Ms Sylvia Lim asked the Prime Minister (a) what is the extent of current compliance by the banks in implementing the four obligations for financial institutions as set out in the Shared Responsibility Framework jointly issued by the Monetary Authority of Singapore and Infocomm Media Development Authority on 25 October 2023; and (b) how many phishing scam cases in the past two years involved potential breaches by banks of these four obligations.
Ms Sylvia Lim asked the Prime Minister regarding the phishing scams intended to be covered by the Shared Responsibility Framework jointly issued by the Monetary Authority of Singapore and the Infocomm Media Development Authority on 25 October 2023, what is the average and median amount of loss suffered by such victims in the last two years.
Mr Lawrence Wong (for the Prime Minister): The Shared Responsibility Framework (SRF) prescribes a set of anti-scam duties for financial institutions (FIs) and telecommunication companies (Telcos) and provides for payouts to victims of phishing scams when these duties are breached. Under the SRF, the FI stands at the top of the waterfall. If the FI does not fulfil any of its four anti-scam duties, it will compensate the scam victim fully for the loss suffered, regardless of whether the Telco has discharged its duties or the victim has taken the necessary precautions. Likewise, if the FI has fulfilled its duties but the Telco has not, then the Telco is expected to bear full responsibility for the loss. Only if both the FI and Telco have discharged their duties fully, will the customer, who stands at the bottom of the waterfall, have to bear the loss.
This approach recognises the key roles of FIs and Telcos in preventing scams, and reflects the SRF’s policy intent of strengthening their direct accountability to consumers. It incentivises FIs and Telcos to strictly uphold the desired standards of anti-scam controls.
The duties defined for FIs in the SRF are built on a broader suite of measures that major retail banks are implementing to strengthen the security of digital banking in Singapore.
Based on data collected by the Police, MAS estimates there were about 15,000 phishing scam cases from 2021 to mid-2023, with an average loss of about $3,900 per case. We do not have data on the number of phishing scams that involve potential breaches of duties by FIs. But such data will be tracked under the SRF going forward.
Besides assigning accountability for scam losses, the important point is that full implementation by FIs and Telcos of their respective safeguards should materially reduce the risk of phishing scams in the first instance. As it stands today, the number of phishing scams has continued to rise in the first half of this year compared to the previous period, but has declined as a proportion of total scam cases, from 17% to 13%. The average loss per phishing scam has also declined by 20% over the same period. The Government will continue to monitor this closely. We have to stem this rising tide of scams and losses.
Dr Tan asked if the SRF would consider seniors with limited digital literacy when their bank phased out the use of physical hardware tokens. The retail banks already offer physical tokens for those customers who request them. Separate from the SRF, MAS has asked the banks to assess and implement customer authentication mechanisms that are more resistant to both phishing and malware attacks. When these measures are well developed, we can consider them for inclusion in the SRF.
We should see the SRF as part of broader suite of measures that the Government, banks and other ecosystem players have progressively implemented to tackle scams in Singapore. I covered these measures extensively in my response to the Adjournment Motion filed by Ms Lim in September. [Please refer to “Losses from Scams and Malware Fraud: Doing Right by Bank Customers”, Official Report, 18 September 2023, Vol 95, Issue 111, Matter raised on Adjournment Motion section.]
The Association of Banks in Singapore (ABS) released a media statement on 24 October 2023 outlining banks’ efforts to protect consumers against scams, including through anti-scam measures and raising consumer awareness.
SRF is not the only means through which scam victims can seek assistance, as ABS announced that banks have discretionary goodwill payment frameworks for their scam victims beyond the SRF. Depending on the circumstances of each scam case, the sophistication of the scam typology, and the consumer’s financial situation, banks have covered part or all of the losses incurred by scam victims. MAS has leaned on the banks to be even more accommodative in applying their goodwill payment frameworks. These goodwill frameworks complement the SRF which is intended to strengthen the direct accountability of FIs and Telcos to consumers when they have breached their defined duties.
Prime Minister’s Office
7 November 2023
https://sprs.parl.gov.sg/search/#/sprs3topic?reportid=written-answer-15116
Office of the Leader of the Opposition 