recent years, with criminals finding new ways to target banks beyond trying to illicitly obtain details of their customers’ online accounts.
Given the speed of such attacks, the Bangko Sentral ng Pilipinas (BSP) said on Friday it now requires banks to report major intrusions into or disruptions to financial services within two hours of discovery of the incident. Previously it was 10 days.
“Having quick access to information on these incidents will enable the BSP to alert other banks, industry associations and other relevant stakeholders that may be affected by a specific attack,” the BSP said in a statement.
The BSP also requires affected banks to submit a follow-up report within 24-hours from the incident so it can monitor the situation and take action if needed.
In February 2016, the Philippine financial system was thrown into the global spotlight after $81 million that was stolen from Bangladesh’s central bank was channeled into several accounts at Manila-based Rizal Commercial Banking Corp (RCBC), before disappearing into the local casino industry.
The Bangladesh heist led financial institutions around the globe to bolster cyber security. Dhaka has been able to retrieve only about $15 million of the $81 million stolen.
RCBC was fined a record one billion pesos ($20 million) by the central bank in 2016 for its failure to prevent the movement of the stolen money through it. — Reporting by Karen Lema; Editing by Sam Holmes