After years of KYC deployments across the Philippines, and watching Vietnam navigate the same shift, here is what our team keeps seeing on the ground.
When the State Bank of Vietnam mandated biometric authentication in July 2024, our team in Vietnam had a front-row seat to the fallout. Some banks moved carefully, deploying solutions built for local documents and tested on local users; they saw a 50% reduction in fraud within months. Others rushed, treating the mandate as a "check-the-box" exercise, and spent the following year dismantling what they had just built.
That experience shapes how we view the Philippines today.
We recently explored why the end of the OTP is the best news for the Filipino consumer, highlighting how AFASA is finally shifting the burden of security from the customer to the institution. But moving from the "why" to the "how" is where the real work begins.
The June 2026 deadline under BSP Circular 1213 is a fundamental redesign of how trust is managed. Across our conversations with compliance teams and CISOs, the question Vietnam taught us to ask first remains: Does this solution actually work for your specific customers, on the devices they use, with the documents they carry?
Circular 1213 is more surgical than many realize. It isn't just about using biometrics. Liveness detection and deepfake detection are mandatory. Biometric templates must be stored as encrypted mathematical representations, never raw images.
Crucially, institutions must monitor and report algorithmic bias across user groups. This requirement carries the most weight; it presupposes that your system is consistent enough across your actual customer base to produce defensible data. If your system struggles with certain demographics, the circular gives the BSP clear grounds to ask why.
The BSP received around 70,000 fraud complaints in 2024. The patterns here, the spoofed documents, the targeted devices, the specific presentation attacks, are uniquely Philippine-specific. A system trained primarily on Western or European data carries assumptions that don't survive a real-world Philippine customer queue.
Working alongside more than 50 BSP-supervised institutions, we see three structural patterns that determine success:
Vietnam’s experience tells us that the initial mandate is rarely the final chapter. Over 18 months, requirements there expanded to cover card issuance, corporate accounts, and e-wallets. The institutions that built properly the first time were ready. Those that treated it as a point-in-time fix spent the following year re-engineering.
The roadmap for the Philippines follows a similar arc. AFASA is the floor, but it is far from the ceiling.
The institutions already live on compliant authentication—including the 50+ currently running TrustVision in the Philippines—did not just clear a hurdle. They rebuilt the relationship with their customers. Transactions that used to rely on an interceptable, sharable OTP now complete with a seamless liveness check.
June 2026 is the deadline to watch, but the question we raise in every meeting is this: When June passes, what will you have built?
Will it be a system that meets the minimum and needs a costly revisit when the next circular arrives? Or an authentication layer designed for Philippine data, built to absorb whatever comes next?
The institutions asking that question today are the ones who will still have their customers' trust tomorrow.
Alok Chaubey | Chief Revenue Officer, Trusting Social Philippines
Alok Chaubey is a fintech leader with over 15 years of experience across the lending lifecycle, from founding RupeePower to leadership roles at TransUnion and QBera. At Trusting Social, Alok has been instrumental in onboarding 50+ institutional clients in the Philippines, driving AI-powered identity and fraud intelligence to bridge the gap for the unbanked. He holds an MBA from Nottingham Trent University.