Regulator comes down hard on RCBC
(Second of a series)
Nestor Espenilla Jr. feels that the $81-million cyber heist that victimized the Bangladesh Bank earlier this year came “at the wrong time.”
As the Deputy Governor of the Bangko Sentral ng Pilipinas responsible for guarding against bad behavior among local banks, the official pointed out that the Philippine financial system had already been moving slowly but surely toward cracking down on malpractice.
But the audacious theft of funds from the central bank of the impoverished South Asian nation proved that doubts expressed by multinational anti-money laundering watchdogs about the country’s porous financial borders were valid. The local financial system collectively found itself with egg on its face.
“The Bangladesh Bank incident seemed to highlight the weaknesses that these other [foreign] entities were saying were present [in the Philippines] which was their justification for de-risking,” Espenilla said. “In that sense, it seemed to validate their concerns.”
He added: “In the face of all this de-risking you have an incident like the Bangladesh heist. It was like … ‘I told you so.’”
What followed was a swift and severe crackdown on perceived weaknesses of local players, especially on the bank that was proven to be the point of entry of the stolen Bangladeshi funds: Rizal Commercial Banking Corp.
After concluding its probe on RCBC, the central bank slapped the Yuchengco family-controlled bank with an unprecedented P1-billion penalty—a record for fines imposed by regulators on errant Philippine banks.
The Inquirer spoke to several banking sources who all said that the BSP took the extraordinary step of imposing a heavy fine on the ninth largest bank in the Philippines, by assets, to serve as an example to other financial institutions that “the regulator was serious.”
“Under old traditional framework, the most that RCBC would have been fined was about P200 million,” said one banking official familiar with the issue. “But the BSP felt that a stronger signal needed to be sent, not only to the bank, but to the rest of the industry … thus the P1 billion. It had to hurt.”
More importantly, however, the Inquirer learned that the BSP has quietly put RCBC under a special status reserved for banks with significant regulatory shortcomings known in industry jargon as “PCA” or “prompt corrective action.”
“A bank under PCA status is restricted from doing a lot of things, and it has central bank officials closely monitoring its every move constantly,” the official said. “Under the PCA status, RCBC basically had to reapply for all its regulatory licenses and the central bank is examining each application closely before approving it.”
The official said the most visible elements of the PCA status imposed by BSP on RCBC was the sweeping revamp that the bank made in its 15-man board of directors. Where there used to be only three independent directors, RCBC’s new board now has seven, just one vote shy of a majority.
The bank has also purged its top level officials and department heads, bringing in new hires in the hope of reining in the corporate culture of “excessive risk taking,” the official told the Inquirer.
Other PCA restrictions that the central bank has imposed on erring banks in the past include prohibitions or restrictions on opening new branches, launching new products, underwriting large loans, and a prohibition on declaring dividends to owners. In extreme cases, the BSP had mandated previous PCA-sanctioned banks to bring on new shareholders to stabilize their finances and improve the internal culture.
BSP’s Espenilla declined to comment on specific matters regarding RCBC but said that regulators were indeed giving special attention on getting the bank to improve compliance with regulations.
“We’re trying to be constructive about [RCBC] so that the [banking] system is not permanently damaged,” he said, explaining why the BSP had not come out more forcefully against the bank.
“The system is much wiser now,” he said. “People were kind of cavalier about compliance in the past. Now they have seen how bad it can be. They don’t only have to worry about themselves, but they also have to worry about market perception. That’s a far more dangerous threat to a noncompliant bank.”
More importantly, Espenilla said banks were now more fastidious when processing transactions, asking more questions and verifying more information, even at the cost of inconveniencing large and longstanding clients.
“More banks are now relying on financial intelligence and digital solutions. Transactions are checked versus clients’ profiles. If anything is out of profile, a red flag is raised,” he said.
In the case of the $81 million in Bangladeshi funds that slipped into the country, Espenilla said: “RCBC’s system flagged that, but they chose to ignore it. So apart from having a system that detects anomalies, you must have responsible people who will act on the signals.”
