Singapore’s Shared Responsibility Framework (SRF) for phishing scams started today, officially implemented by the Monetary Authority of Singapore (MAS) and Infocomm Media Development Authority of Singapore (IMDA). The framework, published for consultation on 25 October 2023, takes effect from today.

Scam cases that arise after the SRF becomes operational and fall within its defined scope will be eligible for consideration. SRF will now assign relevant duties to financial institutions (FIs) and telecommunication companies (telcos) to mitigate phishing scams and set expectations of payouts to affected scam victims where these duties are breached.

The SRF will be an integral component of a broader network of upstream and downstream initiatives developed by the government, financial institutions, telecom companies, and other ecosystem players to combat scams more effectively here.

Beyond the SRF, banks also have their respective discretionary goodwill frameworks to support scam victims. The government will continue to work with FIs and telcos on other anti-scam measures to keep pace with the evolving scam landscape.

Key Objectives of the Shared Responsibility Framework

The SRF has three key objectives. The first is to preserve confidence in digital payments and banking in Singapore. Scam threats and resulting losses can erode public trust, especially when account credentials get stolen through digital deception, leading to unauthorised transactions.

The SRF works alongside other industry-wide anti-scam efforts to protect consumer interests and sets clear anti-scam duties for FIs and telcos to tackle phishing scams.

Next, the SRF aims to strengthen accountability to consumers for scam losses. While FIs and telcos are accountable to regulators for implementing anti-scam measures, there is currently no framework holding them directly accountable to consumers for losses caused by their lapses.

The SRF clarifies that FIs or telcos should take responsibility for scam losses ahead of consumers if they fail to meet prescribed anti-scam duties.

Finally, SRF aims to highlight individuals’ responsibility to stay vigilant against scams. A vigilant public is, after all, the first line of defence. Individuals must practice proper cyber hygiene and avoid sharing credentials. The SRF provides a clear framework for sharing responsibility for scam losses among stakeholders in common and well-defined scam scenarios.

How Will SRF Work?

Types of Phishing Scams the SRF Covers

The SRF covers phishing scams with a digital link. This happens when consumers fall for clicking phishing links and entering credentials on fake platforms, unknowingly revealing themselves to scammers. Scammers then use these credentials for unauthorised transactions.

Why scams, though? The SRF focuses on phishing scams, which are common in Singapore and often result in unauthorised transactions. Clear duties can be set for stakeholders to mitigate phishing risks.

For phishing scams have SRF coverage, they must have a clear connection to Singapore. Impersonated entities should be Singapore-based or offer services to Singapore residents. Consumers are always encouraged to verify the legitimacy of the digital platforms they interact with.

Limiting the SRF’s scope to digital scams with a Singapore nexus aligns with preserving confidence in digital payments and banking.

Phishing Scams Not Covered Under the SRF

Exclusions under the SRF include scams where victims authorise payments, such as investment or romance scams, where they intended the transaction but were misled about its purpose. These scams require a different approach. Why? They don’t directly undermine confidence in digital banking and can occur outside the digital world.

Similarly, scams where victims get deceived into directly sharing credentials via text, phone calls, or face-to-face interactions are not covered. Public education has repeatedly emphasised never sharing credentials or OTPs under any circumstances.

Lastly, the SRF does not cover unauthorised scams not involving phishing, such as hacking, identity theft, or malware-related scams, even though they are a growing concern.

The SRF focuses on common scam types with clearly defined duties for stakeholders. As malware scams evolve, it is too early to assign specific responsibilities. However, government agencies and banks are actively addressing malware scams, and banks are taking a more proactive approach to goodwill payments for affected customers.

For scams outside the SRF, consumers can still seek recourse by requesting their financial institutions (FIs) to assess goodwill payments or filing disputes with the Financial Industry Disputes Resolution Centre Ltd (FIDReC).

Last Update: 16 December 2024

Featured image credit: Edited from Freepik

The post Here’s Everything You Must Know About Singapore’s New Shared Responsibility Framework appeared first on Fintech Singapore.