BSP IT Profile Report Submission Guidelines

The BSP requires IT profile reporting to build baseline information of IT systems of Philippine banks.
The BSP requires IT profile reporting to risk profile the complexity of IT operations based on technology-related products and services offered, delivery channels, and processes involved.
The IT profile requirement is undertaken as part of Sec. X176 of the MORB on Technology risk management.

All banks are required to accomplish and submit an IT Profile report.
The required submission covers the IT profile of banks as of 31 December 2011.
The memorandum distinguishes reporting email addresses by bank type: Universal/Commercial Banks (U/KBs), Thrift Banks (TBs), and Rural/Cooperative Banks (R/CBs).
Reporting is organized around a standardized IT Profile reporting template, including sample format in Annex A.

The initial IT Profile report must be submitted as of 31 December 2011.
The initial IT Profile report must be submitted to the BSP on or before 31 March 2012.
Subsequent reports must be submitted on an annual basis.
Subsequent reports must be submitted within twenty-five (25) calendar days from the end of reference year.

The IT Profile reporting template is accessible through //bsp.gov.ph/frp/templates.
Annex A provides a sample format of the IT Profile report.
The template and other relevant attachments are also available upon request at the BSP-Supervisory Data Center (BSP-SDC) through the designated contact channels in the memorandum.

The IT Profile report must be submitted electronically to BSP using the specific email address corresponding to the reporting institution’s bank type.
Universal/Commercial Banks (U/KBs) shall submit the IT Profile report to sdckb-itprofile@bsp.gov.ph.
Thrift Banks (TBs) shall submit the IT Profile report to sdctb-itprofile@bsp.gov.ph.
Rural/Cooperative Banks (R/CBs) shall submit the IT Profile report to sdcrb-itprofile@bsp.gov.ph.
The email subject line must follow the format ITPROFILE < bankname >, < reference period >, e.g., ITPROFILE < bankname >, 31 December 2011.

The submission must include a certification that is duly notarized and signed by the authorized official of the reporting institution.
The notarized certification must be sent within the prescribed submission deadline.
The signed and notarized certification must be sent to the BSP director of the Supervisory Data Center (SDC) via facsimile at (632) 708-7554 or 708-7558.

Institutions that are unable to transmit the IT Profile report electronically must submit the IT Profile report in CD.
CD submission must be accompanied by the aforementioned certification.
CD submission may be made through messengerial or postal services.
CD and certification must be submitted within the prescribed deadline to:
- The Director, Supervisory Data Center, Bangko Sentral ng Pilipinas
- 16th Floor, Multi-Storey Building, BSP Complex, A. Mabini Street, Malate, Manila 1004.

The memorandum directs “For compliance” with the IT Profile reporting requirements and procedures stated for all covered banks.
The BSP requires each reporting institution to accomplish and submit the IT Profile report following the specified template, email format, and certification requirements.
Noncompliance with the reporting requirements is governed by BSP supervisory compliance expectations under technology risk management referenced through Sec. X176 of the MORB on Technology risk management.