Fraud Management System

Real-time fraud defense, built for the Philippines

Scores every transaction as it happens and helps you meet AFASA and BSP Circular 1213 out of the box.

  • BSP 1213-aligned
  • AFASA-ready
  • ISO/IEC 27001:2022 & PCI DSS v4.0.1
SwiftGuard
Incoming transaction Scoring · 40 ms
₱ 480,000.00
Fund Transfer · New payee
Risk score 92/100
High risk
Velocity spike New device Watchlist match
Recommendation Block · Step-up authentication
The mandate

The FMS mandate is live, and it keeps evolving

AFASA (RA 12010) and BSP Circular 1213 require covered institutions to run an automated, real-time Fraud Management System for complex EPFS or ₱75M+ average monthly value. The compliance window has closed; supervision is now about what your FMS actually does.

Real-time, inline

Act on a transaction before it completes: an inline decision, not an after-the-fact alert.

Five named parameters

Velocity, device & account-info change, geolocation, blacklist and behavioral, integrated with AML into one financial-crime view.

Presumed negligence

Under AFASA, weak fraud controls can expose an institution to liability for customer losses, so your FMS is both your defense and your evidence.

₱5.82 billion

lost to cyber-enabled fraud by Philippine financial institutions in 2024. Up 2.6% year on year.

Source: Bangko Sentral ng Pilipinas (BSP), 2024
How it works

Your channels stay yours, SwiftGuard decides in the middle

Input

Your channels & core

  • Mobile / Internet
  • ATM
  • InstaPay / PESONet
  • Over-the-counter
  • Risk score
  • Findings
  • Real-time block recommendation
Output

Your core executes

  • Allow
  • Hold
  • Block
  • Step-up authentication
Detection engine

40+ tunable rules across six categories

Not a black box. Every rule is tunable per institution and applied instantly, calibrated to your risk profile, not a global average. And the library keeps growing as new fraud patterns emerge.

01

AML & structuring

Layering, smurfing and structuring patterns across accounts and time.

02

Sanctions & watchlists

PEP, sanctions and watchlist screening, on-platform; data never leaves.

03

Behavioral

Anomalies against a customer's own established behavior.

04

Fraud & mule

Mule-account signatures, scam payouts and coordinated fraud rings.

05

Volume & threshold

Velocity, value thresholds and burst activity across windows.

06

Account, access & location

Device change, credential and account-info tampering signals.

One financial-crime view

Fraud and AML in one view

Findings auto-create cases with SLA tracking, an immutable activity log and evidence attachments: an audit-ready record, exportable for BSP examination.

1

L1 review

First-line review of each finding as a case.

2

L2 review

Review stages you configure, with SLA tracking and escalation.

3

Compliance

Maker-checker approvals protect sensitive changes: one user proposes, another approves.

Closed

Every action, from disposition to resolution, is captured in the audit trail.

Why SwiftGuard

Built for the Philippines, not adapted to it

We don't bend an international platform to fit AFASA and BSP rules. Philippine compliance is the product.

International platforms
  • Global rule sets retrofitted to local circulars
  • Roadmap set overseas; PH is an edge case
  • Support and data far from your regulator
SwiftGuard
  • Rules, reports and workflows map to BSP circulars and PH fraud typologies: InstaPay/PESONet, OTC, mule networks
  • Deep roots in the PH financial sector, live with Philippine banks
  • When the regulation moves, we move with it. This is our home market
The path

Integrate instead of building, live in weeks

1

NDA & scope

Mutual NDA and engagement scope.

2

Tenant provisioned

Your isolated tenant is stood up.

3

Sandbox access

Credentials + full API sandbox.

4

Integrate

API docs, Postman & Swagger + support.

5

UAT sign-off

Joint user-acceptance testing.

6

Production

Go-live and monitoring.

No core replacement. No rip-and-replace. SwiftGuard sits alongside the systems you already run. The platform already exists and is already live.

Enterprise-grade

Secure enough for banks, because it runs in banks

Database-per-tenant isolation, no stored card data or customer credentials, and multi-AZ infrastructure with tested disaster recovery.

BSP supervisedBSP supervised
ISO/IEC 27001 certifiedISO/IEC 27001 certified
PCI DSS compliantPCI DSS compliant
SOC 2 Type II aligned via AWSSOC 2 Type II aligned (via AWS)
AES 256 encryptionAES 256 encryption
TLS 1.2 and 1.3 enabledTLS 1.2 & 1.3 enabled
FAQs

Frequently asked questions

Do we need to replace anything?

No. SwiftGuard sits alongside your core and channels; your systems keep executing decisions. No rip-and-replace.

Who acts on a flagged transaction?

SwiftGuard scores and recommends; your systems act. For each transaction it returns a risk score, the findings behind it, and a block recommendation. Your core or channel then allows, holds, blocks, or steps up authentication. You stay in control of every decision.

How long to go live?

Weeks, not quarters. After NDA and scope, we stand up your isolated tenant and a full API sandbox; you integrate with our API docs, we run joint UAT, then go live with monitoring. No core replacement.

Is our data safe?

Yes, by design. Each institution runs in its own database (not shared tables), sanctions screening runs on-platform so data never leaves, we store no customer credentials, and the platform is ISO/IEC 27001:2022 and PCI DSS v4.0.1 certified, hosted on AWS with multi-AZ resilience and tested disaster recovery.

We already have transaction monitoring. Why this?

Most monitoring is after-the-fact and generic. SwiftGuard scores in real time, before a payment completes, with rules mapped to BSP Circular 1213's named parameters and to Philippine fraud typologies (InstaPay/PESONet, OTC, mule networks). It unifies fraud and AML in one case view rather than two disconnected tools.

Who controls the rules and thresholds?

You do. Every rule can be enabled, scored, and set blocking or non-blocking per institution, and sensitive changes are governed by maker-checker approval. Your risk appetite stays in your hands.

See your readiness in one session

Let's review your existing controls against BSP Circular 1213 and walk you through how SwiftGuard supports compliance.

Book a readiness session