Fintech 2024

Last Updated March 21, 2024

Philippines

Law and Practice

Authors



Gorriceta Africa Cauton & Saavedra is a top-tier, full-service law firm and is a leader in technology law practice in the Philippines, including in the fields of capital markets, corporate law, data privacy and cybersecurity, M&A, real estate and taxation. The firm has received awards over several years by prestigious organisations for its work in the technology and telecommunications space.

The past year enabled strengthened regulations on the part of the Philippine Central Bank (Bangko Sentral ng Pilipinas– BSP) and the Securities and Exchange Commission (SEC) on the key fintech verticals in the Philippines: specifically for digital banking, money service businesses (electronic money issuers (EMIs); remittance agents (RAs)) for BSP-regulated institutions and investment advisers, lending, and financing companies for the SEC-regulated institutions.

Notably, BSP Circular 1166 or the Amended EMI regulations formally recognised the distinction between closed and open-loop electronic money systems, created a tiered-capital requirement for small-scale and large-scale EMIs, and enhanced requirements on minimum systems and controls, consumer protection, disclosure requirements, interoperability with Automated Clearing Houses, and liquidity for EMIs. Given the growth of EMI adoption in the Philippines – far outpacing that of digital banks – BSP also issued the Amendments on Customer Due Diligence (CDD) and electronic Know-Your-Customer (eKYC) under BSP Circular 1170. Meanwhile, to further support open banking, the BSP, in partnership with key financial stakeholders, launched the Open Finance Sandbox as well as the Open Finance Pilot which explores API development and interoperability to enhance open banking services and the development of financial products and services.

Other notable forthcoming regulations from the BSP concern merchant acquirers. BSP’s Draft Regulatory Framework for Merchant Payment Acceptance Activities introduces a Merchant Acquisition Licence requirement for entities intending to handle merchant onboarding and payment processing, including fund transfers to merchant transaction accounts.

Strong emphasis by the lawmakers and regulators on financial consumer protection has also been seen, with the enactment of the Financial Products and Services Consumer Protection Act (FCPA), which was immediately followed by the BSP and SEC’s own respective implementing regulations to the FCPA, institutionalising rights of financial consumers as well as mandating Financial Service Providers (FSPs) to conduct a gap assessment analysis and develop a board-approved action plan in compliance with the FCPA, for submission to the BSP/SEC, which shall be subject to ongoing compliance requirements. Pursuant to the SEC’s Implementing Rules and Regulations to the FCPA, a broader category of investment advisers is also now required to register with the SEC.

The SEC also released draft circulars on its much-anticipated Guidelines on the Registration and Licensing of Online Lending Platforms (OLP) as well as the Digital Asset Securities Service Providers (DASSP). OLPs are essentially the electronic platforms of lending and financing companies for customer onboarding, loan origination, and underwriting – the registration of which is currently suspended by the SEC, subject to the finalisation of the OLP Guidelines. Meanwhile, the Draft DASSP Guidelines appear to be the enhanced and consolidated Draft Guidelines on Digital Asset Offerings and Digital Asset Exchanges (DAEs) – regulations which have been weathered and reformulated to account for the lessons brought about by market-shaping cryptocurrency events, particularly the collapses of notable global players like FTX, Voyager, and Celcius. As an example of the SEC’s tightening regulatory oversight and enforcement of unlicensed crypto-exchange/trading activities, it has also issued an advisory seeking to ban Philippine-based users’ access to the world’s largest crypto exchange: Binance as well as sought heavy regulatory enforcement by requesting the National Telecommunications Commission’s (NTCs) assistance in blocking certain unlicensed offshore investment platforms (ie, MiTrade) from the Philippine webspace.

Lastly, both new and incumbent fintech players have actively sought regulatory sandbox licences and exemptions from the BSP and SEC through their respective regulatory frameworks, albeit SEC’s Regulatory Framework is still within the drafting and finalisation stage.

Payments, e-wallets, remittance, and lending/financing activities are the fintech verticals that currently predominate the Philippine jurisdiction, both for new and for legacy players. Albeit supposedly more accessible due to its end-to-end digital nature, digital banks and digital banking, in general, are still struggling to penetrate and onboard the underbanked and unbanked segments of the population given a combination of infrastructure and cultural factors: specifically, the lagging public adoption of the National ID system which is supposed to accelerate creation of digital banking accounts through eKYC as well as the preference of retail clients to establish bank accounts through physical channels/interactions – which digital banks are currently trying to bridge through physical-digital or “phygital” solutions (ie, digital bank onboarding kiosks at actual retail establishments).

The dominance of payments, e-wallets, remittance, and lending/financing activities underscores the market’s adoption of fintech verticals that facilitates economic transactions for goods and services (ie, e-commerce, sending/receiving funds for payments). Predictably, this also led BSP and SEC, as regulators of such financial activities, to further revisit and enhance regulations surrounding Operators of Payments Systems (OPS), merchant acquirers, EMIs, and lending/financing companies with respect to their OLPs.

While lower in market share, other fintech verticals relating to blockchain/cryptocurrency, insurtech, wealthtech, and digital banking are also gaining steady traction.

The regulatory regimes applicable to industry participants of the main verticals (payments, e-wallets, remittance, and lending/financing activities) are driven by both the BSP and SEC. While previously, the BSP has adopted a test-and-learn approach and the SEC has erred on a more conservative approach, the accelerated innovations and market developments brought about by the past five years, particularly during the pandemic, allowed both regulators to segment and identify regulatory areas demanding strict and more traditional regulatory enforcement, such as financial consumer protection, IT risk management, and AML/CFT compliance, while recognising the need to further enable and encourage a test-and-learn approach for innovative technologies (ie, Artificial Intelligence, Robotic Process Automation) through the existing regulatory sandbox frameworks.

To evidence this, the SEC has created the Philippine Finance & Technology (PhiliFinTech) Innovation Office while the BSP has constituted its own Technical Working Group to implement their respective Regulatory Sandbox Frameworks.

The SEC, in particular, regulates fintech platforms involved in lending, financing, crowdfunding, broker-dealer, and securities trading activities in general. As above-mentioned, the SEC is also seeking to regulate DASSP activities as well as strengthen its existing regulations and licensing requirements on OLPs of financing/lending companies.

Meanwhile, the BSP regulates most of the key fintech verticals involving digital banks, money service businesses (VASPs, EMIs, RPPs, RAs, MC/FXDs), electronic payment and financial services (EPFS) providers, OPS, and merchant acquirers.

Existing laws and regulations do not prescribe a compensation model to be used by industry participants for their customers. As such, this is chiefly driven by market practice and competition. However, with respect to disclosure requirements and responsible pricing, the FCPA and the FCPA IRRs of the BSP and the SEC requires FSPs to use clear and concise language to ensure that all information concerning the financial product or service is understood by the target clients, which includes updated and accurate disclosure of information on pricing or any cost associated with the product or service.

The FCPA provides that FSPs are legally responsible for all marketing/advertising statements relative to their financial products or services. FSPs must also have internal policies and procedures for setting prices for their products and services that take into consideration, among others, the principle of responsible pricing.

Legacy players and non-legacy/emerging fintech players for the main verticals are typically subject to the same key banking and securities laws and regulations, such as the New Central Bank Act, as amended, and Manual for Regulation of Banks (MORB)/Manual of Regulations for Non-Bank Financial Institutions (MORNBFI) for BSP-regulated financial institutions and the Securities Regulation Code (SRC)/Lending Company Regulation Act (LCRA)/Financing Company Act (FCA)/Investment Company Act (ICA) for the SEC-regulated financial institutions.

From these key laws/regulations, the BSP and SEC have issued (or are in the process of issuing) fintech vertical-specific regulations, as needed, to create a specialised regime suitable for such verticals and in recognition that certain entities cannot be assessed with the same prudential requirements applicable to legacy players (ie, specialised regimes apply for EMI, VASP, DASSP, OPS, merchant acquiring, EPFS, crowdfunding, OLP, etc). Notably, for non-bank institutions, and given the consumer protection concerns particularly for e-wallets and crypto-institutions, the BSP and SEC have required 1:1 liquidity/reserve for EMIs, VASPs, and DASSPs to be maintained and segregated from such institution’s operational funds – ensuring that fund redemptions of consumers can be met at all times. For AML/CFT compliance, VASPs are also generally required to obtain and verify certain transactional information as part of the Travel Rule requirement for all virtual asset transfers, if they are acting as an originating or beneficiary institution.

In the Philippines, relevant government agencies each have their own regulatory sandbox framework. This includes the following.

Bangko Sentral ng Pilipinas (BSP) Regulatory Sandbox Framework

The BSP Regulatory Sandbox Framework applies to all BSP-Supervised Financial Institutions (BSFls), third-party service providers of BSFls, other BSP-registered institutions, and all other entities that intend to offer or use an emerging or new technology to deliver financial products or services that could fall under the jurisdiction of the agency. Each applicant must undergo a four-stage process which includes: application, evaluation, testing, and exit stage. Relative to other sandbox frameworks, the BSP has a more open approach by essentially allowing any entity to apply provided it falls under its regulatory purview.

Securities and Exchange Commission (SEC) Draft Sandbox Regulatory Framework

Last October 2023, the SEC issued its draft regulatory sandbox framework which will allows interested applicants to test innovative financial products and services within a live controlled environment. The regulatory sandbox shall have four stages: application, evaluation, testing, and exit stage. Unlike the BSP sandbox framework which allows application by any interested player, the SEC adopts a more conservative approach by providing a comprehensive list of eligible activities and innovations that are allowed to enter and operate within the regulatory sandbox.

As of the date of writing, the SEC has not yet issued an official sandbox regulatory framework.

Insurance Commission (IC)

The IC has issued various guidelines on the adoption of a regulatory sandbox framework. These include the following.

Regulatory sandbox framework for insurance technology (insurtech) innovations

The regulatory sandbox framework allows licensed insurance providers to test technical innovations in the conduct of insurance business. The framework may also allow participation of entities which are not regulated by the IC but whose collaboration will require the performance of acts that will result in business or transactions that will require licensing, regulation or approval by the IC, provided that the entity complies with existing regulations of the IC.

Regulatory sandbox framework for financial technology (fintech) innovations for health maintenance organisations (HMOs) and pre-need companies

The IC subsequently issued guidelines on the adoption of the regulatory sandbox framework for fintech innovations for HMOs and pre-need companies. The same guidelines adopted by the IC for insurtech entities shall be applied.

Regulatory sandbox framework for innovations in the insurance, HMOs and pre-need industries

In its aim to facilitate further development and innovation, the IC issued guidelines on the regulatory sandbox framework which applies to a licensed insurance provider, HMO, pre-need company, insurance or reinsurance broker, adjuster, mutual benefit association, or any other entity regulated by the IC which intends to offer innovative products, services, business models and other mechanisms not included or covered in the above-mentioned IC guidelines.

The regulators of the main fintech verticals/industries in the Philippines are the SEC and the BSP.

The SEC is the primary regulator of corporations in the Philippines. Aside from this, the SEC regulates fintech entities involved in lending, financing, crowdfunding, broker-dealer, and securities trading activities in general. Moreover, the SEC also seeks to regulate activities involving digital assets with its issuance of the Draft DASSP Guidelines.

Meanwhile, BSP exercises jurisdiction over all forms of banks in the Philippines (ie, universal, digital, commercial, thrift, rural banks), and non-bank financial institutions – ie, quasi-banks, money service businesses (such as EMIs, VASPs, Remittance Agents, Money Changer/Foreign Exchange Dealers), OPS, and merchant acquirers.

As an aside, with respect to insurtech or related activities, these shall fall under the regulatory purview of the IC. With respect to e-commerce activities and private express and/or messenger delivery service (PEMEDES), this is within the regulatory purview of the Department of Information and Communications Technology (DICT).

Regulatory agencies allow outsourcing of certain functions to third-party service providers, and such outsourced obligations can be upon the discretion of the outsourcing entity, save for certain regulatory exceptions.

BSFIs are prohibited from outsourcing inherent functions such as AML/CFT oversight and internal audit. Material outsourcing arrangements also generally require BSP approval. Vendors of BSFIs are required to pass the minimum controls/due diligence checks on key risk areas related to outsourcing, such as security and privacy, data ownership/location/retrieval, and business continuity planning. Mandatory contractual requirements involve, at the minimum, the vendor’s business continuity plan, due diligence/periodic service performance assessment, and independent audit/review. Insofar as data ownership/location/retrieval is concerned, at a minimum, the contract should contain the following provisions:

  • the BSFI retains exclusive ownership over all of its data;
  • the vendor acquires no rights whatsoever to use the BSFI’s data for its own purpose or for any purpose other than what is required based on the scope of service; and
  • the vendor does not have the right to prevent the duly authorised access of BSFI to its own data. For these provisions to work as intended, the terms of data ownership must not be subject to unilateral amendment by the vendor.

The SEC has fairly limited regulations with respect to outsourcing of functions. In 2014, the SEC issued SEC Memorandum Circular No 5, Series of 2023, which provides for guidelines on outsourcing of functions of broker dealers. Pursuant to the circular, broker dealers may only outsource back-office functions and cannot outsource material activities and any other activity which involves any interaction or direct contact with clients related to buying and/or selling securities or solicitation of investments in securities.

With respect to lending/financing companies, the FCPA provides that the lending/financing companies are solely liable for the acts of their vendors/third-party collecting agents (ie, in the event of an unfair lending practice)

Both the BSP and the SEC enforce strict liability for fintechs with respect to funds and assets in their regulated fintech players’ platforms, notwithstanding that custodial functions of such funds/assets may be outsourced. Other activities warrant regulatory oversight and enforcement depending on their impact on such funds/assets (ie, in the event of cybercrimes) and the system integrity/business continuity of such platforms.

With respect to e-commerce activities, the recently enacted Internet Transactions Act imposes the following responsibilities for e-marketplaces or digital platforms:

  • clearly identify e-commerce transactions, persons, and promotional offers on their platform;
  • require online merchants to submit essential information;
  • maintain and regularly update a list of online merchants;
  • comply with data privacy laws/regulations and information security standards to be set by the Bureau, NPC, and other issuances of relevant government agencies;
  • prohibit the sale of regulated goods without the necessary permits and licence information, and contractually obligate compliance with relevant sale procedures and limitations;
  • establish an effective redress mechanism for online consumers and merchants;
  • require all online merchants to comply with product disclosure requirements; and
  • exercise ordinary diligence in performing the above obligations.

The BSP, in the performance of its supervisory powers over BSP-Supervised Institutions (BSIs), is equipped with enforcement tools or actions which it can exercise to ensure that licensed entities are and remain qualified to possess the same. Enforcement actions that may be imposed include, but are not limited to the following.

  • Corrective action or measures intended to primarily require BSIs to rectify any deviations from the standards, principles and conditions expected for the exercise of their respective licence and/or authority. Corrective actions may include issuance of directives and warnings.
  • The BSP may also impose sanctions such as (i) suspension of activities; (ii) revocation of licences; (iii) administrative sanctions on responsible directors/officers who approve relevant transactions; or (iv) monetary penalties in certain cases.

Recently, it has issued cancellations of the Certificates of Registration of two VASPs: Coinville Phils., Inc. and Bexpress, Inc. It has also issued an extension on the moratorium for the entry of new non-bank EMIs for another year, or until 15 December 2024, subject to the exceptions under the Regulatory Sandbox Framework for entities that offer strong value propositions to provide e-money services.

With respect to the SEC, the agency has authority to issue Cease and Desist Orders to prevent fraud and injury to the investing public, as well as to impose administrative sanctions over non-compliant licensed entities. The SEC has authority to suspend or revoke registrations or licences, impose fines, and impose administrative sanctions on relevant officers, directors, or persons performing similar functions.

Recently, the SEC issued an advisory banning Binance from Philippine access, which was supposedly implemented by the end of February 2024 but, as of the date of writing, was reportedly stalled subject to further evaluation from the SEC, taking into consideration all the possible ramifications of such ban, including implications to Filipino customers’ funds. The SEC also regularly issues advisories and notices to the public against unregistered offshore exchanges.

Philippine data privacy regulations are primarily embodied in the Philippines’ Data Privacy Act of 2012, its implementing rules and regulations, and pertinent issuances by the National Privacy Commission (NPC). For fintech industry participants, the applications of these regulations will require the following key obligations, at the minimum:

  • compliance with the general principles of legitimate purpose, proportionality and transparency in data processing, including consent and/or notification requirements;
  • the incorporation of mandatory provisions in agreements involving the outsourcing of collection, processing, sharing, retention or other related activities in respect of personal data; and
  • compliance with obligations imposed under Philippine data privacy laws on entities classified as personal information processors, including data breach notification obligations and registration with the NPC under certain conditions.

For cybersecurity, the SEC provides a standardised disclosure regarding cybersecurity risk management, strategy, governance and incidents by public companies that are subject to the reporting requirements of the Exchange. BSP provides policies and regulations to its supervised institutions on a risk-based approach to cybersecurity management.

For social media content, BSP provides guidelines on social media risk management which shall govern the BSFI’s framework to aid in the sound management of risks associated with the use of social media for official purposes or an employee’s personal use, within and outside the organisation.

For software development, BSP’s Open Finance Oversight Committee (OFOC) leads governance matters and regulates the development of application programming interface (API) standards, which includes tiered implementation by sensitivity, data type and data holder type.

Besides the regulators, the following bodies and self-regulatory organisations review the activities of industry participants:

  • the Philippine Stock Exchange (PSE) – the country’s national stock exchange that operates and regulates the Philippine stock market and its trading participants. The PSE is subject to the regulation and supervision of the SEC;
  • the Philippine Payments Management Inc. (PPMI) – manages the conduct and compliance of bank and non-bank EMI members and their participation with automated clearing houses. PPMI promotes the development of the retail payment systems, and establishes payment system rules, agreements, and standards to ensure that payment transactions are safely and efficiently cleared and settled with finality. The PPMI is subject to the regulation and supervision of the BSP.
  • the Open Finance Oversight Committee (OFOC) – governs activities and participants of the Philippine Open Finance Ecosystem. The OFOC is subject to the regulation and supervision of the BSP.

Absent a clear prohibition, unregulated products and services can be offered in the Philippines subject to the confirmation or letter of no objection by a potentially relevant regulator over such an activity. For instance, robo-advisory services, while not subject to present regulations, may fall under investment adviser activities, and hence, may be subject to the rules and regulations of the SEC. Thus, a conservative approach is to secure regulatory confirmation or letter of no objection with respect to a particular unregulated product or service before offering the same in the Philippines. Subject to the regulator’s response, these can be generally offered alongside the same legal entity if it is an extension of such legal entity’s existing business model (which can be covered by the primary or secondary purpose of a corporation’s articles of incorporation).

Fintech companies falling under Covered Persons (which are all institutions issued with a licence or registration by the BSP and SEC) must present capacity to create and implement AML/CFT compliance as early as the licensing stage, and must regularly comply with AML/CFT monitoring, audit, and reporting requirements with the BSP/SEC, in addition to the Anti-Money Laundering Council (AMLC’s) primary jurisdiction over AML/CFT-related compliance. This impacts scalability of operations and resources, which is met by regulated fintech entities’ development of electronic KYC, verification, monitoring/screening, reporting, and fraud controls at par with industry standards.

For unregulated fintech entities, these vary depending on their need to avail of or integrate with the services/facilities of Covered Persons, as well as the regulators’ determination on whether they themselves must comply with AML/CFT requirements. For instance, entities applying under regulatory sandbox frameworks of the BSP/SEC are required to perform AML/CFT gap assessments and create AML/CFT policies and controls. Those that are ultimately not subject to any regulation, even with the regulatory sandbox frameworks, must still comply with the Know-Your-Business (KYB) due diligence and verification of Covered Persons (ie, if they avail of corporate bank accounts). All corporate entities in the Philippines, by the SEC’s mandate, are also required to timely disclose their ultimate beneficial owners (individuals).

There are currently no Philippine laws or regulations governing the delivery of financial advisory services through AI-based or algorithm-based robo-advisory platforms.

However, the FCPA and the SEC FCPA IRR may broadly capture a robo-advisory platform under the registration requirement for an investment adviser. As defined under the SEC FCPA IRR, an investment adviser shall refer to any person who, for compensation, engages in the business of advising others (whether electronically or in any other form) in investing, purchasing, selling, or analysing investment products.

Legacy players generally internally develop and/or avail of robo-advisory solutions for their own investment/trading activities, but these technologies have not yet been deployed to the retail market. However, please refer to our response in 3.1 Requirements for Different Business Models regarding investment advisers under the FCPA.

As provided under the SRC, the Best Execution Rule provides that “in any transaction for or with a customer, a broker-dealer shall use reasonable diligence to ascertain the best market for the subject security and buy and sell in such market so that the result to the customer is as favourable as possible under the prevailing market conditions”. Factors to be considered in determining whether reasonable diligence has been exercised include the price, the promptness of execution of the order, the size of the transaction, available markets, the settlement cycle and attendant transaction costs.

Under the PSE’s revised Trading Rules, in every transaction, the Best Execution Rule provides that a Trading Participant shall use reasonable diligence to ascertain the best available price for the security so that the resultant price to the client is as favourable as possible under the prevailing market conditions.

Under the Draft DASSP Rules, DASSPs shall exercise reasonable diligence to execute each client order to buy or sell one or more Digital Asset Securities that it receives so as to obtain the most favourable price for the client under the prevailing market conditions, provided that due consideration is also given to costs, speed, likelihood of execution and settlement, size, nature or any other consideration relevant to the execution of the order to ensure the best possible result for the client.

Industry practice and the speed and reliability of market information dissemination largely affects the compliance with the Best Execution Rule.

Individuals and businesses can avail of loans from both BSP and SEC-regulated institutions, specifically: banks, quasi-banks, lending companies, financing companies, and crowdfunding platforms. They are governed by the following laws and regulations:

  • for lending companies – Republic Act No 9474 or the Lending Company Regulation Act (LCRA), its Implementing Rules and Regulations (IRR), and the issuances of the SEC;
  • for financing companies – Republic Act No 8556 or the Financing Company Act (FCA), its IRR, and the issuances of the SEC;
  • for crowdfunding platforms – SEC Memorandum Circular No 14, Series of 2019 Rules and Regulations Governing Crowdfunding (CF);
  • for banks and non-banks – Republic Act No 7653 or the New Central Bank Act, as amended, BSP’s MORB and MORNBFI, and the issuances of the BSP; and
  • for all lending/financing institutions – Republic Act No 3765 or the Truth in Lending Act, as well as the FCP.

In terms of granting loans to the public, BSP and SEC are generally uniform as to the AML/CFT components (customer due diligence, risk profiling, transactions monitoring), the financial consumer protection aspects (customer information forms, disclosure statements, and transparency requirements), and loan origination/underwriting processes.

In terms of sourcing of funds for such lending business, for lending and financing companies, the LCRA and the FCA allows funds to be sourced via equity or loan financing from not more than 19 persons in a calendar year. For crowdfunding platforms, the SEC’s Crowdfunding Rules enables equity-based and lending-based funding by registered persons such as brokers, investment houses, funding portal, and issuers and investors who participate in a crowdfunding platform.

The underwriting process used by industry participants is directed by both regulations and industry practice.

At the minimum, SEC and BSP lending institutions are required by AML/CFT laws and regulations to conduct customer due diligence, with an embedded risk-based approach through written and graduated customer acceptance and identification policies and procedures which shall help determine the risk levels of each potential customer. Thereafter, institutions also tap into local credit bureaus duly authorised by the Credit Information Corporation to factor in credit scores of individuals and business as part of the loan underwriting process.

For lending and financing companies, under the LCRA and the FCA, the sources of funds for loans should be from loan or equity investments from not more than 19 persons in a given calendar year – this is the 19-lender rule. Any additional investor beyond the 19-lender rule would categorise the investment activity as a public sale of securities, which will fall under the registration requirement of the Philippine Securities Regulation Code (SRC) and its IRR.

In the case of crowdfunding, the SEC’s Crowdfunding Rules enable the offer or sale of securities of a limited scale, usually for start-ups, micro, small and medium enterprises (MSMEs) through a crowdfunding platform. Crowdfunding participants are limited to qualified investors (ie, banks, investment houses, insurance companies, pension funds, investment companies, and other qualified high net worth investors).

For loans from banks and quasi-banks, these can be sourced from the public, subject to the appropriate MORB/MORNBFI regulations for deposits and deposit-substitutes.

Syndication of loans are typically commercial undertakings by lending and financing institutions.

However, insofar as banks and quasi-banks are concerned, the MORB and the MORNBFI prohibits the sale or assignment of loans, such as via syndications, on a without-recourse basis, unless such loans or debt instruments are government securities or are registered with the SEC.

Moreover, when participating in loan syndications, a bank or quasi-bank should not place undue reliance on the credit analysis done by the lead underwriter and shall perform its own analysis and review of syndicate terms. It shall analyse the risk and return on syndicated loans in the same manner as directly sourced loans and ensure that the loan is consistent with its credit risk strategy.

As an aside, BSP’s implementing guidelines on the Agri-Agra Reform Credit Act of 2009 allow banks to grant a syndicated type of loan for agrarian reform credit/agricultural credit in general, either between or among themselves. The mechanics, including the recording of such syndicated type of loan transactions, shall follow existing practices and regulations applicable both to the lead bank and other participating bank.

Payment processors may use existing payment rails or create/implement new ones. However, by industry practice, payment processors generally participate with the following widely-used Automated Clearing Houses (ACHs):

  • Philippine Electronic Fund Transfer (EFT) System and Operations Network (PESONet) for batch EFT credit payment scheme; and
  • InstaPay for real-time own-value EFT credit push payments,

either directly, if they are participating banks or non-bank EMIs (which are qualified for PPMI membership, being a pre-requisite for participation with Automated Clearing Houses (ACHs)) or indirectly by partnering with such participating banks or non-bank EMIs and being sponsored into ACHs via an aggregated model.

Cross-border payments are regulated under the National Payment Systems Act and the implementing regulations of the BSP, such as BSP Circular 1049 or the OPS Regulations. For remittances, these are covered by both the MORB and the MORNBFI for remittances of banks and non-bank money service businesses (ie, remittance agents).

Under BSP’s Memorandum No M-2023-042, it is worth noting BSP’s clarification that under existing regulations, as a general rule, all virtual asset transfers are considered cross-border wire transfers subject to the Travel Rule requirement.

BSP’s Manual of Regulations for Foreign Exchange Transactions (MORFXT) also governs remittances involving foreign exchange and prescribes supporting documentation and transactional thresholds depending on the underlying purpose of the foreign exchange and cross-border remittance transactions (generally categorised as either trade or non-trade activities).

Fund administrators (or the equivalent) are regulated depending on their activities, as follows.

  • Investment managers of a trust entity (whether by a bank or an NBFI through its specifically designated trust business unit) or a trust corporation authorised by the BSP, are regulated by the MORB/MORNBFI for the performance of investment management activities in a trust business. A trust business is defined as any activity resulting from a trustor-trustee relationship (trusteeship) involving the appointment of a trustee by a trustor for the administration, holding, management of funds and/or properties of the trustor by the trustee for the use, benefit or advantage of the trustor or of others called beneficiaries.
  • Investment Managers of Personal Equity and Retirement Account (PERA) Market Participants and PERA Investment Products are also regulated by the BSP pursuant to Republic Act No 9505, also known as the PERA Act of 2008 (PERA Act).
  • Fund Managers of an Investment Company are regulated under the Investment Company Act and its IRR. Fund Managers, aside from managing a fund, also function as a distributor of the shares or units of the investment company.

For BSP-regulated investment managers, the MORB/MORNBFI prescribes operating and accounting methodology for investment management activities, to wit:

  • the investment manager shall administer, hold, or manage the fund or property in accordance with the instrument creating the investment management relationship; and
  • funds or property of each client shall be accounted separately and distinctly from those of other clients herein referred to as individual account accounting.

For fund managers of investment companies, the Investment Company Act IRR, prescribes the following obligations:

  • manage the investment assets of the investment company and perform its functions in accordance with the disclosures in the RS, prospectus, its agreements with the investors of the investment company, if any, the Act, the SRC and its IRR and the Rules;
  • keep or cause to be kept such books and records as will sufficiently explain the transactions and dispositions of the assets of the investment company, including the shares/units cost allocation; and
  • maintain records and arrange for participants to receive accounts, reports and statements, among others.

As at the date of writing, trading platforms or exchanges are generally governed by the provisions of the SRC and the issuances of the SEC. An Exchange refers to an organised marketplace or facility that brings together buyers and sellers, and executes trades of securities and/or commodities. An exchange facilitates trading of securities (ie, shares, investment contracts, derivatives). In addition, the SRC also allows the registration and licensing of innovative and other trading markets or exchanges covering trading of innovative securities, securities of small, medium growth and venture enterprises, and technology-based ventures.

The SEC, in 2019, has also issued Draft Rules on the Digital Asset Exchange (DAE). The Draft Rules define DAE as an organised marketplace or facility that brings together buyers and sellers, and executes trades of securities. This includes buying/selling digital assets with fiat (fiat/digital asset pairing) as well as buying/selling digital assets with other digital asset (digital asset/digital asset pairing). They can be viewed as an online marketplace for the entire Digital Asset network.

As a recent development to the DAE Rules, the SEC circulated the Draft DASSP Rules which provide for guidelines on regulation of Digital Asset Securities (DAS) Activities. DAS activities include:

  • advisory services;
  • broker-dealer services;
  • custody services;
  • exchange services;
  • lending and borrowing services;
  • DAS management and investment services; and
  • DAS transfer and settlement services. 

The registration, trading and regulation of securities, as defined under the SRC, fall under the regulatory purview of the SEC. Cryptocurrencies being classified as securities pursuant to the Draft DASSP Rules will also be generally subject to the SEC’s registration requirement.

By way of exception, the trading of commodity futures contracts are presently suspended by the SEC.

VASPs, formerly Virtual Currency Exchanges (VCEs), have been regulated by the BSP since 2017 through BSP Circular 944, which was later amended by BSP Circular 1108 in 2021.

Through BSP Memorandum No M-2022-035, BSP has suspended the licensing and registration of new non-bank VASPs for three years or until 1 September 2025. Meanwhile, existing BSFIs who wish to expand operations by offering VASP services, including non-custodial VASPs who wish to offer safekeeping and/or custodial services, may still apply for a VASP licence provided that they have a SAFr composite rating of at least “stable”.

Under the forthcoming DASSP Rules, Exchange Services for cryptocurrencies qualifying under the SRC’s definition of a security will also be subject to registration and regulation requirements.

An Exchange as defined under the SRC, as a Self-Regulatory Organisation (SRO) and subject to SEC approval, can promulgate and enforce its own listing and trading rules for its members and/or participants. By industry practice, listing standards of the PSE as reflected under its Amended Listing Rules generally entail the following criteria:

  • track record of profitable operations;
  • stockholders’ equity;
  • operating history;
  • full payment of issued and outstanding shares;
  • business plan;
  • valuation of Assets;
  • minimum offering to the public;
  • minimum number of stockholders;
  • investor relations programme; and
  • reason for exemption from the track record and operating history requirements, if applicable.

Meanwhile, under the Draft DASSP Rules, an entity seeking to obtain approval from the SEC to issue and/or list a Digital Asset Securities will be required to provide all relevant information which may include but is not limited to the following:

  • the purpose and/or use of the Digital Asset Security;
  • the nature of the business and/or activities for which the Digital Asset Security will be used;
  • the white paper;
  • the identity, full details and, if applicable, ownership of the issuer, including a description of its experience and whether it, or its relevant individuals, have been the subject of any claims in the past ten years involving dishonesty, fraud, financial crime or an offence under laws relating to companies, banking, insolvency, money laundering and insider dealing;
  • the financing of the issuer’s business (including financial statements, if any); and
  • whether issuing the Digital Asset Security will be the basis for funding any business or other venture, among others.

There are currently no regulations on the order handling rules in trading platforms in the Philippines. However, part of an Exchange’s obligation, pursuant to the SRC IRR, is to provide transparent, prompt and accurate clearance and settlement of transactions effected on the Exchange.

There are currently no regulations on the conduct of peer-to-peer trading platforms in the Philippines. Decentralised exchanges enabling peer-to-peer trading are currently unregulated in the Philippines. In the absence of clear regulations, the SRC and the SRC IRR applies.

Decentralised trading activities by Decentralised Autonomous Organisations (DAOs) may be prospectively regulated under the Draft DASSP Rules.

Please refer to 3.3 Issues Relating to Best Execution of Customer Trades.

There are no regulations specifically governing the procedures relating to payment for order flow. However, any arrangements of broker-dealers, associated persons and a salesman of a broker-dealer, associated persons and a salesman of a broker dealer involving payment for order flow will need to comply, to the extent applicable, with the Best Execution Rule.

Under the Draft DASSP Rules, DASSPs are mandated to have systems, policies and procedures to provide for fair and expeditious execution of client orders, and restrictions on front-running client orders. Orders should be handled promptly and accurately recorded. The systems policies and procedures should be aligned with existing relevant securities and other regulations (eg, requirements with respect to precedence of client orders and prohibition of front-running). DASSPs are likewise required to comply with the Best Execution Rule.

The SRC prohibits and punishes devices and practices that lead to manipulation of security prices, such as those that:

  • create a false or misleading appearance of active trading in any listed security traded in an Exchange or any other trading market;
  • in order to effect a series of transactions in securities: (i) raises the price to induce the purchase of a security; (ii) depresses the price to induce the sale of a security; or (iii) creates active trading to induce such a purchase or sale through manipulative devices such as marking the close, painting the tape, squeezing the float, hype and dump, boiler room operations and such other similar devices;
  • circulates or disseminates information that the price of any security listed in an Exchange will or is likely to rise or fall because of manipulative market operations;
  • makes false or misleading statements with respect to any material fact, for the purpose of inducing the purchase or sale of any security listed or traded in an Exchange; or
  • effects any series of transactions for the purchase and/or sale of any security traded in an Exchange for the purpose of pegging, fixing or stabilising the price of such security, unless otherwise allowed by the SRC and/or the SEC.

The Capital Markets Integrity Corporation (CMIC) is in charge of maintaining market integrity and minimising risk by ensuring that trading participants comply with the rules and code of conduct of CMIC and all related legislative and regulatory requirements.

Aside from the above-prohibited acts, the CMIC Rules also explicitly prohibit trading participants from engaging in bribery, market rumours, and gambling.

As at the date of writing, there are no regulations yet for the creation and/or use of high-frequency and algorithmic trading in the Philippines.

However, in September 2023, the Philippines Stock Exchange, as the only operating stock exchange in the Philippines, issued proposed amendments to its Revised Trading Rules to allow the use of algorithmic trading within the Exchange.

See 8.1 Creation and Usage Regulations.

See 8.1 Creation and Usage Regulations.

See 8.1 Creation and Usage Regulations.

There are currently no Philippine regulations specifically governing DeFi. However, the Draft DASSP Rules may prospectively recognise DAOs as entities which can be subject to the registration and regulatory requirements, should they perform DAS activities in the Philippines.

Financial research platforms, per se, are not subject to any specific registration requirements. However, should they engage in analysing investment products for compensation (ie, by the investor, or a fund), they are subject to the registration and licensing requirement under the FCPA and the SEC FCPA for acting as an investment adviser.

The SRC regulates and prevents the dissemination of any fraudulent or misleading information designed to manipulate a stock price. This is further regulated and enforced by the PSE and the CMIC for their respective trading participants. Communications by securities professionals with the public must be based on the principles of fair dealing and good faith, and must provide a sound basis for evaluating facts regarding any particular security, industry or service offers.

The PSE also actively engages in the exploration of information through various means, including examination of newspapers and comprehensive online research. Additionally, PSE proactively communicates with companies, seeking verification and confirmation to ensure the accuracy and reliability of gathered information.

This is not applicable for Exchanges. Access to posting is restricted to the company or issuer, subject to the vetting of the PSE (and prospectively, by DASSPs). All disclosures must present concrete and factual information, avoiding any speculative details.

Furthermore, for listed companies in the PSE, the disclosure is required to be made within ten minutes from the occurrence of the event, ensuring prompt and accurate communications of events that have either taken place or are highly probable.

The Insurance Code of the Philippines provides for general guidelines in determining what may be insured. In general, the Insurance Code provides that “any contingent or unknown event, whether past or future, which may damnify a person having an insurable interest, or create a liability against him, may be insured against”.

With respect to underwriting, the Insurance Commission does not provide for specific guidelines or process to be followed by insurance participants. Insurance companies may provide specific standards in assessing risks associated with potential customers provided that these standards are not inconsistent with the provisions of the law and relevant regulations. Insurance Companies, as covered persons, are also mandated to conduct customer due diligence pursuant to the provisions of the AMLA.

However, with respect to insurance coverage on migrant workers, the Insurance Commission issued the Insurance Guidelines on Omnibus Rules and Regulations Implementing RA 8042 (The Migrant Workers and Overseas Filipinos Act of 1995). Pursuant to the Guidelines, insurance providers shall not distinguish the migrant workers based on occupation, sex, or place of work in underwriting an insurance policy.

The Insurance Commission does not provide for different rules or guidelines with respect to offering insurance products online.

In 2007, the Insurance Commission issued Circular Letter No 15-2007 which provides for guidelines on telemarketing, direct marketing, and selling insurance products through Short Message Sending (SMS) or texting. As per the Circular, insurance products may be sold via SMS, mail, publication by print, radio, or television, provided that the premium payable shall not exceed PHP50,000 for an annual premium or PHP150,000 for a single premium.

In 2020, due to the ongoing pandemic, the Insurance Commission issued two separate guidelines allowing the sale of life insurance products (Circular No 2020-29) and non-life insurance products (Circular No 2020-36) to the public by utilising information and communication technology or any other technology via remote communication (ie, teleconferencing, videoconferencing, computer conferencing, audioconferencing).

Finally, pursuant to Circular No 2020-109, the IC officially institutionalised the use of remote selling initiatives as permanent mode of selling insurance products. Pursuant to the Circular, life and non-life insurance companies may utilise remote selling initiatives in the sale of their products regardless of the amount of premium payable on the policy, thus rendering the amount indicated in Circular No 15-2007 irrelevant.

There are no specific regulations for regtech providers in the Philippines. Should they become vendors of regulated institutions (ie, banks, lending/financing companies), the applicable outsourcing regulations of their client’s regulators (ie, SEC/BSP) shall apply to them.

Further to the response in 11.1 Regulation of Regtech Providers, for vendors of BSP and SEC regulated institutions, please refer to 2.7 Outsourcing of Regulated Functions.

As digitisation efforts in the financial sector in the Philippines remain strong, traditional players like banking institutions are exploring blockchain technology in enhancing their existing service offerings (ie, through the issuance of peso-denominated Tokenized Treasury Bonds). The BSP is also exploring the use of blockchain technology through the issuance of wholesale Central Bank Digital Currency (CBDC) under “Project Agila”. The BSP project has made significant strides in 2023 with the BSP selecting the Hyperledger Fabric as the distributed ledger technology (DLT) provider.

Digital Banks have also explored virtual asset service offerings through their own VASP Licences.

Despite the current stringent enforcement, the Philippines has remained a largely crypto-friendly jurisdiction by regulating and enabling VCEs/VASPs to operate since 2017 through BSP Circular No 944, as amended by BSP Circular No 1108. The SEC also issued the Draft DAO and DAE Rules in 2019 to govern digital asset offerings and digital asset exchange activities in the Philippines.

However, the volatility of the crypto-economy, as well as the collapse of large institutional players holding significant customer assets, have pushed back key regulations and led to VASP licence moratoriums.

Insofar as the BSP is concerned, it is actively auditing and monitoring licensed VASPs, and removing the licences of those which fail to pass its audit requirements and directives. The licences for VASPs are also expected to hold until 2025, which may be further extended depending on BSP’s market studies.

Meanwhile, the SEC has released the Draft DASSP Guidelines which introduced significant compliance requirements for investor protection and liquidity risk management, among others.

In the long term, the Philippines is expected to continue to embrace innovative technologies under a test-and-learn/sandbox regulatory approach. However, licensing and compliance will be stringent to preserve market integrity and liquidity for redemption of customer funds/assets.

There is no uniform definition and classification of blockchain assets in the Philippines.

Under BSP’s VASP regulations, virtual assets are defined as any type of digital unit that can be digitally traded or transferred, and can be used for payment or investment purposes. It can be defined as a “property”, “proceeds”, funds”, “funds or other assets”, and other “corresponding value”. It is used as a medium of exchange or a form of digitally stored value created by agreement within the community of VA users. VAs shall be broadly construed to include digital units of exchange that (i) have a centralised repository or administrator; (ii) are decentralised and have no centralised repository or administrator; or (iii) may be created or obtained by computing or manufacturing effort. VAS are not issued nor guaranteed by any jurisdiction and do not have legal tender status.

Meanwhile, the SEC generally relies on the Howey Test to determine whether a blockchain asset falls under an investment contract (which is a type of security). The Howey Test requires that all of the four elements must be met in order to be classified as an investment contract:

  • investment of money;
  • common enterprise;
  • expectation of profits; and
  • derived primarily from the efforts of others.

The Draft DASSP Rules distinguish between digital asset securities (in general) and digital assets falling under a regulatory gap, which separate registration requirements for their issuers.

The issuance of digital asset securities requires prior approval by the SEC, which includes the submission of all relevant information such as:

  • the purpose and/or use of the Digital Asset Security;
  • the nature of the business and/or activities for which the Digital Asset Security will be used;
  • the white paper;
  • the identity, full details and, if applicable, ownership of the issuer, including a description of its experience and whether it, or its relevant individuals, have been the subject of any claims in the past ten years involving dishonesty, fraud, financial crime or an offence under laws relating to companies, banking, insolvency, money laundering and insider dealing;
  • the financing of the issuer’s business (including financial statements, if any); and
  • whether the issuance of the Digital Asset Security will be the basis for funding any business or other venture.

Digital assets falling under a regulatory gap do not require prior SEC approval before being issued by an entity in the Philippines, but will remain subject to registration requirements. These types of assets include:

  • free and non-transferable digital assets;
  • non-redeemable and non-transferable digital assets; and
  • redeemable closed-loop and non-transferable digital assets.

Initial placement and distribution of digital asset securities must already be subject to a DASSP’s written controls to prevent, monitor, manage and disclose any conflicts of interest when placing such digital asset securities with their own clients.

The BSP regulates VASPs, which are only limited to conversion (fiat to crypto), custodian, and sending/receiving virtual asset activities.

Blockchain asset trading platforms are to be prospectively regulated by the DASSP Rules (once finalised). DAS Activities, as defined by the DASSP Rules, will broadly cover all secondary market trading of blockchain assets.

There are no specific regulations in the Philippines applicable to investment of funds in blockchain assets. These are subject to market practice as well as the traditional investment controls of securities and banking laws and regulations.

Please refer to 12.3 Classification of Blockchain Assets for the definition of virtual assets under BSP regulations vis-à-vis digital asset securities to be regulated by the SEC through the SRC and the prospective Draft DASP Rules.

See 8.5 Decentralised Finance (DeFi).

NFTs are not presently explicitly regulated in the Philippines. However, depending on their particular attributes (ie, if used as payments, or meeting the Howey Test which identifies investment contracts), they can be subject to existing regulations (ie, VASPs or OPS regulations for NFTs used as a form of currency; or the SRC and the DASSP Rules, for those falling under investment contracts/securities).

While there are existing efforts from the government to support open finance in the Philippines, regulations regarding the matter are still fairly limited. In 2021, the BSP, in its aim to promote consent-driven data portability and interoperability among various financial institutions and third-party providers, issued Circular No 1122, which provides for guidelines for the adoption of an Open Finance Framework. In line with this, BSP has constituted the Open Finance Oversight Committee, a self-governing body, which shall exercise governance over the activities and participants of the Open Finance ecosystem.

Open Finance is still in the development phase in the Philippines, chiefly driven by the Open Finance Oversight Committee with its Open Finance Pilot, a collaborative undertaking of financial institutions to explore the use of Application Programming Interface (API) technologies in the delivery of financial products and services.

Given the resource and funding constraints for the development of APIs, innovative players operating screen-scraping or robotic process operations have offered interim solutions to bridge financial institutions without present API capabilities to participate in open banking systems.

However, screen-scraping technologies have been largely met with resistance by traditional players due to concerns relating to data privacy and cybersecurity related to access their proprietary data without API integration, notwithstanding user-permissioned activities by screen-scraping providers. The National Privacy Commission has recently issued its Draft Guidelines on Data Scraping, which aims to address such concerns.

Meanwhile the open finance initiative in the Philippines is already proceeding with the launch of the Open Finance API Sandbox, which is designed to accelerate the development and adoption of API capabilities amongst financial institutions.

The elements of fraud as it relates to financial services and fintech is defined by regulators differently, to wit:

  • under the FCPA and the SEC FCPA IRR, investment fraud entails the following:
    1. “ponzi schemes” and such other scheme involving the promise or offer of profits or returns which are sourced from the investments or contributions made by the investors themselves;
    2. boiler-room operations;
    3. the offering or selling of investment schemes to the public without a licence or permit form the SEC, unless such offering or selling involves exempt securities or are considered as exempt transactions as provided for under existing laws; or
    4. all other similar or analogous schemes; and
  • under BSP regulations, financial fraud is an act, expression, omission or concealment that deceives another to the fraudster’s advantage, and scams are fraudulent business schemes to mislead/swindle/victimise a person or persons with the goal of financial gain.

On the policy-side, the SEC is active on developing regulations for lending/financing companies, OLPs, DASSPs, as well on the regulatory sandbox front. On the enforcement-side, the SEC, through its Enforcement and Investor Protection Department (EIPD), is highly active in regulating and issuing enforcement actions against investment scams and activities relating to unregistered issuance of securities or operation of exchanges. The SEC also actively monitors and issues enforcement actions against lending and financing companies for unfair lending practices.

On the policy-side, the BSP focuses on ramping up the public’s adoption of digital banks and banking services, digital/cashless payments (ie, e-wallets), introducing much-needed amendments on existing FX regulations, as well as expanding and defining the licensing and regulatory requirements for merchant acquirers. On the enforcement-side, BSP focuses on monitoring fraud prevention and mitigation compliance amongst BSFIs to protect funds/assets of BSFI’s customers (ie, credit card fraud, identify theft, phishing and hacking).

Gorriceta Africa Cauton & Saavedra

15/F Strata 2000
F. Ortigas Jr. Road
Ortigas Center
Pasig City 1605
Philippines

+632 8696-0687

counselors@gorricetalaw.com www.gorricetalaw.com
Author Business Card

Trends and Developments


Authors



Gorriceta Africa Cauton & Saavedra is a top-tier, full-service law firm and is a leader in technology law practice in the Philippines, including in the fields of capital markets, corporate law, data privacy and cybersecurity, M&A, real estate and taxation. The firm has received awards over several years by prestigious organisations for its work in the technology and telecommunications space.

Over the course of the past year, the Philippine fintech landscape witnessed strengthened regulations and enforcement actions targeted at protecting and minimising financial consumers’ risks for both legacy and innovative financial products and services. The landscape also continues to benefit from the key fintech regulator’s test-and-learn/sandbox approach, which encourages and enables development of fintech technologies and solutions via a sandbox environment.

In parallel, with the regulators adapting and learning from seismic financial events, particularly in the banking, investment, lending/financing, and cryptocurrency markets, regulations (existing and forthcoming) are being re-examined to take into account minimum controls and protective mechanisms to further insulate both financial institutions and financial consumers from bad actors or general market volatility.

The BSP’s Digitisation Roadmap

The key driving force for Philippines’ digital transformation lies in the Philippine Central Bank’s (Bangko Sentral ng Pilipinas or BSP) zealous pursuit of its Digitisation Roadmap. The BSP’s strategic initiatives have played a pivotal role in steering the country towards becoming more financially inclusive and digitally reliant. First released in 2020, the BSP’s Digital Payments Transformation Roadmap laid out two key performance metrics, namely converting 50% of the total volume of retail payments into digital form, as well as growing the number of Filipinos within the formal financial system to 70%. This roadmap was enacted with the express goal of fostering an efficient, inclusive and safe digital payment ecosystem in line with the BSP’s mandate of growing a balanced and sustainable economy.

Spurred in no small part by the extraordinary time that was the COVID-19 pandemic, the BSP’s digitisation efforts have been in full swing since its release. The impact of these efforts on the economy and society has been substantial. Financial inclusion saw a marked improvement, with more Filipinos accessing banking services than ever before. This shift also had a positive effect on the broader economy. Digital transactions, being more efficient and traceable, contributed to a more transparent and accountable financial system. Additionally, the rise in digital banking opened up new avenues for economic participation, particularly for small and medium enterprises and those in remote areas.

The BSP saw its digitisation efforts rewarded, with digital payments increasing by double-digit figures, as 30.3% of retail transactions were done digitally in 2021. In terms of formally banked Filipinos, these numbers grew by leaps and bounds within the same time period, growing to 56% of Filipinos with bank accounts in 2021, from the initial 29% figure in 2019. Official figures are yet to be released for 2023 as of the date of writing, but the BSP seems poised to meet both targets, with digital transactions making up 42.1% of all retail transactions, and the number of formally banked Filipinos increasing to 65% in 2022.

From 17 to 19 November 2023, as part of its multi-faceted approach to digitisation, the BSP, in co-operation with the Department of Trade and Industry (DTI), jointly held the first-ever “Cashless Expo” with the goal of facilitating greater participation in e-commerce. The first of its kind, this expo saw various MSMEs implementing fully cashless transactions, allowing customers and exhibitors alike to experience the convenience of purely cashless transactions. Capitalising on this opportunity, the BSP additionally hosted digital financial literacy sessions on the responsible use of digital payments, as well as cyber hygiene and security.

To further augment regulations on payment systems, the BSP also issued a Draft Regulatory Framework for Merchant Payment Acceptance Activities, which introduces a Merchant Acquisition Licence requirement for entities intending to handle merchant onboarding and payment processing, including fund transfers to merchant transaction accounts.

Project Agila

The BSP also made headway this year on “Project Agila”, the central bank’s exploratory project on the issuance of its own wholesale Central Bank Digital Currency (CBDC). Launched in 2022, it aimed to foster greater understanding of CBDC’s capacity for enabling interbank payments, securities transactions, and cross-border payments even during off-hour periods. Recently, the BSP announced its selection of the Hyperledger Fabric blockchain as the distributed ledger technology (DLT) for the project after a rigorous testing and evaluation process involving system demonstrations, walkthrough procedures and a scoring system, looking into the security, interoperability, programmability and accessibility of the DLT. The final institutions participating alongside the BSP in this project are BDO Unibank, Inc., China Banking Corp., Land Bank of the Philippines, Rizal Commercial Banking Corp., Union Bank of the Philippines, and Maya Philippines, Inc.

The Growth of Digital Lending

Within the broader fintech industry, the digital lending market in the Philippines has continued to experience a remarkable surge, as evidenced by the latest insights from PayNEXT360, a prominent research and consulting firm whose data suggests that the market will continue to grow, poised to hit USD1.68 billion by 2027. This rampant growth is driven by the increasing adoption of alternative lending channels, reflecting a paradigm shift in the Philippine financial landscape as consumers and businesses embrace digitisation.

PayNEXT360’s analysis highlights a key trend: the growing reliance on digital banking service providers. They define alternative lending as encompassing a range of solutions, from personalised consumer offerings like payroll advances, to strategic business-to-business solutions including lines of credit. The payment instruments for these transactions are diverse, including traditional methods like cash and checks, as well as digital means like credit transfers, debit and credit cards, and e-money.

Inflation, impacting disposable incomes, has nudged an increasing number of consumers towards alternative lending providers. Another significant development is the integration of artificial intelligence in credit risk assessment, enhancing the precision of lending decisions. Collaborations between digital lenders and AI-powered fintech firms are particularly noteworthy. An example is the partnership between UNO Digital and Trusting Social, focusing on accurate credit profiling for even the unbanked borrowers.

These developments in the digital lending sphere are symbolic of the broader fintech revolution in the Philippines. They not only reflect the evolving financial needs and preferences of the Filipino populace but also underscore the role of technological innovation and strategic partnerships in shaping the future of financial services in the country. As the sector continues to grow, it remains a vital component of the Philippine economy, signalling a shift towards more inclusive and technologically advanced financial solutions.

For lending and financing companies, the SEC is currently soliciting public comments before finalising its much-anticipated Draft Guidelines on the Registration and Licensing of Online Lending Platforms (OLP), which is slated to be released within the year.

The Internet Transactions Act

Signed into law on 5 December 2023, Republic Act 11967, otherwise known as the Internet Transactions Act (ITA), aims to strike a balance between boosting e-commerce transactions and encouraging innovation, while at the same time protecting consumer rights and data privacy.

The ITA, governing online transactions in the Philippines, encompasses a broad range of aspects within the digital commerce domain. This Act applies to both business-to-business (B2B) and business-to-consumer (B2C) transactions conducted over the internet, falling under the Department of Trade and Industry’s (DTI) jurisdiction. However, it excludes online media content and consumer-to-consumer transactions. Notably, one of the parties in these transactions must be based in the Philippines for the ITA to apply.

The ITA broadly categorises the entities involved in internet transactions, including digital platforms like e-marketplaces, mobile apps, social media, and travel platforms, e-retailers, online merchants, and online consumers. E-marketplaces are specifically defined as platforms facilitating connections between consumers and merchants, handling aspects like sales, payments, shipping, and support. E-retailers refer to those selling directly via their websites or apps, whereas online merchants are those using third-party platforms. Online consumers are individuals engaging in internet transactions for a fee.

A critical aspect of the ITA is its extraterritoriality provision. It mandates that any person or entity engaging in e-commerce and targeting the Philippine market is subject to Philippine laws.

The creation of the E-Commerce Bureau under the DTI is another significant development in the ITA. This bureau is responsible for implementing the ITA, formulating policies, ensuring compliance, and investigating and prosecuting ITA violations. Moreover, the ITA obliges the E-Commerce Bureau to establish a database of digital platforms and merchants involved in e-commerce in the Philippines within a year of its effectivity.

In terms of regulatory jurisdiction, the ITA grants the DTI authority over internet-based e-commerce involving various entities like e-marketplaces and digital platforms. The DTI’s powers include issuing summons, subpoenas, compliance orders, and even ex parte takedown orders in specific cases such as in the case of sale of illegal goods or those posing public safety threats.

The ITA also imposes specific obligations on parties involved in internet transactions. For e-marketplaces and digital platforms, these include ensuring transaction transparency, data privacy protection, compliance with relevant laws, and providing effective redress mechanisms. E-retailers and online merchants have similar obligations, including clear price indication, complete and proper delivery of goods/services, and issuing invoices or receipts.

Regarding dispute resolution and liability, the ITA requires aggrieved parties to first use the internal redress mechanism of the concerned digital platform or e-retailer. The DTI is tasked with developing an online dispute resolution platform for this purpose. E-retailers and online merchants are primarily liable for indemnifying consumers in disputes, with e-marketplaces and digital platforms bearing subsidiary or even solidary liability in certain situations.

Lastly, the ITA empowers the DTI to impose fines up to PHP1 million against entities violating its provisions. This act aims to create a more regulated, transparent, and consumer-friendly online marketplace, ensuring fair play and accountability in the rapidly growing e-commerce sector in the Philippines.

BIR Regulation on Online Marketplace Operators

In terms of tax developments, the Bureau of Internal Revenue (BIR) released BIR Revenue Regulation 16-2023 on 21 December 2023, imposing a 1% withholding tax on online merchants earning more than PHP500,000 annually. Specifically, these withholding taxes apply to one half of the gross remittances of both electronic marketplace operators – defined as a digital service platform whose business is to connect buyers with online sellers such as online shopping marketplaces, food delivery platforms among others – and digital financial service providers – entities which make available to users a wide variety of financial services – to the sellers or merchants for the goods or services through their platform.

This revenue regulation comes hot on the heels of data showing that there were roughly two million entities involved in the online selling business as of 2022, with the added tax obligation consistent with the BIR’s stance under the current administration of capturing new sources of revenue, specifically focusing on digital transactions.

The Draft Rules on Digital Asset Securities Service Providers (DASSPs)

A revised regulatory framework covering digital assets is still in the pipeline, with the draft rules on Digital Asset Securities Service Providers (DASSPs) under limited release by the Securities and Exchange Commission (SEC) for comments by key stakeholders and market leaders in cryptocurrency legislation/regulations. While presently under review for alignment with existing cryptocurrency regulations, such as BSP Circular No 1108 otherwise known as the Guidelines for Virtual Asset Service Providers (VASP), the draft DASSP Rules are primarily aimed at regulating Digital Assets Securities (DAS) and related activities, creating an expansive scope at regulating all DAS activities. The draft DASSP Rules also seek to provide listing and issuing guidelines for DAS as well as a registration requirement for digital assets falling under the SEC’s regulatory gap, specifically: (i) free and non-transferable digital assets; (ii) non-redeemable and non-transferable digital assets; and (iii) redeemable closed-loop and non-transferable digital assets.

The SEC’s Binance Ban

In terms of active enforcement efforts, the Philippines joins other crypto-economies such as the UK, Singapore, and France in a global crackdown on Binance – the world’s largest cryptocurrency exchange. The SEC has mandated to enforce a national webspace ban on Binance websites and platforms due to Binance’s failure to obtain the necessary licence and authority to operate as a securities exchange within the country. The ban, to be implemented in co-ordination with the National Telecommunications Commission (NTC) is set to take place three months from 29 November 2023, or by 29 February 2024, albeit the SEC has reportedly stalled this as of the date of writing, subject to further evaluation from the SEC and taking into consideration all the possible ramifications of such ban, including implications to Filipino customers’ funds. Philippine users of Binance are advised to immediately liquidate and withdraw their funds from the said platform.

Financial Consumer Protection

Strong emphasis by the lawmakers and regulators on financial consumer protection were also seen with the enactment of the Financial Products and Services Consumer Protection Act (FCPA) which was immediately followed by the BSP and SECs own respective implementing regulations to the FCPA, institutionalising rights of financial consumers as well as mandating Financial Service Providers (FSPs) to conduct a gap assessment analysis and develop a board-approved action plan in compliance with the FCPA, for submission to the BSP/SEC, which shall be subject to ongoing compliance requirements.

The Artificial Intelligence (AI) Sphere

In the AI sphere, the Philippines has yet to sign into law any regulation specifically governing the usage and development of AI. As of the time of writing, House Bill 7396, otherwise known as An Act Promoting the Development and Regulation of Artificial Intelligence in the Philippines remains pending with the Committee on Science and Technology. Other notable developments include Defence Secretary Gilberto Teodoro Jr., in an internal memorandum circulated last 14 October 2023, ordering all Department of National Defence (DND) personnel as well as those belonging to the Armed Forces of the Philippines (AFP) to refrain from using AI-powered image-generation apps, citing security risks.

Conclusion

The past year in fintech has been one characterised by both change and growth. Fuelled by a mix of government policies, tech innovations, and the way we, as Filipinos, are adapting to new ways of handling our finances.

BSP’s digitisation efforts, particularly on retail payments, digital banking, electronic wallet systems, merchant acquirers, and eKYC continues to bear fruit, with many Filipinos, who just a few years ago were still dealing mostly in cash, now, embracing digital transactions as a part of everyday life.

The rapid growth and adoption of digital lending is worth highlighting as well. More and more people are comfortable borrowing online, as seen in continued industry growth. However, the rise and prevalence of unregistered OLPs and unfair lending practices have been met by the SEC with strict enforcement measures and the OLP registration moratorium – which will soon be liberated once the SEC finalises its Draft Guidelines on the Registration and Licensing of OLPs.

The passage of the Internet Transactions Act into law marks a big step forward in making online transactions safer and more reliable, institutionalising rights and obligations for all actors (from e-marketplace/digital platforms, online consumers and e-retailers/online merchants). The Act also creates the E-Commerce Bureau and strengthens the DICT’s enforcement powers for e-commerce activities and actors.

Equally interesting is how the country is approaching cryptocurrencies and digital assets. There’s a cautious yet open attitude towards these new forms of assets. The SEC is taking a careful and calibrated stance on proceeding with digital asset-related regulations, balancing innovation with stringent requirements for financial consumer and investor protection.

Looking forward, the Philippine fintech sector continues to exhibit strong growth and trajectory into fintech market maturity. There are bound to be challenges, such as the issues of data security and privacy, as well as ensuring these cutting-edge tools remain accessible to everyone. Despite all this, the direction the country is headed in is exciting. The Philippines marches closer towards a fully-digital economy that democratises safe, reliable, and transparent access to financial products and services for every Filipino.

Gorriceta Africa Cauton & Saavedra

15/F Strata 2000
F. Ortigas Jr. Road
Ortigas Center
Pasig City 1605
Philippines

+632 8696-0687

counselors@gorricetalaw.com www.gorricetalaw.com
Author Business Card

Law and Practice

Authors



Gorriceta Africa Cauton & Saavedra is a top-tier, full-service law firm and is a leader in technology law practice in the Philippines, including in the fields of capital markets, corporate law, data privacy and cybersecurity, M&A, real estate and taxation. The firm has received awards over several years by prestigious organisations for its work in the technology and telecommunications space.

Trends and Developments

Authors



Gorriceta Africa Cauton & Saavedra is a top-tier, full-service law firm and is a leader in technology law practice in the Philippines, including in the fields of capital markets, corporate law, data privacy and cybersecurity, M&A, real estate and taxation. The firm has received awards over several years by prestigious organisations for its work in the technology and telecommunications space.

Compare law and practice by selecting locations and topic(s)

{{searchBoxHeader}}

Select Topic(s)

loading ...
{{topic.title}}

Please select at least one chapter and one topic to use the compare functionality.