The need for Proactive Regulators

 

Financial regulators need to improve how they handle topics raised by the general public against institutions they are expected to regulate. Their role shouldn’t be seen as simply transposing  documents from the EU inbox to the Maltese outbox.

As a regulator they need to be able to take a harsh stance against those institutions that abuse their dominant position in the market and need to take a proactive stance when the general public raises the alert of a wrong-doing. Fines need to be imposed on those organisations that break the rules. And all throughout the investigative process the public in general and the impacted stakeholders in particular need to be made aware that their case is still being worked upon and has not fallen into some crevice. When cases are concluded it should be made clear what the outcome is and what remediative action has been decided.

Take the case of Bank of Valletta plc (BoV). This institution decided, after a few posts on social media platforms and its website, to introduce charges on various accounts. The bank went so far as to hide these charges by not summarising them on their statements under the box that should total up bank charges. People communicated this injustice in the media. Others raised the matter with the regulator while another group [attempted] to take up the matter directly with the bank.

Those who requested that the exchanges with the bank be done in writing had to do so using the bank’s own internal communication channel. This system is different from the messaging available through the bank’s online portal. Customers exchanging messages using this system are greatly disadvantaged because:

    It doesn’t allow the customer to view the thread in a conversation;

    It doesn’t allow the customer to add third parties to an exchange.

    It is controlled exclusively by the bank and customers cannot simply log in and call up communications in which they were involved.

 

The bank refuses to exchange with customers who insist on using email rather than the bank’s proprietary system. If a customer originates an email to the bank’s customer support with third parties in copy, the reply is that standard email is not allowed and it excludes the third parties. This means that if a customer wants to use email with the regulator in copy, the reply from the bank automatically drops the regulator from the reply.

In Mar 2021, the bank’s portal carried a statement in which it stated that after discussion with the MFSA it “has suspended the application of fees related to dormant accounts and those applicable to account balances below the minimum threshold of €200”. The press release did mention the regulator but for impacted customers it seems that this was done over a cup of tea with biscuits. 

Many questions remain unanswered. For example, do the account types mentioned in this exchange reflect all the impacted accounts? Did the regulator discover any additional incorrect behaviours when they were investigating this case? What fines were imposed on the bank for this wrong doing? 

Since the whole Daphne Caruana Galizia and FATF (Financial Action Task Force) uproars, regulators have fined a couple of institutions but this is top down.  The same behaviour is not seen from the lower end of the spectrum that impacts the commoner.

 

By Sudika - Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=16989561

 

In the case of the BoV case a proactive regulator should have done the following:

a.   As soon as the regulator was alerted of this story via the media or through direct communication it should have formally informed the bank that it was initiating a formal investigation in the case;

b.   The regulator should have requested from the bank the following information:

                     i.        A list of the different criteria the bank used to target these accounts (eg dormant account, minimum balance, etc)

                    ii.        A complete list of impacted accounts in electronic format; with a classification on the criteria that was applied to them. Data would be submitted securely and in anonymisation format.

c.   The regulator would release a press release that, following media reports and communications it received, it has requested  clarification on the matter from the bank. It should provide a communication channel for the general public to share additional information confidentially and in a secure manner. The press release would also explain that a 30 day time window would be allowed for an additional public information gathering process.

d.   Based on feedback from the general public (in this case) the regulator could have discovered that:

                     i.        Account holders were not formally informed of the price increase and all attempts to bring up the matter with the Bank’s customer support was being met with a brick wall;

                    ii.        The charge was not formally declared on the statement in the appropriate box;

                  iii.        The bank’s proprietary communication system disadvantaged customers;

                  iv.        Phone calls to the bank’s customer support were not resulting in satisfactory remediation to the points they have raised;

                   v.        The charges resulted in additional complications for account holders;

                  vi.        Other issues.

e.   Based on the findings the regulator would then decide to open formal investigations.

                     i.        Formally communicate this to the bank;

                    ii.        Instruct the bank to inform all impacted account holders by regular mail and on the banks’s own website that:

1.   The regulator has initiated investigations into the matter;

2.   The regulator has a web page that will follow this case.  The page would reside on the regulator’s domain and would have an easy-to-recall address (eg https://mfsa.mt/bov-2020-01).  The page would be updated at least once every 30 days while the investigation is underway.

3.   Provide a phone number, manned by the bank, to allow impacted account holders who are not willing or able to use the internet to request that the bank send them an update via regular mail every 30 days until the case is closed.

f.     After the 30 day customer feedback window, the regulator would draw up the various topic areas it would like its investigation to delve into. For each topic that would be investigated an action plan would be drawn up and agreed with the bank. This information would be shared with stakeholders.

g.   As each topic of the investigation concludes, the information channels with stakeholders are updated. It would describe the topic and the resolution decided by the regulator and agreed to by the bank.

h.   Once all the topics related to the investigation conclude, the investigation should be formally brought to a close. The regulator would issue a statement to the media and update its portal with:

                     i.        A summary of the topics covered by the investigation;

                    ii.        The regulator’s decision on each;

                  iii.        Remedial action that will be taken on each;

                  iv.        Fines imposed by the regulator on each;

                   v.        Deadlines to correct each topic or if it has already been corrected when this happened;

i.     The bank would be instructed to communicate via regular mail this decision to every impacted account holder and to let them know that the case is now closed;

j.     The bank would be expected to pay for the regulator’s expenses related to this case.

 

If a bank customer blinks twice rather than the stipulated once, they are inundated with bank charges and fees; yet stories such as the BoV case are handled so subtly and, for the man in the street, the treatment appears to be preferential.

 

Comments

Popular posts from this blog

HOWTO setup OpenVPN server and client configuration files using EasyRSA

Boot problems in Microsoft Windows 10 and the way forward.

Understanding PowerShell’s Execution_Policy and Scope functionality - Part 1