Banking is the growth engine of an economy. It provides numerous facilities
to the enterprises, government and the common man therefore one cannot undermine
the importance of a sound banking system. During the past few decades there has
been a technology outburst in all sectors and banking has been one of the
sectors to adopt information technology. Internet or e-banking implies any
client with a PC and a browser can get associated with his bank's site to play
out any of the virtual banking functions.
In layman terms it offers traditional banking services through the virtual
medium. From the viewpoint of banking items and administrations being offered
through the Internet, Internet banking is just customary financial
administrations conveyed through an electronic correspondence spine, viz,
Legal Framework and Issues in E-Banking
Various provisions of law, which apply to traditional banking activity, are also
applicable to internet banking. This does not overcome the problems, and
therefore there is a need for the introduction of more stringent rules and laws
specific to meet the problems of e-banking. The legal framework for banking in
India is provided by a group of enactments, viz.
The Banking Regulation Act, 1949; the Reserve Bank of India Act, 1934 and
Foreign Exchange Management Act, 1999 are few among many such legislations. It
is mandatory on the part of all entities to obtain a license from Reserve Bank
of India under Banking Regulations Act, 1949 to function as a bank. Besides,
banking activities are also influenced by various enactments governing trade and
commerce, such as The Indian Contract Act, 1872, the Negotiable Instruments Act,
1881, Indian Evidence Act, 1872, etc.
Though e-banking has introduced ease of doing banking it has with it given rise
to many issues and risks such as operational risks, security risks and privacy
customer satisfaction and tax. Some of these issues are more sensitive than
others for example privacy and security are the pivotal features around which
e-banking has evolved.
There are some legal challenges also which are faced by E-Banking while
performing their activity, Information Technology Act, 2000 laid down some
guideline about E-Banking to deal with Technology and Security Standards; Legal
Issues; Regulatory and Supervisory Issues.
- The Information Technology Act, 2000 has provided for a penalty for
denial of access to a computer system (Section-43) and hacking (Section –
66), the liability of banks in such situations is not clear. Section 72 has
provided for a penalty for breach of privacy and confidentiality and Section
79 of the Act has also provided for exclusion of liability of a network
service provider for data traveling through their network subject to certain
conditions. Thus, the liability of banks for breach of privacy when data is
traveling through a network is not clear. This aspect needs a detailed legal
examination. The issue of ownership of transactional data stored in banks'
computer systems also needs further examination.
- At present banks providing Internet banking service, only accepting the
request for opening f accounts, and it will be done only after proper
physical introduction and verification. Section 131 of the Negotiable
Instruments Act, 1881, provides the Group holds the view that there is an
obligation on the banks not only to establish the identity but also to
make inquiries about the integrity and reputation of the prospective
customer. After coming in to force of the Information Technology Act, 2000
and digital certification machinery it has been suggested to banks to rely
on the digital signature of the introducer.
But the present legal regime doesn't set out the parameters on the extent to
which an individual are often bound in respect of an electronic instruction
alleged to have been issued by him. The authentication is achieved by
security procedure, which involves methods and devices like user-id,
password, personal identification number (PIN), code numbers and encryption
etc., used to establish authenticity of an instruction. However, from a
legal perspective a security procedure needs to be recognized by law as a
substitute for signature.
In India, the Information Technology Act, 2000,
in Section 3(2) provides for a particular technology (viz., the asymmetric
cryptosystem and hash function) as a means of authenticating electronic
records. This has raised the doubt whether the law would recognize the
prevailing methods employed by banks as valid methods of authentication.
- In the Internet banking scenario there is very little scope for the
banks to act on stop-payment instructions from the customers. Hence, banks
should notify the customers of the timeframe and the circumstances in which
any stop-payment instructions could be accepted.
- The banks providing Internet banking service and customers availing of
the same are currently entering into agreements defining respective rights
and liabilities in respect of Internet banking transactions. A standard
format / minimum consent requirement to be adopted by banks could even be
designed by the Indian Banks' Association, which should capture all
essential conditions to be fulfilled by the banks, the customers and
relative rights and liabilities arising therefrom. This will help in
standardizing documentation as also develop standard practice among bankers
offering Internet banking facility.
- The concern that Internet banking transactions may become a conduit
for money laundering, has been addressed by the Group. Such transactions are
initiated and concluded between designated accounts. Further, the
proposed Prevention of Money Laundering Bill 1999 imposes an obligation on
every depository financial institution to take care of records of
transactions for a particular prescribed period.
The Banking Companies
(Period of Preservation of Records) Rules, 1985 also require banks to
preserve certain records for a period ranging between 5 to 8 years. The
Group is of the view that these legal provisions which apply to all banking
transactions, whether Internet banking or traditional banking, will
adequately take care of this concern and no specific measures for Internet
banking are necessary.
- The Consumer Protection Act, 1986 defines the rights of consumers in
India and applies to banking services as well. Currently, the rights and
liabilities of consumers availing of Internet banking services are being
determined by bilateral agreements between the banks and customers. It is
open to debate whether any bilateral agreement defining customers rights and
liabilities, which are adverse to consumers than what's enjoyed by them
within the traditional banking scenario will be legally tenable.
The Information Technology Act 2000 attempted to address several e-commerce
regulatory issues, but some grey areas still exist, which have neither been
spelled out properly nor any workable modes of implementation suggested by
Constitutional institutions. The IT Act of 2000 did address the necessity for
banks to travel online and have laid out security measures to be adopted.
However, one cannot say the aspirations of the industry are satisfactorily
looked into. Also, the privacy procedure laid down by banks for providing access
to internet banking needs to be recognized by law similarly security procedures.
- M.L.Tannan, Tannan's, Banking Law and Practice in India, (20th Ed.),
(New Delhi: India Law House, 2003), p.157.
- Gunjan Bhagtani, Janvi Pandya, Contemporary Legal Issues in Indian
E-Banking System,Vol 2 Law Journals 17-24 (2019).
- Internet Banking – Legal Issues (May 20, 2020, 10:00 AM), http://rajdeepandjoyeeta.com/internet-banking-legal-issues/.