Banking Ombudsman needs emergency fraud powers
An open letter to the Reserve Bank of New Zealand, Financial Markets Authority, Commerce Commission, Banking Ombudsman, Minister of Finance and Minister of Commerce and Consumer Affairs.
Which one of you can put a halt to our banks refusing to repay victims of financial fraud? It has become a circus and buck-passing exercise.
The Citibank cloned term deposit cases need to be a marker in the sand. These cases must be repaid. Why do you believe your hands are tied?
Banks have just funded the Nigel Latta scam programme on TVNZ, which gets us no closer whatsoever to sorting out the imbalance of power between consumers and banks in the payments system.
Latta is delivering a great message. A small percentage of people will self-rescue thanks to this programme and he should be proud of that.
But there’s a much bigger psychological masterplan operating above his head. Funding this TVNZ programme is part of an industry diversion, delay and deny tactic. We have to be candid about this.
Latta is a Band-Aid solution for a bleeding regulatory wound. One of you must co-ordinate an intervention.
If I thought Latta’s programme sat on top of a policy change to bring consumer protection up to international standards, there wouldn’t be a problem. But paying for primetime telly, while simultaneously stepping back from responsibility, is cynical.
Banks are using Latta’s educational talent to extend the narrative that consumers, not banks, hold the liability for sophisticated payment crimes.
Banks have resources, staff, industry networks and an international model full of expertise they can tap. We only have to set down our consumer protection expectations and allow them to decide where their new commercial risk settings lie.
We don’t need a review and we don’t need to dictate their systems or their speed of installation.
Why should banks pay?
Payments are now a technology product and bank profits are directly related to high volume “frictionless” transactions (without human interaction).
Banks set their own comfort levels on risk. It’s based on how much it costs to monitor, intervene, train staff and set up fraud busting technology versus their consumer liability (which is close to zero for authorised fraud involving trickery).
Listening to banks’ bluster has to stop. They do not have world-leading processes and are wilfully avoiding bringing themselves in line with international change.
You need to be very clear that our banks are failing their customers.
They have no COP checks (confirmation of payee) and must be held liable for an account number that doesn’t match the account name.
They are not self-regulating with a voluntary code on phishing. Do not wait or cajole them into this. They’ve already failed.
There is no scam code. Banks in Australia must engage with social media and telecoms companies and pay for fraud.
They have not set up a live inter-bank fraud detection system. The Australian Banking Association has launched a new Fraud Reporting Exchange (FRX). It’s a digital platform to help banks respond quickly and increase recovery of funds. Our own Banking Association has failed to mirror this while flying into a crime wave.
Staff training is inadequate, as banks know they won’t wear the liability. In fact, they use it as a defence. In a recent Westpac case, a customer caught in the Citibank fraud spent 40 mins in a branch trying to get help to make the payment. I’ve read enough UK cases to know Westpac wouldn’t survive a hearing, but in New Zealand the Ombudsman’s investigator has issued an initial opinion which finds in the bank’s favour.
Banks are not successfully sharing fraud information. The Citibank case proves this. Citibank itself failed to find the cloned website and shut it down.
Worryingly, a responsible Bankers Association doesn’t make statements that repaying fraud cases “could mean customers have little incentive or responsibility to protect their money”.
It knows this is disingenuous and not true internationally. It can take up to a year for a ruling and each case turns on its own facts, with no absolute right of success. Customers do not risk the emotional turmoil of going through this awful process.
Our Ombudsman says she doesn’t have the power to find in favour of authorised fraud cases. Why? Because the banking code of practice, a flimsy six-page document written by banks themselves, hasn’t adapted to payment technology.
The Banking Ombudsman appears to be stuck with a code of practice, written by the turkey who won’t vote for Christmas.
We need to give the Banking Ombudsman emergency powers to overturn authorised payment fraud cases, where the circumstances show the customer was not purposely negligent.
The banking code of practice doesn’t cover authorised fraud, but it does promise to provide secure banking systems.
Banks have failed to keep up with the technology, speed, friction, duty of care and inter-bank communication, required in a modern secure banking system.
They have forced electronic payment systems on their customers, while offloading their commercial risks. This is despite watching UK and Australian banks make big changes.
I believe this failure is enough to hang our hat on and allow the Citibank cases to be upheld for customers. Alternatively, we need immediate emergency powers for the Ombudsman.