Financial institutions and telecommunication companies in Singapore may have to compensate their customers who have fallen prey to scams if they are found to have breached their responsibilities.
These responsibilities prescribed under a proposed framework include the failure by banks to send outgoing transaction alerts to consumers and telcos’ failing to implement a scam filter for SMSes. As a start, the framework will focus on phishing scams which account “for a sizeable proportion of unauthorised transactions” here.
These are among the proposals put forth by the Monetary Authority of Singapore (MAS) and the Infocomm Media Development Authority (IMDA) on Wednesday (Oct 25) in a long-awaited consultation paper on how losses arising from scams will be shared between companies and consumers.
The shared responsibility framework was first announced in February 2022 after close to 800 OCBC customers lost a combined S$13.7 million to scammers.
In the consultation paper released on Wednesday, the authorities acknowledged that “responsibility for preventing scams should not lie solely with consumers but also with industry stakeholders”, such as the financial institutions and telcos.
The shared responsibility framework will hence set the government’s expectation that these players “should bear responsibility for scam loss ahead of consumers” if they fail to meet prescribed anti-scam duties.
The inclusion of telcos under a loss-sharing framework makes Singapore the first to do so. “Currently, no known jurisdictions have included telecommunication operators or other infrastructure service providers in their scam reimbursement frameworks,” the paper said.
The proposed framework, targeted to be rolled out next year, also hopes to “provide a more expedient channel for consumer recourse”.
HOW WILL COMPENSATION BE DETERMINED?
A “waterfall” approach will be taken to assess who bears the losses arising from an unauthorised transaction in a phishing scam covered under the proposed framework.
First in line are the financial institutions given their primary accountability to consumers as custodians of their money. A breach of any of its duties will render the financial institution liable for full compensation.
Next in line are the telcos, given their “secondary and supporting role” as infrastructure provider for the delivery of SMS. In the event that a financial institution is deemed to have fulfilled its duties but the telco has failed, the latter will be expected to bear the full losses incurred.
If both the financial institutions and telcos have carried out their duties, the consumer will have to bear the full losses.
Authorities said the “waterfall” approach is intended as a “practical means for more straight-forward assessment of how responsibility will be shared for covered phishing scams”.
More importantly, it “incentivises all parties to stay vigilant and perform their roles to uphold the safety of e-payments”, it said in the consultation paper.
