Scope Of Consumer Protection in The Banking Sector in India

- S Kamesh and G. Tejas Renganathan

Abstract
The quintessence of the consumer protection jurisprudence has been, to protect the
consumers against exploitation and to ensure that the ‘right to be heard’ upheld, when these
rights are breached, citing legal inadequacy or nature of industry, there is scope for
extension and application of the statute to encompass sectors like banking and finance as
well. This article aims to explore the remedies that are available to an average customer
availing banking service, within the purview and outside the purview of the consumer
protection act. It also touches upon the question of obligation of banks to protect confidential
information, subsumed under right to privacy, which is covered under Art.21 of the Indian
constitution.
A classic case of Bank collapse, was the Punjab and Maharashtra Cooperative Bank (PMC)
crisis1 in 2019. Where the regulator had clamped down and restricted the operations of the
Bank and barred major transactions in almost 6 different states. There was a 6-month
moratorium, placed on withdrawals and credit creation activities. The customers of the bank
were allowed only a withdrawal of Rs. 1,000 from their deposits. The depositors were
extremely dissatisfied and it is pertinent to note that rural depositors formed a major part of
PMC bank depositors.
This collapse directly affected the small depositors (around 63% of the total), who belonged
to the Middle – income groups and rural areas as well. A bank collapse hits straight to the
central vein of financial aspirations of millions of consumers (bank depositors, borrowers)
who depend on their savings. In India, when it comes to preferred financial instruments for
investments, around 95% of Indians choose Bank deposits over securities and mutual fund
options as per Securities and Exchange Board of India - SEBI’s survey2 released in 2017.
Illustratively, let us imagine that an ordinary consumer ‘A’ sells his property and deposits all
the income with a Bank. He deposits, with a hope that it is safe and expects returns so that he
can set up a business when time comes. Now, all of a sudden, the regulator is clamping down
on this bank and it is collapsing. The consequences have been tragic in some cases. This is
precisely what happened to Mr. Raunak Modi, a customer of PMC. Following the collapse,
although RBI did not cancel the license but only placed restrictions on the operations of the
bank, the 24-year-old depositor (raunak) ended his life. There were other protestors who
ended their lives, senior citizens who died as a result of cardiac arrests. The insecurity
stemmed from the simple presupposition that their deposits are gone. Furthermore, this brings
us to explore the question of ‘consumer protection in the banking and financial sector.

1
https://timesofindia.indiatimes.com/business/india-business/pmc-bank-saw-massive-cash-withdrawals-before-
rbi-clamp-down/articleshow/71389502.cms
2
SEBI’s Investor survey report, 2015
There are three important definitions, that must be analysed in this light. The definition of
‘Consumer,’ ‘deficiency’, ‘services’ under the Consumer protection act. A cursory reading of
the provisions of statute3 would make it clear that,
 Under Sec 2 (1) (d) (ii) - “consumer” means any person who, - (ii) hires or avails of
any services for a consideration which has been paid or promised or partly paid and
partly promised, or under any system of deferred payment and includes any
beneficiary of such services other than the person who hires or avails of the services
for consideration paid or promised, or partly paid and partly promised, or under any
system of deferred payment, when such services are availed of with the approval of
the first mentioned person but does not include a person who avails of such services
for any commercial purposes.

Explanation - For the purposes of this clause, “commercial purpose” does not include
use by a person of goods bought and used by him and services availed by him
exclusively for the purposes of earning his livelihood by means of self-employment”

 Deficiency in service is defined under, Sec 2 (1)(g) as - “deficiency means any fault,
imperfection, shortcoming, or inadequacy in the quality, nature and manner of
performance which is required to be maintained by or under any law for the time
being in force or has been undertaken to be performed by a person in pursuance of a
contract or otherwise in relation to any service; ” (Now covered under sections 2 (7)
(ii) and 2(11) of the Consumer protection Act 2019, respectively)

 Service is defined under ‘2 (42) of the Consumer Protection Act,2019 – “service”

means service of any description which is made available to potential users and
includes, but not limited to, the provisions of facilities in connection with banking,
financing, insurance, transport, processing, supply of electrical or other energy,
telecom, boarding or lodging or both, housing construction, entertainment,
amusement or the purveying of news or other information but does not include the
rendering of any service free of charge or under a contract of person service”
It is the definition of ‘service’ that clearly brings Banking as a service within the purview of
Consumer Protection act. And the courts in India have competently applied and extended the
consumer jurisprudence for Banking and other services as well.
In Arun bhatiya Vs. HDFC Bank and Others4, it was a case that went on for appeal, before
the Supreme court of India, against the orders passed by the National Consumer Disputes
Redressal Commission (NDRC), initially it was a case before the SDRC, which declined to
entertain it as a ‘consumer complaint’ because the it was of the view that it is a civil dispute
and there was no question of ‘deficiency in service’. An appeal was followed to the NDRC,
as u/s 19 of the COPRA,1986 which also had also dismissed the petition in 2019.

3
Consumer Protection Act, 1986 and 2019
4
Arun bhatiya Vs. HDFC Bank and Others, 2022 SCC OnLine SC 1017
Basic factual matrix of the case is – a Fixed Deposit (FD) was instituted in the joint names of
the appellant and his father, upon maturity, the bank instead of crediting the deposit into the
joint account, credited it into the account of appellant’s father, upon his unilateral request.
The appellant contended that this was a ‘deficiency in the service’ provided by the bank,
covered under section 2(1)(g) of the 1986 act. The terms and conditions of the joint FD
scheme, clearly stated that ‘’ in case of any premature encashment, all the signatories to the
deposit must sign the instruction’’
The Hon’ble supreme court held that the case was maintainable before the SCDRC, and
dismissal of the petition by the SCDRC on grounds that it is a civil dispute and not a
consumer compliant, was not acceptable and there was a ‘Manifest error’ committed by the
consumer authority.
In Maharashtra State Financial Corporation v. Sanjay Shankarsa Mamarde5, It was held that
the scope of the term ‘deficiency’ was very wide and it is something that must be decided
based on the facts and circumstances of the complaint, and a single test cannot be used to
decide. In the most notable case of Vodafone Idea Cellular Limited v. Ajay Kumar Agarwal6,
(SC bench – CJI Chandrachud) It was held that services of all descriptions would fall within
the ambit of the provision. ‘’The definition of the expression “service” is couched in wide
terms. The width of statutory language emerges from the manner in which the definition is
cast. Parliament has used the expression ‘service of any description which is made available
to potential users’ ”.
The court also stated that the inclusive part given in the definition is not exhaustive but
illustrative in nature, and the parliament in all its wisdom has demarcated the inclusive and
exclusive parts properly. The exclusion is only with regards to services that are rendered free
of charge or under a contract of personal service and not otherwise. In V Sasidharan vs
Branch Manager, Syndicate Bank, 7the Supreme court decided on the question of whether
failure to disburse full loan amount would amount to deficiency, and whether it would give
rise to a cause of action. Pursuant to a contract, if the Bank has not disbursed the full loan
amount, it would give rise to a cause of action before the Consumer authority. It is within the
purview of deficiency, as the banking service is deficient in nature.
Apart from the consumer protection remedies available to a customer of a bank, the
fundamental right to privacy is also now recognized by law, and the Banks are entrusted with
ana obligation to maintain confidentiality in regards to information of customers. A breach of
this agreement would invoke violation of Right to privacy. It is now well established that
Article 21 of the Indian Constitution is one of the the main themes behind the evolution of
consumer protection laws in our country. The ‘Right to Privacy is the stepping stone of the
consumer protection laws in our country because every customer has the right with respect to
their personal choice.’

5
Maharashtra State Financial Corporation V Sanjay Shankarsa Mamarde, MANU/SC/0463/2010
6
Vodafone Idea Cellular Limited v. Ajay Kumar Agarwal 2022 LiveLaw (SC) 221
7
V Sasidharan vs Branch Manager, Syndicate Bank [1997 (1) CCC 97 (NS)
The Supreme court in District Registrar and the Collector, Hyderabad v. Canara Bank8, has
held that, 'Demanding information about bank accounts without statutory backings violates
Right to Privacy and examined the right to privacy pertinent to banking transactions, under
the Indian and American Jurisprudence. ‘Right to privacy dealt with persons and not places
and stated that “the documents or copies of documents of the customer which are in Bank,
must continue to remain confidential vis-à-vis the person, even if they are no longer at the
customer's house and have been voluntarily sent to a Bank.”
It is in this context that protection of data comes into play. Data if not protected properly
would lead to an abuse of the information which is a very serious issue concerning the user.
The Indian Judiciary in Justice K.S.Puttaswamy vs UOI9 understood the importance of data in
the online age and held that Right to Privacy (in the context of information) is a fundamental
Right under Article 21 of the Indian constitution. It is a well-known fact that India is a huge
country with a huge population, Consumers in India are availing various products and
services and with innovations like UPI, banking transactions are crossing millions. Banks are
much closer to an average Indian Consumer today, than ever in history. Let us see how the
Indian laws govern data protection and the liability of banks and other financial institutions in
maintaining the same.
As of 2022 the Personal Data Protection Bill,201910 is withdrawn. This means that India does
not have any codified laws that delve in the sector of data protection. But there are provisions
under other certain enactments that deal with Data and privacy protection.
The Information Technology (Reasonable security practices and Procedures and Sensitive
Personal Data or Information Rules),201111 commonly known as the SPDI Rules put certain
obligations on corporate body i.e., the data collector while collecting personal information of
the user. Personal information in simple terms is defined as any information that is capable of
identifying the person. The SPDI includes all data such as passwords, financial account
details, biometric information, medical records, and sexual orientation.
Section 43-A of the I.T Act is a very important provision with regards to the duty of the data
collector to keep safe the user information, and in case of a failure the section holds the data
collector to be liable for negligence.
Section 72-A of the IT Act is another provision that protects the interests of the users. The
section punishes those who violate the user contract and release crucial user information.
There is also sector specific regulation that invariably makes sure that the crucial personal
information is kept protected, it is a question of law as to whether the same rules would bind
the banks and the I.T act can be invoked for breach of data privacy and a consumer would be
entitled to prosecute the banks or not.

8
Distt. Registrar & Collector, Hyderabad & Anr vs. Canara Bank (2005) 1 SCC 496, AIR 2005 SC 186
9
Justice K.S. Puttaswamy (Retd) Vs Union of India (2017) 10 SCC 1
10
Personal Data Protection Bill, 2019
11
Information technology- SDPI Rules, 2011
Moreover, the Reserve Bank of India issues guidelines from time to time to Banking and non-
banking financial companies regarding data protection and privacy. The RBI asks the banks
to store transaction data in locally and strongly condemns storing of such important data
outside India12.
There are some other statutes that govern protection of data in specific regards to the Banking
sector.

 The Public Financial Institutions (Obligation as to Fidelity and Secrecy) Act,

1983 prohibits public financial institutions from releasing any customer related
information.

 The Banking Regulation Act, 1949 ('the Banking Regulation Act') has brought about
its own policies and principles with regard to data collection, storage and release.

 The Credit Information Companies (Regulation) Act, 2005 ('the Credit Information
Act') regulates how companies should handle credit information data. The enactment
imposes a lot of obligations and duties on the company regarding data handling. There
are various regulations that in detail specify how data must be collected, handled and
stored from time to time.

 The Bankers' Book Evidence Act, 1891 prevents banking official from making
disclosure about the bank customer user information unless there is a court order that
requires them to release the information .

 The Insurance Regulatory and Development Authority of India Act, 1999 ('the IRDAI
Act) It is the enactment that governs Insurance companies. The act mandates that the
insurance companies have a confidentiality policy with regard to user information.
The act clearly postulates that these companies must follow a privacy policy while
giving information to third party users (crucial data must not be released). In addition
to this the act states that information to statutory authorities must be given only when
legally bound necessity.

 The Income Tax Act, 1961 is bound by regulations with regard to the privacy of book
keeping and transaction information of the user. Just like in the AML act, the income
tax authorities are also entitled to disclose certain information but that will be subject
to the IT act and the SPDI rules.

While there are so many enactments and mechanisms to protect user data, there have also
been lapses in the part of these Institutions while dealing with crucial consumer information.
The judiciary, in all its wisdom has held in some landmark cases that, institutions can be held
liable for breach of data, and have been punished for their poor performance of duty.

12
RBI notification – on storage of Payment system Data, RBI/2017-18/153
‘Bank Of America Case13: The Utility Consumers' Action Network reported the very
commonly known bank of America privacy breach. In the case Bank of America was selling
the crucial personal information like social security numbers, bank account numbers etc of
35 million customers to marketers and third parties without informing individuals. The bank
was charged for its breach of privacy. As a settlement the bank paid 14 million dollars and
has revised its privacy policy’ .
This raised a lot of questions about the banking sector. Whether banks must be regulated
more stringently and frequently, under what circumstances should the banks be allowed to
disclose user information etc. after the incident stringent mechanisms were brought about.
In 2008 in the case of the Punjab National Bank vs. Rupa Mahajan Pahwa14: The bank
authorities gave the bank account passbook of a husband and a wife to an unauthorized
person. This meant that crucial banking information was provided to a random stranger. This
raised alarming questions about privacy of user information. The court held the bank liable
for releasing vital data, they were asked to pay a compensation.

After this case, there were some changes that was brought about:
Specific guidelines as to when user information must be disclosed was brought about. The
guidelines also mentioned the procedure for disclosure of information.
The new guidelines also mandated that a notice be given to the user before there is a
disclosure of information. The notice should include the privacy policy of the bank and
circumstances under which disclosure is made.

Apart from these remedies, there was an actual body funded and overseen by the RBI, that
was entirely customer centric and imbibed the values of consumer protection it its aims. The
Banking Codes and Standards Board of India (BCSBI), was an independent watchdog in the
Banking industry that protected the consumers, availing banking services in India. Two of its
primary “aims were,

 To plan, evolve, prepare, develop, promote and publish voluntary, comprehensive

Code and Standards for banks, to provide fair treatment to their customers.
 To function as an independent and autonomous watchdog to monitor and ensure
that the Codes and Standards are adhered to ”

The BCSBI made it easier for an average customer to seek redressal from the banks, by
Setting up a help desk at all branches to address the customer queries, Displaying the name
and address of the banking ombudsman particular to each bank branch, having a Code
Compliance Officer to ensure the rightful implementation of the Codes and Standards.

However, the RBI decided to Dissolve this particular body and set up its CEPD (Consumer
Education and Protection Department), which issued the Charter of Customer Rights (CoCR),
and considerably strengthened the Ombudsman mechanism to enhance consumer protection.

13
http://www.ucan.org/money_privacy/banking_finance_credit_cards/ucan_wins_lawsuit_against_bank_
of_america_concerning_poor_privacy_practices
14
Punjab National Bank vs. Rupa Mahajan Pahwa Appeal No. FA-2008/659
Conclusion-

The evolution of consumer protection jurisprudence has been phenomenal, covering almost
all sectors and industries, with the spirit being, protection of ‘consumers’ against exploitation
in the market place. Irrespective of the market or industry, the courts have tried to do
complete justice to the conception of consumer protection, by giving wider interpretations to
the language of the statute. This has extended well to the banking and financial world as well.
Customers availing the products and services of Banks are also entitled to protection. The
Consumer protection act, along with other initiatives by the RBI, have been fruitful in helping
the consumers of banking services.