As phishing scams become more sophisticated and damaging, governments and industries worldwide are adopting a shared responsibility approach to mitigate these threats. This concept shifts accountability from individuals alone to a collective effort by financial institutions, telecommunications operators, and regulators, ensuring robust protections against fraud. Singapore’s Shared Responsibility Framework (SRF), launching on 16 December 2024, is the latest example of this global trend and could serve as a model for other countries.
What is Shared Responsibility?
Shared responsibility is a framework where multiple stakeholders collaborate to prevent and address scams, distributing duties to ensure comprehensive protection. Traditionally, the burden fell heavily on consumers to spot scams and safeguard their accounts. However, the rise in cybercrime, particularly phishing scams, has exposed the limitations of this approach.
Under shared responsibility, financial institutions (FIs) and telecommunication operators (telcos) must implement specific safeguards, such as fraud monitoring, real-time alerts, and scam filtering. This ensures scams are intercepted at various stages, reducing losses and improving consumer confidence.
Singapore’s Shared Responsibility Framework (SRF)
Singapore’s Shared Responsibility Framework (SRF), introduced by the Monetary Authority of Singapore (MAS) and the Infocomm Media Development Authority (IMDA), establishes clear duties for FIs and telcos to mitigate phishing scams.It also outlines expectations for payouts to victims when entities fail to fulfil their responsibilities.
The SRF operates within a broader suite of upstream and downstream measures implemented by the government, FIs, telcos, and other ecosystem players to tackle scams. Banks also have discretionary goodwill frameworks to support scam victims.
Duties for Financial Institutions (FIs)
Cooling-off Period: A 12-hour restriction on high-risk activities after activating a digital security token.
Real-Time Alerts: Notifications for token activations, logins on new devices, and outgoing transactions.
Kill Switch: A self-service feature for consumers to block accounts and report unauthorised access.
Fraud Surveillance: Real-time monitoring to detect rapid unauthorised transactions that drain accounts. FIs must block such transactions or hold them for 24 hours pending customer confirmation. A six-month transition period is allowed for this duty to account for implementation challenges.
Duties for Telecommunication Operators (Telcos)
Sender ID Authentication: Connect only with authorised aggregators for SMS delivery.
Blocking Unauthorised SMS: Prevent SMS messages from unauthorised Sender IDs.
Anti-Scam Filters: Scan SMS messages for malicious URLs using a designated database.
The framework follows a “waterfall” accountability model, holding entities accountable for scam-related losses if they fail to meet their obligations.
Broader Anti-Scam Efforts
The MAS and IMDA have noted that the SRF complements ongoing anti-scam measures, including the implementation of the mandatory SMS Sender ID Registry (SSIR) and anti-scam filters, which have blocked over 20 million malicious SMS messages since 2023. These efforts strengthen the SMS channel, which is a key communication method for digital banking.
MAS is also exploring stronger out-of-band authentication solutions, such as Fast IDentity Online (FIDO)-compliant tokens, to further enhance defences against phishing scams. These tokens require physical proximity to the device used for a transaction, offering an added layer of security.
Public Consultation Feedback
The SRF is the result of extensive public consultation conducted from October to December 2023, during which 72 responses were received. Feedback strongly supported the framework, particularly the addition of the fraud surveillance duty to mitigate the severe impact of account-draining scams.
For a detailed summary of the feedback and MAS’s response, visit the consultation document here.
Global Counterparts
Singapore’s Shared Responsibility Framework (SRF) is part of a growing global trend where governments, financial institutions, and telecommunication operators collaborate to combat scams. These initiatives have evolved over time, with older frameworks laying the groundwork for newer, more comprehensive approaches like Singapore’s SRF. Here’s how other frameworks compare:
United Kingdom
Financial Conduct Authority (FCA) Anti-Fraud Regulations (Introduced in 2019)
The FCA plays a central role in combating financial crime by setting standards for fraud detection systems and requiring financial institutions to safeguard consumer funds. Initiatives like the Banking Protocol demonstrate the FCA's emphasis on rapid fraud responses, which prevented £54.7 million in fraud in 2023 through emergency interventions. However, while the FCA framework encourages proactive measures to detect and disrupt fraud, it does not explicitly mandate real-time alerts for unauthorised activities across all institutions.
The UK’s approach aligns with Singapore’s SRF in its focus on fraud detection and consumer protection. However, Singapore’s SRF goes further by integrating telecommunications providers into its framework, assigning them specific responsibilities such as SMS authentication and scam filtering—elements not covered by the FCA’s anti-fraud measures.
Australia
Scams Prevention Framework (SPF) (Introduced in 2024)
Australia's Scams Prevention Framework (SPF) introduces stringent penalties of up to AUD 50 million for banks, telcos, and digital platforms that fail to address scams. The National Anti-Scam Centre coordinates intelligence sharing and sector-wide fraud prevention efforts.
While Singapore’s SRF focuses on specific duties like real-time fraud surveillance and SMS filtering, Australia's SPF emphasises penalties for non-compliance and cross-sector coordination. Unlike Singapore’s detailed fraud detection requirements, Australia prioritises broad accountability across sectors.
Why It Matters
The shared responsibility approach represents a paradigm shift in combating scams, moving from reactive measures to proactive, coordinated actions. By ensuring that key players in the scam chain—FIs, telcos, and regulators—work together, this model offers a scalable solution to a growing global problem.
As the world watches Singapore’s SRF roll out in December, its success could pave the way for broader adoption of similar frameworks, reinforcing the global fight against scams.
For more details on the SRF and its implementation guidelines, visit the Monetary Authority of Singapore’s website.
Comentários