Banks and Bank Negara have a fiduciary duty

• 

Was Rafizi Ramli really only aided by a lone bank clerk in his exposure of confidential customer information, or were more people involved? (Photo by Hussein Shaharuddin/The Mole)

What exactly is meant by fiduciary duty? Fiduciary duty, according to a law dictionary, simply means an individual in whom another has placed the utmost trust and confidence to manage and protect property or money. It stems from the Latin fiducia, meaning "trust," a person (or a business like a bank) who has the power and obligation to act for another (often called the beneficiary) under circumstances which require total trust, good faith and honesty. To ensure the upholding of their fiduciary duty, banks in Malaysia are bound by a solid framework of best practices determined by Bank Negara Malaysia. It’s known as the Banking and Financial Institutions Act, 1989 (BAFIA) wherein lie the terms of reference on how banks and financial institutions shall operate to the highest integrity in their fiduciary duty. Fabiani Azmi still has many questions to ask…
 

In recent weeks, more attention has been drawn to BAFIA than ever before since PKR Strategy Director Rafizi Ramli was charged in the sessions court on 1 August for violations of the Act. It began on 7 March this year when Rafizi made public, at a news conference, the confidential information of 21 bank accounts belonging to companies and individuals. He did so illegally without the permission of the account holders, the bank or Bank Negara Malaysia (BNM). Police reports were lodged in March and April, and complaints were also filed with both Public Bank Berhad and BNM.
 

Despite BAFIA being in place to protect the security of bank customers’ information and transactions, there were obviously weaknesses in which the opposition was able to pry, spy or buy. Banks have a fiduciary duty to protect and safeguard the information in their custody and many, like top-class, award-winning Public Bank, even have a client charter and a privacy policy in place to guarantee customers of their fiduciary duty.
 

What is the promise by Public Bank Berhad to its customers? Its client charter specifically states, “We highly respect and thoroughly appreciate your concerns on the privacy and security of all personal information and financial transactions handled by us. We will employ the tightest security architecture to prevent unauthorised access and ensure your peace of mind concerning all your transactions with us. We will pursue the strongest form of preventive and punitive measures against any party which attempts to compromise your right to transaction security and confidentiality.” 
 

It would appear that Public Bank has failed on these accounts. Notably, it has failed to demonstrate that it “will pursue the strongest form of preventive and punitive measures against any party which attempts to compromise your right to transaction security and confidentiality” for it failed to take action against the main culprit, Rafizi Ramli, who had infiltrated its systems and exposed its customers’ confidential information to journalists. Why Public Bank has yet to take action against Rafizi is puzzling. The strongest punitive measure has just been to investigate the bank clerk. The bank did not even have the chance to fire him. The bank clerk resigned.
 

If it were not for Rafizi, there would really be no blatant abuse of the bank and BAFIA. Rafizi, with his passion for dramatics, wielded and distributed the documents to chalk up his political points - much to the detriment to the sterling reputation of award-winning Public Bank Berhad. 

So how did a bank clerk gain access? 

It is very puzzling that a bank clerk with no access to privileged customer information was able to extract confidential data. There are concerns if serious weaknesses exist. If there are, would our wealth be equally vulnerable to prying hands – stolen at the click of a mouse?

One can only deduce that there are more senior people behind the BAFIA breach than just a mere clerk. Could tellers, officers, managers, branch managers, regional managers, general managers right up to the executive directors have had a hand? Did any of them collude to provide a back door for the bank clerk to pry into the 21 bank accounts? Were there opposition sympathisers from within the bank? Enquiring minds would really like to know. 

The plot can get quite convoluted. Let’s suppose a senior bank official well-connected with the opposition did go into cahoots with Rafizi. He might have given the access password to the bank clerk to print. Having done so, the information is then passed to Rafizi. But because the customer complained of the leak to the bank and BNM, internal audit and security had to investigate. The audit trail would point to the terminal that was used to download the information. CCTV cameras would focus in on the perpetrator. Such evidence cannot be ignored or dismissed. Internal auditors work independently, reporting only to the very top echelons in the bank. Public listed companies like Public Bank Berhad would have their internal auditors report directly to the Board Audit Committee. So the clerk is apprehended and interrogated by the bank and BNM. His handphone is seized. He denies wrongdoing. He says he had no access as he is only a clerk. So the plot must go deeper into how he managed it. Was it really the bank clerk? Or is he just a smoke screen to something more devious?

The bank has confirmed in its Privacy Policy Statement that there is limited employee access. Section 1.3 reads, “The PBB Group maintains stringent procedures authorising only such employees as are strictly relevant or required to access the Customer's information on a need-to-know basis. The PBB Group's employees have been educated on the Customer's right to privacy and confidentiality. Any breach by the employee of the PBB Group's policies would subject the employee to such disciplinary action as the PBB Group may consider appropriate.” 
 

This would certainly suggest that there is obviously someone else senior in the bank that has committed the heinous crime to violate the customers and betray the bank through his privilege and access. It just wasn’t the bank clerk on a solo mission. It just couldn’t be. He had no privileged access.
 

BNM may have been misled by the bank and even by Rafizi into believing it was just the clerk. In a 14 May news conference organised by the opposition, Rafizi tried to shift blame and public perception on the BAFIA breach to the bank clerk, claiming the bank clerk was the whistleblower. Why only the clerk when he had no access? One needs to ask, is there a lot more going on than BNM initially suspected?
 

Section 2 of the bank’s Private Policy Statement reads, “In accordance with strict compliance to the Banking and Financial Institutional Act 1989 (BAFIA), and apart from the sharing of information between members of the PBB Group, the PBB Group will not disclose the Customer's information to any third party or external organisations.”
 

BNM governor Tan Sri Dato' Sri Dr Zeti Akhtar Aziz was also clear on this when she said, “The confidentiality of customer information is clearly protected by the Banking and Financial Institution Act 1989 (BAFIA).”
 

Zeti said it s only when there is a suspected offence under federal law or if there is a court order or where a customer has given consent, that relevant law enforcement agencies are authorised under the law to obtain information. This information must be obtained through Bank Negara Malaysia, and if the central bank says there is no foundation for it, the information will not be given.
 

With BAFIA in place and an excellent governor at the helm, the central bank has earned much respect in the international arena for the country’s banking and financial system. Dr Zeti was recently named by Global Finance magazine as one of the World's Best Central Bankers over the past year. Zeti was one of the six heads of central banks adjudicated with an "A" in the Central Banker Report Card. She also achieved an "A" last year and also in 2010. Such credibility should not be eroded by breaches of BAFIA whether by individual clerks or banks themselves. Obviously, the rules have been flouted. One wonders why BNM has not come up with punitive action against the bank for failing in its fiduciary duty. Taking action against the bank’s clerk is not enough.
 

The law dictionary adds, “A fiduciary relationship encompasses the idea of faith and confidence and is generally established only when the confidence given by one person is actually accepted by the other person. Mere respect for another individual's judgment or general trust in his or her character is ordinarily insufficient for the creation of a fiduciary relationship. The duties of a fiduciary include loyalty and reasonable care of the assets and in this case, information within their custody. All of the fiduciary's actions are performed for the advantage of the beneficiary.”
 

Complete faith by the customer
 

On this note, the customer has placed his complete faith in not only the bank, but in Bank Negara Malaysia as well. BNM acts as the regulatory body and chief custodian of the country’s banking and financial system, and is also the implementer and enforcer of BAFIA.
 

Therefore, BNM has an obligation to serve and protect the interests of customers and investors in this country. Action must therefore be seen to be taken not only against the bank clerk and Rafizi Ramli, but against the bank too. And BNM can do so under the terms of reference provided in BAFIA.
 

As Lincoln Inn graduate Sri Maniam recently commented, “Privileged financial information is the cornerstone of a solid financial market and any leakages no matter how well intended — would only create distrust in the system especially by foreign investors.”
 

While waiting to hear from BNM on their next steps, it would be interesting to hear if other banks have failed you in their fiduciary duty, a question the silence from BNM prompts one to ask. How serious would this be? Is it rampant? Nothing much has been reported on the BNM Enforcement Action page on their web site. The cases pertain mostly to illegal deposit taking, anti-money laundering and anti-terrorism activities.
 

So many questions remain unanswered. It would be good to know if alarm bells need to be sounded louder. 

About the Writer
 

Fabiani Azmi is an avid reader of The Mole and the blogs. He believes the world’s mysteries can be solved. And it does not warrant a paleontologist to investigate.