An Analysis On The Legal Protection of Customers in Electronic Banking

i
CERTIFICATION I certify that this research paper titled An Analysis on the Legal Protection of Customers in Electronic Banking in Tanzania which is done at Ziwa Jipe University for the partial fulfillment of the requirements for the award of degree Bachelor of Laws (LL.B) is recorded as independent research work earned out by Jesse Temba under supervision and guidance. This research paper has not been submitted for award of the degree or other similar award.
Certified and signed onday of2011.
ERIC MPONEJA SUPERVISOR
ii
DECLARATION I, Jesse Temba, do hereby declare and attest that this research paper titled An Analysis on the Legal Protection of Customers in Electronic Banking is my own original work for Ziwa Jipe University and that the same has not ever been presented to any other University for similar or other degree award. Nevertheless, this is not a copy or manipulation of any report.
Dated ..day of2012.
JESSE TEMBA
iii
COPYRIGHT All rights reserved, beyond single copy use, no part of this work will be produced, stored in any retrieval system or transmitted in any form or by any means. Electronically, or mechanically, including photocopying, recording or by any information storage or otherwise without prior written permission of the author and or the Faculty of Law of Ziwa Jipe University Jesse Temba, 2012 All rights reserved
iv
ACKNOWLEDGEMENT First and foremost, my sincere thanks and gratitude goes to Almighty God, unmoved mover, who protected me and gave me power, vision and strength up to this stage of compiling this research. I confess that he has been therefore me ever since I started the journey of my studies until now. I am greatly beholden to a number of people whose advice, encouragement, moral and material support contributed to the preparation and completion of this research. However, it is not possible to list all of them here; I will mention only a few. In the first instance, I extend my heartfelt appreciations to my beloved parents, may father, Felix .M. Temba and my beautiful mother Christina .M. Ntelya. I thank them for all the support they gave me as their beloved son in the entire journey of my studies. I also express my sincere gratitude and thanks to my supervisor Eric Mponeja whose efforts, commitment and dedication and guidance and his critics made possible my task. His knowledge and accumulated experience has been a great asset for me not only for this research but also for career. Special thanks go to my dear Brother, Simon Temba and Dear Sister Martha Temba and Theresia Temba who provided me with a package of fruitful advice and moral support which made this research successful. I appreciate for the help given by them, may God help them in their studies and bless them in their entire life. Uncountable thanks goes to my fellow colleague of LL.B at Ziwa Jipe University for the productive assistance to enrich my report. Also, further appreciation should go to Eric Mponeja, Eugene Nyalile, Simon Lepilal Laizer, Geofrey Gasper, Alice Mbaga and Goodluck Haule.
DEDICATION I dedicate this work for admiration and love to my father, Felix .M.Temba, and my mother Christina .M. Ntelya who have been the driving force in my life. And to all Mbulu Primary Students and Teachers.
vi
ABBREVIATIONS ICT USA CRDB NMB ATM Information Communication Technology United States of America Cooperative Rural Development Bank National Micro-finance Bank Automated Teller Machines
E-commerce Electronic commerce UK UDTL EFTPOS VSATs NPS PIN USD NCEFT United Kingdom United Dominion Trust Ltd Electronic Funds Transfer at a Point of Sale Very Small Aperture Terminals National Payment Systems Personal Identification Number United States Dollar National Commission on Electronic Fund Transfers
UNCITRAL United National Commission on International Trade Law
vii
LIST OF CASES Great Western Railway Co. v. London and County Banking Co.Ltd [1901] A.C. 414 Commissioners of Taxation v. English, Scottish & Australian Bank Limited [1920] A.C.683 Woods v. Martins Bank [1959] 1 Q.B. 55 United Dominions Trust Ltd Vs Kirkwood [1966]2 Q.B 431 Joachim v Swiss Bank of Corporation [1921] 3 KB 110 Westminster Bank Ltd v Hilton(1926) 43 TLR 124), Tournier v National Provicial and Union Bank of England [1924] 1 KB 1 KB 461 Greenwood Vs Martius Bank Ltd [1933] Ac 51 Tar Hing Cotton Mill Ltd v Lin Chong Hing Bank Ltd [1986] AC 80 Curtice v London City and Midland Bank Ltd [1908] 1 kb 293 Trust Bank Tanzania Ltd v. Le-Marsh Enterprises Ltd and Others, (2000) Commercial Case No.4 in the High Court of Tanzania (Commercial Division) at Dar es salaam, (Unreported) Lazarus Mirisho Mafie v M/S Shidolya Tours & Safaris (2008)Commercial case No.10 (Unreported) R v Shephered [1993] 1 All ER 213 National Banks of Commerce v. Milo Construction Co. Ltd and Two others Commercial case No. 293 of 2002 (unreported) R v. Hasan Faraji Kimaro (2005) Criminal Case No. 137 RMs court Tanga (unreported) Anyaebosi v R T Briscoe Nigeria Ltd [1987] 3 N.W.L.R. 84 (part 59).
viii
STATUTES FROM TANZANIA The Banking and Financial Instructions Act, Act No.5 of 2006 Bank of Tanzania Act, Act No. 4 of 2006 The Civil Procedure Act [Cap 33 R.E 2002] The Law of Contract Act [Cap 345 R.E 2002] The Electronic and Postal Communication Act, No 3 of 2010 The Tanzania Bill of Exchange Act [Cap 215R.E 2002] The Foreign Exchange Act, 1992(Act. No 1) The Penal Code [Cap 16 R.E 2002] Sale of Goods Act[Cap 214 R.E 2002] Written Laws Miscellaneous Amendment Act, No.15 of 2007 The Constitution of United Republic of Tanzania, 1977 (as amended from time to time)
ix
STATUTES FROM OTHER JURISDICTIONS Information Technology Act, No.21 of 2000 India Electronic Communication Act, 2000 (U.K). The Banking and Financial Institution Act,1989, (Malaysia.) The Electronic Transactions Act, 2000 (Mauritius.) The US Uniform Electronic Transaction Act, 1999, (USA.) The English Bill of Exchange Act,1882 [Cap 61 45 and 46 vict] The Stamp Act,1891[cap 39 54 and 55 vict] Electronic Communication and Transactions Act, Act No 25/2002 Electronic Communication Act,1986(US) The Computer Fraud and Abuse Act,1986(US) The Cyberspace Electronic Security Act,2000(US) The Electronic Signature in Global and National Commerce Act,2000(US) Computer Crime Act, 1997 (Malaysia) Electronic Fund Transfer Act, (15 USC 1693 et seq) of 1978
ABSTRACT The research examines the legal protection of customers in electronic banking. It examines in details the challenges posed by Information and Communication Technology (ICT) on the law and practice in regulation of electronic banking. The research commences by laying a theoretical foundation of the research topic, portraying that electronic banking in Tanzania is a product of ICT. It proceeds by providing the outstanding point, alerting that there is almost absence of the law protecting customer in electronic banking. The researcher refers to a literal works of other scholars who have posed the comments on electronic banking particularly a customer legal protection and adopts documentary evidence as strong point of reference. Further, the researcher provides an overview of the laws regulating banking business as far as a legal protection of customers in electronic banking is concerned. It also as well discusses the nature and obligations of a bankers-customer relating in electronic banking as it is a very important element of this research and provides for risks that may be encountered by a customer in electronic banking. It develops by showing the legal barriers when it comes to offering a legally protections customers in electronic banking. The issue of admissibility of electronic banking is of essence and has been touched very critically. It finishes in appreciating the experiences observed from other countries and laying possible solutions. In conclusion the research mainly observes the entire legal framework turning to be white elephant when it comes to protecting customers in electronic banking thus recommending mainly enactment of a specific piece of legislation catering for customers legal protection in electronic banking.
xi
TABLE OF CONTENTS
Contents
CERTIFICATION ......................................................................................................................i DECLARATION .......................................................................................................................ii COPYRIGHT........................................................................................................................... iii ACKNOWLEDGEMENT ........................................................................................................iv DEDICATION...........................................................................................................................v ABBREVIATIONS ..................................................................................................................vi LIST OF CASES......................................................................................................................vii STATUTES FROM TANZANIA.......................................................................................... viii STATUTES FROM OTHER JURISDICTIONS......................................................................ix ABSTRACT...............................................................................................................................x TABLE OF CONTENTS..........................................................................................................xi CHAPTER ONE ........................................................................................................................1 INTRODUCTION .....................................................................................................................1 1.0 Introduction..........................................................................................................................1 1.1 Background of the Problem .................................................................................................2 1.2 Statement of the Problem.....................................................................................................4 1.3 Objective of the research .....................................................................................................4 1.4 Significance of the study......................................................................................................5 1.5 Literature Review.................................................................................................................5 1.8 Hypothesis............................................................................................................................8 1.9 Research Methodology ........................................................................................................8 1.10 Chapterization ....................................................................................................................9 CHAPTER .................................................................................................................................. TWO ..................................................................................................................................................11 2.0 Introduction........................................................................................................................11 2.1 Who is a Customer? ...........................................................................................................11 2.2 Who is a banker/what is a bank?........................................................................................13 2.3 Electronic Banking.............................................................................................................15 2.4 Methods employed in Electronic banking provision in Tanzania .....................................16
xii
2.5 Growth and development of electronic banking in Tanzania ............................................16 2.6 The nature of a banker-customer relationship in electronic Banking ................................18 2.7 Obligations arising out of banker- customer relationship..................................................20 2.8 Laws Regulating Banking Business in Relation to Electronic banking in Tanzania.........26 2.9 Conclusion .........................................................................................................................28 CHAPTER THREE .................................................................................................................30 3.0 Introduction........................................................................................................................30 3.1 Legal barriers in electronic banking in Tanzania...............................................................30 3.2 The risks that a customer is likely to encounter in electronic banking..............................32 3.3 Admissibility of electronic evidence as far as a legal protection of customers in electronic banking is concerned................................................................................................................39 3.4 The position of the Judiciary as far as electronic banking is concerned............................43 3.5 Possible ways of managing and controlling risks in electronic banking ...........................45 3.6 Suggestions on the securities policies and measures for electronic banking in Tanzania .45 3.7 Experiences observed & Learnt from countries as regards to affording a legal protection of the customer in Electronic banking .....................................................................................48 3.8 Relevance of Model Laws in Electronic Banking .............................................................51 3.9. Conclusion ........................................................................................................................52 CHAPTER FOUR....................................................................................................................52 4.0 Introduction........................................................................................................................53 4.1 Summation and Conclusion ...............................................................................................53 4.2 Recommendations..............................................................................................................55 BIBLIOGRAPHY....................................................................................................................57
CHAPTER ONE INTRODUCTION 1.0 Introduction The thrust of this research is to examine the legal protection of customers in electronic banking in Tanzania. The banks invested significantly in Information Communication Technology (ICT) by introducing different forms of electronic banking in Tanzania to facilitate electronic cash movements such as automatic in-line cashier terminal and centralized database-processing facilities.1 Currently, ICT owes the task of supporting and raising service efficiency in all businesses. Banking industry is one of the businesses that have exploited and used ICT to its banking transactions and expand bank service opportunities to its customers. It conforms to the needs of modern society that the internet plays an important role in peoples daily life .ICT has become one of the tools that many customers can access to the internet banking services easily and quickly.2 However, security issues presents a pressing concern to customers, this is because the arguments by researchers and writers depict that there are legal issues of which customers are not assured legal security against fraud and other related offences given lack of legal framework that regulate this area in Tanzania.3 The researcher appreciates the fact that electronic banking is a new phenomenon in Tanzania which has been brought by the rampant advancement of science and technology. Therefore, the
Mollel, A., & Lukumay, Z. (2008). Electronic Transactions and the Law of Evidence in Tanzania. Iringa: Peramiho Printing Press, p 5 2 Kasemsan, K., & Hunngam, N. (2010). Internet Banking Security Guideline Model for Banking in Thailand. p.1.Available at http:// www.ibimapublishing.com/journals/CIBIMA /CIMIMA/html, (Accessed on 15-22012) 3 Mambi, A. J. (2010). ICT law book, Dar es Salaam: Mkuki and Nyota Publishers Ltd, ,pp126-128
1
research includes a general diagnosis of the entire concept of a customer in electronic banking and together with its general historical evolution. The research encompasses the general overview of the legal aspect of banker-customer relationship in electronic banking. Moreover customers are prone to encounter legal challenges that emanates from electronic banking to customers. These prompt a full scrutiny of the reasons which subvert the Tanzania legal framework to follow short as far as affording a protection to a customer in electronic banking is concerned. In this regards, it goes without a saying, doing research concerning issues brought by ICT particular electronic banking is bit complex if not a challenging task. Therefore this will in some respect involves the use of material beyond judicial and statutory provisions to determine pertinent issues from generality to specificity. It implies, from generality entails examining the whole legal framework regulating electronic banking and to specificity concentrating on the aspect of a customer legal protection in electronic banking. 1.1 Background of the Problem Electronic banking was firstly introduced in the United States of America (USA) in the early of 1990s and it has since extended globally gradually.4 Since the mid-1990 the Civil Service Department of Tanzania has initiated a series of measures aimed at transformation to recognize and promote the use ICT.5 The development of ICT has led to the paradigm shift in the banking sector.ICT has revolutionized the banking sector making transactions faster and more convenient.
Radhakrishna, G. (2009). Liability issues in internet banking in Malasysia.p1.Available at http://www.ibimapublishing.com/journals/ (Accessed on 14-3-2012) 5 Mollel & Lukumay (2008) p5
Tanzanian banking sector has made a noteworthy progress in deployment of ICT by introducing a banking service known electronic banking. Banks like Cooperative Rural Development Bank (CRDB), National Bank of Commerce (NBC) Bank, National Microfinance Bank (NMB) & Tanzania Postal Bank have invested significantly in ICT by introducing different forms of electronic banking to facilitate electronic cash movement.6 Such banks have cash machines called Automated Teller Machines (ATM) with 24-hour access for the customers to cash and perform other basic banking services.7 Apart from introducing ATMs several banks have introduced electronic cash management proprietary software that links the customers computer to the Banks financial system (Pc Banking).8 However, while electronic banking is taking place the law has been slow in protecting customers in electronic banking. In addition, our laws have not incorporated tools of effecting electronic transactions. The existing laws facilitate paper based transactions, which apparently are not applicable to technological changes that are currently taking place in Tanzania.9 In, 2006, there was amendment of the Banking and Financial Institution Act but still this still these amendments incorporated features that promote offline mode of transactions, in other word it, promotes paper based transactions as a result it does not pave for recognition of electronic transactions.10
Abdallah, A. (2011). The impact of ICT revolution in Tanzanias legal System: A critical analysis of cybercrimes and computer forensic evidence. Unpublished Master Thesis, Open University of Tanzania. pp 28-29. Available at http://www,ict.into/osg/spu/cybersecurity // contribution/Tanzania-ulanga-paper pdf. (Accessed on 0404 -2012) 7 Mollel, & Lukumay, (2008) pp 5-6 8 Bwana, A, J. (2003). Electronic banking and law in Tanzania: Approaches to its regulation, Tanzania lawyer. p.2 9 Abdallah, A.(2011) p 29 10 Mambi, A, J. (2010) pp 128-129
It was very promising for customers in the year 2010 when the Electronic and Postal Communication Act,11 was enacted but despite the enactment of this law it does not afford exhaustive legal protection of customers in electronic banking as it does not provide for electronic transactions. 1.2 Statement of the Problem The statement of the problem tabled by this research is that the current legal framework in Tanzania is inadequate as to afford legal protection of customers in electronic banking. Argumentatively, most of the pieces of legislation in Tanzania regulating bank business are offline oriented and therefore Tanzania has yet to have cyber laws which regulate electronic banking. This fact is revealed by the survey conducted at the office of chief Parliament Draftsman. According to this survey Tanzania does not have laws that recognize electronic transaction.12 1.3 Objective of the research The objectives of this research are as follows: (i) To identify legal risks that a customer is likely to face in electronic banking especially where there is inappropriate legal framework that governs electronic banking in Tanzania. (ii) To provide recommendation recommendations suggesting the need for amendment or enactment banking laws so as to afford legal protection of customers in transactions.
11 12
Act No. 3/2010 Mollel, & Lukumay, (2008) .p 9
1.4 Significance of the study This research is of paramount importance because it will raise awareness to the legislators and the customers on the shortcomings of law as regards to customers protection in electronic banking and the associated legal and financial risks that are likely to be encountered by the customer in electronic banking. Also the research will be vital to students who are studying banking law and e-commerce law in expanding their knowledge on electronic banking. This research will be of great assistance to those who will research on other aspects concerning electronic banking. The recommendation of this research paper will bring tremendous changes if they will be implemented as far as legal protection of customers in electronic banking is concerned. 1.5 Literature Review Until now literature on legal protection of customers in electronic banking is scarce. However, given the nature of the problem and the complexity of issues underpinning this area, this section reviews the few existing pieces of literature from Tanzania and selected foreign jurisdictions to define the nature and dimension of the problem. The latter countries include India, Malaysia, and United Kingdom (UK). The reasons for selection of these countries are first and foremost, that these countries share a similar legal system and tradition with Tanzania; the common law legal system. Besides, they are also the pioneers in addressing the problem dealt with in this research. Bwana, J.13 has lengthily discussed the implementation of electronic banking in Tanzania. The work of this author is precious as it includes the risks that a customer is likely to encounter in electronic banking as a result of inappropriate legal framework. The author has also classified
13
Bwana (2003) pp 1-10
the relationship between banks and customers in electronic banking in Tanzania as being purely on contractual basis. However due to new features of electronic banking there is a need to come up with a piece of legislation to govern this specific area of electronic banking which subjects customers into security risks. Mollel, A.14argues that information communication technology is more and more gaining magnitude in almost all sectors of national development in developing countries. Electronic transactions are replacing the old and traditional methods of transacting in all walks of life. However, the full-fledged application of information communication technology for development in most of these countries is seriously hindered by lack of comprehensive legal and regulatory framework for the subject. The author points out that these challenges spin around integrity, authenticity and security of electronic records. Mambi, A, J.15 has discussed extensively on Information Communication Technology in Tanzania. As regard to electronic banking, he is of the view that there is a lack of certainty on electronic banking in Tanzania and possibly the region of East African Community whereby electronic banking is growing explosively. As a result of inappropriate legal framework electronic banking may expose a customer to legal risks on question of privacy, cyber crimes and other related electronic financial result. The current legal framework on financial and other related transactions do not suit electronic transactions hence a barrier to e-commerce development. The laws do not accommodate online transactions or payment in cyberspace rather than off-line transactions.
Mollel, A. (1996).The legal and regulatory framework for ICT in developing countries: Case study of ICT and the law of evidence in Tanzania.pp1-16. Available at http://cs.joensuu.fi/ipid2008/abstracts/Mollel Andrew_ICT4D PAPER.pdf ( Accessed on 1-2-2011) 15 Mambi, (2010) pp 120-132
14
Mollel, A. & Lukumay, Z.16 have posed a strong discussion on electronic Transactions and the law of evidence in Tanzania, and have stressed that the current legal system does not adequately address the impact of ICT on rules of evidence in Tanzania. The writers have found that the banking sector has made remarkable progress in deployment of ICT by introducing electronic banking but despite such progress a fully fledged deployment of the benefit of ICT in Tanzania has not yet been reached. This is because Tanzania has yet to have cyber laws. Basle Committee on Banking Supervision17 found that electronic banking and electronic money activities, rights and obligations of customers to such transactions are, in some cases, uncertain. For example, application of some consumer protection rules to electronic banking and electronic money activities in some countries may not be clear because of the lack of a proper law. Legal risk arises from violations of, or non-conformity with laws, rules, regulations, or prescribed practices, or when the legal rights and obligations of parties to a transaction are not well established. In addition, legal risk may arise from uncertainty about the validity of some agreements formed via electronic media. Schaechter, A,18 presents a general overview on issues in electronic banking. He laments that there are two other important sources of legal risk to customers. First, there can be uncertainty; about which legislation applies to electronic banking transactions; the legislation of the jurisdiction in which the (virtual) bank is licensed or in which the services are offered. This is especially true when electronic banking has a cross-border nature where different legislations might conflict with each other. And secondly as a consequence of this, also enforcement can be
Mollel & Lukumay (2008) pp 5-12 Basle Committee on Banking Supervision.(1998). Risk management for electronic banking and electronic money activities,BS/97/122, pp 1-9.Available at http://www.bis.org/publ/bcbs35.pgf. Accessed on 5-52012. 18 Schaechter,A.(2002).Issues in electronic banking: An overview. pp 10-20. Available at http://www.imf.org/external/pubs/ft/.../2002/pdf06.pdf . (Accessed on 17-4-2012)
17 16
difficult. Moreover, enforcement of certain emerging areas of law is uncertain, for example laws related to electronic contracts and digital signatures. This can lead to violations of customers protection laws, including data collection and privacy, and regulations for soliciting could be important issues. In other word the author is of the view that customers can only be protected clearly by a system of law. Lloyd, J,19 discusses electronic banking as part of electronic commerce due to the fact that electronic banking enhances consumer confidence in electronic commerce. He further stated that consumers in electronic banking are afforded legal protection by a proper legislation known as the Consumer Credit Act.20 However, this legal protection is afforded only where a consumer is resident in United Kingdom. The author implies that a customer in electronic banking can be protected in his/ her respective countries if in his/her country there is a piece of legislation protecting him or her in electronic banking. 1.8 Hypothesis The researcher intends to prove the following statement concerning customers in electronic banking that; the current legal framework does not afford legal protection of customers in electronic banking in Tanzania. 1.9 Research Methodology This research relies on documentary evidence as the dominant source of data collection. A chain of literature including books, articles, journals, and thesis will be consulted to retrieve knowledge on how the law affords or fails to afford legal protection to customers in electronic banking. To
Lloyds, J. (2008). Information technology law,5th ed. United States of America: Oxford University Press, pp 506-507 20 1947.
19
achieve this, the Library of Tumaini University Makumira will offer a fertile ground for documentary review. Also as most articles, journals, etc are available electronically, various websites were also consulted. The available case law decided by the Tanzanian courts will be consulted for analogous reasoning. Some comparison with law and cases decided in other common law jurisdictions like USA, UK, India, Republic of South Africa and Nigeria will also be embarked upon for illustrative purposes and not as a standard of law to be adopted. The main reasons for opting for documentary review as the dominant source of data collection for this research are limited resources and time. This means sufficient resources were needed to engage in extensive interviews and administer questionnaires to respondents in Tanzania. Finally, electric current power failures or fault are also a big problem. 1.10 Chapterization This research paper encompasses an accumulation of four chapters and the following is a brief Chapterization of each chapter; Chapter one introduces the research topic as it carries the general introduction and theoretical foundation of the research topic. In so doing, it portrays where the problem of the research bares it origin and this is on the part of the background research problem. It develops into providing the outstanding point on part of the statement of the statement which critically introduces the topic. The chapter makes a reference to a literal works of other scholars who have posed their comments on the aspect of legal protection of customers in electronic banking. The chapter ends by making a demonstration of the means mainly for collection of data.
10
Chapter two makes an overview of the laws regulating banking business as far as a legal protection of customers in electronic banking is concerned. In this regards, it highlights applicable laws in regulation of a banking sector in Tanzania. However the chapter commences by highlighting basic concepts in this research most importantly providing the meaning of the customer and electronic banking. It also as well discusses the nature and obligations of a bankers-customer relating in electronic banking as it is a very important element of this research. Chapter three provides for risks that may be encountered by a customer in electronic banking. The risks range from legal risks, financial risks to security risks. It develops by showing the legal barriers when it comes to offering a legally protections customers in electronic banking. The issue of admissibility of electronic banking is of essence and has been touched very critically. Moreover, the position of the Judiciary as far this aspect is concerned, is scrutinized to the fully. It finishes in appreciating the experiences observed from other countries and laying possible solutions. The relevance of model laws is as well has been enshrined in this chapter. Chapter four concludes the contents of the three chapters. Therefore the topic provides for general summations as it provides for conclusion and recommendations. The conclusion mainly observes the entire legal framework turning to be white elephant when it comes to protecting customers in electronic banking thus recommending mainly enactment of a specific piece of legislation catering for customers legal protection in electronic banking.
11
CHAPTER
TWO
AN OVERVIEW OF THE LAWS REGULATING BANKING BUSSINESS IN TANZANIA PERTAINING TO A LEGAL PROTECTION OF A CUSTOMER IN ELECTRONIC BANKING 2.0 Introduction. In this chapter the researcher will discuss the laws that are applicable to the regulation of banking activities as well as if they afford to regulate electronic banking, so as to provide a legal protection of a customer in electronic banking in Tanzania. The concept of a customer, a bank and the bank-customer relationship in electronic banking in Tanzania will form part and parcel of this chapter. The meaning if electronic banking shall be highlighted. 2.1 Who is a Customer? The question of who may be called a customer is not answered by any specific definition in any of the legislations governing banking business in Tanzania. Therefore it is not easy to define who a customer is. Recourse has therefore to be made to case law in order to determine who is a customer. In the case of Great Western Railway Co. v London and County Banking Co. Ltd,21 a bank had cashed cheques of man who had no account with it for about twenty years. The issue before the court of laws was whether discounting a cheque by itself can make a person a customer of a bank. It was held by the House of Lord that the man was not a customer. Lord Davey found that in order to determine a person being a customer or not there must be some sort of account, either a deposit or a current account or some similar relation, to make a man a customer of a banker. In
21
[1901] A.C. 414
12
other words if a person does not have the account with a particular bank then he is not a customer of that particular bank. In the Privy Council case of Commissioners of Taxation v. English, Scottish & Australian Bank Limited,22 in this case the thief stole a cheque payable to bearer from the commission of Taxation. Then, the thief opened an account at the respondent bank in the name of Stuart Thallon. The next day Thallon paid the stolen cheque into the account and after it has been cleared, drew cheques on the proceeds then disappeared. The issue was whether Thallon was a customer or not. In its defence the bank pleaded section 88 of the Bills of Exchange Act,23 of Common Wealth of Australia that Thallon was a customer. It was held that Thallon was a customer. Lord Dunedin delivering the judgment of their Lordships stated that the word customer signifies a relationship in which duration is not of the essence. That a person whose money has been accepted by a bank on the footing that they undertake to honor cheques up to the amount standing to his credit is, in the view of their Lordships, is a customer of the bank in the sense of the Act,24 irrespective of whether his connection is of short or long standing. However, in the case of Woods v. Martins Bank,25 the plaintiff wrote to the defendant bank asking it to collect monies he had ordered a building society to pay to the bank, to pay part of the sum received to a particular company and to retain the balance of the proceeds to his order. The bank agrees to comply with the instructions even though the plaintiff did not have the account with them at the time. The court found that the plaintiff was the customer. Salmon J. stated that since the defendant bank accepted the instructions contained in the letter as the plaintiffs banker
22 23
[1920] A.C. 683 1909 24 88 of the Bills of Exchange Act,1909 25 [1959] 1 Q.B. 55
13
and at any rate from that date the relationship of banker and customer existed between them. Form this case it can be inferred that opening an account is not a pre-requisite for on to become a customer a mere likelihood that an account will be opened is enough to make a person a customer provided that a bank has agreed service to such a person. How ever I pose an argument this case should be read as an exceptional to the general rule that a customer is required to have account with the bank. Taking into consideration of the above cases, it can therefore be concluded that to constitute a customer essential requisite which must be fulfilled requires that a person to have opened an account with the bank. Therefore a customer of a bank is a person who has applied to it to open a current or deposit account in his name and whose application has been accepted by the bank. It is not necessary that the account should have been opened for a minimum length of time, or that it should have been operated by the customer making a deposit and drawings against it. The dealing between the banker and the customer must be of nature of banking business.26 Moreover, a customer of the bank need not only restricted to a person. A firm, joint stock company, a society or any separate legal entity may be a customer.27 2.2 Who is a banker/what is a bank? The word bank/banker is defined by statutes, case laws and by legal texts. According to section 2 of the English Bills of Exchange Act,28 and the Stamp Act,29 a banker is defined as any person carrying on the business of banking. According to section 2 of the Tanzania Bills of Exchange
Sundharam, K.P.M, & Varnshiney, P.N.(2004).Banking: Theory, law & practise.17 ed, New Delhi:Sultan Chand & Sons. p 2.7 27 Ibid p 2.1 28 1882(Cap 61 45 and 46 vict) 29 1891(Cap 39 54 and 55 vict)
26
14
Act,30 a banker includes a body of persons whether incorporated or not who are carrying on the business of banking. The term bank is also defined under Section 3 the Banking and Financial Institutions Act,31 to mean an entity that is engaged in banking business and the Bank of Tanzania Act,32under section 3 has a similar definition of a bank. Case law has also defined who a banker is. The leading authority on the definition of a banker is in the case of United Dominions Trust Ltd Vs Kirkwood,33 United Dominions Trust Ltd (UDTL) was a well established finance house with high standing. UDTL lent 50,000 to Lonsdale Motors Ltd to enable them to buy cars to put in their show rooms to sell. In return Lonsdale Motors Ltd accepted five bills of exchange, each for 1,000, drawn on them by UDTL. The defendant was the managing director of Lonsdale Motors Ltd and he endorsed the bills. The bills were not met on presentation and Lonsdale Motors Ltd having gone, into Liquidation, UDTL sued the defendant as endorsee. The defendant only defense was that the UDTL was unregistered moneylender and that the Loan was illegal as it contravened the provisions of the Money Lender Act.34 The case turned on whether UDTL was bonafide carrying on the business of banking within the meaning of section 6(d) of the Money lender Act,35 so as to exempt it from the provision of the Act. The court of upheld that UDTL claim that it was bonafide carrying on the business of banking and allowed it to recover from the defendant. The court further stated that a banker is the cooperation or a group of persons who accept money on current account, pay cheques drown upon such accounts and collection cheques for the customer.
30 31
Cap 215 RE 2002 Act No.5/2006 32 Act No.4/2006 33 [1966]2 Q.B 431 34 1900 35 1900
15
According to and Sealy & Holley,
36
they are of the view that there is no comprehensive legal
definition of the term bank, banker and banking but the precise meaning of each term turn on the particular context in which it arises. The common context where the issue becomes important are for example, the area of banking regulation, where rights and duties are conferred on a banker and where there is an attempt to avoid a payment obligation on the ground that it arose on an illegal contract, which is void or enforceable because it is owned by unlicenced bank. 2.3 Electronic Banking Electronic banking has been defined as a service provided by banks that allows people to pay money from one account to another, pay bills etc using the internet.37 Bwana, J, provides a technical definition of what constitute the term electronic banking as an array of data-processing, electronic and telemetric techniques and infrastructures that make it possible to exchange funds in a paperless fashion within a two-way and sometimes three-way relationship between banks, merchants and consumers.38 Electronic banking is further defined as the use of electronic delivery channels for banking products and services, and is a subset of electronic finance. The most important electronic delivery channels are the internet, wireless communication networks, ATMs and telephone banking.39
Sealy, L.S., & Hooley, R.J.S.(2005).Commercial law: Text, cases and materials.3rd ed. United States: Oxford University Press.p.574 37 Longman Dictionary of Contemporary English.(2009) ,5th ed,England: Pearson Education Limited. p 507 38 Bwana, (2003). p1 39 Schaechter, (2002).p 4
36
16
Furthermore, electronic banking provides the facility to the customers to access their accounts and execute transactions electronically in a very easy way by their accounts at any time.40 Moreover it is defined as an internet portal, through which customers can use different kinds of banking services ranging from bill payment to making investments. Indeed the use of the internet as a new alternative channel for the distribution of financial services.41 In conclusion electronic banking can be defined simply as the provision of banking services to customers through internet technology. 2.4 Methods employed in Electronic banking provision in Tanzania The banks in Tanzania use Electronic Funds Transfer at a Point of Sale(EFTPOS), ATMs, Smart cards, Telephone or screen phone banking to provide electronic banking services.42 For example as to the regards of ATMs, banks in Tanzania are using Very Small Aperture Terminals (VSATs) or public leased line to interconnect their branches and cash dispensing through ATMs.43 Moreover, ATMs and phone banking are methods of electronic banking that are widely used by customers in Tanzania. 2.5 Growth and development of electronic banking in Tanzania The growth and development of Electronic banking in Tanzania can be traced back from the time when Tanzania experienced the liberalization of her economy.44 Economic liberalization prompted the increase in engagement in various economic activities that necessitated the support
Shamim, S & Sardar, K.(2010). Electronic banking & E-readiness Adoption Commercial Banks in Pakistan p 58. Available at http://www.diva-portal.org/smash/get/FULLTEXT01.( Accessed on 4-3-2012) 41 Ahmad, A, M. (2010). E-banking functionality and outcomes of customer satisfactory: An empirical investigation pp 1-2. Available at http://ccsenet.org/journal/index/ijms/article/.../6838 .( Accessed on 3-4-2012) 42 Mambi (2010) p126 43 Ibid p.2 44 Mniwasa, M.S.(2005). The origin, operation and regulation of electronic banking in Tanzania: Law and practice. Unpublished Master Thesis, University of Dare es Salaam. p.66
40
17
of a strong, efficient, reliable and secure payment system.45 These measures were tune to support the changes that were taking place in the Tanzanian economy. However, the payment instruments and mechanism to support corporate payments remained almost unchanged.46 Therefore, it was necessary that there should be in place an efficient and supportive legal and regular framework capable of regulating new payment instruments structures.47 This trigged the need for an efficient and reliable system for regulation of the payment system in Tanzania. The government of Tanzania responded by enunciating the National Payment System (NPS) a modernization project in 1966 to re-examine the countrys payment system with the aim of developing an efficient payment system.48 The NPS had a vision to have in place an efficient customer centred payment system by the year 2005, this project was spearheaded by the Bank of Tanzania49. As a result of these stiff efforts marked the inception of electronic banking Tanzania. Moreover in support of the above expositions, as I had stated earlier on ever since the mid-1990 the Civil Service Department of Tanzania played a greatest role by initiating a series of measures solemnly aimed at making transfiguration to recognize and promote the use ICT.50 In which the development of ICT has led to the paradigm shift in the banking sector and this is also part and parcel of Tanzania economic liberalization. ICT revolutionized the banking sector making transactions move faster and more conveniently.
Bank of Tanzania, Tanzania payment system-vision and strategic framework p 3.Available at http://www.bot-tz/.../org/Y2005Vjan2000 p.d.f (Accessed on 3-4-2102) 46 Ibid 47 Supra note 48 Bank of Tanzania website. Available at http://www.bot-tz.org/paymentsystem/NPSoverview.asp. Accessed on 4-4-2012 49 Ibid, 50 Mollel & Lukumay (2008). p 5
45
18
Tanzanian banking sector thus made a noteworthy progression in deployment of ICT by introducing a banking service known electronic banking. Banks like CRDB, NBC, NMB & Tanzania Postal Bank have invested significantly in ICT by introducing different forms of electronic banking to facilitate electronic cash movement.51Thus, electronic banking is in place up to date in Tanzania and keeps developing more and more. 2.6 The nature of a banker-customer relationship in electronic Banking The nature of banker customer relationship is contractual in nature, and the relationship is one of creditor and debtor in relationship to the balance in the customers account.52 The contractual nature of banker-customer relationship extends to electronic banking and it must be observed even if there is advancement of science and technology. Despite the fact as it argued that a banker customer relationship is already a very complex and difficult item and difficulties even multiplies when the relationship is combined with technology of electronic banking. 53 The contractual nature of bank-customer relationship was stated in the case of Foley v Hill,
54
the House of Lords held that the banker-customer relationship was essentially a debtor-creditor relationship. This characterization was obvious crucial, for it enabled banks to treat money deposited with them as their own money. All they were obliged to do was to return an equivalent amount on demand.55 This was again re-affirmed in the case of Joachim v Swiss Bank of Corporation.56 In this case
Abdallah, A. (2011). The Impact of ICT Revolution in Tanzanias Legal System: A critical analysis of cybercrimes and Computer Forensic Evidence Unpublished Master Thesis, Open University of Tanzania.pp 28-29. Available at http://www,ict.into/osg/spu/cybersecurity // contribution/Tanzania-ulanga-paper pdf. (Accessed on 2-52012) 52 Sealy & Hooley(2005).p 585 53 Schaechter (2002) p1 54 (1848) 2 HLC 28, 9 ER 1002 55 Cranston, R. (2002). Principles of banking law. 2nd ed.United States: Oxford University Press.p 131 56 [1921] 3 KB 110
51
19
on 1st August 1914, one of the partners in the firm of N Joachimson died as result the partnership was dissolved. At the date of dissolution the sum of 2,321 was standing to the credit of the partnership on current account at the defendant bank. At the end of the First World War one of the partners brought an action in the firms name to recover the sum. The banks defence was that, as no demand had been made, no cause of action had accrued to the firm on 1st August 1914 and that, therefore, the action was not maintainable. The court of law found that the money deposited with the bank is only payable on demand. However, it is contended that the banker-customer relationship is not only of debtor and creditor, may also be one of a principal and agent. The principal-agent relationship arises for the purpose of customers instruction to his banker to carry out a particular transaction on his account.57 For example, in traditional banking when drawing a cheque or bill of exchange, the customer, as principal, authorizes his bank, as agent, to make payment. This in electronic banking is done by using a credit card on the ATMs or a password when a customer is using a home or office computer and another situation is when a person is using his mobile phone. In the case of Westminster Bank Ltd v Hilton,58 Lord Atkinson explained the relationship in this way, that it is well established that the normal relation between a banker and his customer is that of debtor and creditor, but it is equally well established that the drawing and payment of the customer's cheques as against money of the customer's in the banker's hands the relation is that of principal and agent The cheque is an order of the principal's addressed to the agent to pay out of the principal's money in the agent's hands the amount of the cheque to the payee thereof. The bank-customer relationship may be of bailor and bailee, this happens when valuables are left
57 58
Sealy, & Hooley, (2005).pp 588-589 (1926) 43 TLR 124,
20
with the bank for safe keeping, it exercise custody of goods at an agreed price. This relationship can also be of trustee and beneficiary if a bank receives money as a trustee and exercising an express power in the trust deed, deposits trust money with itself qua banker. It is further argued that the bank-customer relationship is purely on the contractual basis however electronic banking is associated with new features.59 These features include electronic transactions, electronic documents, electronic signature so to mention but a few a not covered for under the Law of Contract Act60 which regulates matters of contracts in Tanzania. The law of contract does not accommodate online banking. For example on the written contract the law of contract requires it to be in writing and duly signed or authenticated before a witness. The requirements are no longer applicable in cyberspace world hence they affect former laws which have to face changes and reforms to accommodate electronic commerce principles.61 2.7 Obligations arising out of banker- customer relationship The banker owes the duty of secrecy to a customers account. This duty is not only a moral duty but a bank is legally bound to keep affairs of the customer secret. On such a note a bank is not allowed to disclose the state of affairs of the customers account.62 In the case of Tournier v National Provicial and Union Bank of England,63 Tournier was a customer of the bank and his account was overdrawn. A cheque was drawn by another customer in favour of Tournier, instead of Tournier paying the cheque to his own account he endorsed it to a third party account. The bank subsequent telephoned Tourniers office and the course of
59 60
Bwana (2003) pp1-10 Cap 345 R.E 2002 61 Ibid. P. 139 62 Gyan,V.(2009). Relationship Between Banker and Customer p 7 Available at http://www.vidyagyan.blogspot.com/.../relationship-between-...- (Accessed on 2-2-2-2012) 63 [1924] 1 KB 1 KB 461
21
conversation the bank disclosed to his employer that Tournier was indebted to them and was sending money to a bookmaker. As a result of this disclosure Tournier lost his job. Tournier sued the bank for slander and breach of the implied term of contract that the bank would not disclose to a third party the state of his account or any transaction relating thereto. The court held that the bank was under a duty not to disclose the state of its customers account nor transaction relating thereto. The Banking and Financial Institutions Act,64 under section 48(1) requires any bank, and all financial institutions not to divulge information relating to customer affairs if not required by any law to do so. Maintaining secrecy is an implied term of the contract with a customer and a bank enters into with the customer at the time of opening an account. This duty extends to electronic banking as the banker should maintain secrecy in respect of operations through ATM/debit cards. Bank has also to maintain secrecy of user ID pins with due care so that it does not fall in wrong hands.65 This implies not disclosing the information of the customers account, customer personal identification number or passwords. Maintaining secrecy can be by the way of conducting seminars to bank staff and entering into a contract with those staff members of the bank for maintenance of secrecy of customers and in case breach of the agreement should suffer punishment ranging from taken to court to face charges to expulsion/termination from his/her work.66 However it is argued that the duty of secrecy does not exist in its original shape in electronic banking, this is because banks disclose information without express consent of the customer. The
Act No. 5/2006 Gyan (2009) p 7 66 Mweteni, A.J. (2011).Application of the duty of confidentiality in electronic banking in Tanzania: A case study of Arusha Region. Unpublished research paper, Tumaini University, Makumira
65 64
22
argument posed by the bankers is that such practices are by implied consent of the customer to the common practice of the bank for their protection. There are also various statutes which require for the disclosure of the customers information, so as to tackle the new crimes in electronic banking such as fraud, identity theft and unlawful use of the customers personal information.67 It is argued however that the duty of secrecy can lawfully be waived only
circumstances where there is an order of the court, public interest or state security, consent of the customer and where the interest of the bank requires the disclosure.68 There is another duty in this relationship that is to guard against forgery which is cast upon both the bank and the customer. Any party who has a reason to believe or suspect that forgery is being perpetrated, has a duty to inform the other. If the customer fails to inform the bank of forgeries he is aware of their bank will be released from liability.69 In safeguarding against forgery the customer using electronic devices such an ATM, a personal computer or a mobile phone should exercise reasonable care to ensure he does not disclose his details to the third party. This duty is validated in the case of Greenwood V Martins Bank Ltd.70 The husband opened an account in his sole name with the respondent bank. His wife forged his signature on various cheques and drew money out of his account. The husband found out about the forgeries, but persuaded by his wife not to say anything, the husband remained silent for 8 months. When he finally told the bank his wife shot herself. The husband brought an action against the bank to recover the sums paid out of his account on the cheque to which signature had been forged. The
Zubair, M.(year not specified). An analysis of duty of confidentiality owed by banker to its customer pp 1-6. Available at http://papers.ssrn.com/.../SSRN_ID1815825_Code9537. (Accessed on 7-5-2012 ) 68 Mwenteni (2011) pp 41-42 69 Greenwood V Martins Bank Ltd [1933] AC 51 70 [1933] AC 51
67
23
court held that the husband was estopped from denying the authenticity of the signature as he had a duty to inform the bank immediately of the forgery. In the case of Tai Hing Cotton Mill Ltd v Lin Chong Hing Bank Ltd,71 The appellant company was the customer of the respondent banks and maintained with each of them a current account. The appellant brought an action to recover from the three banks sums of money alleged to have been wrongful debited against its current account at each bank. The banks had honored payment of 300 cheques totaling approximately 5.5 million Hong Kong dollars appeared to be drawn by company director who was authorized signatory. The banks honored the cheques and debited the customers account although the cheques were forged. Later it came to be known that the managing directors signature was forged by an account clerk. The first issue was on who should bear the loss arising from the forged cheques was it the company or the bank. The second issue was the nature and extent of the duty of care owed by the customer during the operation of current account. The court of law found that the customer only owes a duty not to draw a cheque in a manner which facilitates forgery or fraud and the customer has the duty to inform the bank of any unauthorized cheques or forgery is aware of. Further, the customer is under no duty to take reasonable precautions in the management of his business with the bank in order to prevent false cheques being presented. The court further found that the customer is under no duty to examine his periodic bank statements unless there is effective confirmation clause incorporated into the bank-customer relationship. In electronic banking, the banks have a duty to safeguard against forgery by warning the customer as regard to financial risk of which he or she might be exposed. The customers in
71
[1986] AC 80
24
electronic banking have the duty also to provide the bank with necessary information if he or she suspect that his account details are at stake such as to the regard to the lost of the credit card and even suspicion that his or her account passwords have been acquires by a third party. Still the customer has to comply with the advice and information given by the bank towards safe utilization of electronic banking services72 Moreover, the banker has the duty to pay the customer on demand and in accordance with his instructions. This is the fundamental obligation of the banker/the basic obligation. A customer normally instructs his bank by a cheque in normal banking but in electronic banking a customer instruct his bank commands on the electronic devices such as on ATMs and personal computers. Once the banker has obeyed the instruction given by the customer, it has the right to debit the customers account.73 The bank will only obey the customer demand/instruction where the customer has sufficient funds or where has agreed to provide to the customer with overdraft facilities sufficient to meet the order. The process of giving instruction to the bank by a customer has been updated by electronic banking and advancement of science and technology. In the past most payments instructions were given by the use of the cheques but in modern banking practice they are just as likely be given by electronic means such as by the debit card at a retail outlet, or the through the use of telephone banking or an internet banking service.74 Still, there are circumstances where the bank may refuse to pay. Should it refuse to pay, it must have good reason otherwise the bank will be liable for damages for breach of contract. The bank
72 73
Schaechter (2002) pp 13-15 Sealy, & Hooley, (2005) p 601 74 Sealy, & Hooley, (2005) p 601
25
has a good cause not to pay where the instructions are ambiguous in form, where there is serious or real possibility that payment instructions have been given without the proper authority of its customer. Also where paying would render it liable as accessory to misfeasance or breach of trust and where there has been a garnishee order issued by a court of competent jurisdiction against the customers account.75 The Banks still has the duty to obey the customers countermand. This is the converse of the banks duty to obey the customers mandate. It is the banks obligation to obey his countermand with regard to cheques or electronic means such as by the debit card at a retail outlet, or the through the use of telephone banking or an internet banking service by simply sending the abortion inform faster to the bank. In the case of Curtice v London City and Midland Bank Ltd.76 The plaintiff was a customer of the different branches of the defendants bank. He drew a cheque one branch, after business on the same day the plaintiff telegrammed the branch to stop payment of the cheque. The post office telegram messenger found the bank closed and he placed the telegram in the banks letter box at 6:15 pm. By over sight the telegram was not taken out of the letter box and shown to the branch Manager until two days later. By this time, the cheque had been paid, unknown to the plaintiff he drew another cheque but it was dishonoured. Then the plaintiff sued the bank for breach of the duty to pay.It was held that the notice of countermand must be clear and unambiguous and must be brought to the actual and not constructive knowledge of the bank and unless otherwise agreed, notice of countermand must be given to the branch of the bank where the account is kept.
75 76
ibid [1908] 1KB 293
26
It is the argument of the researcher that obligation and duties that accrue out the banker-costumer relation also persists in electronic banking. Therefore there should be observance of these duties just like in normal banking principles. This is because electronic banking is also banking system of which just it media of its provision has changed. 2.8 Laws Regulating Banking Business in Relation to Electronic banking in Tanzania In Tanzania, the main legislations governing banking sector are the Banking of Tanzania Act,77and the Banking and Financial Institutions Act,78 The banking sector in Tanzania is regulated and supervised by the Bank of Tanzania.79 The Banking and Financial Institutions Act,80 controls the operations of banks and financial institutions. The Banking and Financial Institutions Act,81 gives the Bank of Tanzania powers over the banks and financial institutions to include to grant licences to all banks, power to inspect operations of all banks or financial institutions, and require them to furnish any information or to comply with any order, directive or determination issued or made by the Bank of Tanzania to be furnished by banks and financial institutions.82 The Banking and Financial Institutions Act,83 consolidates the law relating to business of banking, to harmonize the operations of all financial institutions in Tanzania, to foster sound banking activities, to regulate credit operations and provide for other matters incidental to or connected with those purposes.84 The Banking and
Act no.4/2006 Act no. 5/2006 79 Section 5(1) of The Bank of Tanzania Act, 2006( No. 4) 80 Act No. 5/2006 81 ibid 82 Section 4 of the Banking and Financial Institutions Act, 2006( No. 5) 83 Act No.5/2006 84 Bank of Tanzania: Banking Supervision (2012) Available at http://ww.bot-tz.org/BankingSupervision/Bankingsup.(Accessed on 22-5- 2012) 84 2008
78
77
27
Financial Institutions Act,85 provide for comprehensive regulation of banks and financial institutions. It provides further for regulations and supervision of activities of savings and credit co-operative societies and schemes with a view to maintaining the stability, safety and soundness of the financial system aimed at reduction of risk of loss to depositors. On the contrary
regulation of electronic banking is not stipulated under these two main legislations governing banking sector possibly these laws were enacted without putting into consideration the matters of electronic banking which was existence in 2006 when there two laws were enacted. Apart from these laws, other laws which are applicable in banking sector includes The Foreign Exchange Act,86 which was enacted for making better provisions for the more efficient administration and management of dealings and other acts in relation to gold, foreign currency, securities, payments, debts, import, export, transfer or settlement of property and for the purposes incidental to and connected to those. This law also does not provide for electronic banking. Also the Bills of Exchange Act,87 governs issues relating to negotiable instruments, yet also does not provide for electronic banking. Some other laws, which in some certain circumstances can be used to regulate banking sector these include the Law of Contract Act,88 the Land Act89 in respect of Mortgage issues and Companies Act90 respect of the matter of establishment of the bank as an entity. Even these laws do not address the matters related to electronic banking and legal protection of a customer in electronic banking.
85 86
Act No.5/2006 Act No 1/1992 87 Cap 215 R.E 2002 88 Cap 345 R.E 2002 89 Act No. 5/ 2002 90 Act No.12/2002
28
The Banking and Financial Institutions Regulations also govern banking sector in Tanzania but still also do not provide for electronic banking in Tanzania. These Regulations apply to all banks and financial institutions, they include: The Banking and Financial Institutions (Capital Adequacy) Regulations,91the Banking and Financial Institutions (Management of Risk Assets) Regulations,92 the Banking and Financial Institutions (Credit Concentration and Other Exposure Limits) Regulations,93 the Banking and Financial Institutions (Foreign Exchange Exposure Limits)Regulations,94 the Banking and Financial Institutions (Internal Control and Internal Audit) Regulations.95 The Banking and Financial Institutions (Microfinance Companies and Micro-credit Activities) Regulations,96 the Foreign Exchange (Bureaux de Change) Regulations,97. Despite the fact that Tanzania has a lot of laws and different regulations to govern the banking sector, all of these do not provide for electronic banking and therefore do not address the issue of a customer legal protection in electronic banking. 2.9 Conclusion The chapter lays foundation of the entire research. The basic concepts of entire research have been demonstrated. Likewise, it has been highlighted that there are various laws that are applicable to regulate banking sector in Tanzania. To the extents that even the bank-customer relationship is regulated by the Law of the Contract.98 But these laws are applicable only to
91 92
G.N No.373/2008 G.N No.370/2008 93 G.N No.376/2008 94 G.N No.369/2008 95 G.N No.79/2005 96 G.N No.80/2005 97 G.N No.88/2008 98 Cap 345 R.E 2002
29
traditional banking this is because electronic banking is not provide for in under laws stated above. It has been highlighted further that bank-customer relationship imposes duties and obligations to the parties but in electronic banking there are not observed or seems to have been neglected or forgotten the reason being the absence of a piece of legislation to ensure their
observance. Therefore despite this broad spectrum of laws a customer is not protected when transacting business in electronic form. Hence, the chapter forms a strong springboard or stepping stone to jump to the next chapter for more critics on the entire legal framework regulating banking activities and the customer in electronic banking.
30
CHAPTER THREE AN OVERVIEW OF THE GAP IN THE LAWS BROUGHT BY ELECTRONIC BANKING: ITS ASSOCIATABLE RISKS TO A CUSTOMER AND POSSIBLE SOLUTIONS 3.0 Introduction The chapter discusses very critically on the laws that are applicable in one way or another in regulation of banking sector in Tanzania. It zeros into discussing the lacuna which has been created by electronic banking. It demonstrates the customers risks in electronic banking ranging from legal, financial to security risks and their causative agent. In some aspects the wisdom of the members of the bar will be visited to expound the positions of the Judicial as far as a legal protection of a customer in electronic banking is concerned. In the ends it provides possible solutions to the issues brought by electronic banking. The data collected are mainly secondary data as the researcher relied much on documentary as the dominant source of data collection. 3.1 Legal barriers in electronic banking in Tanzania Legal barriers in electronic banking in Tanzania are a result of unsupportive nature of the current legal framework. It is stated that in Tanzania there is no any law which deals directly with electronic banking.99 It is provided that, the laws which regulate banking in Tanzania do not accommodate online transactions or payment in cyberspace rather they accommodate off-line transactions only. The reason being the laws do embrace the traditional mandatory requirements of writing and manuscript signature which at all costs does not cater for electronic banking. It is exemplified
99
Mweteni (2011) p 45
31
that the Banking and Financial Institution Act100 under section 5 has features that not recognize online application for a licence due to mandatory requirement that the applications must be in writing and signed manually as opposed to data message and digital signatures.101This proves the fact that this law is embodied with paper based transactions only. In fact this law was enacted during the era of electronic banking of 2006, but it appears that this law was/is aimed at regulating paper based banking business. It is evidently clear that, we are the witness of our self when we venture into making a reference on definition of key words and phrases in this statutes we find terms like bank, entity, financial institution, on the contrary electronic banking is not even mention in this law. Actually, the Act only regulates cash and cheque payment systems operated in a paper based form in a physical branch of a bank.102 The fact that this statute makes no reference to electronic banking, casting doubts whether the current legal framework governing banking business addresses legal issues posed by electronic banking and therefore proves this law does not afford a legal protection of customer in electronic banking. In Tanzania, even the Bills of Exchange Act103 also puts mandatory requirements of writing and signature for an instrument to be accepted as a bill of exchange order.104 Therefore it also does provide for electronic banking in Tanzania. There was a discussion conducted in the Law Reform Commission with the legal officer who provided the stand of the Commission as far as cyber laws are concerned.105 To the effect that the
100 101
Act No. 5/2006 Mambi (2010) pp 128-130 102 As per section 5 of the Banking and Financial Institutions Act, 2006(Act No. 5) 103 1999 104 Sections 3(2),23 and 32(1) of the Bill of Exchange Act, 1999 105 Abdallah, A (2011) p122
32
Commission has completed a report on electronic commerce but the report has been put in shelves only to shake dust as there is no any draft legislation following this report. It has been so without considering the vitality of this report. This is because the report addresses all issues of our concern in electronic commerce in which electronic banking is inclusive.106 For example the report has recommended the enactment of the laws to cover the crucial areas that have a high impact on the economic development in Tanzania and East Africa in general. The laws proposed for amendment include the law of Contract Act,107 the Bills of Exchange Act,108 Sale of Goods Act109 and the Banking and Financial Institutions Act.110 The reason for such amendments is
centred on the point that the laws should respond to electronic commerce and technological advancement. The above arguments buys the idea that customer are not afforded a legal protection in electronic banking because there is no a piece of legislation governing electronic banking in Tanzania. 3.2 The risks that a customer is likely to encounter in electronic banking The authors111 demonstrate that the use of ATMs and EFTPOS systems by customers subjects them to legal problems especially with regard to effectiveness of mandate provided by Personal Identification Number (PIN), security of the systems, liability in case of fraud or card loss and liability of losses caused by system failures. Furthermore the authors demonstrate electronic banking exposes customers to online danger such as fraud, identity and phishing e-mails which trick customer into revealing personal or financial institutions details thus create to fear to customer use. For example, credit card as a result of security risk posed by cyber fraud.
106 107
Abdallah, A (2011) p122 Cap 315 R.E 2002 108 Cap 215 R.E 2002 109 Cap 214 R.E 2002 110 Act No.5/2006 111 Mambi (2010) p127
33
They state openly that there is no highly assured security to customers against fraud and other related cyber offences given the lack of legal framework that regulate electronic banking in Tanzania. They reveal that information of the customers circulating through the use of credit cards, visa cards and cell phones are targeted to crime or may be used to commit cyber crimes such as fraudulent retailing, financial service fraud, obtaining bank account and payment card details illegally, and all these dangers result into disgruntled customers. These attacks can undertake internally by staff or externally through organized criminals.112 It is manifested that unauthorized access to customers accounts leads to unauthorized transfers of funds. The problem of unauthorized transactions due to lack of security of electronic payments is among the key issues in electronic banking transactions in Tanzania. It is even worse to a customer as banks tend to escape liability for losses, even those arising from their own negligence and flaws.113 It is reveled further that customers are not protected form of new offences committed using computers or computer networks, and other intelligent devices. The offences such as computer theft and forgery are not addressed in the current criminal laws. Most crimes it Tanzania are regulated by laws such as the Criminal Procedure Act, the Penal Code, and other related laws. However, most of these laws do not take into account the development of technology that is always changing very rapidly. There is likelihood for culprits to evade their criminal responsibility under the current penal law provisions.114 For example, the whole question of the definition of theft under the current law, for instance section 265 of the Penal Code,115 provides
112 113
Mambi (2010) p179 Mweteni (2011) p 7 114 ibid 115 Cap. 16 R.E 2002
34
for the offence of theft which states that a person who steals anything capable of being stolen is guilty of theft, and is liable, unless owing to the circumstances of the theft or the nature of the thing stolen, some other punishment is provided, to imprisonment for seven years. Theft is also provided for under section 258 of the Penal code. In the above provisions, the subject of theft must be tangible and that it must be capable of being moved from one place to another. The distinction seems to be the tools employed in committing electronic banking crimes, things that are capable of being stolen, the methodology used and the actual loss caused. This is because currently computers are currently used to process, store and disseminate data involving monetary value. When a person accesses a computer or an intelligent device, he has a number of motives, one being to transfer money. For example when a person is moving data with monetary value and later he or she access money using an ATM machine in other words this amounts to hacking. Therefore this casts doubts as whether such accessing of information or data could qualify as a subject of theft. In this regards suspects of electronic crimes can also be charged of the offence of forgery contrary to sections 333, 335(a) and (d), (i) and 338 of the Penal Code,116 for example section 333 of the Penal Code the offence of forgery is defined as making of a false document with intent to defraud or to deceive. These provisions of the law in relation to forgery, criminals who transfer funds using electronic messages that have been forged or cards that have been counterfeited can hardly be brought to justice. The above provisions relate to forgery of documents and it is certain under the current law that a document does not include an electronic message, data or document. Therefore it is necessity to have the laws amended to embrace new
116
Cap. 16 R.E 2002
35
technologies make it possible for the offence of fraud to be committed using computers and computer networks. Customers in electronic banking in Tanzania encounter both legal risks and operational risks. Legal risks when the legal rights and obligations of parties to a transaction are not well established.117The legal rights and uncertainty of the parties in electronic banking is prevalent in Tanzania reasons given being the lack of proper legal framework.118 This is because electronic banking is associated with relatively new nature features; therefore rights and obligation of parties to different transactions are uncertain. Therefore application of customers protection rules to electronic banking in Tanzania is relatively not clear. Banks engaging in electronic banking puts a customer at risk to unauthorized disclosures and interferences of privacy of the customers bank affairs contrary to his/her authorization.119 Electronic banking also exposes a customer to cyber crimes such as hacking activities. In this arena Tanzania has not yet enacted the law to curb for cyber crimes. A hacker may use the linked site to defraud a bank customer.120 There some cases in Tanzania concerning the misuse of electronic banking through ATMs that have been reported that one suspect criminal was arrested by the Police in Mbeya. The accused was alleged to have stolen 6 million Tanzania shillings from various accounts using forged Tembo Cards on CRDB Bank ATM. The accused admitted to have done illegal electronic banking through cash withdrawal from various ATMs in Moshi, Dar es Salaam and Mbeya.121
117 118
Basle Committee on Banking Supervision. (1988). p. 8 Mambi, J,A. (2010). P.126 119 Balse Committee on Banking Supervision(1988). p.9 120 Mambi, J,A. (2010). P. 123 121 Ibid.
36
Still, two Bulgarian nationals were caught in Dar es Salaam, for ATM fraud. The two perpetrators stole over USD 53 000 in illegal ATM transactions. This followed mounting complaints by customers that they were losing their savings in unauthorized ATM withdrawals.122Another incidence of cyber crimes on electronic banking was reported in August 2007 whereby two citizens from India and Malaysia appeared before the court charged with 25 million thefts through CRDB ATMs using forged Tembo Cards. Moreover one an employee of the bank was charged on theft of more than 62 million Tanzania shillings from CRDB ATMs.123` Operational risk arises due to significant deficiencies in the system reliability or integrity.124 Operational risks includes, system failures of ATMs which leads to unnecessary delays and congestions on ATMs places, debiting of the customer account without crediting the customer in ATMs. Yet still, operational risk emanate because banks are subjected to external or internal attacks on their systems or products, security risks with respect to the controls over access to a bankers critical accounting and risk management systems, information that it communicates with other parties.125 Moreover controlling access to bank systems has become increasingly complex due to expanded computer capabilities, geographical dispersal of access points, and the use of various communications paths, including public networks such as the internet. In electronic banking, there can be unauthorized access could lead to direct losses, added liabilities to customers or other problems and leads to failures to detect counterfeiting.126 In additional a variety of specific access and authentication problem could occur. For example, inadequate controls could result in a successful attack by hackers operating via the internet, who
122 123
Supra note Mambi, J,A. (2010). P. 123 124 Basle Committee on Banking Supervision. (1988). p.7 125 Basle Committee on Banking Supervision. (1988). p 8 126 ibid
37
could access, retrieve, and use confidential customer information. In the absence of adequate controls, an outside third party could access a banks computer system and inject a virus into it. Still internal attack is possible in respect of its own employee frauds for stances employees are able to authentication data in order to access customer account, or steal stored value cards. Inadvertent errors by employees may also compromise a banks systems and as result a customer suffers financial losses.127 Furthermore that many banks are likely to rely on outside service providers and external experts to implement, operate and support portions of their electronic banking activities. Such reliance may be desirable because it allows a bank to outsource aspects of the provision of electronic banking and electronic money activities that it cannot provide economically itself. However, reliance on outsourcing exposes a bank to operational risk. Service providers may not have the requisite expertise to deliver service expected by the bank, or may fails to update their technology in a timely manner. A service providers operations could be interrupted due to system breakdown or financial difficulties, jeopardizing a banks ability to deliver products or services.128 The rapid pace of change that characterizes information technology presents banks with the risk of systems obsolescence. For example, computer software that facilitates the use of electronic banking and electronic money products by customers will require updating, but channels for distribution software updates pose risk for banks in that criminal or malicious individual could
127 128
Supra note Basle Committee on Banking Supervision. (1988). p 8
38
intercept and modify the software. In addition, rapid technological change can mean that staff may fail to understand fully the nature of new technology employed by the bank.129 Moreover risk may be heightened where a bank does not adequately educate its customers on security precautions. In the absence of adequate measures to verify transactions, even customers may be able to repudiate transactions they previously authorized, inflicting financial losses on the bank. Customers using personal information for example authentication information, credit card number or bank account number in a non-secure electronic transmission are susceptible to criminals to gain access to their customer accounts.130 Cross border nature of electronic banking imports certain risks to customers. Bank may face different legal and regulatory requirements when deal with customers across national borders. In electronic banking there may be uncertainties about legal requirements in some countries. In addition, there may be jurisdictional ambiguities with respect to the responsibilities of different national authorities. Such consideration may expose customer to legal risk associated with noncompliance with different national laws and regulations, including consumer protection laws, record-keeping and reporting requirements, privacy rules and money laundering laws.131
129 130
Ibid p. 9 Supra note 131 Basle Committee on Banking Supervision. (1988) p. 9-10
39
3.3 Admissibility of electronic evidence as far as a legal protection of customers in electronic banking is concerned First and foremost electronic evidence can be defined as any data stored or transmitted using a computer. It is further defined to mean any information of probative value that is either stored or transmitted in a digital form.132 Electronic evidence can be created by using a considerable number ways. It can be by entering data or a record into the computer, the computer processes the data and produces some information. It can also be by typing words using a computer word processor which generate typed document that may either be saved on computer disk or sent to recipient whose computer is linked with that of sender. Another way is by automatic mechanical operation of the computer. Moreover is by creating programmes that automatically record transactions taking place without human involvement.133 To our concern, ATMs receipts are a vivid example of automatic generated or electronic evidence in electronic banking. ATMs are connected to a computer that is programmed to accept deposits of cash and withdrawals. Thus, a computer would create a record that certain customer with a certain account has withdrawn a certain amount of money at a certain date and time. Therefore, in an event of any dispute arises out such transaction, then the records that computer automatically created are likely to be tendered in evidence.134 In this respect the question of admissibility of electronic evidence arises such as from ATMs receipts.
132 133
Abdallah (2011) p115 Mollel, & Lukumay (2008) pp 74-75 134 Ibid p.76
40
The principles on admissibility of documentary evidence and signatures has been affected by the advent of Information Communication Technology (ICT). This is because ICT has led to the production of electronic documents and digital signatures. These technologies have brought changes on the way of affixing signature on electronic document.135 It is depicted that, it is very difficult to proof offence committed in electronic banking since electronic evidence has received considerable setbacks. For example, what has been transacted in electronic banking must be printed out and adduced before the court for determination and this subjected to number of technicalities such as the original evidence and a copy. In regards to ATMs receipts the question can raise is court as to where be the origin evidence since ATMs receipt is copy printed out of an ATM. This is because the question of proof of the integrity of the electronic records or electronic evidence is still not clear.136 However, there has been an attempt by the judiciary to broaden the definition of bankers book to include computer printouts in the case of Trust Bank Tanzania Ltd v. Le-Marsh Enterprises Ltd and Others.137 The court was called upon to rule as to whether or not a computer print-out is a bankers book under the Evidence Act,138 Nsekela, J. (as then was (he is now a Justice of the Court of Appeal) ruled that electronic evidence is admissible in Tanzania Courts and this marked the departure from the strict rule of best evidence rule. In his judgment Nsekela, J. cited with approval Section 5 of the English Civil Evidence Act,139 which is provide that inter alia that in any civil proceedings a statement contained in a document produced by a computer shall be admissible as evidence of any fact stated therein of which direct oral evidence
Mambi, J.A.(2008). An overview of the legal implications of information and communications technologies in Tanzania: A comparative perspective. p.103 136 ibid 137 (2000) Commercial Case No.4( Unreported) 138 Cap 6 R.E 2002 139 1968
135
41
would be admissible, if it satisfies the conditions stipulated under section 5(2) of the same Act, for example section 5(2)( a) provides that the document containing the statement was produced during a period over which the computer was used regularly to store or process information for the purposes of any activities regularly carried on over that period, whether for profit or not, by any body whether corporate or not, or by any individual shall be admissible. He further stated that the court should not be ignorant of modern business methods and shut its eyes to the mysteries of the computer. This decision shows the judicial activism and the role of Judiciary in filling the gaps left by the legislature. The Legislature responded by amending the Evidence Act,140 brought about by the Written Laws (Miscellaneous Amendments) Act,141 enacting Electronic Evidence Amendment Act,142 which provided provision for the reception of electronic evidence in courts of law in Tanzania. In response to this amendment, Mambi143 argues that the Written Laws (Miscellaneous Amendment) Act,144 has not really cured the problem of legal certainty and admissibility of electronic evidence The question of proof of the integrity of electronic records or electronic evidence has not been considered and another important issues that were supposed to be included in the amendment legislation are the standard of proof, presumption of computer or information system integrity.
140 141
Cap 6 R.E 2002 Act No.15/2007 142 2007 143 Mambi (2008) p 103 144 Act No.15/2007
42
In response to the argument above especially to the aspect of standard of proof, Makaramba, J in the case of Lazarus Mirisho Mafie v M/S Shidolya Tours & Safaris,145 where a plaintiff alleged to have been defamed through the e-mail the defendants counsel raised a preliminary objection on point of law that the concerned e-mail containing alleged defamatory statements being part of the electronic evidence is no admissible in evidence in civil proceedings. The issue before the court of law was whether or not electronic documents/records may be admitted as evidence in proceeding of a civil nature. Makaramba, J held that the law on admissibility of electronic evidence in Tanzania is still highly unsatisfactory; he further stated that the law of evidence on admissibility of documents suffices to cover electronically generated information without requiring the intervention of the parliament. The only thing which is missing are the standards for determine authenticity. The judge stipulated five hurdles which include relevance, authenticity, the hearsay rule, the original writing rule and the need to balance its probative value against the potential for unfair prejudice or other harm. Failure to clear any of these evidentially hurdles means that the evidence will not be admissible. The above disposition leads us to pinpoint that there are some limitations or setbacks when it comes to tendering electronic documents in our courts of law. This is aspect is cured in other jurisdictions like in Nigeria, the Nigerian Supreme Court in the case of Anyaebosi v R T Briscoe Nigeria Ltd,146where it was held that a computer printout is a copy. Therefore in Nigeria, it is a settled legal position that a computer printout constitutes a copy. It implies logically but not necessarily that computer data constitute original document as behind a copy there must be an original. Like wise in Singapore where Singapore has amended
145 146
(2008) Commercial case No.10 (Unreported) [1987] 3 N.W.L.R. 84 (part 59).
43
her Evidence Act and came up with a new law. The evidence (Amendment Act),147 which introduces new provisions to facilitate the use of information technology and to provide for the admissibility and weight of computer printout produced by any computer or network as evidence in both criminal and civil matters.148 This analysis suggests further that customer is not only legally protected even to the respect of admissibility of electronic records or computer print out. This leads to suggest that the entire legal framework regulation banking business does not cater for a regulation of electronic banking and therefore it does provide for a legal protection of a customer in electronic banking. 3.4 The position of the Judiciary as far as electronic banking is concerned Ignorance on part of the poor magistrate who is part of the judiciary on electronic banking has been witnessed in the case of R v. Hasan Faraji Kimaro.149 The accused was one of the CRDB Bank staff members was alleged to have been committed theft electronically at the CRDB Bank. Magistrate in this case stated inter alia that, I wonder how possible can a person be able to steal money from the Bank while computer is offline. This statement witness a short-sightedness knowledge as far as electronic banking is concerned. However awareness on electronic banking has been witnessed on part of the Judiciary in the case of Trust Bank Tanzania Ltd v. Le-Marsh Enterprises Ltd and Others.150 Where there has been an attempt by the judiciary to broaden the definition of bankers book to include computer printouts in the case of The court was called upon to rule as to whether or not a computer print-
147 148
1996 Mambi (2008) p 103 149 (2005) Criminal Case No. 137 RMs court Tanga (unreported) 150 (2000) Commercial Case No.4( Unreported)
44
out is a bankers book under the Evidence Act,151 Nsekela, J. (as then was (he is now a Justice of the Court of Appeal) ruled that electronic evidence is admissible in Tanzania Courts and this marked the departure from the strict rule of best evidence rule. In his judgment Nsekela, J. (as he then was) cited with approval Section 5 of the English Civil Evidence Act, He further stated that the court should not be ignorant of modern business methods and shut its eyes to the mysteries of the computer. In another case of National Banks of Commerce v. Milo Construction Co. Ltd and Two others152 it was alleged that the plaintiff defaulted repayment of the said facility. Two statements were tendered in court. One was the processed easy bank computer program and other was the processed inflexible banking computer program. The court found discrepancies between the two statements as some entries were not reflected in one of the statement. The plaintiff did not adduce sufficient explanation on the discrepancies. The court therefore found that the plaintiff has failed to prove the exact amount the first defendant borrowed from the plaintiff. The analysis of this case reveals that the plaintiff had bank-produced statements generated by two different computers programs. The later program did not have features similar to the earlier one. There was no clarity as to the discrepancies of the two statements noted. The court was therefore is justified in rejecting the claim of the plaintiff as it provided insufficiency explanation regarding the operation of the two computer programs. Therefore this case suggest even though their awareness on part the judiciary it time the courts to make use of forensic experts, who would assist it in analyzing computer related evidence.153
151 152
Cap 6 R.E 2002 Commercial case No. 293 of 2002 (unreported) 153 Mollel, & Lukumay (2008) p 114
45
In this case the court missed the opportunity of inspecting the two computer programs which generated the statements that were admitted in court. The examination of two programs, with the aid of forensic expert would have cleared the doubts whether replacing an old computer program for a new one leads to having two different standards of calculating interest resulting in two different statements. In the England case of R v Shephered,154 it was held that a proof that a computer was reliable could be provided by calling a witness is familiar with its operation in the sense of knowing what the computer was required to do and who could say that it was doing it properly such a witness needs to be responsible for the operation of the computer. This case provides the necessity of a forensic expert when it comes to electronic documents perhaps it a time our courts should utilization of forensic experts in electronic records. The position on the part of the Judiciary depict that the Judiciary has an awareness of existence of electronic banking and it is also aware that our laws are not in tune to electronic banking. 3.5 Possible ways of managing and controlling risks in electronic banking In order to make a proper governance of electronic banking and ensure customers legal protection, activities such as implementing security policies and measure, co-coordinating internal communication, evaluating and upgrading products and services, implementing measures to ensure that outsourcing risk are controlled and managed, providing disclosures and customer education and developing contingency plans. These initiative play a great deal to risks eradication therefore they should be codified to ensure a legal protection to a customer.155 3.6 Suggestions on the securities policies and measures for electronic banking in Tanzania For maximum insurance of security for a customer in electronic banking securities mean the
154 155
[1993] 1 All ER 213 Basle Committee on Banking Supervision. (1988).p. 9-10
46
combination of systems, applications, and internal control used to safeguard the integrity, authenticity and confidentiality of data and operating processes.156 Proper security relies on the development and implementation of adequate security policies and security measures for processes within the bank, and for communication between the bank and external parties. Security policies and measures can limit the risk of external and internal attacks on electronic banking and foster customers interest.157 Therefore security measures include, for example, encryption, passwords, firewall, virus controls, and employee screening. Encryption is the use of cryptographic algorithms to encode clear text data into cipher text to prevent unauthorized observation. Password, phrases, personal identification numbers, hardware-based token, and biometrics are techniques for controlling access and identifying users.
158
A sound scheme should begin with protecting the perimeter usually by means of a firewall. The firewalls are the first line of defense because it should prevent intruders from gaining access to internal networks of banks. Firewalls are combination of hardware and software that screen and limit external access to internal systems connected to open network such as the Internet. Firewalls may also separate segments of internal network using Internet technology (Intranets). Therefore firewall technology, should be properly designed and implemented, in order to provide effective means of controlling access and safeguarding data confidentiality and integrity of customers.159
ibid Supra note 158 Spinello. R.A(2006). Cyberethics: Molarity and law in cyberspace,: Massachusetts: Jones and Bartlett publishers, p.195-196 159 ibid
157
156
47
Not all security threats are external as we have noticed the existence of internal attack especially by employees of the bank themselves. Taking this to consideration electronic banking should also be safeguarded, to the extent possible, against unauthorized activities by current and former employees. Background checks for new employees, temporary employees and consultants, as well as internal controls and separation of duties are important precautions to protect systems security.160 Other measure includes monitoring and tracing individual transactions, maintenance of cumulative records in a central database, the use of temper-resistant devices incorporated into stored-value cards and merchant hardware and the use of value limits and expiration date on stored-value cards.161 In cross border nature of electronic banking national supervisors play an important role by identifying and discussing jurisdictional ambiguities. They can make efforts to develop measures to detect unsafe and illegal practices. Finally, national supervisors can continue strengthen, cooperative efforts to share information about product and service innovations, and industry practices. This is possible and effective only if the country have the proper legal framework to regulate electronic banking and make it as a reference.162
160 161
Basle Committee on Banking Supervision. (1988) p 10-11 ibid 162 Basle Committee on Banking Supervision. (1988).p. 10-11
48
3.7 Experiences observed & Learnt from countries as regards to affording a legal protection of the customer in Electronic banking Unlike Tanzania, customers in electronic banking in U.S are afforded a legal protection in electronic banking through the law referred to as Electronic Fund Transfer Act.163 This law provides for allocation of losses arising from unauthorized electronic fund transfer transactions. It defines unauthorized transactions as the funds transfer initiated by a person other than the customer without actual authority to initiate the transfer and from which the customer receives no benefit.164 The law provides that any transaction not authorized notwithstanding the conduct of the customer, is regarded under the act as unauthorized and for the simple reason of the third party being in unlawful control of the access device at the time of transaction. The rights, liabilities and obligations of the consumer and bank in respect to the electronic bank transfer are spelt out clearly and cannot be taken away by the contract between banker and customer.165 The circumstances surrounding the promptness of enactment of this law which is a big lesson to Tanzania government was the report made by the National Commission on Electronic Fund Transfers (NCEFT) made in 1977. After a broad evaluation of consumer risk in using electronic transaction, for example from ATMs and EFTPOS and electronic fund transfers generally the commission found that the existing laws were not applicable or incomplete when it comes to electronic payment system and thus did not safeguard consumers interest and concern. Therefore,
163 164
(15 US.C 1963 et seq) of 1978 Bwana (2003) p 13 165 ibid
49
the commission recommended the enactment of the law to guarantee to customers basic rights in an electronic fund transfer environment.166 Other countries that have enacted laws to regulated electronic banking are Australia, Singapore, Finland, Malaysia, India, to mention only a few. But when it comes to The UK Government's approach on banking regulation, particularly in the field of electronic banking it is different, as the government relies on competition and self-regulation, legislating only is a matter of last resort.167 In order to afford a legal protection of customers in electronic banking, South Africa has enacted the law referred to us Electronic Communication and Transactions Act168.169India has responded by enacting Information Technology Act170. Unlike Tanzania, The Banking and Financial Institution Act,171 address all issues related to electronic banking.172 In the regard of penal legislation to deal with unauthorised access to computers, in the US, the Computer Fraud and Abuse Act,173 create a number of offences, including the offence of unauthorized access to computers. It seeks to punish many of the activities commonly referred to as hacking. Under this law, it is illegal to do have access without authorization to any computer system to obtain financial information held by any financial institution. The credit information held by a consumer reporting agency, or credit card information held by the issuer of credit cards.
166 167
Bwana (2003) p 13 Bwana (2003) p13 168 Act No.25/2002 169 Mollel, and Lukumay, (2008) p 102 170 Act No.25/2000 171 1989 172 Mambi (2010) p127 173 (18 USC 1030) of 1997
50
In Malaysia, the Computer Crimes Act174 provides for offences relating to the misuse of computers. The Act criminalizes unauthorized access to computer systems and the use of computer systems for fraudulent purposes. Under this Act it is possible for this crime to be committed extraterritorially (outside Malaysia) . According section 9(1) of the Computer Crimes Act,175 any person, whatever his nationality or citizenship, who commit the offence of
authorized access to computer that have effect outside as well as within Malaysia he may be dealt with in respect of such offence as if it was committed at any place within Malaysia. Furthermore, according to 3(1) of the Computer Crimes Act,176 makes it an offence of unauthorized access to a person who causes a computer to perform any function with intent to secure access to any program or data held in any computer and where the access he intends to secure is unauthorized with knowledge. Unauthorized communication of codes or passwords is another offence related to computer misuse. According to Section 6 of the Computer Crimes Act of Malaysia makes it an offence to communicate directly or indirectly a number, code, password or other means of access to a computer to any unauthorized person. Moreover, according to section 1030 (a) (6) of the Computer Fraud Abuse Act of the United States of America also creates a similar offence. US Electronic Fund Transfer Act imposes liability to financial institutions if fails to debit, credit or transfer funds in accordance with the customers mandate. A financial institution that fails to make a transfer without a lawful cause may be liable to civil action for damages arising there. The measure of damages depends on the actual losses suffered by the consumer if it can prove that the failure was as a result of an error made in good faith notwithstanding the maintenance of
174 175
ibid Supra note 176 1997
51
procedures reasonably adopted to avoid such error. The only act that can justify inability to transfer funds in accordance with the customers mandate is the act of God. Further in 1986 the U.S Congress passed a comprehensive federal law outlawing hacking. It is referred to as the Computer Fraud and Abuse Act,177 the authors178 states that one of common method of acquiring access code is through the use of a special software designed to try large number of randomly generated codes over the phone line. The Software keeps a log of failures and successes, providing the user with a list of illegally obtained code at the end of the session. Using the software results in the production of an access code. This is strictly prohibited in the U.S 3.8 Relevance of Model Laws in Electronic Banking The articles 6, 7, 8 and 9 of the UNCITRAL Model Law and Commonwealth Model Law provides for functional equivalence thus where the law requires a signature of a person, that requirement is met in relation to a data message if an electronic signature is used that is as reliable as was appropriate for purpose for the data massage was generated or communicated, in light all of the above which circumstance, including any relevant agreement. It is believed that these Model Laws will assist states in reforming and enhancing their legislations that are on paper method and come up with uniform laws that allow the use of alternatives to paper based methods of transactions, communication and storage of information at national and international level.179
177 178
1986 Cavazos, E.A & Morin Gaino.(1996). Cyberspace and the law. Massachusetts. The Mit press p. 107-109 179 Mambi, (2010) p.132
52
3.9. Conclusion The foregoing account has been an analysis of the data to show that laws that are applicable in the banking regulation in Tanzania and their shortfall when it comes to regulation of electronic banking in Tanzania. A customer is likely to face legal, operational and financial risks in electronic banking as expounded earlier on. Therefore it appropriate to state that the Tanzania legal framework does administer a proper legal framework when it comes to offer a legal support to the customers in electronic banking. Unlike other jurisdiction such as in U.S and South Africa that have introduced a legal framework to govern electronic banking and to provide a legal protection to customers in electronic banking.
CHAPTER FOUR CONCLUSION AND RECOMMEDATIONS
53
4.0 Introduction This chapter presents general summation, conclusion and recommendation of the researchers findings. The researchers findings are about the position of the legal protection of customers in electronic banking in Tanzania. 4.1 Summation and Conclusion A foregoing account has been an exposition to demonstrate the legal protection of customers in electronic banking. It has been illustrated that electronic banking in Tanzania as result of development of ICT which has made profound impact on the paper base transactions and legal rules in the laws regulating banking sector in Tanzania and to the entire legal framework govern banking in Tanzania. The body of rules governing this aspect seems to embrace common law principle and paper based transactions. The modern technologies especially the use of internet connectcomputerized to provide banking service and thus facilitates electronic transactions have left the legal framework defenceless when it comes to affording a legal protection of customers in electronic banking. Therefore electronic banking has left the entire legal framework governing banking activities a white elephant when it comes to governing electronic banking and thus a customer is caught in surprise as far as there is no appropriate legal frame work. This research paper has examined in details the regulation of electronic banking and found the main legislation applicable to banking sector is the Bank and Financial Institution Act180. However, this Act does not afford protection to customers in electronic banking.
180
Act No. 5/2006
54
Furthermore, issues related to cybercrimes, digital documents are not covered under Tanzania legal framework. The existing laws of Tanzania cannot handle the various cyber space activities, as thus there is need for new laws to be enacted or old laws be amended. In order to regulate modern technologies impacts to the law such as the aspect of electronic banking which is brought by ICT regime is better for cyber laws to govern these impacts to the law. No matter how reprehensible a behavior is if it is not defined as a crime in our legislations may not be the subject of a criminal prosecution in Tanzania. For example under section 132 of the Criminal Procedure Act,181 directs offences to be specified in charge with necessary particulars. Under article 13(6) (c) of the United Republic of Tanzania Constitution,182 articulate that no person shall be punished for any act which at the time of its commission was not an offence under the law, and no penalty shall be imposed which is heavier than the penalty in force at the time the offence was committed. So is obvious that without having a cyber law in place, criminals will end up been acquitted. The Tanzanian Law Reform Commission has completed a report on electronic commerce, that examines all the issues of concern, but there is no legislation so far.183 Making a reference to South Africa, Electronic Communications and Transactions Act,184 has been enacted to cater for electronic banking in South Africa. In India, has enacted the Information Technology Act,185 regulates electronic banking. The Penal Code of Japan enacted in 1907 was amended in 1987. The main purpose of this amendment was to ensure a modern
181 182
Cap 20 R.E 2002 1977 as amended from time to time 183 Ally, A. (2010). Legal challenges brought by development of ICT in Tanzania p 21.Available at http://www:.isaca.or.tz/.../ dec2010/LEGAL %/20CHALL. (Accessed on 2-6-2012)
184 185
2002 2000
55
computerized business works by prohibiting any computer crimes, especially to protect safety of electronic fund transfer transactions and the integrity of computer programs and electronic data.186 Therefore there is a need to benchmark from other jurisdiction with legal framework that govern electronic banking and affording a legal protection to a customer. Most of laws regulating this are not intone to electronic banking, calling for further reform as most of laws protect customers on offline business only. Therefore it appropriate to conclude that in Tanzania there is no law which protects a customer in electronic banking. 4.2 Recommendations The main recommendation advanced in this research is not the amendment of the Banking and Financial Institutions Act but enactment of a comprehensive piece of legislation on electronic banking. I therefore recommend for enactment of Electronic Banking Act so as to govern electronic banking and to provide a customer with a legal protection in electronic banking. The main justification of this recommendation is based on the observation in this research as highlighted above that there is gap or lacuna which has been created by ICT in the legal framework regulating the banking sector in respect of regulating electronic banking and issues surrounding customer protection in electronic banking. Having realized all cross cutting issues which are posed by electronic banking to as customer there is a need to have a comprehensive legislation to govern electronic banking. In respect of the entire legal framework associated with banking sector as pointed above ranging from law of contract, the law of evidence to penal statutes should be amended to respond to ICT
186
Ally, A.(2010).p 25
56
development. Existence of proficient and responsive laws to the advancement of ICT shall play a fundamental role in protection of customer in electronic banking. These are the laws that address issues raised by electronic banking technologies and those that would keep pave with the advancing technologies. The rationale for this that the law must keep abreast of technological changes as they affect the way we do business. Judicial response is also recommendation by the researcher. Judges should continue to develop and set new jurisprudence to the existing principle governing paper based transactions to cover for electronic banking so as to afford a legal protection of customer in electronic banking. This has been enshrined by Senkela, J in the case of Trust Bank Tanzania Ltd v. Le-Marsh Enterprises Ltd and Others187 who stated that the court should not be ignorant of modern business methods and shut its eyes to the mysteries of the computer. Conclusively, the rationale of having affording a customer with a legal protection in electronic banking is vital in order to rectify the market imperfections in relation to electronic banking transactions, the aim being to enhance the confidence of consumers. This in turn will contribute to the development of electronic commerce in Tanzania and contribute to the economic development in Tanzania. Therefore it goes without a saying that customers must be legally protected in electronic banking in Tanzania so far customers in electronic banking are not legally protected.
187
(2000) Commercial Case No.4( Unreported)
57
BIBLIOGRAPHY BOOKS Mollel, A., & Lukumay, Z. (2008). Electronic transactions and the law of evidence in Tanz ania. Iringa: Peramiho Printing Press.
58
Mambi, A, J. (2010). ICT law book, Dar es Salaam: Mkuki and Nyota Publishers Ltd Lloyds, J. (2008). Information technology law,5th ed, United States of America: Oxford University Press. Sundharam, K.P.M., & Varnshiney, P.N.(2004).Banking: Theory, law & practice.17th ed, New Delhi:Sultan Chand & Sons. Sealy, L.S., & Hooley, R.J.S.(2005).Commercial law: Text, cases and materials.3rded, United Staes: Oxford University Press. Cavazos, E.A & Morin Gaino.(1996). Cyberspace and the law. Massachusetts: The Mit press: Spinello. R.A(2006). Cyberethics: Molarity and law in cyberspace, Massachusetts: Jones and Bartlett publishers: Cranston, R. (2002). Principles of banking law. 2nd ed.United States: Oxford University Press. STATUTES The Banking and Financial Instructions Act, Act No.5 of 2006 Bank of Tanzania Act, Act No. 4 of 2006 The Civil Procedure Act [Cap 33 R.E 2002] The Law of Contract Act [Cap 345 R.E 2002] The Electronic and Postal Communication Act, No 3 of 2010 The Tanzania Bill of Exchange Act [Cap 215R.E 2002] The Foreign Exchange Act, 1992(Act. No 1) The Penal Code [Cap 16 R.E 2002] Sale of Goods Act[Cap 214 R.E 2002] Written Laws Miscellaneous Amendment Act, No.15 of 2007 The Constitution of United Republic of Tanzania, 1977 (as amended from time to time)
59
Statutes from other Jurisdictions. Information Technology Act, No.21 of 2000 India Electronic Communication Act, 2000 (U.K). The Banking and Financial Institution Act,1989, (Malaysia.) The Electronic Transactions Act, 2000 (Mauritius.) The US Uniform Electronic Transaction Act, 1999, (USA.) The English Bill of Exchange Act,1882 [Cap 61 45 and 46 vict] The Stamp Act,1891[cap 39 54 and 55 vict] Electronic Communication and Transactions Act, 2002(South Africa) South Africa Computer Evidence Act, 1983(South Africa) Electronic Communication Act, 1986(US) The Computer Fraud and Abuse Act, 1986(US) The Cyberspace Electronic Security Act, 2000(US) The Electronic Signature in Global and National Commerce Act, 2000(US) Computer Crime Act, 1997 (Malaysia) Electronic Fund Transfer Act, 1978. CASES Great Western Railway Co. v. London and County Banking Co.Ltd [1901] A.C. 414 Commissioners of Taxation v. English, Scottish & Australian Bank Limited [1920] A.C.683 Woods v. Martins Bank [1959] 1 Q.B. 55 United Dominions Trust Ltd Vs Kirkwood [1966]2 Q.B 431 Joachim v Swiss Bank of Corporation [1921] 3 KB 110 Westminster Bank Ltd v Hilton(1926) 43 TLR 124),
60
Tournier v National Provicial and Union Bank of England [1924] 1 KB 1 KB 461 Greenwood Vs Martius Bank Ltd [1933] Ac 51 Tar Hing Cotton Mill Ltd v Lin Chong Hing Bank Ltd [1986] AC 80 Curtice v London City and Midland Bank Ltd [1908] 1 kb 293 Trust Bank Tanzania Ltd v. Le-Marsh Enterprises Ltd and Others, (2000) Commercial Case No. 4 o in the High Court of Tanzania (Commercial Division) at Dar es salaam, (Unreported) Lazarus Mirisho Mafie v M/S Shidolya Tours & Safaris (2008)Commercial case No.10 (Unreported) R v Shephered [1993] 1 All ER 213 National Banks of Commerce v. Milo Construction Co. Ltd and Two others Commercial case No. 293 of 2002 (unreported) R v. Hasan Faraji Kimaro (2005) Criminal Case No. 137 RMs court Tanga (unreported Anyaebosi v R T Briscoe Nigeria Ltd [1987] 3 N.W.L.R. 84 (part 59). ELECTRONIC SOURCES Kasemsan, K., & Hunngam, N. (2010). Internet banking security guideline model for banking in Thailand.Available at http:// www.ibimapublishing.com/journals/CIBIMA /CIMIMA/html. (Accessed on 15th-2- 2012.) Radhakrishna, G. (2009). Liability issues in internet banking in Malasysia Available at http://www.ibimapublishing.com/journals/ (Accessed on 14-3-2012) Abdallah, A. (2011). The impact of ICT revolution in Tanzanias legal system: A critical analysis of cybercrimes and computer forensic evidence. Unpublished Master Thesis, Open University of Tanzania. Available at http://www,ict.into/osg/spu/cybersecurity //
contribution/Tanzania-ulanga-paper. (Accessed on 4-4-2012)
61
Mollel, A. (1996). The legal and regulatory framework for ICT in developing countries: Case study of ICT and the law of evidence in Tanzania Available at http://cs.joensuu.fi/ipid2008/abstracts/Mollel Andrew_ICT4D PAPER.pdf (Accessed on 1-2-2012) Basle Committee on Banking Supervision.(1998). Risk management for electronicbanking and electronic money activities Available at http://www.bis.org/publ/bcbs35.pgf (Accessed on 5-5-2012) Schaechter, A. (2002). Issues in electronic banking: An overview.Available at http:// www.imf.org/external/pubs/ft/.../2002/pdf06.pdf Accessed on 17-4-2012 Ahmad, A, M.(2010).E-banking functionality and outcomes of customer satisfactory: An empirical investigationAvailable at http://ccsenet.org/journal/index/ijms/article/.../6838 (Accessed on 3-3-2012) Shamim, S & Sardar, K.(2010).Electronic banking & e-readiness adoption commercial banks in pakistan Available at http://www.diva-portal.org/smash/get/FULLTEXT01 (Accessed on 4-3-2012) Gyan, V.(2009). Relationship between banker and customer Available at http://www.vidyagyan.blogspot.com/.../relationship-between-...- Accessed on 4-4-2012 Zubair, M.(year not specified). An analysis of duty of confidentiality owed by banker to its customer Available at http://papers.ssrn.com/.../SSRN_ID1815825_Code9537 (Accessed on 7-52012)
62
Ally, A. (2010). Legal challenges brought by development of ICT in Tanzania .Available at http://www:.isaca.or.tz/.../ dec2010/LEGAL %/20CHALL. (Accessed on 2-6-2012) Bank of Tanzania: Banking Supervision (2012) Available at http://ww.bottz.org/BankingSupervision/Bankingsup (Accessed on 20 -32012) Bank of Tanzania, Tanzania payment system-vision and strategic framework p 3 .Available at http://www.bot-tz/.../org/Y2005Vjan2000 p.d.f (Accessed on 3-4-2102 ARTICLES Bwana, A, J. (2003).Electronic banking and law in Tanzania: Approaches to its regulation. The Tanzania lawyer.1, 1-13 Mambi, A,J (2008). An overview of the legal implications of information and communication technologies in Tanzania: A comparative perspective. The Tanzania Lawyer, 2, 88-104 UNPUBLISHED PAPERS, THESES AND DESSERTATIONS Mniwasa, M.S.(2005). The origin, operation and regulation of electronic banking in Tanzania: Law and practice. Unpublished Master Thesis, University of Dare es Salaam )
Mweteni, A.J. (2011).Application of the duty of confidentiality in electronic banking in Tanzania: A case study of Arusha Region. Unpublished research paper, Tumaini University, Makumira

An Analysis On The Legal Protection of Customers in Electronic Banking

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

An Analysis On The Legal Protection of Customers in Electronic Banking

Transféré par

Droits d'auteur :

Formats disponibles

i

Certified and signed onday of2011.

ERIC MPONEJA SUPERVISOR

Dated ..day of2012.

UNCITRAL United National Commission on International Trade Law

Act No. 3/2010 Mollel, & Lukumay, (2008) .p 9

Bwana (2003) pp 1-10

[1901] A.C. 414

According to and Sealy & Holley,

they are of the view that there is no comprehensive legal

Sealy, & Hooley, (2005).pp 588-589 (1926) 43 TLR 124,

ibid [1908] 1KB 293

Cap. 16 R.E 2002

Supra note Basle Committee on Banking Supervision. (1988). p 8

(2008) Commercial case No.10 (Unreported) [1987] 3 N.W.L.R. 84 (part 59).

[1993] 1 All ER 213 Basle Committee on Banking Supervision. (1988).p. 9-10

(15 US.C 1963 et seq) of 1978 Bwana (2003) p 13 165 ibid

ibid Supra note 176 1997

CHAPTER FOUR CONCLUSION AND RECOMMEDATIONS

Act No. 5/2006

(2000) Commercial Case No.4( Unreported)

contribution/Tanzania-ulanga-paper. (Accessed on 4-4-2012)

Vous aimerez peut-être aussi