The Anti-Financial Account Scamming Act

By: Lia Manalo (University of the Philippines, College of Law) 

On July 20, 2024, President Marcos signed into law R.A. 12010 or the Anti-Financial Account Scamming Act (AFASA). In the Declaration of Policy, the State recognizes the vital role of banks, non-bank financial institutions, other payment service providers, and the general banking public in maintaining a stable financial system. Furthermore, with the increased use of digital financial services, there is a need to promote awareness on the proper use of Financial Accounts, and to protect the public from cybercriminals and criminal syndicates.[1] For the purpose of this Act, “Institutions” refers to banks, non-banks, other financial institutions, payments, and financial service providers under the jurisdiction of the Bangko Sentral ng Pilipinas (BSP).[2]

 

Prohibited Acts and Corresponding Penalties

 There are various acts that constitute Financial Account scamming:

 a.       Money Muling Activities[3] – A money mule is a person performing any of the following acts for the purpose of obtaining, receiving, depositing, transferring, or withdrawing proceeds that are known to be derived from crimes, offenses or social engineering schemes:

1.       Using, borrowing, or allowing the use of a Financial Account

2.       Opening a Financial Account under a fictitious name or using the identity or identification documents of another

3.       Buying or renting a Financial Account

4.       Selling or lending a Financial Account

5.       Recruiting, enlisting, contracting, hiring, utilizing, or inducing any person to perform the above acts. (1-4)

b.       Social Engineering Schemes[4] – Committed by a person who obtains sensitive identifying information of another person, through deception or fraud, resulting in unauthorized access and control over the person’s Financial Account by performing any of the following acts:

1.       Misrepresenting oneself as acting on behalf of an Institution or making false representations to solicit another person’s sensitive identifying information, or

2.       Using electronic communications to obtain another person’s sensitive identifying information

c.       Economic Sabotage[5] – Money Muling Activities and Social Engineering Schemes shall be considered economic sabotage when it is committed:

1.       By a group of three or more persons conspiring or confederating with one another

2.       Against three or more persons individually or as a group

3.       Using a mass mailer

4.       Through human trafficking

d.      Other offenses[6]

1.  Willfully aiding or abetting in the commission of any of the offenses enumerated under Section 4 (Money Muling Activities, Social Engineering  Schemes, Economic Sabotage)

2.       Willfully attempting to commit any of the offenses under Section 4

3.       Opening a Financial Account under a fictitious name or using the identity or identification documents of another

4.       Buying or selling a Financial Account.

 

 

Prohibited Act / Offense	Penalties[7]
Money Muling Activities 1.       Using, borrowing, or allowing the use of a Financial Account 2.       Opening a Financial Account under a fictitious name or using the identity or identification documents of another 3.       Buying or renting a Financial Account 4.       Selling or lending a Financial Account 5.       Recruiting, enlisting, contracting, hiring, utilizing or inducing any person to perform the above acts.	Imprisonment of not less than 6 years, but not more than 8 years, or a fine of at least PHP 100,000 but not exceeding PHP 500,000, or both at the discretion of the Court.   For items #1-4, the court shall also order the closure of the Financial Account involved, and forfeiture.
Social Engineering Schemes 1.       Misrepresenting oneself as acting on behalf of an Institution or making false representations to solicit another person’s sensitive identifying information or 2.       Using electronic communications to obtain another person’s sensitive identifying information	Imprisonment of not less than 10 years but not more than 12 years, or a fine of at least PHP 500,000 but not exceeding PHP 1,000,000, or both at the discretion of the court.   Provided, that the penalty of not less than 12 years but not more that 14 years of imprisonment, or a fine of at least PHP 1,000,000 but not exceeding PHP 2,000,000 or both at the discretion of the court, shall be imposed if the target is a senior citizen at the time the offense was committed.
Economic Sabotage – Money Muling Activities and Social Engineering Schemes shall be considered economic sabotage when it is committed: 1.    By a group of three or more persons conspiring or confederating with one another. 2.       Against 3 or more persons individually or as a group 3.  Using a mass mailer (refers to a service or software used to send electronic communications to an aggregate of 50 or more recipients[8]) 4.       Through human trafficking	Life imprisonment, or a fine of not less than PHP 1,000,000 but not exceeding PHP 5,000,000 or both at the discretion of the court.
Other Offenses 1.    Willfully aiding or abetting in the commission of any of the above offenses (Money Muling Activities, Social Engineering Schemes, Economic Sabotage) 2.       Willfully attempting to commit any of the above offenses 3.       Opening a Financial Account under a fictitious name or using the identity or identification documents of another 4.       Buying or selling a Financial Account.	Imprisonment of not less than 4 years but not more than 6 years or a fine of at least PHP 100,000 but not exceeding PHP 200,000 or both, at the discretion of the court.   The court shall also order the closure of the financial account If the prohibited acts falls under #3 and #4

 

Responsibility to Protect Access to Client’s Financial Account[9]

 Institutions shall ensure that access to their clients’ Financial Account is protected by adequate risk management systems that are proportionate and commensurate to the nature, size, and complexity of their operations. Institutions determined by the BSP to be compliant with such requirement shall not be liable for any loss or damage arising from the Prohibited Acts and Other Offenses. Otherwise, institutions shall be liable for restitution of funds to Account Owners for failure to employ adequate risk management systems or failure to exercise the highest degree of diligence. Conviction is not a prerequisite to restitution of funds.

Temporary Holding of Funds Subject of a Disputed Transaction[10]

Institutions have the authority to temporarily hold funds subject of a disputed transaction within the period prescribed by the BSP, which shall not exceed 30 calendar days, unless otherwise extended by a court of competent jurisdiction. Provided, Institutions shall also notify BSP whenever it temporarily holds the funds.

 A transaction shall be considered disputed if, based on information from another Institution, a complaint from an aggrieved party, or a finding under its own Fraud Management System, the Institution has reasonable ground to believe that the transaction is unusual, without clear economic purpose, from an unknown or illegal source or unlawful activity, or facilitated through social engineering schemes.

 If the belief arises from a finding under its own Fraud Management System, the Institution shall perform acts as may be legally warranted to preserve the integrity of the Financial Account.

 The BSP shall issue rules and regulations on the temporary holding of funds. No liability shall be imposed against an Institution or its directors, trustees, officers, and employees for holding funds subject of a disputed transaction, when done in accordance with BSP rules and regulations.

 Upon receipt of a complaint, an information from another Institution, or detection through a Fraud Management System, the Institutions and Account Owners shall initiate a coordinated verification process to validate the disputed transaction. The provisions of the “Foreign Currency Deposit Act of the Philippines”, Revised Non-Stock Savings and Loan Association Act of 1997, and “Data Privacy Act of 2012” shall not apply during this coordinated verification process.[11] 

Penalties Related to the Temporary Holding of Funds

 If an Institution fails to temporarily hold funds subject of a disputed transaction, it shall be liable for loss or damage, including the restitution of the disputed funds.[12] On the other hand, an Institution that holds funds subject of a disputed transaction beyond the allowable period, or improperly holds funds, shall be subject to administrative action under “The New Central Bank Act.”[13] Likewise, any person who, in malice or in bad faith, reports or files unwarranted or false information that results in the temporary holding of funds shall be penalized with imprisonment of not less than 1 year but not more than 5 years, or a fine of not less than PHP 50,000, but not exceeding PHP 200,000, or both, at the discretion of the court. [14]

Investigation and Inquiry into Financial Accounts

The BSP shall have the authority to investigate and inquire into Financial Accounts which may be involved in the commission of Prohibited Acts and Other Offenses. The provisions of RA 1405, as amended, “Foreign Currency Deposit Act of the Philippines,” Revised Non-Stock Savings and Loan Association Act of 1997, and “Data Privacy Act of 2012” shall not apply to Financial Accounts subject of BSP’s investigation. No court below the Court of Appeals shall have jurisdiction to enjoin the BSP from exercising its authority to investigate and inquire.

Without prejudice to the authority of the cybercrime units of the National Bureau of Investigation and the Philippine National Police, the BSP or its duly authorized officer or body shall have the authority to apply for cybercrime warrants and to issue the orders provided in the “Cybercrime Prevention Act of 2012,” with respect to the electronic communications used in any violation of this act.[15]

 The BSP shall have the authority to issue rules on information-sharing and disclosure with law enforcement and other competent authorities in connection with its inquiry and investigation. Provided, any information on the Financial Account which may be shared by BSP shall be used solely to investigate and prosecute cases involving the Prohibited Acts and Other Offenses and to implement the relevant provisions of the Cybercrime Prevention Act.[16] Furthermore, directors, trustees, officers, or employees of an Institution, government officials or employees, or other persons who obtained information on the Financial Account are prohibited from disclosing such information for other purposes.[17]

 Any person who obtained information on the Financial Account subject of BSP’s inquiry or investigation who disclose such information shall be penalized with imprisonment of not less than 1 year but not more than 5 years, or a fine of not less than PHP 50,000 but not exceeding PHP 200,000 or both, at the discretion of the court. If the offender is a juridical person, the fine is double the amount of the penalty, but shall not exceed PHP 10,000,000. Finally, a government official or employee who shall be found guilty of the Prohibited Acts and Other Offenses under Sections 4 and 5 shall also suffer perpetual absolute disqualification from holding any appointive or elective position in the government, or in any agency, entity, or instrumentality thereof.

 

Civil Liability in case of Conviction and Administrative Sanctions

Independent of a criminal case, all properties, tools, instruments, and/or any other non-liquid assets used for the commission of the acts prohibited in Sections 4 and 5 shall be subject to civil forfeiture, upon finding of probable cause. Provided, that in cases of economic sabotage, the rules shall include a summary procedure for the release of a portion of such assets to the Department of Justice upon ex-parte motion for operational support and victim protection, including victims of human trafficking involved in the commission of prohibited acts and other offenses.

 Administrative sanctions in RA 7643 shall also be imposed upon the Institution, its directors, officers, trustees, employees, or agents, for violation of this Act or any other regulations of the BSP. Moreover, prosecution under this act shall be without prejudice to prosecution for any violation of the Revised Penal Code and other special laws. Finally, victims of trafficking in persons shall be free from criminal liability for acts committed as a direct result of being trafficked.

Author’s Summary

 The AFASA enumerates the Prohibited Acts (Money Muling Activities, Social Engineering Schemes, and Economic Sabotage) and Other Offenses and their corresponding penalties. Harsher penalties are imposed when Social Engineering Schemes are directed towards senior citizens. The AFASA also emphasizes the responsibility of the institutions in protecting access to their client’s financial account. In fact, institutions with adequate risk management systems shall not be liable for any loss or damage arising from the Prohibited Acts and Other Offenses. Should the institutions fail to employ adequate risk management systems and controls or fail to exercise the highest degree of diligence, they are liable for restitution of funds to the Account Owners, even before conviction.

 Furthermore, the AFASA also provides that Institutions shall have the authority to temporarily hold the funds subject of a disputed transaction within the period prescribed by the BSP, which shall not exceed 30 days, provided that they also notify the BSP when it temporarily holds the funds. There is a disputed transaction if the Institution has a reasonable ground to believe that such transaction is unusual or without clear economic purpose, among others. An Institution that holds funds subject of a disputed transaction beyond the allowable period, or improperly holds funds shall be subject to administrative action. Once there is a disputed transaction, Institutions and Account Owners shall also initiate a coordinated verification process to validate such.

 Finally, the BSP shall have the authority to investigate and inquire into Financial Accounts which may be involved in the commission of a Prohibited Act or Other Offenses. In fact, the provisions of RA 1405, as amended, “Foreign Currency Deposit Act of the Philippines,” Revised Non-Stock Savings and Loan Association Act of 1997, and “Data Privacy Act of 2012” shall not apply to Financial Accounts subject of BSP’s investigation. The BSP or its duly authorized officer or body also has the authority to apply for cybercrime warrants and to issue the orders provided in the Cybercrime Prevention Act of 2012.