AFASA Law and Deepfake Fraud: How BSFIs Can Verify Real Identities

Financial institutions have spent years improving onboarding. Fraudsters have spent those same years making identities harder to verify.

Those two trends are now colliding.

A customer can open a bank account in minutes. A synthetic identity can be assembled just as quickly. Deepfakes, manipulated media, and digitally fabricated personas are challenging assumptions that have shaped customer onboarding and KYC programs for years.

For BSP-supervised financial institutions (BSFIs), this challenge sits at the heart of the Anti-Financial Account Scamming Act (AFASA Law) and BSP Circular 1213. The question is not simply how to verify documents. It is about establishing trust when identities can be manufactured at scale.

For years, identity verification relied heavily on document trust. If a passport was genuine, an ID was valid, and customer information matched official records, institutions could proceed with confidence.

As financial fraud grows more sophisticated, institutions are placing greater emphasis on identity trust alongside document trust.

What Is the AFASA Law in the Philippines and Why Does It Matter to BSFIs?

The Anti-Financial Account Scamming Act, also referred to as the AFASA Law, is a bill that seeks to strengthen the Philippines’ efforts to combat financial account scamming, cyber-enabled fraud, and the use of anti-financial accounts in criminal activities.

The AFASA Law in the Philippines is important not only for enforcement but also for preventing fraudsters from availing of financial services. Effective onboarding, due diligence, and identity verification are important for BSFIs in combating fraud.

With the rise of digital banking in the Philippines, verifying customer legitimacy is playing a greater role in compliance and operational resilience.

How AFASA Law Strengthens Fraud Prevention Requirements for BSP-Supervised Institutions

Financial scams have become widespread rather than isolated incidents.

There are many different methods that a modern fraud network can use, operating across multiple financial accounts, payment methods, and digital entities. They depend on their ability to access legitimate financial systems and exploit loopholes in verification procedures before they can catch up.

To address this situation, the AFASA Law was developed.

The law goes beyond fraud detection, placing greater emphasis on stronger prevention, coordination, and accountability across the financial system. This move puts pressure on institutions to detect the risk sooner and build up control throughout the customer lifecycle.

In BSP-supervised institutions, fraud prevention goes beyond transaction monitoring. The first step is to learn who is opening an account and if that identity is trusted.

The move reflects the industry’s growing recognition of the importance of identity verification in the battle against financial crime.

Why Deepfake Fraud Is Becoming a Growing Risk for KYC in the Philippines

Deepfakes have transformed identity fraud from a document problem into a trust problem.

The shift from document trust to identity trust is reshaping how financial institutions approach identity verification and fraud prevention.

Falsified papers are no longer necessary to make a convincing identity. Scammers can use the stolen information and fake faces, videos, and identities to create a valid-looking identity when signing up.

This poses a substantial challenge for KYC programs in the Philippines.

For KYC programs in the Philippines, this creates a significant challenge.

Verification systems designed to identify fake documents may struggle when the documents themselves are genuine, but the individual presenting them is not.

The financial damage from this threat is increasing. According to IBM’s report, New Wave of Deepfake Cybercrime (2025), the total global cost of deepfake-related fraud could reach $1 trillion, underscoring the gravity of the threat faced by organizations worldwide.

Financial institutions use certain trust mechanisms to verify customer identity during account opening, authentication, and account recovery, all of which are challenged by deepfakes. As the availability of these tools grows, it is becoming harder to tell real customers from fake ones.

What BSP Circular 1213 Means for Identity Verification and Fraud Detection

Given the issuance of Circular 1213 by the Bangko Sentral ng Pilipinas (BSP), heightened fraud-prevention and risk-management controls are expected across all BSP-supervised institutions.

It is more than a regulatory requirement.

Its significance extends beyond regulatory compliance.

The circular demonstrates an increasing awareness that the threat of fraud is becoming more complex and that institutions need to improve their capabilities to detect threats before they become financial losses.

Identity verification sits at the center of this effort.

Weak onboarding procedures create opportunities for fraud, mule accounts, and account misuse. These activities are much more difficult to perform when strong onboarding controls are in place.

The focus reflects BSP’s overall efforts to promote the implementation of AFASA, underscoring the regulator’s dedication to bolstering trust and security in the financial system. Institutions grappling with evolving fraud risks are increasingly treating identity assurance as an operational imperative rather than a compliance requirement.

Why Legacy KYC Processes Struggle Against Deepfakes and Synthetic Identities

Many KYC frameworks were developed during a time when document forgery represented the primary identity-related threat.

That environment has changed.

Many traditional KYC frameworks were designed to verify documents rather than identities. Today’s fraudsters can combine genuine personal information with manipulated media to create convincing digital personas. As a result, institutions face a new challenge: determining whether the individual presenting a legitimate document is its rightful owner. This shift highlights the growing importance of identity trust alongside document trust.

From KYC to Continuous Identity Assurance

The verification process should not stop after an account is accepted.

Numerous organizations are moving towards continuous identity assurance, which involves continuous assessment of trust throughout the customer lifecycle, rather than relying on a single onboarding event.

Some institutions are turning to continuous identity assurance, which assesses trust beyond the onboarding process and during the customer’s entire journey. This is an increasingly recognized reality: identity verification is a process, not just an event to be completed. 

Regulators are watching, too. A 2025 report issued by the U.S. Securities and Exchange Commission (SEC) has said that financial deception, artificial identities, and fake content are a concern for regulators and financial institutions.

For BSFIs, this is an indication of a new era of verification models that continuously measure risk rather than verify identity in a single occurrence.

How Facial Biometrics, Liveness Detection, and Deepfake Detection Verify Real Customers

The framework below illustrates how AFASA Law, BSP Circular 1213, and modern identity verification technologies work together to support fraud prevention and compliance.

Documents alone are not sufficient for modern identity verification.

Facial Biometrics will assist in verifying a person’s identity as claimed. Liveness detection confirms that the individual being verified is present in person, not a photo, recording, or even a video feed.

The role of deepfake detection is to detect signs of fake media and altered content.

These technologies work together to help answer a question that traditional verification methods sometimes cannot address:

Can this identity be confirmed as that of a true, living, and genuine person?

This is especially valuable when fraudsters are seeking new ways to exploit digital onboarding channels and the remote verification process.

The BSFIs can create a robust strategy for identity verification that is resistant to the creation of deepfakes.

How BSFIs Can Build a Deepfake-Resilient Identity Verification Strategy

Building resilience against deepfake-enabled fraud requires a layered approach.

For BSP-supervised institutions, key priorities include:

• Verifying government-issued identity documents.
• Matching individuals to verified identities through biometrics.
• Implementing liveness detection during onboarding.
• Screening for deepfakes and manipulated media.
• Monitoring behavioral and transactional risk indicators.

Together, these measures help institutions strengthen fraud prevention efforts while supporting AFASA Law requirements and broader BSP regulations.

The Future of Identity Verification Under AFASA Law and BSP Regulations

AFASA is sometimes referred to as a fraud prevention law.

It can also be seen in the context of broader changes in the financial system.

The report, published by The Guardian in 2026, reveals that deepfake scams are becoming a growing threat as tools and techniques for creating synthetic identities have become cheaper, faster, and more accessible.

Until recently, the main method of financial institutions was document trust. But the rise of deepfakes, fake identities, and fake content has rendered that approach ineffective. Next, in the fight against fraud, it will be a battle of identity trust.

Financial institutions will be more likely to rely on something more than documents and credentials to establish confidence in the people behind them. Identity verification will be more dynamic, more continuous, and even more aligned to fraud prevention.

The institutions best equipped to make this transition will be those that can keep the lines of communication open and trustworthy in all digital engagements, while maintaining security and complying with regulations.

How Facia Helps Organizations Strengthen Identity Trust

New AFASA Law regulations and BSP Circular 1213 mandate that financial institutions enhance fraud prevention and identity verification. Merely checking documents is insufficient given the rise of deepfakes and AI-generated fraud. Banks must confirm both the identity presented and the person behind it.

Facia supports this shift through facial biometric authentication, passive liveness detection, and DeepLiveness technology. While standard liveness confirms user presence, DeepLiveness adds an additional layer of protection against AI-generated faces and manipulated media, helping institutions strengthen identity trust during digital onboarding and account creation. With a False Acceptance Rate (FAR) of 0.06% and a False Rejection Rate (FRR) of 0.3%, Facia helps organizations strengthen identity trust, support KYC compliance, and build more resilient digital onboarding processes.

See how Facia helps financial institutions verify real identities and combat deepfake fraud. Book a Demo Today.