On Oct. 25, SIN MAS proposed shared responsibility framework.
SIN MAS proposed shared responsibility framework (SRF) aimed at addressing losses incurred by consumers due to phishing scams, especially those involving SMS, calls.
Follows Feb. 2018 MAS proposed guide to protect e-payment users, see #40376
Shared Responsibility Framework
Covers FIs, telecommunication companies (telcos), assigns specific responsibilities to mitigate phishing scams and compensate victims if these responsibilities are not met.
Expands on previous framework by Payments Council, includes FIs, which are critical in preventing scam-related financial outflows, Telcos, who provide SMS infrastructure.
The framework primarily targets digitally-enabled scams resulting in unauthorized transactions, as they can erode trust in digital banking and payment systems.
Specific duties for FIs and Telcos are outlined to prevent consumers from falling victim to phishing scams, and breaches of these duties determine responsibility for losses.
Responsibility follows waterfall approach, with FIs holding primary accountability; telcos come into play if FIs fail, if both fulfill duties, no compensation is necessary.
Malware-enabled scams are not covered in this framework, but the government is actively combating them through industry collaboration and public education.
E-Payments User Protection Guidelines
SIN MAS also issued consultation paper on proposed enhancements to the e-payments user protection guidelines, to address the rising incidence of digitally enabled scams.
Proposes revision to responsible FIs' duties, including preventive, detective, remedial measures, aligns industry practices with major retail banks' anti-scam measures.
Suggests revision include emphasizing cybersecurity practices, precautions against scams, guidelines for handling erroneous transactions initiated by wrong recipient.
Effectiveness
The consultations are open until Dec. 20, 2023.
In Jul. 2024, SIN MAS, ABS discussed initiative by major retail banks, see #218871.
Oct. 2024 Framework Implementation
On Oct. 24, 2024, SIN MAS, SIN IMDA, SIN ABS announced the SRF framework will be implemented on Dec. 16, 2024 and published guidelines setting out the roles and accountabilities of consumers, responsible FIs and telecoms companies under the SRF.
Respondents to the consultation largely welcomed the SRF and supported the efforts to better protect consumers; SIN MAS and SIN IMDA have considered the suggestions and SIN MAS has adopted a key area of feedback relating to fraud surveillance.
SRF introduces an additional FI duty to require real-time fraud surveillance directed at detecting unauthorised transactions in a phishing scam that result in account draining.
This recognizes of the severe impact on scam victims if their accounts are drained without their knowledge; there is a 6-month transition period for FIs to be held to the fraud surveillance duty, as this was not within the FI duties originally consulted on.
Oct. 25, 2024 E-Payments Guidelines
On Oct. 25, 2024, SIN MAS published revised E-payments user protection guidelines.
Key changes include an expanded definition of unauthorized transaction to include seemingly authorized transactions under the shared responsibility framework (SRF).
Introduces new requirements for user protection duties in mobile and online banking security; mandates 12-hour cooling-off period for high-risk activities after activation.
Enhances notifications for transactions, security token activation, high-risk activities.
Other changes mandate FIs' responsibilities, account holder duties, dispute resolution.
The updated guidelines take effect largely from Dec. 16, 2024, subject to exceptions for certain specified provisions which take effect on Jun. 16, 2025.
