It is time for a PIL to explore the inconvenience and business disruption caused to customers of Citi Bank because of the acquisition of its consumer business to Axis Bank. The damage caused to individual businesses whose cheques would have been returned and pending credits would have bounced etc was entirely un necessary and reflects a failure of proper supervision of the entire process.
Perhaps an RTI on RBI is a starting point and some lawyer needs to take this case.
I refer to this post on Axis Bank website which states that the Acquisition of CitiBank Consumer business was handled by Axis Capital and Credit Suisse as financial advisors and Khaitan & Co as legal advisors. Additionally PricewaterhouseCoopers and Boston Consulting Group were involved as Business Consultants
I request that these professional firms need to explain to the public how they let the CitiBank fiasco to happen.
In cases of total merger of one entity to another such as Corporation Bank and Andhra Bank to Union Bank etc., the entire IT systems of one entity was transferred to the merged entity. Though there were technical glitches in migration, the old account numbers and chequebooks continued and there was not much of business disruptions like what the Axis Bank-Citi Bank deal caused.
I understand that in this case it was not possible for Citi Bank to provide control of its entire systems to Axis Bank. However it was possible to set up a middleware system which could have handled the customer issues over a period of time sufficient to allow the data to be migrated. This was a technical failure and the financial, Business and legal consultants were incapable of suggesting this issue. There was a need for involving a Cyber Security and IT Consultant with experience in Banking in the process to handle the migration.
It also appears that this issue was handled as a business acquisition of a division and RBI has failed to exercise supervision. I request the Governor of RBI to initiate its own enquiry into the failure of its oversight mechanism.
It was clear to customers who had visited Citi Bank recently that Citi Bank executives were not even interested in suggesting continuation of the customer relationship and were happy to close the accounts. This was indicative that they were not concerned either for their customers or for Axis Bank as their client.
While Axis Bank failed to market itself to the customers of Citi Bank, some card marketing activity continued on behalf of Citi Bank until a few days back.
The least that the two Banks could have done was to release a joint news paper advertisements to warn the customers to shift their accounts or face disruptions. Axis Bank should have setup a technical facility to migrate accounts if it required “Explicit Consent”.
It is surprising that this Rs 12325 crore deal was handled so shabbily. While on paper the deal looked great for Axis Bank, it now appears that Axis Bank will fail to get all the 3 million customers of Citi Bank whom they could have happily acquired at one stroke. Shareholders of Axis Bank should question the management on this failure.
A statement from the top management of Axis Bank on how and why they let down the erstwhile customers of Citi Bank is expected.
PS:
Some of my readers have pointed out that they did receive several reminders from Citi Bank and they exited from the Bank. It appears that several others found the notice inadequate and were taken by surprise.
Personally I had a Credit card account only and I continued to get reminders for renewal till a few days back which I simply ignored.
Whoever is responsible for the fiasco, there will be a debate on what is “Due Diligence” under such circumstances and whether there will be liabilities for some body on causing denial of service.
Naavi
I received the following experience from one of my readers on how he handled the 9th February issue.
Quote
It was not easy, I spent 6 hours with them to get back my 9.75 lakhs balance
Unquote
Last week, CitiBank sprung a surprise on its customers by abruptly closing their accounts in preparation for the merger of its operations with Axis Bank by the end of March 2023.
In the process, many clients having their primary and business critical accounts with CitiBank found that their business was disrupted.
In earlier mergers this kind of a situation did not arise since the accounts were automatically transferred to the new entity and it was left to the customer to decide what to continue their relationship with the new entity or not over a period of time.
In the meantime, in the earlier mergers of Corporation Bank-Union Bank, all cheques and standing instructions related to the old accounts continued to be operative and no inconvenience was caused to the customers.
It is not clear why Citi Bank adopted this move and why RBI did not prevent this inconvenience caused to the customers.
We are not aware if RBI was aware of this move and had approved it or Citi Bank had kept RBI in the dark. Also, did Axis Bank take the trouble of informing the erstwhile customers of Citi Bank that such a move was contemplated by Citi Bank ?. The customers of Citi Bank are now the responsibility of Axis Bank and they need to preserve their own reputation for customer service and they seem to have failed in this obligation and opportunity.
It is time for some consumer oriented lawyer to file a PIL and ensure that CITI Bank pays damages to all its customers for suddenly stopping operating accounts and causing both material and reputational harm to them.
I am trying to figure out if there was any technical reasons for this fiasco. In earlier cases of mergers the merged entity continued to operate the account under the same account number for some time until it was migrated to a new account number. Even the standing instructions and cheque books continued to be operative till they were replaced and migrated.
It was surprising why this did not happen in the Citi Bank-Axis merger case. It is not clear if this was handled like a merger under RBI supervision or a business acquisition. In that case Axis Bank had to be pro active and provided some easy options to customers for migration. Difficult to imagine why Axis Bank failed to use this marketing opportunity.
It should have been possible to set up an intermediary authentication system to direct the customers to the specific data base of account holders transferred to the control of Axis Bank. Probably Citi Bank did not want to help Axis Bank acquire the customers easily and Axis Bank failed to negotiate the merger/acquisition properly. Whichever consultant handled the transition has failed in his duty to guide Axis Bank properly.
We await more information to unfold in this regard from RBI.
Also see this article on which consultant handled this acquisition so inefficiently.
Naavi
The fine of Euro 800000/- imposed by CNIL on the US based Discord.com is an instance where the supervisory authority conducted its own online inspection without any complaint about data breach and arrived at the fine for a relatively low risk contravention.
The fine which was imposed on 10th November 2022 was a reminder to the industry that even without any breach related complaint, CNIL could on its own try to find a non compliance and impose fines.
The breach identified was that there was lack of a written “Data Retention policy” under article 5.1.e. As a result, the investigation found that the data of 2,474,000 French users remained in the data base though they had not been used for more than 3 years and 58000 accounts which were not used for more than 5 years. (P.S: During the investigation, the company introduced the policy to delete the information after 2 years).
CNIL further identified an associated Article 13 breach (Not providing information to data subject) since there was no policy on data retention.
Yet another breach identified was that there was deficiency in the implementation of Data Protection by default (article 25.2). The observation in this regard was that when a user wanted to close the voice chat and clicked on the X mark on the window, the application was only sent to the background and not exited. (P.S: During the investigation, company introduced as a compliance measure, a Popup to indicate that the voice chat window is still running in the background).
Another issue found by CNIL was that the Password policy allowed use of 6 letter password and did not mandate complicated password with a mix of lower case, upper case and special charecters. (P.S: During the investigation, company complied with the requirement).
Further CNIL found fault with Discord.com that it had not conducted a DPIA and given the volume of data handled, it should have conducted a DPIA. (PS: The Company conducted two DPIA and concluded that it is not likely to result in a high risk to individual’s rights and freedoms).
The incident indicates that CNIL could conduct its own online inspections and initiate action against companies and it would be wise for Foreign companies providing services in the GDPR region to set aside a suitable insurance coverage (if available) or provisions to meet such demands as if it is a GDPR tax.
Naavi
At Naavi.org, we have frequently alluded to “Theory” to explain concepts. We discussed the “Theory of Information Security Motivation” at one time and also created the “Theory of Data” to explain “Data” and its relation to “Privacy”. We did make a brief mention of “Theory of Privacy” which is still to be explored. Now is the time to open the doors for discussing the “Theory of Mind”. We are converging on this topic from the need to understand the “Neuro Rights Protection” and also to understand the “Artificial Intelligence regulation”.
I am approaching these topics as a student and trying to understand the present thinking on this topic peppered with my own views.
Our own approach to human mind earlier has been through the “Philosophy” which tries to discuss the “Mind”, “Intellect” and “Consciousness” and their respective manifestations of the “Thought Process”, “Discretion” and “Awareness” .
Scientists of the modern era are coming towards the study from the biological concept of the Brain, the Nerve system, Neurons, the Dendrites, Electro-Chemical changes and Electro Magnetic signal processing that happens within the brain.
The Psychologists have their own approach to understand the behaviour of a person which is a manifestation of the instructions generated in the mind. They look at conscious mind, sub-conscious mind, emotions etc as different manifestation of the functioning of the brain.
When an AI programmer is trying to emulate the human brain and take it beyond the “I instruct…Remember and Execute” kind of functioning to a level where the program is instructed to “Learn while you decide and alter the behaviour to make the output more in tune with an objective” , the programmer tries to draw some understanding of the way human “Mind” functions so that he can set up a neural network close to the human intelligence.
It is in this context that the “Theory of Mind” appears the next door to open.
The Theory of Mind (TOM) is meant to understand how the brain is able to generate thoughts, emotions , feelings, beliefs etc which define the character of a person. It tries to find the reason why “Intuition” exists and an individual some times discards the earlier experience and takes decisions not backed apparently by any logic.
One plausible explanation is to consider that this is a kind of decision based on a probability estimate but whether it is as simple as a probabilistic decision making or some thing else like the “Sixth Sense” is a matter to be analyzed.
I was going through the book, “The Basic Theory of Mind” by Dr Chirapat Ukachoke to understand his perspective of the “theory of Mind”. One of the important concepts that the theory discusses is the concept of “Qualia” which is the way a person perceives the incoming neural signals. This brings us close to the concept of “Consciousness” and the “Theory of Maya” used in the Indian philosophy.
Basically “Qualia” is the ability of the mind to “See things”. While the sensory perceptions stimulate the mind to “See things”, it is possible that a person may “See” what is different from what other person sees and herein lies the origin of “Intuitiveness”.
We should remember that “What We see may not be what it is” since the perception is dependent on several aspects of the state of mind. Ideally the state of mind should have a direct correlation to the state of a sensory stimulation. But this may not be true. When you hear the word mango, some may perceive a ripe Alphanso and another may perceive a green Totapuri. When a red object is seen one person may see the colour and another may not or may see a different colour.
Other examples of qualia include the perceived sensation of pain of a headache, the taste of wine, as well as the redness of an evening sky.
All such perceptions cannot be dismissed with the deficiency of the sensory organizations. There could be a difference in the “Vision” not related to the sensory input alone.
In AI such happenings may be considered as “Errors” or “Deficiency in Training”. But when we try to provide self learning capability to the AI, can there be a situation where the AI will imagine things on its own and act in a manner that is not intended by the developer?… is the concern we need to resolve.
We need to explore this further and see if there is any learning we can take to the AI development.
Naavi
According to ChatGPT: Intuition and qualia are related in that both involve a type of direct, non-verbal understanding of the world. Intuition can be seen as a type of qualia in that it involves a direct, unconscious experience of knowledge, without the need for conscious reasoning or analysis. However, intuition can also be seen as distinct from qualia, in that it involves a more general, problem-solving type of mental processing, while qualia is more specific to individual sensory and mental experiences.
