Photo courtesy of Bangko Sentral ng Pilipinas.
The Bangko Sentral ng Pilipinas (BSP) has ordered banks and other supervised financial institutions to regularly review and measure the strength of their cybersecurity systems as digital financial services continue to expand.
Data from the central bank earlier showed that social engineering schemes accounted for 76 percent of fraud-related losses in the country last year, underscoring how cyber threats have increasingly shifted from technical attacks to schemes targeting human behavior.
In response to these emerging risks, the BSP issued Circular No. 1232 dated April 27, introducing a Cybersecurity Maturity Framework meant to help financial institutions assess vulnerabilities and improve digital defenses.
The framework was accompanied by a Cybersecurity Control Self-Assessment tool, which the central bank said would allow institutions to benchmark existing controls, identify weak points, and map out improvements.
The questionnaire used activity-based and capability-focused indicators to measure how prepared institutions were across critical cybersecurity functions, while also giving regulators a clearer view of industry trends and risk patterns.
Under the framework, institutions would be classified across four maturity levels, starting with “foundational” for basic controls and ending with “optimized” for organizations with advanced and proactive cyber defenses.
The BSP said covered institutions must complete and submit their initial self-assessment within 60 calendar days after the reporting guidelines are released.
The central bank added that financial institutions are expected to achieve maturity levels based on their risk profiles while continuously strengthening their security controls as part of broader reforms in digital finance regulation.