In a world where technological innovation grows so fast, a need to transform banking services from the classic model in which the client’s presence is required in the bank’s premises leads us to the new form of selling of the classic bank’s products.
The basic principles for this new form should be: a) fast communication with potential clients; b) the ability to identify clients on-line; and c) the ability to conclude agreements with clients on-line. So, the final result will be digital customer acquisition and digital lending, by taking advantage of modern technology.
Knowing that legislation and court practice do not always keep pace with life in all segments, we as in-house legal counselors are challenged to establish the model for this new way of banking business.
Let’s start with the problems that we face, the targets that we want to reach, and the analysis of relevant market legislation in the Republic of Serbia.
Our targets are opening accounts on-line and on-line lending to both existing and new clients of the bank. They are physical persons, wanting to use electronic signatures, electronic documents, and/or any other alternative digital channels. We also need to provide on-line identification of the client, taking into account the relevant Know-Your-Client (KYC) procedure.
Opening an Account with the Bank
According to the Law on Payment Systems that is in force in the Republic of Serbia, an agreement to open an account with a bank has to be in written form. Further, the Financial Services Consumers Protection Law requires banks to inform potential clients in advance of all conditions of the relevant agreement as well as to provide all necessary documents which should be signed by the client including, without limitation, an example of the subject Agreement, the General Terms and Conditions, and the bank’s tariff.
The Financial Services Consumers Protection Law allows documents to be rendered to the client on request in electronic form, by mail, or in a durable medium, but finally the Agreement has to be signed by the client in writing.
Conclusion of the Loan Agreement with Bank
In accordance with the Law on Contract and Torts and Financial Services Consumers Protection Law that are in force in Republic of Serbia, a loan agreement, agreement on credit card issuance, overdraft agreement, and other similar agreements regarding bank services must be concluded in written form. Further, the Financial Services Consumers Protection Law obliges the banks to inform potential clients in advance of all conditions for conclusion of the subject agreements as well as providing all necessary documents which should be signed by the client, including the subject agreement, the general terms and conditions, and the bank’s tariff.
The bank is also obliged to inform potential clients in writing of all possible costs (current and future) related to the subject agreements. Those costs include the bank’s interest rate, all bank fees, and fees of external third persons (for example fees for collateral establishing, fees for collateral execution, etc.
The Financial Services Consumers Protection Law allows documents to be rendered to the client on request in electronic form by mail or in a durable medium, but finally the Agreement has to be signed by the client in written form.
The review of the legislation of the Republic of Serbia leads us to the main question: How to create a document that is recognized by law as a “document in written form?”
In principle, the Serbian Law on Electronic Documents prescribes that where a regulation required a legal act to be in writing to be valid, the relevant electronic document shall be signed with a qualified electronic signature. Theoretically this means that, if the agreements mentioned in points I and II above are made as electronic documents and are signed by the clients and the bank by qualified electronic signature, they can be treated as documents in “written form.”
Nevertheless, neither the supervisor of the banking system in Serbia nor the protector of financial services consumers, in their interpretation of the relevant legislation, recognized electronic documents as documents in “written form” as required by the Financial Services Consumers Protection Law. And there is no court practice regarding this issue at all, specially not in respect of validity, legal binding and on execution of such document.
Thus, it appears that a new regulation is required to address this issue – to provide that agreements for banking services may be concluded on-line by means of electronic documents and qualified electronic signature.
KYC Procedure and Identification of Clients Online
The Serbian KYC legal framework is regulated by the Law on Prevention of Money Laundering and Financing of Terrorism and related by-laws. And under this Law, client identification is mandatory before any business relationship can be established. A “business relationship” between a customer and the bank based on a contract regarding the business activity of the bank that is expected, at the time the relationship is established, to have an element of duration.
Serbian law requires that data be determined from an inspection of a personal identity document in that person’s presence. If it is not possible to obtain the required data from the document, missing data shall be obtained from another official document. Data that cannot be obtained from such documents for objective reasons shall be obtained directly from the customer.
If the bank is unable to act in concordance with the regulation, then it shall refuse the offer to establish a business relationship, as well as the carrying-out of a transaction, and it shall terminate the business relationship if a business relationship has already been established.
Under the conditions set out by the regulations, the bank may also identify and verify the identity of a customer who is a physical person, or his/her legal representative, based on a qualified electronic certificate issued by a certification body in the Republic of Serbia, or based on a foreign electronic certificate which is equal to its domestic counterpart, in accordance with the law governing electronic operations and electronic signature.
In addition, identification and verification of the client’s identity based on an electronic certificate obliges the bank to ensure that the customer’s first transaction be carried out from the account opened by the customer in his presence.
Data protection requirements are a separate issue for banks. The processing of personal data in the Republic of Serbia is regulated by the Law on Personal Data Protection, which defines “personal data” as any information relating to a physical person and “data processing” as any action taken in connection with data, including the collection, recording, transcription, multiplication, copying, transmission, searching, classification, storage, separation, crossing, merging, adaptation, modification, provision, use, granting access, disclosure, publication, dissemination, recording, organizing, keeping, editing, disclosure through transmission or otherwise, withholding, dislocation or other actions aimed at rendering the data inaccessible, as well as other actions carried out in connection with such data, regardless whether those actions are automated, semi-automated, or otherwise performed (hereinafter referred to as “processing”).
Free movement of customer personal data is not possible according to local law, and it can only be communicated or transferred on the basis of the customer’s written consent.
A Data Protection Officer is not prescribed by local law as a mandatory function within the obligor’s organization. There are no obligations according to local law to prepare an internal act on personal data protection topic.
While we are waiting for new legislation to address all open issues and/or for court practice to resolve the same issues, the banks are running for new clients and acting to address client needs for something new. Therefore, banks’ in-house legal counselors are challenged to establish clear procedure for on-line identification of a potential client by taking advantage of smart mobile phones (such as identification via a client`s “selfy” pictures) and to find ways to sell their products without requiring their physical presence in bank premises. This will be the “pioneer job” on Serbian banking market and will result in an immeasurable advantage for the first bank able to solve all open issues. We lawyers are called to run this “battle” from the “first battlefield`s line.”
This Article was originally published in Issue 4.4 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.