BSP Issues Cybersecurity Rules for AI-Powered Cyberattacks
The Bangko Sentral ng Pilipinas (BSP) urged BSP-supervised financial institutions to upgrade cybersecurity to counter “AI-Powered Cyberattacks.” In a memorandum, BSP warned that “frontier” AI systems can automatically find software vulnerabilities and execute exploits with little human involvement, enabling adaptive, scalable multi-stage attacks.
Key BSP measures include stopping reliance on traditional passwords and communication-based authentication methods (e.g., SMS or push notifications) for administrative and privileged access. Instead, institutions should use hardware security keys, smart cards, or hardware-backed certificate-based authentication. BSP also asked banks to deploy AI-enabled defenses for faster patch management, continuous threat hunting, and “virtual patching.”
The directive is tied to rising payment activity in the Philippines. BSP data showed combined transaction values on InstaPay and PESONet grew 44% year-on-year to 13.1 trillion pesos ($224 billion) as of May, driven by 3.5 billion transactions. In June, BSP lifted a long-standing moratorium on InstaPay/PESONet fee increases, moving to a market-based framework with regulator cost justification.
For crypto traders, the headline risk is operational and compliance—AI-Powered Cyberattacks could increase the probability of payment-related disruptions and fraud, but the policy is preventive rather than directly market-altering. Overall, BSP’s focus is financial-system resilience, not crypto market structure.
Neutral
This is a preventive cybersecurity regulation aimed at protecting the Philippines’ banking and payment rails (InstaPay/PESONet). It does not change crypto market rules, liquidity, or token supply. The main trading angle is indirect: stronger authentication and AI-assisted defenses can reduce the chance of payment fraud and operational disruptions, which lowers risk for financial flows and confidence.
In the short term, such directives can still raise compliance and IT upgrade costs for banks, but these are unlikely to translate into immediate, measurable impacts on crypto prices. In the long run, better resilience against AI-Powered Cyberattacks may stabilize the broader digital payments ecosystem—supportive for on-ramps and user trust, though still not a direct driver of BTC/ETH price action.
Compared with prior security-focused regulatory actions in other jurisdictions, markets typically react more to enforcement outcomes (bank failures, major breaches, or sanctions) than to high-level guidance. Since BSP’s memo is guidance-first and defensive, the most likely net effect on crypto sentiment is limited.