Author: Vivekananda J

 

Overview: Regulatory Shift in the Philippines

The Bangko Sentral ng Pilipinas (BSP) issued Circular No. 1213 in May 2025 as part of the implementing rules for the Anti-Financial Account Scamming Act (AFASA) or Republic Act No. 12010. Building on its earlier real-time fraud detection mandate (Circulars 1140 and 1160), BSP has now introduced stringent IT risk management requirements designed to combat the escalating threat of financial cybercrime in the Philippines.

Core Regulatory Requirements

BSP-supervised Financial Institutions (BSFIs) engaged in complex electronic products and services with high aggregate values (averaging ₱75 million monthly for the last six months) must implement comprehensive Fraud Management Systems.

To strengthen fraud detection and prevention, BSFIs mustl leverage a combination of rule-based approaches, machine learning algorithms, and other technologies to adapt to evolving fraud tactics. These systems must include five essential fraud detection mechanisms:

• Transaction Velocity Checks monitor the frequency of incoming and outgoing transactions to detect unusual activity patterns, including those facilitated by automated bots, malware, or zero-day exploits. The system must implement risk-based thresholds based on customer profiles to identify transactions outside normal spending patterns.
• Mobile Device and Account Information Changes monitoring tracks modifications to mobile numbers, email addresses, and other identifying information that may indicate account takeover attacks. The bank must analyze subsequent transactions for fraud patterns and temporarily block transactions after suspicious changes.
• Geolocation Monitoring tracks the geographic location of transaction initiators to identify activities from unexpected locations. The system must be capable of stopping transactions from unusual locations or triggering enhanced due diligence procedures.
• Blacklist Screening analyzes transactions against databases of unsecure merchants and account activities associated with mobile devices and IP addresses involved in fraudulent transactions. The bank must include rules to block such transactions to prevent customer fraud exposure.

Behavioral Anomalies detection identifies deviations from typical user behavior, including spending patterns and login habits. This includes detecting collective transactional behavior anomalies such as multiple fund transfers to few recipients or patterns indicating concentration without business purpose.

Account Protection Safeguards

Financial accounts must implement comprehensive security measures including:

• 24-Hour Transaction Pause Period (TPP) after key account changes, restricting customers from performing financial transactions. Key account changes include updates to mobile numbers, email addresses, and registered devices. BSFIs may shorten the TPP or implement transaction restrictions during this period if strong authentication mechanisms are in place.
• Device Security Restrictions prohibit installing mobile applications on unsecured devices, including those with outdated systems, rooted or jailbroken devices, or emulators.
• Anti-Automation Controls prohibit unauthorized scripts or automation tools through behavioral analysis, rate limiting, session management, and bot detection.
• Device Fingerprinting adoption requires collecting device data and implementing mechanisms to prevent spoofing of device identity.

Enhanced Authentication Requirements mandates significant strengthening of authentication mechanisms, particularly limiting the use of interceptable authentication methods like SMS and email OTPs.

Customer Empowerment Features

Digital platforms facilitating retail interbank fund transfers must offer specific customer protection features:

• Kill Switch functionality enables account holders to suspend their accounts and block outgoing financial transactions when fraud is detected. Instructions must be properly authenticated and verified.  
• Permission Management allows customers to revoke access for trusted devices, online merchants, third-party applications, or electronic services. 
• Money Lock feature allows account holders to secure portions of their funds, making them inaccessible for online transactions without in-person verification at branches or strong digital authentication. 

Customizable Transaction Limits enable account holders to set restrictions on transaction numbers, values, or types within BSFI-predefined limits.

How Clari5 Enables Regulatory Compliance

Clari5 is a real-time, enterprise-grade AI-powered financial crime risk management platform. It combines deterministic scenarios with machine learning, behavioral intelligence, and Digital TrustArmour to provide a unified response to fraud, mule activity, and scam detection fully aligned with BSP Circulars 1213 (AFASA implementation) and 1215 (dispute tracing requirements).

AI + Scenario Based Fraud Risk & Anti-Money Laundering Solution (FRAML)

BSP Requirement

Real-time detection/blocking of suspicious transactions.

Clari5 Solution:

• Out of the box fraud prevention and monitoring scenarios including velocity checks, device/account changes, geolocation anomalies, blacklists, and spending deviation patterns.
• AI-augmented decisioning combining supervised ML models and industry leading scenarios.
• Learn from evolving fraud patterns (e.g., phishing, mule layering) to improve detection accuracy.
• Fraud detection, monitoring, and blocking of suspicious transactions help identify and prevent money mules, layering, and social engineering-based schemes.
• Instant transaction scoring enables pre-transaction block/challenge/allow decisions across channels.

Digital TrustArmour – Behavioral Biometrics & Device Risk Analytics

BSP Requirement: Prohibit bots/scripts, identify risky devices, and flag abnormal behavior.

Clari5 Response:

• TrustArmour silently analyzes user behavior (e.g., typing rhythm, swiping patterns, scroll speed) to detect bots or session takeovers.
• Flags jailbroken/rooted devices, emulators, and untrusted device fingerprints in real-time.
• Defends against screen scraping, replay attacks, and automated fraud attempts fulfilling BSP’s anti-bot and session control mandates.

Mule Fraud and Ring Detection

BSP Requirement: Trace disputed funds across institutions.

Clari5 Response:

• Graph-based link analysis to uncover money mule networks and layered transfers.
• Visualizes the “disputed transaction chain” as required by BSP 1215.
• Identifies account collusion via shared devices, IPs, KYC fields, and transaction patterns.
• Automatically detects orchestrated scams or mule rings  critical for AFASA compliance.

Adaptive Risk Response & Customer-Level Profiling

BSP Requirements: Dynamic authentication, behavioral monitoring, customer empowerment.

Clari5 Response:

• Builds a real-time, evolving risk score for each customer based on:
  • Location behavior, spending habits, device usage, and historical actions.
• Can trigger a bank’s preferred adaptive authentication (e.g., step-up MFA, transaction challenge) when anomalies arise.
• Supports user-driven controls (kill switch, money lock, transaction caps) through API integration.

Conclusion

Clari5 helps banks meet and exceed the requirements of BSP Circulars 1213 by offering:

• Real-time fraud blocking
• Regulatory-aligned FMS rules
• Automated dispute handling workflows
• Graph-based mule detection
• Customer-centric fraud protection features

Clari5 not only ensures compliance — it enables a future-ready fraud defense strategy that is real-time, explainable, and scalable.

Read how BSP’s earlier mandate on real-time fraud monitoring set the stage for these expanded requirements here.

 

On August 13, 2025, the Reserve Bank of India (RBI) released its Framework for Responsible and Ethical Enablement of Artificial Intelligence (FREE-AI) in the financial sector. The framework sets clear expectations for how regulated entities must adopt AI: responsibly, explainably, and ethically.

For fraud prevention, this is a watershed moment. The RBI is requiring that AI not only be smart but also accountable, fair, and auditable. Clari5 Genie is purpose-built to meet and exceed these expectations with real-time interdiction, investigator-grade explainability, bias controls, and proven bank-grade governance. The result is lower fraud losses, faster decisions, and full alignment with regulatory confidence requirements.

What RBI’s FREE-AI Framework Means for Fraud Prevention

The RBI’s framework is anchored in seven guiding principles: Trust, People First, Innovation over Restraint, Fairness, Accountability, Understandability by Design, and Safety. These principles translate into 26 actionable recommendations across six strategic pillars: Infrastructure, Policy, Capacity, Governance, Protection, and Assurance.

For fraud prevention, the implications are clear:

• Trust & Safety: AI must strengthen trust in digital financial services by protecting customers and ensuring safe adoption at scale.
• Explainability: AI decisions must be interpretable and regulator-ready.
• Fairness: Models must deliver consistent outcomes across customer segments.
• Privacy & Security: Data use must be governed, minimal, and consented.
• Lifecycle Governance: AI must be continuously learning and adapting with transparent oversight.
• Human Oversight: AI must empower, not replace, human judgment.

How Clari5 Genie Aligns with RBI’s Expectations

Clari5 Genie operationalizes RBI’s FREE-AI vision by scanning millions of transactions in real time, flagging suspicious activity, and providing regulator-ready explanations. It reduces fraud losses, boosts investigator productivity, improves customer experience, and strengthens regulatory confidence.

Built on explainability, fairness, and governance by design, Genie ensures that every alert includes clear rationales and data lineage, giving investigators and regulators full visibility into decisions. Through its conversational interface and advanced similarity analysis, investigators can instantly understand why an alert was triggered and see connected risk patterns. Real-time scoring across cards, UPI, internet banking, branches, and trade flows ensures fraud is detected the moment it occurs. Dashboards track precision, recall, false positives, and model drift to maintain reliability, directly supporting continuous monitoring.

To keep AI responsible and regulator-ready, Genie integrates fairness-focused design, continuous learning, and human oversight. It adapts continuously across cases, ensures outcomes are consistent, and secures access through enterprise-grade encryption and consent controls. It generates audit-ready narratives, while investigator feedback and policy-driven overrides further sharpen accuracy and reinforce trust in every decision.

RBI Expectation	What “Good” Looks Like	Clari5 Genie Capability
Explainability	Decisions explainable to business, audit, and regulator	Alert rationales, feature attributions, decision paths
Fairness	Documented testing and error parity across segments	Outcome consistency across alerts and cases, powered by adaptive models
Security & Privacy	Data minimization, masked PII, strong access control	Encryption, role-based access, lineage, retention policies
Lifecycle Governance	Defined owners, approvals, version control	Continuous learning, case adaptation, and compliance-ready reports
Monitoring	Real-time KPIs and drift detection	Dashboards, alerts, feedback incorporation
Human Oversight	Clear override and escalation process	Policy overrides, audit trails, user training

 

RBI’s Broader Push for Real-Time AI Governance

The FREE-AI framework is part of a larger supervisory shift toward real-time, data-driven controls. Key measures include:

• Early Warning Systems: Mandatory, fully integrated with core banking to detect anomalies instantly and flag Red Flagged Accounts across lending, payments, and digital channels.
• Dedicated Analytics Units: Banks must set up Data Analytics and Market Intelligence teams that use AI/ML for proactive fraud detection.
• Board-Level Accountability: Fraud Risk Management policies now need board approval and ongoing oversight, with special committees monitoring fraud cases.
• Zero-Threshold Fraud Reporting: All frauds, regardless of value, must be reported immediately to RBI and law enforcement. Real-time updates to the Central Fraud Registry are mandatory.
• Innovation Drive: RBI’s Innovation Hub has introduced MuleHunter.AI for large-scale detection of mule accounts, complementing bank-level monitoring.
• Cybersecurity Mandates: Strengthened frameworks now require robust third-party risk management, continuous monitoring, and clear customer liability protections.

Together, these measures make transparent AI, strong governance, and real-time interdiction a regulatory expectation, not an option.

In summary, the RBI’s FREE-AI framework marks a decisive shift from reactive to real-time fraud prevention, and from opaque systems to fully explainable AI. By directly operationalizing principles and recommendations from the RBI report, Clari5 Genie empowers banks to lead in responsible AI adoption, protect customers, and build enduring trust in a rapidly digitizing financial ecosystem.

To discover how Clari5 Genie can future-proof your fraud prevention strategy and help your bank exceed RBI’s vision for responsible AI, schedule a personalized demo today.

Over the past months, I have had the privilege of establishing roots here in the Middle East and meeting banking leaders across the region. One insight has become increasingly clear through boardroom conversations is that the UAE is methodically designing the future of financial security.

The numbers reflect this. The UAE’s RegTech market reached $258 million in 2024, growing 28.3% year over year. As the global fraud detection market heads toward $246 billion by 2032, the UAE is positioning itself as a builder of next-generation financial resilience.

Stand-out themes in the country’s fraud prevention leadership

I have been fortunate to meet with executive teams in Abu Dhabi and Dubai, listening to the priorities that matter most. Here are the themes that consistently stand out:

• Real-time defense as a requirement: Discussion never begins with “if” but “how fast”: banks expect decisioning and fraud insights delivered in milliseconds. This is the minimum standard to address evolving threats, from instant payment fraud to the latest deepfake-driven scams.
• Fraud as reputational leadership: Boardrooms understand that every successful defense is a proof point for their brand. Trust determines customer loyalty, making security not just an operational concern but a growth driver.
• Collaboration defines resilience: Isolation is no longer an option. UAE banks, regulators, and technology partners are creating secure channels to share intelligence, jointly address new threat typologies, and elevate collective defense. The pace is setting new benchmarks for regional and global peers.
• From information overload to guided action: Fraud teams are demanding platforms that blend intelligence with operational clarity. The emphasis is on clear, actionable recommendations, not more dashboards. What matters is knowing precisely what to do next.
• Continuous adaptation: Static rule sets have given way to platforms that learn from every transaction. The expectation is self-learning systems that keep pace with the growth of digital banking, reducing false positives while detecting emerging patterns early.

The Regulatory Foundation Powering Innovation

In my conversations with banking leaders, one thing comes up repeatedly: the UAE’s regulatory clarity. The country’s removal from the FATF grey list in early 2024 wasn’t just paperwork. It represented over fifty systemic reforms that fundamentally changed how financial institutions operate here.
The Central Bank’s approach creates real competitive advantage through strategic enablers. The January 2025 guidelines mandating real-time transaction monitoring for high-risk entities and the June 2024 Sandbox Conditions Regulation give banks and fintechs the runway to innovate within clear boundaries.
What strikes me most is how the UAE has learned from global leaders while charting its own path. Singapore’s collaborative fraud models, Saudi Arabia’s risk frameworks; Europe’s real-time analytics. The UAE takes the best practices and adapts them to local realities. That’s not following trends. It is setting them.

Trends Likely to Shape the Next Five Years

Looking ahead, I see five transformative trends that will define UAE’s fraud prevention landscape:
AI-powered hyper-personalization will underpin fraud prevention, enabling tailored risk models for every customer segment.
Human-centric, real-time controls will define digital onboarding and payment security, adapting with behavioral and biometric intelligence.
Autonomous remediation systems, that not only detect but respond and resolve threats, will become standard.
Industry sandboxes will bridge banks, fintechs, and regulatory bodies to trial and deploy innovation before it hits the market.

A Shared Commitment Powered by Innovation

At Clari5, we view ourselves not just as technology providers but as trusted partners in the UAE’s fraud prevention journey. Our newest advancement, Clari5 Genie, exemplifies this commitment. Leveraging generative AI, Genie transforms financial crime management by delivering real-time, expert-level insights directly to investigators and business users through an intuitive, chat-based console.

Where fraud teams struggled with mountains of alerts and complex investigations, Genie’s generative AI now sits alongside investigators, answering questions in plain English and cutting investigation times by up to 70% on average. No more digging through dashboards. Just ask what you need to know.

What excites me most is how Genie simulates threats before they happen. In my meetings with UAE banking leaders, this predictive capability consistently gets their attention. They see the strategic advantage immediately. The platform runs entirely on-premises, meeting the strict data privacy requirements of banks here, while delivering cutting-edge intelligence.

This is the kind of partnership the UAE market demands. Together with banks and regulators, Clari5 Genie is helping build a fraud prevention ecosystem where trust is earned in real time, and security drives sustainable growth. The future of fraud management here is collaborative, intelligent, and agile, and we are proud to be part of it.

Saudi Arabia’s banking sector is advancing with vision and velocity, guided by the Saudi Central Bank (SAMA)’s evolving regulatory expectations and aligned with Vision 2030’s bold digital transformation. SAMA’s June 2025 directives make it clear that AI-driven scam detection, biometric onboarding, and cross-border surveillance are becoming essential.

 

Regulatory Imperatives: The 2025 Timeline

As fraud threats grow more complex, the second half of 2025 is becoming a defining phase in the Kingdom’s journey toward real-time, intelligence-led fraud prevention.

Q3 2025 Expectations

• AI Governance Enforcement: Banks are expected to demonstrate explainable, auditable GenAI systems with clearly documented bias controls and data lineage.
• GCC Mule Account Watchlist: SAMA and its GCC counterparts are strengthening cooperation against cross-border mule networks through joint fraud intelligence frameworks.
• Biometric KYC Controls: Real-time biometric verification is being strongly encouraged for mobile onboarding, with heightened regulatory scrutiny of facial spoofing controls.

Q4 2025 Shifts

• Open Banking Phase 3: This regulatory framework allows banks and authorized third parties to securely share customer data via standardized APIs, based on customer consent. Under Phase 3, institutions will be responsible for managing fraud risks related to third-party fintechs, with stronger monitoring and control measures.
• AI Audit Trail Requirements: SAMA is expected to finalize guidelines for auditability and traceability of AI decisions in high-risk use cases, especially at the AML/fraud intersection.
• Multi-Channel Orchestration: Banks must holistically monitor fraud journeys across Sarie (the national instant payment system), POS, mobile, IVR, and embedded finance ecosystems.

Emerging Threat Vectors & Technology Gaps Requiring Attention

SAMA’s 2025 fraud reviews identify three fast-rising risks:

• Arabic-language scam kits targeting SMEs and younger demographics with localized phishing
• Synthetic IDs using AI-fabricated data to bypass legacy KYC in fast-disbursal lending
• Social-driven mule recruitment through encrypted messaging platforms such as Telegram

Rules-based systems are no longer sufficient. Banks must pivot to:

• Behavioral AI for dynamic, real-time anomaly detection
• Federated learning for privacy-preserving, cross-institutional threat sharing
• Deepfake detection for media authentication in onboarding/voice transactions

Collaboration: The Non-Negotiable Priority

SAMA’s Counter-Fraud Framework expects banks to achieve at least Level 3 (Structured and Formalized) compliance maturity, requiring:

• Integration of fraud, cyber, and AML teams to break operational silos
• Active participation in GCC-wide anti-financial crime alert networks
• API-level fraud data sharing with Open Banking partners
  

With MENA cybersecurity spending projected to reach $3.3 billion by 2025, the focus must be on:

• Real-time behavioral analytics over batch fraud monitoring
• Demonstrably explainable AI, in line with SAMA’s evolving AI ethics framework
• Continuous authentication across embedded finance ecosystems

The coming months will shape Saudi Arabia’s long-term fraud resilience. Success depends not simply on reacting to threats, but on adopting intelligent, adaptive, and collaborative systems, elevating fraud prevention from a compliance mandate to a pillar of trust.

Read more about real-time fraud defense frameworks at Clari5 Banking Solutions Overview.

 

The Bangko Sentral ng Pilipinas (BSP) recently issued a circular requiring all banks and e-wallet providers in the Philippines to implement real-time, automated fraud management systems within a year. This marks a crucial moment for the country’s financial ecosystem, aligning regulation with the rapid growth in digital transactions and rising fraud risks.

Why Now?

The Philippines’ digital payments landscape has grown at an impressive pace in recent years:

• Over 43% year-on-year growth in digital payment transactions as of 2024
• Target of 50% of retail payments to be digital by 2026, already surpassed in 2023 at 52.8%
• A mobile-first consumer base and an expanding e-wallet ecosystem

However, this success has brought significant challenges. Digital fraud has surged:

• Online fraud incidents rose 85% year-on-year, based on recent reports
• The digital fraud rate hit 13.4% in 2024, nearly 150% higher than the global average
• E-wallet fraud is now the most common consumer complaint, with major providers frequently cited in reports
• Online scam complaints tripled in 2024, with over 10,000 cases reported to the Cybercrime Investigation and Coordinating Center (CICC)

This BSP directive is about more than compliance. It’s about rebuilding and reinforcing public trust in digital financial services — which is essential for sustaining growth.

What the Mandate Requires

The circular sets clear expectations for banks and e-wallet providers to deliver:

• Automated Fraud Monitoring: Continuous oversight to spot anomalies
• Real-Time Detection: Immediate identification of suspicious patterns
• Instant Blocking: The ability to stop fraudulent transactions before completion
• Integration with AML Systems: A unified approach to financial crime risk
• Continuous Customer Monitoring: For post-onboarding fraud detection and risk profiling
• Robust Consumer Education: Helping customers understand and avoid scams

These capabilities are essential for tackling increasingly sophisticated fraud, from account takeovers and synthetic identities to organised scam rings and mule networks.

A Continuum of Regulatory Progress

This mandate builds on other BSP and regional efforts to strengthen digital trust, including:

• Enhanced Transaction Authentication introduced in 2024
• QR Ph Person-to-Biller Expansion to promote seamless, cashless bill payments
• Upcoming AI-Specific Banking Regulations to ensure accountability in AI-driven fraud detection and AML analytics
• FATF Grey List Review & On-Site Evaluation, encouraging stronger KYC/AML standards and ongoing monitoring
• AFASA & IT Risk Amendments mandating real-time fraud monitoring and post-onboarding detection
• BCCR regulations enhancing oversight of fraud-related consumer complaints
• CASP Guidelines, relevant for those expanding into digital assets

Together, these measures reflect a maturing regulatory environment that balances innovation with accountability and consumer protection.

What Will It Take to Comply?

For banks and e-wallet providers, meeting the mandate will require a meaningful shift in capability:

• Enterprise-grade real-time decision engines to handle high transaction volumes
• Machine learning-powered behavioural analytics to detect fraud across diverse channels
• Cross-channel integration linking mobile apps, online banking, ATMs, e-wallets, and merchant platforms
• Tightly integrated AML and fraud risk systems for a unified view of financial crime risk
• Scalable architectures that can adapt to evolving regulatory demands

Institutions that see this as a strategic transformation, rather than a compliance checkbox, will be best placed to scale safely as the Philippines deepens its digital finance ambitions.

Beyond Compliance and the Cost of Inaction

Real-time fraud management is not just about ticking boxes. It is a strategic investment that helps banks and e-wallet providers:

• Build and maintain customer trust
• Reduce fraud losses
• Deliver better experiences with friction-right authentication
• Show leadership in safeguarding the digital financial system

Those who aim higher than minimum compliance will gain a competitive edge as consumer trust becomes the critical differentiator.

At the same time, delaying or underinvesting carries real costs—direct financial losses, reputational damage, and potential regulatory penalties. In a highly competitive market, those costs can quickly exceed the investment needed to modernise.

It is worth noting the Philippines isn’t alone in this push. Regulators across ASEAN, from Malaysia’s BNM to Indonesia’s OJK, are also lifting expectations around real-time fraud monitoring and AML integration. Institutions that act early can avoid fragmented, reactive upgrades later, and also set themselves apart as leaders in a region that prioritises safe, inclusive digital finance.

A Moment for Market-Wide Collaboration

This mandate is both urgent and necessary. It calls on Philippine financial institutions to take a proactive stance: rethinking their frameworks, modernising technology, and collaborating with experienced partners in real-time financial crime risk management.

In the coming months, we can expect further clarifications, industry discussions, and technology evaluations. Institutions that move early won’t just ensure compliance, they will strengthen their fraud defences and position themselves for long-term growth in a market where digital trust is the new currency of success.

Read more about real-time fraud defence frameworks at Clari5 Banking Solutions.