A consideration of the recent High Court decision of Diana Chee Vun Hsai v Citibank Bhd [2009] 6 CLJ 774 about whether the Bank Negara Guidelines BNM/RH/GLO-041-01 (with regards to credit cards) has the force of law and whether banks are limited to only claiming RM 250.00 for unauthorized transactions when you lose your credit card. Kalvathy Maruthavanar’s paper ‘Internet Banking – A boon or a bane? A study on the legal issues relating to internet banking in Malaysia’ is also considered.

Gold Card Mock Up

Diana Chee Vun Hsai, like many of us owned a credit card. She had two. One from Citibank Berhad, the other from HSBC Bank Berhad. On 7 September 2008, HSBC called up her to alert her about her credit card being used. When she checked her purse, she discovered both her credit cards were missing. She notified both the credit card companies of the loss of her credit cards on the same day and lodged a police report at Dang Wangi police station about it the following day. She understandably thought that was the end of the matter. She was wrong.

On 16 September 2008, Citibank told Diana Chee Vun Hsai they were billing her for the unauthorized transaction of RM 1,859.01 done on 6 September 2008. She responded through her solicitors to inform Citibank that the limit of liability for a lost credit card was RM 250.00 as provided in clauses 15.1, 15.2 and 15.3 of the Bank Negara Guidelines BNM/RH/GLO-041-01 (‘the BNM Guidelines’). Citibank’s lawyers replied pointing out to her that the terms of her credit card the crux of which is as follows:

“Our client imposes a duty on the cardholder to notify the loss one (1) hour prior to the unauthorized use and to provide proof of acting in good faith and exercising reasonable care and diligence to prevent such loss or theft of unauthorized use of the card before our client can exercise its discretion whether to resolve the liability or not. Such a clause is not in contravention of the Bank Negara guidelines.”(emphasis mine)

I have emphasized that portion to demonstrate just how unreasonable banks can be; to limit your losses arising from the loss of your credit card to RM 250.00, you have to inform Citibank one hour before the unauthorized transaction takes place, which you would naturally know nothing about. Additionally, you have to prove good faith and demonstrate that you exercised reasonable care and diligence to prevent such a loss. How absurd is that! Even after you show all that that, it is still at Citibank’s discretion whether to ‘resolve the liability or not.’ Is it any wonder the sensible man loathes banks despite yielding to them? They borrow your money, charge you a higher rate for borrowing back and offer you pittance for its use. But we shall leave this for another day.

Diana Chee rightly did not agree with the absurd reply and sued Citibank for several declarations the main ones being (i) that the BNM Guidelines issued pursuant to sections 25 and 70 the Payment Systems Act 2003 have the force of law and (ii) the term relied upon by Citibank to deduct the sum of RM 1,859.01 was illegal, void and contrary to public policy.

Justice Mohd Apandi Ali who heard the case at the outset opined that Citibank was an operator under the Payment Systems Act 2003 and therefore bound by the BNM Guidelines, which his Lordship very helpfully reproduces in its entirety for our benefit. I would strongly recommend those with credit cards to read and understand it. This would prevent credit card companies from taking advantage of your ignorance and fear of seeking legal advice. Clause 15.2 of the BNM Guidelines was referred to and is worth considering in full:

15. Liability For Lost Or Stolen Credit Card

15.2 The cardholders’ maximum liability for unauthorized transactions as a consequence of a lost or stolen credit card shall be confined to a limit specified by the issuer of the credit cards, which shall not exceed RM 250.00, provided the cardholder has not acted fraudulently or has not failed to inform the issuer of credit card as soon as reasonably practicable after having found that his credit card is lost or stolen.

His Lordship then opined quite rightly, ‘This “one hour prior to reporting of the loss card” clause, to my mind is not only unreasonable and ridiculous but it is contrary to the provisions of cl. 15.2 of the Bank Negara Guidelines. In fact, the RM 250 is the maximum liability of the cardholder in such circumstances, and that the onus of proving fraud or unreasonable delay to report loss of the card is upon the issuer of the credit card.‘ So in this case, the Judge ruled that it was Citibank that had to prove any alleged fraud or unreasonable delay on the part of Diana Chee before they can deny her the limitation of liability.

This is my favourite part:

The cardholder has complied with the said terms of reporting and confirming the loss of the credit card. The respondent cannot have the discretion, despite having it so written in the agreement, to circumvent the Bank Negara guidelines, with a view to limit its liability.

There you have it. Citibank despite knowing the BNM Guidelines defiantly made terms of agreements for their credit cards that not only infringed the BNM Guidelines but was designed with the purpose of limiting its own liability. This you can appreciate could translate into increased profits for them.

The Judge then rightly goes on to point out that breaching the BNM Guidelines is an offence punishable under section 57 of the Payment Systems Act 2003 which prescribes a fine not exceeding RM 500,000.00. If the credit card company continues to offend it then it will be additionally liable to a fine not exceeding RM 1,000.00 for everyday that the offence continues. His Lordship states that, ‘the issuer of the credit card is also liable to have its approval revoked by Bank Negara if the issuer has failed to comply with any of the Guidelines issued by Bank Negara.’ So clearly, the BNM Guidelines is an offence and if your credit card of bank is in breach of it, you should lodge a complaint with Bank Negara.

But it is not just the credit cards that are ripping us off. An interesting paper written by Kalavathy Maruthavanar titled ‘Internet Banking – A Boon or A Bane? A Study on the Legal Issues Relating to Internet Banking in Malaysia’ (Developments in Malaysian Law: Selected Essays, Sharifah Suhanah Sy. Ahmad, UM 2007) suggests that our local banks are in flagrant breach of the BNM guidelines for internet banking as contained in the ‘Minimum Guidelines on the Provisions of Internet Banking Services by Licensed Banking Institutions’ (referred to after this as the BNM Internet Banking Guidelines), which were issued pursuant to section 119 and section 126 of the Banking and Financial Institutions Act 1989 (‘BAFIA’), and remains in force by virtue of section 77(4) of the Payment Systems Act 2003.

Kalavathy focuses her attention on four areas but I will focus only on two which I feel relevant here:

The first area is the Standard Form of Contract (‘SFC’) between the bank and the user. Here she points out that the SFC generally forces the customer to agree to indemnify the bank for all and any loss arising from using internet banking regardless of whether they are at fault or responsible for the fault. She also points out that banks commonly exclude liability for negligence and for ‘any technical, hardware or software failure of any kind’. Basically the customer will have to bear the loss no matter what happens even when the bank is responsible.

Kalavathy points out that such clauses are in violation of Part 5, Clause 1.2(iii) of the BNM Internet Banking Guidelines which provides as follows:

“The customer know their rights and liabilities and are fully aware that they are responsible for their own actions. The contractual arrangements for liability arising from unauthorized or fraudulent transactions have been laid out to the customers. The arrangements should provide for sharing of risks between the banking institution and the customers. However, customers should not bear any loss arising from system failures.”

She also points out the relevance of the BNM Guidelines On Consumer Protection On Electronic Fund Transfers where Clause 17(1)(a) and (b) provides that:

A customer shall not be liable for loss –

(a) not attributable to or not contributed by the customer;
(b) caused by the fraudulent or negligent conduct of officers or agents appointed by, the –

(i) financial institution;
(ii) companies and other financial institutions involved in networking arrangements within this country; or
(iii) merchants who are linked to the card system.

So it appears we have local banks clearly in breach of the numerous BNM Guidelines issued.

The second area concerns the privacy aspect of internet banking. The BNM Internet Banking Guidelines approach is laudable. Clause 4.1 stresses that, ‘Bank Negara Malaysia considers the privacy of consumer personal information to be an important element of public trust and confidence in the Malaysian banking system.’ Clause 4.4 places the responsibility of providing privacy protections in the online environment on the banks. They have to stipulate their Privacy Policy Statement on their websites and ensure that it conforms to conditions contained in clause 4.7. BNM Internet Banking Guidelines at clauses 4.8 – 4.17 requires the banks to set up a Customer Support Service to handle queries and complaints, and oversee all internal controls.

Kalavathy then discovers that notwithstanding those guidelines, many banks Privacy Policy Statement do not comply with them because:

(i) most of those statements permit dissemination of information to the whole bank’s group and related companies;
(ii) some of those sites contain cookies that track your activities on the internet;
(iii) a customer will not be protected if they click on a third party link from the bank’s website;
(iv) information collected for promotions and contests can be used for marketing.

So even if the Privacy Policy Statement meets with the legal requirements, they do not necessarily do so with its spirit.

Both these developments indicate that though there are many good and noble BNM Guidelines out there, it suffers from the usual lack of enforcement. Bank Negara has to realize that it is no use coming up with all these noble Guidelines without backing it up with regular and consistent supervision and enforcement, more so with banks because they are so wealthy and powerful. Bank Negara has to realize that as consumers with little ability to negotiate terms with a bank, so it is all the more important that information is provided to us directly. This way we can point out and take those banks to task when they treat us as connedsumers instead of consumers, or better yet, living and breathing human beings – not just a financial statistic.

This is sensible and logical. That is probably why Bank Negara does not do it. Kalavathy reports, ‘The BNM Guidelines are issued by Bank Negara solely to domestic banks. These guidelines are not avaiable to the public and it has been questionable if a lay person can enforce any Bank Negara guideline in a court of law.’

As explained above, the position has moved on since then and BNM Guidelines now have the force of law.

The question now is will Bank Negara publicize all those fine and noble sounding guidelines for public education and awareness.

If they do not, that would raise the further question of, why not?

Fahri Azzat practices the dark arts of the law. Although he enjoys writing and reading, he doesn't enjoy writing his own little biographies of himself. Like this one. He wished somebody else would do it...

14 replies on “Those Bloody Banks, Credit Card Companies and Bank Negara!”

  1. Credit card is very important for our daily life. Now we can buy everything by use credit card. But we need to follow some rules for use our credit card safely.

  2. Bank negara should safeguard consumers from these so called "discretionary decision" to keep changing due date of payments and inaccessibility of consumer to review last 24 months transaction history due to again the bank discretionary to make changes!!!

  3. I had been using SCB Visa Gold for more 10 years. Recent years I had been paying every months at least the minimum payments required for balance outstanding but they did not send any monthly statement to me for past 2 years although I confirmed they had my home address via calling their customer service. Prior to this, I had been accessing online to view my transactions and charges by bank until almost 2 years plus ago, I could not access my online because forgotten password. I tried to reactivate via customer services but failed until 2 months ago, I managed to access when I finally got the customer service to fix for me. I am only allowed to view past 90 days transactions history which is also something new to me as in past, they allowed me to view online at least a year or more historical transaction. Guess what, they had been imposing RM100 late payment charges to me in all past 3 months that I can view online! I wonder why the balance keep increasing although I tried very hard to pay more than minimum every month! When I query them and request for waiver via email, they immediately say no without even take any initiative to call me to explain further! They replied it is bank discretionary decision to charge RM100 for late payment. Just imagine RM100 late payment charges every month and due dates changes done without formal notice??? Can I seek help from Bank Negara? I believe many people are also facing this unawareness due to lack of details in checking statement every month and only looking at total outstanding.

  4. Anyone has further advice on the matter. I too had unauthorized charges that bank refused to honor the dispute saying it was chip transaction.

  5. To Fahri Azzat … Is it true that the Financial Services Act 2013 makes 15. Liability For Lost Or Stolen Credit Card no longer valid ? If this is true, how can I get my bank to limit my credit card loss that was wrongfully used by an unknown third-party ? Thank you

  6. I remember that sometime in 2002, the credit card companies were required to clearly state (usually in bold)in the application form that the supplementary card is only liable for "cost and charges under his/her own Supplementary Credit Card" – but cannot remember what brought this about. I vaguely remembered that previously supplementary card holders were held liable for principal card holders debts. Can any one shed some light on this? Any decided cases on this?

  7. Hopefully these individuals are only using Citibank and HSBC for credit card services, as it generally illogical to be a depositor in these institutions. Deposit rates are lower, transaction fees tend to be high, and the "relationship" value is often lower than it would be with a local bank. Ten years ago, these banks had a technical edge (internet banking), but that is no longer the case. If you're actually keeping savings at a bank, it's worth shopping around every few years to park your cash in whichever bank will give you the best rate (at least so long as it falls within the B Negara insured amount).

  8. Just like to share a very useful website: http://www.mobileyp.tel, where you can get all contact numbers to the banks so that you can call and cancel your cards.

    I urge you to try visiting this site using your mobile phone and you will appreciate how life saving it can be when in need.

  9. I have a supplementary card issued by Alliance Bank and my wife is the principal card holder. Hardly used the card, only 4 times.

    In Feb. 2009,upon receiving statements, I noted that there were 6 fraudulent transactions totalling RM1,153.70 done at 3 small boutiques at Jalan Telawi 2, Bangsar Baru. I called up Alliance Bank and disputed these transactions and also faxed them the disputes form as requested. The card was with me on those transaction dates.They sent me copies of charge slips and bills for 5 transactions and the signatures on the slips were obviously different from my signature on the reverse side of the card. But Alliance Bank claimed that the card was chip-based and could not be cloned and as such, considered as processed by genuine card and I had to pay. Charge slip and bill for another transaction were not provided and reversed out in Nov. 2009 statement and no reason was given. All the purchases were for female clothing. I also lodged police report. I urged the bank officer to view the CCTV recordings since these merchants were fitted with CCTV but he refused. Now, they issued me a summon to appear at magistrate court on 23 June. 2010. Any advice will be much appreciated.

  10. My dear Fahri

    You must also, if applicable, note that the bank issued the reply through its own lawyers.

    If I am right, and with respect, lawyers do complicate simple matters for the consumer in this area.

    And some bank officers can be quite nasty about pursuing these claims, prodded on perhaps by your head of department.

    I guess Bank Negara must weed out such bank officers for the good of the overall system.

  11. Hi everyone,

    A very informative posting – appreciation and thanks to Fahri Azzat!

    Do continue to post such useful articles to enlighten the public on their rights!

  12. I owned two gold cards with high credit limit from one of those banks mentioned. Only the mastercard was used and my visa was kept in the house safe, locked and unsigned. However, not long after receiving the renewal cards, I had a statement from the bank that I had spent more than Rm6,500 from the visa account… purchases from boutique shops, petrol stations, jewellery, etc. I immediately alerted the bank to inform them that I had never made such transactions as the card was never used and was in my safe keeping and instructed them to immediately stop all forms of transactions thereon. I was told to cut the card in half and see them asap. I went the next day and signed the form disavowing that I had made such purchases. Henceforth, they cancelled the debt and replaced me with a new card the following day.

    That was a clear case of stolen information/identity used by the thief who must have had connections and collaboration with some people inside the bank or else how could the thief know that my card was good?

    I salute Diana Chee for having the guts and gore to face that bullying bank. Those who had faced similar problems owe you one, Diana!!

Comments are closed.