Future-Ready Fraud Defense In Philippines: Clari5 Alignment with BSP Circular 1213

Overview: Regulatory Shift in the Philippines

The Bangko Sentral ng Pilipinas (BSP) issued Circular No. 1213 in May 2025 as part of the implementing rules for the Anti-Financial Account Scamming Act (AFASA) or Republic Act No. 12010. Building on its earlier real-time fraud detection mandate (Circulars 1140 and 1160), BSP has now introduced stringent IT risk management requirements designed to combat the escalating threat of financial cybercrime in the Philippines.

Core Regulatory Requirements

BSP-supervised Financial Institutions (BSFIs) engaged in complex electronic products and services with high aggregate values (averaging ₱75 million monthly for the last six months) must implement comprehensive Fraud Management Systems.

To strengthen fraud detection and prevention, BSFIs mustl leverage a combination of rule-based approaches, machine learning algorithms, and other technologies to adapt to evolving fraud tactics. These systems must include five essential fraud detection mechanisms:

• Transaction Velocity Checks monitor the frequency of incoming and outgoing transactions to detect unusual activity patterns, including those facilitated by automated bots, malware, or zero-day exploits. The system must implement risk-based thresholds based on customer profiles to identify transactions outside normal spending patterns.
• Mobile Device and Account Information Changes monitoring tracks modifications to mobile numbers, email addresses, and other identifying information that may indicate account takeover attacks. The bank must analyze subsequent transactions for fraud patterns and temporarily block transactions after suspicious changes.
• Geolocation Monitoring tracks the geographic location of transaction initiators to identify activities from unexpected locations. The system must be capable of stopping transactions from unusual locations or triggering enhanced due diligence procedures.
• Blacklist Screening analyzes transactions against databases of unsecure merchants and account activities associated with mobile devices and IP addresses involved in fraudulent transactions. The bank must include rules to block such transactions to prevent customer fraud exposure.

Behavioral Anomalies detection identifies deviations from typical user behavior, including spending patterns and login habits. This includes detecting collective transactional behavior anomalies such as multiple fund transfers to few recipients or patterns indicating concentration without business purpose.

Account Protection Safeguards

Financial accounts must implement comprehensive security measures including:

• 24-Hour Transaction Pause Period (TPP) after key account changes, restricting customers from performing financial transactions. Key account changes include updates to mobile numbers, email addresses, and registered devices. BSFIs may shorten the TPP or implement transaction restrictions during this period if strong authentication mechanisms are in place.
• Device Security Restrictions prohibit installing mobile applications on unsecured devices, including those with outdated systems, rooted or jailbroken devices, or emulators.
• Anti-Automation Controls prohibit unauthorized scripts or automation tools through behavioral analysis, rate limiting, session management, and bot detection.
• Device Fingerprinting adoption requires collecting device data and implementing mechanisms to prevent spoofing of device identity.

Enhanced Authentication Requirements mandates significant strengthening of authentication mechanisms, particularly limiting the use of interceptable authentication methods like SMS and email OTPs.

Customer Empowerment Features

Digital platforms facilitating retail interbank fund transfers must offer specific customer protection features:

• Kill Switch functionality enables account holders to suspend their accounts and block outgoing financial transactions when fraud is detected. Instructions must be properly authenticated and verified.  
• Permission Management allows customers to revoke access for trusted devices, online merchants, third-party applications, or electronic services. 
• Money Lock feature allows account holders to secure portions of their funds, making them inaccessible for online transactions without in-person verification at branches or strong digital authentication. 

Customizable Transaction Limits enable account holders to set restrictions on transaction numbers, values, or types within BSFI-predefined limits.

How Clari5 Enables Regulatory Compliance

Clari5 is a real-time, enterprise-grade AI-powered financial crime risk management platform. It combines deterministic scenarios with machine learning, behavioral intelligence, and Digital TrustArmour to provide a unified response to fraud, mule activity, and scam detection fully aligned with BSP Circulars 1213 (AFASA implementation) and 1215 (dispute tracing requirements).

AI + Scenario Based Fraud Risk & Anti-Money Laundering Solution (FRAML)

BSP Requirement

Real-time detection/blocking of suspicious transactions.

Clari5 Solution:

• Out of the box fraud prevention and monitoring scenarios including velocity checks, device/account changes, geolocation anomalies, blacklists, and spending deviation patterns.
• AI-augmented decisioning combining supervised ML models and industry leading scenarios.
• Learn from evolving fraud patterns (e.g., phishing, mule layering) to improve detection accuracy.
• Fraud detection, monitoring, and blocking of suspicious transactions help identify and prevent money mules, layering, and social engineering-based schemes.
• Instant transaction scoring enables pre-transaction block/challenge/allow decisions across channels.

Digital TrustArmour – Behavioral Biometrics & Device Risk Analytics

BSP Requirement: Prohibit bots/scripts, identify risky devices, and flag abnormal behavior.

Clari5 Response:

• TrustArmour silently analyzes user behavior (e.g., typing rhythm, swiping patterns, scroll speed) to detect bots or session takeovers.
• Flags jailbroken/rooted devices, emulators, and untrusted device fingerprints in real-time.
• Defends against screen scraping, replay attacks, and automated fraud attempts fulfilling BSP’s anti-bot and session control mandates.

Mule Fraud and Ring Detection

BSP Requirement: Trace disputed funds across institutions.

Clari5 Response:

• Graph-based link analysis to uncover money mule networks and layered transfers.
• Visualizes the “disputed transaction chain” as required by BSP 1215.
• Identifies account collusion via shared devices, IPs, KYC fields, and transaction patterns.
• Automatically detects orchestrated scams or mule rings  critical for AFASA compliance.

Adaptive Risk Response & Customer-Level Profiling

BSP Requirements: Dynamic authentication, behavioral monitoring, customer empowerment.

Clari5 Response:

• Builds a real-time, evolving risk score for each customer based on:
  • Location behavior, spending habits, device usage, and historical actions.
• Can trigger a bank’s preferred adaptive authentication (e.g., step-up MFA, transaction challenge) when anomalies arise.
• Supports user-driven controls (kill switch, money lock, transaction caps) through API integration.

Conclusion

Clari5 helps banks meet and exceed the requirements of BSP Circulars 1213 by offering:

• Real-time fraud blocking
• Regulatory-aligned FMS rules
• Automated dispute handling workflows
• Graph-based mule detection
• Customer-centric fraud protection features

Clari5 not only ensures compliance — it enables a future-ready fraud defense strategy that is real-time, explainable, and scalable.

Read how BSP’s earlier mandate on real-time fraud monitoring set the stage for these expanded requirements here.