| www.gosodipo.com | ||||||
| Home | Feedback | Search | About Us |
 |
||
 |
||||||
| Services | Partners | Seminars | News | Publications | Newsletters | |
 |
Seminars | |||||
|---|---|---|---|---|---|---|
|
THE LEGAL DIMENSION OF INFORMATION TECHNOLOGY AND THE BUSINESS OF BANKING IN THE NEW MILLEN1UM: A FOCUS ON E.B., E-COMMERCE, ON- LINE BANKING ETC*
INTRODUCTION Although hardly any banking act defines it in this parlance, the business of banking is basically about service delivery. Consequently, the introduction of facilities that enhance the delivery of banking services in a cost-effective manner is always a welcome development. This is what Information Technology offers. With increasing competition in the market place, and several modes of delivery for banking products and services, channel management has become an important issue ', not only in retaining customer loyalty but maintaining and growing overall profitability. Information Technology (1- T.) provides the platform to achieve both - anywhere in the world. The same is true in Nigeria. Though the introduction of I.T to me business of banking in Nigeria is barely a decade old, the fragility of our present legal framework to accommodate the myriads of complex situations and problems arising from the integration of I.T into delivery of banking services is fast becoming apparent. In this paper, we will focus on the practical issues that arise from the adoption of I.T in the banking business, primarily through a legal perspective. This paper is divided into four parts, m part I, we will look briefly at the concept of I- T, Electronic Banking (E-B.) tracing the history of E. B. in Nigeria. Part 2 will examine the operational modalities of electronic banking - highlighting the practical issues arising therefrom. The third part will analyse the highlighted issues within the confines of our legal framework, and finally, suggestion for reform as well as means of managing risks of conducting business on the internet will be prescribed in the last section. PARTI Information Technology (I.T) I. T. in summary refers to any activity that uses information to fulfill its mission such as those activities whose primary job tasks involve acquiring, building , maintaining, operating and supporting the systems that collect and process information.2 It is the entire business of gathering, collating, analysing, transmitting and storing, recalling, accessing or in anyway dealing with or making I.T translates therefore to the use of computer system and telecommunication facilities in the conduct of operation whereby transaction initiation and execution are facilitated by technology- * Paper delivered by Mr. Seye Kosoko at an International Conference on Electronic Commerce and Telecommunications in Nigeria on 26/9/2002 1. Balachandran/Guru - E.B. Developments in Malaysia: Prospects & problems (2000) J.I.B.L., Issue 10 2 Quality Assurance Manager's Handbook, Orlando, Florida: The Quality Assurance Institute, 1991. In banks, IT contributes to faster execution of transactions through the integration of the front and back office functions, resulting in enhanced product and service delivery and ultimately increased transaction volumes. electron ic Ranking (E.B.) E.B. in the simplest of terms is the execution of banking transactions with electrically provided information. E. B. enables the execution of information based transactions between two or more parties using interconnected networks. This may be by magnetic tape, disc, telecommunication or wireless application protocol links. The terms E.B or Electronic funds Transfer (EFT) are used interchangeably and refer to the payment of a customer's instruction by electronic means. So long as the interbank communciation is by electronic means, me Funds Transfer (FT) will be classified as electronic. EFT eliminates the use of paper in effecting payment orders, replacing paper documents with electronic pulses which can be processed by computer.3 Electronic payments really have not much to do with money. What happens in EFT is that debts are transferred from one bank to another. The only connection with money is that the units in which the debts are denominated are real money units.4 EFT systems are primarily concerned with the management of information, i.e. the transmission of information between banks and the resulting change in bank records. The effect of an EFT between each banks and its customer is that there is a change in the respective indebtedness of the bank and the customer. From the foregoing, it becomes apparent that IT and E.B. are inextricably linked and indeed E.B. may be properly described as a subset and offshoot of IT. Types of E.K. E.B. has evolved over the year from mere computerisation of customers' accounts and account information and Automated Teller Machines (ATM) which allows for deposit and withdrawals of cash and transfer of funds, to Telebanking which allows delivery of branch financial services via telecommunication devices where bank customers can perform retail banking transaction (with the exception of withdrawals) by dialing into a touch tone telephone or mobile communication unit, which is connected to a an automated system of the bank by utilising Automated Voice Response technology-^ A more recent innovation in the Nigerian E.B. terrain is the PC based banking. PC banking refers to the process of banking at home/office by subscribing to and dialing into a bank's intranet via a proprietary software system. PC banking makes it possible for computer literate customers who possess a PC and a modem to perform banking transactions from the comfort of their homes/offices.h Internet banking is the latest progression of E.B. in Nigeria. Internet banking does not require the use of any proprietary software, unlike in PC banking - only browsers are used. Banking on the net allows for two scenarios namely: • Banks with an existing branch of networks offering financial services through the internet and • Banks without any branches offering banking services through the internet (Virtual banking). Internet banking still being at an embryonic state in Nigeria, the range of banking services that are offered via the net are largely limited- Whilst in the developed world, the services described above are offered by majority of banks, only few banks in Nigeria can honestly boast of E.B. 3 Lanre Ola Oluwa: Basic Lessons on Information Technology Law (1998) 2 MIL BQ 49 P. 50 ' 0. Ajayi. Legal AspecLs of Electronic Banking in Nigeria - a paper delivered at ADCG Seminar on Preventing Fraud in an Electronic Banking Environment - 20/2/98 5 Cititel from Citibank Nigeria, GTB also offers this service 6 Paylink, Citibanking on-line from Citibank Nigeria services beyond computerisation of account information and branch interconnectivity. The few banks who have exceeded this amongst the few banks which offer a wider variety of E.B. products/services and products include provision ofATMs, debit cards, smart cards, PC banking, telebanking and internet banking.
Apart from appalling basic infrastructure (notably electricity and telecommunications), other factors which contribute to the low growth and acceptance of E.B. in Nigeria include the reluctance to move away from traditional hard cash and general mistrust in our society and the high level of illiteracy prevalent in the country as well as the present level of computer literacy even amongst the literate.
Additionally, an enlightened customer considers three factors before submitting to a new technology - convenience, minimal costs and maximum security, m promoting E.B. products and services, Nigeria banks must be able to clearly demonstrate to the customers that these factors have been diligently and practically addressed- Banks should also embark on enlightenment and marketing drives which emphasise the availability, ease and advantages of E.B. services and products. Finally, banks must ensure that the services are simple, easy, user-friendly and of sufficiently high quality to ensure customer satisfaction.
PART 1] - Operational and Practical Issue Arising from E-B.
As mentioned above, what really happens in E.B. is a transfer of debts between the parties involved by electronic means. , Banks (as well as customers) are therefore concerned that these electro-communication are not only duly authorised and initiated, but that they have not been repudiated or interfered with.
Due Authorisation cmd Verification
A key issue that arises from E.B. is that of the viability of the authorisation limitation of E.B. transactions- Traditionally, customers authorise banks to execute transactions on their behalf via documents which were duly executed/signed. With the advent of E.B- - Personal Identification Numbers (P.I-NS), digital signatures, biometrics, dynamic signature analysis have replaced the manual signature of customers.
How do banks verify electronic instructions? Who bears the risk of unauthorised instruction? When funds are mistakenly transferred to the wrong account, is the beneficiary bound to return same? Does the transferee have any rights against a recipient who converts such funds to his own use, being fully aware of the wrong transfer? These arc part ofthe questions that arise from E.B.
Privacy/Confidentiality
Privacy issues also arise from E. B. E.B. transactions are not as anonymous as cash transactions as details ofE. B. transactions can be recorded in a central data bank. Details ofthe customer's identity will be recorded as they initiate transactions and since E.B- can be used to conduct a wide variety of transactions, a record ofthe an individual's movements and purchasing habits can be
created. This is the more so with the use ofthe smart card technology.
Should customers be notified of or consent to potential uses and disclosure of information? Other risks of breach of the banker's duty of confidentiality to its customers in an E.B. arena may arise either from bank employees who obtain and misuse customer information or from outsiders who obtain access into a bank's system by hacking into it?
Who bears the risk of me breach of privacy/confidentiality of the customer? Should there be a rigid rule or should it depend on the circumstance of breach? What due diligence measures should the bank have taken to minimise the occurrence of the risk?
Money Laundering
The ease with which electronic funds transfer can be used to facilitate money laundering has serious implications for E. B. The good news though is that the transaction trail which E.B. provides can assist the regulators track funds flow, setting up an audit trail which may discourage the use of the financial system for such illicit activities.
Electronic Records
E.B. necessarily means that preservation and retention of transaction records will be by electronic means- The mode of electronic record retention must therefore be such as allows the electronic record remain accessible so as to be usable for subsequent reference, to be retained in its original form or which accurately represents the original information and which allows for the retention of the identification of (he origin, destination and the date and time for dispatch or receipt of the electronic record.7
The requirement of various enactments8 on retention of banking records must be borne in mind in preserving electronic rccords-
Computer and Other Electronically Generated Evidence
Following from the fact that records of E. B transactions must be stored electronically is the mode of evidencing these transactions in the even of disputes arising from E.B. transactions. The issue here is whether our rules of evidence recognise electronically generated evidence. Would a PIN under the extant Nigerian law be described as a signature?9 Do our rules of evidence require revision to accommodate the new concepts resulting from E.B. which arc unknown to our substantive let alone adjectival law? These are some of the evolving problems that I. T - E.B. pose to our present legal framework.
Negligence
Where E.B. involves the use of cards, the issuer must carefully address the issue of liability arising fl-om the use of the card by the cardholder. This will be primarily a matter of contract. Of course the cardholder will be liable for any authorised use of his card.
Can the cardholder be liable for the tort of negligence however? To establish negligence, the card issuer must be able to establish the duty of care on the cardholder, foreseeability of damage resulting from the cardholder's conduct, the carelessness of the cardholder and the causal
7 Fong. H-Commerce: A legislative Initiative in the Hong Kong SAR Vol. 15 Issues 3 JIBL 2000 s Money Laundering Act, 1995 - Section 7, Banks and Other Financial Institutions Act, 1991 - Section 24, 9 See generally, Osiha]0: "Problems of Proof Computer and Other Electronically Generated Hvidence in Local and International Financial Transactions'" - published in International Finance & Kxtemal Debt Management, Workshop papers of U NDP Conference on international Financial Transaction/Intcmal.ional Banking, May 1991 P. 320-352. connection between the cardholder's carelessness and the damages caused to the issuer10 The burden of proving negligence falls on the issuer, which may not be easy to discharge -- especially in proving the cardholder's carelessness. It is advisable to recover from a negligent cardholder in contract rather than tort especially where contract terms are clear. An issuer negligent in performing its obligations will also be liable to the cardholder. Where the issuer does not properly verify customer's signature or authorisation instruction, the issuer will bear the brunt of fraudulent transaction.
liability For Misuse
Common law principles of contract governs question of liability for misuse of charge and credit cards. Where me misused token is a smart card or cheque card, additional consideration based on agency principles apply. It may be argued that regardless of the terms on which the card is issued, a bank is not entitled to debit its customer's account for an unauthorised transaction.11 The argument here is based on the allocation of risks connected with the use of smart. The better view may be though, to pre-determine where the responsibility of risk will lie where the misuse of the medium of exchange is as a result of the negligence or fault of the customer, the customer will be responsible for loss resulting therefrom - e.g. where a cardholder fails to give notice of the loss or misappropriation of the token. Wordings of smart/cheque card clauses may be tightly worded to ensure that bank's liability is confined to payment on smart cards authorised by, or of cheques signed by the real cardholder.
Taxation
i
The type of taxation applicable to E.B. transactions should also be considered- VAT is the most pertinent, being a tax on me consumption of goods & services. Banks should take into account the computation of VAT charging for E. B. transactions.
PART III - Legal Framework for EB in Nigeria
The first point to note here is that there are no legal regulations whatsoever relating to Electronic Banking in Nigeria. The problems highlighted above have no solutions in our extant legal dispensation. Even banks conducting E.B. transactions need no special permission to do so from the CBN.
We can however suggest solutions to the problems highlighted based on the general principles of contract, as well as prescribe guidelines for the development of Nigerian Law in this area.
Digital Signalure/PINS/Authentication of Electronic Signatures and Instructions
While fraudulent transactions resulting from misuse of these (signatures) can be practically and technically guarded against by tight security and encryption mechanisms (such as public key cryptography, biometrics, dynamic signature analysis), liability resulting from the misuse can largely be regulated by contract. Players in the E.B. arena should clearly distribute responsibility in the event ofcrystalization of this risk. E.B. being a relatively new terrain in Nigeria, customers will lack the muscle to properly bargain advantageous contractual terms. As such it may be prudent for regulators to wade in cautiously to protect the customer. Contract terms may however
10 I.T.A.V. Amrani (1994)3 NWLR (Pt 331)P 300, Wmfield & Jolowiczon Tort (14th Edition) p.78 '] 0. Ajayi Op cit I .cgal aspects of Electronic Banking et al ...... Op. oil specify that Banks receiving an electronic message arc authorised to accept any properly authenticated message which purportedly emanates from the sender, and may act on it without making any enqury aboul the circumstances of the instruction.''
Privacy/Confidentiality i
Conflicts which may ensue from privacy and confidentiality issues can also be curtailed by conn-actual provision expressly obtaining the customer's consent to disclosure of information to third parties. The scope of the disclosure should be clearly defmed however, in order to achieve balance and not entirely remove the confidentiality foundation of the banker - customer relationship.
Money laundering
Whilst parties may expressly agree not to use E.B. facilities to aid laundering activities, the current Money Laundering Act (MLA) place reporting and know your customers obligations on financial institutions - which should be adhered to in the conduct of their business, the manner of
service/product delivery not withstanding. With smartcards, transaction trails can be recorded electronically and this will also assist the regulators in monitoring laundering-!'
Electronic Record & Electronically Generated Evidence
Modifications are necessary to our present law of evidence to accommodate both electronic
records and electronically, generated evidence- Even the MLA must be interpreted to include electronic records when it prescribes the length of time records must be preserved under the Act.
On electronically/computer generated evidence, courts would do well to interpret our present laws so as to accommodate the new concepts arising from E.B. The courts should be willing to accept me evidence of use of a PIN as raising a presumption that the cardholder authorised the transaction- The courts may also take judicial notice of computerised system of keeping accounts in the commercial and banking sectors in Nigeria14 In Anyeabosi V- R. T. Briscoe15 , the Supreme court admitted a computer print out as secondary evidence under section 97(i)(d)(g) of the evidence Act.
Negligence and Liability For Misuse
The contracts regulating the E. B. transactions should plainly determine responsibility and remedies in the event of negligence. Nigeria, not being subject to any equivalent of the Unfair Contract Terms Act of 1977, banks here may provide elaborately for exclusion of liability in
certain situations and the distribution of responsibility under various scenarios.
12 Clive Freedman: H-Commerce - the U.K's Draft Electronic Commerce Bill - (1999) J.B.L. Issue 12.
13 Sections 2,6(2), 6(2) & 10(i) - Money Laundering Act, 1995
14 See Ogolo v 1MB (1996) NWLR (P 419) P 314 al 32%- See S.74 Evidence Act Cap 112,1990. Note that in the three levels of our superior courts of record-courts here have accepted computer generated evidence - See Anyeabosi V. R. J. Briscoe and Kate Enterprises v. Daewoo (1985) 2 NWLR (P 5)P 116.
15 (1987) 13 NWLR (Pt 59) p 84 Jurisdiction and Choice of Law Issues
These should be clearly addressed in advance by contract to avoid uncertainty. This is not so in the case ofTortious liability. Since E.B. especially internet, banking is available to a wide variety of persons across varying jurisdictions, each jurisdiction will apply its own rules for determining the applicable law of tort.
Regulatory Supervision of E.B.
What role should the CBN play in regulating E.B.? What permission should a bank which wishes to use E.B. as a service delivery mode obtain before proceeding? What new laws need to be introduced? What new crimes must be defined?
It is arguable whether the private sector should be the chief decision maker as regards policy and operational issues of E.B- and that the Government should only intervene when there is clear evidence of market failure or deficiencies.1([
In Nigeria today, strictly speaking, CBN approval is not even required to launch E.B. products or services. Mere notification prior to lake off of the product/services is sufficient.17 Taking into consideration, the complexities of E.B. transactions which are still evolving daily, we suggest that informed attention should be paid more closely to E-B. by our regulators. However, given the global nature of E.B., the internet will need to be regulated through international rather then purely territorial means18. It js in view of this that a light interventionist approach of regulation is suggested- Regulators should at the very least be concerned with the security of online banking19. In coming up with regulations/guidelines for E.B., study groups/committees should be formed, commissioned with studying the growth of E.B. in Nigeria and charting a course forward for a practical regulatory regime.
In charting a course for the development of the law in respect of E.B. in Nigeria, the following principles should undcrgird the evolution of relevant laws:
• Ensuring that business people/customers can choose whether to do business through the use of paper documentation or by electronic means without any avoidable uncertainty arising out of the use of electronic means of communication.
• Ensuring that the fundamental principles underlying the law of contract and tort remain untouched save to the extent that adaptation is required to meet the needs of electronic commerce.
• Ensuring that any laws which are enacted to adapt the law of contract or the law of torts to the use of electronic commerce are expressed in a technologically neutral manner so that changes to the law are not restricted to existing technology and can equally apply to technology yet to be invented.
16 Jason Chuah: The New EU Directives to regulate electronic Money Institutions (2000) JIBL - Issue 8.
17 CBN Circular Ref. No. BSD/CR/8/98 on Guidelines for the Introduction of New Financial Products and Advertisements by Deposit Taking Financial Institutions of 23/3/2000.
18 Sawyer; Electronic Transactions B.U for New Zealand (Part I) [2000] J. I.B.L. issue 10
19 Fong: E-Commerce: A legislature Initiative in the Hong Kong SAR op Cit.
Freshfields: Don't get caught in the internet: Know your liabilities - July 2000 publication at
http\\ :www. freshfields. corn • Ensuring compatibility between principles of domestic and private international law as applied in Nigeria and those applied by the country's major trading partners.
Further, the following questions need to be addressed in respect of banking law and taxation:
• Is there any need lo control the issue and use of electronic money? (e.g. smartcard).
• What form of registration should issuers of electronic money undergo?
• Is special legislation necessary to prevent money laundering in an E.B./e-commerce arena, or to protect consumers from an issuer's default?
• Is there any need to be concerned about the international movement of electronic money?
• What (if any) are the legal or economic implications arising from allowing "electronic money issued in one country to be redeemed in another?
• Should banking issues be addressed by our law reform commissions or CBN or both?
• Are any further steps beyond redefining "writing" and "signature" to include electronic equivalents, necessary to facilitate paperless international transactions?
• Is there a case for special rules for taxation of electronic transactions? Should these issues be addressed by the Law Reform Commissions or FBIR or both?
• Is there a need for a revision of our criminal codes to accommodate computer related crimes?
The answers to these questions will doubtless go a long way to create a balanced regulatory environment for the operation ofE.B. in Nigeria.
E-Commerce
A cursory look at the legal issues generally arising from conducting business on the internet is necessary before concluding our discussion. The key potential liabilities for conducting business on the net are summarised below:
(a) Contractual Liability
Unwanted contractual obligation may arise where service providers/suppliers are not in control of the acceptance process. A prescribed method of acceptance should be defined to avoid uncertainty. Additionally, e-suppliers need to be aware of the steps to be taken to ensure effective incorporation of the e-suppliers terms and conditions. Care should be taken with disclaimers of liability, jurisdiction and choice of law clauses and arbitration agreements on websites and in e-contracts.
(b) Tortious Liability
E-suppliers may also be exposed to tortious liabilities arising from materials placed on their web sites - e.g. fraud by an employee in the scope of his authority, misrepresentation, negligent, misstatement and defamation.
(c) Jurisdiction and Choice of Law for Torts
Whilst the jurisdiction and choice of law for resolution of disputes arising under contract can be prescribed clearly in advance, this is not so in the event of tortious liability. Each jurisdiction will apply its own rules for determining the law to be applied to torts. Determining the applicable law gives rise to uncertainty if there are number of competing jurisdictions in which one or more elements of the tort may have taken place. Each case
20 These arc the guiding principles upon which the New Zealand Commission to analysis of developing e- commerce regulations were based. See Sawyer - Supra. See also N.2 Law Commission Report 50:
Electronic Commerce Fart One : A Guide for the legal & Business Community (Oct. 1998) available at Http://sss,lawcom.govt.nz/ECOMM/RSOCon.htm. is likely to turn on its own particular facts. The law of the country which has the most significant relationship with the tort and the parties may however be applied.
(d) Defamation
E-suppliers are likely to be liable for defamatory materials written, edited or published on
their website. Defamation, being a tort, the law applicable in determining the occurrence of the tort will determine the defences available to a defendant.
(e) Hyperlinks
The risk exists that websites owners providing links to other sites may be held liable for
the contents of linked sites. An action for negligent misstatement may be brought on the basis that the existence of a link on the linking website gave rise to a representation that the contents of the website were true and reliable. A claimant may have difficulty though in establishing the necessary duly of care, and that the claimant's reliance was reasonable and caused the loss complained of.
(0 Criminal Liability
Issues of what amount to crime on the net and the relevant criminal jurisdiction will depend on the activity of, and jurisdiction where relevant elements of the offence occurred. E-suppliers may also fmd themselves victims ofcybercrime which may result in civil liability in negligence - e.g. include spoofing, data theft, defacing etc.
Managing the risk of doing business in the internet General Contract Terms and Website Design
Most risks can be managed by drafting appropriate terms and conditions for the use of a website and for any e-contract that is made. In designing their websites and drafting terms and conditions - appropriate terms setting out the relevant information required concerning the e-supplier and the contract and clear rules as to when the contract will be considered to be concluded and contractual obligations arising from the contract should be defmed. Liability should be limited and excluded as desired and all other relevant terms should be specified. The design of the website must ensure that the terms and conditions for operation of the site and any c-contract arising from the operation of the website are effectively incorporated e.g. by use of prominent hyperiinks.
Jurisdiction and Choice of Law Clauses
E-suppliers should lake steps to limit the jurisdiction in which they can be sued by incorporating an effective jurisdiction clause into c-contracts. Although the extent to which choice of law clauses will apply to non-contractual clauses is uncertain, these clauses should be drafted to widely cover non-contractual disputes.
Restricting Access
To avoid liability for contravention of criminal law or regulations in certain jurisdictions, e- suppliers may consider limiting website access from those jurisdictions. A home page may, for instance, require the person accessing the website to state the jurisdiction from which they are assessing the site. Unwanted jurisdictions can therefore be screened out assuming that people are honest about their location.
Third Party Material
Where c-supphers are notified that third party material on parts of the web for which they are
responsible contains harmful material, they should initiate a review as soon as possible. Linking website owners may also consider obtaining indemnities from linked websitc owners for any loss suffered as a consequence of me contents of the linked site.
Website Security
Potential claims may be avoided by reviewing security architecture - e.g. the use of firewalls and encryption.
Alternative Dispute Resolution (APR.)
ADR techniques can be used to resolve disputes arising from the use of a web-site or out of an e- contract. As an alternative, arbitration may be used as a speedy and effective dispute resolution system. For an on-line arbitration agreement to be valid, there must be agreement between the parties which should ideally from part of the contractual terms and conditions.
CONCLUSION
I have attempted to present an overview of primarily legal issues arising from the conduct ofE.B. and doing business on the internet. Whilst this is not an exhaustive review of problems relating to this aspect of the law, it is hoped that the issues highlighted and solutions proffered will assist in
navigating the uncharted course ofE.B. and e-commerce in Nigeria.
10
|