The Bangko Sentral ng Pilipinas (BSP) is proposing a new framework that will give accredited financial institutions and credit information providers broader access to borrower data to better manage risk and expand access to financing.
In a draft circular released for public consultation, the BSP proposed an Open Access Framework that would enable authorized entities to access credit information through the central bank’s Credit Information Management System (CRIMS).
“The Bangko Sentral is expanding access to credit information for authorized external users, subject to applicable data privacy laws, rules and regulations,” the central bank said.
“This is anchored in the principle that informed lending decisions underpin effective credit risk management,” it added.
CRIMS serves as the BSP’s centralized credit registry, containing borrower-level data collected from supervised financial institutions through the Comprehensive Credit and Equity Exposures Report (COCREE). The information has primarily been used for supervisory surveillance, policy formulation and research purposes.
Under the proposed framework, the BSP will open access to qualified external users, allowing them to obtain credit information for purposes such as verifying borrower identity, assessing creditworthiness and conducting due diligence activities related to lending.
The BSP said the broader access to reliable credit information could help reduce information asymmetry in the financial sector, strengthen credit underwriting standards and support the expansion of credit to underserved borrowers.
The framework will establish two categories of users. Accessing Entities (AEs) will consist of BSP-supervised financial institutions that contribute credit information to the system and gain access on the basis of reciprocity.
Special Accessing Entities (SAEs), meanwhile, will include credit bureaus and similar organizations that do not directly contribute data but use the information to provide value-added credit services.
To ensure a controlled rollout, the BSP plans to initially limit accreditation to no more than three SAEs. The cap may be reviewed and adjusted in the future depending on market conditions and operational experience.
The proposed guidelines require all applicants to undergo a rigorous accreditation process covering governance, financial capability, operational readiness, data privacy compliance and cybersecurity controls.
Entities seeking access must maintain information security programs, appoint key officers such as data privacy and cybersecurity officials, implement risk management systems and establish dispute resolution mechanisms for clients.
Applicants may also be required to submit cybersecurity assessments, vulnerability and penetration testing results, or equivalent certifications to demonstrate their readiness.
The BSP emphasized that access to credit information must be supported by valid consent from borrowers and must comply with the Data Privacy Act of 2012.
Accredited entities will be prohibited from sharing or disclosing information obtained from CRIMS beyond authorized purposes.
The draft rules also provide safeguards for consumers by requiring accredited entities to maintain mechanisms for handling complaints, disputes and requests related to credit information. Borrowers will have channels to raise concerns regarding the use of their data and the accuracy of information accessed through the system.
The central bank is likewise imposing strict reporting obligations for cybersecurity incidents. Accredited entities must notify the BSP within two hours of discovering major cyberattacks or significant operational disruptions, followed by a more detailed report within 24 hours.
To maintain access, accredited entities will be subject to periodic off-site and on-site evaluations by the BSP.
“In cases of non-compliance with the terms of the PA [participation agreement], the accredited entities shall be subject to appropriate contractual remedies, including the issuance of directives, suspension or revocation of access, and monetary penalties,” the central bank said.
