Singapore proposes shared responsibility framework for phishing scams

Both financial institutions and telcos are held accountable for mitigating scams.

The Monetary Authority of Singapore (MAS) and Infocomm Media Development Authority (IMDA) have jointly published a consultation paper proposing a Shared Responsibility Framework (SRF) for phishing scams.

The SRF assigns financial institutions (FIs) and telecommunication companies (Telcos) relevant duties to mitigate phishing scams and requires payouts to affected scam victims where these duties are breached.

Under the framework, FIs, followed by Telcos, are expected to bear the full loss if they fail to discharge their respective prescribed duties.

If FIs and Telcos have fulfilled their duties, the SRF will not require payouts to be made to consumers. It is therefore critical for consumers to continue to exercise vigilance at all times and not click on any unsolicited, suspicious links. 

ALSO READ: 75% of Singapore SMEs mull ditching banks for payment needs

The proposed framework aims to strengthen the direct accountability of FIs and Telcos 
to consumers, MAS and IMDA said.

“Breaches of these duties, such as a failure to send outgoing transaction notification(s) to consumers in the case of FIs, and a failure to implement a scam filter in the case of Telcos, would be the starting point for determining the party to be held responsible for losses under the framework,” the announcement read, with MAS and IMDA adding that the framework would incentivize FIs and telcos to uphold standards of anti-scam controls.

ALSO READ: Why are accounting and finance professionals in SG leaving their employers?

The SRF does not cover malware-enabled scams. 

The joint consultation paper seeks comments on the scope of the SRF, duties of FIs and Telcos under the framework, and the approach for payouts for scam losses, among others.