Title
Outsourcing rules for E-Money issuers
Law
Bsp Circular No. 704, S. 2010
Decision Date
Dec 22, 2010
The Bangko Sentral ng Pilipinas establishes guidelines for Electronic Money Issuers to outsource services to Electronic Money Network Service Providers, ensuring compliance with operational standards, risk management, and consumer protection in the delivery of financial services to underserved populations.
outsourcing
electronic money
financial services

Questions (BSP CIRCULAR NO. 704, S. 2010)

An EMNSP is a non-financial institution that provides automated systems, network infrastructure, and a network of accredited agents to enable an EMI’s clients to: (1) convert cash to E-money and monetize E-money; (2) transfer funds from one electronic wallet to another; (3) use E-money as payment for goods and services; and (4) conduct other similar/related E-money activities/transactions.

No. If the EMI intends to outsource the services contemplated in Section 2, it must limit its outsource entity to an EMNSP only, and must follow the outsourcing procedures for IT systems/processes under the MORB.

In addition to the documentary requirements under the MORB outsourcing provision (X162.2 / formerly X169.2), the EMI must submit a certification signed by its President or an officer of equivalent rank certifying that due diligence was conducted and that the selected EMNSP met the minimum requirements under Section 5 of the Circular.

The contract must, at a minimum, contain the requirements under MORB X162.2 and additionally must stipulate that: (1) the EMNSP allows BSP access and examination of the E-money system/network infrastructure/agent network and related operations for confidentiality, integrity, reliability, and compliance; (2) the EMNSP shall not further outsource/subcontract the outsourced activity; and (3) interconnection by the EMNSP with other networks is limited to other EMNSP networks and BSP-recognized ATM consortia.

It requires the EMNSP to perform the outsourced activities with the same care as if the EMI itself were doing them, including monitoring/control procedures to ensure compliance at all times with applicable BSP rules and regulations.

The EMNSP must have: (1) an accreditation process for selecting agents for cash-in/cash-out conversion and monetization activities; and (2) mechanisms to manage sufficient liquidity in its system/network.

All cash-in and cash-out agents must undergo AML trainings and re-trainings every two (2) years.

Before: conduct appropriate due diligence considering qualitative and quantitative factors such as financial condition/results, risk management practices, technical expertise (e.g., monitoring transaction velocity and aggregation of monthly limits), market share, reputation (company and stockholders), and AML compliance. Also ensure EMNSP adheres to international standards on IT governance, information security, and business continuity; and endeavor to get independent reviews/market feedback. After: perform operational review of the EMNSP at least annually, document it as part of monitoring and control.

Examples include: (1) financial condition and results of operation for previous years; (2) risk management practices; (3) technical expertise (including monitoring velocity and aggregation of monthly limits); (4) market share and reputation of the company/stockholders; (5) compliance with AML requirements and BSP rules and regulations.

Notwithstanding any contractual agreement on sharing responsibility, the EMI remains responsible to its customers for outsourced activities. This is without prejudice to further recourse by the EMI against the EMNSP.

The EMI should regularly review and monitor the EMNSP’s security practices and control processes, obtain periodic expert reports on adequacy of security (confidentiality/integrity and compliance with internationally recognized standards), ensure segregation of records pertaining to the EMI’s transactions from those of other EMIs, and ensure the EMNSP reports security breaches immediately.

The EMNSP must have documented business continuity plans that are periodically reviewed and tested with no significant test findings. The EMNSP must also provide timely and adequate notification to the EMI on adverse developments impacting service delivery/performance.

It must comply with EMNSP requirements under the Circular and undertake risk-mitigating measures to insulate the liquid assets corresponding to its outstanding E-money balance (maintained pursuant to Circular No. 649) from risks arising from its liabilities as an EMNSP—e.g., ringfencing through an escrow or trust account in a BSP-acceptable financial institution.

Violations committed by EMIs pertaining to outsourcing to EMNSPs are subject to monetary penalties as graduated under Circular No. 496 and/or other non-monetary sanctions under Section 37 of Republic Act No. 7653.

EMIs granted authority to outsource their E-money activities to an EMNSP may continue, but must conform to the Circular’s provisions within six (6) months from its effectivity.

It takes effect fifteen (15) days following its publication in the Official Gazette or in a newspaper of general circulation.


Analyze Cases Smarter, Faster
Jur helps you analyze cases smarter to comprehend faster, building context before diving into full texts. AI-powered analysis, always verify critical details.

About Privacy Terms