The Philippines’ Securities and Exchange Commission (SEC) has pledged to crack down on “unacceptable and abusive business models” of financing and lending companies that use financial technology in the delivery of their products and services.
The regulator published last week a set of draft rules on how fintech firms are granted licences in the country, and is seeking comments from the public. The move comes after finance secretary Carlos Dominguez III earlier this month directed the SEC and the Bureau of Internal Revenue (BIR) to take a closer look at existing fintech firms’ business models.
Under the draft rules, financing and lending companies that wish to own or operate online lending platforms or engage in fintech-related activities must register and be approved by the SEC.
Requirements include a detailed business and operational plan such as information on the firm’s consumer protection and collection policies and processes, including a list of all its third-party service providers (TPSPs), cybersecurity programmes and policies, data recovery, backup, and disaster risk reduction plan as well as information on the location of the company’s data centre and data recovery centre.
The SEC will also require companies to provide information on their marketing strategy, target market, interest rates, loan products and services.
Focus on cybersafety
To be duly licensed, the fintech firms must also have at least five directors and at least two independent directors. Independent directors should also make up 20% of the board of directors, the regulator says.
The draft rules likewise put emphasis on cybersafety, requiring that firms applying for a licence provide a detailed summary of the relevant experience of the chief technology and cybersecurity officers, as well as the data privacy officer.
The regulator also says the fintech firm should be able to demonstrate a walk-through of the actual user experience before they can gain approval.
Other requirements include a breakdown of the firm’s proposed complaint-handling process, as well as a discussion on the extent of data the fintech firm will collect and how such data will be handled.
Licence suspension, revocation
The draft rules also set penalties for fintech firms that violate licensing terms – they can be fined up to 100,000 pesos (US$2,000) for the first offence, 200,000 pesos for the second offence, and one million pesos for the third offence.
Fintech firms that violate the licensing terms can also be suspended for up to 60 days, or have their licence revoked.
“Depending on the gravity of the offence, the commission may also proceed with the suspension or revocation of the company’s certificate of authority to operate and primary licence,” the regulator says.
Meanwhile, firms that are denied can reapply after one year, provided they can demonstrate that the reason for the initial rejection no longer exists.
Interested parties have until December 2 to comment on the proposed rules, the SEC says.