Delhi High Court Directs RBI to Expedite Beneficiary Name Lookup Facility for RTGS and NEFT Transactions to Safeguard Consumer Interests and Ensure Compliance with CEIB SOPs Against Cyber Fraud

Court’s Decision:

The Delhi High Court, presided over by Justice Prathiba M. Singh, issued a directive for the Reserve Bank of India (RBI) to swiftly implement the Beneficiary Name Lookup Facility for Real-Time Gross Settlement (RTGS) and National Electronic Funds Transfer (NEFT) payment systems. Highlighting the facility’s importance, the Court observed, “Delay in implementation is likely to impact thousands of innocent consumers who make payments without realizing who is the beneficiary.” The Court also stressed compliance with Standard Operating Procedures (SOPs) issued by the Central Economic Intelligence Bureau (CEIB) to ensure swift action against cyber fraud.

Facts:

• The case involves disputes over trademark violations through unauthorized domain registrations and cyber fraud affecting consumers and businesses.
• Banks and Domain Name Registrars (DNRs) were found non-compliant with CEIB-issued SOPs requiring prompt information sharing and action upon requests by Law Enforcement Agencies (LEAs).
• The RBI had submitted an affidavit affirming its ongoing development of a Beneficiary Name Lookup Facility for RTGS and NEFT, akin to existing systems for UPI and IMPS transactions.

Issues:

1. Why is there a delay in implementing the Beneficiary Name Lookup Facility for RTGS and NEFT transactions?
2. Are banks and DNRs adhering to the CEIB-issued SOPs when processing LEA requests?
3. Should additional directives be issued to ensure compliance with the Court’s earlier orders?

Petitioner’s Arguments:

• Petitioners argued that the lack of a beneficiary verification system for RTGS and NEFT transactions leaves consumers vulnerable to fraud.
• They emphasized the failure of banks and DNRs to comply with the CEIB-issued SOPs, resulting in delays in freezing fraudulent accounts or blocking unauthorized domain registrations.
• Counsel for the petitioners pointed out that GoDaddy LLC offers paid services, such as GlobalBlock and GlobalBlock+, for brand protection but fails to adhere to Court orders in preventing trademark violations.

Respondent’s Arguments:

• RBI’s counsel submitted that the Beneficiary Name Lookup Facility for RTGS and NEFT transactions was under testing and would be operational by the end of December 2024.
• The banks’ counsel argued that the SOP issued by CEIB is not binding, citing the need for further instructions or amendments.
• GoDaddy LLC, represented in the matter, stated that domain blocking is under the jurisdiction of DNRs, not domain registries.

Analysis of the Law:

• The CEIB-issued SOP mandates prompt action by banks and DNRs to prevent cyber fraud and respond to LEA requests. However, implementation gaps remain significant.
• RBI’s affidavit acknowledged its responsibility to safeguard payment systems and consumer interests through advanced verification mechanisms.
• The Court highlighted previous orders mandating prompt freezing of accounts and blocking domains used for fraudulent activities.

Precedent Analysis:

• The Court referred to related cases, including CS(Comm) 197/2024, where Verisign Inc. clarified the operational distinctions between DNRs and registries, emphasizing that domain-blocking responsibilities rest with DNRs.
• Prior rulings by the Delhi High Court underscored the judiciary’s consistent demand for compliance with CEIB directives and mechanisms to protect consumers and brand owners.

Court’s Reasoning:

• The Court emphasized the criticality of implementing the Beneficiary Name Lookup Facility, noting that delays expose consumers to significant risks.
• It criticized the lack of adherence to the SOP by banks and the incomplete compliance by DNRs with Court orders.
• The facility, according to the Court, is a necessary safeguard for consumers and businesses alike, as it allows verification of the receiver’s name before transaction completion.

Conclusion:

1. For RBI: The Court directed the RBI to expedite the rollout of the Beneficiary Name Lookup Facility for RTGS and NEFT payment systems and notify all member banks about the facility.
2. For Banks and CEIB: Banks were instructed to comply with the SOP and submit affidavits detailing the timeline for freezing accounts upon receiving LEA requests.
3. For DNRs: GoDaddy LLC was ordered to submit affidavits explaining compliance with Court directives and detailing its GlobalBlock and GlobalBlock+ services.
4. Future Hearing: The batch of matters was scheduled for further hearing on February 7, 2025, with specific timelines provided for compliance affidavits.

Implications:

This decision represents a landmark effort by the judiciary to address systemic gaps in payment security and trademark enforcement. By mandating swift action, the Court aims to enhance consumer trust in digital payment systems and curtail trademark infringements through unauthorized domain registrations. The directives could establish a robust precedent for ensuring accountability among financial institutions, DNRs, and regulatory bodies.

Also Read – Delhi High Court Quashes Supplementary Chargesheet Against Petitioner: Holds Reinvestigation Unauthorized and Allegations Unsupported by Evidence