18/12/2025
The (SC) has held that while financial details of bank deposits remain confidential, the Cybercrime Prevention Act allows disclosure of bank account holder information for cybercrime investigations.
In a Decision written by Associate Justice Ramon Paul L. Hernando, the SCโs First Division denied the petition filed by EastWest Rural Bank (EastWest), which questioned the warrant to disclose computer data (WDCD) issued by the court and the subsequent Disclosure Order issued by the Philippine National Police Anti-Cybercrime Group (PNP-ACG) which required EastWest to disclose bank account holder information.
This EastWest bank account holder information sought to be disclosed is the account where Leonard Vendiolaโs money was transferred after he was scammed by a caller posing as a bank employee.
Vendiola reported to the PNP-ACG that a caller who introduced herself as a bank employee deceived him by promising rewards contingent to disclosing his email and one-time password. When he checked his bank account, he discovered that an amount of PHP 10,000 was transferred to an EastWest account.
PNP-ACG applied for a WDCD to identify the EastWest account holder involved in the alleged scam. This was granted by the Regional Trial Court which authorized the PNP-ACG to compel EastWest to disclose and preserve data relating to the account holder. Pursuant to this, the PNP-ACG issued a Disclosure Order to EastWest.
EastWest filed a petition with the Court of Appeals challenging the WDCD and arguing that the Bank Secrecy Law prohibits banks from revealing any information about bank deposits, including the identity of the account holder. It maintained that this rule remains in force because it was not repealed by the Cybercrime Prevention Act.
EastWest also asserted that it should not be subject to the Cybercrime lawโs disclosure rules because it is a financial institution rather than a communications service provider.
The SC rejected these arguments and upheld the validity of the WDCD and Disclosure Order.
The SC clarified that while the Bank Secrecy Law protects the confidentiality of bank deposits and their financial details, it does not prevent the disclosure of basic identifying information when allowed by law. Under the Cybercrime Prevention Act, law enforcement agencies may, with a court-issued warrant, require the disclosure of computer data necessary to investigate cybercrime offenses.
The SC ruled that EastWest is considered a service provider under the Cybercrime Prevention Act because their digital banking services, such as online banking platforms, mobile applications, and automated email notifications, allow customers to communicate and transact through computer systems. As a banking institution, EastWest also processes and stores substantial amounts of computer data both in the course of its operations and on behalf of its customers, placing it within the lawโs coverage for the disclosure of computer data when authorized by a court-issued warrant.
Read the full text of the press release at http://sc.judiciary.gov.ph/?p=157653
Read the full text of the Decision at http://sc.judiciary.gov.ph/?p=157646
Copying of this content is subject to the SC PIOโs Credit Attribution Policy: https://sc.judiciary.gov.ph/credit-attribution-policy/.
