The Bangko Sentral ng Pilipinas approved a memorandum on June 5 that draws a hard line few other Southeast Asian central banks have been willing to draw so explicitly: no licensed Philippine virtual asset service provider may list or support anonymity-enhancing virtual assets, the category of tokens built specifically to obscure sender, receiver, and transaction amount from blockchain analysis. Memorandum No. M-2026-023, signed by BSP Deputy Governor Lyn Javier, doesn’t name individual tokens, but the description matches the privacy-coin category that includes assets like Monero and Zcash, projects whose entire value proposition has always been the transactional opacity that now makes them incompatible with BSP’s anti-money-laundering expectations.
The privacy-coin ban is the most attention-grabbing piece of the memorandum, but it’s actually one part of a broader six-pillar due diligence framework BSP is now requiring every VASP to run before listing any virtual asset at all, not just before excluding privacy coins specifically. The six pillars: the issuer’s background, including registration, ownership structure, and fitness checks on the people running the project; market capitalization and maturity, assessed through trading volume and how many reputable exchanges already support the asset; use case, requiring VASPs to actually read whitepapers and categorize what a token is for, whether that’s a stablecoin, a utility token, or a governance token; transparency, traceability, and security, covering the underlying blockchain’s consensus mechanism and whether its smart contracts have been audited; redemption, liquidity, and reserves, mainly relevant for stablecoins and asset-backed tokens; and legal and regulatory compliance across whatever jurisdictions the asset touches.
That last requirement isn’t a one-time check. BSP is also requiring VASPs to keep monitoring every asset they’ve already listed, not just new listings, and to set internal thresholds that can trigger a suspension or delisting later if conditions change. The memorandum spells out four categories that can force a delisting: consumer protection violations, adverse market developments, legal non-compliance, and cybersecurity threats. In practice, that means a token a Philippine exchange listed safely two years ago could be pulled today if, for instance, its underlying project gets hit with a serious exploit or a regulator somewhere else formally classifies it as a security without registration.
The timing fits a pattern BSP has been building for over a year. The central bank has spent 2026 tightening the operational side of digital finance generally, forcing every supervised bank and e-wallet toward stronger authentication and standardized payment rails, and this memorandum extends that same instinct, protect the plumbing before worrying about growth, into which specific crypto assets are even allowed on regulated Philippine platforms in the first place. It also lands only weeks after the SEC’s own CASP framework moved from advisory to active enforcement against unregistered offshore exchanges, meaning Filipino crypto users are now navigating two separate, newly muscular regulators at once: the SEC deciding who can operate a platform, and BSP now deciding what that platform is allowed to sell once it’s operating.
For the VASPs actually affected, principally Coins.ph and PDAX, the six-pillar framework is a real operational lift. Running issuer background checks, monitoring liquidity and reserve composition, and reassessing every listed asset against four possible delisting triggers on an ongoing basis requires compliance headcount that a two-sided crypto exchange serving retail Filipino users hasn’t historically needed to carry. It’s a similar dynamic to what happened in traditional Philippine banking after BSP tightened digital banking and fraud-prevention rules earlier this year: the rules are defensible on their own terms, but they systematically favor incumbents with the balance sheet to absorb the compliance cost, and raise the bar for any new VASP trying to enter the market from scratch.
There’s a narrower but real cost to ordinary users too. Privacy coins have legitimate uses beyond money laundering, financial privacy for people in genuinely sensitive situations, protection from having every transaction permanently visible to anyone who looks up a wallet address, but BSP’s memorandum doesn’t carve out any exception for that. Filipino users who want that kind of privacy will now need an offshore, unregistered platform to get it, which is precisely the category of platform the SEC has spent the past eight months trying to push Filipino traders away from. The two policies, taken together, are internally consistent from a regulator’s perspective, but they leave privacy-conscious users with essentially no compliant local option.
What happens next depends on how strictly BSP actually enforces the ongoing-monitoring half of the memorandum. A one-time privacy-coin ban is easy to check and easy to verify. Continuous re-evaluation of every listed asset against six pillars and four delisting triggers is a much harder thing to audit from outside, and will say more about whether this memorandum represents a genuine shift in how seriously BSP polices its licensed VASPs, or another well-drafted rule that gets selectively enforced once the initial compliance sweep is over.
Share this article