1332 views
Banks and telecom operators to be bound to return stolen money
From March 1, 2026, Russian authorities plan to impose an obligation on banks and telecom operators to return stolen money if they ignored signs of fraud and data from the national Antifraud system.
Also, extrajudicial blocking of phishing sites and a limit on the number of bank cards per person are being introduced. Thus, liability for failure to protect clients is shifted from the people to the infrastructure of banks and telecom operators.
The second package of antifraud measures consists of some 20 initiatives in total, including a self-ban on calls from foreign numbers (or mandatory labeling of such calls), tougher liability for fraud using AI (voice and image forgery), and quick restoration of access to Gosuslugi (Public Services) through biometrics and banks, inter alia.
As for the first version of the bill, the criteria for “failure to take action” remain unclear. Namely, when exactly it is the case that a bank or operator was bound to spot fraud (but failed), as well as the procedure and evidence for refund, i.e. what documents will be required and what follows if the incident investigation takes more than 30 days. Also, the practical implementation of the “ten cards” limit is in question: how to take into account closed, virtual, joint, kids’ and business cards. And if there are no legal effects for exceeding the limit, it means the restrictions are rather declarative.