Bangko Sentral ng Pilipinas (BSP) is expanding the use of its Advance Suptech engine for risk-based compliance, also known as ASTERisC*, to include all banks and virtual asset service providers (VASPs) starting January 2025 .
What is the meaning: The expansion of ASTERisC* to financial institutions such as VASPs is expected to strengthen regulatory oversight, streamline compliance processes, and improve cybersecurity risk management, promoting trust and legitimacy in the virtual asset sector.
Key definitions:
- ASTERiSC* is a cloud-based regulatory and supervisory technology platform for cybersecurity oversight, reporting and compliance.
- VASP They are those that facilitate the exchange between virtual assets and fiat currencies, virtual assets to virtual assets and the transfer of virtual assets.
- Financial institutions supervised by Bangko Sentral (BSFI) are all businesses licensed by the central bank, including quasi-banks, pawnshops, foreign exchange dealers, money changers, remittance agents, electronic money issuers, and non-banking savings and loan associations. shares.
What to expect? The BSP oversees more than 40 universal and commercial banks, hundreds of rural and savings banks and 14 licensed VASPs, all of which will now be integrated into ASTERisC*. The following are considered benefits of inclusion:
- Streamlines reporting on cybersecurity risk management systems.
- Supports processes such as cyber profiling, incident reporting, and self-assessments.
- Provides tools for deeper analysis to inform oversight decisions and policymaking.
Implementation details: With the ASTERisC* integration, each institution will be assigned a single user account after mandatory training.
- Reports covered include IT Profile Reports, Event-Based Reports and Notifications (EDRN), Crime and Loss Reports (RCL), and Cybersecurity Control Self-Assessments (CCSA).
- User Account Forms (UAF) must be approved and submitted by the Chief Compliance Officer (CCO) of BSFI or authorized personnel.
Technical requirements: Reporting for newly registered BSFIs begins January 1, 2025; preparatory access is available earlier; They must have Internet access and a network whitelist for ASTERisC* components, the latest versions of supported web browsers, and mobile devices for multi-factor authentication (MFA). .
- Institutions will first receive login credentials and undergo training provided by the BSP.
- Authorized users will then access ASTERisC* through a cloud-based web portal.
- Regulatory reports and assessments will then be submitted via online forms.
- BSFIs will also use dashboards to track the status of shipments and view summary reports.
What’s next? The BSP will coordinate training and account setup with banks and VASPs, and institutions will begin preparatory use of ASTERisC* ahead of its full implementation in January 2025.
worth reading: Recently, the BSP revoked FIL-EXPRESS’s license for non-compliance with regulatory standards, as part of broader 2024 enforcement actions affecting several financial institutions.
This article is published on BitPinas: BSP Expands Use of Digital Regulatory Platform for VASPs
What else is happening in Crypto Philippines and beyond?
