In recognition of the importance of data connectivity in financial services, Bangko Sentral ng Pilipinas (“BSP”) and The Monetary Authority of Singapore (“MAS”) have agreed on and jointly issue the following statement of intent:
1.1. BSP and MAS recognise that the ability to aggregate, store, process, and transmit data across borders is critical to the development of the financial sector. The expanding use of data in financial services and the increasing use of technology to supply financial services offer a range of benefits, including greater consumer choice, enhanced risk management capabilities, and increased efficiency. These developments also pose new and complex risks for markets and challenges for policymakers and regulators. BSP and MAS are committed to working together and with other countries and authorities to promote an environment in financial services that fosters the development of the global economy.
2. Promotion of data connectivity
2.1. Data localisation requirements can increase cybersecurity and other operational risks, hinder risk management and compliance, and inhibit financial regulatory and supervisory access to data. Data mobility in financial services supports economic growth and the development of innovative financial services, and benefits risk management and compliance programs, by, amongst others, making it easier to detect cross-border money laundering, terrorist financing patterns, and proliferation financing; defend against cyberattacks; and manage and assess risk on a global basis.
2.2. Based on this shared understanding, the BSP and MAS intend to promote the adoption and implementation of policies and rules that facilitate the following goals with respect to the operation of banks and non-bank financial institutions falling within the jurisdiction of either BSP or MAS (“covered institutions”):
a. Covered institutions should be allowed to transfer data, including personal information, across borders by electronic means provided this activity is for the conduct of the business within the scope of their license, authorisation, or registration.
b. The location where covered institutions can store and process their data should not be restricted as long as BSP and MAS have full and timely access to the data necessary to fulfill their regulatory and supervisory mandate.
c. If BSP or MAS is unable to access the data as described in paragraph 2.2(b) above, covered institutions should have the opportunity to remediate such lack of access before being required to use or locate computing facilities locally.
2.3 BSP and MAS also intend to, as appropriate, encourage other authorities to adopt policies and rules which facilitate the goals set out in paragraph 2.2.
3. Information sharing
3.1. BSP and MAS also intend to share information on developments related to the adoption and implementation of the policies and rules referred to in paragraphs 2.2 and 2.3.
This Statement of Intent is issued subject to the domestic laws and regulations of Philippines and Singapore and does not modify or supersede any laws or regulatory requirements in force in Philippines or Singapore, or applying to BSP or MAS. For the avoidance of doubt, this Statement of Intent is not legally binding and does not create any enforceable rights under domestic or international law. This Statement of Intent does not oblige BSP or MAS to disclose supervisory information or information relating to the financial affairs or accounts of individual customers of a bank. In addition, this Statement of Intent does not restrict the right of BSP or MAS to adopt or maintain measures to protect personal information, personal privacy and confidentiality of individual records and accounts. Any transfers of data, including personal information, across borders by electronic means by covered institutions should be subject to the applicable laws, rules and regulations of Philippines and Singapore on data privacy, security, governance, and confidentiality of individual records and accounts.