Financial scams may be reduced, if not totally eradicated, with the recent enactment of Republic Act No. 12010, or the Anti-Financial Account Scamming Act.
The law acknowledges that with the “… increased use of electronic commerce and digital financial services, there is a need to promote awareness in the use of Financial Accounts and to protect the public from cybercriminals and criminal syndicates …”
Financial account refers to an account used to avail of products or services offered by banks, nonbanks, other financial institutions and payments and financial service providers that are under the jurisdiction of the Bangko Sentral ng Pilipinas (BSP).
Those products or services include (a) an interest or noninterest-bearing deposit, trust, investment, or credit card account; (b) other transaction account maintained with a bank, nonbank or financial institution; (c) e-wallet; and (d) any other accounts used to avail of the services of financial service providers, such as investment advisers.
The law primarily puts the responsibility of protecting those financial accounts on the institutions mentioned.
They have to ensure that access to their clients’ accounts is protected by adequate risk management systems and controls such as multifactor authentication (or an authentication method that requires two or more verification factors to gain access to a resource), fraud management systems (or a comprehensive set of automated and real-time monitoring and detection systems to identify and block disputed, suspicious, or other online transactions), and other enrollment and verification processes.
In requiring the adoption of those systems, the law states that they should be proportionate and commensurate to the nature, size and complexity of the institution’s operations.
If the BSP has determined that an institution is fully compliant with the requirements of adequate risk management systems and controls, the latter shall not be liable for any loss or damage arising from, among others, the following schemes:
Money muling activities (or transacting on proceeds that are known to be derived from crimes);
Social engineering scheme or a process by which a person obtains sensitive identifying information of another person through deception or fraud resulting in unauthorized access and control over that person’s financial account.
To even up that responsibility, the law gives an institution the authority to temporarily hold the funds of an account if it appears to be unusual, without clear economic purpose, is from an unknown or illegal source or facilitated through social engineering schemes.
If the institution puts it on hold, it has to promptly inform the BSP of its action. The period of temporary hold has to be prescribed by the BSP, but it should not exceed 30 calendar days unless otherwise extended by a court of competent jurisdiction.
To validly put an account on hold, it is essential that it is based on information obtained from another institution, or a complaint from an aggrieved party, or a finding by the institution’s fraud management systems that there are reasonable grounds to take that action.
If the action was taken pursuant to the BSP’s rules and regulations, the institution, its directors, trustees, officers and employees would be exempt from any administrative, criminal or civil liability.
To further strengthen the BSP’s hand in going after financial scammers, the law gives it the authority to investigate and inquire into financial accounts that may be involved in the crimes or offense earlier mentioned. Only the Court of Appeals shall have the jurisdiction or authority to prevent it from doing that.
Aware of the far-reaching consequences of the law, Congress had given the BSP and other government offices concerned one year (not the usual six months) from the date of its effectivity to draft its implementing rules and regulations (IRR).No doubt, the financial scammers would closely review that IRR for possible loopholes and so it is essential that they’re forward-looking, tight and have no room for evasion. INQ
For comments, please send your email to rpalabrica@inquirer.com.ph.