Banking Board of Ecuador

RESOLUTION No. JB-2015-3327

THE BANKING BOARD

CONSIDERING:

THAT this appeal is resolved in accordance with the First Transitional Provision of the Organic Monetary and Financial Code, published in the Official Register Second Supplement No. 332, of September 12, 2014, whose text states that resolutions contained in the Codification of Resolutions of the Superintendence of Banks and Insurance and the Banking Board, and the norms issued by the control bodies, will remain in force in all that does not oppose what is established in the Organic Monetary and Financial Code, until the Monetary and Financial Policy and Regulation Board resolves what corresponds, according to the case; and, with the second paragraph of the Third Transitional Provision, which states that the Banking Board will continue to act until it resolves all claims, appeals, and other administrative procedures that it was hearing on the date of entry into force of the same, within a period of one hundred and eighty days, extendable at the discretion of the Monetary and Financial Policy and Regulation Board;

THAT through a complaint form dated December 20, 2013, Mrs. Mercedes Valentina Luzurraga Mendoza, filed a complaint against Banco Pichincha C.A. at the Regional Intendancy of Guayaquil, regarding the unauthorized withdrawal of USD $ 500.00 from her savings account No. 4037923800, in September 2013;

THAT the Regional Intendancy of Guayaquil, through letter No. DAyEU-ISFP-REQ-2014-065 of January 9, 2014, accepted the complaint for processing and requested explanations and defenses from Banco Pichincha C.A. regarding the aforementioned complaint;

THAT through letter No. BP-ACEC-2014-0082, received by the control body on January 28, 2014; Banco Pichincha C.A. presented the explanations and defenses related to the complaint of Mrs. Mercedes Valentina Luzurraga Mendoza, stating that:

"(...)

Once the corresponding verifications were made in our ATM files, it was established that the transactions subject of the complaint were carried out in the savings account No. 4037923800 with the debit card No. 4381081072723308 issued in the name of Mrs. MERCEDES VALENTINA LUZURRAGA MENDOZA, holder of the aforementioned account,...

The card was blocked on September 30, 2013 at 17:26:33, that is, when the transactions had already been carried out according to

---

Resolution No. JB-2015-3327

Page 2

the aforementioned data. It is very important to mention that in the presentation of the complaint, the client did not hand over the Xperta card. (sic)

The debit card and personal key generated by Mrs. MERCEDES VALENTINA LUZURRAGA MENDOZA constitute the only mechanism to access ATM services, so the strict custody and care that is taken with the card, as well as keeping the personal key secret, are specific responsibilities of the client. It is important to indicate that Banco Pichincha is technologically prevented from knowing the client's key.

For the foregoing and taking into account the client's responsibility regarding transactions carried out through ATMs and other electronic means, the Bank, in no way, can be held responsible for the transaction carried out with the client's card and personal key.

(...)"

THAT through letter No. IRG-DAyEU-V-R-2014-299 of April 17, 2014, the administrative resolution regarding the complaint filed by Mrs. Mercedes Valentina Luzarraga Mendoza was issued, where the Regional Intendancy of Guayaquil resolved to order Banco Pichincha C.A. to proceed to return the sum of USD$ 464.22 corresponding to three withdrawals challenged by the user, carried out on September 30, 2013, debited from their savings account No. 4037923800, which they hold in the aforementioned bank;

THAT through communication received at the Regional Intendancy of Guayaquil on April 30, 2014, the lawyer María Elena Franco San Lucas, Judicial Procurator of Banco Pichincha C.A., filed an appeal for reconsideration against the administrative act contained in letter No. IRG-DAyEU-V-R-2014-299 of April 17, 2014;

THAT through letter No. IRG-DAyEU-V-R-2014-617, of June 13, 2014, the Regional Intendancy of Guayaquil, after analyzing the arguments exposed by the financial institution, resolved to reject the appeal for reconsideration filed and ratified the administrative act contained in letter No. IRG-DAyEU-V-R-2014-299 of April 17, 2014;

THAT through communication entered in the Superintendence on July 4, 2014, Mr. Antonio Acosta Espinosa, Adjunct President of Banco Pichincha C.A., filed before the Banking Board a review appeal against the administrative act contained in letter No. IRG-DAyEU-V-R-2014-617, of June 13, 2014;

THAT the review appeal was accepted for processing by Licentiate Pablo Cobo Luna, Secretary of the Banking Board, through letter No. JB-2014-1792, of July 11, 2014;

---

Resolution No. JB-2015-3327

Page 3

THAT Mr. Antonio Acosta Espinosa, Adjunct President of Banco Pichincha C.A., bases his review appeal on the following:

• That Banco Pichincha C.A. has repeatedly emphasized the need for users to properly safeguard their personal and non-transferable debit cards and keys, as the lack of proper custody allows unrelated persons to commit acts that harm the cardholder themselves.

• That the client, in their capacity as the holder of the debit card, is the only one who can alert the institution if they have been a victim of a criminal act, which would have allowed the financial entity to take the necessary actions to prevent the damage.

• It is recorded in the movements of account No. 4037923800 of Mrs. Mercedes Valentina Luzarraga Mendoza, from the date and time when the first allegedly fraudulent transaction was detected, until the date and time of blocking the debit cards, the aforementioned account maintained balances of up to US$ 1,006.60, which is not common for fraud costs through debit card purchases.

THAT regarding the financial institution's insistence that the handling of the card and key is the exclusive responsibility of the client and therefore the bank cannot be held responsible for the damage that their negligence might cause, it is necessary to state that at no time is there evidence of correct conduct on the part of the bank, which allows it to disprove the accusations, therefore, it is not appropriate to place the responsibility for the challenged transaction on the claimant, on the grounds that it has not been demonstrated that the user failed to fulfill their obligation to safeguard their debit card and keep the key confidential;

THAT paragraph a) of article 51 of the General Law of Institutions of the Financial System, states that banks are authorized to receive public resources in demand deposits, which are banking obligations, comprising monetary deposits payable upon presentation of checks or other payment mechanisms and records,

THAT the aforementioned regulation determines that Banco Pichincha C.A. assumes the obligation to keep or safeguard deposited values with diligence and professional care, as well as being responsible for the other services offered to its clients such as the ATM service, therefore, it is obliged to evaluate and require the necessary security measures as a depositary of the money that its clients have entrusted to it;

THAT article 6, paragraph VI, section I, title XIV of the Code of Transparency and User Rights, book I of the Codification of Resolutions of the Superintendence of Banks and Banking Board, states:

---

Resolution No. JB-2015-3327

Page 4

"Article 6.- Users of financial products and services will exercise their rights within the framework of the universal principle of good faith."

THAT the third paragraph of article 5 of chapter IV, title XX, book I, of the Codification of Resolutions of the Superintendence of Banks and Insurance and the Banking Board, states the following:

"Article 5.- If the result of the analysis carried out by the Superintendence determines the need for the controlled institution to introduce corrective measures to regularize the situation that motivated the complaint, the Superintendent of Banks and Insurance or the official who has the delegation of said authority, will issue the corresponding disposition.

For complaints regarding unauthorized withdrawals due to evidence of attempts or frauds produced in ATMs, the Superintendence of Banks and Insurance will order the return of the claimed values to the issuing institution of the credit card or where the client holds their account, if said withdrawals originated in an incorrect procedure of the controlled institution, which may repeat against the institution owning or operating the ATM due to whose defects or lack of security measures the fraud occurred."

THAT the main argument exposed by the claimant is that he did not carry out nor authorize the challenged withdrawals, for this reason, the controlled entity was requested to submit the security video of the ATM where said transactions were carried out, to which the bank replied in its defenses that it is impossible to provide the required video, as the transactions were not carried out in ATMs of the institution itself; (underline is mine)

THAT paragraphs 38.1, 38.2 and 38.3 of article 38, section VII "On security measures", chapter I "Opening and closing of offices in the country and abroad, of Private and Public Financial Institutions subject to the control of the Superintendence of Banks and Insurance", title II "On the Organization of Institutions of the Private Financial System", book I "General Norms for Institutions of the Financial System" of the Codification of Resolutions of the Superintendence of Banks and Insurance and the Banking Board, disposes among other security measures the following:

"Article 38.- With regard to video surveillance systems (cameras), it must be considered that:

38.1 Financial institutions must have an adequate number of fixed and movable closed-circuit television cameras with high-resolution images, equipped with video recorders, hard disk or its equivalent in photographic cameras for taking instant photos during twenty-four (24) hours. The video surveillance system must be evaluated permanently and maintain an updated record of its operating levels, in order to guarantee its correct functioning, the

---

Resolution No. JB-2015-3327

Page 5

sharpness and fidelity of the images; (substituted with resolution No. JB-2011-1923 of April 26, 2011)

38.2 Fixed location cameras, at a minimum, must adequately cover the places of access to the public and staff of the financial institution and the customer service counters; and, (substituted with resolution No. JB-2011-1923 of April 26, 2011)

38.3 Image recording and storage systems must guarantee the archiving of at least three (3) months of recording, through tapes, digital video discs (DVD) or any other system.";

THAT the exposed norm refers to the video and security systems that financial institutions must have and that are applicable to ATMs, from which it is derived that if Banco Pichincha C.A. offers the ATM service, it must implement the security measures required by the regulation, in order to reduce this type of fraudulent thefts to the minimum expression for the benefit of the user and also of the financial entity;

THAT based on the foregoing, it is concluded that the bank, when offering its products and services, must implement computer and technological security measures, so that the transactions carried out both in its own ATMs and in those of other financial institutions, have the necessary security to avoid fraud, which in the case analyzed has not happened, in such virtue, what is required in article 5, chapter IV, title XX, book I of the Codification of Resolutions of the Superintendence of Banks and Insurance and the Banking Board, cited above, has been configured;

THAT the arguments contained in the analysis of this memorandum are what support the conclusion and recommendation that is indicated below;

THAT the National Legal Intendancy, through memorandum INJ-DNJ-SAL-2015-0015 of January 9, 2015, recommended to the Banking Board to reject the claim contained in the review appeal filed; and,

IN exercise of its legal attributes,

RESOLVES:

SINGLE ARTICLE.- REJECT the claim contained in the review appeal filed by Mr. Antonio Acosta Espinosa, Adjunct President of BANCO PICHINCHA C.A.; and, consequently, CONFIRM letter No. IRG-DAyEU-V-R-2014-617, of June 13, 2014, with which the lawyer Humberto Moya González, Regional Intendant of Guayaquil, resolved to confirm the administrative act contained in letter No. IDG-DAyEU-V-R-2014-299 of April 17, 2014, in which said authority ordered Banco Pichincha C.A. to proceed to restore to the savings account No. 4037923800, belonging to Mrs. Mercedes Valentina Luzarraga Mendoza, the sum of USD$ 464.22, for

---

Resolution No. JB-2015-3327

Page 6

concept of three transactions challenged by the user, a value to which the corresponding amount for commissions for the transactions carried out will be added.

NOTIFY.- Given at the Superintendence of Banks, in Quito, Metropolitan District, on the first of April of two thousand fifteen.

Econ. Rodrigo Landeta Parra GENERAL INTENDANT, S PRESIDENT OF THE BANKING BOARD, E

I CERTIFY.- Quito, Metropolitan District, on the first of April of two thousand fifteen.

Lcdo. Pablo Cobo Luna SECRETARY OF THE BANKING BOARD