Reed Smith Client Alerts

Key takeaways

  • Monetary Authority of Singapore and Infocomm Media Development Authority announce Shared Responsibility Framework for phishing scams, effective 16 December 2024
  • Framework assigns FIs and telecommunication operators relevant duties to mitigate phishing scams
  • Following public consultation, FIs have additional duty of fraud surveillance

Autores: Bryan Tan Hagen Rooke Jun Qi Chin Eng Han Goh (Resource Law LLC), Nicholas Tok (Resource Law LLC)

Introduction

Phishing scams are a growing threat to consumers and businesses in Singapore as more transactions move online. As part of a broader push to tackle online harms and scams this year (see our previous alert), the Monetary Authority of Singapore (MAS) and the Infocomm Media Development Authority (IMDA) have jointly developed the Shared Responsibility Framework (SRF) to enhance the accountability and protection of financial institutions (FIs) and telecommunication operators (Telcos) in mitigating phishing scams. The SRF was published for public consultation in October 2023 and will take effect from 16 December 2024.

SRF scope and duties

The SRF applies to FIs, including all full banks and relevant payment service providers (PSPs) that issue e-wallets, and Telcos that are mobile network operators. The SRF covers phishing scams where scammers impersonate a legitimate business or government entity, based in Singapore or overseas and offering services to Singapore residents, and where victims reveal their account credentials on a fake digital platform, such as a website or an application, leading to unauthorised transactions. The SRF does not cover other types of scams, such as malware scams, authorised transactions or phishing via non-digital means.