QuestionsQuestions (BSP Memorandum No. M-2015-017)
It reminds banks and their subsidiaries/affiliates to comply with the laws and telecom regulations that prohibit unsolicited text (push) messages, due to public complaints.
Section 4 of the Cybercrime Prevention Act of 2012 (Republic Act No. 10175), particularly on unsolicited commercial communications.
It is prohibited when the message is intended to advertise, sell, or offer for sale products/services using a computer system, unless there is prior consent from the recipient, or the communication complies with the statutory conditions (including an opt-out feature and no misleading/disguised source).
It refers to the recipient’s authorization before receiving the commercial message, so the message is sent only if the recipient agreed beforehand.
The commercial electronic communication must (among others) not be sent without consent; or, if applicable, must contain an opt-out feature, must not purposely disguise the source of the message, and must not mislead recipients into reading it.
NTC Memorandum Circular (MC) No. 03-03-2005-A dated 03 July 2006, as amended by MC No. 04-07-2009 dated 07 July 2009.
They protect and promote the interests of subscribers/end-users of public telecommunication entities by prohibiting push message sending/initiating by content and/or information providers.
Information transmitted to a mobile phone—either subscribed or unsolicited—without a user request and initiated by the Public Telecommunications Entity (PTE) or the Content Provider (CP).
PTE is any person/firm/partnership/corporation (government or private) engaged in providing telecom services to the public for compensation. CP is an organization that creates/maintains databases containing information from an information provider.
The subscriber must send written consent through correspondence, text message, internet, or other similar means of communication to the PTE.
It states that banks remain responsible for all violations of the regulations and law committed by their outsourced agency/personnel.
The bank remains responsible for those violations committed by its outsourced agency/personnel.
Banks must strictly comply with RA 10175 (Section 4 on unsolicited commercial communications) and the NTC memoranda prohibiting push messages, especially regarding consent and message conditions.
A push message is initiated without a user request, while messages intended for a subscriber who has requested/consented (consistent with the rules) would not be considered push messages as defined.