Duration 2 days – 14 hrs
Overview
Republic Act No. 12010 (AFASA) strengthens the Philippines’ legal and operational response to financial account scamming, including money muling and social engineering schemes. It also sets expectations on institutional controls (e.g., MFA/Fraud Management System), temporary holding of disputed funds, and coordinated verification among institutions and account owners.
Objectives
- Explain AFASA scope, key definitions, and the acts penalized (money muling, social engineering, related offenses).
- Interpret institutional duties to protect access to financial accounts using proportionate controls (e.g., MFA, Fraud Management System).
- Apply AFASA rules on temporary holding of funds in disputed transactions (up to the BSP-prescribed period not exceeding 30 calendar days, unless extended by court).
- Implement a practical workflow for coordinated verification (inter-institution + account owner), including understanding when bank secrecy/data privacy constraints do not apply during the process.
- Recognize penalties and risk exposures for individuals and organizations, and translate them into internal controls, SOPs, and staff playbooks.
- Align internal procedures with BSP information-sharing/inquiry mechanisms (high-level awareness) and governance requirements.
Audience
- Compliance / Regulatory Affairs
- Fraud Risk / Financial Crime / AML teams
- Operations & Disputes / Chargebacks / Investigations
- Customer Service / Contact Center leadership
- Digital Channels / Product Owners
- Information Security / Cybersecurity / IT Risk
- Legal / Corporate Counsel
- Branch / Field Operations (for customer escalations and reporting)
Pre- requisites
- Basic familiarity with digital banking/e-wallet flows (login, transfers, cash-in/out, card funding, etc.)
- Working knowledge of KYC/identity verification and basic fraud concepts (phishing/social engineering)
- For deeper implementation sessions: familiarity with your org’s dispute handling and fraud tooling (e.g., case management, FMS rules)
Course Outline
Module 1 — Scam Landscape and Why AFASA Exists
- Common scam patterns in PH digital finance (money mules, account takeovers, phishing/vishing, fake “bank” calls)
- Where scams break controls: onboarding, credentialing, recovery flows, payouts
Module 2 — AFASA 12010: Scope, Definitions, and Who is Covered
- Key terms (financial account, sensitive identifying information, institutions)
- What counts as “financial account scamming” under AFASA Lawphil
Module 3 — Prohibited Acts and Offenses
- Money Muling Activities (using/allowing use of accounts; buying/renting/selling/lending accounts; recruitment) Lawphil
- Social Engineering Schemes (misrepresentation + solicitation of sensitive info; use of electronic communications to obtain sensitive info leading to unauthorized access/control) Lawphil+1
- “Other offenses” (aiding/abetting, attempts, fictitious accounts, buying/selling accounts) Lawphil
- Economic sabotage conditions (overview) Lawphil
Module 4 — Penalties and Legal Consequences
- Penalties for money muling, social engineering, economic sabotage, and other offenses Lawphil
- Account closure/forfeiture implications (high-level awareness) Lawphil+1
Module 5 — Institutional Responsibilities: Controls You’re Expected to Have
- Duty to protect access with adequate risk management systems and controls (e.g., MFA, Fraud Management System, enrollment/verification processes) Lawphil
- What “proportionate and commensurate” controls mean in practice (tiering by risk/product/channel)
- Translating AFASA to control mapping: people/process/tech + governance
Module 6 — Disputed Transactions: Temporary Hold + Coordinated Verification
- Temporary holding of funds: triggers, timelines, notifications, and constraints (incl. BSP-prescribed period not exceeding 30 days, unless extended by court) Lawphil+1
- What counts as “disputed” and reasonable grounds (operational interpretation) Lawphil
- Coordinated verification process: required collaboration and what it means operationally Lawphil
- Bank secrecy/data privacy inapplicability during coordinated verification (what to document, how to protect data anyway) Lawphil
- Malicious reporting awareness (why controls should prevent abuse) Lawphil
Module 7 — Enforcement, Inquiry, and Information Sharing
- High-level overview of BSP inquiry/information-sharing mechanics and confidentiality boundaries Lawphil+1
- Awareness of CAPO and information-sharing agreements/process expectations (roles, request essentials) Bureau of the Treasury
Module 8 — Practical Workshop: Build Your AFASA Playbook
Deliverables produced during the workshop:
- AFASA-aligned Disputed Transaction Handling Flow (detect → hold → verify → release/return → report)
- Escalation + comms templates (customer advisory script, internal escalation triggers)
- Control checklist for MFA, account recovery, enrollment, payout friction, mule detection
- Action plan: 30/60/90-day remediation roadmap (quick wins + backlog items).
