Financial institutions (FIs) and telecommunication companies (telcos) are expected to bear the full loss, if they fail to discharge their respective prescribed duties to mitigate phishing scams.
This expectation was outlined in proposed a Shared Responsibility Framework (SRF) for phishing scams by the Monetary Authority of Singapore (MAS) and Infocomm Media Development Authority (IMDA).
Under the SRF, FIs are expected to bear the full loss if they fail to discharge their prescribed duties. Telcos would stand second in line, as they play a secondary role in fostering security of digital payments. If FIs and telcos have fulfilled their duties, the SRF will not require payouts to be made to consumers.
The SRF will focus on a defined scope of phishing scams, where consumers are deceived into revealing their account credentials to scammers impersonating legitimate entities, leading to unauthorised transactions being performed. It will not cover malware-enabled scams.
The Singapore government has been working closely with the industry to take upstream and downstream safeguard measures, together with extensive public education. It will continue to monitor the evolving scam landscape in the future application of the SRF.
The joint consultation paper seeks comments on the scope of the SRF, duties of FIs and telcos under the framework, and the approach for payouts for scam losses, among others. The government will carefully take into account these comments when finalising the framework.
MAS and IMDA have invited interested parties to submit their comments on the proposals by 20 December 2023.
Ho Hern Shin, Deputy Managing Director (Financial Supervision), MAS said,
“The SRF assigns shared responsibility by specifying upstream anti-scam duties FIs and Telcos have to adhere. Breaches of the duties will result in payouts to affected scam victims. This incentivises vigilance by all parties in the ecosystem to uphold safety in e-payments.
Alongside the proposed SRF, we are also proposing amendments to the E-payments User Protection Guidelines (EUPG), to uplift the standards of anti-scam measures across the financial system, and reinforce consumer’s responsibility to take precautions against scams.
Aileen Chia, Deputy Chief Executive (Connectivity, Development & Regulation), IMDA said,
“IMDA has worked closely with the Telcos to implement a multi-layered approach to prevent scams from being conducted over calls and SMS. Measures such as the mandatory SMS Sender ID Registry introduced in January 2023 have significantly reduced the number of scam SMS cases by 70% in the 3 months since the Registry’s launch.
The inclusion of telcos in the Shared Responsibility Framework as supporting infrastructure providers serves to strengthen the ecosystem against scams.”