AFASA is reshaping the Philippine financial sector by combating rising scams and fraud. Learn about its impact on financial institutions and the compliance challenges they face.
December 12, 2024
6 minutes
Yuqi Chen, Elaine Cheong
"By addressing the most pressing account-related fraud schemes and enhancing institutional accountability, (AFASA) closes critical gaps in fraud prevention, reinforcing trust in the digital financial ecosystem."
It has been over four months since the enactment of the Anti-Financial Account Scamming Act (AFASA), and its impact is beginning to resonate across the Philippine financial sector. Designed to counter the growing wave of financial scams exploiting digital platforms, AFASA represents a decisive step toward safeguarding consumers and institutions alike. As account-related fraud schemes—such as phishing, account takeovers, and scams targeting real-time payment systems—continue to rise, this regulation marks a critical moment in the country's fight against financial crime. However, as with any major legislative shift, the journey from enactment to full implementation is accompanied by both opportunities and challenges for financial institutions.
In this article, we’re going to unravel how AFASA is pushing financial account protection and fraud prevention in the Philippines, the challenges financial institutions face, and its implications for the future.
According to a Statista survey on personal finance conducted during the fourth quarter of 2023 in the Philippines, frauds undermining account security—such as phishing and its variants (smishing, vishing), identity theft, money mule activities, account takeovers, and stolen credit card fraud—emerged as the most concerning types for Filipinos. These crimes not only exploit vulnerabilities in digital systems but also erode consumer trust in financial institutions. Protecting account security has therefore become an urgent priority, compelling both regulators and institutions to adopt a more aggressive stance against these evolving threats.
Rising from the urgent need to protect individuals and institutions from these escalating scams, Anti-Financial Account Scamming Act (AFASA) was enacted on July 20, 2024. AFASA aims to combat the rising tide of financial scams and account-related fraud in the Philippines. This landmark legislation targets both cybercriminals and their enablers, focusing on creating a safer financial ecosystem.
AFASA applies to a wide range of entities, including:
Additionally, the act defines responsibilities for account owners, requiring them to exercise caution in their use of financial accounts to avoid becoming unwitting participants in fraud.
Real-Time Fraud Detection and Monitoring
AFASA mandates the adoption of Fraud Management Systems (FMS) for all regulated institutions. These systems must be capable of:
Multi-Factor Authentication (MFA)
To prevent unauthorized access to accounts, financial institutions are required to implement MFA as a standard security measure. By adding layers of verification beyond passwords, such as one-time pins or biometric authentication, AFASA significantly reduces the risk of account takeovers.
Combatting Money Muling
AFASA criminalizes money muling activities, wherein individuals use, buy, or rent financial accounts for illicit purposes. This provision is aimed at disrupting the networks that enable the laundering of funds from fraudulent activities.
Social Engineering Safeguards
The act defines and penalizes social engineering schemes, such as phishing, smishing, and vishing, which trick victims into sharing sensitive information. Institutions are also required to educate their customers about these risks.
Accountability for Financial Institutions
AFASA holds institutions accountable for protecting access to customer accounts. Failure to implement adequate risk management systems can result in penalties, including liability for customer losses.
In sum, AFASA provides a comprehensive framework to address the vulnerabilities of modern financial systems. By addressing the most pressing account-related fraud schemes and enhancing institutional accountability, it closes critical gaps in fraud prevention, reinforcing trust in the digital financial ecosystem.
While AFASA sets a comprehensive framework for combating account-related fraud, the path to compliance is not without obstacles. Financial institutions, particularly smaller players, face significant hurdles in aligning their operations with the law's stringent requirements. These challenges highlight the complexities of implementing robust fraud prevention systems in a rapidly evolving financial landscape.
For many financial institutions, especially rural banks, which tend to lack resources to implement advanced technological infrastructure in house, which poses a significant barrier to compliance. Implementing fraud detection systems across various channels with automated MFA requires AI-powered fraud management systems, which can be a substantial investment. Without these capabilities, institutions remain vulnerable to the very scams AFASA seeks to prevent.
The rapid digitization of financial services in the Philippines has increased accessibility but also made systems more vulnerable to fraud. Weak onboarding protections, such as insufficient verification of email addresses, phone numbers, and device insights, allow fraudulent or bot-created accounts to enter databases.
The country’s historically fragmented identity landscape—characterized by multiple government-issued IDs such as passports, SSS cards, and postal IDs—further complicates the validation process. While the rollout of the Philippine Identity Verification System (PhilSys) in recent years aims to streamline identity verification, its adoption is still ongoing, especially in rural areas.
These results in an influx of low-quality or invalid accounts, making it harder to maintain clean and actionable customer data. And without regular validation or updates, customer information becomes outdated or inconsistent over time. Poor data quality therefore creates blind spots that fraudsters exploit, further eroding trust in the financial ecosystem.
Fraud is a collective challenge that transcends institutional boundaries, yet many financial institutions operate in silos. The absence of regular dialogue and data sharing between institutions and regulators creates gaps in fraud detection and prevention efforts. In the Philippines, initiatives like the Anti-Money Laundering Council (AMLC), Philippine National Police Anti-Cybercrime Group (PNP-ACG), and Bangko Sentral ng Pilipinas (BSP) play vital roles in addressing specific fraud risks, but the lack of a centralized platform and coordinated approach means stakeholders are often left working with fragmented data. AFASA underscores the need for collaboration, but building the infrastructure and trust required for effective information sharing remains a daunting task. The absence of a unified system, akin to Malaysia's National Fraud Portal, further exacerbates this issue, leaving critical gaps in collective fraud prevention efforts.
The Anti-Financial Account Scamming Act (AFASA) marks a turning point for the entire Philippine financial ecosystem. However, its success relies on a collective effort from all players in the industry, each bringing their unique strengths and capabilities to the table.
Retail and commercial banks, as the pillars of the financial sector, bear the responsibility of leading this transformation. Their ability to adopt advanced fraud detection systems and strengthen identity verification processes sets the tone for industry-wide compliance.
Meanwhile, rural banks, often operating with limited resources, must find innovative ways to align with AFASA’s requirements. Scalable solutions, such as cloud-based fraud management tools, provide these institutions with a practical path to meeting the law’s demands without overextending their capabilities.
As for the fintech companies, with their agility and technological expertise, they are at the forefront of this fight. Their agile ability to implement cutting-edge fraud detection measures and work closely with regulators positions them as critical drivers of innovation. However, the battle against fraud is not theirs to fight alone. Third-party risk management vendors also play a crucial role in bridging the gap for institutions struggling with compliance. By leveraging their investment in R&D and adopting the latest technologies, these vendors can often offer quicker and more cost-efficient solutions. This is further enhanced by their domain expertise, providing rules and models informed by rich industry experience across countries, and helping institutions navigate the complexities of compliance while maintaining operational efficiency.
Ultimately, the implementation of AFASA is a shared responsibility. Its success hinges on collaboration, innovation, and an unwavering commitment to safeguarding the financial ecosystem. Through collective effort, the industry can transform compliance into a strategic strength, ensuring a secure and resilient financial landscape for all.
Let’s chat!
Let us get to know your business needs, and answer any questions you may have about us. Then, we’ll help you find a solution that suits you
TrustDecision empowers businesses with AI-driven decision engine designed for fraud prevention, credit risk decisioning and ensure regulatory compliance. It leverages on machine learning models and big data capabilities to deliver real-time risk insights with accuracy and automate decision-making process to deliver maximum operation efficiency.
.jpg)
.jpg)