Senate probers were reassured on Monday that no depositor lost money and no hacking was involved in the “technical malfunctions” that disrupted banking operations at the Bank of Philippine Islands (BPI) and at Banco de Oro (BDO) last week.
But ranking BPI and BDO officers, as well as Bangko Sentral ng Pilipinas (BSP) officials, testifying before a Senate hearing chaired by Sen. Francis G. Escudero, were still asked to submit incident reports to the Committee on Banks, Financial Institutions and Currencies.
Senate Minority Leader Franklin M. Drilon, however, voiced caution in probing the bank malfunction incidents, saying: “We must be very careful not only on the part of the Senate, but also on the part of the media.”
“We must exercise prudence. We should be prudent in investigating bank glitches. We need to assure public of the stability of our banking system,” Drilon said, adding: “We should not speculate because we must reassure of our people of the stability of the banking industry.”
The senator reiterated the need to “reassure our people that nothing is wrong, [that] no depositor lost money”.
“They have complained, but the deposits were preserved and returned. There was no hacking, because we cannot afford to shake the belief of our people in the banking system. We must be very careful. We must not be part of any effort to destabilize our banking industry,” he added.
Escudero acknowledged that while there is no ironclad guarantee as there will always be attempts against the banks, the senators are ready to put added safeguards, if needed.
“The process is safe, we have professional bank managers” the senator said even as he cited the “need to beef up the IT [information-technology] group to stay ahead”.
The senator indicated the committee would also look into “transnational implications of hacking and skimming” saying possible legislation “can cover that”.
“If needed, we will call another hearing after reviewing the BSP report,” Escudero told reporters, saying the follow up hearings would also “address updates in [the] BSP charter, plus transnational crimes” using the banking system.
BPI executives explained that a technician bypassed established protocols on the extraction of files from its system, and used the wrong dates that caused all the confusion and anxiety not just on its depositors, but the management, as well.
The lender assured the BSP and its clients that hacking through the Internet to steal money was an impossibility.
“The one in question was the ATM [automated teller machine] system that drives our POS [Point-of-Sale], express payments and cash acceptance and withdrawal machines. It is a closed system that means it is not connected to the Internet; its only connection is with our main frame and they have their own networks,” BPI Executive Vice President Ramon L. Jocson said.
BPI also refuted the claims some clients received billions in their accounts.
“It is impossible to reach billions. You can only put in a maximum of P1,000 deposit. You have to feed the machine that amount five times a minute to reach amounts in billions,” Jocson said.
Along with the BPI final report to the committee, the Senate also ordered the BSP to submit its own as soon as possible.
“If June, I’m not sure. It is also too early to tell whether there will be sanctions. It will warrant sanctions if there was a violation to banking laws, but it will depend how the bank took action. It is really a holistic approach of the situation,” Assistant Governor for Supervision and Examination Subsector Chuchi G. Fonacier said.
Based on the statements of BPI and the BSP, the Senate considers sanctions or penalties to be minimal.
“We have to distinguish between neglect and outright malfeasance. Maybe, the BSP is weighing those to determine sanctions and violation of the bank. Honest mistake has no liability, unless the person was negligent or intentional,” Chairman of the committee Escudero said.
“As far as I know, the technician has no connections to any interested parties to willfully make the error and she has no benefits for making the error,” he added.
To prevent the incident from recurring, BPI said it will install circuit breakers that go off when transactions reach P10 billion or more restore points, update memo postings and reschedule daily processing earlier.
“What is important is the recovery measures and preventive steps BPI employed to maintain the financial integrity of the country. Also, aside from drafting banking laws and regulations, we want to use this hearing to placate fears among the public. If that is the truth, then no need to exaggerate the error and label it hacking,” Escudero said.
Earlier last week, the Bankers Association of the Philippines (BAP) expressed confidence that, while glitches happen among banks, their members are well equipped to deal with these so the public suffers the least disruption.
The BAP also expressed support for BPI, despite the bank’s having drawn flak, especially on social media, when the glitches that it attributed to “internal system error” lasted nearly two days.
“We do not believe that this incident will affect the bank’s ability to service its customers,” said the BAP, which counts 21 local banks as members, and an additional 19 foreign bank branches, as well.
The Ayala-led BPI is the country’s oldest, and has a deposit base of P1.4 trillion as of end-March, and deposit accounts of 8 million. The BSP data show 602 banks operate in the country: 42 universal and commercial banks; 60 thrift; and 500 rural banks.