Last year, the talk show actor Chi Zi “tipped” China CITIC Bank and accused him of leaking personal records without authorization. After the incident, the Consumer Protection Bureau of the China Banking and Insurance Regulatory Commission initiated an investigation into China CITIC Bank. After 10 months, the investigation results were finally released.
On March 19, the China Banking and Insurance Regulatory Commission issued a fine against China CITIC Bank. CITIC Bank’s main violations of laws and regulations all point to customer information collection and protection, and were fined 4.5 million yuan. The penalty decision will be made on March 17, 2021.
Specifically, CITIC Bank’s violations of laws and regulations include:
- The customer information protection system is not sound; the non-confidential inquiry of customer account details on the counter lacks a standardized, unified business operation process and necessary internal control measures, and the self-examination of chaos is inadequate.
- Management of customer information collection is not standardized; customer data access control management does not comply with the business principles of “must know” and “minimal authorization”; the reason for querying customer account details is untrue; querying and providing personal information to third parties without the customer’s authorization Bank account transaction information.
- Poor management of customer sensitive information, causing it to flow out to the Internet; storing customer sensitive information in violation of regulations.
- There are loopholes in system authority management, and the management of important positions and outsourcing organizations has flaws. (The Paper, Boss Hookup)