BDO, UnionBank face sanctions over hacked accounts
The Monetary Board has ordered sanctions on BDO Unibank Inc. and Union Bank of the Philippines (UnionBank) over incidents of hacked accounts in December 2021, according to the Bangko Sentral ng Pilipinas (BSP).
However, the BSP provided no details about the punishment for the two banks, only saying that the sanctions imposed emphasize the importance of continuously enhancing risk management systems involving cybersecurity, antimoney laundering and combating terrorism and proliferation financing.
Also, the sanctions reinforce the need for banks to take a proactive stance in ensuring that their depositors are adequately protected.
In a statement, UnionBank said they have cooperated with BDO and BSP on the incident and that they were able to swiftly help BDO recover and return to customers “a sizeable amount” of the stolen funds.
“All the recommendations of BSP to avoid such incidents have been implemented and there were no monetary penalties [imposed on us],” UnionBank said. “We have committed to an increase in capital charge to fortify our operations.”
For his part, BDO Unibank company president Nestor Tan said they would comply with the sanction. “We will work with the BSP to ensure a more secure banking environment,” Tan added.
Last January, BSP officials said an investigation on the incidents was expected to wrap up within that month.
On Thursday, when they finally announced that the investigation had been completed, the BSP said the hacking incidents originated from a compromised web service.
There was unauthorized access of about 700 accounts with BDO Unibank and fund transfers were made, mostly bound for accounts with UnionBank.
Also in January, the National Bureau of Investigation arrested three Filipinos and two Nigerians who were allegedly involved in the hacking incident.
The total amount stolen was not disclosed, but BDO said as early as December that the bank would shoulder the losses that depositors sustained from the cybercrime.
On Thursday, BSP Governor Benjamin Diokno said: “This incident is a reminder that we should continue to enhance our defenses against cyber threat actors to protect the integrity of the financial system and the interests of depositors.”