RBI moves to Raise Banking Risk In India
Posted on February 10th, 2013
Indian Banking industry is already reeling under the increasing Cyber Crime risks. The recent US $ 200 million Credit card fraud exposed in USA and a series of Bank frauds in RTGS and NEFT systems have exposed that the Banking system in India is lacking the fundamental ingredient of “Safety”. The much hyped “OTP” system has failed. The legal system which endorses the use of “Digital Signatures” is being ignored by rogue Banks and RBI has not been able to bring such Banks to the right tracks.
The Judiciary had an option to bring Banks to track and the adjudication verdict in the case of S.Umashankar Vs ICICI Bank in Chennai had paved the way for reforms in E Banking security through judicial intervention. However, the erring Banks conspired with the regulators in the Government of India and removed the functionality of the Cyber Appellate Tribunal which was a key judicial authority for examining the E Banking related frauds through the eye of ITA 2000/8. Additionally some Banks conspired to hit at the adjudication system itself and with obliging IT Secretaries such as the one in Karnataka shut off the adjudication option for E Banking victims. Similarly they have ensured that the ombudsman of RBI does not come to the assistance of E Banking victims by getting some key provisions of the Bankign Ombudsman scheme amended.
RBI has not been able to make intended changes though they did put in efforts through the G Gopalakrishna Working Group report (GGWG Report on E Banking Security) and Damodaran Committee report on Customer Service. However, rogue Banks who want to propfiteer from technology even at the expense of security of banking have through the institution of Indian Banks Association challenged the RBI and prevented it from notifying Damodaran Committee recommendations and going slow on the implementation of GGWG recommendations.
In this background the Reserve Bank of India has now released a discussion paper on a plan to disincentivise usage of cheques. Public have been asked to send their comments before February 28, 2012.
Disincentivisation of cheques automatically means greater push to the elecronic banking along with the attendant risks.
It is my observation that the risks in Electronic Banking in India have not so far been adequately addressed by Banks I therefore feel that the time is not ripe to push Indian Bank customers towards a forced adoption of E Banking. This may lead to higher risks in Banking and the responsibility for further endangering the Indian Banking system will be on RBI.
Public comments for the discussion paper are to be submitted before February 28, 2013.
I will be submitting my views through Naavi.org.
I urge public to also submit their response on whether the use of cheques need to be disincentivised by positive action or be left to market forces.
Reserve Bank of India
With reference to the discussion paper released by RBI for public comments on January 31, 2013, I am submitting my views on the subject for due consideration.
RBI is the Central Banking Authority in India and is also responsible for the regulation of the Indian Banking system. “Regulation” is not “Promotion” and hence the policies supported actively by RBI has to ensure that Banking is carried out by licensed Bankers in a manner that is beneficial to the citizens of India.
There are other organizations such as Indian Banking Association (IBA) who have a different role which may include lobbying for the commercial interests of the Banks. At no point of time RBI should become a tool in the hands of the commercial Banks for profiteering.
The proposed policy of “Disincentivisation” of the use of Cheques by Indian Banks has to be therefore viewed in the context of the responsibilities of RBI for “Regulation” and should not be viewed with the promotional interests of the commercial banks or the technological developments in the globe.
“Disincetivisation of the use of cheques” means “use of the statutory powers vested with RBI for the promotion of electronic forms of banking in India”.
The discussion paper has clearly indicated that the main objective of the proposed policy is to shift the customer preference from “Cheques” to “NEFT/RTGS” while handling payments in the banking system and also to move from personal withdrawals at the Banking counter to ATMs. NEFT, RTGS and ATM are the E-Channels that RBI is intending the customers to use. This also indirectly promotes the use of “Debit Cards” which interalia promotes the sister product of “Credit cards”.
Hence the “Disincentivisation of use of cheques” is directly equivalent to the “Incentivisation of E Channels of Banking”.
RBI by adopting this policy will be considered solely responsible for the consequences that follow this shift of Indian Banking to the E Banking environment.
If therefore E Banking in India is fraught with higher risks, then RBI will be considered as pushing the Indian Banking customer towards higher risks in Banking.
Secure E Banking has been in discussion for some time in India and RBI will have to admit that the current situation of E Banking security in India is grave. Not only that there are over Rs 8000 crores of E Banking frauds each year in India, RBI and the Banks are guilty of not informing the public about the actual E Banking losses in the country. This is a “Fraud” on the Indian Banking public.
The S.R.Mittal Group on Internet Banking and the guidelines which followed in 2001 required Banks to assume Cyber Fraud risks and obtain insurance to cover their own risks. This was never implemented and RBI remained a silent spectator.
G.Gopalakrishna Working Group (GGWG) of RBI endorsed the previous Internet Banking guidelines in 2011 and suggested several security measures to be followed by Banks. RBI has not effectively followed the implementation of these guidelines also except for asking a few questions during the RBI inspections.
RBI has not made any public disclosure of the status of the implementation of GGWG recommendations in Banks though two years have passed since then. The annual reports of Banks in 2012 ought to have indicated the status of implementation in each Banks and I am not aware of any significant disclosures in this regard so far. I am not hopeful that the March 31, 2013 annual reports are likely show any improvements.
The Damodaran Committee on Customer service in Banks made many significant recommendations regarding the use of Internet Banking and ATMs. RBI has not so far notified the recommendations and the perception is that RBI is holding back on the recommendations because of the pressure from IBA. This itself is an “anti consumer” action of RBI which it has failed to explain.
Before issuing the discussion paper, it was imperative that RBI makes a public disclosure on the status of “E Banking security in India” including the mobile banking introduced recently by some Banks.
The recent cyber crimes reported in the country have indicated that Banks are conducting illegal banking by ignoring the need to use “Digital Signature” as a replacement of “physical signatures”.
RBI has allowed the illegal banking system to prevail which is a failure of its constitutional duty to ensure prevalence of a legal banking system in India.
OTP system on which RBI has placed faith is not able to prevent occurrence of frauds since it is dependent heavily on the KYC system in the Mobile industry on which RBI has no control. Now RBI is also trying to rely on the Aadhar system which again is yet to pass the legal validity test.
Since “Disincentivisation of the use of cheques” is equivalent to “Incentivisation of the use of E Banking” and RBI has failed to ensure the legal functioning of the E Banking nor able to provide insurance to the Bank customers against E Banking frauds either through its own as say an E Banking Fraud Guarantee scheme or through the insurance which Banks had to obtain as per the Internet Banking guidelines of 2001, the current move is not keeping with the constitutional responsibility of RBI to ensure that Indian Banking system is safe and legal.
The very concept of “Disincentivisng” an age old Banking practice of the use of cheques which are considered as a “Negotiable Instrument” capable of creating a “Holder in Due Course” in business transactions is against the mission of vision of RBI. Additionally if it is promoting “Unsafe Banking”, the concept amounts to colluding with Banks and assisting in their profiteering ambitions against the interests of the common man.
The discussion is therefore against the constitutional obligations of RBI and has to be dropped.
If Banks propose to use technology, RBI must worry about the security risks and how they are addressed before each new technological innovation is permitted. RBI should take its role as a “Regulator” seriously and should keep itself far from the role of “Promotion”. At present RBI has done enough for “Technology Enablement” and the rest of promotion is for Banks and IBA to do and not for RBI. Disincentivisation is a direct interference by the regulator and is unethical and illegal.
Technology should be adopted by the community on its own and after the understanding of the risks in full. At present Indian Banking community is not ready to absorb Technology and already Bankers are pushing Debit cards and ATM transactions as default banking practices. Internet Banking is offered on the basis of a “Tick” mark in a corner of an application form. There are many customers of Indian Banks who are still using thumb impressions as their signatures since they are illiterate. Such persons cannot understand the implications of “Direct transfer” or “ATM withdrawals” as much as they can understand the “Cheque”.
By trying to avoid the use of cheques beneficiaries of cheques are denied the statutory right to be “Holders in Due Course” as per the Negotiable Instruments Act, against their wish and by regulatory interference. This amounts to denial of statutory rights by an administrative interference and is illegal.
By trying to move customers from “Signature based physical instruments” to “No digital signature based electronic messages”, the move acts contrary to Information Technology Act 2000/8 as well as RBI’s own banking instructions of the past and hence is illegal and unacceptable.
I am sure that RBI has not made any survey of “Illiterate” and “Semi literate” (those who can sign only and not read or write) customers in the country as well as “Technology illiterate” (Those who can write and read English or other languages but are unaware of cyber crime risks) before releasing the discussion paper.
Hence the discussion of “Disincentivisation” should be considered unethical and unacceptable ab-initio.
..To be continued
(This is part of a draft letter to be sent to RBI and has been released so as to stimulate discussion. Last date for submission of comments for the discussion paper is 28th February 2013. Please refer to my previous article for more information on the discussion paper and how to send your views.)