Flow before the discussion of compliance risk

Good afternoon. I'll provide a brief detailed review of legal matters and compliance updates. Currently, we
are addressing a variety of compliance control risks in our industry which is the banking sector in aiming
to enhance our overall risk management strategy. As we navigate this landscape, it's essential to foster a
comprehensive understanding of these control risks and how to ensure that we have the necessary
controls in place to help reduce them

Discussion of my part
Misinterpretation of Regulatory Requirements leading to Reporting Errors -
Misinterpreting regulatory requirements in the banking industry poses a serious risk. Compliance is vital in
this highly regulated sector, and mistakes can lead to legal consequences, fines, and damage to the
bank's reputation. Inaccurate financial reporting undermines transparency, affecting decision-making and
public trust. Operational efficiency suffers, impacting internal controls for compliance. These errors not
only affect the bank's operations but also contribute to broader concerns about financial system stability.

❖ Compliance Framework Establishment

Developing a Compliance Framework involves creating a structured approach to comply with
laws and regulations. Just like Circular Circular 1138 which establishes Regulatory Reporting
Standards for Operators of Payment Systems (OPS).

❖ Enhancing Compliance Through Internal Audits and Reviews

Having regular internal audits and reviews are essential for continuous assessment and
improvement. Performance evaluation is achieved through routine internal audits, specifically
tailored to assess the effectiveness of compliance measures within the banking sector. Strong
internal controls are implemented, including measures such as segregation of duties, access
controls, and comprehensive monitoring and reporting mechanisms. These efforts are crucial to
ensure strict compliance with financial regulations, protect assets, and uphold the trust and
integrity of the banking system. Proactive risk identification and mitigation, along with the
integration of technology and external benchmarking, establish a robust framework, significantly
reducing the likelihood of reporting errors arising from regulatory misinterpretation. In summary,
these practices not only fortify legal and reputational safeguards but also cultivate a culture of
precision and compliance within the organization.

❖ Record Keeping
Having record keeping is the basic form of regulatory reporting that most organizations do in
some form or another. It is the process of keeping and maintaining accurate, detailed, and
accessible records of all the transactions carried out as regulatory bodies check it.

❖ Compliance Training and Awareness

Ensuring Employee Awareness and understanding of regulations is critical. This involves having
Training Programs that have Comprehensive initiatives to educate employees on relevant
regulations and their responsibilities. As well as having Regular Updates that keep the
employees informed about changes in regulations through workshops, seminars, or online
modules.

❖ Regulatory Relationship Management Making these and having these strategic and ongoing
efforts by financial institutions or banking. They can establish and maintain positive and open
communication channels with regulatory authorities. This process involves Establishing Positive
Relationships, Regular Engagement with Regulators, Clarification on Ambiguous Requirements,
Staying Informed About Changes, Documentation and Compliance Reporting.

Breaches to Data Security and Privacy

Breaches in data security and privacy present a significant risk to internal controls within the banking
industry. The sensitivity of financial information makes such breaches a threat, as they can lead to
unauthorized access, financial theft, and regulatory consequences. Compliance in banking requires strict
adherence to data protection laws, and a breach could result in legal penalties and harm the bank's
reputation. Mismanagement of data security can lead to non-compliance with regulations like Data
Privacy Act of 2012 (DPA), Anti-Money Laundering Act (AMLA), and Credit Information System Act
(CISA), with ineffective data retention policies risking violations of SEC record-keeping rules and specific
banking regulations. Additionally, data breaches reveal weaknesses in internal controls, pointing to
vulnerabilities in cybersecurity protocols and access controls, emphasizing the need for robust measures
to protect sensitive information.

Banks adhering to various data privacy regulations such as the Data Privacy Act of 2012 (DPA), Bangko
Sentral ng Pilipinas (BSP) Circular 808, Anti-Money Laundering Act (AMLA), Credit Information System
Act (CISA), and Cybercrime Prevention Act of 2012. They invest in compliance measures to ensure the
protection of customer data and maintain the security of their banking systems.

❖ Data security measures for bank branches are a comprehensive set of strategies designed to
fortify the confidentiality and integrity of information while adhering to stringent privacy
regulations.

❖ Firewalls and Network Security measures to prevent unauthorized access, malware, and other
cyber threats from breaching their systems. The Sensitive information is often masked or
anonymized to protect customer identities. This minimizes the risk of data breaches while still
allowing for analysis and processing.

❖ Implementing Regular security audits involves reviewing the bank security measures to ensure
they are up-to-date and effective. This can include reviewing access control mechanisms,
encryption protocols, and other security measures they help identify and fix vulnerabilities,
unauthorized access points, and weaknesses in data protection. By proactively addressing these
issues, we reduce the risk of data breaches and comply with privacy regulations. Stakeholders
can trust that their sensitive information is handled securely, reinforcing our commitment to
cybersecurity and regulatory compliance.

❖ Incident Response Plans

The Bank develops detailed plans to respond to security incidents or data breaches swiftly. This
includes steps to contain the breach, assess the damage, notify affected parties, and recover
data. We have our Incident Response Plans (IRPs) which are essential frameworks designed to
swiftly detect, contain, and recover from potential breaches, ensuring the security of customer
data and privacy. With features such as rapid detection, structured response frameworks, and
role-based responsibilities, our IRPs provide a systematic approach to mitigate risks. Through
regular testing and updates, we continuously enhance the effectiveness of these plans, fortifying
our defenses and maintaining resilience in the face of evolving cyber threats.

Adaptation in Changes in regulations

Adapting to changes in regulations is a critical aspect of controlling compliance risk in the banking
industry. The dynamic nature of banking regulations demands constant vigilance to align with evolving
legal frameworks. Failure to promptly adapt poses significant risks, including legal and reputational
consequences. The industry's dynamic regulatory environment requires banks to promptly adjust internal
processes to mitigate non-compliance risks, ensuring transparency and adherence. Inadequate
adaptation also introduces the risk of misinterpretation due to regulatory complexity.

❖ Compliance Departments in Banks:

Banks have teams dedicated to following rules. These teams watch or monitor for rule changes
and make sure the bank adjusts to these changes like anti-money laundering. They also teach
bank employees about these rules so everyone knows how to follow them. These teams keep the
bank safe by making sure it follows all the important rules.

❖ Regulatory Technology (RegTech): Is strategic investments in technology and automation.This

 is like using smart tools to help banks follow rules faster. These tools use computers to do some
tasks, like checking if someone is who they say they are or watching transactions to spot any
problems. This makes it quicker for banks to follow rules and saves time and money.

For Example
❖ Just as BSP deputy governor Chuchi Fonacier says 18 reporting templates and Excel files
totaling 300-plus schedules are being reduced to a single XML file. They can easily adapt to
changes. Financial institutions in the Philippines are facing a pivotal shift in their regulatory
reporting due to the API-XML transition mandated by the BSP. This transition necessitates an
immediate tactical approach, prompting banks to seek solutions for converting to XML for
API-based submissions. The ultimate goal for these banks is to establish a future-proof operating
model for regulatory reporting.

❖ Compliance testing and monitoring play a pivotal role in the adaptive management of
regulatory changes within banks, serving as essential control mechanisms to mitigate associated
risks. As financial institutions navigate the dynamic landscape of evolving regulations,
implementing robust compliance testing procedures becomes imperative. These mechanisms
involve comprehensive assessments to ensure that the bank's operations adhere to the latest
regulatory requirements.

Question in last part (Compliance part)

How does your bank stay in compliance with regulatory requirements to ensure a secure and
transparent banking environment for customers?
At our bank, we prioritize compliance with regulatory requirements to maintain a secure and transparent
banking environment for our customers. We have established a comprehensive framework that includes
regular audits, internal controls, and ongoing training for our staff. Our dedicated compliance team closely
monitors changes in regulations, ensuring that our policies and procedures are updated accordingly.
Additionally, we engage in open communication with regulatory authorities to address any queries and
promptly adapt to new guidelines. This commitment to compliance not only safeguards the interests of our
customers but also strengthens the overall integrity of our banking operations.