The June 30 Deadline Is Non‑Negotiable
On July 20, 2024, the Philippine government enacted Republic Act No. 12010, the Anti‑Financial Account Scamming Act (AFASA). The law criminalizes money muling, phishing, and social engineering schemes. It also mandates stronger authentication for all financial transactions.
BSP Deputy Governor Elmore Capule has made one thing clear: the June 30, 2026 deadline is not being extended. “As of now we are not extending it,” Capule said, stressing that financial institutions must accelerate preparations for the new requirements .
This is not a suggestion. It is a mandatory requirement. Missing the deadline means regulatory sanctions, hefty fines, and in cases involving organized fraud, possible criminal liability.
Instadesk VoiceBot helps financial institutions meet this deadline with AI‑powered voice biometrics and device‑bound authentication.
BSP Circular 1213: The End of SMS OTPs
BSP Circular No. 1213 mandates that all Philippine banks and non‑bank financial institutions phase out SMS‑based OTPs for high‑risk transactions by June 30, 2026. This requirement is a direct implementation of AFASA’s provisions.
SMS OTPs are now considered interceptable and vulnerable to phishing, SIM‑swap attacks, and social engineering. The BSP explicitly requires phishing‑resistant, device‑bound authentication methods. These include biometric verification, behavioral biometrics, and hardware tokens .
How Instadesk VoiceBot meets the requirement:
The BSP lists voice recognition as an approved biometric authentication method. Voice recognition provides customer convenience and enhanced security, as biometrics can be difficult to replicate or steal.
Instadesk VoiceBot supports voiceprint‑based customer authentication over phone calls. A customer calls the bank. The system matches their voiceprint against a registered sample. The authentication happens naturally, without requiring the customer to type codes or answer security questions.
This is phishing‑resistant because a voice cannot be intercepted via SMS. It works over existing phone infrastructure. No hardware tokens required. No app installation needed.
The same voice authentication engine powers Instadesk’s inbound call center solution. Banks can deploy voice biometrics across their entire phone support operation without replacing their existing telephony systems.
Beyond OTPs: Multi‑Factor Authentication in Action
Circular 1213 also requires banks to implement stronger fraud management systems capable of detecting suspicious transactions in real time. The rules mandate device fingerprinting, geolocation monitoring, and behavioral anomaly detection .
Institutions handling high‑volume online transfers must adopt robust fraud management systems capable of monitoring transaction frequency to detect bot‑driven attacks and zero‑day exploits.
How Instadesk VoiceBot fits into the fraud management stack:
Instadesk’s platform is designed to sit alongside a bank’s core fraud detection engine. When a customer calls to inquire about a transaction or report an issue, VoiceBot can authenticate them using voice biometrics before granting access to account information.
For high‑risk scenarios — such as changing a registered phone number or initiating a large transfer — the system can enforce step‑up authentication requiring voiceprint verification on top of other factors. This aligns with the BSP’s adaptive authentication framework, where verification requirements are dynamically adjusted based on transaction risk .
VoiceBot also integrates with the bank’s existing fraud detection systems. When an is triggered, the system can automatically route the call to a specialized fraud agent with the customer’s authentication status and transaction history already displayed on screen.
What AFASA Criminalizes — and Why Strong Authentication Matters
AFASA creates three tiers of criminal liability that every financial institution must help enforce.
Money muling — using, borrowing, selling, or allowing others to use a financial account to handle proceeds from criminal activity — is now a criminal offense. Social engineering schemes — phishing, smishing, and vishing — are also explicitly criminalized.
When these offenses are committed by three or more persons conspiring together, or against three or more victims, they are classified as economic sabotage. Under this aggravated classification, violators face life imprisonment and fines ranging from one million to five million Philippine pesos .
Financial institutions are not bystanders. AFASA mandates them to implement necessary safeguards and cooperate with law enforcement in investigations.
Why this connects to Instadesk VoiceBot:
Weak authentication is how scammers gain access to accounts in the first place. By replacing SMS OTPs with voice biometrics, banks close the entry point that enables mule account creation and unauthorized transactions.
VoiceBot’s authentication logs also serve as audit trails. When law enforcement investigates a scam, the bank can produce verifiable records showing which authentication method was used, at what time, and by whom. This strengthens the bank’s position under AFASA’s good‑faith protection provisions.
Implementation Timeline: What Banks Need to Do Now
The BSP’s compliance framework is clear. Banks must:
- Deploy automated, real‑time fraud monitoring and detection systems
- Implement phishing‑resistant multi‑factor authentication
- Phase out SMS OTPs for high‑risk transactions by June 30, 2026
Instadesk VoiceBot supports all three requirements. The platform is cloud‑based, deploys in days, and integrates with existing call recording systems via prebuilt connectors. No hardware upgrades needed. No custom development required.
A free trial with 500 minutes is available. Banks can test voice biometrics with live calls before committing to full deployment.
Conclusion
The June 30 deadline is not a suggestion. It is the law.
Voice biometrics is not a future technology. It is available today. Instadesk VoiceBot delivers enterprise‑grade voice authentication that meets BSP requirements, protects customers from fraud, and helps financial institutions avoid regulatory penalties.
Start with a free trial. No credit card required.
