Philippines’ BSP orders stronger controls for QR-enabled payments

The Bangko Sentral ng Pilipinas (BSP) has instructed banks and payment firms to strengthen safeguards for QR-enabled payments and merchant accounts.

The guidance comes amid steps to address risks linked to money laundering, fraud and illegal financial activities, according to a report by local publication The Manila Times.

The directive was issued through Memorandum M-2026-017. It applies to BSP-supervised institutions (BSIs) and covers account onboarding, merchant monitoring and payment settlement arrangements.

In the memorandum, the BSP said BSIs must ensure controls remain “effective and commensurate with risk” as payment activity expands across digital channels.

“BSP-supervised institutions (BSls) are enjoined to strictly ensure that their anti-money laundering and countering terrorism and proliferation financing (AML/CTPF) controls, including account onboarding controls and ongoing account monitoring, remain effective and commensurate with risk across all payment activities,” the publication quoted the central bank as saying.

The memorandum also restated responsibilities for financial institutions engaged in merchant payment acceptance. This includes setups involving payment aggregators and other intermediaries.

The BSP said payment aggregators have “independent and commensurate” anti-money laundering (AML) responsibilities. These include merchant due diligence, risk-based onboarding and monitoring, implementation of risk mitigation measures, and suspicious transaction reporting.

At the same time, the central bank said banks and financial institutions remain primarily responsible for managing AML risks linked to settlement accounts. It added that institutions should maintain sufficient visibility over underlying merchants and related payment activity.

The BSP outlined measures BSIs are expected to implement.

These include maintaining access to sub-merchant information and transaction-level data, applying risk-based onboarding standards, and conducting periodic reviews.

It said reviews may result in restrictions or termination of relationships involving high-risk or non-compliant sub-merchants.

The central bank also directed supervised institutions to ensure the proper use of merchant accounts. It called for clear distinctions between merchant accounts and personal accounts based on the nature and purpose of transactions.

BSIs were instructed to strengthen ongoing merchant monitoring, including periodic reviews of merchant profiles, account usage and transaction behaviour. The BSP also raised concerns over “mule merchants” and the unauthorised use or misuse of QR codes, and told institutions to adopt risk-based measures to detect and prevent such activity.

The BSP also recently warned the public against dealing with unauthorised virtual asset service providers (VASPs), which facilitate virtual asset activities such as exchange, trading, transfers, safekeeping and payments.

It said transacting with these providers can expose users to risks, including the loss of funds.

"Philippines’ BSP orders stronger controls for QR-enabled payments" was originally created and published by Electronic Payments International, a GlobalData owned brand.

The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site.