On 16 February 2021, President Rodrigo Duterte signed Republic Act No. 11523 or the Financial Institutions Strategic Transfer Act (“FIST Act”). The FIST Act allows financial institutions (FIs), including the Bangko Sentral ng Pilipinas (BSP), banks, financing companies, investment houses, lending companies, insurance companies, government financial institutions, government-owned or -controlled corporations, and other institutions licensed by the BSP to perform quasi-banking functions and credit-granting activities, to offload non-performing loans and other bad assets to a Financial Institutions Strategic Transfer Corporation (FISTC). The law took effect on 22 February 2021.

The Philippine National Privacy Commission (NPC) recently issued NPC Circular No. 2020-03 on Data Sharing Agreements (Circular). The Circular applies to the disclosure of personal data from a personal information controller (PIC) to another PIC. It likewise applies to personal data that is consolidated by several PICs and shared or made available to each other and/or to one or more PICs. It excludes outsourcing or subcontracting arrangements between a PIC and a personal information processor (PIP).

The Philippine National Privacy Commission (NPC) recently issued NPC Circular No. 2020-02 on the Rules on the Issuance of Cease and Desist Orders (Circular). The Circular applies to all applications for a Cease-and- Desist Order (CDO) on the processing of personal data and other matters cognizable by the NPC.