FINTECH: INCLUSION OF TRENDS IN BANK FRAUDS

I. Model shift in the banking sector

Globalisation and liberalization have made a paradigm shift in the international and domestic market but has also hugely affected the banking services and its standards. The banks gradually shifted to more interactive and lucrative approach towards the customers while also challenging the conventional banking norms eventually leading to the concept of “convenience banking” making the customer king of banking services. Internet, being a growing trend with a strong footing in the Indian territory, banks used this tool as an opportunity to widen its functions to e-cheques, ATM, Credit card, electronic fund transfer (EFT), electronic data interchange, real-time gross settlement, cash management, debit card, mobile banking, electronic cash, digital wallet, and many other services. To secure “convenience banking” they inclined towards developing security standards for more safe and effective banking experience including digital certificate, digital signatures, data encryption standards, voice recognition and various biometric methods. Such extensive range of non – traditional assistance provided by banking institutions leaves a lot of room for loopholes in the already existing security and legal framework making it easier for the fraudsters to swoop in exhibiting loss to personal data of the customers.

II. Introduction to Fintech

The recent development of Fintech when coupled with such non-conventional services confronts us with the reality of cyber laws in India. Fintech or Financial technology is a cusp of revolutions which require a substantial framework for its regulation. For regulating such rapidly evolving innovations in financial sector the Financial Stability and Development Council – Sub Committee (FSDC-SC) in its meeting held on April 26, 2016, worked towards establishing a Working committee to look into the Fintech scenario. Reserve bank of India to comply with the findings arrived in the meeting proposed setting up of a Working Committee represented by RBI, IRDA, SEBI, PFREDA, other agencies along with various Fintech companies and agencies. Fintech is defined by RBI as Fintech is broadly an omnibus term used to describe emerging technological innovations in the financial services sector, with ever-increasing reliance on information technology. Commencing as a term referring to the backend technology used by large financial institutions, it has expanded to include technological innovation in the financial sector, including innovations in financial literacy and education, retail banking, investments, etc.[1]

III. Legal Challenges

A challenging facet of incorporating Fintech in providing real-time facilities to consumers is personal data protection. Protection from unauthorized individuals to exploit data provided by customers to banks for their own benefit is a newer concept when it comes to the classification of offences. Buying and selling of personal data are prevalent more than ever due to the lack of appropriate legislation to consider such an act as a punishable offence. Unwarranted use of personal data may not seem to be harmful in first glance but the problem is a lot trickier than it seems. Before that, the term data protection has to be properly understood. According to black’s law dictionary personal refers “Of or affecting a person (personal injury), Of or constituting personal property[2] data protections refers “Any method of securing information, esp. information stored on a computer, from being either physically lost or seen by an unauthorized person”[3]. RBI while establishing the regulatory framework of the working committee focused on incorporating the idea of identifying and classifying the levels of sensitivity of personal data according to which the scheme for protection can be decided as well as to adhere to safe transaction principles (STP) namely confidentiality, integrity and availability together known as CIA triad. The CIA triad was an apt option for the early years but the new trends in technology have been evolving and thus have also included authenticity, non-repudiation, and accountability in addition to the confidentiality, integrity and availability. Negligence of these basic concepts may lead to data leakage and monetary loss[4]. Such immoral acts causing monetary loss and data leakage can be termed as frauds but are not included under “bank frauds”

IV. Relation with Bank Frauds

“Bank frauds” is defined as “The criminal offence of knowingly executing or attempting to execute, a scheme or artifice to defraud a financial institution or to obtain property owned by or under the control of a financial institution, by means of false or fraudulent pretences, representations, or promises (USCA§ 1344).”[5] The demarcation of the scope of bank frauds may not be exhaustive but is also not inclusive of the broad spectrum of Fintech which is prone to attacks. The legislation provides with a general perspective; under the criminal law that is Indian penal code 1860 does not specifically define ‘fraud’ or ‘bank fraud’. Under the Civil Law namely Indian Contract Act 1872 considerable explanation of ‘fraud’ has been provided whereas under the law of torts civil wrong of fraud and deceit is extensively defined. In order to have uniformity in reporting, frauds have been classified by Reserve Bank of India as under, based mainly on the provisions of the Indian Penal Code:

  a) Misappropriation and criminal breach of trust.

  b) Fraudulent encashment through forged instruments, manipulation of books of account or through fictitious accounts and conversion of property.

  c) Unauthorized credit facilities extended for reward or for illegal gratification.

  d) Negligence and cash shortages.

  e) Cheating and forgery.

  f) Irregularities in foreign exchange transactions.

  g) Any other type of fraud not coming under the specific heads as above.[6]

Whereas under Section 43A[7] of the information technology act 2000 imposes responsibility on the “body corporate” which possess the sensitive personal data hence failed to define sensitive personal data. Section 72A[8] provides for punishment of information in breach of lawful contract and compensation for the breach of contract. The term ‘reasonable security practice and procedure’  in section 43  is left with a vague interpretation hence drawing liability is only a legal relationship, making the existence of a legal relationship as a prior necessity. Whereas section 79 (added in 2008 amendment) of the act makes the intermediaries responsible for having due diligence in handling the third-party information, data or communication link available or hosted by him[9].

V. Conclusion

These definitions only provide with an overall view of what constitutes as fraud, which may include the necessary aspect of bank frauds needless to say all these definitions are not precise when it comes to the need of having adequate solutions for the materializing problem of cybersecurity. These definitions may seem to be obsolete in comparison to the acts of fraud committed in the 21^st century since the inclusion of Fintech. Bank fraud should not only be confined within the boundaries of core functions of the banking system but should also leave enough room to include such frauds and data leakage which are being committed by outsiders affecting the customers.

_______________________________________________________________________

References

[1] Report of the Working Group on FinTech and Digital Banking, RESERVE BANK OF INDIA ( Feb. 12, 2020, 10:04 AM),

https://rbidocs.rbi.org.in/rdocs/PublicationReport/Pdfs/WGFR68AA1890D7334D8F8F72CC2399A27F4A.PDF

[2] Henry Campbell black, ‎Bryan A Garner, Black’s Law Dictionary 452 ( 9^th Ed. Thomson Reuters ST. PAUL MN: west  2009)

[3] Henry Campbell black, ‎Bryan A Garner, Black’s Law Dictionary 452 ( 9^th Ed. Thomson Reuters ST. PAUL MN: west  2009)

[4] Report: Information technology, RESERVE BANK OF INDIA (Feb. 12, 2020, 10:04 AM), https://www.rbi.org.in/scripts/PublicationReportDetails.aspx

[5] Henry Campbell black, Bryan A Garner, Black’s Law Dictionary 141 (7^th Ed. West Publishing Company, Minn 1999).

[6] Frauds Master Circular on Frauds- Classification and Reporting, RESERVE BANK OF INDIA (Feb. 12, 2020, 10:04 AM) https://m.rbi.org.in/Scripts/BS_ViewMasCirculardetails.aspx?id=9808

[7] Information Technology Act 2000 Section 43A

[8] Information Technology Act 2000 Section 72A

[9] Information Technology Act 2000 Section 79

ABOUT THE AUTHOR(S)

Aditi Palit is a third-year law student from Amity Law School Delhi (GGSIPU). An avid reader, she’s also interested in legal research and keeps on writing on different legal topics. She’s adamant to make a career in the corporate world.

Abhishek Kushwaha is a third-year law student from Amity Law School Delhi (GGSIPU). with a knack of research and has been writing for a long time be it articles, stories and whatever that can be written.

In Content Picture Credit: TheStreet