Nation

‘Signing away liability shouldn’t be an option’

By ZAKIAH KOYA and FAZLEENA AZIZ

PETALING JAYA: As financial institutions come under scrutiny amid rampant fraud, they should not be allowed to “contract out” of their responsibilities in their fine print, warn experts.

They said allowing banks to contract out – or formally opt out of an official plan – would dismiss the rights of consumers under common law.

Their comments were in response to the recent statement by Bank Negara Malaysia that financial institutions will bear full responsibility for fraud losses resulting from unauthorised transactions that are solely caused by lapses in their security controls.

Prime Minister Datuk Seri Anwar Ibrahim had previously said that banks must reimburse victims if the institutions were found to be negligent in scams.

Lawyer and cybersecurity law expert Derek Fernandez said financial institutions often contract out of liability with all kinds of exemption or limitation of liability clauses, which customers have no way of negotiating.

“When it comes to critical services, freedom to contract does not really exist from a consumer protection point of view, thus mandating new laws or additional licence conditions.

“From a regulatory perspective, many institutions use contracts their customers must agree to in order to operate a banking facility or other essential services, limiting their liability to compensate their customer by contract.

“The public must have a statutory right to be protected that cannot be contracted out of,” he said.

Fernandez said this should extend to incorporation as a licence condition that reasonable care and best efforts are made to protect their customers from fraud.

“Furthermore, no terms of service should be allowed to contradict this. Section 263 of the Communications and Multimedia Act provides a general statutory duty of care on all licensees.

“It is, therefore, necessary that in all critical national information infrastructure sectors and services, the government imposes strong statutory and licensing intervention to protect the public and the consumer.

“This will ensure proper cybersecurity resources are invested by those who profit the most from digitalisation.”

Compensation to customers, Fernandez said, should be on a full indemnity basis if institutions have not exercised reasonable care, and for this reason, mandatory digital insurance should be imposed at no extra cost to the consumer.

“This fund can be managed by regulatory authorities as part of the condition for financial institutions to continue operations.

“There must also be transparency in regulatory measures that these institutions must abide by so the public know their rights,” said Fernandez.

He also called on financial institutions to sufficiently update themselves with robust technology covering threat intelligence and fraud detection systems that employ the latest features.

Federation of Malaysian Consumers Associations (Fomca) chief executive officer Dr Saravanan Thambirajah said consumers are often left in a precarious position when they have to prove their innocence or face financial loss.

“Fomca has received numerous complaints from consumers about unauthorised transactions and fraud involving banks and financial institutions, including instances of phishing scams, compromised online banking accounts, and fraudulent card transactions.“Many of these complaints highlight delays or outright rejections by banks in reimbursing affected consumers.

“This decision addresses a longstanding grievance by ensuring banks are held accountable for safeguarding consumer funds and data,” he said.

Saravanan said there should be a clear reporting mechanism, timely investigation and reimbursement, penalty for non-compliance, and regular security audits by Bank Negara.

Sunway University economics professor Dr Yeah Kim Leng agreed that there should be regular security audits by third parties, liability, and compensation policies.

“Enhanced transaction-monitoring, collaboration and information-sharing are needed to ensure compliance.

“This should be on top of mandatory security standards such as implementing multifactor authentication, end-to-end encryption, and secure software development practices.“Other requirements include having a fraud risk management framework covering detection, prevention, response, and recovery mechanisms.

“Such efforts are needed to ensure adequate consumer protection against the growing menace of scams and frauds,” he said.

This way, Prof Yeah added, financial institutions would be motivated to invest in stronger cybersecurity frameworks and technologies to prevent fraud.

“It will also act as a deterrent against negligence as well as discourage complacency in maintaining and upgrading security systems,” he said.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
Financial Institutions , Scams , Fraud , Bank Negara

Next In Nation
Nurul Izzah denies she is stepping down as PKR deputy chief
Govt able to sustain RON95 subsidy but prepared to adjust policy
Traffic slow along several major highways this evening
Heatwave: Public advised to limit outdoor time, stay hydrated
Police tracking down suspect over Shah Alam fireworks stunt
‘Don’t forget the invite’: Congratulatory messages roll in following Syed Saddiq & Bella Astillah’s engagement
Remand extended for three men who allegedly attacked cops at Penang apartment
Four family members arrested over death of eight-year-old girl
Sabah tourism industry bracing for impact amidst geopolitical tensions
'Name the individual linked to RM9.5mil transaction,' urges PKR youth chief

Trending in News

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.