Superintendency of Banks of the Dominican Republic requires automatic refunds and stronger customer communications for service outages

The Superintendency of Banks of the Dominican Republic issued a circular tightening protections for financial consumers when banks’ information technology systems fail and customers suffer harm. The rules prohibit entities of financial intermediation (EIF) from applying charges, commissions or late fees where they cannot demonstrate that alternative channels were available and fully operational during the disruption, and require affected customers to be made whole through fee waivers or automatic refunds without the customer having to request them. The circular also clarifies that customers must continue to meet payment obligations during outages where the EIF has additional channels that allow payments, and requires EIFs to implement an outage communication protocol. If a disruption lasts more than two hours, customers must be notified of the affected services, the cause and the estimated time to resolution; for planned maintenance affecting service availability, customers must be informed at least 24 hours in advance and the supervisor must be notified at least five days ahead. Where the interruption stems from a cyberattack, affected entities must notify the System of Payments Cybersecurity Incident Response Center (SPRICS). The circular further addresses ATM events, barring card replacement fees when a debit card is retained due to a fault attributable to the issuing bank or an ATM in its network, while allowing replacement cost recovery (without additional penalties) when the ATM is outside the bank’s network. EIFs have six months from publication of the circular to comply, with breaches subject to sanctions under the Monetary and Financial Law and the applicable sanctions regulation.