Real-time fraud defense, built for the Philippines
Scores every transaction as it happens and helps you meet AFASA and BSP Circular 1213 out of the box.
- BSP 1213-aligned
- AFASA-ready
- ISO/IEC 27001:2022 & PCI DSS v4.0.1
The FMS mandate is live, and it keeps evolving
AFASA (RA 12010) and BSP Circular 1213 require covered institutions to run an automated, real-time Fraud Management System for complex EPFS or ₱75M+ average monthly value. The compliance window has closed; supervision is now about what your FMS actually does.
Real-time, inline
Act on a transaction before it completes: an inline decision, not an after-the-fact alert.
Five named parameters
Velocity, device & account-info change, geolocation, blacklist and behavioral, integrated with AML into one financial-crime view.
Presumed negligence
Under AFASA, weak fraud controls can expose an institution to liability for customer losses, so your FMS is both your defense and your evidence.
lost to cyber-enabled fraud by Philippine financial institutions in 2024. Up 2.6% year on year.
Source: Bangko Sentral ng Pilipinas (BSP), 2024Your channels stay yours, SwiftGuard decides in the middle
Your channels & core
- Mobile / Internet
- ATM
- InstaPay / PESONet
- Over-the-counter
- Risk score
- Findings
- Real-time block recommendation
Your core executes
- Allow
- Hold
- Block
- Step-up authentication
40+ tunable rules across six categories
Not a black box. Every rule is tunable per institution and applied instantly, calibrated to your risk profile, not a global average. And the library keeps growing as new fraud patterns emerge.
AML & structuring
Layering, smurfing and structuring patterns across accounts and time.
Sanctions & watchlists
PEP, sanctions and watchlist screening, on-platform; data never leaves.
Behavioral
Anomalies against a customer's own established behavior.
Fraud & mule
Mule-account signatures, scam payouts and coordinated fraud rings.
Volume & threshold
Velocity, value thresholds and burst activity across windows.
Account, access & location
Device change, credential and account-info tampering signals.
Fraud and AML in one view
Findings auto-create cases with SLA tracking, an immutable activity log and evidence attachments: an audit-ready record, exportable for BSP examination.
L1 review
First-line review of each finding as a case.
L2 review
Review stages you configure, with SLA tracking and escalation.
Compliance
Maker-checker approvals protect sensitive changes: one user proposes, another approves.
Closed
Every action, from disposition to resolution, is captured in the audit trail.
Built for the Philippines, not adapted to it
We don't bend an international platform to fit AFASA and BSP rules. Philippine compliance is the product.
- Global rule sets retrofitted to local circulars
- Roadmap set overseas; PH is an edge case
- Support and data far from your regulator
- Rules, reports and workflows map to BSP circulars and PH fraud typologies: InstaPay/PESONet, OTC, mule networks
- Deep roots in the PH financial sector, live with Philippine banks
- When the regulation moves, we move with it. This is our home market
Integrate instead of building, live in weeks
NDA & scope
Mutual NDA and engagement scope.
Tenant provisioned
Your isolated tenant is stood up.
Sandbox access
Credentials + full API sandbox.
Integrate
API docs, Postman & Swagger + support.
UAT sign-off
Joint user-acceptance testing.
Production
Go-live and monitoring.
No core replacement. No rip-and-replace. SwiftGuard sits alongside the systems you already run. The platform already exists and is already live.
Secure enough for banks, because it runs in banks
Database-per-tenant isolation, no stored card data or customer credentials, and multi-AZ infrastructure with tested disaster recovery.
BSP supervised
ISO/IEC 27001 certified
PCI DSS compliant
SOC 2 Type II aligned (via AWS)
AES 256 encryption
TLS 1.2 & 1.3 enabledFrequently asked questions
Do we need to replace anything?
No. SwiftGuard sits alongside your core and channels; your systems keep executing decisions. No rip-and-replace.
Who acts on a flagged transaction?
SwiftGuard scores and recommends; your systems act. For each transaction it returns a risk score, the findings behind it, and a block recommendation. Your core or channel then allows, holds, blocks, or steps up authentication. You stay in control of every decision.
How long to go live?
Weeks, not quarters. After NDA and scope, we stand up your isolated tenant and a full API sandbox; you integrate with our API docs, we run joint UAT, then go live with monitoring. No core replacement.
Is our data safe?
Yes, by design. Each institution runs in its own database (not shared tables), sanctions screening runs on-platform so data never leaves, we store no customer credentials, and the platform is ISO/IEC 27001:2022 and PCI DSS v4.0.1 certified, hosted on AWS with multi-AZ resilience and tested disaster recovery.
We already have transaction monitoring. Why this?
Most monitoring is after-the-fact and generic. SwiftGuard scores in real time, before a payment completes, with rules mapped to BSP Circular 1213's named parameters and to Philippine fraud typologies (InstaPay/PESONet, OTC, mule networks). It unifies fraud and AML in one case view rather than two disconnected tools.
Who controls the rules and thresholds?
You do. Every rule can be enabled, scored, and set blocking or non-blocking per institution, and sensitive changes are governed by maker-checker approval. Your risk appetite stays in your hands.
See your readiness in one session
Let's review your existing controls against BSP Circular 1213 and walk you through how SwiftGuard supports compliance.
Book a readiness session