The Monetary Authority of Singapore (MAS) and Infocomm Media Development Authority of Singapore (IMDA) announced on 24 October 2024 that the Shared Responsibility Framework (SRF) for phishing scams, which was published for consultation on 25 October 2023, will be implemented on 16 December 2024.
The SRF is a loss sharing framework covering to digitally enabled phishing scams with a Singapore nexus and applies to financial institutions (FIs), telecommunications companies (Telcos) and customers holding protected accounts (customers).
The SRF outlines specific responsibilities for FIs, such as putting in place real- time fraud surveillance, implementing a cooling period of at least 12 hours for high-risk transactions, and sending real-time alerts to customers. Telcos are required to secure SMS channels by using authorized aggregators and employing anti-scam filters to block suspicious links in SMS messages. The framework follows a ‘waterfall’ approach to determine financial liability with banks typically bearing primary responsibility and Telcos accountable if SMS-related vulnerabilities contributed to the scam.
Customers also have responsibilities under the SRF, such as maintaining vigilance including providing complete and accurate contact information to receive transaction notifications from FIs, protecting their access code and access to their accounts and reporting phishing incidents within 30 calendar days among other duties. This initiative seeks to enhance digital security while streamlining the claims process and ensuring that institutions involved in digital transactions are held accountable for fraud prevention efforts.
More information is available at MAS website MAS and IMDA Announce Implementation of Shared Responsibility Framework from 16 December 2024.
Duties of responsible financial institutions and customers in relation to unauthorized and erroneous payment transactions in relation to protected accounts and guidance on liability for losses arising from unauthorized transactions are set out in E-Payments User Protection Guidelines.
