Dear PAO,
Good day po. My mom lost P1.3 million from her bank account. A caller pretended to be from the bank. The caller gave her an OTP, not the other way. She just repeated it. She never gave her own OTP. She is 62 and not tech-savvy. The bank said they are not at fault so they will not return the money. Please advise us. Is there a legal way to force the bank to reverse the transfer? Can we file a case?
Lucy Escalante
Dear Ms. Escalante,
Section 6 of Republic Act (RA) 12010 or the Anti-Financial Account Scamming Act (Afasa) expressly states that financial institutions, i.e. banks, have the duty to ensure that the accounts of their clients are adequately protected by risk management systems. Moreover, such institutions are also liable for restitution of funds for failure to employ such adequate risk management systems:
“SEC. 6. Responsibility to Protect Access to Client's Financial Account. - Institutions shall ensure that access to their clients' Financial Account is protected by adequate risk management systems and controls such as MFAs, FMS, and other Account Owner enrollment and verification processes: Provided, That such risk management systems and controls are proportionate and commensurate to the nature, size, and complexity of their operations.
Institutions that are determined by the BSP to be compliant with the requirements of adequate risk management systems and controls shall not be liable for any loss or damage arising from the offenses under Section 4 and 5 of this Act.
Without prejudice to other liabilities under existing laws and consistent with BSP rules and regulations, Institutions shall be liable for restitution of funds to the Account Owners for failure to employ adequate risk management systems and controls, or failure to exercise the highest degree of diligence in preventing loss or damage arising from the offenses under Section 4 and 5. Conviction shall not be a prerequisite to the restitution of funds.”
In addition, Section 7 of the Afasa also states that a transaction is deemed disputed when it is facilitated through a social engineering scheme (i.e. a scheme where a person obtains sensitive information through deception or fraud resulting in unauthorized access over another’s financial account), it enjoins a financial institution to temporarily hold such transaction. A bank is liable for loss and damage, and payment of restitution if it fails to temporarily hold said funds subject of a disputed transaction (See Section 9).
In your case, your bank may be liable for restitution, loss, and damages if it would be proven that they failed to observe adequate safeguards. Since the loss you had suffered appears to be the product of a social engineering scheme, the bank is obligated to temporarily hold the transaction, and may be obligated to pay for restitution, loss and damages.
We hope that we were able to answer your queries. This advice was solely based on the facts you have narrated and our appreciation of the same. Our opinion may vary when other facts are changed or elaborated.
Thank you for your continued trust and support.
