Economic Sabotage via Financial Account Scamming: Defending Against the AFASA Law in the Philippines
Introduction: why AFASA changed online banking fraud cases
Large-scale online banking fraud in the Philippines increasingly involves syndicates that steal credentials, “rent” bank accounts, and route proceeds through layers of transfers to frustrate tracing and recovery. In response, Republic Act No. 12010, or the Anti-Financial Account Scamming Act (AFASA), created specific crimes for money muling and social engineering schemes, and introduced the elevated classification of economic sabotage with markedly heavier penalties for coordinated or mass-victim operations (R.A. No. 12010, AFASA).
This article explains the criminal exposure for syndicates, how economic sabotage is determined, and how individuals and companies that were unknowingly used (as account holders, payment channels, or counterparties) can structure an early defense and compliance response—especially in light of BSP’s expanded inquiry and information-sharing authority under AFASA (BSP Circular No. 1214, 2025).
Governing laws and regulations
R.A. No. 12010 (AFASA) is the central law defining and penalizing financial account scamming conduct, including money muling, social engineering schemes, and economic sabotage classifications (R.A. No. 12010, AFASA).
BSP Circular No. 1214 (2025) supplies the procedural rules for BSP inquiries into financial accounts suspected of involvement in AFASA violations and for sharing financial account information with other competent authorities (BSP Circular No. 1214, 2025).
BSP Circular No. 1215 (2025) governs the temporary holding of funds for disputed transactions and the coordinated verification process among institutions, which matters for both victims seeking recovery and entities attempting to show good-faith handling of red-flag transfers (BSP Circular No. 1215, 2025).
On the interaction between cybercrime tools and bank confidentiality, the Supreme Court’s discussion in Eastwest Rural Bank v. Philippine National Police Anti-Cybercrime Group, et al., G.R. No. 273720 (2025) is relevant for understanding how “subscriber information” and identifying data may be obtained through cybercrime warrants in investigations, and how AFASA complements investigative authorities in financial cybercrime cases.
What AFASA criminalizes: money muling and social engineering schemes
AFASA identifies two core prohibited acts commonly seen in online banking fraud pipelines.
1) Money muling activities
AFASA treats as a money mule a person who, for the purpose of obtaining, receiving, depositing, transferring, or withdrawing proceeds known to be derived from crimes or social engineering schemes, engages in conduct such as allowing the use of a financial account, opening accounts under fictitious names or using another person’s identity, or buying/selling/renting/lending accounts (R.A. No. 12010, AFASA).
2) Social engineering schemes
AFASA separately penalizes social engineering schemes, described as obtaining another person’s sensitive identifying information through deception or fraud, resulting in unauthorized access and control over the person’s financial account (R.A. No. 12010, AFASA). Typical patterns include impersonating a bank or institution, or using electronic communications to harvest credentials and one-time passwords.
When does AFASA treat it as “economic sabotage”?
AFASA elevates the prohibited acts into economic sabotage when committed under enumerated circumstances. One commonly cited trigger is when the scheme is carried out by a group of three (3) or more persons conspiring or confederating with one another, or when the acts are committed against three (3) or more persons (R.A. No. 12010, AFASA; BSP Circular No. 1214, 2025).
Because AFASA’s economic sabotage category is a penalty escalator, defense planning should focus early on contesting facts used to support the “group/scale/mass victim” finding, while preserving evidence of limited role, lack of coordination, and absence of knowledge.
Criminal penalties under AFASA (including economic sabotage)
AFASA imposes imprisonment and/or fines depending on the act and whether economic sabotage applies:
Money muling activities: imprisonment of not less than six (6) years but not more than eight (8) years, or a fine of at least Php 100,000.00 but not exceeding Php 500,000.00, or both, at the court’s discretion (R.A. No. 12010, AFASA).
Social engineering schemes: imprisonment of not less than ten (10) years but not more than twelve (12) years, or a fine of at least Php 500,000.00 but not exceeding Php 1,000,000.00, or both. Higher penalties apply when the victim is a senior citizen (R.A. No. 12010, AFASA).
Economic sabotage (as defined in AFASA): life imprisonment, or a fine of not less than Php 1,000,000.00 but not exceeding Php 5,000,000.00, or both (R.A. No. 12010, AFASA).
Table: quick view of AFASA exposure
| AFASA conduct | Typical fact pattern | Penalty level |
|---|---|---|
| Money muling | Account used to receive/transfer suspected proceeds; account “rented” or lent; identity used to open account | 6–8 years and/or Php 100,000–500,000 |
| Social engineering | Impersonation, phishing, fraudulent calls/texts to obtain credentials and take control of a victim’s account | 10–12 years and/or Php 500,000–1,000,000 (higher if victim is a senior citizen) |
| Economic sabotage | 3+ conspirators and/or 3+ victims (and other statutory circumstances) | Life imprisonment and/or Php 1,000,000–5,000,000 |
How AFASA affects companies “unknowingly caught” in fraud flows
Many investigations begin with a “trail” account: a personal account used as a pass-through, a payroll account whose credentials were compromised, or a business account that received funds from unknown sources as supposed “payment.” Businesses can become involved where:
- Employees’ accounts are used as pass-through channels (e.g., “we will deposit and you cash out” arrangements);
- A business receives “payment” for goods/services that never existed, then transfers out funds to a supposed supplier;
- The company is a counterparty in multiple small transactions consistent with layering behavior.
AFASA’s design is to capture the account-use layer of the fraud ecosystem. This means a defense for an “unknowing” company usually turns on evidence of absence of knowledge, prompt reporting, and demonstrable internal controls.
BSP inquiry powers and information-sharing: what to expect
AFASA and BSP’s implementing procedures expand the ability of the Bangko Sentral ng Pilipinas to conduct inquiries into financial accounts suspected to be involved in prohibited acts, and to share relevant financial account information with law enforcement and other authorities (BSP Circular No. 1214, 2025). This matters because early “freezing/holding” and account tracing can occur quickly once suspicious transactions are flagged.
Separately, regulated institutions have a mechanism to temporarily hold funds that are subjects of disputed transactions for up to a defined period, using a coordinated verification process (BSP Circular No. 1215, 2025). For legitimate companies, participating in this process—rather than informally “reversing” or re-routing funds—can be important to show good faith and proper handling of possible proceeds.
Investigation tools and bank confidentiality in cybercrime-related probes
In Eastwest Rural Bank v. Philippine National Police Anti-Cybercrime Group, et al., G.R. No. 273720 (2025), the Supreme Court discussed how the Cybercrime Prevention Act’s warrant mechanisms may allow disclosure of certain identifying or subscriber information by banks acting as service providers under a valid court-issued warrant, subject to statutory safeguards. The decision also referenced AFASA’s role in combating financial cybercrimes and the BSP’s authority to seek cybercrime warrants under AFASA in proper cases.
Defense themes for individuals and companies: what matters early
The best outcomes often depend on actions taken within days of discovery, not months later. For companies and individuals asserting they were “unknowingly caught,” the central defense themes tend to be:
1) Lack of knowledge and lack of intent
AFASA money muling centers on using accounts for handling proceeds known to be derived from crimes or social engineering schemes (R.A. No. 12010, AFASA). Evidence that the accused acted as a normal commercial counterparty, with ordinary documentation and no red-flag behavior, can matter.
2) No conspiracy; no “group of 3+” coordination
Where the prosecution theory aims for economic sabotage, contesting alleged coordination is often decisive. In parallel, older “economic sabotage” cases under other statutes show that courts focus on the statutory elements rather than broad policy statements; for instance, People of the Philippines v. Francisco, et al., G.R. No. 106357 (1998) held (in the context of P.D. No. 1689) that statutory requirements control and that the preamble does not add elements beyond what the law states. The same element-focused approach is relevant when evaluating whether AFASA’s economic sabotage circumstances are actually present.
3) Traceability and documentation
Businesses should be ready to produce clean records that explain why money came in and why it moved out, such as contracts, invoices, delivery receipts, correspondence, and internal approvals. Gaps in documentation can be misread as “layering” behavior common in fraud laundering.
4) Timely reporting and cooperation through formal channels
Promptly documenting how the anomaly was discovered, who was notified, and what controls were activated helps establish good faith. If funds are suspected to be tied to fraud, handling should align with the regulated dispute/verification process where applicable (BSP Circular No. 1215, 2025), rather than informal refunds that may later appear as concealment.
Common scenarios and how to respond
Scenario A: A company receives “customer payment,” then is asked to refund to a different account
Risk: This resembles a pass-through mule pattern. If the money is stolen, refunding to a different account can be portrayed as assisting the scheme.
Response: Freeze internal release steps, require identity verification, confirm the original payer’s authority, and route concerns through the bank’s dispute process. Preserve all messages and payment instructions.
Scenario B: An employee’s personal account is used to receive funds for “easy commission”
Risk: This is close to the statutory definition of money muling, especially if the employee was recruited to use an account for receiving and transferring proceeds (R.A. No. 12010, AFASA).
Response: Immediate internal investigation, written incident report, and coordination with the bank for transaction tracing and dispute handling. Consider HR action and compliance retraining.
Scenario C: Multiple victims and patterned transfers appear in the books
Risk: “3 or more victims” and “3 or more conspirators” indicators can push the case toward economic sabotage allegations (R.A. No. 12010, AFASA).
Response: Establish a defensible timeline, isolate suspicious accounts, map inbound/outbound transfers, and preserve logs, CCTV, device access records, and approval workflows.
Action steps for companies: compliance and litigation readiness
- Adopt written controls for incoming funds, refunds, and changes in beneficiary account details; require dual approval for exceptions.
- Implement transaction screening for unusual payment patterns (velocity, repeated small transfers, multiple unrelated senders).
- Train staff on social engineering indicators and on strict “no OTP sharing” policies.
- Create an incident playbook: who to notify, how to preserve evidence, and how to coordinate with the bank under dispute/verification processes (BSP Circular No. 1215, 2025).
- Engage counsel early when law enforcement requests information, when accounts are held, or when the company is named as a recipient/transfer point.
Conclusion: what AFASA means for syndicates and unintended intermediaries
AFASA raises the stakes for organized online banking fraud by expressly criminalizing the account-routing layer (money muling) and credential-theft layer (social engineering), while reserving life imprisonment exposure for cases meeting the law’s economic sabotage conditions (R.A. No. 12010, AFASA). At the same time, the BSP’s inquiry and coordination mechanisms, including temporary holding of disputed funds, increase the speed at which transactions are traced and accounts are scrutinized (BSP Circular No. 1214, 2025; BSP Circular No. 1215, 2025).
For individuals and companies “unknowingly caught,” early defense work should focus on preserving evidence, documenting legitimate commercial basis, showing absence of knowledge and coordination, and using formal dispute and reporting channels. Delay, incomplete records, or informal “refund” behavior can unintentionally strengthen a money mule narrative.
About Nicolas and De Vega Law Offices
Nicolas and de Vega Law Offices is a full-service law firm in the Philippines. You may visit us at the 16th Flr., Suite 1607 AIC Burgundy Empire Tower, ADB Ave., Ortigas Center, 1605 Pasig City, Metro Manila, Philippines. You may also call us at +632 84706126, +632 84706130, +632 84016392 or e-mail us at [email protected]. Visit our website https://ndvlaw.com.

