BSP enforces tailored cyber resilience rules for smaller institutions

The framework ensures flexibility and proportionality in cybersecurity requirements.

The Bangko Sentral ng Pilipinas (BSP) is enforcing its comprehensive Financial Services Cyber Resilience Plan (FSCRP) with a tailored approach, ensuring that smaller financial institutions face proportionate cybersecurity requirements. 

The FSCRP is designed to strengthen the resilience of the financial sector against cyber threats, while taking into account the scale and risk of smaller institutions.

Melchor T. Plabasan, Director of the Technology Risk and Innovation Supervision Department (TRISD) at BSP, explained, “We observe proportionality when it comes to enforcing these rules, so not all the stringent requirements would apply to smaller institutions given the scale of their operations and their risk-taking activities.”

To measure the effectiveness of the FSCRP, the central bank uses key metrics, including tracking incidents, losses incurred by clients and banks, and consumer complaints. 

"If we see that these are decreasing, then we can safely say that the measures we have been undertaking are effective," Plabasan added. Improvements in the cybersecurity posture of financial institutions are also monitored through on-site and off-site supervision to ensure the framework remains agile and effective.