The Monetary Authority of Singapore (MAS) and the Infocomm Media Development Authority (IMDA) have jointly unveiled a groundbreaking Shared Responsibility Framework (SRF) to tackle the rising threat of phishing scams. This comprehensive framework assigns specific responsibilities to financial institutions (FIs) and telecommunication companies (Telcos) and introduces payouts to victims when these duties are not met.
Building upon the groundwork laid by the Payments Council last year, which primarily focused on financial losses incurred by FIs, this innovative framework extends its scope to encompass both FIs and Telcos. FIs, serving as the gatekeepers against monetary outflows resulting from scams, play a pivotal role. Telcos, on the other hand, act as infrastructure providers for SMS communication, a vital channel for official communication by FIs.
Of particular concern among the array of scam types prevalent today are digitally-enabled scams leading to unauthorized transactions. These transactions take place without the customer’s knowledge or consent, potentially eroding trust in digital banking and payment systems.
The proposed framework aims to enhance the direct accountability of FIs and Telcos to consumers. It clearly outlines specific duties for both parties to minimize the risk of consumers falling prey to phishing scams. Breaches of these duties, such as FIs failing to notify consumers of outgoing transactions or Telcos neglecting to implement a scam filter, will determine the party held responsible for any resulting losses.
Responsibility for losses will follow a “waterfall approach.” FIs bear the primary responsibility, followed by Telcos. FIs, as custodians of consumer funds, shoulder the initial burden. Telcos, facilitating SMS delivery and thereby enhancing digital payment security, come next in line. The SRF underscores the importance of continued vigilance, as no payouts to consumers are required if both parties fulfill their duties.
It’s important to note that the SRF will not cover malware-enabled scams, as this category represents a relatively new threat. The government remains committed to combating malware scams by collaborating with the industry to implement comprehensive safeguard measures and educate the public.
The joint consultation paper is now open for feedback on various aspects of the framework, including its scope, the duties of FIs and Telcos, and the approach to payouts for scam-related losses. Input from stakeholders will be carefully considered in finalizing the framework.
Ms. Ho Hern Shin, Deputy Managing Director (Financial Supervision) at MAS, stressed the significance of the SRF, stating, “The SRF assigns shared responsibility by specifying upstream anti-scam duties FIs and Telcos must adhere to. Breaches of these duties will result in payouts to affected scam victims, incentivizing vigilance in upholding safety in e-payments.”
Ms. Aileen Chia, Deputy Chief Executive (Connectivity, Development & Regulation) at IMDA, highlighted the progress made in preventing scams, saying, “The mandatory SMS Sender ID Registry introduced in January 2023 has significantly reduced the number of scam SMS cases by 70% in the three months since the Registry’s launch.” Including Telcos in the Shared Responsibility Framework further bolsters the ecosystem against scams.