Kissflow said Philippine banks are facing growing pressure to automate compliance workflows as regulatory updates increasingly require system changes, stronger fraud controls, and faster coordination across business and technology teams.
This pressure is becoming more visible as the Bangko Sentral ng Pilipinas (BSP) strengthens expectations around digital financial services.
Under BSP Circular No. 1213, covered BSP-supervised financial institutions are required to implement stronger fraud management systems, limit the use of interceptable authentication mechanisms such as SMS and email OTPs, and adopt strong authentication mechanisms for complex electronic services and high-value online transactions.
The BSP is also looking at prudential requirements for technology-driven rural banks, with a proposed circular recognizing fully digital onboarding as an indicator of complexity and introducing a 30% threshold for customers outside a rural bank’s physical area of operations.

In an exclusive interview with FintechNewsPh, Rakesh Nandakumar, Associate Vice President, APAC at Kissflow, and Michael Pagsisihan, Country Leader at Kissflow, said the challenge for banks is not only understanding new regulations, but executing the operational changes required to comply with them.
Legacy systems are slowing compliance execution
Pagsisihan said Philippine banks are operating in a strong regulatory environment, but the difficulty lies in quickly adapting internal systems and workflows to new requirements.

He noted that many legacy banks continue to run on older technology, where workflows are often embedded directly into core banking, anti-money laundering, cybersecurity, and other systems. This creates siloed data and complex coordination across vendors, partners, and internal teams.
For banks, that means even a single regulatory change can trigger multiple operational requirements: updating internal processes, adjusting workflows, coordinating with technology providers, and ensuring that business units can meet reporting or response timelines.
The result is a time-to-market problem for compliance.
Pagsisihan said banks need to respond to regulatory changes faster, but their technology environments are often not designed for that speed. Instead, compliance teams, IT teams, operations teams, and customer-facing units may all be working across separate systems that do not easily connect.
Nandakumar added that IT teams in banks are already balancing two major responsibilities: running the bank and innovating the bank. On one side, IT must keep daily operations stable. On the other, it is expected to support major transformation projects such as core banking upgrades, new credit systems, mobile app enhancements, and digital channel improvements.
At the same time, business units continue to request smaller workflow changes and process automation. According to the executives, this is where IT becomes a bottleneck, as compliance and operational requests compete with larger enterprise technology priorities.
Low-code can connect fragmented banking workflows
For Kissflow, low-code platforms can help banks address this execution gap by allowing institutions to build and adjust workflows faster without removing IT oversight.
Pagsisihan described Kissflow’s role as a layer that connects fragmented systems across the banking organization. In fraud management, for example, banks may need to coordinate across fraud detection platforms, AMLA systems, contact center tools, transaction monitoring systems, core banking data, mobile apps, and web portals.
He said the challenge is not only detecting suspicious activity, but ensuring that the entire response process is coordinated and traceable. This includes reporting, ticketing, notifications, service-level agreements, approvals, account actions, customer response, and regulatory reporting.
Without automation, these steps may still rely on emails, spreadsheets, phone calls, and manual coordination. That creates delays and weakens visibility into who acted, when the request was raised, how long approval took, and what action was completed.
Nandakumar said workflows such as approvals, reporting, fraud escalation, transaction monitoring, and data collection are among the processes that banks can prioritize for automation. Approval workflows, in particular, are important because they create a record of request history, turnaround time, and process ownership.
Pagsisihan said banks should prioritize automation based on business and operational outcomes. These may include revenue, profitability, customer experience, reputation risk, and compliance standards. Instead of automating for the sake of automation, he said banks should identify the problem, define what needs to be measured, and focus on high-impact processes first.
Citizen development still needs IT governance
The discussion also touched on citizen development, or the ability of non-IT teams to build or adapt workflows using governed low-code tools.
Nandakumar said citizen development should not be treated as a business-only program. Instead, it should be run by IT, with business teams enabled to solve smaller workflow problems within a controlled framework.
He said banks need a Center of Excellence to manage the program, validate applications, set standards, and define which types of workflows business users can build. This helps prevent shadow IT, where teams create their own tools outside formal technology governance.
According to Nandakumar, banks need clear app zoning to determine whether a workflow can be fully built by citizen developers, limited to certain users, restricted, or kept entirely within IT control.
Pagsisihan said this model allows IT and business teams to coexist in driving innovation. IT maintains governance, security, auditability, and platform control, while business teams closest to the operational problem can help build or modify workflows more quickly.
This balance is becoming more important as banks face pressure from regulators, digital-only competitors, fintech companies, and non-bank financial institutions.
Banks need to move from reactive to proactive compliance
For banks operating across multiple markets, Nandakumar said workflow platforms also need to support local regulatory differences. He cited dynamic forms that can adjust fields, language, and process steps depending on user location or market requirements.
This flexibility can help banks standardize their internal processes while still adapting to local rules across APAC markets.
Looking ahead, the Kissflow executives said Philippine banks need to shift from reactive compliance to a more proactive operating model.
Pagsisihan said regulatory compliance should not be viewed only as the responsibility of compliance teams. Instead, banks need to see it as a value chain that can run from customer-facing channels to core banking systems, requiring collaboration across departments.
He said leadership buy-in is necessary to break silos across processes and data. Banks also need to take an honest look at whether their current systems allow them to respond quickly to regulatory changes.
Nandakumar said banks cannot predict every regulatory change that may come, but they can prepare their organizations to adapt faster. This requires technology that reduces implementation effort, a culture that supports change, and more people across the organization who can help solve operational problems.
For Philippine banks, the compliance challenge is no longer only about meeting the next regulatory deadline. It is about building the internal capacity to respond continuously as rules, fraud risks, and customer expectations evolve.
