What is BSP Circular 1213 and when does it take effect?

BSP Circular 1213 takes effect June 30, 2026. Read together with AFASA (RA 12010), scam-loss liability shifts to the supervised institution unless it can prove adequate controls.

What does Fiduciary do?

Fiduciary provides compliance infrastructure: identity verification, phishing-resistant login, consent, and a court-admissible audit ledger, with a post-quantum signature on every transaction as evidence of adequate controls.

Are the records court-admissible?

Yes. Every event is signed with post-quantum cryptography (NIST FIPS 204) and hash-chained in a tamper-evident ledger, admissible under RA 8792 section 7.

Is there a free tier?

Yes. Institutions can start free and upgrade inside the dashboard, with no sales call required.

What security standards does Fiduciary use?

Post-quantum ML-DSA-65 (NIST FIPS 204) signatures, WebAuthn passkeys (phishing-resistant, AAL3), and alignment with BSP Circular 1213, AFASA (RA 12010), and the Data Privacy Act (RA 10173).

BSP Circular 1213 — Compliance Before June 30, 2026

AFASA Section 6: the institution bears the loss when a customer account is used in a scam — unless it can demonstrate adequate controls across the full transaction lifecycle. “We had a policy” is no longer the standard.

Become compliant

The law

Four instruments define your obligation.

What applies to you, and by when. Nothing more than what the regulation requires.

Bangko Sentral

BSP Circular 1213

Amends the IT Risk Management framework. Nine obligations across identity, due diligence, AML, risk, consent, and audit. Effective June 30, 2026.

RA 12010

AFASA §6 · §7

§6 — institutional liability for scam losses absent adequate controls. §7 — a court-admissible audit trail for every transaction.

RA 10173

Data Privacy Act

Free, prior, informed consent for data processing; 72-hour breach notification to the National Privacy Commission.

RA 8792

E-Commerce Act §7

Electronic documents and signatures as admissible legal evidence — the standard your audit trail must meet.

What is required

Nine obligations. One integration. Signed evidence on every one.

Your head office integrates once; every branch and channel is covered. Each obligation produces a court-admissible record.

1Consumer protection — identity at onboardingCovered

2Customer due diligence (CDD)Covered

3AML / suspicious-transaction screeningCovered

4Transaction risk monitoringCovered

5Data-privacy consent (RA 10173)Covered

6Audit trail (AFASA §7)Covered

7Enhanced due diligenceEvidenced

8Ongoing transaction monitoringEvidenced

9AMLC reporting — suspicious / covered transactionsSTR record

Six obligations are met end-to-end. Two are institutional responsibilities for which we supply the signed evidence. For the ninth, we screen the transaction (AML · sanctions · PEP) and generate the signed, court-admissible record that substantiates your STR/CTR — your team submits it to the AMLC. We don't file on your behalf; we make the filing defensible.

How it works

One integration. Evidence on every transaction.

Your head office integrates once — every branch, channel, and teller is covered, and every action produces a signed, retrievable record.

Integrate once

One integration covers your whole institution — every branch, channel, and teller.

Sign every transaction

Each call returns post-quantum-signed, court-admissible evidence with a permanent audit ID.

Retrieve on demand

Your examiners verify any record by its audit ID — your AFASA §7 evidence, instantly.

From sign-up to examiner-ready

A 30-day path to readiness.

Week 1

Week 1–2

Integrate against the sandbox; map your branches.

Week 3

Pilot one branch or channel on a production key.

Week 4

Roll out across all branches. Examiner-ready audit trail live.

Be compliant before the deadline.

Engagement begins under NDA. We share the architecture, the vendor due-diligence pack, and a pilot scoped to a single branch.

Request access Book a compliance briefing

— days remain until June 30, 2026.