2024-07-27
한어Русский языкEnglishFrançaisIndonesianSanskrit日本語DeutschPortuguêsΕλληνικάespañolItalianoSuomalainenLatina
Reporter of China Business Network: Liu Jiakui and Song Qinzhang Editor of China Business Network: Zhang Yiming
July,It was said that the Hutou Branch of Yinan County Rural Commercial Bank sold bills and other materials containing customer information as waste without processing.
On July 11, a reporter from the National Business Daily sent an interview letter to Yinan Rural Commercial Bank via email. As of press time, no formal response was received from the bank. Previously, a person from the bank told the reporter over the phone that the incident was under investigation and that a response would be given only after the investigation was completed.
What kind of materials are the ones mentioned in the report? How should banks handle materials containing customer information? The reporter interviewed several industry insiders on this issue.
A senior business manager of a large state-owned bank identified the bank slip pictures in the media reports and said:“This picture should be a receipt. The second copy is written on the right. Generally speaking, the second copy is the customer receipt. "He added, "It should be given to the customer after the business is completed."
The supervisor stated,Since the customer receipt is something that is handed over to the customer, there are actually no clear regulations (on its storage and handling). However, from the perspective of risk control, when handing it over to the customer, you should remind the customer to keep the receipt, and if the customer does not want it, it should be shredded on the same day. "Regular outlets usually have shredders in the lobby to make it easier for customers to deal with unnecessary documents."
"After handing it over to the customer, the responsibility for safekeeping and handling lies with the customer. However, if it is not handed over to the customer, or it is given to the customer but the customer does not want it, then it should be destroyed," the supervisor made it clear.
Regarding another bank slip containing user information mentioned in another report, the supervisor said, "As for this slip, it should be a voucher. Vouchers generally have a retention period, and the retention period of each bank may be different, but even if the retention period expires, it should be destroyed."
The supervisor also gave a detailed explanation of the specific business processing procedures for "vouchers".
"We generally call business subpoenas vouchers. At the end of the day, after the teller has checked the vouchers for problems, they will use a numbering machine to code them. After coding, they will fill in their own voucher cover. Then the general teller will collect all the vouchers of the day and seal them together. After sealing, they will be submitted to the city branch on a daily basis. The city branch will plastic-seal them, and then the city branch will submit these plastic-sealed vouchers to the provincial branch within a certain period of time. The provincial branch has a special place to store these vouchers, which is very large. They are stored for a specified number of years and then destroyed in a centralized manner."
The supervisor stressed that from the perspective of branch operations, "vouchers" must be placed in a drawer or box, and if the teller temporarily leaves his or her counter, the voucher must be locked up. In addition, "one's own vouchers must be sorted and handed in every day."
In short, at the banking operations level, materials containing customer information, whether they are handed over to the customer, submitted and sealed according to procedures, or destroyed according to regulations when the storage expires, should never flow out of the bank's door and be disposed of at will.
How do banks generally handle sensitive paper materials?
A corporate account manager of a joint-stock bank told the reporter, "We will archive and manage relevant materials containing customer information according to the business type. For example, loan business will be filed in the loan data, and batch card opening business will be filed in the business subpoena after being sorted out. If some of them cannot be identified, they will be destroyed."
"If you really sell scrap, it's a leak of information. It's illegal to leak customer information now."He said.
Taking the "Archive Management of Bank of China" as an example, it states that the bank shall conduct regular appraisal of archives and destroy archives with low preservation value in accordance with relevant regulations.
An insider of a bank in East China told the reporter that their paper documents involving customer information are generally kept in a special archive room.If there are paper documents that need to be destroyed, they will be handled by the connected confidential destruction company. "Generally, a dedicated person is responsible for the destruction. An application for destruction must be submitted, and then our colleagues will go with them to see the destruction process."
The other party further stated that since many of the bank’s businesses are currently conducted online, not much paper materials need to be archived or destroyed each year.
Another bank staff member revealed to the reporter of Meijing:The paper documents of the customers of the bank where he works are usually destroyed in a confidential manner and eventually shredded by large shredders. "Every year, they are packed into many sacks and taken away."
A professional destruction company in Shanghai said that their clients include banks."The bank will first look for a professional organization like us, and then we will provide confidential destruction, including pickup, transportation and destruction. For the destruction of paper materials, we have three options: incineration, shredding or pulping."
A professional destruction company in Guangzhou also said that for paper documents that need to be destroyed by bank customers, they generally incinerate, dissolve or crush them according to customer requirements.
Data elements are the core assets of financial institutions. As the financial industry enters the digital age, data security and data management have also become important issues for financial institutions, including banks.
A reporter from "Daily Economic News" noticed that in order to strengthen the protection of personal financial information, as early as 2019, the central bank issued the "Trial Measures for the Protection of Personal Financial Information (Data)" (hereinafter referred to as the "Measures") to some banks for comments.
In response to the phenomenon that personal credit data may be commercialized by some unscrupulous institutions, made into data models, and sold or used indefinitely, the Measures first define "personal financial information".It includes personal original information and extended information, such as the four elements of real-name authentication - ID number, name, bank card number, mobile phone number, etc., as well as financial information such as account information and asset information, in order to establish the scope of protection.
When answering reporters' questions about cases in which some financial institutions infringed on consumers' right to financial information security, the head of the relevant department of the People's Bank of China stated that the People's Bank has always attached great importance to the protection of consumers' financial information, insisted on "zero tolerance" for acts that infringe on the security of consumers' financial information, and resolutely cracked down on illegal and irregular acts that infringed on the legitimate rights and interests of financial consumers in accordance with the law.
In cases where employees of individual financial institutions are suspected of leaking consumer financial information, the People's Bank of China will investigate and file a case based on the principle of territorial jurisdiction. If it is found that the financial institutions involved have violated consumers' rights to the security of financial information, the People's Bank of China will severely investigate and punish the financial institutions involved in accordance with the law.
"Generally speaking, customer identity data is kept for at least five years after the end of the business relationship or a one-off transaction."A person close to the regulatory authorities told reporters that in 2022, Order No. 1 jointly issued by the three major financial regulatory departments, the People's Bank of China, the former China Banking and Insurance Regulatory Commission, and the China Securities Regulatory Commission, is the "Management Measures for Customer Due Diligence and Preservation of Customer Identity Information and Transaction Records of Financial Institutions" (hereinafter referred to as the "Management Measures").
The Management Measures stipulate that financial institutions must strictly abide by the law when collecting, using and providing personal financial information, and take effective measures to strengthen the protection of personal financial information, ensure information security, and prevent information leakage and abuse.
The "Management Measures" stipulate that the customer identity information that financial institutions should keep includes various records and materials that record customer identity information and reflect the financial institutions' customer due diligence work; the transaction records that financial institutions should keep include data information, business vouchers, account books about each transaction, and contracts, business vouchers, documents, business letters and other materials that reflect the actual situation of the transaction as required by relevant regulations.
At the same time, financial institutions should take necessary management and technical measures to gradually achieve complete and accurate electronic storage of customer identity information and transaction information.Protect business secrets and personal information in accordance with the law, prevent the loss or damage of customer identity information and transaction records, and prevent the leakage of customer identity information and transaction information.
The storage method and management mechanism of customer identity information and transaction records of financial institutions should ensure that they are sufficient to reproduce and trace each transaction, facilitate the anti-money laundering work of financial institutions, as well as anti-money laundering investigation and supervision and management.
The "Personal Information Protection Law of the People's Republic of China" issued in 2021 also states that sensitive personal information is personal information that, once leaked or illegally used, may easily cause infringement of the personal dignity of a natural person or endanger the personal or property safety of the person, including biometrics, religious beliefs, specific identity, medical health, financial accounts, whereabouts and other information, as well as personal information of minors under the age of fourteen.
Collect and organize the latest news information and make it available for free for everyone to read
