Chapter VI of the GGWG deals with Cyber Frauds. Some of the recommendations of this group overlaps with recommendations on Customer Education and also on Legal issues. Comments on some of the key recommendations are given below.

Regarding Small Frauds:

Currently, RBI is only focussing on large frauds which arise out of loans and advances. What is being neglected is frauds including cyber crimes committed with or without the assistance of bank staff and with or without negligence of banks.

These small frauds affect common people. Cyber Criminals have been trying to adopt a strategy of effecting small amount frauds on large number of people so that the intensity of follow up is low. After introduction of mobile banking there will be more such micro frauds. RBI and the Banks cannot ignore the incidence of such frauds.

There is a need for RBI therefore to create a separate infrastructure for prevention, detection and resolution of small frauds issues.
Banks have been ignoring the S R Mittal Group recommendation on obtaining insurance for frauds. RBI should penalize Banks for not covering themselves with insurance. With or without insurance, any innocent victim of a Bank fraud should be protected from the loss by the Bank.

Regarding CIBIL/DRT:

Functioning of CIBIL has not been in accordance with the Privacy norms accepted world wide. Often honest Customers are penalized by a Bank reporting the credit and not reporting repayments. Accountability should be fixed for such lapses.

Every customer whose data is shared with CIBIL should be individually informed of the data shared and should be provided continuous free access to the information in CIBIL hands so that its accuracy can be checked directly by the data owner.

In case the data owner reports any errors, there should be a system in place to correct the inaccuracies.

There are many instances of Banks misusing DRT and trying to knock of immovable properties in collusion with criminals.
RBI does not have a proper mechanism to control the misuse of DRT. A solution should be found for this menace of Banks committing frauds on Customers.

Similar frauds are committed by Banks on personal loan customers and credit card customers. “Fraud Management” at RBI should take such frauds also into consideration.

RBI may for this purpose dedicate an officer who can act as an “Ombudsman for Loan Disputes”

Regarding Transaction Alerts

Generating transaction alerts as a part of “Risk Maangement” is an issue which reflects the weaknesses in the bankign software system. Software suppliers must be held responsible for providing regular updates in terms of fraud management and legal compliance. Current software supplied by otherwise reputed brands are deficient in this respect and a time bound plan to replace such software should be initiated.

Fraud Reporting System:

RBI has been lenient on Banks defaulting in providing appropriate FMR returns. Situation should be corrected with some penalties for improper or lack of reporting.

The Board should be held responsible for non reporting of frauds as per RBI guidelines.

Where there is more than one Bank which is involved the fraud reporting mechanism can include reporting from both ends with appropriate mechanism for marking contra. This would help in the identification of lack of reporting by any of the banks and the resposnible official should be penalized.

In all events of frauds in the Banking system, it is the bank which should file a Police complaint with or without the customer also filing a report. This has been the suggestion of the earlier Fraud guidelines from RBI and often not implemented in practice. Any Branch manager who fails to file a police complaint in respect of any fraud reported by either a Phishing victim or a Credit Card victims should be penalized.

Dealing with Fraud Proceeds in the hands of the Bank
Often frauds result in mondy from one customer of the bank to be transferred to another customer of the same Bank or another Bank. In such cases, Banks cannot enrich themselves with the residual fraud proceeds.  There is no excuse for retaining any part of the money identified as fraud proceeds. Though Banks and RBI may not like it, keeping stolen property is always an offence and such act will expose the personnel of Banks to a criminal liability. Hence the procedure should be to check if the complainant is an innocent victim who has suffered a wrongful loss and immediately return the money transferred from his account. Bank should hold the liability on its own account until recovery is made through insurance or from the end fraudster who has used the Bank as a conduit for committing the fraud.

Responsibility for filing Complaint etc:

Customer who has suffered a loss is having a Banker-Customer relationship with one bank which should alone deal with the issue. Customer cannot be expected to run behind other Banks except when he launches a recovery proceeding against them.

Some of the requirements under Cyber Frauds have a relation with the comments made in detail under the chapter on “Legal issues”.

RBI cannot give any instructions that is contrarian to legally accepted norms and should be vary of suggesting a rigid system when it comes to dealing with the complainant or the law enforcement agencies. This may lead to Bank officials committing violations of law under the mistaken impression that their act is sanctioned by or mandated by RBI. In such cases, RBI itslef may be exposed to the risk of being held liable for legally untenable procedures.

Naavi of Naavi.org

Be Sociable, Share!