BSP to require all banks, VASPs to use digitized supervisory platform by 2025
THE BANGKO SENTRAL ng Pilipinas (BSP) will require all banks and virtual asset service providers (VASP) to use a digitized regulatory and supervisory engine starting next year. In a memorandum posted on its website, the central bank said it is expanding the use of the Advance Suptech Engine for Risk-based Compliance (ASTERisC*) to cover all […]
THE BANGKO SENTRAL ng Pilipinas (BSP) will require all banks and virtual asset service providers (VASP) to use a digitized regulatory and supervisory engine starting next year.
In a memorandum posted on its website, the central bank said it is expanding the use of the Advance Suptech Engine for Risk-based Compliance (ASTERisC*) to cover all banks and VASPs.
The engine was initially rolled out in January 2023 among select financial institutions that met the BSP’s criteria.
The platform aims to streamline and automate regulatory supervision, reporting, and compliance assessment of BSP-supervised financial institutions’ (BSFIs) cybersecurity risk management systems and processes, the central bank said.
“This is a cloud-based solution which supports BSP’s end-to-end process on cybersecurity supervision and oversight, including cyber-profiling, cyber incident reporting and cybersecurity control self-assessments, among others.”
“With this platform, BSFIs can directly access and transmit cybersecurity-related reports and information in real-time. The system likewise enables deeper analyses and correlation capabilities to help the BSP implement risk-based and proactive supervisory decisions and set policy direction on cybersecurity.”
Through the system, authorized users can submit certain regulatory reports. It will also allow them to access global reports predefined by the BSP.
The BSP said it will directly coordinate with the targeted BSFIs for the provision of login credentials, authentication setup and schedule of training on the use of the system.
Users of ASTERisC* will require internet access, whitelisting of the cloud-based application components of the engine in the BSFI’s network, latest versions of web browsers, and a mobile device to be used for multi-factor authentication.
The covered regulatory reports in ASTERisC* include the IT profile report, event driven report and notification, report on crimes and losses and cybersecurity control self-assessment.
“For newly enrolled BSFIs, reporting through ASTERisC* shall be effective starting Jan. 1, 2025. Meanwhile, BSFIs may access the system in advance to prepare the IT Profile data for submission on Jan. 25, 2025,” it added. — Luisa Maria Jacinta C. Jocson