Singaporean Authorities Propose Shared Responsibility Framework for Phishing Scams

Singapore’s Monetary Authority (MAS) and Infocomm Media Development Authority (IMDA) have published a joint consultation paper, proposing a Shared Responsibility Framework (SRF) to address phishing scams. The SRF seeks to hold financial institutions (FIs) and telecommunications companies (Telcos) accountable for mitigating phishing scams, and obliges them to compensate affected scam victims if their responsibilities are breached.

A Focus on Phishing Scams

The SRF narrows its focus to phishing scams, where consumers are deceived into revealing their account credentials to fraudsters posing as legitimate entities, leading to unauthorized transactions. The framework seeks to strengthen the direct accountability of FIs and Telcos to consumers, defining clear duties for both to reduce the risk of consumers becoming victims of phishing scams.

If the duties are breached, such as an FI failing to send transaction notifications to consumers, or a Telco failing to implement a scam filter, this would be the starting point for determining the party responsible for losses under the SRF. The SRF aims to incentivize FIs and Telcos to maintain high standards of anti-scam controls.

Responsibility for Losses

The framework uses a “waterfall approach” to determine which party will bear responsibility for the losses. FIs are first in line, due to their role as custodians of consumers’ money. Telcos, who play a secondary role in securing digital payments by facilitating SMS delivery, are second in line. If both FIs and Telcos have fulfilled their responsibilities, the SRF will not require payouts to consumers.

Exclusion of Malware Scams

The SRF does not cover malware-enabled scams (malware scams). Despite the potential for these scams to undermine confidence in digital banking, the nascent nature of these scams and the still-developing countermeasures mean it’s premature to include specific malware scam-related duties in the framework.

Seeking Public Comments

The joint consultation paper invites comments on the scope of the SRF, the responsibilities of FIs and Telcos under the framework, and the approach to payouts for scam losses. The Government will consider these comments when finalizing the framework.

Strengthening the Ecosystem Against Scams

Deputy Managing Director (Financial Supervision), MAS, Ms Ho Hern Shin, highlighted the collaborative efforts between MAS, the financial industry, and government agencies in combating scams. The SRF assigns shared responsibility by specifying anti-scam duties FIs and Telcos must adhere to. Breaches of these duties will result in payouts to affected scam victims, incentivizing vigilance by all parties in the ecosystem to uphold safety in e-payments.

Deputy Chief Executive (Connectivity, Development & Regulation), IMDA, Ms Aileen Chia, emphasised the role of Telcos in strengthening the ecosystem against scams. Measures such as the mandatory SMS Sender ID Registry introduced in January 2023 have significantly reduced the number of scam SMS cases by 70% in the three months since the Registry’s launch. The inclusion of Telcos in the Shared Responsibility Framework serves to further strengthen the ecosystem against scams.