The Bangko Sentral ng Pilipinas (BSP) issued a circular amending the provisions of Section 911 of the Manual of Regulations for Banks (MORB) and Section 911-Q of the Manual of Regulations for Non-Bank Financial Institutions (MORNBFl) covering the Money Laundering (ML)/ Terrorist Financing (TF)/ Proliferation Financing (PF) risk reporting and notification requirements for BSP-supervised financial Institutions (BSFls).
Covered persons shall submit a report covering data and information on significant risk events arising from ML/TF/PF-related incidents or activities that may have a material effect to the covered person and/or the financial system. This report shall enable the BSP to promptly identify and respond to emerging risks and supervisory concerns as well as calibrate supervisory risk assessments, strategies, and activities, among others.
A. Reporting requirements
Covered persons are required to submit ML/TF/PF Risk Event Report to the BSP within twenty-four (24) hours from the date of knowledge or discovery of occurrence (i.e., from the time the event has been known or should have been known by the covered person) of any significant ML/TF/PF risk event.
An ML/TF/PF Risk Event refers to ML/TF/PF-related incident that may present material and/or adverse impact to the covered person, the financial system’s posture, or erode public confidence therein.
In determining whether an ML/TF/PF risk event is significant and reportable, the following shall be considered:
i. The amount involved represents one (1) percent or more of the covered person’s total qualifying capital; or
ii. Regardless of the amount involved, the covered person has determined that the ML/TF/PF-related incident has a material impact on the covered person and/or the financial system, such as those affecting significant number of customers or counterparties, with cross-border element, or those covered/may be widely covered in adverse media reports.
B. Procedures for reporting to BSP
The ML/TF/PF Risk Event Report shall contain, at a minimum, the following information:
i. date of knowledge or discovery of occurrence of the event or incident;
ii. brief description of the event/incident, such as nature, type of the transaction/product, delivery channel used, and amount involved;
iii. initial root cause of the event/incident, if determined, and response/actions taken/to be taken by the covered person thereto; and
iv. impact to the covered person based on initial assessment (i.e., in terms of financial/operational/reputational losses).
The BSP may require the covered person to provide additional information, documents, and/or updates, as necessary. The BSP may also conduct special or overseeing examination, as warranted, to verify, among others, the root cause of the incident, assess the impact to the covered person and/or the financial system, if any, and identify areas for improvement to strengthen the overall ML/TF/PF risk management framework.
C. Compliance with other risk reporting and notification requirements
Compliance with ML/TF/PF risk event report shall not preclude covered persons from complying with other existing regulations of the BSP on reporting crimes and losses and event-driven reporting and notification pursuant to Sections 173/172-Q/162-S/161-P/901-N/183-T (Report on Crimes and Losses) and Sections 148/147-Q/145-S/142-P/126-N (Reporting and Notification Standards), respectively.
In case the ML/TF/PF risk event also qualifies as a major cyber-related incident, the submission of event-driven reporting and notification to the BSP will be considered compliance with ML/TF/PF risk event report. On the other hand, ML/TF/PF risk event report covering an incident which also qualifies for reporting under operational risk event report and/or reputational risk report, shall no longer require separate reporting for both operational and reputational risks notification pursuant to existing regulations.
D. Supervisory Enforcement Actions
Non-compliance with the reporting requirements on Risk Event Report will be subject to applicable monetary penalty pursuant to Sections 1102/1102-Q. Further, consistent with Sections 002/002-Q/002-S/002-P/001-N/002-T, the BSP may deploy its range of enforcement actions to promote adherence to the requirements set forth in this Section and bring about timely corrective actions.
We are committed to YOUR cause. To ensure your organization’s adherence and safeguard against potential risks you can contact the firm at info@narplaw.com