A Quick Guide on Cross-Border Transactions in the Philippines (Part 2)
Since the previous article already covered the foundational BSP FX regulations, Tax Treaty Relief (RMO 14-2021), and General Choice of Law principles, this revised explainer pivots to the “Next Level” of cross-border execution.
This guide focuses on Anti-Money Laundering (AML) compliance, Data Privacy in global transfers, and the specific nuances of International Service Agreements for Philippine-based entities.
Strategic Continuity: Advanced Compliance in Philippine Cross-Border Operations
For the C-Suite, the initial hurdles of tax and registration are only the beginning. As operations scale, the focus must shift to structural risks that can lead to regulatory “red flags” or operational bottlenecks.
I. AML and “Know Your Customer” (KYC) Protocols
In any cross-border flow, the Philippine entity is a gatekeeper under the Anti-Money Laundering Act of 2001 (Republic Act No. 9160).
- Covered Transactions: CFOs must be aware that any transaction in cash or other equivalent monetary instrument exceeding PHP 500,000.00 within one banking day must be reported by the bank (Section 3(b), RA 9160).
- Beneficial Ownership: Under SEC Memorandum Circular No. 15, Series of 2019, corporations must disclose their “Beneficial Owners.” In cross-border deals, the General Counsel must ensure that the foreign counterparty is not on a “grey list,” as this could lead to the bank freezing the transaction under the “Enhanced Due Diligence” requirements (Part 9, 2018 Implementing Rules and Regulations of the AMLA).
II. The Data Border: Cross-Border Data Transfers
Most cross-border transactions involve the movement of personal data (e.g., employee records, customer databases, or financial KYC). This is governed by the Data Privacy Act of 2012 (Republic Act No. 10173).
- Accountability Principle: The Philippine entity remains responsible for personal information under its control, even if the data is processed by a third party abroad (Section 21, RA 10173).
- Standard Contractual Clauses (SCCs): The National Privacy Commission (NPC) requires “reasonable steps” to ensure the foreign recipient has adequate protection. Practically, this means the General Counsel must embed data protection clauses into the main transaction agreement (NPC Advisory No. 2017-03).
III. Intellectual Property (IP) in Cross-Border Service Contracts
When a Philippine company engages a foreign consultant or software developer, the default legal assumptions about “who owns what” can be dangerous.
- Work for Hire Nuances: Under the Intellectual Property Code of the Philippines (Republic Act No. 8293), if the contract is for a “commissioned work,” the person who commissions the work (the Philippine company) owns the work, but the copyright remains with the creator unless there is a written agreement to the contrary (Section 178.4, RA 8293).
- Technology Transfer Arrangements (TTA): If the transaction involves the transfer of systematic knowledge (e.g., licensing a manufacturing process), it may be classified as a TTA. These must comply with the “Prohibited Clauses” and “Mandatory Provisions” of the IP Code—such as the prohibition on restricting the use of the technology after the contract expires—to be enforceable (Sections 87 and 88, RA 8293).
IV. Practical Scenarios for the Executive Team
Scenario A: Outsourcing Data Processing to a Cloud Provider in the EU
A CFO signs a contract with a German data analytics firm.
- Action: The General Counsel must verify if the German firm provides “comparable levels of protection” as the DPA. A formal Data Sharing Agreement (DSA) should be executed to avoid liability if a breach occurs in the foreign jurisdiction (NPC Circular No. 16-01).
Scenario B: Engaging a Foreign Independent Contractor for IP Creation
A CEO hires a Brazilian designer for a global rebrand.
- Action: Without a specific clause stating “The Contractor hereby assigns all intellectual property rights to the Company,” the designer may retain rights under Philippine law.
Strategic Advice:
- Vetting the “Grey List”: Before engaging a foreign partner, check the FATF (Financial Action Task Force) status of their jurisdiction to anticipate banking delays.
- IP Clauses are Mandatory: Never rely on “common sense” ownership in cross-border deals. Explicitly state that the assignment of IP is “worldwide, perpetual, and irrevocable.”
- NPC Registration: Ensure your Data Protection Officer (DPO) has registered your cross-border processing systems with the NPC.
12 February 2026
About Nicolas and De Vega Law Offices
Nicolas and de Vega Law Offices is a full-service law firm in the Philippines. You may visit us at the 16th Flr., Suite 1607 AIC Burgundy Empire Tower, ADB Ave., Ortigas Center, 1605 Pasig City, Metro Manila, Philippines. You may also call us at +632 84706126, +632 84706130, +632 84016392 or e-mail us at [email protected]. Visit our website https://ndvlaw.com.

