The Bangko Sentral ng Pilipinas (BSP) is expanding the use of its Advance Suptech Engine for Risk-Based Compliance, also known as ASTERisC*, to include all banks and Virtual Asset Service Providers (VASPs) starting January 2025.
What’s the significance: The expansion of ASTERisC* to financial institutions like the VASPs is expected to strengthen regulatory oversight, streamline compliance processes, and enhance cybersecurity risk management, promoting trust and legitimacy in the virtual asset sector.
Key Definitions:
- ASTERisC* is a cloud-based regulatory and supervisory technology platform for cybersecurity supervision, reporting, and compliance.
- VASPs are those that facilitate the exchange between virtual assets and fiat currencies, virtual assets to virtual assets, and the transfer of virtual assets.
- Bangko Sentral-Supervised Financial Institutions (BSFIs) are all the businesses that are licensed under the central bank, including quasi-banks, pawnshops, foreign exchange dealers, money changers, remittance agents, electronic money issuers, non-stock savings and loan associations
What to Expect? The BSP oversees over 40 universal and commercial banks, hundreds of rural and thrift banks, and 14 licensed VASPs, all of which will now be integrated into ASTERisC*. The following are seen as benefits of the inclusion:
- Streamlines reporting on cybersecurity risk management systems.
- Supports processes like cyber-profiling, incident reporting, and self-assessments.
- Provides tools for deeper analysis to inform supervisory decisions and policy-making.
Implementation Details: With the integration of ASTERisC*, each institution will be assigned a single user account after mandatory training.
- Covered reports include IT Profile Reports, Event-Driven Reports and Notifications (EDRN), Report on Crimes and Losses (RCL), and Cybersecurity Control Self-Assessments (CCSA).
- User Account Forms (UAFs) must be approved and submitted by the BSFI Chief Compliance Officer (CCO) or authorized personnel.
Technical Requirements: Reporting for newly enrolled BSFIs begins on January 1, 2025, with preparatory access available earlier, they must have an internet access and network whitelisting for ASTERisC* components, latest versions of supported web browsers, and mobile devices for multi-factor authentication (MFA).
- Institutions will first receive login credentials and undergo training provided by the BSP.
- They will then have authorized users access ASTERisC* via a cloud-based web portal.
- Regulatory reports and assessments will then be submitted through web-based forms.
- BSFIs will also use dashboards for tracking submission status and viewing summary reports.
What’s next: The BSP will coordinate training and account setup with banks and VASPs, and institutions will begin preparatory use of ASTERisC* ahead of full implementation in January 2025.
Worth reading: Recently, the BSP revoked FIL-EXPRESS’s license for non-compliance with regulatory standards, part of broader 2024 enforcement actions affecting several financial institutions.
This article is published on BitPinas: BSP Expands Use of Digital Regulatory Platform for VASPs
What else is happening in Crypto Philippines and beyond?
