AFASA and BSP Circular No. 1213 are fundamentally reshaping the security architecture of the Philippine financial sector. With the compliance deadline fast approaching, banks and financial institutions must act decisively to meet mandatory regulatory requirements.
In June 2025, Bangko Sentral ng Pilipinas (BSP) issued Circular No. 1213, amending the IT Risk Management framework to formally implement Section 6 of the Anti-Financial Account Scamming Act (AFASA). This marks a structural transformation in how financial institutions across the Philippines approach cybersecurity and fraud prevention.
Circular 1213 applies to all BSP-supervised entities, including banks, fintech companies, payment service providers, and lending institutions. The regulation focuses on:
- Comprehensive upgrade of the Fraud Management System (FMS)
- Deployment of strong and passwordless authentication (FIDO2, biometrics, etc.)
- Ensuring device integrity and application protection through RASP (Root/Jailbreak detection)
- Advanced device fingerprinting and emulator detection
- Enhanced real-time bot detection and prevention
Notably, before June 2026, , financial institutions are required to eliminate SMS OTP for high-risk transactions and transition to more secure, phishing-resistant, device-bound authentication methods.
Understanding the regulatory and operational challenges faced by banks and financial institutions, Savyint delivers an integrated security and fraud prevention platform aligned with AFASA and BSP Circulars 1213 – 1215. The solution is built around four core pillars: Cyber Security & App Protection, SCA/MFA Identity, AI-Driven Fraud Management (FMS), and Risk Management & Compliance, protecting the entire customer journey – from onboarding and login to authentication, transaction execution, and post-transaction monitoring.
Savyint’s Key Advantages:
- Built on a Zero-Trust architecture with continuous verification of users and devices based on real-time risk signals
- API-first design enabling rapid deployment and seamless integration with existing systems
- Passwordless FIDO2 authentication
- AI-driven adaptive models continuously updated to detect emerging and increasingly sophisticated fraud patterns
- Device and application protection powered by RASP and advanced Device Intelligence
- Long-term operational cost optimization
Savyint’s integrated platform complies with both international and local security standards and regulations, including: Philippines (AFASA, BSP 1213–1215), Vietnam (Circulars 50, 64, 77/NHNN), Singapore (MAS), as well as FIDO2, PSD2/PSD3, eIDAS, GDPR, and PCI DSS.
Connect with our experts today to accelerate your compliance with AFASA and BSP Circulars 1213–1215.
