Consultation paper on equitable sharing of scam losses to be published in October 2023
“While this has taken longer than we would like, the government aims to publish a consultation paper on the framework next month, focusing on phishing scams as a start,” says Minister of State for Trade and Industry Alvin Tan.
SINGAPORE: The Singapore government will publish a consultation paper next month on an equitable loss-sharing framework for financial scams, said Minister of State for Trade and Industry Alvin Tan on Monday (Sep 18).
The framework, which aims to spell out how losses from scams are to be shared between consumers and financial institutions, was first announced in February 2022 after close to 800 OCBC customers lost a combined S$13.7 million to scammers.
The Monetary Authority of Singapore (MAS) said then it would publish, within three months, a draft framework for public consultation. But the process has taken “longer than expected” due to the complexity of the issues involved, the financial regulator said in previous parliamentary replies.
Providing an update in parliament on Monday, Mr Tan said: “While this has taken longer than we would like, the government aims to publish a consultation paper on the framework next month, focusing on phishing scams as a start.”
He was responding to an adjournment motion filed by Workers’ Party (WP) Member of Parliament Sylvia Lim, who requested for an update on the draft framework.
Ms Lim also gave three suggestions on how to better protect banking customers from scams. For instance, she urged the government to consider ideas from other jurisdictions such as the United Kingdom, where from next year, banks will be required by law to reimburse fraud victims.
Mr Tan replied that authorities were monitoring developments abroad and will “take them into account” as the loss-sharing framework is developed further, including for other types of scams in the digital payments ecosystem.
MORE CAN BE DONE TO PROTECT CUSTOMERS: SYLVIA LIM
In her speech, WP chair Ms Lim first raised an “inadequacy” in the framework Singapore is considering for loss-sharing from scams.
While details have not yet been published, authorities previously indicated that customers have a responsibility to take necessary precautions and should be expected to bear a proportion of the loss, depending on whether they have fallen short of their responsibilities.
The WP chair described this as “inadequate and unjust”, saying that customers are not sufficiently equipped to combat increasingly sophisticated scams.
Determining what is equitable in each case will also take time, said Ms Lim, citing the Financial Industry Dispute Resolution Center (FIDReC) which oversees such disputes and sees most cases being resolved within six months.
This “would be an inordinate and stressful delay” for those whose life savings have been wiped out, she said.
It would also be difficult “on a practical level” for certain vulnerable groups, such as the elderly, to gather and present evidence to prove that they have taken necessary precautions, she added.
Ms Lim noted that banks should take the lead in combating scams, given how they are “best positioned” and resourced to do so.
“Banks are able to monitor transactions, block suspicious payment flows, and keep abreast of the latest technological developments. Such endeavours are beyond the remit of most bank customers,” she said.
Apart from the UK where mandatory reimbursement by banks to scam victims will kick in next year, Australia is also considering adopting similar measures while the European Commission has proposed a “refund” in certain circumstances to victims of authorised push payment fraud, said Ms Lim.
She said such solutions “can and should be implemented in Singapore”, covering all transfers between banks here via the FAST and PayNow systems.
“Like the UK system, it could be scoped to protect customers who are consumers, small business and charities,” she said. “This would give Singaporeans the confidence to transact using these methods without fear that the savings will be unknowingly siphoned off.”
Ms Lim noted that this would not be unfair to banks given how they remain “best placed to identify and detect suspicious transactions”. The reimbursement model also retains “an element of individual responsibility”, as there will be no reimbursement when a customer is grossly negligent.
“However, the point remains that individual responsibility alone is insufficient to combat these increasingly sophisticated and malicious scams,” she said.
The opposition MP also urged the MAS to consider adopting regulatory guidelines to ensure fairness in the settlement of consumer disputes, especially in relation to scams.
She cited feedback from scam victims about banks offering “paltry” goodwill payments that are usually tied to “onerous and one-sided” non-disclosure agreements.
Among other suggestions, Ms Lim called on the government to consider ensuring that the loss-sharing framework can be applied retrospectively, given how the delay in the publication of this framework has resulted in many scam victims being left without recourse.
She also called for physical security tokens to be reintroduced as the default option for two-factor authentication; extra verification checks for money transfers to bank accounts of entities associated with cryptocurrencies or digital payment tokens; and the raising of the monetary limit of S$100,000 per claim for an adjudication by the FIDReC.
DETERMINING RESPONSIBILITY A “DIFFICULT ISSUE”
In his reply, Mr Tan said determining responsibility for scam losses was a “difficult issue”.
“We must … strike a balance between fairness, accountability and compassion,” he told the House.
“There are some views that banks can easily absorb losses arising from individual scam cases, however full restitution without due consideration of culpability is neither fair nor desirable.
“Doing so can erode vigilance and personal responsibility, and lull users into complacency,” he said.
Mr Tan added that banks are required by the MAS to have secure digital systems, such as implementing multi-factor authentication to verify customers’ identities and authorise online transactions.
But scammers can still bypass these measures by deceiving customers into divulging their account access credentials or downloading malware, he said, adding that individual customers have the responsibility to protect access to their accounts through ways such as good cyber hygiene.
Meanwhile, MAS has issued guidance for banks on investigation processes and how to treat customers fairly in all disputes. The regulator also monitors how banks handle such disputes, said Mr Tan.
He also noted that the government was looking at Ms Lim’s suggestion on reintroducing physical security tokens, as well as monitoring the adequacy of rules regarding digital payment tokens and procedures at FIDReC.
Singapore currently adopts a three-pronged strategy to fight scams, ranging from upstream measures such as the ScamShield mobile app which filters and blocks scam messages and calls; to downstream measures like additional safeguards adopted by banks, he said.
These collective efforts are showing “some encouraging signs”, with the total amount of scam losses decreasing slightly in the first half of 2023, compared to the same period in 2022.
From January to June this year, the total amount that victims reported to have been cheated – S$334.5 million (US$245.7 million) – dropped by 2.2 per cent from S$342.1 million in the same period in 2022, according to data released by the police last week.
“Nevertheless, the scam situation remains serious. With more of us transacting digitally, bad actors are adopting increasingly sophisticated methods to target victims,” he told the House.
“We must constantly sharpen our approach to fight scams in this rapidly evolving landscape.”
In a press release on Monday, the Association of Banks in Singapore said major retail banks here have enhanced their security measures to protect customers from malware scams, and will “progressively introduce refinements or new measures to keep pace with changes in the threat landscape”.
For example, OCBC rolled out a feature last month that prevents users from logging onto their banking app if it detects potentially risky apps downloaded from unofficial portals. Citibank has also introduced a similar anti-scam feature on its mobile app.