Last year, the talk show actor Chi Zi “tipped” China CITIC Bank and accused him of leaking personal records without authorization. After the incident, the Consumer Protection Bureau of the China Banking and Insurance Regulatory Commission initiated an investigation into China CITIC Bank. After 10 months, the investigation results were finally released.

On March 19, the China Banking and Insurance Regulatory Commission issued a fine against China CITIC Bank. CITIC Bank’s main violations of laws and regulations all point to customer information collection and protection, and were fined 4.5 million yuan. The penalty decision will be made on March 17, 2021.

Specifically, CITIC Bank’s violations of laws and regulations include:

  1. The customer information protection system is not sound; the non-confidential inquiry of customer account details on the counter lacks a standardized, unified business operation process and necessary internal control measures, and the self-examination of chaos is inadequate.
  2. Management of customer information collection is not standardized; customer data access control management does not comply with the business principles of “must know” and “minimal authorization”; the reason for querying customer account details is untrue; querying and providing personal information to third parties without the customer’s authorization Bank account transaction information.
  3. Poor management of customer sensitive information, causing it to flow out to the Internet; storing customer sensitive information in violation of regulations.
  4. There are loopholes in system authority management, and the management of important positions and outsourcing organizations has flaws. (The Paper, Boss Hookup)

By zhiwo

0 0 vote
Article Rating
Notify of
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
8 months ago

What do you think? Two heavens of ice and fire! A month ago, I took the lawyer’s investigation order issued by the court to a certain bank branch office and told them that I wanted to check the running records of the defendant’s account. The staff at the outlets were very enthusiastic, and opened a window for me individually, and someone to handle the formalities. As a result, two hours later, I rushed out of the bank. On the way back, I was too angry and accidentally chased the rear of the car in front (the snow on the road caused the braking distance to become longer, and the two cars were not injured). The following is what happened in the past two hours: the formalities of the outlets were completed in less than ten minutes, and the little brother at the window told me that the documents had been sent to the provincial bank and waited for the permission to be released. As a result, I waited for half an hour. I couldn’t bear my temper, and I said that you look at the Agricultural Bank next door. A year ago, I took a lawyer’s investigation order. They also have a special judicial investigation data center. The evidence collection process is very smooth. You are a bit slow. The younger brother is pretty good, so he immediately asked his superior manager (a young lady) to call the provincial legal affairs department to remind him. The result was that the meeting was going to be held and the meeting had to be adjourned. Me: …Well, dare you to have a meeting, the financial system will have to be partially paralyzed. After another half an hour… The manager called again, and someone answered this time, but the reply was that she was not granted release authority, saying that the lawyer did not have the power to check the client’s status. I really can’t hold back the fire: have you seen it? The lawyer’s investigation order has the official seal of the court. I am not asking you in my personal capacity. This is the court exercising judicial power. Didn’t you watch the news? Some units that did not cooperate with the lawyer’s investigation order were punished by the court. While I said that the “Opinions on the Implementation of Lawyers Investigation Orders in Civil Litigation (for Trial Implementation)” issued by the Provincial High Court and 13 units and departments on the mobile phone and the Supreme People’s Court’s “Conscientious Implementation of the Lawyers Law to Protect Lawyers According to Laws” The Notice of the Right to Practice in the Lawsuit was called out for her to see. Miss Sister looked aggrieved: We have to listen to the head office, or I will tell you about it. It was another phone call, and the young lady also read the name of the file to the other party. The answer is: this law has no effect on their banks. I was shocked: Is it the legal affairs of your province that answered the phone? You ask him which school he graduated from and he has not studied law before. Is this something a person who has studied law can say? A single legal affairs can despise the documents issued by the people’s court. Is your bank going to heaven? If you are like this, I know it has nothing to do with you personally. You must either stamp a stamp on the receipt to explain the reason for refusing to provide evidence, or write the name of the legal officer on the receipt. At least if we are to be punished in the future, we have to know who to punish! Seeing that I was in a hurry, the little sister was worried about being back, but another phone call was made. The answer is, do not provide your name, and do not stamp the return receipt. At that moment, I ran through a thousand alpacas in my heart… No way, looking at a simple brother apologizing, a young lady with a timid face, I was full of anger and had nowhere to vent, I could only slap one sentence: You province Not only did he never learn the law, but also how to be a responsible man! After I finished speaking, I walked out of the bank. The young lady drove me into the car all the way, said a lot of apologetics, and finally asked for my business card. I was afraid that I would complain to her if I didn’t give it to her and gave her one. Later, it is written at the beginning of the article. What is the two heavens of ice and fire? Even when the bank doesn’t want to give information, it’s useless for a lawyer to come with an investigation order. When the bank wants to give out information, take care of whose information you are!

8 months ago

This is a point of knowledge, friends! Have you ever studied ideology and politics in elementary school? It is necessary to respect personal privacy and use personal privacy data to meet the needs of major customers. Ideological and political unqualified. In the beginning, China CITIC Bank fined itself a glass of beer. Now it’s alright, the supervisory department is not satisfied, and will be fined three more glasses of liquor. It’s a bit uncomfortable after drinking it. This teaches us that we should boldly admit to making mistakes in the future and be honest and good children! China CITIC Bank, you can’t look at banks that are “trustworthy” in “China”!

8 months ago

CCB first cancelled the old card, then opened the card on the self-service machine, and confirmed to the staff next to it whether there were any expenses. If it was confirmed twice or three times, the old customer was exempted directly. OK, a fee of five yuan was incurred after the card was opened. The more I thought about it afterwards, the more it was wrong, and I asked what was going on. It’s not a question of money, but they all said that there will be no expenses. At the beginning: 1. Refusal to admit that the fee was exempted. 2. Refusal to issue fee invoices. Later, I complained to the provincial customer service center. 1. Apologize 2. Make up the invoice 3. Make up the user’s card issuance agreement before making an explanation. What I did was: cancel the old card in a different place—reopen the new local card—transfer the funds in the old card to the new card, but so far, only the first two steps have been completed, and the last step has not been done. I don’t know what the old Kanei’s few cents said when I went to look for it later. ICBC refused to issue an invoice for a card issuance fee of 10 yuan, and later complained to the provincial bank to issue a supplementary invoice. Express it to me.

8 months ago

The bank leaked the private information of its depositors and was fined only 4.5 million people, which would not allow the bank to keep a long memory.
Just like Weibo’s account of a certain e-commerce tycoon J’s wife on the account of beating Mistress, only the Cyberspace Administration of China requested rectification, suspended the update of the Weibo hot search list for a week, and demanded a fine from the Beijing Cyberspace Administration (not available online). Find the fine amount). Weibo will not remember this little money either.

8 months ago

As a former ZX teller, I want to say that CITIC actually attaches great importance to risk! At the counter, it is strictly forbidden to provide personal information to others, and you must hold an ID card to print it. In the past, I was at the counter and often complained about doing a lot of repetitive work or useless work because of risk control. This incident really confirmed my supervisor’s sentence of “don’t be afraid of ten thousand, just in case”. I have to say that the chief leaders of the head office are all foresighted and they are all awesome. As a result, this incident in the pool was absolutely forced by the leader of a certain branch to force the counter to print. Therefore, the pool incident reflects a common problem in the banking industry! To be more precise, it is a common problem at the grassroots level of banks! To put it bluntly, the risk awareness of individual practitioners is too bad! After all, in this place of the bank, any small leader likes to show his power. ZX’s counter system supports entering ID number to query the flow. Therefore, it is unavoidable that the higher-level requests to print the lower-level fulfillment events. However, it is not mandatory to swipe the ID card to print such a requirement. Because personal turnover is also needed for many judicial inquiries or anti-money laundering. So it is difficult to improve physically. Therefore, we can only start with improving the quality of bank employees, and finally return to the usual question. There is always one or two mouse shit.

8 months ago

In May last year, the talk show actor Chi Zi “hand-tipped” China CITIC Bank and accused China CITIC Bank of unauthorized disclosure of its bank statements on Weibo, which once caused widespread public concern. After the incident, the Consumer Protection Bureau of the China Banking and Insurance Regulatory Commission initiated a case investigation against China CITIC Bank. After 10 months, the survey results were released. On March 19, the China Banking and Insurance Regulatory Commission issued a fine against China CITIC Bank. CITIC Bank’s main violations of laws and regulations all point to customer information collection and protection, and were fined 4.5 million yuan. Speaking of it, this is not the first time that a bank has been fined for leaking customer personal information. In 2020, the branches of three well-known banks were heavily fined by the central bank for leaking customer information and other issues, with a total fine of over 40 million yuan. This time, CITIC Bank was fined 4.5 million yuan, continuing the heavy penalties imposed on financial institutions for infringing customer rights and interests since last year. However, because the talk show actor pool is involved, the “movement” is greater, and this ticket will inevitably get more focus. According to media reports, the reasons for violations of laws and regulations involved in CITIC Bank include: incomplete customer information protection systems, lack of standardization of non-confidential inquiries on customer account details at the counter, a unified business operation process and necessary internal control measures, and self-examination of chaos rectification Inadequate management of customer information collection links, customer data access control management does not comply with the business “must know” and “minimal authorization” principles; the reason for querying customer account details is not true; querying and providing personal information to a third party without the customer’s authorization Bank account transaction information; poor management of customer sensitive information, etc. In the end, the bank was fined 4.5 million yuan for this, and it was not unjust—providing a third party with personal bank account transaction details without the customer’s own authorization violated the principle of confidentiality of depositors and was suspected of violating the “China The Commercial Bank Law of the People’s Republic of China and the regulations of the China Banking and Insurance Regulatory Commission on the protection of personal information have seriously infringed on the information security rights of consumers and harmed the legitimate rights and interests of individual consumers. Chi Zi sued Weibo. Image source: Screenshot of Weibo This incident also caused some people’s concerns: Chizi only discovered that the bank statement was leaked without authorization when he was in a lawsuit with his former owner. Here comes the question: is this kind of phenomenon accidental or unspoken rules? Do similar problems exist in other banks or branches? It is not the first time that personal bank statements have been leaked, but ordinary people cannot have the attention of the pool. “Leaking personal bank statements”, supported by the enthusiasm of Chizi’s artist identity and a huge compensation of 30 million yuan, can naturally arouse public attention. Many ordinary people encounter this kind of situation, and they often suffer from dumb loss and “reckoning”. For this reason, behind many netizens’ support for Chizi’s rights defense is a circuitous expression of the demand for full protection of personal information security rights. In this regard, the China Banking and Insurance Regulatory Commission imposed a heavy fine of 4.5 million yuan on the banks involved, which not only meets public expectations, but also constitutes a deterrent to more financial institutions: disregarding the basic code of conduct of the banking industry and compromising customer information security rights will pay a heavy price. Furthermore, this also reaffirms a bottom line: as a bank, customer information is the core business secret and should be in the highest priority protection category, and it must not be given. Next, I hope that the bank involved can truly “eat a ditch and gain wisdom” and make up for the management loopholes earlier. I also hope that this punishment will not remain an isolated case because of the artist status of Chizi, but will form a “routine.” operating”. In the final analysis, as far as the bank is concerned, large customers and small customers cannot be divided. As long as they are customers, they must handle business legally and compliantly, and their privacy should be protected by law. Don’t take customer information seriously, you must pay for it.

8 months ago

This fine gave a warning to the staff at the grass-roots level: without proof, you can’t get rid of the running water. The staff here are not talking about the customer manager, but the people at the counter or backstage. The previous leader or customer manager ran to ask for a job. They may have printed it for various reasons, but there is this case here. Dare to print. There must be a lot less people, at least I have to ask, what are you calling for? to whom? Is there a document?

8 months ago

The penalties are not enough and the amount is too small. At least 500 million will be a deterrent to banks. It should form a convention that the legal person + actual controller of the company shall bear criminal penalties for public security OR. Because Shanchizi is a typical leak of personal privacy and can be punished. Only when the legal person + actual controller is made responsible for the incident can such an incident have a deterrent effect. For example, Ali sells fakes and directly punishes Zhang Yong and other actual controllers, while selling fakes directly punishes Huang Zheng. Only in this way can the law have a deterrent effect. As a company’s behavior, the first responsible person must be the first responsible person.

8 months ago

This is not the first time that a financial institution has leaked customer information, and there are not many successful cases of customer rights protection, right? Banks have always claimed to be a disadvantaged group, and do not know where the strength of our mass leek is? If it hadn’t been for the rights protection of public figures this time, I’m afraid it would have fallen into the sea, or is it under investigation? According to Article 253 of the Criminal Law, the staff of state agencies or financial, telecommunications, transportation, education, medical and other units violated national regulations to take personal information of citizens obtained by their units in the course of performing their duties or providing services. If the circumstances are serious, they shall be sentenced to fixed-term imprisonment of not more than three years or criminal detention, together with a fine or a fine. Anyone who steals or illegally obtains the above-mentioned information by other methods shall be punished in accordance with the provisions of the preceding paragraph if the circumstances are serious. If a unit commits the crimes mentioned in the preceding two paragraphs, the unit shall be fined, and the person in charge and other persons directly responsible shall be punished in accordance with the provisions of the respective paragraph. In other words, if the bank arbitrarily leaks the transaction details of the depositor’s personal account and the circumstances are serious, it may also commit the “crime of infringing on the personal information of citizens” and shall bear corresponding criminal responsibility. According to relevant laws and regulations, if the People’s Bank of China determines that a banking financial institution has provided personal financial information to institutions and individuals other than the financial institution in violation of regulations, it can take an interview with its senior management and ask for clarification; order the banking financial institution to rectify within a specified period of time Communicate in the financial system; suggest that banking financial institutions impose sanctions on directly responsible senior managers and other directly responsible personnel in accordance with the law; suspected crimes shall be transferred to judicial organs for handling in accordance with the law.

8 months ago

I think this incident will make the already weak banking industry even worse, causing a large number of unsophisticated people to touch porcelain banks. First of all, because the “pool” involved in the incident is an internet celebrity who has the influence of public opinion, the public will not care about the facts after the occurrence of public opinion, but will vent their emotions. In this case, the parties involved had a labor dispute with the unit, which raised objections to wages. As a bank customer, his unit is understandable to inquire about the reconciliation receipts for salary payments to employees. If the unit account transfers to the personal account, if you inquire about the unit account history details, there is also a record, and this is not personal privacy. Second, knowing customer privacy and leaking privacy are two different things. Disclosure of privacy means that the bank transfers the party’s information to a third party. The adverse effects of this case will result in a large number of individual customers not cooperating with the bank’s due diligence. Under the current strict supervision and anti-money laundering system requirements, banks have the right and need to know the business motives and identity background of customers, such as account opening purpose, cash source, use of funds, current residence, etc. However, with the help of online public opinion, individual customers often show resistance and even become an excuse for suspicious elements to avoid supervision. Finally, from the perspective of the general trend, it is very likely that the regulatory requirements for individual customers will be the same as that of unit customers, and there will even be no pure “individual customers” in the end. Under the background of the current “Card Broken Action”, new personal accounts are extremely strict, and newly-increased personal customers are generally employees of corporate customers. This means that if an individual wants to open an account, he must have a mature and transparent social relationship in the local area and be a member of an organization. And do corporate customers have the right to know the “privacy” of funds of their employees? I personally think it is necessary. As far as the bank employees themselves are concerned, personal accounts are strictly monitored by the bank, with no privacy at all, which effectively prevents professional ethical hazards. If this model is extended to all walks of life, especially the government, schools, hospitals and other key units, will it be conducive to combating corruption and maintaining integrity?

Would love your thoughts, please comment.x