MAS and IMDA to implement new framework against phishing scams

The new framework will take effect on 16 December.

The Monetary Authority of Singapore (MAS) and Infocomm Media Development Authority (IMDA) will implement the Shared Responsibility Framework (SRF) for phishing scams on 16 December.

Published for consultation on 25 October 2023, the SRF will assign relevant duties to financial institutions (FIs) and telecommunication companies (Telcos) to mitigate phishing scams.

In addition, the framework will set expectations for payouts to scam victims where these duties are breached. 

The consultation period closed on 20 December 2023 and attracted 72 responses from the public and industry representatives from FIs and Telcos.

Following the positive feedback, MAS will introduce an additional duty for FIs, requiring real-time fraud surveillance to detect unauthorised transactions resulting from phishing scams to address the severe impact on victims if accounts are drained without their knowledge. 

MAS will allow a six-month transition period after the SRF’s implementation for FIs to meet this new requirement, as it was not included in the original four FI duties.

“This added friction is necessary to protect customers against unauthorised transactions. Beyond the SRF, we are exploring stronger, out-of-band authentication solutions, such as FIDO-compliant tokens, to further safeguard against phishing scams” Ho Hern Shin, deputy managing director for Financial Supervision at MAS said.