THE BANGKO SENTRAL ng Pilipinas (BSP) has released draft rules of procedure on the conduct of inquiry into financial accounts and the sharing of financial account information as part of the implementation of Republic Act (RA) No. 12010 or the Anti-Financial Account Scamming Act (AFASA).
In a draft circular posted on its website, the central bank said the rules are in line with the AFASA, which seeks to prevent and penalize financial cybercrime.
The BSP has the authority to investigate and inquire into financial accounts involved in prohibited acts or offenses under the AFASA, which was signed on July 20, 2024. These acts include money mule activities and social engineering schemes, which could be considered economic sabotage if it involves three or more people as perpetrators or victims, mass mailers, or human trafficking.
The central bank also has the authority to issue rules on information-sharing and disclosure with law enforcement and other competent authorities related to its inquiry and investigation of financial accounts under this law. These information shall be used solely to investigate and prosecute cases involving violations of the AFASA.
The central bank said in the draft rules that the BSP’s Consumer Account Protection Office (CAPO) is the body authorized to investigate and inquire into financial accounts and share financial account information with authorities for the implementation of the AFASA.
Under the rules, competent authorities — which refers to the Philippine National Police, National Bureau of Investigation, Department of Justice, Anti-Money Laundering Council, Cybercrime Investigation and Coordinating Center, or any government agency authorized to investigate or prosecute prohibited acts under the AFASA, as well as financial regulators authorized to investigate crimes or offenses related to their respective regulatory functions and adjudicate financial consumer complaints — must enter into an agreement with the BSP for the sharing of financial account information.
These financial account information include the account number, the account owner’s personal information, transaction records, and the documents submitted for opening or maintaining accounts, among others.
“The Consumer Account Protection Office (CAPO) shall only receive request to inquire into financial account from, and disclose financial account information to, a competent authority which has an existing information sharing agreement with BSP,” the central bank said.
“Any financial account information shared by BSP to a competent authority pursuant to these rules and duly-executed information sharing agreement shall be used solely to investigate and prosecute criminal cases for violations of a prohibited act, or, as may be applicable, to adjudicate financial consumer complaints.”
The information sharing agreement between the BSP and a competent authority must be in writing and notarized and contain the terms for the sharing of account information, measures to ensure data security and protection, and how parties can access the information, among others.
Institutions must also register the e-mail accounts they will use to communicate with CAPO.
The BSP also outlined the process for requesting an inquiry into financial accounts.
“An inquiry into a financial account may be initiated by a competent authority by filing with CAPO a request, upon its own determination that, based on the facts and pieces of evidence that it gathered, there is a reasonable ground to believe that a prohibited act has been committed and that a financial account was utilized or involved in its commission,” the central bank said.
A request for inquiry must include facts related to the suspected commission of a prohibited act under the AFASA, including but not limited to the date and time of the violation, details of the respondents and complainants or victims, the financial accounts involved, and information on how the account was used to commit a prohibited act. Requests should also include affidavits of the victims and witnesses and other evidence gathered by the competent authority during its investigation of an incident.
“The CAPO shall evaluate the request and its supporting documents. Upon determination that, based on the information and evidence provided in the request and supporting documents, there is sufficient ground to engender a well-founded belief that a prohibited act has been committed and that the financial account subject of the request was probably involved or utilized in its commission, CAPO shall forthwith issue an inquiry order indicating therein the financial account/s and financial account information subject of the inquiry; and directing the concerned institution to disclose the financial account information, and to allow the authorized personnel of CAPO full and immediate access to all records related to the financial account subject of the inquiry within a specified period of time.”
The CAPO will serve the inquiry order to the concerned institution electronically via their registered e-mail address, or via personal service, registered mail, or courier. Within three days from receipt of the inquiry order, the institution must submit to the CAPO a return providing all the financial information required in the order, along with other relevant documents. The institution must also immediately grant the CAPO full access to all records related to the subject financial account upon receipt of the inquiry order.
“Upon gathering all necessary information and receipt of the return from the concerned institution, CAPO shall furnish the competent authority its response to the request for inquiry into financial account containing the financial account information gathered by CAPO,” the BSP said.
Meanwhile, if the CAPO finds that a request for inquiry failed to establish sufficient ground on the involvement of the financial account in the commission of the violation, it will issue a notice to the concerned competent authority to correct or amend their submission within 10 days for reevaluation.
Failure to comply with an inquiry order or unauthorized disclosure of financial account information obtained for the investigation of violations of the AFASA shall be subject to criminal and administrative liabilities, the BSP said.
The CAPO also has the authority to apply for cybercrime warrants and/or to issue preservation orders related to the electronic communications involved in the commission of the prohibited acts under the AFASA, it added. — Luisa Maria Jacinta C. Jocson
