Singapore: Proposed Enhancements To The E-Payments User Protection Guidelines And Shared Responsibility Framework

Two consultation papers relating to the protection of e-payments users were published on 25 October 2023. The first relates to proposed enhancements to the MAS' E-Payments User Protection Guidelines ("User Protection Guidelines"), while the other relates to a proposed shared responsibility framework applicable to financial institutions ("FIs"), telecommunication operators ("Telcos") and consumers in respect of losses arising from covered phishing scams.

In respect of the User Protection Guidelines, the MAS has proposed to: (a) align the guidelines with established anti-scam industry practices implemented by major retail banks; (b) impose additional duties of responsible financial institutions to facilitate prompt detection of scams by consumers and introduce a fairer dispute resolution process; and (c) reinforce the responsibility of consumers to take necessary precautions against scams. The MAS is also looking to introduce additional guidelines to clarify the processes expected of a responsible financial institution in rectifying erroneous transactions.

Separately, the proposed shared responsibility framework (jointly issued by MAS and IMDA) is intended to preserve confidence in digital payments and digital banking in Singapore, strengthen the direct accountability of FIs and Telcos to consumers on losses incurred from phishing scams, and emphasise the responsibility of individuals to be vigilant against scams. The proposed duties on responsible FIs under the proposed framework include: (i) the imposition of a 12-hour cooling off period upon the activation of digital security token during which 'high-risk' activities cannot be performed; (ii) the provision of notification alerts on a real-time basis for the activation of digital security token and conduct of high-risk activities; (iii) the provision of outgoing transaction notification alerts on a real-time basis; and (iv) the provision of a 24/7 reporting channel and self-service feature to report and block unauthorised access to their accounts.

A "waterfall" approach has also been proposed for the apportionment of responsibility for losses arising from a covered phishing scam,. First, the responsible FI is expected to bear the full amount of such losses if it has breached any of its duties under the proposed framework. Second, if the FI has fulfilled all its duties but the Telco has breached any of its duties under the proposed framework (but only if the scam was perpetrated via SMS), then the Telco is expected to bear the full amount of such losses. Finally, if both the FI and Telco have fulfilled their duties under the proposed framework, the consumer bears the losses although he/she may pursue further action through other avenues such as the Financial Industry Disputes Resolution Centre Ltd ("FIDReC").

The consultation papers are accessible at these links here and here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.