Posts this month
A blog on financial markets and their regulation
A couple of days back, the Reserve Bank of India (RBI) issued new guidelines regarding who bears the loss from online banking frauds. The effect is to limit the liability of the customer and thereby transfer the loss to the banks. This measure has been seen as a customer friendly one. Basic economics teaches us to be careful about coming to such a conclusion. In equilibrium, banks would probably recover all expenses incurred by them from their customers. In fact, today, bank customers in India are probably paying higher fees as banks try to recover their bad loan losses from their customers. Unless banking becomes more competitive, the effect of the RBI regulation would more likely be a transfer from one group of customers (those who do not use online banking or have not been defrauded) to those who have lost money.
I think that the RBI regulation is a very good move for a very different reason: incentive compatibility. The important thing is that the regulation places losses on the party that can do something to reduce frauds. A customer cannot improve the bank’s computer security, she cannot ensure that the bank patches all its software, follows a good password policy, and so on. Only the bank can do all this. Unfortunately, computer security does not receive adequate attention from the top management of banks in India. If the new policy helps concentrate the minds of top management, that would be a good thing. If that does not happen, maybe the bank will wake up when the losses materialize. That is the true benefit of the new regulation – it has the potential to reduce online frauds.