Back

Consumer Protection

Consumer protection is a fundamental responsibility for China Bank. We are committed to protecting and upholding consumers’ rights, including their right to information about our products and services, their right to data privacy and transaction security, their right to fair treatment, and their right to redress.


Protecting Stakeholder Rights

China Bank values its stakeholders and is committed to earning and maintaining their trust. Amid the challenges of the pandemic and the evolving business landscape, the Bank continues to protect its stakeholders’ interests and rights by ensuring the security of transactions, understanding their concerns and providing excellent service.

The Bank is committed to protecting and upholding consumers’ rights, including the right to information, right to data privacy and transaction security, and right to fair treatment and right to redress.


Delighting and engaging customers

Customer advocacy is the foundation of our Customer Service and Consumer Protection frameworks. We work hard to make our customers happy and engage them to know what they need, how we can help them, and how we can create great customer experiences. By advocating for our customers, we earn their loyalty and enjoy the reward of mutual advocacy.


Caring for our customers

The COVID-19 pandemic has affected the world on a scale never seen before, changing how we live and work in the present and how we might go on in the future. Normal preferences have shifted as customers exercise caution and focus on more essential concerns— safety, financial security, and everyday conveniences. Against this backdrop, we focused on delivering experiences and service that meet customers’ new needs with empathy and care. We leveraged technology to improve customer service, to provide more ways to communicate, and to multiply our reach. We connected with our customers on an emotional level to offer our support and to reassure them we will get through this crisis together.


Managing customer interactions

The Bank’s Customer Contact Center (CCC) ensures the resolution of client concerns within the standard turn-around-time (TAT) of the BSP. The team, led by the Chief Consumer Assistance Officer (CCAO), monitors and manages customer feedback and complaints based on set guidelines, reports consolidated information to the Risk Oversight Committee through the Risk Management Group and submits quarterly reports to the Supervisory Data Center of the BSP.

In 2022, CCC handled 265,798 client calls, emails, social media, YouTube and Viber messages. Majority or 55% of these interactions were inquiries; while only 6% were complaints, 96% of which were resolved within set standards. 


Measuring customer satisfaction

Branch Customer Feedback

We collected over 28,000 valid customer feedback forms in 2022 from our branches nationwide which yielded an improved overall satisfaction rating of 97%. 

Inbound Calls Customer Satisfaction Survey

We recorded nearly 8,000 responses via inbound calls in 2022 which revealed an Overall Satisfaction (OSAT) score of 98% and an Issue Resolution (IR) score of 99%.


Data privacy

Protecting our customers’ and China Bank’s data and securing our information technology (IT) systems are of paramount importance in this increasingly digital world; thus, we make every effort to ensure that data is acquired with consent and handled with care and responsibility, and our IT infrastructure is sufficiently protected from any unauthorized access.

Keeping up with data privacy laws

We protect our customers’ confidential information as a way of building stronger relationships with our stakeholders. China Bank’s data privacy policies and measures are anchored on the principles of transparency, legitimate purpose, and proportionality. We also adhere with the five pillars of compliance with existing data privacy regulations: 

Our compliance with the Data Privacy Act of 2012, its implementing rules and regulations, policies, and related issuances from the National Privacy Commission is underpinned by organizational, physical, procedural, and technical security measures to secure personal information and sensitive personal information (“personal data”).

To ensure that we meet our stakeholders’ expectations on data privacy and security, we regularly review and assess the controls currently in place and replicate those controls in the cloud in support of the cloud first approach of our IT team. We use cloud-based security technologies that provide flexible and scalable security controls and continuously develop security automation and orchestration to streamline our security assessment and response capabilities.

In 2022, we updated the Data Privacy Notice in our website to inform existing and potential clients of the changes on what, how and why their personal data is being collected from them. We also launched the Data Privacy Consent gathering project via our website to capture the consent of our existing clients who have not yet provided their data privacy consent. We extended this initiative, utilizing various channels to gather data privacy consent of clients, including various bank forms which we started to update to have a standard data privacy clause.

Managing customer data

For customers’ guidance and information, China Bank’s Data Privacy Notice and Implementation is disclosed in our corporate website. We request for customer consent for any data sharing and data retention activities prior to using the personal information. A customer can notify us in writing if consent to process and/ or share personal data is declined. 

In 2022, a total of five data privacy breaches were reported to the Data Privacy Office, none of which fell under the mandatory reporting of breaches to the National Privacy Commission because of the controls we have in place.
 
 

Cyber security

The growing reliance on technology calls for greater cyber resilience: having a robust cyber defense to prevent cyber-attacks and cutting-edge detection and recovery capabilities to ensure uninterrupted operation even during or after an attack. We are continuously strengthening China Bank’s cyber security program, reinforcing it with cyber threat intelligence to identify and prepare for both existing and emerging threats, to ensure our cyber resilience now and in the future.

Our Cyber Security Program is aligned with government and industry best security practices to provide a safe and secure banking environment for our customers. Our IT Team (China Bank Properties & Computer Center, Inc.), led by the Chief Technology Officer (CTO), work hand in hand with the Information Security Office (ISO) and the Risk Management Group (RMG) in managing and implementing the Bank’s IT security strategy.

Reinforcing cyber security

To strengthen our strong cyber security foundation and defense, security assessment and penetration testing of our IT systems are regularly conducted by both our in-house cyber security team and independent parties. We also enjoin our stakeholders in the fight against cyber-attacks through our cyber security campaign on our website and social media channels. In 2022, we continued to communicate with our customers on keeping their personal information safe and spotting and avoiding cyber scams and threats.

Regular security assessment and penetration testing of our IT systems are being conducted by both our in-house cyber security team and independent parties to ensure control effectiveness.

In 2022, we started and/or completed the following cyber security initiatives:

  • SOC training for cloud security
  • Review of security controls in place on premises
  • Verification that information captured on-premises are also captured in cloud infrastructure
  • Ongoing review services and systems on cloud
  • Engagement of 3rd party to conduct independent assessment of the Bank’s vulnerabilities
  • Establishment of a threat intelligence program and collaboration with industry peers to identify and protect against ongoing and emerging threats
  • Setup a 24x7 Security Operations Center to continuously monitor and respond to cyber-attacks targeting the Bank