A consideration of the recent High Court decision of Diana Chee Vun Hsai v Citibank Bhd  6 CLJ 774 about whether the Bank Negara Guidelines BNM/RH/GLO-041-01 (with regards to credit cards) has the force of law and whether banks are limited to only claiming RM 250.00 for unauthorized transactions when you lose your credit card. Kalvathy Maruthavanar’s paper ‘Internet Banking – A boon or a bane? A study on the legal issues relating to internet banking in Malaysia’ is also considered.
Diana Chee Vun Hsai, like many of us owned a credit card. She had two. One from Citibank Berhad, the other from HSBC Bank Berhad. On 7 September 2008, HSBC called up her to alert her about her credit card being used. When she checked her purse, she discovered both her credit cards were missing. She notified both the credit card companies of the loss of her credit cards on the same day and lodged a police report at Dang Wangi police station about it the following day. She understandably thought that was the end of the matter. She was wrong.
On 16 September 2008, Citibank told Diana Chee Vun Hsai they were billing her for the unauthorized transaction of RM 1,859.01 done on 6 September 2008. She responded through her solicitors to inform Citibank that the limit of liability for a lost credit card was RM 250.00 as provided in clauses 15.1, 15.2 and 15.3 of the Bank Negara Guidelines BNM/RH/GLO-041-01 (‘the BNM Guidelines’). Citibank’s lawyers replied pointing out to her that the terms of her credit card the crux of which is as follows:
“Our client imposes a duty on the cardholder to notify the loss one (1) hour prior to the unauthorized use and to provide proof of acting in good faith and exercising reasonable care and diligence to prevent such loss or theft of unauthorized use of the card before our client can exercise its discretion whether to resolve the liability or not. Such a clause is not in contravention of the Bank Negara guidelines.”(emphasis mine)
I have emphasized that portion to demonstrate just how unreasonable banks can be; to limit your losses arising from the loss of your credit card to RM 250.00, you have to inform Citibank one hour before the unauthorized transaction takes place, which you would naturally know nothing about. Additionally, you have to prove good faith and demonstrate that you exercised reasonable care and diligence to prevent such a loss. How absurd is that! Even after you show all that that, it is still at Citibank’s discretion whether to ‘resolve the liability or not.’ Is it any wonder the sensible man loathes banks despite yielding to them? They borrow your money, charge you a higher rate for borrowing back and offer you pittance for its use. But we shall leave this for another day.
Diana Chee rightly did not agree with the absurd reply and sued Citibank for several declarations the main ones being (i) that the BNM Guidelines issued pursuant to sections 25 and 70 the Payment Systems Act 2003 have the force of law and (ii) the term relied upon by Citibank to deduct the sum of RM 1,859.01 was illegal, void and contrary to public policy.
Justice Mohd Apandi Ali who heard the case at the outset opined that Citibank was an operator under the Payment Systems Act 2003 and therefore bound by the BNM Guidelines, which his Lordship very helpfully reproduces in its entirety for our benefit. I would strongly recommend those with credit cards to read and understand it. This would prevent credit card companies from taking advantage of your ignorance and fear of seeking legal advice. Clause 15.2 of the BNM Guidelines was referred to and is worth considering in full:
15. Liability For Lost Or Stolen Credit Card
15.2 The cardholders’ maximum liability for unauthorized transactions as a consequence of a lost or stolen credit card shall be confined to a limit specified by the issuer of the credit cards, which shall not exceed RM 250.00, provided the cardholder has not acted fraudulently or has not failed to inform the issuer of credit card as soon as reasonably practicable after having found that his credit card is lost or stolen.
His Lordship then opined quite rightly, ‘This “one hour prior to reporting of the loss card” clause, to my mind is not only unreasonable and ridiculous but it is contrary to the provisions of cl. 15.2 of the Bank Negara Guidelines. In fact, the RM 250 is the maximum liability of the cardholder in such circumstances, and that the onus of proving fraud or unreasonable delay to report loss of the card is upon the issuer of the credit card.‘ So in this case, the Judge ruled that it was Citibank that had to prove any alleged fraud or unreasonable delay on the part of Diana Chee before they can deny her the limitation of liability.
This is my favourite part:
“The cardholder has complied with the said terms of reporting and confirming the loss of the credit card. The respondent cannot have the discretion, despite having it so written in the agreement, to circumvent the Bank Negara guidelines, with a view to limit its liability.“
There you have it. Citibank despite knowing the BNM Guidelines defiantly made terms of agreements for their credit cards that not only infringed the BNM Guidelines but was designed with the purpose of limiting its own liability. This you can appreciate could translate into increased profits for them.
The Judge then rightly goes on to point out that breaching the BNM Guidelines is an offence punishable under section 57 of the Payment Systems Act 2003 which prescribes a fine not exceeding RM 500,000.00. If the credit card company continues to offend it then it will be additionally liable to a fine not exceeding RM 1,000.00 for everyday that the offence continues. His Lordship states that, ‘the issuer of the credit card is also liable to have its approval revoked by Bank Negara if the issuer has failed to comply with any of the Guidelines issued by Bank Negara.’ So clearly, the BNM Guidelines is an offence and if your credit card of bank is in breach of it, you should lodge a complaint with Bank Negara.
But it is not just the credit cards that are ripping us off. An interesting paper written by Kalavathy Maruthavanar titled ‘Internet Banking – A Boon or A Bane? A Study on the Legal Issues Relating to Internet Banking in Malaysia’ (Developments in Malaysian Law: Selected Essays, Sharifah Suhanah Sy. Ahmad, UM 2007) suggests that our local banks are in flagrant breach of the BNM guidelines for internet banking as contained in the ‘Minimum Guidelines on the Provisions of Internet Banking Services by Licensed Banking Institutions’ (referred to after this as the BNM Internet Banking Guidelines), which were issued pursuant to section 119 and section 126 of the Banking and Financial Institutions Act 1989 (‘BAFIA’), and remains in force by virtue of section 77(4) of the Payment Systems Act 2003.
Kalavathy focuses her attention on four areas but I will focus only on two which I feel relevant here:
The first area is the Standard Form of Contract (‘SFC’) between the bank and the user. Here she points out that the SFC generally forces the customer to agree to indemnify the bank for all and any loss arising from using internet banking regardless of whether they are at fault or responsible for the fault. She also points out that banks commonly exclude liability for negligence and for ‘any technical, hardware or software failure of any kind’. Basically the customer will have to bear the loss no matter what happens even when the bank is responsible.
Kalavathy points out that such clauses are in violation of Part 5, Clause 1.2(iii) of the BNM Internet Banking Guidelines which provides as follows:
“The customer know their rights and liabilities and are fully aware that they are responsible for their own actions. The contractual arrangements for liability arising from unauthorized or fraudulent transactions have been laid out to the customers. The arrangements should provide for sharing of risks between the banking institution and the customers. However, customers should not bear any loss arising from system failures.”
She also points out the relevance of the BNM Guidelines On Consumer Protection On Electronic Fund Transfers where Clause 17(1)(a) and (b) provides that:
A customer shall not be liable for loss –
(a) not attributable to or not contributed by the customer;
(b) caused by the fraudulent or negligent conduct of officers or agents appointed by, the –
(i) financial institution;
(ii) companies and other financial institutions involved in networking arrangements within this country; or
(iii) merchants who are linked to the card system.
So it appears we have local banks clearly in breach of the numerous BNM Guidelines issued.
(i) most of those statements permit dissemination of information to the whole bank’s group and related companies;
(ii) some of those sites contain cookies that track your activities on the internet;
(iii) a customer will not be protected if they click on a third party link from the bank’s website;
(iv) information collected for promotions and contests can be used for marketing.
Both these developments indicate that though there are many good and noble BNM Guidelines out there, it suffers from the usual lack of enforcement. Bank Negara has to realize that it is no use coming up with all these noble Guidelines without backing it up with regular and consistent supervision and enforcement, more so with banks because they are so wealthy and powerful. Bank Negara has to realize that as consumers with little ability to negotiate terms with a bank, so it is all the more important that information is provided to us directly. This way we can point out and take those banks to task when they treat us as connedsumers instead of consumers, or better yet, living and breathing human beings – not just a financial statistic.
This is sensible and logical. That is probably why Bank Negara does not do it. Kalavathy reports, ‘The BNM Guidelines are issued by Bank Negara solely to domestic banks. These guidelines are not avaiable to the public and it has been questionable if a lay person can enforce any Bank Negara guideline in a court of law.’
As explained above, the position has moved on since then and BNM Guidelines now have the force of law.
The question now is will Bank Negara publicize all those fine and noble sounding guidelines for public education and awareness.
If they do not, that would raise the further question of, why not?