KUALA LUMPUR: Financial institutions (FIs) will bear the full responsibility for fraud losses resulting from unauthorised transactions that are solely caused by lapses in their security controls, according to Bank Negara Malaysia (BNM).
The central bank clarified that full reimbursement will only apply if the fraud is due to lapses in the financial institution's security measures.
In cases where customer negligence is involved, reimbursement will be evaluated on a case-by-case basis, where the investigation is conducted by the bank and Royal Malaysia Police (PDRM).
BNM had recently issued policy enhancements to ensure FIs treat financial fraud victims fairly as part of efforts to strengthen the protection of consumer rights.
The policy focuses on ensuring FIs undertake robust and timely investigations for every case.
BNM said with this policy, victims in cases with an element of joint culpability shall not fully bear losses and, thus, are entitled to appropriate compensation.
"Further, any cases not in the customer's favour must also be subject to an independent review to ensure such cases have been objectively assessed.
"Additionally, if the customer does not agree with the decision or compensation offered by the FI, the customer has the right to lodge a dispute related to this decision with the Financial Services Ombudsman (OFS), an independent and free channel for financial dispute resolution," the central bank told Business Times when contacted.
BNM also emphasised that it consistently monitors FIs' practices in resolving complaints related to financial fraud to ensure victims receive proper treatment.
Customers are advised to submit any complaints to the relevant FI's Complaints Unit for feedback.
BNM said reporting institutions, including the FIs, are required to submit suspicious transaction report (STR) to the central bank when they suspect or have reasonable grounds to suspect the transaction, or activity appears illegal or involves proceed from unlawful activities including fraud, regardless of the amount.
Failure to submit a STR is an offence under the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA) and enforcement action can be taken against such reporting institution.
Key countermeasures were introduced in 2022 that have reduced the number of cases of unauthorised online banking fraud, as reported to the National Scam Response Centre (NSRC).
"These countermeasures include the migration from SMS to one-time passwords (OTP), tightening banks' fraud detection rules, a verification and cooling-off period for first-time enrolment of e-banking services, allowing only a single mobile device or secure device to be registered, a 24/7 dedicated complaint channel for customers and kill switch for customers to temporarily suspend their bank accounts," BNM added.
Recently, Prime Minister Datuk Seri Anwar Ibrahim stated that banks must reimburse scam victims if the institution's negligence is found to have caused the scam.
He expressed support for the principle applied in the United Kingdom, where banks compensate victims in cases of negligence, and suggested it should be implemented locally.
The Association of Banks in Malaysia (ABM) executive officer Dr Amina Kayani said banks have always ensured that customers are reimbursed on a "fair and proportionate" basis when investigations reveal shortcomings in their processes, systems, or responses that led to scam-related losses.
She said through numerous cases, member banks have resolved such matters promptly and responsibly while the banking industry continues to enhance its measures to address the growing complexity of scams.
"ABM and its member banks are steadfast in our commitment to protect the financial safety of our customers.
"In a united front against fraud, banks across Malaysia have implemented comprehensive security measures designed to fortify banking systems and enhance fraud prevention protocols, ultimately safeguarding customer accounts," she added.