The Bangko Sentral ng Pilipinas (BSP) has intensified its regulatory measures on Virtual Asset Service Providers (VASPs) to bolster the financial system’s resilience against scams and illicit activities.
These new measures are part of the amendments to regulations of the Anti-Financial Account Scamming Act (AFASA).
Security Mechanism Required for VASPs
Under the recently issued Circular No. 1213, Series of 2025, the BSP mandates all BSP-supervised financial institutions, including VASPs, to implement advanced Fraud Management Systems (FMS).
These systems are required to utilize technologies such as machine learning and rule-based algorithms to detect and prevent fraudulent transactions. Additionally, institutions must adopt security features that allow customers to immediately suspend their accounts in case of suspicious activities.
VASPs are now mandated to implement the following security features:
- Device Fingerprinting : To identify and track devices accessing financial accounts;
- Bot Detection: To prevent automated attacks;
- Kill Switch: Enabling users to instantly freeze accounts and block outgoing transactions;
- Money Lock: Allowing users to secure a portion of funds from unauthorized transfers;
- Rate Limiting: To prevent rapid, repeated access attempts typically seen in cyberattacks;
- Blacklist Screening: To flag known fraudulent entities or transaction patterns.
New Protocols
Complementing this, Circular No. 1214, Series of 2025, establishes protocols for the BSP’s Consumer Account Protection Office (CAPO) to conduct inquiries into financial accounts suspected of involvement in scams.
When an “Inquiry Order” is served, VASPs must promptly provide customer account information, transaction records, and any documents that may be relevant to the case.
This includes the authority to temporarily hold funds and share pertinent information with competent authorities such as the Philippine National Police, National Bureau of Investigation, and the Anti-Money Laundering (AML) Council.
According to the Central Bank, this ensures that suspicious funds are preserved while investigations are ongoing.
What is AFASA?
The Anti-Financial Account Scamming Act, or Republic Act No. 12010, was signed into law in July 2024 to combat rising financial scams involving bank accounts, e-wallets, and digital platforms. It aims to protect consumers from fraud schemes like money muling, identity theft, and social engineering.
Under AFASA, financial institutions must deploy real-time fraud detection systems, implement multi-factor authentication, and allow users to lock accounts to prevent unauthorized access. The law also authorizes the BSP to investigate suspicious accounts, bypassing traditional bank secrecy laws.
Financial institutions can freeze disputed funds for up to 30 days, extendable by court order, to preserve evidence during investigations.
What are VASPs?
Virtual Asset Service Providers are entities that facilitate transactions involving virtual assets, such as cryptocurrency exchanges, wallet providers, and other blockchain-based financial services.
They are regulated by the monetary agency under BSP Circular No. 1108, which aligns with global standards set by the Financial Action Task Force.
VASPs must secure a Certificate of Authority from the BSP and comply with AML and counter-terrorism financing regulations
As of May 15, 2025, only 13 VASPs are registered with the BSP. The BSP maintains a three-year moratorium on new VASP licenses, effective from September 1, 2022, focusing instead on assessing the performance and risk management systems of existing licensees.
This article is published on BitPinas: To Combat Financial Scams: Central Bank Enforces Stricter Oversight on VASPs
What else is happening in Crypto Philippines and beyond?
