Pools accused of CITIC Bank incident investigation results: the bank was fined 4.5 million

Specifically, the main facts of CITIC Bank’s violations are fourfold.

(Source: Interface News reporter: Su Huiwen)

Remember last year’s incident in which stand-up comedian Chi Zi ripped into CITIC Bank, accusing it of leaking personal flow without authorization? After the incident, the Consumer Rights Protection Bureau of the CBIRC launched a case against CITIC Bank, and after 10 months, the investigation results were finally released.

On March 19, the CIRC’s Consumer Protection Bureau issued a fine showing that CITIC Bank was fined 4.5 million yuan for the incident.

Specifically, the main facts of CITIC Bank’s violations are fourfold.

First, the institutional mechanism for customer information protection was not sound; the counter non-confidential inquiry of customer account details lacked a standardized and unified business operation process with the necessary internal control measures, and the self-investigation of chaos remediation was not effective.

Secondly, the management of customer information collection is not standardized; customer data access control management does not comply with the business “must know” and “minimum authorization” principle; the reason for querying customer account details is not true; without the customer’s authorization to query and provide third parties with their personal The bank account transaction information was provided to a third party without the authorization of the customer.

Thirdly, the sensitive customer information was not properly managed, resulting in its outflow to the Internet; the sensitive customer information was stored in violation of the law.

Fourth, there were loopholes in system authority management and deficiencies in the management of important positions and outsourcing agencies.

On the afternoon of May 6, 2020, a tweet by micro-blogger and well-known stand-up comedian Chi Zi (real name Wang Yuechi) sparked widespread concern, particularly igniting a flurry of vocal criticism and questioning of CITIC Bank.

Specifically, in the case of the economic contract dispute between Chi Zi and Xiaoguo Culture, the materials sent to him by Xiaoguo Culture included details of Chi Zi’s personal bank account transactions. Chi said that he has reported the case and made a statement, and also complained to the CBRC and other government regulatory authorities.

Pool revealed in the microblogging, after consulting a lawyer, according to the law, personal bank account transaction details are important personal privacy, the bank can not give personal account transaction details to a third party. This is an illegal act of violating citizens’ personal information.

In a short Time, the pool accused CITIC Bank to cooperate with the big customer laughing fruit culture leaked personal transaction details of the matter rushed to the first microblogging hot search, completely out of the circle.

In the early morning of May 7, CITIC Bank issued a letter of apology on its official microblogging site overnight, stating that the bank had verified that when Shanghai Xiaoguo Culture Media Co., Ltd. contacted its branch to inquire about its record of paying labor wages for employee Wang Yuechi, the branch staff did not strictly follow the rules and provided Wang Yuechi’s payment records. CITIC Bank apologized to Wang Yuechi and said it had disciplined the staff concerned and dismissed the branch president in accordance with the system.

On the afternoon of May 7, the interface news reporter learned from the Shanghai Banking and Insurance Regulatory Bureau, the bureau has paid attention to the matter and has formally intervened in the investigation.

Since then, the Consumer Rights Protection Bureau of the CBIRC has also informed the industry about the leakage of customer information by CITIC Bank, and said it has launched an investigation into CITIC Bank and will investigate and deal with the matter in strict accordance with the law.

On May 9, the official website of the CBIRC published “The Bureau of Consumer Rights and Interests Protection of the CBIRC issued a notice on CITIC Bank’s infringement of the legitimate rights and interests of consumers CBIRC Consumer Protection Fa [2020] No. 5” informed that in March 2020, CITIC Bank provided details of personal bank account transactions to a third party without the authorization of the customer himself, violating the principle of confidentiality for depositors and allegedly violating the Commercial Banking Law of the People’s Republic of China and the CIRC’s regulatory provisions on personal information protection, which seriously infringed on consumers’ right to information security and undermined their legitimate rights and interests.

The Bureau of Consumer Rights and Interests Protection of the CBIRC will initiate investigation in accordance with relevant laws and regulations, and investigate and deal with the case in strict accordance with the law. The “No. 5” emphasizes that banks and insurance institutions should be warned to strictly implement relevant laws, regulations and supervision in accordance with the Commercial Banking Law of the People’s Republic of China, the Insurance Law of the People’s Republic of China and the Guidance of the China Banking and Insurance Regulatory Commission on the Construction of Institutional Mechanisms for Strengthening the Protection of Consumer Rights and Interests of Banks and Insurance Institutions. They should carry out their business activities in compliance with the law and effectively protect the legitimate rights and interests of consumers.