‘Signing away liability shouldn’t be an option’

By ZAKIAH KOYA and FAZLEENA AZIZ

PETALING JAYA: As financial institutions come under scrutiny amid rampant fraud, they should not be allowed to “contract out” of their responsibilities in their fine print, warn experts.

They said allowing banks to contract out – or formally opt out of an official plan – would dismiss the rights of consumers under common law.

Their comments were in response to the recent statement by Bank Negara Malaysia that financial institutions will bear full responsibility for fraud losses resulting from unauthorised transactions that are solely caused by lapses in their security controls.

Prime Minister Datuk Seri Anwar Ibrahim had previously said that banks must reimburse victims if the institutions were found to be negligent in scams.

Lawyer and cybersecurity law expert Derek Fernandez said financial institutions often contract out of liability with all kinds of exemption or limitation of liability clauses, which customers have no way of negotiating.

“When it comes to critical services, freedom to contract does not really exist from a consumer protection point of view, thus mandating new laws or additional licence conditions.

“From a regulatory perspective, many institutions use contracts their customers must agree to in order to operate a banking facility or other essential services, limiting their liability to compensate their customer by contract.

“The public must have a statutory right to be protected that cannot be contracted out of,” he said.

Fernandez said this should extend to incorporation as a licence condition that reasonable care and best efforts are made to protect their customers from fraud.

“Furthermore, no terms of service should be allowed to contradict this. Section 263 of the Communications and Multimedia Act provides a general statutory duty of care on all licensees.

“It is, therefore, necessary that in all critical national information infrastructure sectors and services, the government imposes strong statutory and licensing intervention to protect the public and the consumer.

“This will ensure proper cybersecurity resources are invested by those who profit the most from digitalisation.”

Compensation to customers, Fernandez said, should be on a full indemnity basis if institutions have not exercised reasonable care, and for this reason, mandatory digital insurance should be imposed at no extra cost to the consumer.

“This fund can be managed by regulatory authorities as part of the condition for financial institutions to continue operations.

“There must also be transparency in regulatory measures that these institutions must abide by so the public know their rights,” said Fernandez.

He also called on financial institutions to sufficiently update themselves with robust technology covering threat intelligence and fraud detection systems that employ the latest features.

Federation of Malaysian Consumers Associations (Fomca) chief executive officer Dr Saravanan Thambirajah said consumers are often left in a precarious position when they have to prove their innocence or face financial loss.

“Fomca has received numerous complaints from consumers about unauthorised transactions and fraud involving banks and financial institutions, including instances of phishing scams, compromised online banking accounts, and fraudulent card transactions.“Many of these complaints highlight delays or outright rejections by banks in reimbursing affected consumers.

“This decision addresses a longstanding grievance by ensuring banks are held accountable for safeguarding consumer funds and data,” he said.

Saravanan said there should be a clear reporting mechanism, timely investigation and reimbursement, penalty for non-compliance, and regular security audits by Bank Negara.

Sunway University economics professor Dr Yeah Kim Leng agreed that there should be regular security audits by third parties, liability, and compensation policies.

“Enhanced transaction-monitoring, collaboration and information-sharing are needed to ensure compliance.

“This should be on top of mandatory security standards such as implementing multifactor authentication, end-to-end encryption, and secure software development practices.“Other requirements include having a fraud risk management framework covering detection, prevention, response, and recovery mechanisms.

“Such efforts are needed to ensure adequate consumer protection against the growing menace of scams and frauds,” he said.

This way, Prof Yeah added, financial institutions would be motivated to invest in stronger cybersecurity frameworks and technologies to prevent fraud.

“It will also act as a deterrent against negligence as well as discourage complacency in maintaining and upgrading security systems,” he said.

×
Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Financial Institutions , Scams , Fraud , Bank Negara

   

Report it to us.

Next In Nation
TNB’s monopole towers light up Penang Bridge
More than 140 police personnel sacked in 2024, says Bukit Aman
Transport Ministry to collaborate with MACC on Puspakom investigation
Bidding for Putrajaya's FG series plates open till Jan 6
Two additional ETS trains to ply KL-Padang Besar route over CNY period
Organisers to fully cooperate with cops over deaths of four at New Year concert
Two SPM candidates in Selangor sit for exams in prison
Kedah floods: RM500 aid for affected households, including non-evacuees
Famous comedian sentenced to six-month imprisonment in Saudi Arabia
Don’t hesitate to enforce the law, Loke tells JPJ

Trending in News

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.