A Framework for Equitable Sharing of Losses Arising from Scams
Singapore, 4 February 2022... The Monetary Authority of Singapore (MAS) today updated that banks in Singapore have substantially implemented the additional measures1 to bolster the security of digital banking announced on 19 January 2022. The measures, taken together, provide a significant added layer of security to protect customers’ funds. MAS is working with the industry to evaluate longer-term measures to be implemented in the coming months, as well as to develop a framework for equitable sharing of losses arising from scams.
2. The Payments Council2, chaired by MAS, has been working since July 2021 on a framework that aims to provide clarity on how losses arising from scams are to be shared among consumers and financial institutions.
3. Under the framework, all parties have responsibilities to be vigilant and to take precautions against scams.
- Financial institutions have the responsibility to protect their customers, such as through robust controls to safeguard customer accounts, and effective measures to detect and respond to suspicious transactions.
- Customers have the responsibility to take necessary precautions, especially by never giving away personal or banking credentials to anyone, never clicking on links in SMSes or emails which are claimed to be sent by a bank, and transacting only through the bank’s official website or mobile application.
4. The proportion of losses each party bears will depend on whether and how the party has fallen short of its responsibilities. MAS expects financial institutions to treat their customers fairly and bear an appropriate proportion of losses arising from scams. At the same time, care must be taken to ensure that compensation paid to customers does not weaken their incentive for all to be vigilant. OCBC’s recent goodwill payouts to fully cover customer losses were a one-off gesture by the bank in the circumstances, which included the bank’s consideration of how it had not met its own expectations of customer service and response. They do not set a general precedent for future cases.
5. MAS aims to publish the framework for public consultation within the next three months. Other than the sharing of losses, the consultation will also cover the responsibilities of other key parties in the ecosystem.
6. Customers are urged to exercise greater vigilance and adhere to the following digital safety practices:
- Never click on links provided in SMSes or emails claimed to be sent by banks.
- Never disclose internet banking credentials or passwords to anyone, including persons claiming to be from banks or government agencies.
- Verify SMSes or emails received by calling the bank directly on the hotline listed on its official website.
- Transact only on the bank’s official website, or through the bank’s official mobile application.
- Closely monitor transaction notifications received from the bank so that any unauthorised payments are reported as soon as possible to increase the chances of recovery.
- Keep your devices updated with the latest security patches and anti-virus software.
Background information on Payments Council
Established in 2017, the Payments Council brings together both the providers and users of payment services in Singapore. It encourages collaboration within the payments industry, promote interoperability among e-payments solutions, develop strategies to drive the pervasive adoption of e-payments, and advise and make recommendations to MAS on payments related policies.
Under the Payments Council, MAS has convened a workstream in 2021 to review existing guidelines and propose enhancements to clarify the responsibilities and liabilities of financial institutions and consumers over fraudulent e-payment transactions.
 The additional measures as listed in the MAS-ABS Press release issued on 19 Jan are: a) removal of clickable links in emails or SMS sent to retail customers; b) threshold for funds transfer transaction notifications to customers to be set by default at $100 or lower; c) delay of at least 12 hours before activation of a new soft token on a mobile device; d) notification to existing mobile number or email registered with the bank whenever there is a request to change a customer’s mobile number or email address; e) additional safeguards, such as a cooling-off period before implementation of requests for key account changes such as in a customer’s key contact details; f) dedicated and well-resourced customer assistance teams to deal with feedback on potential fraud cases on a priority basis; and g) more frequent scam education alerts.
 The Payments Council comprises the major providers and user groups of payment services in Singapore, and is chaired by MAS.