Can we believe that RBI inadvertently missed a Banking license applicant?

Posted on September 16, 2013 by Vijayashankar Na

In what appears to be a big joke, it is reported that RBI inadvertently missed announcing the name of the Chandigarh based “KC Land &Finance” as one of the applicants to Banking license which it announced with fanfare on July 1st 2013.

The group also kept quiet until recently RBI decided to announce that the number of applicants was not 26 but acutally 27 and it had missed the name of KC Land & Finance.

See report in BS:

Is this the RBI which we know of?…obviously not

Further, the licenses which were originally to be announced around March 2014 are now likley to be announced before the end of this year…probably before the election dates for the next Loksabha is announced.

…Reasons are obvious but regrettable.

Naavi

Posted in Cyber Law | Leave a comment

Differentiated Licensing for new Banks open up better prospects.. for litigation?

Posted on September 3, 2013 by Vijayashankar Na

After RBI received 26 applications for Bank licenses, discussions have been going on on whether it is desirable to issue a large number of licenses or restrict it to a few. Many corporates who perhaps were the favourites of the Ministry of Finance were considered incapable of meeting the Financial Inclusion criteria which RBI was considering as the ey.

Also the presence of share brokers, gold loan companies, exchange brokers,real estate agents etc in the license aspirant’s list made the whole issue very murky.

Even the public sector companies were not considered capable of running Banks.

It was therefore difficult for RBI to seriously consider more than 6-8 applications even for preliminary screening.

It now appears that some formula has been found to accommodate more licenses by introducing a concept of “Differentiated Licensing” where some of the essential obligations such as priority sector lending etc would not be imposed on all the licensees.

It is still too early how the existing licensees would react to this differentiated licensing since it may saddle them with the unremunerative part of banking business while the new Banks will walk away with the cream of the business.

There is no doubt that vested interests may be active to get the licensing norms diluted. However if the licensing norms now considered are significantly different from the basis on which the licenses were called for, there could be a controversy like the 2G scam where Supreme Court may be moved to cancel the licenses issued as discriminatory against those who stayed away from applying based on the norms announced at the time of calling for applications.

The new RBI Governor now has a difficult task of remaining fair under political influences. Otherwise we may see a classic clash of RBI the regulator and the Supreme Court in the days to come while the politicians would be laughing all the way to their Swiss Banks.

Naavi

Related Article in ET

Posted in Bank, RBI | Leave a comment

RBI sets up a panel of 5 persons to screen Bank license applications

Posted on September 2, 2013 by Vijayashankar Na

It is reported that RBI has zeroed in on a panel of 5 eminent members to screen the Banking license applications and provide necessary guidance to the RBI Governor for suitable decision.

Though not confirmed, it is expected that the members chosen for the panel are, Sebi Chairman U K Sinha, insurance regulator Irda Chairman T S Vijayan, pension regulator PFRDA Chairman Yogesh Agarwal, Financial Services Secretary Rajiv Takru and financial sector expert Y H Malegam.

(Refer report in BT)

In the last few months there has been some discordant notes struck between the RBI Governor and the Finance Minister. While the Finance Minister stated that there could be no limit to the number of applications that may finally be approved, the news was that RBI Governor had indicated that it would like to limit the number of licenses to 4 or 6. Also with the department of Post itself being an applicant and some of the RBI Directors being involved as promoters of some of the applicant groups, there are serious conflicts of interest that may arise in the context of granting of licences. Given the reputation of the current Government at the center, these conflicts would immediately translate into potential corruption possibilities or at least allegations.

It is therefore necessary for RBI as well as the expert group to make public the considerations adopted for the grant of licenses by placing the recommendation on each of the applicants before the public.

Naavi

Posted in Bank, RBI | Leave a comment

Promoting E Banking-Role of RBI

Posted on August 24, 2013 by Vijayashankar Na

RBI in its recent annual report, has lamented that 90% of payments are estimated to be collected through Cash/Cheque despite its efforts to promote E Banking. (See this report in Business Line). RBI has stated that more than 3080 crore bills are generated each year in 20 cities in India and there is need to increase the efficiency of the bill collection process. RBI has also reported the handling of around 47 million transactions valued at Rs 360,200 crore in March 2013 through NEFT and 8 lakh crore through RTGS on a single day March 28, 2013. AAs at the end of March 2013, 55 banks with a customer base of 23 million provided mobile banking services compared to 49 banks and 13 million customer base at the end of 2012. A whopping 53 million transactions valued at around Rs 6000 crore were transacted through mobile banking during the year 2012-13 registering a growth of 108 % by volume and 229% by value over the previous year.

The figures of E Banking usage quoted in the report are very impressive despite the tone of the report suggesting that RBI would be happier with a better digitization of the transactions.

For last several months, RBI has been promoting E Banking as if it is a marketing agent for technology.  There have been attempts like “Disincentivisation of use of Cheques” with stiff penalties imposed on customers and deliberate inconveniences mounted on the customers. The technology vendors and greedy commercial Banks have made RBI their captive and coerced RBI into taking policy decisions which make one feel that RBI has forgotten its basic role that as a “Banking Regulator” it has a responsibility to ensure that Banking in India is safe and sound.

The undersigned speaking in a conference on Bank Security in Mumbai on the 22nd instant compared the current status of RBI to being posessed by “Stockholm syndrome” sympathizing with its captors namely the technology vendors and the greedy commercial Banks. He suggested that RBI must take cognizance of the increasing Cyber frauds and an attempt by many Banks to bully the customers into accepting liabilities for cyber frauds as if all frauds occur only because of customer’s fault. he highlighted that the recent great E Banking robbery involved negligence of the back end processors and entirely because of the mistake of the Bank. He therefore strongly advocated that RBI should make “Cyber Crime Insurance” mandatory for all E Banking transactions.

One of the speakers from a prominent Bank speaking at the seminar boasted that there was not a single fraud reported in his Bank in the last one year reflecting the “All is Well syndrome” syndrome and the “Public can be fooled with such statements for ever” attitude. Dr Chakravarty, Deputy Governor of RBI speaking recently on Cyber frauds indicated that around 8765 frauds were reported in 2012-13. It is strongly believed that there is a huge under reporting of technology frauds in the Banks and the actual incidence of frauds is much higher. Dr Chakravarthy who is one of the last remaining custodians of customer interests in the Bank also said

“Banks could also consider seeking insurance coverage as a risk transfer tool and a mitigant for the financial losses arising from technology induced fraudulent customer transactions”

The news paper report of Business Line which refers also to the  so called “Vision Document” of RBI  does not make any mention of the actions that RBI has taken or intends to take on prevention of Cyber Frauds in Banking and the increasing risks that the Bank customers are being exposed due to untested technologies such as “Mobile Banking”. Banks and the RBI should remember that “Convenience” cannot be the last word in Banking and we should ” Say No to Technology if it is not safe”.

I call the attention of the new RBI Governor to ensure that the policies of RBI does not get diluted in terms of providing a safe banking environment in India and show his own commitment to the cause of Customer safety when he addresses the issue of licensing new Banks most of whom will be more dependent on technology than the current generation of Banks and will therefore be more vulnerable to “Failure due to technology Risks” than the present set of Banks.

Naavi

Copy of RBI Annual Report

Copy of speech by Dr Chakravarthy

Posted in Bank, Cyber Crime, Cyber Law, Netizen's Forum, RBI | Leave a comment

Mumbai High Court on Section 66A

Posted on August 20, 2013 by Vijayashankar Na

The Mumbai High Court has in a judgement opined that Section 66A can be applied even in the case of Websites.

According to this report in TOI, the High Court held

“Creating a website that may contain false or offensive information and facilitating its access to others would fall under the definition of ‘sending messages’ under section 66A of the IT Act ‘Inconvenience’ cannot be read in isolation and must be read as a whole under the definition of an offence under the section It is only false information that causes inconvenience”

The view however is open for debate and questioning since it does create certain conflicts.

Firstly, ITA 2000 addressed the issue of “Publishing” and “Transmitting” through Section 67. This section was restricted to obscenity issues and did not extend to “Defamation” or “Causing annoyance in general”.

At this time, “Defamation” was being addressed with IPC and even when “Defamation” occurred with electronic documents, they could still be covered under IPC.

However when offences such as “Cyber Stalking” and “Cyber bullying” started occuring, it was noticed that “Sending repeated messages/emails” was creating  a new situation which was not similar to “Static form of annoyance that could be alleged for a website publication”. A website could be ignored but a direct message could not since it intruded into the personal space of the addressee. Hence it had more capability to create annoyance of the addressee. At the same time “Website” was open to public view while email or SMS was not. Hence the “Publishing” activity on the website and the “Messaging” had to be considered as two different kinds of activities. The “Message” could not be considered as “Publishing” not “Distribution”.

The IPC laws of defamation was insufficient to tackle situations where the content of the message itself was not defamatory or threatening etc but the act of messaging was still causing annoyance. An example would be a message which states  “I hope all is well” sent to a girl at say midnight repeatedly when she is perhaps with her husband and sent in the name of a boy. This is sufficient to create annoyance of the level that could lead to disasters. Sec 66A was meant to address such situations.

The website activity can however be considered as “Publishing” and if any content is false and defamatory and also obscene, it can be taken up under the present Section 67/67A/67B. If it is not obscene but is defamatory, it can be considered under IPC.

Twitter and Facebook are also “Publishing” and not “Messages” though the term “message” is often used in such context. The main difference between a “message” and “what is not a message” is that “message” is pushed by the sender to the addressee. A published content reaches the destination only when he decides to pu;; it from cyber space to his attention.

It appears that the Mumbai High Court has failed to appreciate this vital distinction .

It is surprising that repeated mis-interpretations are occurring in Maharashtra about the implications of Section 66A. This judgement appears to support the contention of the Maharashtra police in the instances such as at Palghar when they invoked Section 66A on Facebook postings.

It would be necessary for this judgement to be reviewed and mis interpretation corrected.

Naavi

Posted in ITA 2008 | Leave a comment

HIPAA-US$1.2 m damage for not sanitizing photocopier hard disk

Posted on August 15, 2013 by Vijayashankar Na

A HITECH Act violation by a health plan in New York resulted in a potential data breach of 344,579 individuals has resulted in the HHS imposition of penalty of Rs $1,215,780 as a settlement.

The breach occurred when the Plan which had leased several photocopiers and used it during its operations decided to return the photocopiers to the lessors. The hard disks that are attached to the photocopier were not sanitized before being returned which resulted in an impermissible disclosure of PHI.

OCR had taken up an investigation of this breach which had been reported in April 2010 after a media disclosure. The settlement has also suggested a corrective action as follows.

 (1) conduct a comprehensive risk analysis of the Plan’s privacy and security risks and vulnerabilities and

(2) use best efforts to retrieve all hard drives that were contained on photocopiers previously leased by the Plan that remain in the possession of the leasing agent and safeguard all electronic PHI contained therein.

Related Article 

The report of CBS News filed in April 2010 had indicated  that the agency purchased 4 used photocopiers from a warehouse in New Jersy and extracted thousands of documents from the hard disks which contained sensitive information from various agencies including the NY Police department and the previously referred Affinity Health Plan.

The incident highlights the need for all companies handling sensitive personal information realize that the Photocopying machines of current days carry a hard disk which copies every document that is photocopied in the machine and hence needs to be sanitized before the photocopier is discarded. If they fail to do the damages can be crippling.

Naavi

Posted in Cyber Law, HIPAA | Leave a comment