The Monetary Authority of Singapore (MAS) and Infocomm Media Development Authority (IMDA) propose a Shared Responsibility Framework (SRF) to combat phishing scams, assigning duties to financial institutions and telecommunication companies
THE Monetary Authority of Singapore (MAS) and Infocomm Media Development Authority (IMDA) today released a joint consultation paper outlining a Shared Responsibility Framework (SRF) aimed at addressing the issue of phishing scams. This framework assigns specific responsibilities to financial institutions (FIs) and telecommunication companies (Telcos) in order to mitigate the impact of such scams. It also mandates payouts to victims in cases where these duties are not fulfilled.
The SRF extends the work initiated by the Payments Council last year, which primarily focused on losses incurred by FIs. This new framework broadens the scope to include both FIs and Telcos. FIs, as gatekeepers against monetary outflows due to scams, play a pivotal role. Telcos, on the other hand, serve as infrastructure providers for SMS, a critical channel for official communication by FIs.
Among the various scam types prevalent today, digitally-enabled scams resulting in unauthorized transactions are a significant concern. These transactions occur without the customer’s knowledge or consent, potentially eroding trust in digital banking and payment systems.
The proposed framework seeks to enhance the direct accountability of FIs and Telcos to consumers. It delineates clear and specific duties for both parties to minimize the risk of consumers falling victim to phishing scams. Breaches of these duties, such as failing to notify consumers of outgoing transactions (for FIs) or neglecting to implement a scam filter (for Telcos), will determine the party held responsible for losses.
Responsibility for losses will follow a “waterfall approach.” FIs hold the primary responsibility, followed by Telcos. FIs, as custodians of consumer funds, bear the initial burden. Telcos, facilitating SMS delivery and thereby enhancing digital payment security, come next in line. If both parties fulfill their duties, the SRF does not necessitate payouts to consumers, underscoring the importance of continued vigilance.
Notably, the SRF will not encompass malware-enabled scams, as this category represents a relatively new threat. The Government remains steadfast in its efforts to combat malware scams, working collaboratively with the industry to implement comprehensive safeguard measures and educate the public.
The joint consultation paper invites feedback on various aspects of the framework, including its scope, duties of FIs and Telcos, and the approach to payouts for scam-related losses. Input from stakeholders will be carefully considered in finalizing the framework.
Ms. Ho Hern Shin, Deputy Managing Director (Financial Supervision) at MAS, emphasized, “The SRF assigns shared responsibility by specifying upstream anti-scam duties FIs and Telcos have to adhere. Breaches of the duties will result in payouts to affected scam victims. This incentivizes vigilance by all parties in the ecosystem to uphold safety in e-payments.”
Ms. Aileen Chia, Deputy Chief Executive (Connectivity, Development & Regulation) at IMDA, highlighted the significant strides made in preventing scams, stating, “The mandatory SMS Sender ID Registry introduced in January 2023 has significantly reduced the number of scam SMS cases by 70% in the 3 months since the Registry’s launch.” Including Telcos in the Shared Responsibility Framework further fortifies the ecosystem against scams.
Interested parties are encouraged to review the consultation paper for more details. MAS and IMDA welcome comments on the proposals until 20 December 2023.