BSP to finance firms: Protect customer data in Philippines

PHOTO

The Bangko Sentral ng Pilipinas (BSP) has reminded banks and financial institutions to strengthen their risk management systems and add safeguards to prevent unauthorized access to customer data.

BSP Deputy Governor Chuchi Fonacier said BSP-supervised financial institutions (BSFIs) should be responsible in handling personally identifiable information (PII) and other sensitive data as failure to do so may expose BSFIs to customer complaints and data privacy concerns.

'BSFls are strongly enjoined to employ robust risk management systems and implement adequate safeguards in handling PII and other sensitive data, including those covered under outsourcing arrangements,' she said in a memorandum.

Banks and non-bank financial institutions should also regularly review and update their policies and practices amid evolving data governance standards and requirements.

'The proper handling and protection of PII and other sensitive data serve as cornerstones of customer privacy and represent critical components in the prevention of fraud, identity theft and other financial crimes,' Fonacier said.

Under the Data Privacy Act of 2012, personally identifiable information is defined as any piece of information that could be used - either alone or when combined with other data - to identify an individual.

According to Fonacier, many financial institutions nowadays use innovative solutions and technologies to access, utilize and transform data. This allows them to gain deeper insights into market needs, assess product suitability and optimize customer service processes.

An example of this is how leveraging robotic process automation (RPA) and other similar tools as an alternative data-sharing method has raised some issues within the financial services industry.

'While these technologies have merits as an internal data collection automation tool, the use of RPA and other data scraping methods, specifically to collect PII and use it in gaining access to financial account and/or facilitating financial transaction, is seen to pose significant risks that may undermine consumer trust in financial service providers and compromise the integrity of the financial system,' she said.

Thus, BSFIs should ensure compliance with relevant laws and pertinent BSP regulations on financial consumer protection, data privacy and data protection, anti-money laundering and combating the financing of terrorism, cybersecurity, outsourcing as well as open finance, among others.