Close Menu
Invest Intellect
    Facebook X (Twitter) Instagram
    Invest Intellect
    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Commodities
    • Cryptocurrency
    • Fintech
    • Investments
    • Precious Metal
    • Property
    • Stock Market
    Invest Intellect
    Home»Fintech»What You Need to Know about Singapore’s Upcoming Shared Responsibility Framework
    Fintech

    What You Need to Know about Singapore’s Upcoming Shared Responsibility Framework

    October 28, 20246 Mins Read


    Free Newsletter

    Get the hottest Fintech Singapore News once a month in your Inbox

    The Monetary Authority of Singapore (MAS) and the Infocomm Media Development Authority (IMDA) will implement the Shared Responsibility Framework (SRF) for phishing scams on 16 December 2024.

    The SRF, to be implemented via a set of SRF Guidelines, aims to strengthen the direct accountability of financial institutions (FIs) and telecommunications companies (telcos) for phishing scam losses.

    The guidelines specify that responsible entities will bear scam-related losses arising from any failure to fulfill their designated duties, using a “waterfall” approach to determine liability.

    By holding these entities accountable, the SRF enhances consumer protection and provides clear avenues for victim recourse in cases of phishing-related losses.

    MITB FNN

    Entities and Types of Scams Covered Under the Shared Responsibility Framework

    The SRF applies to all full banks, major payment service providers (PSPs), and telcos with major roles in safeguarding consumers’ financial and communication activities.

    The framework specifically addresses phishing scams with a clear connection to Singapore, targeting scams where perpetrators impersonate local or international entities serving Singapore residents.

    While the SRF covers common phishing scams involving impersonation and unauthorized transactions, it does not include scams involving authorized transactions, such as investment scams and love scams.

    Additionally, MAS has excluded phishing scams conducted through non-digital means, as these are addressed through public education and advisories that stress not sharing credentials or one-time passwords (OTPs).

    The SRF’s liability provisions do not extend to transactions involving credit cards, charge cards, or debit cards issued in Singapore.

    Responsibilities of FIs, PSPs, and Telcos in Combating Scams

    Under the SRF, MAS and IMDA have established specific duties for FIs, PSPs, and telcos, designed to directly combat phishing scams.

    The final framework includes the originally proposed duties and introduces a new fraud surveillance duty for FIs in response to public feedback.

    Duties of FIs and PSPs

    FIs and PSPs must implement several anti-scam measures to prevent unauthorized access and detect phishing threats.

    A 12-hour cooling-off period is required for the activation of digital security tokens and new device logins to e-wallets, reducing the risk of unauthorized access.

    FIs and PSPs must also send real-time alerts for high-risk actions, such as new device logins, contact detail changes, transaction limit increases, and the addition of new payees, allowing consumers to respond swiftly to suspicious activity.

    Additionally, both FIs and PSPs are mandated to provide a 24/7 self-service “kill switch,” accessible by phone or app, enabling consumers to block account access if unauthorized activity is suspected.

    In response to feedback, MAS has introduced a new fraud surveillance duty specifically for FIs.

    This duty requires FIs to conduct real-time monitoring to detect unauthorized transactions linked to phishing scams.

    If an account is rapidly drained, FIs are expected to either block the transaction until they confirm with the customer or place a 24-hour hold on the transaction.

    FIs have a six-month transition period to comply with this new duty before it becomes enforceable under the SRF.

    Telcos’ Duties

    Telcos play a key role in securing SMS channels used in digital banking. They are required to connect only with authorized SMS aggregators, block unauthorized SMS sources, and implement anti-scam filters that use machine learning to detect and block malicious URLs in SMS messages.

    Compliance will be assessed based on telcos’ ability to block SMS messages containing URLs flagged by the police as malicious.

    Recognizing the limitations of SMS—such as potential delivery issues due to network or device conditions—IMDA also recommends a multi-channel notification approach to enhance security across platforms.

    Determining Compensation With the Waterfall Approach

    The SRF employs a “waterfall” approach to assign responsibility for losses from phishing scams.

    This approach prioritizes FIs as the primary entities responsible for compensating victims when SRF duties are breached.

    If both FIs and telcos fail in their responsibilities, FIs are first in line to cover losses, with telcos bearing secondary responsibility.

    This structure establishes a fair and clear framework for compensation, balancing accountability between financial and telecommunications providers while encouraging vigilance across both sectors.

    Four Stages of SRF Claim Investigations

    The SRF outlines a structured, four-stage process to streamline claims for consumers impacted by phishing scams, with refinements based on consultation feedback:

    Claim Stage:

    To initiate an SRF claim, consumers must report the phishing scam to their FI within three days, providing a valid email, a police report, and, if available, digital communication records (such as SMS, emails, or WhatsApp).

    FIs and telcos may request further details but will accommodate victims’ limitations in providing comprehensive information.

    Investigation Stage:

    FIs lead the investigation, coordinating with telcos if SMS-based scams are involved.

    Both FIs and telcos will conduct concurrent and independent investigations, with a target of completing straightforward cases within 21 business days and more complex cases within 45 business days.

    While FIs act as the main contact, telcos may assist with specific queries, ensuring collaboration and timely responses.

    Outcome Stage:

    MAS and IMDA have mandated a single communication chain for SRF claims to ensure clarity and consistency, addressing public feedback for a streamlined process.

    Recourse Stage:

    For cases outside the SRF scope or without duty breaches, consumers can pursue mediation with the Financial Industry Disputes Resolution Centre (FIDReC) or seek civil action through the courts.

    Source: MAS’ Response to Consultation Paper on Proposed Shared Responsibility Framework

    E-wallet Inclusion in the Framework

    With the raised regulatory “stock” and “flow” caps as of 15 December 2023, allowing larger amounts to be held in and transferred through e-wallets, MAS requires e-wallet providers holding a major payment institution (MPI) license to participate in the SRF.

    This inclusion acknowledges the increased risk of significant losses from e-wallets and mandates robust consumer protection controls.

    Major e-wallet providers are also required to join FIDReC, giving users access to mediation and adjudication services for SRF-related disputes, similar to protections available to bank account holders.

    Ongoing Anti-Scam Efforts

    The SRF is part of a broader, evolving strategy against scams in Singapore, as MAS, IMDA, and industry partners continue to strengthen defenses against phishing and other scam types.

    In addition to the SRF, MAS and IMDA have been working on strengthening digital security to protect consumers.

    Hern Shin Ho
    Ho Hern Shin

    Ho Hern Shin, Deputy Managing Director (Financial Supervision), MAS, said,

    “With the addition of a new fraud surveillance duty, some retail customers may experience more inconvenience when conducting larger value transactions. This additional friction is necessary to protect customers against large unauthorised transactions.

    Beyond the SRF, we are studying stronger, out-of-band authentication solutions, such as the use of Fast IDentity Online (FIDO)-compliant tokens, to enhance defences against unauthorised phishing transactions.”

    A FIDO-compliant token is an authentication device that must be in close proximity to the user’s device when conducting a transaction, adding another layer of protection against unauthorized access.

    Aileen Chia
    Aileen Chia

    Aileen Chia, Deputy Chief Executive (Connectivity, Development & Regulation), IMDA, said,

    “IMDA has worked closely with the telcos to secure the SMS channel, an official channel adopted by FIs for digital banking, through the implementation of measures such as the mandatory SMS Sender ID Registry and anti-scam filter.

    These measures resulted in over 20 million SMSes being blocked since 2023. IMDA and telcos will continue to play our part in strengthening the ecosystem against scams.”

    Featured image credit: Edited from Freepik





    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    MTN Uganda shareholders approve Fintech separation to boost digital inclusion

    Fintech

    As profits soar, PB Fintech takes a second bite at mutual funds

    Fintech

    Report – Fintech adds billions to North of England economy and it’s growing

    Fintech

    5 high-ROI uses of RAG models in banking and fintech: By John Adam

    Fintech

    Ethics in focus as banks confront AI, fintech gap

    Fintech

    Top five fintech deals in Africa in H1

    Fintech
    Leave A Reply Cancel Reply

    Top Picks
    Investments

    APAC Real Estate Investments Hit US$32.9 Billion In 3Q24

    Investments

    I’m a savings expert and I’ve tried 40 different ISA platforms – here are my must-read tips to get your tax-free investments rocking: HOLLY MACKAY

    Investments

    New Flag Retirement Drop Box Now Open in Cherokee County

    Editors Picks

    Western Oklahoma Local Agriculture Collaborative workshop held at Lawton Farmers Market

    October 10, 2024

    Sasseur Real Estate Investment Trust : PhillipCapital persiste à l’achat -Le 26 février 2025 à 11:08

    February 26, 2025

    Harmony Energy recommande le rachat par Foresight Group

    May 21, 2025

    Africa’s best for alternative investments 2025: Stewards Investment Capital

    March 28, 2025
    What's Hot

    L’intégrale de Tout pour investir du lundi 5 mai

    May 5, 2025

    Delhi Police arrests Pune man for duping woman of over Rs 12 lakh in cryptocurrency scam – ThePrint – PTIFeed

    August 1, 2025

    Finastra-LPBank Partnership: Modernising Treasury Management

    October 19, 2024
    Our Picks

    Reinet Investments en discussions pour vendre sa participation dans l’assureur britannique PIC

    June 27, 2025

    Can Stablecoins Spark Crypto Adoption Across Retail and B2B?

    August 26, 2024

    Agricultural Financing in Uganda: A transformative approach

    May 3, 2025
    Weekly Top

    I have a £900,000 pension pot, how much income will I be able to get in retirement?

    August 1, 2025

    Ozzy Osbourne obituary: heavy metal wildman and lovable reality TV dad

    August 1, 2025

    £81 million in property sales in May and June

    August 1, 2025
    Editor's Pick

    More Life and Annuity Products Offer Commodity Indexes

    August 13, 2024

    Azerbaijan increases agricultural production 1.5% in 2024

    January 20, 2025

    Rémi Casals Joins First Eagle Investments as Head of International Wealth Solutions

    May 27, 2025
    © 2025 Invest Intellect
    • Contact us
    • Privacy Policy
    • Terms and Conditions

    Type above and press Enter to search. Press Esc to cancel.