BSP sets guidelines for banks’ use of digital ‘know-your-customer systems’

THE BANGKO SENTRAL ng Pilipinas (BSP) has issued new rules covering financial institutions’ use of electronic “know-your-customer (KYC) processes,” providing minimum requirements for digital identification and verification of clients.

BSP Circular No. 1170 dated March 30 and signed by BSP Deputy Governor Eduardo G. Bobier as officer-in-charge, amends rules on customer due diligence (CDD), including guidelines on e-KYC, in the Manual of Regulations for Banks and Manual of Regulations for Non-Bank Financial Institutions.

The amendments aim to promote more efficient and seamless identity verification through technology and existing e-KYC systems, BSP Governor Felipe M. Medalla said in a statement.

“E-KYC is one of the key enablers to promote innovation and digital transformation aimed at advancing our financial inclusion agenda,” Mr. Medalla said. 

The new rules laid out the requirements for the use of digital identification and verification as part of the customer onboarding process of BSP-supervised financial institutions (BSFIs).

BSFIs are required to use strong information and communication technology architecture. The technology should also have appropriate onboarding requirements and authentication assurance levels.

They must also adopt tiered or risk-based e-KYC policies and procedures.

“Covered persons may use different methods to conduct customer identification and verification including e-KYC through digital ID system. For this purpose, digital ID systems are systems that cover the process of identity proofing/enrolment and authentication,” the central bank said.

The BSP said identity proofing can be documented digitally, physically, or both, but authentication and credentialing must be in digital form.   

“The digital ID system to be used in conducting CDD must be supported by robust technology, adequate governance, processes, and procedures that provide appropriate level of confidence that the system produces accurate results,” the BSP said.

Covered persons should also comply with the required digitization of customer records under relevant BSP and Anti-Money Laundering Council issuances.

“The covered person shall ensure that its conduct of e-KYC complies with relevant user consent and data sharing and protection/privacy laws, rules and regulations for data processing, storage, and management,” the BSP said. 

“All related transactions and their attendant risks or obligations, including the roles and responsibilities of each party involved, must be explicitly, clearly, and adequately provided by the covered person, and are explained to, understood, and accepted by the customer,” it said.

The central bank said the Philippine Identification System (PhilSys)-enabled e-KYC is an acceptable system under Republic Act No. 11055 or the PhilSys Act and its Revised Implementing Rules and Regulations.

The PhilSys-enabled e-KYC will be launched by the Philippine Statistics Authority (PSA). It will be subjected to PSA’s applicable guidelines and full implementation of the authentication procedures or methods and other related systems under the PhilSys.

However, if a covered person is unable to comply with the CDD measures, the BSFI-involved shall not open the account, commence business relations or any transactions, and should consider filing a suspicious transaction report on the customer.

Institutions that have existing e-KYC systems are given one year to comply with the prescribed e-KYC requirements.

Meanwhile, BSFIs that intend to shift to an e-KYC system must comply with the new rules before implementing their new processes. — K.B. Ta-asan