Central Information Commission
Mrs.Seema Puranik vs Bank Of Maharashtra on 9 November, 2011
CENTRAL INFORMATION COMMISSION
Club Building (Near Post Office)
Old JNU Campus, New Delhi - 110067
Tel: +91-11-26161796
Decision No. CIC/SG/A/2011/002066/15525
Appeal No. CIC/SG/A/2011/002066
Relevant facts emerging from the Appeal:
Appellant : Ms. Seema Devendra Puranik
B-203, Railway Men's Apna Ghar
Shivaji nagar, Gomes garden,
Jogeshwari East, Mumbai-400060
Respondent : Mr. Ajay Banerjee
PIO & Chief General Manager Bank of Maharashtra, Head office-LOKMANGAL, Pune-411004 RTI application filed on : 10-02-2011 PIO replied on : 25-03-2011 First Appeal filed on : 25-04-2011 First Appellate Authority order of : 19-05-2011 Second Appeal received on : 29-06-2011 The appellant was the victim of a 17000 rupees loss in her account through an internet fraud.
Sl. Information sought Reply of PIO
1. Details regarding one bank account of Shri Arvind We inform the appellant the information sought Ramchand Desai (account holder of BOM Dombivali for are related to personal information the Branch), through which Money Mule account the disclosure of which has no relationship with money was siphoned off. any public activity or interest and would cause unwarranted invasion of privacy of the individual and as such exempt u/s 8(1)(j) of the act.
2. Copies of account opening forms and copies of Same as above.
documents obtained under KYC and relied upon, as prescribed by RBI at the time of opening of this account at the Dombivali Branch.
3. Similar details viz. Account opening form and KYC Same as above.
documents in respect of introducers of this particular account.
4. *copies of the account statements of the above Same as above.
mentioned Money Mule Account( from which the amount was signed off date of opening to freezing of account)
5. *system for monitoring of such" Money Mule Bank has issued guidelines for monitoring of account as per RBI guidelines. Money Mules accounts as per RBI guidelines.
A copy of the same is enclosed as annexure-1
6. *system for monitoring of such newly opened bank All the new accounts are monitored on account (saving/current) opened with your bank continuous basis and transactions which give Page 1 of 4 /branches during initial period as per RBI guidelines. rise to suspicious nature.
7. *what are the norms for dormant account and the All those accounts which have not been procedure for activities such bank account which are operated for two years are categorized as dormant? Procedure for activation and authorization "inoperative account". Further, for the purpose any operations before any operations are being of classifying an account as inoperative, both allowed. the types of transactions ie. Debit as well as credit transactions induced at the instance of customers as well as third is considered.
8. How come my E-mail address details and fact that We inform appellant that bank never discloses Appellant is banking with BOM were leaked? email address or personal information of its customers to anybody.
9. It appears that BOM website has been hacked. Bank's official website was never hacked.
Details thereof.
10 Safety measure taken by bank to protect sharing of The customers' database being the most critical . the data base of its customers with outsiders/vendors information is never disclosed with outsiders.
to protect its own interest and that of its customers. However, NDA is signed with the vendors working on the bank's systems in order to assure the non disclosure of the customers data.
11 Despite knowing that it was a cyber Crime, why the Bank has already lodged the complaint with . bank did not register the complaint with Cyber Crime cyber crime cell, Pune on 16th july 2010.
Cell at Pune or Mumbai.
12 *Number of such phishing instances particularly There are 5 instances happened during . happened during June/july 2010. Name of the June/July 2010. The information regarding the victims, account details, details of Mule accounts. victims & their account details can not be Date on which the first complaint was received at provided as the information would impede the BOM Hqrs. Steps/measures taken by BOM to alert process of investigation or apprehension or other customers in this regard to protect their interest. prosecution of offenders & as such exempt u/s 8(1)(h) of the act. however regarding phishing of your account, bank vide its letter dated 14/01/2011 has made correspondence with you, a copy of the same is attached here with. Annexure-2. Bank alerts its customers time to time through various means including SMS alerts and e-mail.
13 *copy of statement/return of reporting of Fraud to Copy of reporting of frauds to RBI & internal . RBI,DBS,CO- Mumbai and copy of communications investigation report, we inform you that the received from RBI in this regards follow up action. information is confidential report of bank & hence we can not provide the same. Moreover, the information sought for has no relationship with any public activity or interest.
14 *copy of the internal/investigation report and Same as above.
. observations made by TOP management- copies
thereof.
15 *The action taken by the bank detection of the Fraud No staff lapses observed in the particular fraud. . against concerned bank officials/authorities for non adherence of KYC guidelines as well as internal guidelines thus helping/abatement perpetration of this particular fraud.
16 whether bank is aware that the captioned fraud also Appellant have sought certain opinion which . falls under the provisions of prevention of Money does not fall under the definition of Laundering act-2002? YES or NO? 'information' under RTI act.
Page 2 of 417 *if yes, whether the bank has reported the requisite As the matter is under process we can not . details to Financial Intelligence unit (FIU-ND), provide the same.
NewDelhi un der AMI guidelines? If yes copy of communication on sent to FIU-ND 18 If No, reasons therefore? Any action contemplated Does not arise. . against delinquent officials? Details thereof. 19 Whether there is any system of fixing of any Bank is having well defined staff accountability . accountability such cases? Details thereof. examination policy to deal with misconduct.
20 *copy of Risk management policy of the bank Regarding the measures taken to address . Measure taken to address operational risk. Details "operational Risk" as per operational risk thereof management policy, the information technology department would assess the IT environment. Risk and IT operation and product Risk and submit a half yearly report to the ORMD. This would cover losses on account of technological issues, operational-
breakdowns, system downtimes, ATM downtimes and programming error with impact on loss of business/income, repair & recovery plans etc. 21 On enquiry with other banks it was learnt that they No information regarding this is under RTI. We . had introduced various net safety/security measures inform that as no staff lapses observed in the viz. linking of beneficial accounts registering of IP particular fraud no accountability is fixed. address from which normally transactions carried out, system of sending E-mail and sms alerts, etc. why none of these measures had been introduced by BOM earlier or even now to protect customers?
Whether any staff accountability has been fixed? Details thereof.
22 *current status of the Investigation/proceedings of Bank has taken immediate steps to inform and . internet banking Fraud in my above mentioned guide and assist the file the FIR with the police savings bank account. station. Bank has also extended all the information to the police authorities. The matter is being investigated by the police authorities.
23 Future course of action contemplated against these Information does not arise.
. fraudulent account holders for recovery of the
amount involved.
24 *efforts made by the bank to trace the whereabouts of Bank has extended all the necessary . Mr. Arvind Ramchandra Desai, Dombivali, who has cooperation by analyzing and providing the been the customer of BOM and one of the required information of the suspects to the beneficiary of this fraud. police authorities and the matter is being investigated by the police authorities.
25 *date of log-in and time and details of IP address and Log-in and time details of IP addresses and . please from which my savings bank account No. places from which your current A/c was 20096685404 maintained at you of any Andheri-east siphoned, the information can not be provided branch, Mumbai was accessed on 13-07-2011 and an as the information would of offenders & as amount of Rs. 17,000/- was siphoned off. such exempt u/s 8(1)(h) of the act. 26 Details of any advertisement by the bank in the new No such adv was published in local newspaper.
. paper for generating further public awareness amongst customer about such fraudulent activities.
Page 3 of 4Copies thereof.
27 *after reporting of such internet banking frauds, any One time password for addition of the . further measures taken bank in this regard to beneficiary through internet banking has been strengthen the security of its IT system. Details implemented and fund transfer facility is thereof. available only to the registered beneficiaries through the otp.
Grounds for the First Appeal:
The PIO had denied the major portion of the information that has been sought.
Order of the First Appellate Authority (FAA):
Appellant has raised so many queries which do not come under RTI.
Ground of the Second Appeal:
PIO had not given complete and true information.
Relevant Facts emerging during Hearing:
The following were present:
Appellant: Ms. Seema Devendra Puranik on video conference from NIC-Mumbai Studio; Respondent: Mr. G. Ramcnahdaran, DGM (IT) on behalf of Mr. Ajay Banerjee, PIO & Chief General Manager on video conference from NIC-Pune Studio;
The Appellant's bank account has been defrauded of Rs.17000/- by a phishing fraud. In query 1 to 4 the Appellant had sought information about an account to which her money had been diverted. The PIO has claimed exemption under Section 8(1)(j) of the RTI Act. Whereas the Commission agrees that the information relating to the customer of a Bank is exempt from disclosure, when a fraud has occurred there is larger public interest in disclosure of the information. Hence as per the provisions of Section 8(2) of the RTI Act the Commission directs the PIO to provide the information regarding queries 1 to 4.
The Commission also directs the PIO to provide the information on query-17 & 25 .
Decision:
The Appeal is allowed.
The PIO is directed to provide the information as directed above to the Appellant before 30 November 2011.
This decision is announced in open chamber. Notice of this decision be given free of cost to the parties. Any information in compliance with this Order will be provided free of cost as per Section 7(6) of RTI Act.
Shailesh Gandhi Information Commissioner 09 November 2011 (In any correspondence on this decision, mention the complete decision number. (BK)) Page 4 of 4