Analysis of Banking Laws and Ethics: ABCXYZ Bank Cyber Attack Report

Verified

Added on 2020/05/16

AI Summary

This report analyzes an ethical dilemma faced by ABCXYZ bank following a cyber attack that compromised customer data. The report examines the situation through the lens of Turkish banking law (No. 5411) and its Code of Banking Ethics, as well as Australian banking regulations and common law principles. It assesses the bank's legal and ethical obligations regarding data disclosure to customers and the public, considering the implications of releasing fabricated information. The report draws parallels with similar incidents, such as attacks on JP Morgan Chase and Russian ATM machines, to inform its analysis. Ultimately, the report recommends a course of action for the bank to minimize reputational and financial damage, emphasizing the importance of transparency and adherence to legal and ethical standards. It concludes that the bank should avoid releasing fabricated information to customers, but may release minimal, slightly modified information to the press and media to uphold its reputation.

Running head: BANKING LAWS AND ETHICS
BANKING LAWS AND ETHICS
Name of Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1BANKING LAWS AND ETHICS
Executive Summary
This report aims at analyzing an ethical dilemma faced by ABCXYZ bank after a cyber
attack on its database. The perpetrators managed to leak vital information regarding the
information provided by their customers. This report will evaluate the situation based on the
legal and ethical principles involved with the next step that the bank must take regarding
release of information to the public. This is done in light of the laws of Turkey as well as
Australian and common law principles. The report seeks to make recommendations based on
the analysis to help reduce the harm to the banks reputation and any monetary repercussion
that such an attack may have on the functioning of the bank.

2BANKING LAWS AND ETHICS
Table of Contents
Introduction................................................................................................................................3
Discussion..................................................................................................................................3
Laws applicable to Turkey:....................................................................................................3
Laws applicable to Australia:.................................................................................................4
Analysis of similar incidents:.................................................................................................4
Situational Analysis and Recommendation:..........................................................................5
Conclusion..................................................................................................................................5
Reference list:.............................................................................................................................6

3BANKING LAWS AND ETHICS
Introduction
The banking sector in turkey is governed by Banking Law No. 5411. This piece of
legislation defines the various duties and obligations of Bankers towards their customers
especially regarding the information provided by them to the bank (Ozkan, Balsari and Varan
2014). Further there is a Code of Banking Ethics that defines the ethical obligations that the
bank must observe towards their customers. These regulations together with ethical principles
that govern IT data would be employed in the following paragraphs to analyze the dilemma
faced by the management of ABCXYZ bank to effectively handle the effects of a cyber
attack on its database.
Discussion
Laws applicable to Turkey:
Part 7 of the Banking law No. 5411 deals with banks obligations towards the
customer. Article 73 of the act defines confidentiality and dictates that banks must hold the
information provided by customers with the strictest possible security protocols (Gundogdu
2015). Furthermore, the Code of Banking ethics at Article 3 defines the ethical duties owed
by a banker towards its customers. Article 3a defines honesty and necessitates the honest
observance of business transactions. Articles 3c and 3d make reliability and transparency an
essential in banking relations (Kiliç 2016). Protection of customer information and consumer
accounts would be a part of these ethical obligations. Article 9 of the Code states that
customers must be informed of all transactions that involve their account and any material
information apart from that must also be disclosed. These security obligations are even more
explicitly defined in Article 13 of the Code which deals with security. Thus in the present set
of circumstances ABCXYZ bank is in gross breach of its obligations and must disclose all
relevant information about the breach to their customers. This also means that any

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4BANKING LAWS AND ETHICS
information that they wished to fabricate when disclosing the incident report must be
prohibited as it would be a clear breach of their ethical duties towards their customers under
Articles 3, 9 and 13. However, the banks are in no way obligated to disclose all relevant
information regarding the cyber attack to the media or any person who is not related to/in
association with the bank and its transactions.
Laws applicable to Australia:
In Australia banks are defined under the Financial Services Sector Reforms 1998 as
“Authorized Deposit-Taking Institutions” (ADI). The Banking Act 1959 is the regulating
statute for banking authorities and banking transactions (LÊgreid 2017). The regulatory body
for dealing with banking disputes is the Australian Securities and Investments Commission
which was brought into existence by the enactment of the Australian Securities and
Investments Commission Act 2001. Part 2 Division 2 of the act deals with consumer
protection and makes it a duty of the bank to protect the information provided by their
customers with advanced security protocols. Thus had the present scenario arisen in Australia
the bank would be in contravention of this law and would be liable to compensate their
consumers for the negligent handling of sensitive information. Moreover, Australia is bound
by common law principles and thus has a “duty of care” towards its customers. As reiterated
by Demagogue Pty Limited v. Ramensky (1992)39 FCR 31 banks have a duty to disclose
such information to their customers in its truest form (free from fabrication) and hence not
disclosing all the details of such a cyber attach would be breach of their ethical duties under
common law.
Analysis of similar incidents:
The 2014 attack on JP Morgan Chase & Co. which was channelled from 90 different
servers and affected 76 million households and 7 million small business accounts was very
similar to the present case. The company with the aid of the F.B.I tried to track down and

5BANKING LAWS AND ETHICS
prosecute the attackers but were unsuccessful (Jessica Silver-Greenberg 2018). Though there
were strong suspicions that the attackers were Russians. The 2017 cyber attack on 8 ATM
machines in Russia are another example of such attacks. Here the assailants used a fileless
malware to infiltrate and bypass the security protocols thus enabling the attackers to
withdraw amounts from account’s owned by customers of the bank. Kaspersky labs however
were able to track down the assailants and they were prosecuted (ABC News 2018).
Situational Analysis and Recommendation:
In light of the described circumstances it would be unwise for the bank to release
fabricated information to their customers as it would be a direct breach of their duties under
the Banking law No. 5411 and the Code of Ethics and the same would resultantly be illegal.
If the true representations of the falsified information became known to the customers the
bank would be liable to undergo legal proceedings and would eventually have to pay
compensation. However a minimal information report with slightly fabricated or latent
information may be released to the press and media and the public at large. This would
uphold the idea of reliability which the bank embodies and protect its reputation from harm.
Conclusion
The best course of action for ABCXYZ has been discussed above. Plus it may also be
noted that deviating from that action plan would result in illegal action on behalf of the bank
and would leave it open to legal claims. This would invariably lead to exorbitant costs of
litigation and compensatory losses.

6BANKING LAWS AND ETHICS
Reference list:
ABC News. 2018. Ukraine points finger at Russian security services over cyber attack.
[online] Available at: http://www.abc.net.au/news/2017-07-02/ukraine-points-finger-at-
russia-for-cyber-attack/8670550 [Accessed 10 Mar. 2018].
Gundogdu, A., 2015. An Analysis on Deposit Insurance of Turkish Banking System by Core
Principles for Effective Deposit Insurance Systems.
Jessica Silver-Greenberg, M. 2018. JPMorgan Chase Hacking Affects 76 Million
Households. [online] DealBook. Available at:
https://dealbook.nytimes.com/2014/10/02/jpmorgan-discovers-further-cyber-security-issues/
[Accessed 10 Mar. 2018].
Kiliç, M., 2016. Online corporate social responsibility (CSR) disclosure in the banking
industry: evidence from Turkey. International Journal of Bank Marketing, 34(4), pp.550-569.
LÊgreid, P., 2017. Transcending new public management: the transformation of public sector
reforms. Routledge.
Ozkan, S., Balsari, C.K. and Varan, S., 2014. Effect of banking regulation on performance:
evidence from Turkey. Emerging Markets Finance and Trade, 50(4), pp.196-211.

1 out of 7

Analysis of Banking Laws and Ethics: ABCXYZ Bank Cyber Attack Report

Secure Best Marks with AI Grader

Secure Best Marks with AI Grader

Related Documents

ABCXYZ Bank Case Study: Cyber Security Breach and Its Ramifications

Banking System Breach Case Study: Legal & Regulatory Responsibilities

ABCXYZ Bank: Data Breach Case Study - Professional Issues in Computing

IT Security Report: Addressing Data Breach in Banking Sector

Legal Analysis: Banking Law in Raj v. Australia Banking Group, BLO3405

+13062052269

info@desklib.com